gencode.c revision 146771
1/*#define CHASE_CHAIN*/ 2/* 3 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) 9 * distributions including binary code include the above copyright notice and 10 * this paragraph in its entirety in the documentation or other materials 11 * provided with the distribution, and (3) all advertising materials mentioning 12 * features or use of this software display the following acknowledgement: 13 * ``This product includes software developed by the University of California, 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 * 22 * $FreeBSD: head/contrib/libpcap/gencode.c 146771 2005-05-29 18:09:04Z sam $ 23 */ 24#ifndef lint 25static const char rcsid[] _U_ = 26 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221 2005/03/27 22:10:23 guy Exp $ (LBL)"; 27#endif 28 29#ifdef HAVE_CONFIG_H 30#include "config.h" 31#endif 32 33#ifdef WIN32 34#include <pcap-stdinc.h> 35#else /* WIN32 */ 36#include <sys/types.h> 37#include <sys/socket.h> 38#endif /* WIN32 */ 39 40/* 41 * XXX - why was this included even on UNIX? 42 */ 43#ifdef __MINGW32__ 44#include "IP6_misc.h" 45#endif 46 47#ifndef WIN32 48 49#ifdef __NetBSD__ 50#include <sys/param.h> 51#endif 52 53#include <netinet/in.h> 54 55#endif /* WIN32 */ 56 57#include <stdlib.h> 58#include <string.h> 59#include <memory.h> 60#include <setjmp.h> 61#include <stdarg.h> 62 63#ifdef MSDOS 64#include "pcap-dos.h" 65#endif 66 67#include "pcap-int.h" 68 69#include "ethertype.h" 70#include "nlpid.h" 71#include "llc.h" 72#include "gencode.h" 73#include "atmuni31.h" 74#include "sunatmpos.h" 75#include "ppp.h" 76#include "sll.h" 77#include "arcnet.h" 78#include "pf.h" 79#ifndef offsetof 80#define offsetof(s, e) ((size_t)&((s *)0)->e) 81#endif 82#ifdef INET6 83#ifndef WIN32 84#include <netdb.h> /* for "struct addrinfo" */ 85#endif /* WIN32 */ 86#endif /*INET6*/ 87#include <pcap-namedb.h> 88 89#undef ETHERMTU 90#define ETHERMTU 1500 91 92#ifndef IPPROTO_SCTP 93#define IPPROTO_SCTP 132 94#endif 95 96#ifdef HAVE_OS_PROTO_H 97#include "os-proto.h" 98#endif 99 100#define JMP(c) ((c)|BPF_JMP|BPF_K) 101 102/* Locals */ 103static jmp_buf top_ctx; 104static pcap_t *bpf_pcap; 105 106/* Hack for updating VLAN, MPLS offsets. */ 107static u_int orig_linktype = -1U, orig_nl = -1U, orig_nl_nosnap = -1U; 108 109/* XXX */ 110#ifdef PCAP_FDDIPAD 111static int pcap_fddipad; 112#endif 113 114/* VARARGS */ 115void 116bpf_error(const char *fmt, ...) 117 118{ 119 va_list ap; 120 121 va_start(ap, fmt); 122 if (bpf_pcap != NULL) 123 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 124 fmt, ap); 125 va_end(ap); 126 longjmp(top_ctx, 1); 127 /* NOTREACHED */ 128} 129 130static void init_linktype(pcap_t *); 131 132static int alloc_reg(void); 133static void free_reg(int); 134 135static struct block *root; 136 137/* 138 * We divy out chunks of memory rather than call malloc each time so 139 * we don't have to worry about leaking memory. It's probably 140 * not a big deal if all this memory was wasted but if this ever 141 * goes into a library that would probably not be a good idea. 142 * 143 * XXX - this *is* in a library.... 144 */ 145#define NCHUNKS 16 146#define CHUNK0SIZE 1024 147struct chunk { 148 u_int n_left; 149 void *m; 150}; 151 152static struct chunk chunks[NCHUNKS]; 153static int cur_chunk; 154 155static void *newchunk(u_int); 156static void freechunks(void); 157static inline struct block *new_block(int); 158static inline struct slist *new_stmt(int); 159static struct block *gen_retblk(int); 160static inline void syntax(void); 161 162static void backpatch(struct block *, struct block *); 163static void merge(struct block *, struct block *); 164static struct block *gen_cmp(u_int, u_int, bpf_int32); 165static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 166static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 167static struct block *gen_bcmp(u_int, u_int, const u_char *); 168static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32, 169 bpf_u_int32, bpf_u_int32, int); 170static struct block *gen_uncond(int); 171static inline struct block *gen_true(void); 172static inline struct block *gen_false(void); 173static struct block *gen_ether_linktype(int); 174static struct block *gen_linux_sll_linktype(int); 175static struct block *gen_linktype(int); 176static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int); 177static struct block *gen_llc(int); 178static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 179#ifdef INET6 180static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 181#endif 182static struct block *gen_ahostop(const u_char *, int); 183static struct block *gen_ehostop(const u_char *, int); 184static struct block *gen_fhostop(const u_char *, int); 185static struct block *gen_thostop(const u_char *, int); 186static struct block *gen_wlanhostop(const u_char *, int); 187static struct block *gen_ipfchostop(const u_char *, int); 188static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 189static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 190#ifdef INET6 191static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 192#endif 193#ifndef INET6 194static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 195#endif 196static struct block *gen_ipfrag(void); 197static struct block *gen_portatom(int, bpf_int32); 198#ifdef INET6 199static struct block *gen_portatom6(int, bpf_int32); 200#endif 201struct block *gen_portop(int, int, int); 202static struct block *gen_port(int, int, int); 203#ifdef INET6 204struct block *gen_portop6(int, int, int); 205static struct block *gen_port6(int, int, int); 206#endif 207static int lookup_proto(const char *, int); 208static struct block *gen_protochain(int, int, int); 209static struct block *gen_proto(int, int, int); 210static struct slist *xfer_to_x(struct arth *); 211static struct slist *xfer_to_a(struct arth *); 212static struct block *gen_mac_multicast(int); 213static struct block *gen_len(int, int); 214 215static struct block *gen_msg_abbrev(int type); 216 217static void * 218newchunk(n) 219 u_int n; 220{ 221 struct chunk *cp; 222 int k; 223 size_t size; 224 225#ifndef __NetBSD__ 226 /* XXX Round up to nearest long. */ 227 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 228#else 229 /* XXX Round up to structure boundary. */ 230 n = ALIGN(n); 231#endif 232 233 cp = &chunks[cur_chunk]; 234 if (n > cp->n_left) { 235 ++cp, k = ++cur_chunk; 236 if (k >= NCHUNKS) 237 bpf_error("out of memory"); 238 size = CHUNK0SIZE << k; 239 cp->m = (void *)malloc(size); 240 if (cp->m == NULL) 241 bpf_error("out of memory"); 242 memset((char *)cp->m, 0, size); 243 cp->n_left = size; 244 if (n > size) 245 bpf_error("out of memory"); 246 } 247 cp->n_left -= n; 248 return (void *)((char *)cp->m + cp->n_left); 249} 250 251static void 252freechunks() 253{ 254 int i; 255 256 cur_chunk = 0; 257 for (i = 0; i < NCHUNKS; ++i) 258 if (chunks[i].m != NULL) { 259 free(chunks[i].m); 260 chunks[i].m = NULL; 261 } 262} 263 264/* 265 * A strdup whose allocations are freed after code generation is over. 266 */ 267char * 268sdup(s) 269 register const char *s; 270{ 271 int n = strlen(s) + 1; 272 char *cp = newchunk(n); 273 274 strlcpy(cp, s, n); 275 return (cp); 276} 277 278static inline struct block * 279new_block(code) 280 int code; 281{ 282 struct block *p; 283 284 p = (struct block *)newchunk(sizeof(*p)); 285 p->s.code = code; 286 p->head = p; 287 288 return p; 289} 290 291static inline struct slist * 292new_stmt(code) 293 int code; 294{ 295 struct slist *p; 296 297 p = (struct slist *)newchunk(sizeof(*p)); 298 p->s.code = code; 299 300 return p; 301} 302 303static struct block * 304gen_retblk(v) 305 int v; 306{ 307 struct block *b = new_block(BPF_RET|BPF_K); 308 309 b->s.k = v; 310 return b; 311} 312 313static inline void 314syntax() 315{ 316 bpf_error("syntax error in filter expression"); 317} 318 319static bpf_u_int32 netmask; 320static int snaplen; 321int no_optimize; 322 323int 324pcap_compile(pcap_t *p, struct bpf_program *program, 325 char *buf, int optimize, bpf_u_int32 mask) 326{ 327 extern int n_errors; 328 int len; 329 330 no_optimize = 0; 331 n_errors = 0; 332 root = NULL; 333 bpf_pcap = p; 334 if (setjmp(top_ctx)) { 335 lex_cleanup(); 336 freechunks(); 337 return (-1); 338 } 339 340 netmask = mask; 341 342 snaplen = pcap_snapshot(p); 343 if (snaplen == 0) { 344 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 345 "snaplen of 0 rejects all packets"); 346 return -1; 347 } 348 349 lex_init(buf ? buf : ""); 350 init_linktype(p); 351 (void)pcap_parse(); 352 353 if (n_errors) 354 syntax(); 355 356 if (root == NULL) 357 root = gen_retblk(snaplen); 358 359 if (optimize && !no_optimize) { 360 bpf_optimize(&root); 361 if (root == NULL || 362 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 363 bpf_error("expression rejects all packets"); 364 } 365 program->bf_insns = icode_to_fcode(root, &len); 366 program->bf_len = len; 367 368 lex_cleanup(); 369 freechunks(); 370 return (0); 371} 372 373/* 374 * entry point for using the compiler with no pcap open 375 * pass in all the stuff that is needed explicitly instead. 376 */ 377int 378pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 379 struct bpf_program *program, 380 char *buf, int optimize, bpf_u_int32 mask) 381{ 382 pcap_t *p; 383 int ret; 384 385 p = pcap_open_dead(linktype_arg, snaplen_arg); 386 if (p == NULL) 387 return (-1); 388 ret = pcap_compile(p, program, buf, optimize, mask); 389 pcap_close(p); 390 return (ret); 391} 392 393/* 394 * Clean up a "struct bpf_program" by freeing all the memory allocated 395 * in it. 396 */ 397void 398pcap_freecode(struct bpf_program *program) 399{ 400 program->bf_len = 0; 401 if (program->bf_insns != NULL) { 402 free((char *)program->bf_insns); 403 program->bf_insns = NULL; 404 } 405} 406 407/* 408 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 409 * which of the jt and jf fields has been resolved and which is a pointer 410 * back to another unresolved block (or nil). At least one of the fields 411 * in each block is already resolved. 412 */ 413static void 414backpatch(list, target) 415 struct block *list, *target; 416{ 417 struct block *next; 418 419 while (list) { 420 if (!list->sense) { 421 next = JT(list); 422 JT(list) = target; 423 } else { 424 next = JF(list); 425 JF(list) = target; 426 } 427 list = next; 428 } 429} 430 431/* 432 * Merge the lists in b0 and b1, using the 'sense' field to indicate 433 * which of jt and jf is the link. 434 */ 435static void 436merge(b0, b1) 437 struct block *b0, *b1; 438{ 439 register struct block **p = &b0; 440 441 /* Find end of list. */ 442 while (*p) 443 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 444 445 /* Concatenate the lists. */ 446 *p = b1; 447} 448 449void 450finish_parse(p) 451 struct block *p; 452{ 453 backpatch(p, gen_retblk(snaplen)); 454 p->sense = !p->sense; 455 backpatch(p, gen_retblk(0)); 456 root = p->head; 457} 458 459void 460gen_and(b0, b1) 461 struct block *b0, *b1; 462{ 463 backpatch(b0, b1->head); 464 b0->sense = !b0->sense; 465 b1->sense = !b1->sense; 466 merge(b1, b0); 467 b1->sense = !b1->sense; 468 b1->head = b0->head; 469} 470 471void 472gen_or(b0, b1) 473 struct block *b0, *b1; 474{ 475 b0->sense = !b0->sense; 476 backpatch(b0, b1->head); 477 b0->sense = !b0->sense; 478 merge(b1, b0); 479 b1->head = b0->head; 480} 481 482void 483gen_not(b) 484 struct block *b; 485{ 486 b->sense = !b->sense; 487} 488 489static struct block * 490gen_cmp(offset, size, v) 491 u_int offset, size; 492 bpf_int32 v; 493{ 494 struct slist *s; 495 struct block *b; 496 497 s = new_stmt(BPF_LD|BPF_ABS|size); 498 s->s.k = offset; 499 500 b = new_block(JMP(BPF_JEQ)); 501 b->stmts = s; 502 b->s.k = v; 503 504 return b; 505} 506 507static struct block * 508gen_cmp_gt(offset, size, v) 509 u_int offset, size; 510 bpf_int32 v; 511{ 512 struct slist *s; 513 struct block *b; 514 515 s = new_stmt(BPF_LD|BPF_ABS|size); 516 s->s.k = offset; 517 518 b = new_block(JMP(BPF_JGT)); 519 b->stmts = s; 520 b->s.k = v; 521 522 return b; 523} 524 525static struct block * 526gen_mcmp(offset, size, v, mask) 527 u_int offset, size; 528 bpf_int32 v; 529 bpf_u_int32 mask; 530{ 531 struct block *b = gen_cmp(offset, size, v); 532 struct slist *s; 533 534 if (mask != 0xffffffff) { 535 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 536 s->s.k = mask; 537 b->stmts->next = s; 538 } 539 return b; 540} 541 542static struct block * 543gen_bcmp(offset, size, v) 544 register u_int offset, size; 545 register const u_char *v; 546{ 547 register struct block *b, *tmp; 548 549 b = NULL; 550 while (size >= 4) { 551 register const u_char *p = &v[size - 4]; 552 bpf_int32 w = ((bpf_int32)p[0] << 24) | 553 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 554 555 tmp = gen_cmp(offset + size - 4, BPF_W, w); 556 if (b != NULL) 557 gen_and(b, tmp); 558 b = tmp; 559 size -= 4; 560 } 561 while (size >= 2) { 562 register const u_char *p = &v[size - 2]; 563 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 564 565 tmp = gen_cmp(offset + size - 2, BPF_H, w); 566 if (b != NULL) 567 gen_and(b, tmp); 568 b = tmp; 569 size -= 2; 570 } 571 if (size > 0) { 572 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 573 if (b != NULL) 574 gen_and(b, tmp); 575 b = tmp; 576 } 577 return b; 578} 579 580static struct block * 581gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse) 582 bpf_u_int32 datasize, offset, mask, jtype, jvalue; 583 int reverse; 584{ 585 struct slist *s; 586 struct block *b; 587 588 s = new_stmt(BPF_LD|datasize|BPF_ABS); 589 s->s.k = offset; 590 591 if (mask != 0xffffffff) { 592 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K); 593 s->next->s.k = mask; 594 } 595 596 b = new_block(JMP(jtype)); 597 b->stmts = s; 598 b->s.k = jvalue; 599 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE)) 600 gen_not(b); 601 return b; 602} 603 604/* 605 * Various code constructs need to know the layout of the data link 606 * layer. These variables give the necessary offsets. 607 */ 608 609/* 610 * This is the offset of the beginning of the MAC-layer header. 611 * It's usually 0, except for ATM LANE. 612 */ 613static u_int off_mac; 614 615/* 616 * "off_linktype" is the offset to information in the link-layer header 617 * giving the packet type. 618 * 619 * For Ethernet, it's the offset of the Ethernet type field. 620 * 621 * For link-layer types that always use 802.2 headers, it's the 622 * offset of the LLC header. 623 * 624 * For PPP, it's the offset of the PPP type field. 625 * 626 * For Cisco HDLC, it's the offset of the CHDLC type field. 627 * 628 * For BSD loopback, it's the offset of the AF_ value. 629 * 630 * For Linux cooked sockets, it's the offset of the type field. 631 * 632 * It's set to -1 for no encapsulation, in which case, IP is assumed. 633 */ 634static u_int off_linktype; 635 636/* 637 * TRUE if the link layer includes an ATM pseudo-header. 638 */ 639static int is_atm = 0; 640 641/* 642 * TRUE if "lane" appeared in the filter; it causes us to generate 643 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM. 644 */ 645static int is_lane = 0; 646 647/* 648 * These are offsets for the ATM pseudo-header. 649 */ 650static u_int off_vpi; 651static u_int off_vci; 652static u_int off_proto; 653 654/* 655 * This is the offset of the first byte after the ATM pseudo_header, 656 * or -1 if there is no ATM pseudo-header. 657 */ 658static u_int off_payload; 659 660/* 661 * These are offsets to the beginning of the network-layer header. 662 * 663 * If the link layer never uses 802.2 LLC: 664 * 665 * "off_nl" and "off_nl_nosnap" are the same. 666 * 667 * If the link layer always uses 802.2 LLC: 668 * 669 * "off_nl" is the offset if there's a SNAP header following 670 * the 802.2 header; 671 * 672 * "off_nl_nosnap" is the offset if there's no SNAP header. 673 * 674 * If the link layer is Ethernet: 675 * 676 * "off_nl" is the offset if the packet is an Ethernet II packet 677 * (we assume no 802.3+802.2+SNAP); 678 * 679 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 680 * with an 802.2 header following it. 681 */ 682static u_int off_nl; 683static u_int off_nl_nosnap; 684 685static int linktype; 686 687static void 688init_linktype(p) 689 pcap_t *p; 690{ 691 linktype = pcap_datalink(p); 692#ifdef PCAP_FDDIPAD 693 pcap_fddipad = p->fddipad; 694#endif 695 696 /* 697 * Assume it's not raw ATM with a pseudo-header, for now. 698 */ 699 off_mac = 0; 700 is_atm = 0; 701 is_lane = 0; 702 off_vpi = -1; 703 off_vci = -1; 704 off_proto = -1; 705 off_payload = -1; 706 707 orig_linktype = -1; 708 orig_nl = -1; 709 orig_nl_nosnap = -1; 710 711 switch (linktype) { 712 713 case DLT_ARCNET: 714 off_linktype = 2; 715 off_nl = 6; /* XXX in reality, variable! */ 716 off_nl_nosnap = 6; /* no 802.2 LLC */ 717 return; 718 719 case DLT_ARCNET_LINUX: 720 off_linktype = 4; 721 off_nl = 8; /* XXX in reality, variable! */ 722 off_nl_nosnap = 8; /* no 802.2 LLC */ 723 return; 724 725 case DLT_EN10MB: 726 off_linktype = 12; 727 off_nl = 14; /* Ethernet II */ 728 off_nl_nosnap = 17; /* 802.3+802.2 */ 729 return; 730 731 case DLT_SLIP: 732 /* 733 * SLIP doesn't have a link level type. The 16 byte 734 * header is hacked into our SLIP driver. 735 */ 736 off_linktype = -1; 737 off_nl = 16; 738 off_nl_nosnap = 16; /* no 802.2 LLC */ 739 return; 740 741 case DLT_SLIP_BSDOS: 742 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 743 off_linktype = -1; 744 /* XXX end */ 745 off_nl = 24; 746 off_nl_nosnap = 24; /* no 802.2 LLC */ 747 return; 748 749 case DLT_NULL: 750 case DLT_LOOP: 751 off_linktype = 0; 752 off_nl = 4; 753 off_nl_nosnap = 4; /* no 802.2 LLC */ 754 return; 755 756 case DLT_ENC: 757 off_linktype = 0; 758 off_nl = 12; 759 off_nl_nosnap = 12; /* no 802.2 LLC */ 760 return; 761 762 case DLT_PPP: 763 case DLT_PPP_PPPD: 764 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 765 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 766 off_linktype = 2; 767 off_nl = 4; 768 off_nl_nosnap = 4; /* no 802.2 LLC */ 769 return; 770 771 case DLT_PPP_ETHER: 772 /* 773 * This does no include the Ethernet header, and 774 * only covers session state. 775 */ 776 off_linktype = 6; 777 off_nl = 8; 778 off_nl_nosnap = 8; /* no 802.2 LLC */ 779 return; 780 781 case DLT_PPP_BSDOS: 782 off_linktype = 5; 783 off_nl = 24; 784 off_nl_nosnap = 24; /* no 802.2 LLC */ 785 return; 786 787 case DLT_FDDI: 788 /* 789 * FDDI doesn't really have a link-level type field. 790 * We set "off_linktype" to the offset of the LLC header. 791 * 792 * To check for Ethernet types, we assume that SSAP = SNAP 793 * is being used and pick out the encapsulated Ethernet type. 794 * XXX - should we generate code to check for SNAP? 795 */ 796 off_linktype = 13; 797#ifdef PCAP_FDDIPAD 798 off_linktype += pcap_fddipad; 799#endif 800 off_nl = 21; /* FDDI+802.2+SNAP */ 801 off_nl_nosnap = 16; /* FDDI+802.2 */ 802#ifdef PCAP_FDDIPAD 803 off_nl += pcap_fddipad; 804 off_nl_nosnap += pcap_fddipad; 805#endif 806 return; 807 808 case DLT_IEEE802: 809 /* 810 * Token Ring doesn't really have a link-level type field. 811 * We set "off_linktype" to the offset of the LLC header. 812 * 813 * To check for Ethernet types, we assume that SSAP = SNAP 814 * is being used and pick out the encapsulated Ethernet type. 815 * XXX - should we generate code to check for SNAP? 816 * 817 * XXX - the header is actually variable-length. 818 * Some various Linux patched versions gave 38 819 * as "off_linktype" and 40 as "off_nl"; however, 820 * if a token ring packet has *no* routing 821 * information, i.e. is not source-routed, the correct 822 * values are 20 and 22, as they are in the vanilla code. 823 * 824 * A packet is source-routed iff the uppermost bit 825 * of the first byte of the source address, at an 826 * offset of 8, has the uppermost bit set. If the 827 * packet is source-routed, the total number of bytes 828 * of routing information is 2 plus bits 0x1F00 of 829 * the 16-bit value at an offset of 14 (shifted right 830 * 8 - figure out which byte that is). 831 */ 832 off_linktype = 14; 833 off_nl = 22; /* Token Ring+802.2+SNAP */ 834 off_nl_nosnap = 17; /* Token Ring+802.2 */ 835 return; 836 837 case DLT_IEEE802_11: 838 /* 839 * 802.11 doesn't really have a link-level type field. 840 * We set "off_linktype" to the offset of the LLC header. 841 * 842 * To check for Ethernet types, we assume that SSAP = SNAP 843 * is being used and pick out the encapsulated Ethernet type. 844 * XXX - should we generate code to check for SNAP? 845 * 846 * XXX - the header is actually variable-length. We 847 * assume a 24-byte link-layer header, as appears in 848 * data frames in networks with no bridges. If the 849 * fromds and tods 802.11 header bits are both set, 850 * it's actually supposed to be 30 bytes. 851 */ 852 off_linktype = 24; 853 off_nl = 32; /* 802.11+802.2+SNAP */ 854 off_nl_nosnap = 27; /* 802.11+802.2 */ 855 return; 856 857 case DLT_PRISM_HEADER: 858 /* 859 * Same as 802.11, but with an additional header before 860 * the 802.11 header, containing a bunch of additional 861 * information including radio-level information. 862 * 863 * The header is 144 bytes long. 864 * 865 * XXX - same variable-length header problem; at least 866 * the Prism header is fixed-length. 867 */ 868 off_linktype = 144+24; 869 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */ 870 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */ 871 return; 872 873 case DLT_IEEE802_11_RADIO_AVS: 874 /* 875 * Same as 802.11, but with an additional header before 876 * the 802.11 header, containing a bunch of additional 877 * information including radio-level information. 878 * 879 * The header is 64 bytes long, at least in its 880 * current incarnation. 881 * 882 * XXX - same variable-length header problem, only 883 * more so; this header is also variable-length, 884 * with the length being the 32-bit big-endian 885 * number at an offset of 4 from the beginning 886 * of the radio header. 887 */ 888 off_linktype = 64+24; 889 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */ 890 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */ 891 return; 892 893 case DLT_IEEE802_11_RADIO: 894 /* 895 * Same as 802.11, but with an additional header before 896 * the 802.11 header, containing a bunch of additional 897 * information including radio-level information. 898 * 899 * XXX - same variable-length header problem, only 900 * even *more* so; this header is also variable-length, 901 * with the length being the 16-bit number at an offset 902 * of 2 from the beginning of the radio header, and it's 903 * device-dependent (different devices might supply 904 * different amounts of information), so we can't even 905 * assume a fixed length for the current version of the 906 * header. 907 * 908 * Therefore, currently, only raw "link[N:M]" filtering is 909 * supported. 910 */ 911 off_linktype = -1; 912 off_nl = -1; 913 off_nl_nosnap = -1; 914 return; 915 916 case DLT_ATM_RFC1483: 917 case DLT_ATM_CLIP: /* Linux ATM defines this */ 918 /* 919 * assume routed, non-ISO PDUs 920 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 921 */ 922 off_linktype = 0; 923 off_nl = 8; /* 802.2+SNAP */ 924 off_nl_nosnap = 3; /* 802.2 */ 925 return; 926 927 case DLT_SUNATM: 928 /* 929 * Full Frontal ATM; you get AALn PDUs with an ATM 930 * pseudo-header. 931 */ 932 is_atm = 1; 933 off_vpi = SUNATM_VPI_POS; 934 off_vci = SUNATM_VCI_POS; 935 off_proto = PROTO_POS; 936 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */ 937 off_payload = SUNATM_PKT_BEGIN_POS; 938 off_linktype = off_payload; 939 off_nl = off_payload+8; /* 802.2+SNAP */ 940 off_nl_nosnap = off_payload+3; /* 802.2 */ 941 return; 942 943 case DLT_RAW: 944 off_linktype = -1; 945 off_nl = 0; 946 off_nl_nosnap = 0; /* no 802.2 LLC */ 947 return; 948 949 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 950 off_linktype = 14; 951 off_nl = 16; 952 off_nl_nosnap = 16; /* no 802.2 LLC */ 953 return; 954 955 case DLT_LTALK: 956 /* 957 * LocalTalk does have a 1-byte type field in the LLAP header, 958 * but really it just indicates whether there is a "short" or 959 * "long" DDP packet following. 960 */ 961 off_linktype = -1; 962 off_nl = 0; 963 off_nl_nosnap = 0; /* no 802.2 LLC */ 964 return; 965 966 case DLT_IP_OVER_FC: 967 /* 968 * RFC 2625 IP-over-Fibre-Channel doesn't really have a 969 * link-level type field. We set "off_linktype" to the 970 * offset of the LLC header. 971 * 972 * To check for Ethernet types, we assume that SSAP = SNAP 973 * is being used and pick out the encapsulated Ethernet type. 974 * XXX - should we generate code to check for SNAP? RFC 975 * 2625 says SNAP should be used. 976 */ 977 off_linktype = 16; 978 off_nl = 24; /* IPFC+802.2+SNAP */ 979 off_nl_nosnap = 19; /* IPFC+802.2 */ 980 return; 981 982 case DLT_FRELAY: 983 /* 984 * XXX - we should set this to handle SNAP-encapsulated 985 * frames (NLPID of 0x80). 986 */ 987 off_linktype = -1; 988 off_nl = 0; 989 off_nl_nosnap = 0; /* no 802.2 LLC */ 990 return; 991 992 case DLT_APPLE_IP_OVER_IEEE1394: 993 off_linktype = 16; 994 off_nl = 18; 995 off_nl_nosnap = 0; /* no 802.2 LLC */ 996 return; 997 998 case DLT_LINUX_IRDA: 999 /* 1000 * Currently, only raw "link[N:M]" filtering is supported. 1001 */ 1002 off_linktype = -1; 1003 off_nl = -1; 1004 off_nl_nosnap = -1; 1005 return; 1006 1007 case DLT_DOCSIS: 1008 /* 1009 * Currently, only raw "link[N:M]" filtering is supported. 1010 */ 1011 off_linktype = -1; 1012 off_nl = -1; 1013 off_nl_nosnap = -1; 1014 return; 1015 1016 case DLT_SYMANTEC_FIREWALL: 1017 off_linktype = 6; 1018 off_nl = 44; /* Ethernet II */ 1019 off_nl_nosnap = 44; /* XXX - what does it do with 802.3 packets? */ 1020 return; 1021 1022 case DLT_PFLOG: 1023 off_linktype = 0; 1024 /* XXX read from header? */ 1025 off_nl = PFLOG_HDRLEN; 1026 off_nl_nosnap = PFLOG_HDRLEN; 1027 return; 1028 1029 case DLT_JUNIPER_MLFR: 1030 case DLT_JUNIPER_MLPPP: 1031 off_linktype = 4; 1032 off_nl = 4; 1033 off_nl_nosnap = -1; 1034 return; 1035 1036 case DLT_JUNIPER_ATM1: 1037 off_linktype = 4; /* in reality variable between 4-8 */ 1038 off_nl = 4; 1039 off_nl_nosnap = 14; 1040 return; 1041 1042 case DLT_JUNIPER_ATM2: 1043 off_linktype = 8; /* in reality variable between 8-12 */ 1044 off_nl = 8; 1045 off_nl_nosnap = 18; 1046 return; 1047 1048#ifdef DLT_PFSYNC 1049 case DLT_PFSYNC: 1050 off_linktype = -1; 1051 off_nl = 4; 1052 off_nl_nosnap = 4; 1053 return; 1054#endif 1055 } 1056 bpf_error("unknown data link type %d", linktype); 1057 /* NOTREACHED */ 1058} 1059 1060static struct block * 1061gen_uncond(rsense) 1062 int rsense; 1063{ 1064 struct block *b; 1065 struct slist *s; 1066 1067 s = new_stmt(BPF_LD|BPF_IMM); 1068 s->s.k = !rsense; 1069 b = new_block(JMP(BPF_JEQ)); 1070 b->stmts = s; 1071 1072 return b; 1073} 1074 1075static inline struct block * 1076gen_true() 1077{ 1078 return gen_uncond(1); 1079} 1080 1081static inline struct block * 1082gen_false() 1083{ 1084 return gen_uncond(0); 1085} 1086 1087/* 1088 * Byte-swap a 32-bit number. 1089 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 1090 * big-endian platforms.) 1091 */ 1092#define SWAPLONG(y) \ 1093((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 1094 1095static struct block * 1096gen_ether_linktype(proto) 1097 register int proto; 1098{ 1099 struct block *b0, *b1; 1100 1101 switch (proto) { 1102 1103 case LLCSAP_ISONS: 1104 /* 1105 * OSI protocols always use 802.2 encapsulation. 1106 * XXX - should we check both the DSAP and the 1107 * SSAP, like this, or should we check just the 1108 * DSAP? 1109 */ 1110 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1111 gen_not(b0); 1112 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1113 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1114 gen_and(b0, b1); 1115 return b1; 1116 1117 case LLCSAP_IP: 1118 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1119 gen_not(b0); 1120 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1121 ((LLCSAP_IP << 8) | LLCSAP_IP)); 1122 gen_and(b0, b1); 1123 return b1; 1124 1125 case LLCSAP_NETBEUI: 1126 /* 1127 * NetBEUI always uses 802.2 encapsulation. 1128 * XXX - should we check both the DSAP and the 1129 * SSAP, like this, or should we check just the 1130 * DSAP? 1131 */ 1132 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1133 gen_not(b0); 1134 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1135 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 1136 gen_and(b0, b1); 1137 return b1; 1138 1139 case LLCSAP_IPX: 1140 /* 1141 * Check for; 1142 * 1143 * Ethernet_II frames, which are Ethernet 1144 * frames with a frame type of ETHERTYPE_IPX; 1145 * 1146 * Ethernet_802.3 frames, which are 802.3 1147 * frames (i.e., the type/length field is 1148 * a length field, <= ETHERMTU, rather than 1149 * a type field) with the first two bytes 1150 * after the Ethernet/802.3 header being 1151 * 0xFFFF; 1152 * 1153 * Ethernet_802.2 frames, which are 802.3 1154 * frames with an 802.2 LLC header and 1155 * with the IPX LSAP as the DSAP in the LLC 1156 * header; 1157 * 1158 * Ethernet_SNAP frames, which are 802.3 1159 * frames with an LLC header and a SNAP 1160 * header and with an OUI of 0x000000 1161 * (encapsulated Ethernet) and a protocol 1162 * ID of ETHERTYPE_IPX in the SNAP header. 1163 * 1164 * XXX - should we generate the same code both 1165 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 1166 */ 1167 1168 /* 1169 * This generates code to check both for the 1170 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 1171 */ 1172 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX); 1173 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF); 1174 gen_or(b0, b1); 1175 1176 /* 1177 * Now we add code to check for SNAP frames with 1178 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 1179 */ 1180 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 1181 gen_or(b0, b1); 1182 1183 /* 1184 * Now we generate code to check for 802.3 1185 * frames in general. 1186 */ 1187 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1188 gen_not(b0); 1189 1190 /* 1191 * Now add the check for 802.3 frames before the 1192 * check for Ethernet_802.2 and Ethernet_802.3, 1193 * as those checks should only be done on 802.3 1194 * frames, not on Ethernet frames. 1195 */ 1196 gen_and(b0, b1); 1197 1198 /* 1199 * Now add the check for Ethernet_II frames, and 1200 * do that before checking for the other frame 1201 * types. 1202 */ 1203 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX); 1204 gen_or(b0, b1); 1205 return b1; 1206 1207 case ETHERTYPE_ATALK: 1208 case ETHERTYPE_AARP: 1209 /* 1210 * EtherTalk (AppleTalk protocols on Ethernet link 1211 * layer) may use 802.2 encapsulation. 1212 */ 1213 1214 /* 1215 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1216 * we check for an Ethernet type field less than 1217 * 1500, which means it's an 802.3 length field. 1218 */ 1219 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1220 gen_not(b0); 1221 1222 /* 1223 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1224 * SNAP packets with an organization code of 1225 * 0x080007 (Apple, for Appletalk) and a protocol 1226 * type of ETHERTYPE_ATALK (Appletalk). 1227 * 1228 * 802.2-encapsulated ETHERTYPE_AARP packets are 1229 * SNAP packets with an organization code of 1230 * 0x000000 (encapsulated Ethernet) and a protocol 1231 * type of ETHERTYPE_AARP (Appletalk ARP). 1232 */ 1233 if (proto == ETHERTYPE_ATALK) 1234 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 1235 else /* proto == ETHERTYPE_AARP */ 1236 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 1237 gen_and(b0, b1); 1238 1239 /* 1240 * Check for Ethernet encapsulation (Ethertalk 1241 * phase 1?); we just check for the Ethernet 1242 * protocol type. 1243 */ 1244 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1245 1246 gen_or(b0, b1); 1247 return b1; 1248 1249 default: 1250 if (proto <= ETHERMTU) { 1251 /* 1252 * This is an LLC SAP value, so the frames 1253 * that match would be 802.2 frames. 1254 * Check that the frame is an 802.2 frame 1255 * (i.e., that the length/type field is 1256 * a length field, <= ETHERMTU) and 1257 * then check the DSAP. 1258 */ 1259 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 1260 gen_not(b0); 1261 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 1262 gen_and(b0, b1); 1263 return b1; 1264 } else { 1265 /* 1266 * This is an Ethernet type, so compare 1267 * the length/type field with it (if 1268 * the frame is an 802.2 frame, the length 1269 * field will be <= ETHERMTU, and, as 1270 * "proto" is > ETHERMTU, this test 1271 * will fail and the frame won't match, 1272 * which is what we want). 1273 */ 1274 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1275 } 1276 } 1277} 1278 1279static struct block * 1280gen_linux_sll_linktype(proto) 1281 register int proto; 1282{ 1283 struct block *b0, *b1; 1284 1285 switch (proto) { 1286 1287 case LLCSAP_IP: 1288 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1289 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1290 ((LLCSAP_IP << 8) | LLCSAP_IP)); 1291 gen_and(b0, b1); 1292 return b1; 1293 1294 case LLCSAP_ISONS: 1295 /* 1296 * OSI protocols always use 802.2 encapsulation. 1297 * XXX - should we check both the DSAP and the 1298 * SSAP, like this, or should we check just the 1299 * DSAP? 1300 */ 1301 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1302 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1303 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1304 gen_and(b0, b1); 1305 return b1; 1306 1307 case LLCSAP_NETBEUI: 1308 /* 1309 * NetBEUI always uses 802.2 encapsulation. 1310 * XXX - should we check both the DSAP and the 1311 * LSAP, like this, or should we check just the 1312 * DSAP? 1313 */ 1314 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1315 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 1316 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 1317 gen_and(b0, b1); 1318 return b1; 1319 1320 case LLCSAP_IPX: 1321 /* 1322 * Ethernet_II frames, which are Ethernet 1323 * frames with a frame type of ETHERTYPE_IPX; 1324 * 1325 * Ethernet_802.3 frames, which have a frame 1326 * type of LINUX_SLL_P_802_3; 1327 * 1328 * Ethernet_802.2 frames, which are 802.3 1329 * frames with an 802.2 LLC header (i.e, have 1330 * a frame type of LINUX_SLL_P_802_2) and 1331 * with the IPX LSAP as the DSAP in the LLC 1332 * header; 1333 * 1334 * Ethernet_SNAP frames, which are 802.3 1335 * frames with an LLC header and a SNAP 1336 * header and with an OUI of 0x000000 1337 * (encapsulated Ethernet) and a protocol 1338 * ID of ETHERTYPE_IPX in the SNAP header. 1339 * 1340 * First, do the checks on LINUX_SLL_P_802_2 1341 * frames; generate the check for either 1342 * Ethernet_802.2 or Ethernet_SNAP frames, and 1343 * then put a check for LINUX_SLL_P_802_2 frames 1344 * before it. 1345 */ 1346 b0 = gen_cmp(off_linktype + 2, BPF_B, 1347 (bpf_int32)LLCSAP_IPX); 1348 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 1349 off_linktype + 2); 1350 gen_or(b0, b1); 1351 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1352 gen_and(b0, b1); 1353 1354 /* 1355 * Now check for 802.3 frames and OR that with 1356 * the previous test. 1357 */ 1358 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3); 1359 gen_or(b0, b1); 1360 1361 /* 1362 * Now add the check for Ethernet_II frames, and 1363 * do that before checking for the other frame 1364 * types. 1365 */ 1366 b0 = gen_cmp(off_linktype, BPF_H, 1367 (bpf_int32)ETHERTYPE_IPX); 1368 gen_or(b0, b1); 1369 return b1; 1370 1371 case ETHERTYPE_ATALK: 1372 case ETHERTYPE_AARP: 1373 /* 1374 * EtherTalk (AppleTalk protocols on Ethernet link 1375 * layer) may use 802.2 encapsulation. 1376 */ 1377 1378 /* 1379 * Check for 802.2 encapsulation (EtherTalk phase 2?); 1380 * we check for the 802.2 protocol type in the 1381 * "Ethernet type" field. 1382 */ 1383 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 1384 1385 /* 1386 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1387 * SNAP packets with an organization code of 1388 * 0x080007 (Apple, for Appletalk) and a protocol 1389 * type of ETHERTYPE_ATALK (Appletalk). 1390 * 1391 * 802.2-encapsulated ETHERTYPE_AARP packets are 1392 * SNAP packets with an organization code of 1393 * 0x000000 (encapsulated Ethernet) and a protocol 1394 * type of ETHERTYPE_AARP (Appletalk ARP). 1395 */ 1396 if (proto == ETHERTYPE_ATALK) 1397 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 1398 off_linktype + 2); 1399 else /* proto == ETHERTYPE_AARP */ 1400 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 1401 off_linktype + 2); 1402 gen_and(b0, b1); 1403 1404 /* 1405 * Check for Ethernet encapsulation (Ethertalk 1406 * phase 1?); we just check for the Ethernet 1407 * protocol type. 1408 */ 1409 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1410 1411 gen_or(b0, b1); 1412 return b1; 1413 1414 default: 1415 if (proto <= ETHERMTU) { 1416 /* 1417 * This is an LLC SAP value, so the frames 1418 * that match would be 802.2 frames. 1419 * Check for the 802.2 protocol type 1420 * in the "Ethernet type" field, and 1421 * then check the DSAP. 1422 */ 1423 b0 = gen_cmp(off_linktype, BPF_H, 1424 LINUX_SLL_P_802_2); 1425 b1 = gen_cmp(off_linktype + 2, BPF_B, 1426 (bpf_int32)proto); 1427 gen_and(b0, b1); 1428 return b1; 1429 } else { 1430 /* 1431 * This is an Ethernet type, so compare 1432 * the length/type field with it (if 1433 * the frame is an 802.2 frame, the length 1434 * field will be <= ETHERMTU, and, as 1435 * "proto" is > ETHERMTU, this test 1436 * will fail and the frame won't match, 1437 * which is what we want). 1438 */ 1439 return gen_cmp(off_linktype, BPF_H, 1440 (bpf_int32)proto); 1441 } 1442 } 1443} 1444 1445static struct block * 1446gen_linktype(proto) 1447 register int proto; 1448{ 1449 struct block *b0, *b1, *b2; 1450 1451 switch (linktype) { 1452 1453 case DLT_EN10MB: 1454 return gen_ether_linktype(proto); 1455 /*NOTREACHED*/ 1456 break; 1457 1458 case DLT_C_HDLC: 1459 switch (proto) { 1460 1461 case LLCSAP_ISONS: 1462 proto = (proto << 8 | LLCSAP_ISONS); 1463 /* fall through */ 1464 1465 default: 1466 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1467 /*NOTREACHED*/ 1468 break; 1469 } 1470 break; 1471 1472 case DLT_IEEE802_11: 1473 case DLT_PRISM_HEADER: 1474 case DLT_IEEE802_11_RADIO: 1475 case DLT_FDDI: 1476 case DLT_IEEE802: 1477 case DLT_ATM_RFC1483: 1478 case DLT_ATM_CLIP: 1479 case DLT_IP_OVER_FC: 1480 return gen_llc(proto); 1481 /*NOTREACHED*/ 1482 break; 1483 1484 case DLT_SUNATM: 1485 /* 1486 * If "is_lane" is set, check for a LANE-encapsulated 1487 * version of this protocol, otherwise check for an 1488 * LLC-encapsulated version of this protocol. 1489 * 1490 * We assume LANE means Ethernet, not Token Ring. 1491 */ 1492 if (is_lane) { 1493 /* 1494 * Check that the packet doesn't begin with an 1495 * LE Control marker. (We've already generated 1496 * a test for LANE.) 1497 */ 1498 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 1499 gen_not(b0); 1500 1501 /* 1502 * Now generate an Ethernet test. 1503 */ 1504 b1 = gen_ether_linktype(proto); 1505 gen_and(b0, b1); 1506 return b1; 1507 } else { 1508 /* 1509 * Check for LLC encapsulation and then check the 1510 * protocol. 1511 */ 1512 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 1513 b1 = gen_llc(proto); 1514 gen_and(b0, b1); 1515 return b1; 1516 } 1517 1518 case DLT_LINUX_SLL: 1519 return gen_linux_sll_linktype(proto); 1520 /*NOTREACHED*/ 1521 break; 1522 1523 case DLT_SLIP: 1524 case DLT_SLIP_BSDOS: 1525 case DLT_RAW: 1526 /* 1527 * These types don't provide any type field; packets 1528 * are always IP. 1529 * 1530 * XXX - for IPv4, check for a version number of 4, and, 1531 * for IPv6, check for a version number of 6? 1532 */ 1533 switch (proto) { 1534 1535 case ETHERTYPE_IP: 1536#ifdef INET6 1537 case ETHERTYPE_IPV6: 1538#endif 1539 return gen_true(); /* always true */ 1540 1541 default: 1542 return gen_false(); /* always false */ 1543 } 1544 /*NOTREACHED*/ 1545 break; 1546 1547 case DLT_PPP: 1548 case DLT_PPP_PPPD: 1549 case DLT_PPP_SERIAL: 1550 case DLT_PPP_ETHER: 1551 /* 1552 * We use Ethernet protocol types inside libpcap; 1553 * map them to the corresponding PPP protocol types. 1554 */ 1555 switch (proto) { 1556 1557 case ETHERTYPE_IP: 1558 proto = PPP_IP; 1559 break; 1560 1561#ifdef INET6 1562 case ETHERTYPE_IPV6: 1563 proto = PPP_IPV6; 1564 break; 1565#endif 1566 1567 case ETHERTYPE_DN: 1568 proto = PPP_DECNET; 1569 break; 1570 1571 case ETHERTYPE_ATALK: 1572 proto = PPP_APPLE; 1573 break; 1574 1575 case ETHERTYPE_NS: 1576 proto = PPP_NS; 1577 break; 1578 1579 case LLCSAP_ISONS: 1580 proto = PPP_OSI; 1581 break; 1582 1583 case LLCSAP_8021D: 1584 /* 1585 * I'm assuming the "Bridging PDU"s that go 1586 * over PPP are Spanning Tree Protocol 1587 * Bridging PDUs. 1588 */ 1589 proto = PPP_BRPDU; 1590 break; 1591 1592 case LLCSAP_IPX: 1593 proto = PPP_IPX; 1594 break; 1595 } 1596 break; 1597 1598 case DLT_PPP_BSDOS: 1599 /* 1600 * We use Ethernet protocol types inside libpcap; 1601 * map them to the corresponding PPP protocol types. 1602 */ 1603 switch (proto) { 1604 1605 case ETHERTYPE_IP: 1606 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 1607 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 1608 gen_or(b0, b1); 1609 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 1610 gen_or(b1, b0); 1611 return b0; 1612 1613#ifdef INET6 1614 case ETHERTYPE_IPV6: 1615 proto = PPP_IPV6; 1616 /* more to go? */ 1617 break; 1618#endif 1619 1620 case ETHERTYPE_DN: 1621 proto = PPP_DECNET; 1622 break; 1623 1624 case ETHERTYPE_ATALK: 1625 proto = PPP_APPLE; 1626 break; 1627 1628 case ETHERTYPE_NS: 1629 proto = PPP_NS; 1630 break; 1631 1632 case LLCSAP_ISONS: 1633 proto = PPP_OSI; 1634 break; 1635 1636 case LLCSAP_8021D: 1637 /* 1638 * I'm assuming the "Bridging PDU"s that go 1639 * over PPP are Spanning Tree Protocol 1640 * Bridging PDUs. 1641 */ 1642 proto = PPP_BRPDU; 1643 break; 1644 1645 case LLCSAP_IPX: 1646 proto = PPP_IPX; 1647 break; 1648 } 1649 break; 1650 1651 case DLT_NULL: 1652 case DLT_LOOP: 1653 case DLT_ENC: 1654 /* 1655 * For DLT_NULL, the link-layer header is a 32-bit 1656 * word containing an AF_ value in *host* byte order, 1657 * and for DLT_ENC, the link-layer header begins 1658 * with a 32-bit work containing an AF_ value in 1659 * host byte order. 1660 * 1661 * In addition, if we're reading a saved capture file, 1662 * the host byte order in the capture may not be the 1663 * same as the host byte order on this machine. 1664 * 1665 * For DLT_LOOP, the link-layer header is a 32-bit 1666 * word containing an AF_ value in *network* byte order. 1667 * 1668 * XXX - AF_ values may, unfortunately, be platform- 1669 * dependent; for example, FreeBSD's AF_INET6 is 24 1670 * whilst NetBSD's and OpenBSD's is 26. 1671 * 1672 * This means that, when reading a capture file, just 1673 * checking for our AF_INET6 value won't work if the 1674 * capture file came from another OS. 1675 */ 1676 switch (proto) { 1677 1678 case ETHERTYPE_IP: 1679 proto = AF_INET; 1680 break; 1681 1682#ifdef INET6 1683 case ETHERTYPE_IPV6: 1684 proto = AF_INET6; 1685 break; 1686#endif 1687 1688 default: 1689 /* 1690 * Not a type on which we support filtering. 1691 * XXX - support those that have AF_ values 1692 * #defined on this platform, at least? 1693 */ 1694 return gen_false(); 1695 } 1696 1697 if (linktype == DLT_NULL || linktype == DLT_ENC) { 1698 /* 1699 * The AF_ value is in host byte order, but 1700 * the BPF interpreter will convert it to 1701 * network byte order. 1702 * 1703 * If this is a save file, and it's from a 1704 * machine with the opposite byte order to 1705 * ours, we byte-swap the AF_ value. 1706 * 1707 * Then we run it through "htonl()", and 1708 * generate code to compare against the result. 1709 */ 1710 if (bpf_pcap->sf.rfile != NULL && 1711 bpf_pcap->sf.swapped) 1712 proto = SWAPLONG(proto); 1713 proto = htonl(proto); 1714 } 1715 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 1716 1717 case DLT_PFLOG: 1718 /* 1719 * af field is host byte order in contrast to the rest of 1720 * the packet. 1721 */ 1722 if (proto == ETHERTYPE_IP) 1723 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 1724 (bpf_int32)AF_INET)); 1725#ifdef INET6 1726 else if (proto == ETHERTYPE_IPV6) 1727 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 1728 (bpf_int32)AF_INET6)); 1729#endif /* INET6 */ 1730 else 1731 return gen_false(); 1732 /*NOTREACHED*/ 1733 break; 1734 1735 case DLT_ARCNET: 1736 case DLT_ARCNET_LINUX: 1737 /* 1738 * XXX should we check for first fragment if the protocol 1739 * uses PHDS? 1740 */ 1741 switch (proto) { 1742 1743 default: 1744 return gen_false(); 1745 1746#ifdef INET6 1747 case ETHERTYPE_IPV6: 1748 return (gen_cmp(off_linktype, BPF_B, 1749 (bpf_int32)ARCTYPE_INET6)); 1750#endif /* INET6 */ 1751 1752 case ETHERTYPE_IP: 1753 b0 = gen_cmp(off_linktype, BPF_B, 1754 (bpf_int32)ARCTYPE_IP); 1755 b1 = gen_cmp(off_linktype, BPF_B, 1756 (bpf_int32)ARCTYPE_IP_OLD); 1757 gen_or(b0, b1); 1758 return (b1); 1759 1760 case ETHERTYPE_ARP: 1761 b0 = gen_cmp(off_linktype, BPF_B, 1762 (bpf_int32)ARCTYPE_ARP); 1763 b1 = gen_cmp(off_linktype, BPF_B, 1764 (bpf_int32)ARCTYPE_ARP_OLD); 1765 gen_or(b0, b1); 1766 return (b1); 1767 1768 case ETHERTYPE_REVARP: 1769 return (gen_cmp(off_linktype, BPF_B, 1770 (bpf_int32)ARCTYPE_REVARP)); 1771 1772 case ETHERTYPE_ATALK: 1773 return (gen_cmp(off_linktype, BPF_B, 1774 (bpf_int32)ARCTYPE_ATALK)); 1775 } 1776 /*NOTREACHED*/ 1777 break; 1778 1779 case DLT_LTALK: 1780 switch (proto) { 1781 case ETHERTYPE_ATALK: 1782 return gen_true(); 1783 default: 1784 return gen_false(); 1785 } 1786 /*NOTREACHED*/ 1787 break; 1788 1789 case DLT_FRELAY: 1790 /* 1791 * XXX - assumes a 2-byte Frame Relay header with 1792 * DLCI and flags. What if the address is longer? 1793 */ 1794 switch (proto) { 1795 1796 case ETHERTYPE_IP: 1797 /* 1798 * Check for the special NLPID for IP. 1799 */ 1800 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc); 1801 1802#ifdef INET6 1803 case ETHERTYPE_IPV6: 1804 /* 1805 * Check for the special NLPID for IPv6. 1806 */ 1807 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e); 1808#endif 1809 1810 case LLCSAP_ISONS: 1811 /* 1812 * Check for several OSI protocols. 1813 * 1814 * Frame Relay packets typically have an OSI 1815 * NLPID at the beginning; we check for each 1816 * of them. 1817 * 1818 * What we check for is the NLPID and a frame 1819 * control field of UI, i.e. 0x03 followed 1820 * by the NLPID. 1821 */ 1822 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP); 1823 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS); 1824 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS); 1825 gen_or(b1, b2); 1826 gen_or(b0, b2); 1827 return b2; 1828 1829 default: 1830 return gen_false(); 1831 } 1832 /*NOTREACHED*/ 1833 break; 1834 1835 case DLT_JUNIPER_MLFR: 1836 case DLT_JUNIPER_MLPPP: 1837 case DLT_JUNIPER_ATM1: 1838 case DLT_JUNIPER_ATM2: 1839 /* just lets verify the magic number for now - 1840 * on ATM we may have up to 6 different encapsulations on the wire 1841 * and need a lot of heuristics to figure out that the payload 1842 * might be; 1843 * 1844 * FIXME encapsulation specific BPF_ filters 1845 */ 1846 return gen_mcmp(0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */ 1847 1848 case DLT_LINUX_IRDA: 1849 bpf_error("IrDA link-layer type filtering not implemented"); 1850 1851 case DLT_DOCSIS: 1852 bpf_error("DOCSIS link-layer type filtering not implemented"); 1853 } 1854 1855 /* 1856 * All the types that have no encapsulation should either be 1857 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 1858 * all packets are IP packets, or should be handled in some 1859 * special case, if none of them are (if some are and some 1860 * aren't, the lack of encapsulation is a problem, as we'd 1861 * have to find some other way of determining the packet type). 1862 * 1863 * Therefore, if "off_linktype" is -1, there's an error. 1864 */ 1865 if (off_linktype == (u_int)-1) 1866 abort(); 1867 1868 /* 1869 * Any type not handled above should always have an Ethernet 1870 * type at an offset of "off_linktype". (PPP is partially 1871 * handled above - the protocol type is mapped from the 1872 * Ethernet and LLC types we use internally to the corresponding 1873 * PPP type - but the PPP type is always specified by a value 1874 * at "off_linktype", so we don't have to do the code generation 1875 * above.) 1876 */ 1877 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 1878} 1879 1880/* 1881 * Check for an LLC SNAP packet with a given organization code and 1882 * protocol type; we check the entire contents of the 802.2 LLC and 1883 * snap headers, checking for DSAP and SSAP of SNAP and a control 1884 * field of 0x03 in the LLC header, and for the specified organization 1885 * code and protocol type in the SNAP header. 1886 */ 1887static struct block * 1888gen_snap(orgcode, ptype, offset) 1889 bpf_u_int32 orgcode; 1890 bpf_u_int32 ptype; 1891 u_int offset; 1892{ 1893 u_char snapblock[8]; 1894 1895 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 1896 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 1897 snapblock[2] = 0x03; /* control = UI */ 1898 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 1899 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 1900 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 1901 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 1902 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */ 1903 return gen_bcmp(offset, 8, snapblock); 1904} 1905 1906/* 1907 * Check for a given protocol value assuming an 802.2 LLC header. 1908 */ 1909static struct block * 1910gen_llc(proto) 1911 int proto; 1912{ 1913 /* 1914 * XXX - handle token-ring variable-length header. 1915 */ 1916 switch (proto) { 1917 1918 case LLCSAP_IP: 1919 return gen_cmp(off_linktype, BPF_H, (long) 1920 ((LLCSAP_IP << 8) | LLCSAP_IP)); 1921 1922 case LLCSAP_ISONS: 1923 return gen_cmp(off_linktype, BPF_H, (long) 1924 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 1925 1926 case LLCSAP_NETBEUI: 1927 return gen_cmp(off_linktype, BPF_H, (long) 1928 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 1929 1930 case LLCSAP_IPX: 1931 /* 1932 * XXX - are there ever SNAP frames for IPX on 1933 * non-Ethernet 802.x networks? 1934 */ 1935 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX); 1936 1937 case ETHERTYPE_ATALK: 1938 /* 1939 * 802.2-encapsulated ETHERTYPE_ATALK packets are 1940 * SNAP packets with an organization code of 1941 * 0x080007 (Apple, for Appletalk) and a protocol 1942 * type of ETHERTYPE_ATALK (Appletalk). 1943 * 1944 * XXX - check for an organization code of 1945 * encapsulated Ethernet as well? 1946 */ 1947 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype); 1948 1949 default: 1950 /* 1951 * XXX - we don't have to check for IPX 802.3 1952 * here, but should we check for the IPX Ethertype? 1953 */ 1954 if (proto <= ETHERMTU) { 1955 /* 1956 * This is an LLC SAP value, so check 1957 * the DSAP. 1958 */ 1959 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto); 1960 } else { 1961 /* 1962 * This is an Ethernet type; we assume that it's 1963 * unlikely that it'll appear in the right place 1964 * at random, and therefore check only the 1965 * location that would hold the Ethernet type 1966 * in a SNAP frame with an organization code of 1967 * 0x000000 (encapsulated Ethernet). 1968 * 1969 * XXX - if we were to check for the SNAP DSAP and 1970 * LSAP, as per XXX, and were also to check for an 1971 * organization code of 0x000000 (encapsulated 1972 * Ethernet), we'd do 1973 * 1974 * return gen_snap(0x000000, proto, 1975 * off_linktype); 1976 * 1977 * here; for now, we don't, as per the above. 1978 * I don't know whether it's worth the extra CPU 1979 * time to do the right check or not. 1980 */ 1981 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto); 1982 } 1983 } 1984} 1985 1986static struct block * 1987gen_hostop(addr, mask, dir, proto, src_off, dst_off) 1988 bpf_u_int32 addr; 1989 bpf_u_int32 mask; 1990 int dir, proto; 1991 u_int src_off, dst_off; 1992{ 1993 struct block *b0, *b1; 1994 u_int offset; 1995 1996 switch (dir) { 1997 1998 case Q_SRC: 1999 offset = src_off; 2000 break; 2001 2002 case Q_DST: 2003 offset = dst_off; 2004 break; 2005 2006 case Q_AND: 2007 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 2008 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 2009 gen_and(b0, b1); 2010 return b1; 2011 2012 case Q_OR: 2013 case Q_DEFAULT: 2014 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 2015 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 2016 gen_or(b0, b1); 2017 return b1; 2018 2019 default: 2020 abort(); 2021 } 2022 b0 = gen_linktype(proto); 2023 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 2024 gen_and(b0, b1); 2025 return b1; 2026} 2027 2028#ifdef INET6 2029static struct block * 2030gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 2031 struct in6_addr *addr; 2032 struct in6_addr *mask; 2033 int dir, proto; 2034 u_int src_off, dst_off; 2035{ 2036 struct block *b0, *b1; 2037 u_int offset; 2038 u_int32_t *a, *m; 2039 2040 switch (dir) { 2041 2042 case Q_SRC: 2043 offset = src_off; 2044 break; 2045 2046 case Q_DST: 2047 offset = dst_off; 2048 break; 2049 2050 case Q_AND: 2051 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 2052 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 2053 gen_and(b0, b1); 2054 return b1; 2055 2056 case Q_OR: 2057 case Q_DEFAULT: 2058 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 2059 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 2060 gen_or(b0, b1); 2061 return b1; 2062 2063 default: 2064 abort(); 2065 } 2066 /* this order is important */ 2067 a = (u_int32_t *)addr; 2068 m = (u_int32_t *)mask; 2069 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 2070 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 2071 gen_and(b0, b1); 2072 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 2073 gen_and(b0, b1); 2074 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 2075 gen_and(b0, b1); 2076 b0 = gen_linktype(proto); 2077 gen_and(b0, b1); 2078 return b1; 2079} 2080#endif /*INET6*/ 2081 2082static struct block * 2083gen_ehostop(eaddr, dir) 2084 register const u_char *eaddr; 2085 register int dir; 2086{ 2087 register struct block *b0, *b1; 2088 2089 switch (dir) { 2090 case Q_SRC: 2091 return gen_bcmp(off_mac + 6, 6, eaddr); 2092 2093 case Q_DST: 2094 return gen_bcmp(off_mac + 0, 6, eaddr); 2095 2096 case Q_AND: 2097 b0 = gen_ehostop(eaddr, Q_SRC); 2098 b1 = gen_ehostop(eaddr, Q_DST); 2099 gen_and(b0, b1); 2100 return b1; 2101 2102 case Q_DEFAULT: 2103 case Q_OR: 2104 b0 = gen_ehostop(eaddr, Q_SRC); 2105 b1 = gen_ehostop(eaddr, Q_DST); 2106 gen_or(b0, b1); 2107 return b1; 2108 } 2109 abort(); 2110 /* NOTREACHED */ 2111} 2112 2113/* 2114 * Like gen_ehostop, but for DLT_FDDI 2115 */ 2116static struct block * 2117gen_fhostop(eaddr, dir) 2118 register const u_char *eaddr; 2119 register int dir; 2120{ 2121 struct block *b0, *b1; 2122 2123 switch (dir) { 2124 case Q_SRC: 2125#ifdef PCAP_FDDIPAD 2126 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 2127#else 2128 return gen_bcmp(6 + 1, 6, eaddr); 2129#endif 2130 2131 case Q_DST: 2132#ifdef PCAP_FDDIPAD 2133 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 2134#else 2135 return gen_bcmp(0 + 1, 6, eaddr); 2136#endif 2137 2138 case Q_AND: 2139 b0 = gen_fhostop(eaddr, Q_SRC); 2140 b1 = gen_fhostop(eaddr, Q_DST); 2141 gen_and(b0, b1); 2142 return b1; 2143 2144 case Q_DEFAULT: 2145 case Q_OR: 2146 b0 = gen_fhostop(eaddr, Q_SRC); 2147 b1 = gen_fhostop(eaddr, Q_DST); 2148 gen_or(b0, b1); 2149 return b1; 2150 } 2151 abort(); 2152 /* NOTREACHED */ 2153} 2154 2155/* 2156 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 2157 */ 2158static struct block * 2159gen_thostop(eaddr, dir) 2160 register const u_char *eaddr; 2161 register int dir; 2162{ 2163 register struct block *b0, *b1; 2164 2165 switch (dir) { 2166 case Q_SRC: 2167 return gen_bcmp(8, 6, eaddr); 2168 2169 case Q_DST: 2170 return gen_bcmp(2, 6, eaddr); 2171 2172 case Q_AND: 2173 b0 = gen_thostop(eaddr, Q_SRC); 2174 b1 = gen_thostop(eaddr, Q_DST); 2175 gen_and(b0, b1); 2176 return b1; 2177 2178 case Q_DEFAULT: 2179 case Q_OR: 2180 b0 = gen_thostop(eaddr, Q_SRC); 2181 b1 = gen_thostop(eaddr, Q_DST); 2182 gen_or(b0, b1); 2183 return b1; 2184 } 2185 abort(); 2186 /* NOTREACHED */ 2187} 2188 2189/* 2190 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) 2191 */ 2192static struct block * 2193gen_wlanhostop(eaddr, dir) 2194 register const u_char *eaddr; 2195 register int dir; 2196{ 2197 register struct block *b0, *b1, *b2; 2198 register struct slist *s; 2199 2200 switch (dir) { 2201 case Q_SRC: 2202 /* 2203 * Oh, yuk. 2204 * 2205 * For control frames, there is no SA. 2206 * 2207 * For management frames, SA is at an 2208 * offset of 10 from the beginning of 2209 * the packet. 2210 * 2211 * For data frames, SA is at an offset 2212 * of 10 from the beginning of the packet 2213 * if From DS is clear, at an offset of 2214 * 16 from the beginning of the packet 2215 * if From DS is set and To DS is clear, 2216 * and an offset of 24 from the beginning 2217 * of the packet if From DS is set and To DS 2218 * is set. 2219 */ 2220 2221 /* 2222 * Generate the tests to be done for data frames 2223 * with From DS set. 2224 * 2225 * First, check for To DS set, i.e. check "link[1] & 0x01". 2226 */ 2227 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2228 s->s.k = 1; 2229 b1 = new_block(JMP(BPF_JSET)); 2230 b1->s.k = 0x01; /* To DS */ 2231 b1->stmts = s; 2232 2233 /* 2234 * If To DS is set, the SA is at 24. 2235 */ 2236 b0 = gen_bcmp(24, 6, eaddr); 2237 gen_and(b1, b0); 2238 2239 /* 2240 * Now, check for To DS not set, i.e. check 2241 * "!(link[1] & 0x01)". 2242 */ 2243 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2244 s->s.k = 1; 2245 b2 = new_block(JMP(BPF_JSET)); 2246 b2->s.k = 0x01; /* To DS */ 2247 b2->stmts = s; 2248 gen_not(b2); 2249 2250 /* 2251 * If To DS is not set, the SA is at 16. 2252 */ 2253 b1 = gen_bcmp(16, 6, eaddr); 2254 gen_and(b2, b1); 2255 2256 /* 2257 * Now OR together the last two checks. That gives 2258 * the complete set of checks for data frames with 2259 * From DS set. 2260 */ 2261 gen_or(b1, b0); 2262 2263 /* 2264 * Now check for From DS being set, and AND that with 2265 * the ORed-together checks. 2266 */ 2267 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2268 s->s.k = 1; 2269 b1 = new_block(JMP(BPF_JSET)); 2270 b1->s.k = 0x02; /* From DS */ 2271 b1->stmts = s; 2272 gen_and(b1, b0); 2273 2274 /* 2275 * Now check for data frames with From DS not set. 2276 */ 2277 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2278 s->s.k = 1; 2279 b2 = new_block(JMP(BPF_JSET)); 2280 b2->s.k = 0x02; /* From DS */ 2281 b2->stmts = s; 2282 gen_not(b2); 2283 2284 /* 2285 * If From DS isn't set, the SA is at 10. 2286 */ 2287 b1 = gen_bcmp(10, 6, eaddr); 2288 gen_and(b2, b1); 2289 2290 /* 2291 * Now OR together the checks for data frames with 2292 * From DS not set and for data frames with From DS 2293 * set; that gives the checks done for data frames. 2294 */ 2295 gen_or(b1, b0); 2296 2297 /* 2298 * Now check for a data frame. 2299 * I.e, check "link[0] & 0x08". 2300 */ 2301 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2302 s->s.k = 0; 2303 b1 = new_block(JMP(BPF_JSET)); 2304 b1->s.k = 0x08; 2305 b1->stmts = s; 2306 2307 /* 2308 * AND that with the checks done for data frames. 2309 */ 2310 gen_and(b1, b0); 2311 2312 /* 2313 * If the high-order bit of the type value is 0, this 2314 * is a management frame. 2315 * I.e, check "!(link[0] & 0x08)". 2316 */ 2317 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2318 s->s.k = 0; 2319 b2 = new_block(JMP(BPF_JSET)); 2320 b2->s.k = 0x08; 2321 b2->stmts = s; 2322 gen_not(b2); 2323 2324 /* 2325 * For management frames, the SA is at 10. 2326 */ 2327 b1 = gen_bcmp(10, 6, eaddr); 2328 gen_and(b2, b1); 2329 2330 /* 2331 * OR that with the checks done for data frames. 2332 * That gives the checks done for management and 2333 * data frames. 2334 */ 2335 gen_or(b1, b0); 2336 2337 /* 2338 * If the low-order bit of the type value is 1, 2339 * this is either a control frame or a frame 2340 * with a reserved type, and thus not a 2341 * frame with an SA. 2342 * 2343 * I.e., check "!(link[0] & 0x04)". 2344 */ 2345 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2346 s->s.k = 0; 2347 b1 = new_block(JMP(BPF_JSET)); 2348 b1->s.k = 0x04; 2349 b1->stmts = s; 2350 gen_not(b1); 2351 2352 /* 2353 * AND that with the checks for data and management 2354 * frames. 2355 */ 2356 gen_and(b1, b0); 2357 return b0; 2358 2359 case Q_DST: 2360 /* 2361 * Oh, yuk. 2362 * 2363 * For control frames, there is no DA. 2364 * 2365 * For management frames, DA is at an 2366 * offset of 4 from the beginning of 2367 * the packet. 2368 * 2369 * For data frames, DA is at an offset 2370 * of 4 from the beginning of the packet 2371 * if To DS is clear and at an offset of 2372 * 16 from the beginning of the packet 2373 * if To DS is set. 2374 */ 2375 2376 /* 2377 * Generate the tests to be done for data frames. 2378 * 2379 * First, check for To DS set, i.e. "link[1] & 0x01". 2380 */ 2381 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2382 s->s.k = 1; 2383 b1 = new_block(JMP(BPF_JSET)); 2384 b1->s.k = 0x01; /* To DS */ 2385 b1->stmts = s; 2386 2387 /* 2388 * If To DS is set, the DA is at 16. 2389 */ 2390 b0 = gen_bcmp(16, 6, eaddr); 2391 gen_and(b1, b0); 2392 2393 /* 2394 * Now, check for To DS not set, i.e. check 2395 * "!(link[1] & 0x01)". 2396 */ 2397 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2398 s->s.k = 1; 2399 b2 = new_block(JMP(BPF_JSET)); 2400 b2->s.k = 0x01; /* To DS */ 2401 b2->stmts = s; 2402 gen_not(b2); 2403 2404 /* 2405 * If To DS is not set, the DA is at 4. 2406 */ 2407 b1 = gen_bcmp(4, 6, eaddr); 2408 gen_and(b2, b1); 2409 2410 /* 2411 * Now OR together the last two checks. That gives 2412 * the complete set of checks for data frames. 2413 */ 2414 gen_or(b1, b0); 2415 2416 /* 2417 * Now check for a data frame. 2418 * I.e, check "link[0] & 0x08". 2419 */ 2420 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2421 s->s.k = 0; 2422 b1 = new_block(JMP(BPF_JSET)); 2423 b1->s.k = 0x08; 2424 b1->stmts = s; 2425 2426 /* 2427 * AND that with the checks done for data frames. 2428 */ 2429 gen_and(b1, b0); 2430 2431 /* 2432 * If the high-order bit of the type value is 0, this 2433 * is a management frame. 2434 * I.e, check "!(link[0] & 0x08)". 2435 */ 2436 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2437 s->s.k = 0; 2438 b2 = new_block(JMP(BPF_JSET)); 2439 b2->s.k = 0x08; 2440 b2->stmts = s; 2441 gen_not(b2); 2442 2443 /* 2444 * For management frames, the DA is at 4. 2445 */ 2446 b1 = gen_bcmp(4, 6, eaddr); 2447 gen_and(b2, b1); 2448 2449 /* 2450 * OR that with the checks done for data frames. 2451 * That gives the checks done for management and 2452 * data frames. 2453 */ 2454 gen_or(b1, b0); 2455 2456 /* 2457 * If the low-order bit of the type value is 1, 2458 * this is either a control frame or a frame 2459 * with a reserved type, and thus not a 2460 * frame with an SA. 2461 * 2462 * I.e., check "!(link[0] & 0x04)". 2463 */ 2464 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2465 s->s.k = 0; 2466 b1 = new_block(JMP(BPF_JSET)); 2467 b1->s.k = 0x04; 2468 b1->stmts = s; 2469 gen_not(b1); 2470 2471 /* 2472 * AND that with the checks for data and management 2473 * frames. 2474 */ 2475 gen_and(b1, b0); 2476 return b0; 2477 2478 case Q_AND: 2479 b0 = gen_wlanhostop(eaddr, Q_SRC); 2480 b1 = gen_wlanhostop(eaddr, Q_DST); 2481 gen_and(b0, b1); 2482 return b1; 2483 2484 case Q_DEFAULT: 2485 case Q_OR: 2486 b0 = gen_wlanhostop(eaddr, Q_SRC); 2487 b1 = gen_wlanhostop(eaddr, Q_DST); 2488 gen_or(b0, b1); 2489 return b1; 2490 } 2491 abort(); 2492 /* NOTREACHED */ 2493} 2494 2495/* 2496 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel. 2497 * (We assume that the addresses are IEEE 48-bit MAC addresses, 2498 * as the RFC states.) 2499 */ 2500static struct block * 2501gen_ipfchostop(eaddr, dir) 2502 register const u_char *eaddr; 2503 register int dir; 2504{ 2505 register struct block *b0, *b1; 2506 2507 switch (dir) { 2508 case Q_SRC: 2509 return gen_bcmp(10, 6, eaddr); 2510 2511 case Q_DST: 2512 return gen_bcmp(2, 6, eaddr); 2513 2514 case Q_AND: 2515 b0 = gen_ipfchostop(eaddr, Q_SRC); 2516 b1 = gen_ipfchostop(eaddr, Q_DST); 2517 gen_and(b0, b1); 2518 return b1; 2519 2520 case Q_DEFAULT: 2521 case Q_OR: 2522 b0 = gen_ipfchostop(eaddr, Q_SRC); 2523 b1 = gen_ipfchostop(eaddr, Q_DST); 2524 gen_or(b0, b1); 2525 return b1; 2526 } 2527 abort(); 2528 /* NOTREACHED */ 2529} 2530 2531/* 2532 * This is quite tricky because there may be pad bytes in front of the 2533 * DECNET header, and then there are two possible data packet formats that 2534 * carry both src and dst addresses, plus 5 packet types in a format that 2535 * carries only the src node, plus 2 types that use a different format and 2536 * also carry just the src node. 2537 * 2538 * Yuck. 2539 * 2540 * Instead of doing those all right, we just look for data packets with 2541 * 0 or 1 bytes of padding. If you want to look at other packets, that 2542 * will require a lot more hacking. 2543 * 2544 * To add support for filtering on DECNET "areas" (network numbers) 2545 * one would want to add a "mask" argument to this routine. That would 2546 * make the filter even more inefficient, although one could be clever 2547 * and not generate masking instructions if the mask is 0xFFFF. 2548 */ 2549static struct block * 2550gen_dnhostop(addr, dir, base_off) 2551 bpf_u_int32 addr; 2552 int dir; 2553 u_int base_off; 2554{ 2555 struct block *b0, *b1, *b2, *tmp; 2556 u_int offset_lh; /* offset if long header is received */ 2557 u_int offset_sh; /* offset if short header is received */ 2558 2559 switch (dir) { 2560 2561 case Q_DST: 2562 offset_sh = 1; /* follows flags */ 2563 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 2564 break; 2565 2566 case Q_SRC: 2567 offset_sh = 3; /* follows flags, dstnode */ 2568 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 2569 break; 2570 2571 case Q_AND: 2572 /* Inefficient because we do our Calvinball dance twice */ 2573 b0 = gen_dnhostop(addr, Q_SRC, base_off); 2574 b1 = gen_dnhostop(addr, Q_DST, base_off); 2575 gen_and(b0, b1); 2576 return b1; 2577 2578 case Q_OR: 2579 case Q_DEFAULT: 2580 /* Inefficient because we do our Calvinball dance twice */ 2581 b0 = gen_dnhostop(addr, Q_SRC, base_off); 2582 b1 = gen_dnhostop(addr, Q_DST, base_off); 2583 gen_or(b0, b1); 2584 return b1; 2585 2586 case Q_ISO: 2587 bpf_error("ISO host filtering not implemented"); 2588 2589 default: 2590 abort(); 2591 } 2592 b0 = gen_linktype(ETHERTYPE_DN); 2593 /* Check for pad = 1, long header case */ 2594 tmp = gen_mcmp(base_off + 2, BPF_H, 2595 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 2596 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 2597 BPF_H, (bpf_int32)ntohs(addr)); 2598 gen_and(tmp, b1); 2599 /* Check for pad = 0, long header case */ 2600 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 2601 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 2602 gen_and(tmp, b2); 2603 gen_or(b2, b1); 2604 /* Check for pad = 1, short header case */ 2605 tmp = gen_mcmp(base_off + 2, BPF_H, 2606 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 2607 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 2608 BPF_H, (bpf_int32)ntohs(addr)); 2609 gen_and(tmp, b2); 2610 gen_or(b2, b1); 2611 /* Check for pad = 0, short header case */ 2612 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 2613 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 2614 gen_and(tmp, b2); 2615 gen_or(b2, b1); 2616 2617 /* Combine with test for linktype */ 2618 gen_and(b0, b1); 2619 return b1; 2620} 2621 2622static struct block * 2623gen_host(addr, mask, proto, dir) 2624 bpf_u_int32 addr; 2625 bpf_u_int32 mask; 2626 int proto; 2627 int dir; 2628{ 2629 struct block *b0, *b1; 2630 2631 switch (proto) { 2632 2633 case Q_DEFAULT: 2634 b0 = gen_host(addr, mask, Q_IP, dir); 2635 if (off_linktype != (u_int)-1) { 2636 b1 = gen_host(addr, mask, Q_ARP, dir); 2637 gen_or(b0, b1); 2638 b0 = gen_host(addr, mask, Q_RARP, dir); 2639 gen_or(b1, b0); 2640 } 2641 return b0; 2642 2643 case Q_IP: 2644 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 2645 off_nl + 12, off_nl + 16); 2646 2647 case Q_RARP: 2648 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 2649 off_nl + 14, off_nl + 24); 2650 2651 case Q_ARP: 2652 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 2653 off_nl + 14, off_nl + 24); 2654 2655 case Q_TCP: 2656 bpf_error("'tcp' modifier applied to host"); 2657 2658 case Q_SCTP: 2659 bpf_error("'sctp' modifier applied to host"); 2660 2661 case Q_UDP: 2662 bpf_error("'udp' modifier applied to host"); 2663 2664 case Q_ICMP: 2665 bpf_error("'icmp' modifier applied to host"); 2666 2667 case Q_IGMP: 2668 bpf_error("'igmp' modifier applied to host"); 2669 2670 case Q_IGRP: 2671 bpf_error("'igrp' modifier applied to host"); 2672 2673 case Q_PIM: 2674 bpf_error("'pim' modifier applied to host"); 2675 2676 case Q_VRRP: 2677 bpf_error("'vrrp' modifier applied to host"); 2678 2679 case Q_ATALK: 2680 bpf_error("ATALK host filtering not implemented"); 2681 2682 case Q_AARP: 2683 bpf_error("AARP host filtering not implemented"); 2684 2685 case Q_DECNET: 2686 return gen_dnhostop(addr, dir, off_nl); 2687 2688 case Q_SCA: 2689 bpf_error("SCA host filtering not implemented"); 2690 2691 case Q_LAT: 2692 bpf_error("LAT host filtering not implemented"); 2693 2694 case Q_MOPDL: 2695 bpf_error("MOPDL host filtering not implemented"); 2696 2697 case Q_MOPRC: 2698 bpf_error("MOPRC host filtering not implemented"); 2699 2700#ifdef INET6 2701 case Q_IPV6: 2702 bpf_error("'ip6' modifier applied to ip host"); 2703 2704 case Q_ICMPV6: 2705 bpf_error("'icmp6' modifier applied to host"); 2706#endif /* INET6 */ 2707 2708 case Q_AH: 2709 bpf_error("'ah' modifier applied to host"); 2710 2711 case Q_ESP: 2712 bpf_error("'esp' modifier applied to host"); 2713 2714 case Q_ISO: 2715 bpf_error("ISO host filtering not implemented"); 2716 2717 case Q_ESIS: 2718 bpf_error("'esis' modifier applied to host"); 2719 2720 case Q_ISIS: 2721 bpf_error("'isis' modifier applied to host"); 2722 2723 case Q_CLNP: 2724 bpf_error("'clnp' modifier applied to host"); 2725 2726 case Q_STP: 2727 bpf_error("'stp' modifier applied to host"); 2728 2729 case Q_IPX: 2730 bpf_error("IPX host filtering not implemented"); 2731 2732 case Q_NETBEUI: 2733 bpf_error("'netbeui' modifier applied to host"); 2734 2735 default: 2736 abort(); 2737 } 2738 /* NOTREACHED */ 2739} 2740 2741#ifdef INET6 2742static struct block * 2743gen_host6(addr, mask, proto, dir) 2744 struct in6_addr *addr; 2745 struct in6_addr *mask; 2746 int proto; 2747 int dir; 2748{ 2749 switch (proto) { 2750 2751 case Q_DEFAULT: 2752 return gen_host6(addr, mask, Q_IPV6, dir); 2753 2754 case Q_IP: 2755 bpf_error("'ip' modifier applied to ip6 host"); 2756 2757 case Q_RARP: 2758 bpf_error("'rarp' modifier applied to ip6 host"); 2759 2760 case Q_ARP: 2761 bpf_error("'arp' modifier applied to ip6 host"); 2762 2763 case Q_SCTP: 2764 bpf_error("'sctp' modifier applied to host"); 2765 2766 case Q_TCP: 2767 bpf_error("'tcp' modifier applied to host"); 2768 2769 case Q_UDP: 2770 bpf_error("'udp' modifier applied to host"); 2771 2772 case Q_ICMP: 2773 bpf_error("'icmp' modifier applied to host"); 2774 2775 case Q_IGMP: 2776 bpf_error("'igmp' modifier applied to host"); 2777 2778 case Q_IGRP: 2779 bpf_error("'igrp' modifier applied to host"); 2780 2781 case Q_PIM: 2782 bpf_error("'pim' modifier applied to host"); 2783 2784 case Q_VRRP: 2785 bpf_error("'vrrp' modifier applied to host"); 2786 2787 case Q_ATALK: 2788 bpf_error("ATALK host filtering not implemented"); 2789 2790 case Q_AARP: 2791 bpf_error("AARP host filtering not implemented"); 2792 2793 case Q_DECNET: 2794 bpf_error("'decnet' modifier applied to ip6 host"); 2795 2796 case Q_SCA: 2797 bpf_error("SCA host filtering not implemented"); 2798 2799 case Q_LAT: 2800 bpf_error("LAT host filtering not implemented"); 2801 2802 case Q_MOPDL: 2803 bpf_error("MOPDL host filtering not implemented"); 2804 2805 case Q_MOPRC: 2806 bpf_error("MOPRC host filtering not implemented"); 2807 2808 case Q_IPV6: 2809 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 2810 off_nl + 8, off_nl + 24); 2811 2812 case Q_ICMPV6: 2813 bpf_error("'icmp6' modifier applied to host"); 2814 2815 case Q_AH: 2816 bpf_error("'ah' modifier applied to host"); 2817 2818 case Q_ESP: 2819 bpf_error("'esp' modifier applied to host"); 2820 2821 case Q_ISO: 2822 bpf_error("ISO host filtering not implemented"); 2823 2824 case Q_ESIS: 2825 bpf_error("'esis' modifier applied to host"); 2826 2827 case Q_ISIS: 2828 bpf_error("'isis' modifier applied to host"); 2829 2830 case Q_CLNP: 2831 bpf_error("'clnp' modifier applied to host"); 2832 2833 case Q_STP: 2834 bpf_error("'stp' modifier applied to host"); 2835 2836 case Q_IPX: 2837 bpf_error("IPX host filtering not implemented"); 2838 2839 case Q_NETBEUI: 2840 bpf_error("'netbeui' modifier applied to host"); 2841 2842 default: 2843 abort(); 2844 } 2845 /* NOTREACHED */ 2846} 2847#endif /*INET6*/ 2848 2849#ifndef INET6 2850static struct block * 2851gen_gateway(eaddr, alist, proto, dir) 2852 const u_char *eaddr; 2853 bpf_u_int32 **alist; 2854 int proto; 2855 int dir; 2856{ 2857 struct block *b0, *b1, *tmp; 2858 2859 if (dir != 0) 2860 bpf_error("direction applied to 'gateway'"); 2861 2862 switch (proto) { 2863 case Q_DEFAULT: 2864 case Q_IP: 2865 case Q_ARP: 2866 case Q_RARP: 2867 if (linktype == DLT_EN10MB) 2868 b0 = gen_ehostop(eaddr, Q_OR); 2869 else if (linktype == DLT_FDDI) 2870 b0 = gen_fhostop(eaddr, Q_OR); 2871 else if (linktype == DLT_IEEE802) 2872 b0 = gen_thostop(eaddr, Q_OR); 2873 else if (linktype == DLT_IEEE802_11) 2874 b0 = gen_wlanhostop(eaddr, Q_OR); 2875 else if (linktype == DLT_SUNATM && is_lane) { 2876 /* 2877 * Check that the packet doesn't begin with an 2878 * LE Control marker. (We've already generated 2879 * a test for LANE.) 2880 */ 2881 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 2882 gen_not(b1); 2883 2884 /* 2885 * Now check the MAC address. 2886 */ 2887 b0 = gen_ehostop(eaddr, Q_OR); 2888 gen_and(b1, b0); 2889 } else if (linktype == DLT_IP_OVER_FC) 2890 b0 = gen_ipfchostop(eaddr, Q_OR); 2891 else 2892 bpf_error( 2893 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel"); 2894 2895 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2896 while (*alist) { 2897 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 2898 gen_or(b1, tmp); 2899 b1 = tmp; 2900 } 2901 gen_not(b1); 2902 gen_and(b0, b1); 2903 return b1; 2904 } 2905 bpf_error("illegal modifier of 'gateway'"); 2906 /* NOTREACHED */ 2907} 2908#endif 2909 2910struct block * 2911gen_proto_abbrev(proto) 2912 int proto; 2913{ 2914 struct block *b0; 2915 struct block *b1; 2916 2917 switch (proto) { 2918 2919 case Q_SCTP: 2920 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 2921#ifdef INET6 2922 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 2923 gen_or(b0, b1); 2924#endif 2925 break; 2926 2927 case Q_TCP: 2928 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 2929#ifdef INET6 2930 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 2931 gen_or(b0, b1); 2932#endif 2933 break; 2934 2935 case Q_UDP: 2936 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 2937#ifdef INET6 2938 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 2939 gen_or(b0, b1); 2940#endif 2941 break; 2942 2943 case Q_ICMP: 2944 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 2945 break; 2946 2947#ifndef IPPROTO_IGMP 2948#define IPPROTO_IGMP 2 2949#endif 2950 2951 case Q_IGMP: 2952 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 2953 break; 2954 2955#ifndef IPPROTO_IGRP 2956#define IPPROTO_IGRP 9 2957#endif 2958 case Q_IGRP: 2959 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 2960 break; 2961 2962#ifndef IPPROTO_PIM 2963#define IPPROTO_PIM 103 2964#endif 2965 2966 case Q_PIM: 2967 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 2968#ifdef INET6 2969 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 2970 gen_or(b0, b1); 2971#endif 2972 break; 2973 2974#ifndef IPPROTO_VRRP 2975#define IPPROTO_VRRP 112 2976#endif 2977 2978 case Q_VRRP: 2979 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 2980 break; 2981 2982 case Q_IP: 2983 b1 = gen_linktype(ETHERTYPE_IP); 2984 break; 2985 2986 case Q_ARP: 2987 b1 = gen_linktype(ETHERTYPE_ARP); 2988 break; 2989 2990 case Q_RARP: 2991 b1 = gen_linktype(ETHERTYPE_REVARP); 2992 break; 2993 2994 case Q_LINK: 2995 bpf_error("link layer applied in wrong context"); 2996 2997 case Q_ATALK: 2998 b1 = gen_linktype(ETHERTYPE_ATALK); 2999 break; 3000 3001 case Q_AARP: 3002 b1 = gen_linktype(ETHERTYPE_AARP); 3003 break; 3004 3005 case Q_DECNET: 3006 b1 = gen_linktype(ETHERTYPE_DN); 3007 break; 3008 3009 case Q_SCA: 3010 b1 = gen_linktype(ETHERTYPE_SCA); 3011 break; 3012 3013 case Q_LAT: 3014 b1 = gen_linktype(ETHERTYPE_LAT); 3015 break; 3016 3017 case Q_MOPDL: 3018 b1 = gen_linktype(ETHERTYPE_MOPDL); 3019 break; 3020 3021 case Q_MOPRC: 3022 b1 = gen_linktype(ETHERTYPE_MOPRC); 3023 break; 3024 3025#ifdef INET6 3026 case Q_IPV6: 3027 b1 = gen_linktype(ETHERTYPE_IPV6); 3028 break; 3029 3030#ifndef IPPROTO_ICMPV6 3031#define IPPROTO_ICMPV6 58 3032#endif 3033 case Q_ICMPV6: 3034 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 3035 break; 3036#endif /* INET6 */ 3037 3038#ifndef IPPROTO_AH 3039#define IPPROTO_AH 51 3040#endif 3041 case Q_AH: 3042 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 3043#ifdef INET6 3044 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 3045 gen_or(b0, b1); 3046#endif 3047 break; 3048 3049#ifndef IPPROTO_ESP 3050#define IPPROTO_ESP 50 3051#endif 3052 case Q_ESP: 3053 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 3054#ifdef INET6 3055 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 3056 gen_or(b0, b1); 3057#endif 3058 break; 3059 3060 case Q_ISO: 3061 b1 = gen_linktype(LLCSAP_ISONS); 3062 break; 3063 3064 case Q_ESIS: 3065 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 3066 break; 3067 3068 case Q_ISIS: 3069 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 3070 break; 3071 3072 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */ 3073 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 3074 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 3075 gen_or(b0, b1); 3076 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 3077 gen_or(b0, b1); 3078 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3079 gen_or(b0, b1); 3080 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3081 gen_or(b0, b1); 3082 break; 3083 3084 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */ 3085 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 3086 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 3087 gen_or(b0, b1); 3088 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 3089 gen_or(b0, b1); 3090 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3091 gen_or(b0, b1); 3092 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3093 gen_or(b0, b1); 3094 break; 3095 3096 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */ 3097 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 3098 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 3099 gen_or(b0, b1); 3100 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); 3101 gen_or(b0, b1); 3102 break; 3103 3104 case Q_ISIS_LSP: 3105 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 3106 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 3107 gen_or(b0, b1); 3108 break; 3109 3110 case Q_ISIS_SNP: 3111 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3112 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3113 gen_or(b0, b1); 3114 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3115 gen_or(b0, b1); 3116 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3117 gen_or(b0, b1); 3118 break; 3119 3120 case Q_ISIS_CSNP: 3121 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 3122 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 3123 gen_or(b0, b1); 3124 break; 3125 3126 case Q_ISIS_PSNP: 3127 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 3128 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 3129 gen_or(b0, b1); 3130 break; 3131 3132 case Q_CLNP: 3133 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 3134 break; 3135 3136 case Q_STP: 3137 b1 = gen_linktype(LLCSAP_8021D); 3138 break; 3139 3140 case Q_IPX: 3141 b1 = gen_linktype(LLCSAP_IPX); 3142 break; 3143 3144 case Q_NETBEUI: 3145 b1 = gen_linktype(LLCSAP_NETBEUI); 3146 break; 3147 3148 default: 3149 abort(); 3150 } 3151 return b1; 3152} 3153 3154static struct block * 3155gen_ipfrag() 3156{ 3157 struct slist *s; 3158 struct block *b; 3159 3160 /* not ip frag */ 3161 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 3162 s->s.k = off_nl + 6; 3163 b = new_block(JMP(BPF_JSET)); 3164 b->s.k = 0x1fff; 3165 b->stmts = s; 3166 gen_not(b); 3167 3168 return b; 3169} 3170 3171static struct block * 3172gen_portatom(off, v) 3173 int off; 3174 bpf_int32 v; 3175{ 3176 struct slist *s; 3177 struct block *b; 3178 3179 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 3180 s->s.k = off_nl; 3181 3182 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 3183 s->next->s.k = off_nl + off; 3184 3185 b = new_block(JMP(BPF_JEQ)); 3186 b->stmts = s; 3187 b->s.k = v; 3188 3189 return b; 3190} 3191 3192#ifdef INET6 3193static struct block * 3194gen_portatom6(off, v) 3195 int off; 3196 bpf_int32 v; 3197{ 3198 return gen_cmp(off_nl + 40 + off, BPF_H, v); 3199} 3200#endif/*INET6*/ 3201 3202struct block * 3203gen_portop(port, proto, dir) 3204 int port, proto, dir; 3205{ 3206 struct block *b0, *b1, *tmp; 3207 3208 /* ip proto 'proto' */ 3209 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 3210 b0 = gen_ipfrag(); 3211 gen_and(tmp, b0); 3212 3213 switch (dir) { 3214 case Q_SRC: 3215 b1 = gen_portatom(0, (bpf_int32)port); 3216 break; 3217 3218 case Q_DST: 3219 b1 = gen_portatom(2, (bpf_int32)port); 3220 break; 3221 3222 case Q_OR: 3223 case Q_DEFAULT: 3224 tmp = gen_portatom(0, (bpf_int32)port); 3225 b1 = gen_portatom(2, (bpf_int32)port); 3226 gen_or(tmp, b1); 3227 break; 3228 3229 case Q_AND: 3230 tmp = gen_portatom(0, (bpf_int32)port); 3231 b1 = gen_portatom(2, (bpf_int32)port); 3232 gen_and(tmp, b1); 3233 break; 3234 3235 default: 3236 abort(); 3237 } 3238 gen_and(b0, b1); 3239 3240 return b1; 3241} 3242 3243static struct block * 3244gen_port(port, ip_proto, dir) 3245 int port; 3246 int ip_proto; 3247 int dir; 3248{ 3249 struct block *b0, *b1, *tmp; 3250 3251 /* 3252 * ether proto ip 3253 * 3254 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 3255 * not LLC encapsulation with LLCSAP_IP. 3256 * 3257 * For IEEE 802 networks - which includes 802.5 token ring 3258 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 3259 * says that SNAP encapsulation is used, not LLC encapsulation 3260 * with LLCSAP_IP. 3261 * 3262 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 3263 * RFC 2225 say that SNAP encapsulation is used, not LLC 3264 * encapsulation with LLCSAP_IP. 3265 * 3266 * So we always check for ETHERTYPE_IP. 3267 */ 3268 b0 = gen_linktype(ETHERTYPE_IP); 3269 3270 switch (ip_proto) { 3271 case IPPROTO_UDP: 3272 case IPPROTO_TCP: 3273 case IPPROTO_SCTP: 3274 b1 = gen_portop(port, ip_proto, dir); 3275 break; 3276 3277 case PROTO_UNDEF: 3278 tmp = gen_portop(port, IPPROTO_TCP, dir); 3279 b1 = gen_portop(port, IPPROTO_UDP, dir); 3280 gen_or(tmp, b1); 3281 tmp = gen_portop(port, IPPROTO_SCTP, dir); 3282 gen_or(tmp, b1); 3283 break; 3284 3285 default: 3286 abort(); 3287 } 3288 gen_and(b0, b1); 3289 return b1; 3290} 3291 3292#ifdef INET6 3293struct block * 3294gen_portop6(port, proto, dir) 3295 int port, proto, dir; 3296{ 3297 struct block *b0, *b1, *tmp; 3298 3299 /* ip proto 'proto' */ 3300 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 3301 3302 switch (dir) { 3303 case Q_SRC: 3304 b1 = gen_portatom6(0, (bpf_int32)port); 3305 break; 3306 3307 case Q_DST: 3308 b1 = gen_portatom6(2, (bpf_int32)port); 3309 break; 3310 3311 case Q_OR: 3312 case Q_DEFAULT: 3313 tmp = gen_portatom6(0, (bpf_int32)port); 3314 b1 = gen_portatom6(2, (bpf_int32)port); 3315 gen_or(tmp, b1); 3316 break; 3317 3318 case Q_AND: 3319 tmp = gen_portatom6(0, (bpf_int32)port); 3320 b1 = gen_portatom6(2, (bpf_int32)port); 3321 gen_and(tmp, b1); 3322 break; 3323 3324 default: 3325 abort(); 3326 } 3327 gen_and(b0, b1); 3328 3329 return b1; 3330} 3331 3332static struct block * 3333gen_port6(port, ip_proto, dir) 3334 int port; 3335 int ip_proto; 3336 int dir; 3337{ 3338 struct block *b0, *b1, *tmp; 3339 3340 /* ether proto ip */ 3341 b0 = gen_linktype(ETHERTYPE_IPV6); 3342 3343 switch (ip_proto) { 3344 case IPPROTO_UDP: 3345 case IPPROTO_TCP: 3346 case IPPROTO_SCTP: 3347 b1 = gen_portop6(port, ip_proto, dir); 3348 break; 3349 3350 case PROTO_UNDEF: 3351 tmp = gen_portop6(port, IPPROTO_TCP, dir); 3352 b1 = gen_portop6(port, IPPROTO_UDP, dir); 3353 gen_or(tmp, b1); 3354 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 3355 gen_or(tmp, b1); 3356 break; 3357 3358 default: 3359 abort(); 3360 } 3361 gen_and(b0, b1); 3362 return b1; 3363} 3364#endif /* INET6 */ 3365 3366static int 3367lookup_proto(name, proto) 3368 register const char *name; 3369 register int proto; 3370{ 3371 register int v; 3372 3373 switch (proto) { 3374 3375 case Q_DEFAULT: 3376 case Q_IP: 3377 case Q_IPV6: 3378 v = pcap_nametoproto(name); 3379 if (v == PROTO_UNDEF) 3380 bpf_error("unknown ip proto '%s'", name); 3381 break; 3382 3383 case Q_LINK: 3384 /* XXX should look up h/w protocol type based on linktype */ 3385 v = pcap_nametoeproto(name); 3386 if (v == PROTO_UNDEF) { 3387 v = pcap_nametollc(name); 3388 if (v == PROTO_UNDEF) 3389 bpf_error("unknown ether proto '%s'", name); 3390 } 3391 break; 3392 3393 case Q_ISO: 3394 if (strcmp(name, "esis") == 0) 3395 v = ISO9542_ESIS; 3396 else if (strcmp(name, "isis") == 0) 3397 v = ISO10589_ISIS; 3398 else if (strcmp(name, "clnp") == 0) 3399 v = ISO8473_CLNP; 3400 else 3401 bpf_error("unknown osi proto '%s'", name); 3402 break; 3403 3404 default: 3405 v = PROTO_UNDEF; 3406 break; 3407 } 3408 return v; 3409} 3410 3411#if 0 3412struct stmt * 3413gen_joinsp(s, n) 3414 struct stmt **s; 3415 int n; 3416{ 3417 return NULL; 3418} 3419#endif 3420 3421static struct block * 3422gen_protochain(v, proto, dir) 3423 int v; 3424 int proto; 3425 int dir; 3426{ 3427#ifdef NO_PROTOCHAIN 3428 return gen_proto(v, proto, dir); 3429#else 3430 struct block *b0, *b; 3431 struct slist *s[100]; 3432 int fix2, fix3, fix4, fix5; 3433 int ahcheck, again, end; 3434 int i, max; 3435 int reg2 = alloc_reg(); 3436 3437 memset(s, 0, sizeof(s)); 3438 fix2 = fix3 = fix4 = fix5 = 0; 3439 3440 switch (proto) { 3441 case Q_IP: 3442 case Q_IPV6: 3443 break; 3444 case Q_DEFAULT: 3445 b0 = gen_protochain(v, Q_IP, dir); 3446 b = gen_protochain(v, Q_IPV6, dir); 3447 gen_or(b0, b); 3448 return b; 3449 default: 3450 bpf_error("bad protocol applied for 'protochain'"); 3451 /*NOTREACHED*/ 3452 } 3453 3454 no_optimize = 1; /*this code is not compatible with optimzer yet */ 3455 3456 /* 3457 * s[0] is a dummy entry to protect other BPF insn from damaged 3458 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 3459 * hard to find interdependency made by jump table fixup. 3460 */ 3461 i = 0; 3462 s[i] = new_stmt(0); /*dummy*/ 3463 i++; 3464 3465 switch (proto) { 3466 case Q_IP: 3467 b0 = gen_linktype(ETHERTYPE_IP); 3468 3469 /* A = ip->ip_p */ 3470 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 3471 s[i]->s.k = off_nl + 9; 3472 i++; 3473 /* X = ip->ip_hl << 2 */ 3474 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 3475 s[i]->s.k = off_nl; 3476 i++; 3477 break; 3478#ifdef INET6 3479 case Q_IPV6: 3480 b0 = gen_linktype(ETHERTYPE_IPV6); 3481 3482 /* A = ip6->ip_nxt */ 3483 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 3484 s[i]->s.k = off_nl + 6; 3485 i++; 3486 /* X = sizeof(struct ip6_hdr) */ 3487 s[i] = new_stmt(BPF_LDX|BPF_IMM); 3488 s[i]->s.k = 40; 3489 i++; 3490 break; 3491#endif 3492 default: 3493 bpf_error("unsupported proto to gen_protochain"); 3494 /*NOTREACHED*/ 3495 } 3496 3497 /* again: if (A == v) goto end; else fall through; */ 3498 again = i; 3499 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3500 s[i]->s.k = v; 3501 s[i]->s.jt = NULL; /*later*/ 3502 s[i]->s.jf = NULL; /*update in next stmt*/ 3503 fix5 = i; 3504 i++; 3505 3506#ifndef IPPROTO_NONE 3507#define IPPROTO_NONE 59 3508#endif 3509 /* if (A == IPPROTO_NONE) goto end */ 3510 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3511 s[i]->s.jt = NULL; /*later*/ 3512 s[i]->s.jf = NULL; /*update in next stmt*/ 3513 s[i]->s.k = IPPROTO_NONE; 3514 s[fix5]->s.jf = s[i]; 3515 fix2 = i; 3516 i++; 3517 3518#ifdef INET6 3519 if (proto == Q_IPV6) { 3520 int v6start, v6end, v6advance, j; 3521 3522 v6start = i; 3523 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 3524 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3525 s[i]->s.jt = NULL; /*later*/ 3526 s[i]->s.jf = NULL; /*update in next stmt*/ 3527 s[i]->s.k = IPPROTO_HOPOPTS; 3528 s[fix2]->s.jf = s[i]; 3529 i++; 3530 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 3531 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3532 s[i]->s.jt = NULL; /*later*/ 3533 s[i]->s.jf = NULL; /*update in next stmt*/ 3534 s[i]->s.k = IPPROTO_DSTOPTS; 3535 i++; 3536 /* if (A == IPPROTO_ROUTING) goto v6advance */ 3537 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3538 s[i]->s.jt = NULL; /*later*/ 3539 s[i]->s.jf = NULL; /*update in next stmt*/ 3540 s[i]->s.k = IPPROTO_ROUTING; 3541 i++; 3542 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 3543 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3544 s[i]->s.jt = NULL; /*later*/ 3545 s[i]->s.jf = NULL; /*later*/ 3546 s[i]->s.k = IPPROTO_FRAGMENT; 3547 fix3 = i; 3548 v6end = i; 3549 i++; 3550 3551 /* v6advance: */ 3552 v6advance = i; 3553 3554 /* 3555 * in short, 3556 * A = P[X]; 3557 * X = X + (P[X + 1] + 1) * 8; 3558 */ 3559 /* A = X */ 3560 s[i] = new_stmt(BPF_MISC|BPF_TXA); 3561 i++; 3562 /* A = P[X + packet head] */ 3563 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3564 s[i]->s.k = off_nl; 3565 i++; 3566 /* MEM[reg2] = A */ 3567 s[i] = new_stmt(BPF_ST); 3568 s[i]->s.k = reg2; 3569 i++; 3570 /* A = X */ 3571 s[i] = new_stmt(BPF_MISC|BPF_TXA); 3572 i++; 3573 /* A += 1 */ 3574 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3575 s[i]->s.k = 1; 3576 i++; 3577 /* X = A */ 3578 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3579 i++; 3580 /* A = P[X + packet head]; */ 3581 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3582 s[i]->s.k = off_nl; 3583 i++; 3584 /* A += 1 */ 3585 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3586 s[i]->s.k = 1; 3587 i++; 3588 /* A *= 8 */ 3589 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 3590 s[i]->s.k = 8; 3591 i++; 3592 /* X = A; */ 3593 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3594 i++; 3595 /* A = MEM[reg2] */ 3596 s[i] = new_stmt(BPF_LD|BPF_MEM); 3597 s[i]->s.k = reg2; 3598 i++; 3599 3600 /* goto again; (must use BPF_JA for backward jump) */ 3601 s[i] = new_stmt(BPF_JMP|BPF_JA); 3602 s[i]->s.k = again - i - 1; 3603 s[i - 1]->s.jf = s[i]; 3604 i++; 3605 3606 /* fixup */ 3607 for (j = v6start; j <= v6end; j++) 3608 s[j]->s.jt = s[v6advance]; 3609 } else 3610#endif 3611 { 3612 /* nop */ 3613 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3614 s[i]->s.k = 0; 3615 s[fix2]->s.jf = s[i]; 3616 i++; 3617 } 3618 3619 /* ahcheck: */ 3620 ahcheck = i; 3621 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 3622 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 3623 s[i]->s.jt = NULL; /*later*/ 3624 s[i]->s.jf = NULL; /*later*/ 3625 s[i]->s.k = IPPROTO_AH; 3626 if (fix3) 3627 s[fix3]->s.jf = s[ahcheck]; 3628 fix4 = i; 3629 i++; 3630 3631 /* 3632 * in short, 3633 * A = P[X]; 3634 * X = X + (P[X + 1] + 2) * 4; 3635 */ 3636 /* A = X */ 3637 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 3638 i++; 3639 /* A = P[X + packet head]; */ 3640 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3641 s[i]->s.k = off_nl; 3642 i++; 3643 /* MEM[reg2] = A */ 3644 s[i] = new_stmt(BPF_ST); 3645 s[i]->s.k = reg2; 3646 i++; 3647 /* A = X */ 3648 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 3649 i++; 3650 /* A += 1 */ 3651 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3652 s[i]->s.k = 1; 3653 i++; 3654 /* X = A */ 3655 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3656 i++; 3657 /* A = P[X + packet head] */ 3658 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 3659 s[i]->s.k = off_nl; 3660 i++; 3661 /* A += 2 */ 3662 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3663 s[i]->s.k = 2; 3664 i++; 3665 /* A *= 4 */ 3666 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 3667 s[i]->s.k = 4; 3668 i++; 3669 /* X = A; */ 3670 s[i] = new_stmt(BPF_MISC|BPF_TAX); 3671 i++; 3672 /* A = MEM[reg2] */ 3673 s[i] = new_stmt(BPF_LD|BPF_MEM); 3674 s[i]->s.k = reg2; 3675 i++; 3676 3677 /* goto again; (must use BPF_JA for backward jump) */ 3678 s[i] = new_stmt(BPF_JMP|BPF_JA); 3679 s[i]->s.k = again - i - 1; 3680 i++; 3681 3682 /* end: nop */ 3683 end = i; 3684 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 3685 s[i]->s.k = 0; 3686 s[fix2]->s.jt = s[end]; 3687 s[fix4]->s.jf = s[end]; 3688 s[fix5]->s.jt = s[end]; 3689 i++; 3690 3691 /* 3692 * make slist chain 3693 */ 3694 max = i; 3695 for (i = 0; i < max - 1; i++) 3696 s[i]->next = s[i + 1]; 3697 s[max - 1]->next = NULL; 3698 3699 /* 3700 * emit final check 3701 */ 3702 b = new_block(JMP(BPF_JEQ)); 3703 b->stmts = s[1]; /*remember, s[0] is dummy*/ 3704 b->s.k = v; 3705 3706 free_reg(reg2); 3707 3708 gen_and(b0, b); 3709 return b; 3710#endif 3711} 3712 3713static struct block * 3714gen_proto(v, proto, dir) 3715 int v; 3716 int proto; 3717 int dir; 3718{ 3719 struct block *b0, *b1; 3720 3721 if (dir != Q_DEFAULT) 3722 bpf_error("direction applied to 'proto'"); 3723 3724 switch (proto) { 3725 case Q_DEFAULT: 3726#ifdef INET6 3727 b0 = gen_proto(v, Q_IP, dir); 3728 b1 = gen_proto(v, Q_IPV6, dir); 3729 gen_or(b0, b1); 3730 return b1; 3731#else 3732 /*FALLTHROUGH*/ 3733#endif 3734 case Q_IP: 3735 /* 3736 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 3737 * not LLC encapsulation with LLCSAP_IP. 3738 * 3739 * For IEEE 802 networks - which includes 802.5 token ring 3740 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 3741 * says that SNAP encapsulation is used, not LLC encapsulation 3742 * with LLCSAP_IP. 3743 * 3744 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 3745 * RFC 2225 say that SNAP encapsulation is used, not LLC 3746 * encapsulation with LLCSAP_IP. 3747 * 3748 * So we always check for ETHERTYPE_IP. 3749 */ 3750 b0 = gen_linktype(ETHERTYPE_IP); 3751#ifndef CHASE_CHAIN 3752 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 3753#else 3754 b1 = gen_protochain(v, Q_IP); 3755#endif 3756 gen_and(b0, b1); 3757 return b1; 3758 3759 case Q_ISO: 3760 switch (linktype) { 3761 3762 case DLT_FRELAY: 3763 /* 3764 * Frame Relay packets typically have an OSI 3765 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)" 3766 * generates code to check for all the OSI 3767 * NLPIDs, so calling it and then adding a check 3768 * for the particular NLPID for which we're 3769 * looking is bogus, as we can just check for 3770 * the NLPID. 3771 * 3772 * What we check for is the NLPID and a frame 3773 * control field value of UI, i.e. 0x03 followed 3774 * by the NLPID. 3775 * 3776 * XXX - assumes a 2-byte Frame Relay header with 3777 * DLCI and flags. What if the address is longer? 3778 * 3779 * XXX - what about SNAP-encapsulated frames? 3780 */ 3781 return gen_cmp(2, BPF_H, (0x03<<8) | v); 3782 /*NOTREACHED*/ 3783 break; 3784 3785 case DLT_C_HDLC: 3786 /* 3787 * Cisco uses an Ethertype lookalike - for OSI, 3788 * it's 0xfefe. 3789 */ 3790 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS); 3791 /* OSI in C-HDLC is stuffed with a fudge byte */ 3792 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v); 3793 gen_and(b0, b1); 3794 return b1; 3795 3796 default: 3797 b0 = gen_linktype(LLCSAP_ISONS); 3798 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v); 3799 gen_and(b0, b1); 3800 return b1; 3801 } 3802 3803 case Q_ISIS: 3804 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 3805 /* 3806 * 4 is the offset of the PDU type relative to the IS-IS 3807 * header. 3808 */ 3809 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v); 3810 gen_and(b0, b1); 3811 return b1; 3812 3813 case Q_ARP: 3814 bpf_error("arp does not encapsulate another protocol"); 3815 /* NOTREACHED */ 3816 3817 case Q_RARP: 3818 bpf_error("rarp does not encapsulate another protocol"); 3819 /* NOTREACHED */ 3820 3821 case Q_ATALK: 3822 bpf_error("atalk encapsulation is not specifiable"); 3823 /* NOTREACHED */ 3824 3825 case Q_DECNET: 3826 bpf_error("decnet encapsulation is not specifiable"); 3827 /* NOTREACHED */ 3828 3829 case Q_SCA: 3830 bpf_error("sca does not encapsulate another protocol"); 3831 /* NOTREACHED */ 3832 3833 case Q_LAT: 3834 bpf_error("lat does not encapsulate another protocol"); 3835 /* NOTREACHED */ 3836 3837 case Q_MOPRC: 3838 bpf_error("moprc does not encapsulate another protocol"); 3839 /* NOTREACHED */ 3840 3841 case Q_MOPDL: 3842 bpf_error("mopdl does not encapsulate another protocol"); 3843 /* NOTREACHED */ 3844 3845 case Q_LINK: 3846 return gen_linktype(v); 3847 3848 case Q_UDP: 3849 bpf_error("'udp proto' is bogus"); 3850 /* NOTREACHED */ 3851 3852 case Q_TCP: 3853 bpf_error("'tcp proto' is bogus"); 3854 /* NOTREACHED */ 3855 3856 case Q_SCTP: 3857 bpf_error("'sctp proto' is bogus"); 3858 /* NOTREACHED */ 3859 3860 case Q_ICMP: 3861 bpf_error("'icmp proto' is bogus"); 3862 /* NOTREACHED */ 3863 3864 case Q_IGMP: 3865 bpf_error("'igmp proto' is bogus"); 3866 /* NOTREACHED */ 3867 3868 case Q_IGRP: 3869 bpf_error("'igrp proto' is bogus"); 3870 /* NOTREACHED */ 3871 3872 case Q_PIM: 3873 bpf_error("'pim proto' is bogus"); 3874 /* NOTREACHED */ 3875 3876 case Q_VRRP: 3877 bpf_error("'vrrp proto' is bogus"); 3878 /* NOTREACHED */ 3879 3880#ifdef INET6 3881 case Q_IPV6: 3882 b0 = gen_linktype(ETHERTYPE_IPV6); 3883#ifndef CHASE_CHAIN 3884 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 3885#else 3886 b1 = gen_protochain(v, Q_IPV6); 3887#endif 3888 gen_and(b0, b1); 3889 return b1; 3890 3891 case Q_ICMPV6: 3892 bpf_error("'icmp6 proto' is bogus"); 3893#endif /* INET6 */ 3894 3895 case Q_AH: 3896 bpf_error("'ah proto' is bogus"); 3897 3898 case Q_ESP: 3899 bpf_error("'ah proto' is bogus"); 3900 3901 case Q_STP: 3902 bpf_error("'stp proto' is bogus"); 3903 3904 case Q_IPX: 3905 bpf_error("'ipx proto' is bogus"); 3906 3907 case Q_NETBEUI: 3908 bpf_error("'netbeui proto' is bogus"); 3909 3910 default: 3911 abort(); 3912 /* NOTREACHED */ 3913 } 3914 /* NOTREACHED */ 3915} 3916 3917struct block * 3918gen_scode(name, q) 3919 register const char *name; 3920 struct qual q; 3921{ 3922 int proto = q.proto; 3923 int dir = q.dir; 3924 int tproto; 3925 u_char *eaddr; 3926 bpf_u_int32 mask, addr; 3927#ifndef INET6 3928 bpf_u_int32 **alist; 3929#else 3930 int tproto6; 3931 struct sockaddr_in *sin; 3932 struct sockaddr_in6 *sin6; 3933 struct addrinfo *res, *res0; 3934 struct in6_addr mask128; 3935#endif /*INET6*/ 3936 struct block *b, *tmp; 3937 int port, real_proto; 3938 3939 switch (q.addr) { 3940 3941 case Q_NET: 3942 addr = pcap_nametonetaddr(name); 3943 if (addr == 0) 3944 bpf_error("unknown network '%s'", name); 3945 /* Left justify network addr and calculate its network mask */ 3946 mask = 0xffffffff; 3947 while (addr && (addr & 0xff000000) == 0) { 3948 addr <<= 8; 3949 mask <<= 8; 3950 } 3951 return gen_host(addr, mask, proto, dir); 3952 3953 case Q_DEFAULT: 3954 case Q_HOST: 3955 if (proto == Q_LINK) { 3956 switch (linktype) { 3957 3958 case DLT_EN10MB: 3959 eaddr = pcap_ether_hostton(name); 3960 if (eaddr == NULL) 3961 bpf_error( 3962 "unknown ether host '%s'", name); 3963 b = gen_ehostop(eaddr, dir); 3964 free(eaddr); 3965 return b; 3966 3967 case DLT_FDDI: 3968 eaddr = pcap_ether_hostton(name); 3969 if (eaddr == NULL) 3970 bpf_error( 3971 "unknown FDDI host '%s'", name); 3972 b = gen_fhostop(eaddr, dir); 3973 free(eaddr); 3974 return b; 3975 3976 case DLT_IEEE802: 3977 eaddr = pcap_ether_hostton(name); 3978 if (eaddr == NULL) 3979 bpf_error( 3980 "unknown token ring host '%s'", name); 3981 b = gen_thostop(eaddr, dir); 3982 free(eaddr); 3983 return b; 3984 3985 case DLT_IEEE802_11: 3986 eaddr = pcap_ether_hostton(name); 3987 if (eaddr == NULL) 3988 bpf_error( 3989 "unknown 802.11 host '%s'", name); 3990 b = gen_wlanhostop(eaddr, dir); 3991 free(eaddr); 3992 return b; 3993 3994 case DLT_IP_OVER_FC: 3995 eaddr = pcap_ether_hostton(name); 3996 if (eaddr == NULL) 3997 bpf_error( 3998 "unknown Fibre Channel host '%s'", name); 3999 b = gen_ipfchostop(eaddr, dir); 4000 free(eaddr); 4001 return b; 4002 4003 case DLT_SUNATM: 4004 if (!is_lane) 4005 break; 4006 4007 /* 4008 * Check that the packet doesn't begin 4009 * with an LE Control marker. (We've 4010 * already generated a test for LANE.) 4011 */ 4012 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 4013 0xFF00); 4014 gen_not(tmp); 4015 4016 eaddr = pcap_ether_hostton(name); 4017 if (eaddr == NULL) 4018 bpf_error( 4019 "unknown ether host '%s'", name); 4020 b = gen_ehostop(eaddr, dir); 4021 gen_and(tmp, b); 4022 free(eaddr); 4023 return b; 4024 } 4025 4026 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name"); 4027 } else if (proto == Q_DECNET) { 4028 unsigned short dn_addr = __pcap_nametodnaddr(name); 4029 /* 4030 * I don't think DECNET hosts can be multihomed, so 4031 * there is no need to build up a list of addresses 4032 */ 4033 return (gen_host(dn_addr, 0, proto, dir)); 4034 } else { 4035#ifndef INET6 4036 alist = pcap_nametoaddr(name); 4037 if (alist == NULL || *alist == NULL) 4038 bpf_error("unknown host '%s'", name); 4039 tproto = proto; 4040 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT) 4041 tproto = Q_IP; 4042 b = gen_host(**alist++, 0xffffffff, tproto, dir); 4043 while (*alist) { 4044 tmp = gen_host(**alist++, 0xffffffff, 4045 tproto, dir); 4046 gen_or(b, tmp); 4047 b = tmp; 4048 } 4049 return b; 4050#else 4051 memset(&mask128, 0xff, sizeof(mask128)); 4052 res0 = res = pcap_nametoaddrinfo(name); 4053 if (res == NULL) 4054 bpf_error("unknown host '%s'", name); 4055 b = tmp = NULL; 4056 tproto = tproto6 = proto; 4057 if (off_linktype == -1 && tproto == Q_DEFAULT) { 4058 tproto = Q_IP; 4059 tproto6 = Q_IPV6; 4060 } 4061 for (res = res0; res; res = res->ai_next) { 4062 switch (res->ai_family) { 4063 case AF_INET: 4064 if (tproto == Q_IPV6) 4065 continue; 4066 4067 sin = (struct sockaddr_in *) 4068 res->ai_addr; 4069 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 4070 0xffffffff, tproto, dir); 4071 break; 4072 case AF_INET6: 4073 if (tproto6 == Q_IP) 4074 continue; 4075 4076 sin6 = (struct sockaddr_in6 *) 4077 res->ai_addr; 4078 tmp = gen_host6(&sin6->sin6_addr, 4079 &mask128, tproto6, dir); 4080 break; 4081 default: 4082 continue; 4083 } 4084 if (b) 4085 gen_or(b, tmp); 4086 b = tmp; 4087 } 4088 freeaddrinfo(res0); 4089 if (b == NULL) { 4090 bpf_error("unknown host '%s'%s", name, 4091 (proto == Q_DEFAULT) 4092 ? "" 4093 : " for specified address family"); 4094 } 4095 return b; 4096#endif /*INET6*/ 4097 } 4098 4099 case Q_PORT: 4100 if (proto != Q_DEFAULT && 4101 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 4102 bpf_error("illegal qualifier of 'port'"); 4103 if (pcap_nametoport(name, &port, &real_proto) == 0) 4104 bpf_error("unknown port '%s'", name); 4105 if (proto == Q_UDP) { 4106 if (real_proto == IPPROTO_TCP) 4107 bpf_error("port '%s' is tcp", name); 4108 else if (real_proto == IPPROTO_SCTP) 4109 bpf_error("port '%s' is sctp", name); 4110 else 4111 /* override PROTO_UNDEF */ 4112 real_proto = IPPROTO_UDP; 4113 } 4114 if (proto == Q_TCP) { 4115 if (real_proto == IPPROTO_UDP) 4116 bpf_error("port '%s' is udp", name); 4117 4118 else if (real_proto == IPPROTO_SCTP) 4119 bpf_error("port '%s' is sctp", name); 4120 else 4121 /* override PROTO_UNDEF */ 4122 real_proto = IPPROTO_TCP; 4123 } 4124 if (proto == Q_SCTP) { 4125 if (real_proto == IPPROTO_UDP) 4126 bpf_error("port '%s' is udp", name); 4127 4128 else if (real_proto == IPPROTO_TCP) 4129 bpf_error("port '%s' is tcp", name); 4130 else 4131 /* override PROTO_UNDEF */ 4132 real_proto = IPPROTO_SCTP; 4133 } 4134#ifndef INET6 4135 return gen_port(port, real_proto, dir); 4136#else 4137 { 4138 struct block *b; 4139 b = gen_port(port, real_proto, dir); 4140 gen_or(gen_port6(port, real_proto, dir), b); 4141 return b; 4142 } 4143#endif /* INET6 */ 4144 4145 case Q_GATEWAY: 4146#ifndef INET6 4147 eaddr = pcap_ether_hostton(name); 4148 if (eaddr == NULL) 4149 bpf_error("unknown ether host: %s", name); 4150 4151 alist = pcap_nametoaddr(name); 4152 if (alist == NULL || *alist == NULL) 4153 bpf_error("unknown host '%s'", name); 4154 b = gen_gateway(eaddr, alist, proto, dir); 4155 free(eaddr); 4156 return b; 4157#else 4158 bpf_error("'gateway' not supported in this configuration"); 4159#endif /*INET6*/ 4160 4161 case Q_PROTO: 4162 real_proto = lookup_proto(name, proto); 4163 if (real_proto >= 0) 4164 return gen_proto(real_proto, proto, dir); 4165 else 4166 bpf_error("unknown protocol: %s", name); 4167 4168 case Q_PROTOCHAIN: 4169 real_proto = lookup_proto(name, proto); 4170 if (real_proto >= 0) 4171 return gen_protochain(real_proto, proto, dir); 4172 else 4173 bpf_error("unknown protocol: %s", name); 4174 4175 4176 case Q_UNDEF: 4177 syntax(); 4178 /* NOTREACHED */ 4179 } 4180 abort(); 4181 /* NOTREACHED */ 4182} 4183 4184struct block * 4185gen_mcode(s1, s2, masklen, q) 4186 register const char *s1, *s2; 4187 register int masklen; 4188 struct qual q; 4189{ 4190 register int nlen, mlen; 4191 bpf_u_int32 n, m; 4192 4193 nlen = __pcap_atoin(s1, &n); 4194 /* Promote short ipaddr */ 4195 n <<= 32 - nlen; 4196 4197 if (s2 != NULL) { 4198 mlen = __pcap_atoin(s2, &m); 4199 /* Promote short ipaddr */ 4200 m <<= 32 - mlen; 4201 if ((n & ~m) != 0) 4202 bpf_error("non-network bits set in \"%s mask %s\"", 4203 s1, s2); 4204 } else { 4205 /* Convert mask len to mask */ 4206 if (masklen > 32) 4207 bpf_error("mask length must be <= 32"); 4208 m = 0xffffffff << (32 - masklen); 4209 if ((n & ~m) != 0) 4210 bpf_error("non-network bits set in \"%s/%d\"", 4211 s1, masklen); 4212 } 4213 4214 switch (q.addr) { 4215 4216 case Q_NET: 4217 return gen_host(n, m, q.proto, q.dir); 4218 4219 default: 4220 bpf_error("Mask syntax for networks only"); 4221 /* NOTREACHED */ 4222 } 4223 /* NOTREACHED */ 4224} 4225 4226struct block * 4227gen_ncode(s, v, q) 4228 register const char *s; 4229 bpf_u_int32 v; 4230 struct qual q; 4231{ 4232 bpf_u_int32 mask; 4233 int proto = q.proto; 4234 int dir = q.dir; 4235 register int vlen; 4236 4237 if (s == NULL) 4238 vlen = 32; 4239 else if (q.proto == Q_DECNET) 4240 vlen = __pcap_atodn(s, &v); 4241 else 4242 vlen = __pcap_atoin(s, &v); 4243 4244 switch (q.addr) { 4245 4246 case Q_DEFAULT: 4247 case Q_HOST: 4248 case Q_NET: 4249 if (proto == Q_DECNET) 4250 return gen_host(v, 0, proto, dir); 4251 else if (proto == Q_LINK) { 4252 bpf_error("illegal link layer address"); 4253 } else { 4254 mask = 0xffffffff; 4255 if (s == NULL && q.addr == Q_NET) { 4256 /* Promote short net number */ 4257 while (v && (v & 0xff000000) == 0) { 4258 v <<= 8; 4259 mask <<= 8; 4260 } 4261 } else { 4262 /* Promote short ipaddr */ 4263 v <<= 32 - vlen; 4264 mask <<= 32 - vlen; 4265 } 4266 return gen_host(v, mask, proto, dir); 4267 } 4268 4269 case Q_PORT: 4270 if (proto == Q_UDP) 4271 proto = IPPROTO_UDP; 4272 else if (proto == Q_TCP) 4273 proto = IPPROTO_TCP; 4274 else if (proto == Q_SCTP) 4275 proto = IPPROTO_SCTP; 4276 else if (proto == Q_DEFAULT) 4277 proto = PROTO_UNDEF; 4278 else 4279 bpf_error("illegal qualifier of 'port'"); 4280 4281#ifndef INET6 4282 return gen_port((int)v, proto, dir); 4283#else 4284 { 4285 struct block *b; 4286 b = gen_port((int)v, proto, dir); 4287 gen_or(gen_port6((int)v, proto, dir), b); 4288 return b; 4289 } 4290#endif /* INET6 */ 4291 4292 case Q_GATEWAY: 4293 bpf_error("'gateway' requires a name"); 4294 /* NOTREACHED */ 4295 4296 case Q_PROTO: 4297 return gen_proto((int)v, proto, dir); 4298 4299 case Q_PROTOCHAIN: 4300 return gen_protochain((int)v, proto, dir); 4301 4302 case Q_UNDEF: 4303 syntax(); 4304 /* NOTREACHED */ 4305 4306 default: 4307 abort(); 4308 /* NOTREACHED */ 4309 } 4310 /* NOTREACHED */ 4311} 4312 4313#ifdef INET6 4314struct block * 4315gen_mcode6(s1, s2, masklen, q) 4316 register const char *s1, *s2; 4317 register int masklen; 4318 struct qual q; 4319{ 4320 struct addrinfo *res; 4321 struct in6_addr *addr; 4322 struct in6_addr mask; 4323 struct block *b; 4324 u_int32_t *a, *m; 4325 4326 if (s2) 4327 bpf_error("no mask %s supported", s2); 4328 4329 res = pcap_nametoaddrinfo(s1); 4330 if (!res) 4331 bpf_error("invalid ip6 address %s", s1); 4332 if (res->ai_next) 4333 bpf_error("%s resolved to multiple address", s1); 4334 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 4335 4336 if (sizeof(mask) * 8 < masklen) 4337 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 4338 memset(&mask, 0, sizeof(mask)); 4339 memset(&mask, 0xff, masklen / 8); 4340 if (masklen % 8) { 4341 mask.s6_addr[masklen / 8] = 4342 (0xff << (8 - masklen % 8)) & 0xff; 4343 } 4344 4345 a = (u_int32_t *)addr; 4346 m = (u_int32_t *)&mask; 4347 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 4348 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 4349 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 4350 } 4351 4352 switch (q.addr) { 4353 4354 case Q_DEFAULT: 4355 case Q_HOST: 4356 if (masklen != 128) 4357 bpf_error("Mask syntax for networks only"); 4358 /* FALLTHROUGH */ 4359 4360 case Q_NET: 4361 b = gen_host6(addr, &mask, q.proto, q.dir); 4362 freeaddrinfo(res); 4363 return b; 4364 4365 default: 4366 bpf_error("invalid qualifier against IPv6 address"); 4367 /* NOTREACHED */ 4368 } 4369} 4370#endif /*INET6*/ 4371 4372struct block * 4373gen_ecode(eaddr, q) 4374 register const u_char *eaddr; 4375 struct qual q; 4376{ 4377 struct block *b, *tmp; 4378 4379 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 4380 if (linktype == DLT_EN10MB) 4381 return gen_ehostop(eaddr, (int)q.dir); 4382 if (linktype == DLT_FDDI) 4383 return gen_fhostop(eaddr, (int)q.dir); 4384 if (linktype == DLT_IEEE802) 4385 return gen_thostop(eaddr, (int)q.dir); 4386 if (linktype == DLT_IEEE802_11) 4387 return gen_wlanhostop(eaddr, (int)q.dir); 4388 if (linktype == DLT_SUNATM && is_lane) { 4389 /* 4390 * Check that the packet doesn't begin with an 4391 * LE Control marker. (We've already generated 4392 * a test for LANE.) 4393 */ 4394 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 4395 gen_not(tmp); 4396 4397 /* 4398 * Now check the MAC address. 4399 */ 4400 b = gen_ehostop(eaddr, (int)q.dir); 4401 gen_and(tmp, b); 4402 return b; 4403 } 4404 if (linktype == DLT_IP_OVER_FC) 4405 return gen_ipfchostop(eaddr, (int)q.dir); 4406 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 4407 } 4408 bpf_error("ethernet address used in non-ether expression"); 4409 /* NOTREACHED */ 4410} 4411 4412void 4413sappend(s0, s1) 4414 struct slist *s0, *s1; 4415{ 4416 /* 4417 * This is definitely not the best way to do this, but the 4418 * lists will rarely get long. 4419 */ 4420 while (s0->next) 4421 s0 = s0->next; 4422 s0->next = s1; 4423} 4424 4425static struct slist * 4426xfer_to_x(a) 4427 struct arth *a; 4428{ 4429 struct slist *s; 4430 4431 s = new_stmt(BPF_LDX|BPF_MEM); 4432 s->s.k = a->regno; 4433 return s; 4434} 4435 4436static struct slist * 4437xfer_to_a(a) 4438 struct arth *a; 4439{ 4440 struct slist *s; 4441 4442 s = new_stmt(BPF_LD|BPF_MEM); 4443 s->s.k = a->regno; 4444 return s; 4445} 4446 4447struct arth * 4448gen_load(proto, index, size) 4449 int proto; 4450 struct arth *index; 4451 int size; 4452{ 4453 struct slist *s, *tmp; 4454 struct block *b; 4455 int regno = alloc_reg(); 4456 4457 free_reg(index->regno); 4458 switch (size) { 4459 4460 default: 4461 bpf_error("data size must be 1, 2, or 4"); 4462 4463 case 1: 4464 size = BPF_B; 4465 break; 4466 4467 case 2: 4468 size = BPF_H; 4469 break; 4470 4471 case 4: 4472 size = BPF_W; 4473 break; 4474 } 4475 switch (proto) { 4476 default: 4477 bpf_error("unsupported index operation"); 4478 4479 case Q_LINK: 4480 /* 4481 * XXX - what about ATM LANE? Should the index be 4482 * relative to the beginning of the AAL5 frame, so 4483 * that 0 refers to the beginning of the LE Control 4484 * field, or relative to the beginning of the LAN 4485 * frame, so that 0 refers, for Ethernet LANE, to 4486 * the beginning of the destination address? 4487 */ 4488 s = xfer_to_x(index); 4489 tmp = new_stmt(BPF_LD|BPF_IND|size); 4490 sappend(s, tmp); 4491 sappend(index->s, s); 4492 break; 4493 4494 case Q_IP: 4495 case Q_ARP: 4496 case Q_RARP: 4497 case Q_ATALK: 4498 case Q_DECNET: 4499 case Q_SCA: 4500 case Q_LAT: 4501 case Q_MOPRC: 4502 case Q_MOPDL: 4503#ifdef INET6 4504 case Q_IPV6: 4505#endif 4506 /* XXX Note that we assume a fixed link header here. */ 4507 s = xfer_to_x(index); 4508 tmp = new_stmt(BPF_LD|BPF_IND|size); 4509 tmp->s.k = off_nl; 4510 sappend(s, tmp); 4511 sappend(index->s, s); 4512 4513 b = gen_proto_abbrev(proto); 4514 if (index->b) 4515 gen_and(index->b, b); 4516 index->b = b; 4517 break; 4518 4519 case Q_SCTP: 4520 case Q_TCP: 4521 case Q_UDP: 4522 case Q_ICMP: 4523 case Q_IGMP: 4524 case Q_IGRP: 4525 case Q_PIM: 4526 case Q_VRRP: 4527 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 4528 s->s.k = off_nl; 4529 sappend(s, xfer_to_a(index)); 4530 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 4531 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 4532 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 4533 tmp->s.k = off_nl; 4534 sappend(index->s, s); 4535 4536 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 4537 if (index->b) 4538 gen_and(index->b, b); 4539#ifdef INET6 4540 gen_and(gen_proto_abbrev(Q_IP), b); 4541#endif 4542 index->b = b; 4543 break; 4544#ifdef INET6 4545 case Q_ICMPV6: 4546 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 4547 /*NOTREACHED*/ 4548#endif 4549 } 4550 index->regno = regno; 4551 s = new_stmt(BPF_ST); 4552 s->s.k = regno; 4553 sappend(index->s, s); 4554 4555 return index; 4556} 4557 4558struct block * 4559gen_relation(code, a0, a1, reversed) 4560 int code; 4561 struct arth *a0, *a1; 4562 int reversed; 4563{ 4564 struct slist *s0, *s1, *s2; 4565 struct block *b, *tmp; 4566 4567 s0 = xfer_to_x(a1); 4568 s1 = xfer_to_a(a0); 4569 if (code == BPF_JEQ) { 4570 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 4571 b = new_block(JMP(code)); 4572 sappend(s1, s2); 4573 } 4574 else 4575 b = new_block(BPF_JMP|code|BPF_X); 4576 if (reversed) 4577 gen_not(b); 4578 4579 sappend(s0, s1); 4580 sappend(a1->s, s0); 4581 sappend(a0->s, a1->s); 4582 4583 b->stmts = a0->s; 4584 4585 free_reg(a0->regno); 4586 free_reg(a1->regno); 4587 4588 /* 'and' together protocol checks */ 4589 if (a0->b) { 4590 if (a1->b) { 4591 gen_and(a0->b, tmp = a1->b); 4592 } 4593 else 4594 tmp = a0->b; 4595 } else 4596 tmp = a1->b; 4597 4598 if (tmp) 4599 gen_and(tmp, b); 4600 4601 return b; 4602} 4603 4604struct arth * 4605gen_loadlen() 4606{ 4607 int regno = alloc_reg(); 4608 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 4609 struct slist *s; 4610 4611 s = new_stmt(BPF_LD|BPF_LEN); 4612 s->next = new_stmt(BPF_ST); 4613 s->next->s.k = regno; 4614 a->s = s; 4615 a->regno = regno; 4616 4617 return a; 4618} 4619 4620struct arth * 4621gen_loadi(val) 4622 int val; 4623{ 4624 struct arth *a; 4625 struct slist *s; 4626 int reg; 4627 4628 a = (struct arth *)newchunk(sizeof(*a)); 4629 4630 reg = alloc_reg(); 4631 4632 s = new_stmt(BPF_LD|BPF_IMM); 4633 s->s.k = val; 4634 s->next = new_stmt(BPF_ST); 4635 s->next->s.k = reg; 4636 a->s = s; 4637 a->regno = reg; 4638 4639 return a; 4640} 4641 4642struct arth * 4643gen_neg(a) 4644 struct arth *a; 4645{ 4646 struct slist *s; 4647 4648 s = xfer_to_a(a); 4649 sappend(a->s, s); 4650 s = new_stmt(BPF_ALU|BPF_NEG); 4651 s->s.k = 0; 4652 sappend(a->s, s); 4653 s = new_stmt(BPF_ST); 4654 s->s.k = a->regno; 4655 sappend(a->s, s); 4656 4657 return a; 4658} 4659 4660struct arth * 4661gen_arth(code, a0, a1) 4662 int code; 4663 struct arth *a0, *a1; 4664{ 4665 struct slist *s0, *s1, *s2; 4666 4667 s0 = xfer_to_x(a1); 4668 s1 = xfer_to_a(a0); 4669 s2 = new_stmt(BPF_ALU|BPF_X|code); 4670 4671 sappend(s1, s2); 4672 sappend(s0, s1); 4673 sappend(a1->s, s0); 4674 sappend(a0->s, a1->s); 4675 4676 free_reg(a0->regno); 4677 free_reg(a1->regno); 4678 4679 s0 = new_stmt(BPF_ST); 4680 a0->regno = s0->s.k = alloc_reg(); 4681 sappend(a0->s, s0); 4682 4683 return a0; 4684} 4685 4686/* 4687 * Here we handle simple allocation of the scratch registers. 4688 * If too many registers are alloc'd, the allocator punts. 4689 */ 4690static int regused[BPF_MEMWORDS]; 4691static int curreg; 4692 4693/* 4694 * Return the next free register. 4695 */ 4696static int 4697alloc_reg() 4698{ 4699 int n = BPF_MEMWORDS; 4700 4701 while (--n >= 0) { 4702 if (regused[curreg]) 4703 curreg = (curreg + 1) % BPF_MEMWORDS; 4704 else { 4705 regused[curreg] = 1; 4706 return curreg; 4707 } 4708 } 4709 bpf_error("too many registers needed to evaluate expression"); 4710 /* NOTREACHED */ 4711} 4712 4713/* 4714 * Return a register to the table so it can 4715 * be used later. 4716 */ 4717static void 4718free_reg(n) 4719 int n; 4720{ 4721 regused[n] = 0; 4722} 4723 4724static struct block * 4725gen_len(jmp, n) 4726 int jmp, n; 4727{ 4728 struct slist *s; 4729 struct block *b; 4730 4731 s = new_stmt(BPF_LD|BPF_LEN); 4732 b = new_block(JMP(jmp)); 4733 b->stmts = s; 4734 b->s.k = n; 4735 4736 return b; 4737} 4738 4739struct block * 4740gen_greater(n) 4741 int n; 4742{ 4743 return gen_len(BPF_JGE, n); 4744} 4745 4746/* 4747 * Actually, this is less than or equal. 4748 */ 4749struct block * 4750gen_less(n) 4751 int n; 4752{ 4753 struct block *b; 4754 4755 b = gen_len(BPF_JGT, n); 4756 gen_not(b); 4757 4758 return b; 4759} 4760 4761struct block * 4762gen_byteop(op, idx, val) 4763 int op, idx, val; 4764{ 4765 struct block *b; 4766 struct slist *s; 4767 4768 switch (op) { 4769 default: 4770 abort(); 4771 4772 case '=': 4773 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 4774 4775 case '<': 4776 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 4777 b->s.code = JMP(BPF_JGE); 4778 gen_not(b); 4779 return b; 4780 4781 case '>': 4782 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 4783 b->s.code = JMP(BPF_JGT); 4784 return b; 4785 4786 case '|': 4787 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 4788 break; 4789 4790 case '&': 4791 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 4792 break; 4793 } 4794 s->s.k = val; 4795 b = new_block(JMP(BPF_JEQ)); 4796 b->stmts = s; 4797 gen_not(b); 4798 4799 return b; 4800} 4801 4802static u_char abroadcast[] = { 0x0 }; 4803 4804struct block * 4805gen_broadcast(proto) 4806 int proto; 4807{ 4808 bpf_u_int32 hostmask; 4809 struct block *b0, *b1, *b2; 4810 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 4811 4812 switch (proto) { 4813 4814 case Q_DEFAULT: 4815 case Q_LINK: 4816 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 4817 return gen_ahostop(abroadcast, Q_DST); 4818 if (linktype == DLT_EN10MB) 4819 return gen_ehostop(ebroadcast, Q_DST); 4820 if (linktype == DLT_FDDI) 4821 return gen_fhostop(ebroadcast, Q_DST); 4822 if (linktype == DLT_IEEE802) 4823 return gen_thostop(ebroadcast, Q_DST); 4824 if (linktype == DLT_IEEE802_11) 4825 return gen_wlanhostop(ebroadcast, Q_DST); 4826 if (linktype == DLT_IP_OVER_FC) 4827 return gen_ipfchostop(ebroadcast, Q_DST); 4828 if (linktype == DLT_SUNATM && is_lane) { 4829 /* 4830 * Check that the packet doesn't begin with an 4831 * LE Control marker. (We've already generated 4832 * a test for LANE.) 4833 */ 4834 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 4835 gen_not(b1); 4836 4837 /* 4838 * Now check the MAC address. 4839 */ 4840 b0 = gen_ehostop(ebroadcast, Q_DST); 4841 gen_and(b1, b0); 4842 return b0; 4843 } 4844 bpf_error("not a broadcast link"); 4845 break; 4846 4847 case Q_IP: 4848 b0 = gen_linktype(ETHERTYPE_IP); 4849 hostmask = ~netmask; 4850 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 4851 b2 = gen_mcmp(off_nl + 16, BPF_W, 4852 (bpf_int32)(~0 & hostmask), hostmask); 4853 gen_or(b1, b2); 4854 gen_and(b0, b2); 4855 return b2; 4856 } 4857 bpf_error("only link-layer/IP broadcast filters supported"); 4858 /* NOTREACHED */ 4859} 4860 4861/* 4862 * Generate code to test the low-order bit of a MAC address (that's 4863 * the bottom bit of the *first* byte). 4864 */ 4865static struct block * 4866gen_mac_multicast(offset) 4867 int offset; 4868{ 4869 register struct block *b0; 4870 register struct slist *s; 4871 4872 /* link[offset] & 1 != 0 */ 4873 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4874 s->s.k = offset; 4875 b0 = new_block(JMP(BPF_JSET)); 4876 b0->s.k = 1; 4877 b0->stmts = s; 4878 return b0; 4879} 4880 4881struct block * 4882gen_multicast(proto) 4883 int proto; 4884{ 4885 register struct block *b0, *b1, *b2; 4886 register struct slist *s; 4887 4888 switch (proto) { 4889 4890 case Q_DEFAULT: 4891 case Q_LINK: 4892 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 4893 /* all ARCnet multicasts use the same address */ 4894 return gen_ahostop(abroadcast, Q_DST); 4895 4896 if (linktype == DLT_EN10MB) { 4897 /* ether[0] & 1 != 0 */ 4898 return gen_mac_multicast(0); 4899 } 4900 4901 if (linktype == DLT_FDDI) { 4902 /* 4903 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX 4904 * 4905 * XXX - was that referring to bit-order issues? 4906 */ 4907 /* fddi[1] & 1 != 0 */ 4908 return gen_mac_multicast(1); 4909 } 4910 4911 if (linktype == DLT_IEEE802) { 4912 /* tr[2] & 1 != 0 */ 4913 return gen_mac_multicast(2); 4914 } 4915 4916 if (linktype == DLT_IEEE802_11) { 4917 /* 4918 * Oh, yuk. 4919 * 4920 * For control frames, there is no DA. 4921 * 4922 * For management frames, DA is at an 4923 * offset of 4 from the beginning of 4924 * the packet. 4925 * 4926 * For data frames, DA is at an offset 4927 * of 4 from the beginning of the packet 4928 * if To DS is clear and at an offset of 4929 * 16 from the beginning of the packet 4930 * if To DS is set. 4931 */ 4932 4933 /* 4934 * Generate the tests to be done for data frames. 4935 * 4936 * First, check for To DS set, i.e. "link[1] & 0x01". 4937 */ 4938 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4939 s->s.k = 1; 4940 b1 = new_block(JMP(BPF_JSET)); 4941 b1->s.k = 0x01; /* To DS */ 4942 b1->stmts = s; 4943 4944 /* 4945 * If To DS is set, the DA is at 16. 4946 */ 4947 b0 = gen_mac_multicast(16); 4948 gen_and(b1, b0); 4949 4950 /* 4951 * Now, check for To DS not set, i.e. check 4952 * "!(link[1] & 0x01)". 4953 */ 4954 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4955 s->s.k = 1; 4956 b2 = new_block(JMP(BPF_JSET)); 4957 b2->s.k = 0x01; /* To DS */ 4958 b2->stmts = s; 4959 gen_not(b2); 4960 4961 /* 4962 * If To DS is not set, the DA is at 4. 4963 */ 4964 b1 = gen_mac_multicast(4); 4965 gen_and(b2, b1); 4966 4967 /* 4968 * Now OR together the last two checks. That gives 4969 * the complete set of checks for data frames. 4970 */ 4971 gen_or(b1, b0); 4972 4973 /* 4974 * Now check for a data frame. 4975 * I.e, check "link[0] & 0x08". 4976 */ 4977 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4978 s->s.k = 0; 4979 b1 = new_block(JMP(BPF_JSET)); 4980 b1->s.k = 0x08; 4981 b1->stmts = s; 4982 4983 /* 4984 * AND that with the checks done for data frames. 4985 */ 4986 gen_and(b1, b0); 4987 4988 /* 4989 * If the high-order bit of the type value is 0, this 4990 * is a management frame. 4991 * I.e, check "!(link[0] & 0x08)". 4992 */ 4993 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 4994 s->s.k = 0; 4995 b2 = new_block(JMP(BPF_JSET)); 4996 b2->s.k = 0x08; 4997 b2->stmts = s; 4998 gen_not(b2); 4999 5000 /* 5001 * For management frames, the DA is at 4. 5002 */ 5003 b1 = gen_mac_multicast(4); 5004 gen_and(b2, b1); 5005 5006 /* 5007 * OR that with the checks done for data frames. 5008 * That gives the checks done for management and 5009 * data frames. 5010 */ 5011 gen_or(b1, b0); 5012 5013 /* 5014 * If the low-order bit of the type value is 1, 5015 * this is either a control frame or a frame 5016 * with a reserved type, and thus not a 5017 * frame with an SA. 5018 * 5019 * I.e., check "!(link[0] & 0x04)". 5020 */ 5021 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 5022 s->s.k = 0; 5023 b1 = new_block(JMP(BPF_JSET)); 5024 b1->s.k = 0x04; 5025 b1->stmts = s; 5026 gen_not(b1); 5027 5028 /* 5029 * AND that with the checks for data and management 5030 * frames. 5031 */ 5032 gen_and(b1, b0); 5033 return b0; 5034 } 5035 5036 if (linktype == DLT_IP_OVER_FC) { 5037 b0 = gen_mac_multicast(2); 5038 return b0; 5039 } 5040 5041 if (linktype == DLT_SUNATM && is_lane) { 5042 /* 5043 * Check that the packet doesn't begin with an 5044 * LE Control marker. (We've already generated 5045 * a test for LANE.) 5046 */ 5047 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 5048 gen_not(b1); 5049 5050 /* ether[off_mac] & 1 != 0 */ 5051 b0 = gen_mac_multicast(off_mac); 5052 gen_and(b1, b0); 5053 return b0; 5054 } 5055 5056 /* Link not known to support multicasts */ 5057 break; 5058 5059 case Q_IP: 5060 b0 = gen_linktype(ETHERTYPE_IP); 5061 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 5062 b1->s.code = JMP(BPF_JGE); 5063 gen_and(b0, b1); 5064 return b1; 5065 5066#ifdef INET6 5067 case Q_IPV6: 5068 b0 = gen_linktype(ETHERTYPE_IPV6); 5069 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 5070 gen_and(b0, b1); 5071 return b1; 5072#endif /* INET6 */ 5073 } 5074 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 5075 /* NOTREACHED */ 5076} 5077 5078/* 5079 * generate command for inbound/outbound. It's here so we can 5080 * make it link-type specific. 'dir' = 0 implies "inbound", 5081 * = 1 implies "outbound". 5082 */ 5083struct block * 5084gen_inbound(dir) 5085 int dir; 5086{ 5087 register struct block *b0; 5088 5089 /* 5090 * Only some data link types support inbound/outbound qualifiers. 5091 */ 5092 switch (linktype) { 5093 case DLT_SLIP: 5094 b0 = gen_relation(BPF_JEQ, 5095 gen_load(Q_LINK, gen_loadi(0), 1), 5096 gen_loadi(0), 5097 dir); 5098 break; 5099 5100 case DLT_LINUX_SLL: 5101 if (dir) { 5102 /* 5103 * Match packets sent by this machine. 5104 */ 5105 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING); 5106 } else { 5107 /* 5108 * Match packets sent to this machine. 5109 * (No broadcast or multicast packets, or 5110 * packets sent to some other machine and 5111 * received promiscuously.) 5112 * 5113 * XXX - packets sent to other machines probably 5114 * shouldn't be matched, but what about broadcast 5115 * or multicast packets we received? 5116 */ 5117 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST); 5118 } 5119 break; 5120 5121 case DLT_PFLOG: 5122 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 5123 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 5124 break; 5125 5126 case DLT_PPP_PPPD: 5127 if (dir) { 5128 /* match outgoing packets */ 5129 b0 = gen_cmp(0, BPF_B, PPP_PPPD_OUT); 5130 } else { 5131 /* match incoming packets */ 5132 b0 = gen_cmp(0, BPF_B, PPP_PPPD_IN); 5133 } 5134 break; 5135 5136 case DLT_JUNIPER_MLFR: 5137 case DLT_JUNIPER_MLPPP: 5138 case DLT_JUNIPER_ATM1: 5139 case DLT_JUNIPER_ATM2: 5140 /* juniper flags (including direction) are stored 5141 * the byte after the 3-byte magic number */ 5142 if (dir) { 5143 /* match outgoing packets */ 5144 b0 = gen_mcmp(3, BPF_B, 0, 0x01); 5145 } else { 5146 /* match incoming packets */ 5147 b0 = gen_mcmp(3, BPF_B, 1, 0x01); 5148 } 5149 break; 5150 5151 default: 5152 bpf_error("inbound/outbound not supported on linktype %d", 5153 linktype); 5154 b0 = NULL; 5155 /* NOTREACHED */ 5156 } 5157 return (b0); 5158} 5159 5160/* PF firewall log matched interface */ 5161struct block * 5162gen_pf_ifname(const char *ifname) 5163{ 5164 struct block *b0; 5165 u_int len, off; 5166 5167 if (linktype == DLT_PFLOG) { 5168 len = sizeof(((struct pfloghdr *)0)->ifname); 5169 off = offsetof(struct pfloghdr, ifname); 5170 } else { 5171 bpf_error("ifname not supported on linktype 0x%x", linktype); 5172 /* NOTREACHED */ 5173 } 5174 if (strlen(ifname) >= len) { 5175 bpf_error("ifname interface names can only be %d characters", 5176 len-1); 5177 /* NOTREACHED */ 5178 } 5179 b0 = gen_bcmp(off, strlen(ifname), (const u_char *)ifname); 5180 return (b0); 5181} 5182 5183/* PF firewall log matched interface */ 5184struct block * 5185gen_pf_ruleset(char *ruleset) 5186{ 5187 struct block *b0; 5188 5189 if (linktype != DLT_PFLOG) { 5190 bpf_error("ruleset not supported on linktype 0x%x", linktype); 5191 /* NOTREACHED */ 5192 } 5193 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 5194 bpf_error("ruleset names can only be %ld characters", 5195 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1)); 5196 /* NOTREACHED */ 5197 } 5198 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 5199 strlen(ruleset), (const u_char *)ruleset); 5200 return (b0); 5201} 5202 5203/* PF firewall log rule number */ 5204struct block * 5205gen_pf_rnr(int rnr) 5206{ 5207 struct block *b0; 5208 5209 if (linktype == DLT_PFLOG) { 5210 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 5211 (bpf_int32)rnr); 5212 } else { 5213 bpf_error("rnr not supported on linktype 0x%x", linktype); 5214 /* NOTREACHED */ 5215 } 5216 5217 return (b0); 5218} 5219 5220/* PF firewall log sub-rule number */ 5221struct block * 5222gen_pf_srnr(int srnr) 5223{ 5224 struct block *b0; 5225 5226 if (linktype != DLT_PFLOG) { 5227 bpf_error("srnr not supported on linktype 0x%x", linktype); 5228 /* NOTREACHED */ 5229 } 5230 5231 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 5232 (bpf_int32)srnr); 5233 return (b0); 5234} 5235 5236/* PF firewall log reason code */ 5237struct block * 5238gen_pf_reason(int reason) 5239{ 5240 struct block *b0; 5241 5242 if (linktype == DLT_PFLOG) { 5243 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 5244 (bpf_int32)reason); 5245 } else { 5246 bpf_error("reason not supported on linktype 0x%x", linktype); 5247 /* NOTREACHED */ 5248 } 5249 5250 return (b0); 5251} 5252 5253/* PF firewall log action */ 5254struct block * 5255gen_pf_action(int action) 5256{ 5257 struct block *b0; 5258 5259 if (linktype == DLT_PFLOG) { 5260 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 5261 (bpf_int32)action); 5262 } else { 5263 bpf_error("action not supported on linktype 0x%x", linktype); 5264 /* NOTREACHED */ 5265 } 5266 5267 return (b0); 5268} 5269 5270struct block * 5271gen_acode(eaddr, q) 5272 register const u_char *eaddr; 5273 struct qual q; 5274{ 5275 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 5276 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 5277 return gen_ahostop(eaddr, (int)q.dir); 5278 } 5279 bpf_error("ARCnet address used in non-arc expression"); 5280 /* NOTREACHED */ 5281} 5282 5283static struct block * 5284gen_ahostop(eaddr, dir) 5285 register const u_char *eaddr; 5286 register int dir; 5287{ 5288 register struct block *b0, *b1; 5289 5290 switch (dir) { 5291 /* src comes first, different from Ethernet */ 5292 case Q_SRC: 5293 return gen_bcmp(0, 1, eaddr); 5294 5295 case Q_DST: 5296 return gen_bcmp(1, 1, eaddr); 5297 5298 case Q_AND: 5299 b0 = gen_ahostop(eaddr, Q_SRC); 5300 b1 = gen_ahostop(eaddr, Q_DST); 5301 gen_and(b0, b1); 5302 return b1; 5303 5304 case Q_DEFAULT: 5305 case Q_OR: 5306 b0 = gen_ahostop(eaddr, Q_SRC); 5307 b1 = gen_ahostop(eaddr, Q_DST); 5308 gen_or(b0, b1); 5309 return b1; 5310 } 5311 abort(); 5312 /* NOTREACHED */ 5313} 5314 5315/* 5316 * support IEEE 802.1Q VLAN trunk over ethernet 5317 */ 5318struct block * 5319gen_vlan(vlan_num) 5320 int vlan_num; 5321{ 5322 struct block *b0; 5323 5324 /* 5325 * Change the offsets to point to the type and data fields within 5326 * the VLAN packet. This is somewhat of a kludge. 5327 */ 5328 if (orig_nl == (u_int)-1) { 5329 orig_linktype = off_linktype; /* save original values */ 5330 orig_nl = off_nl; 5331 orig_nl_nosnap = off_nl_nosnap; 5332 5333 switch (linktype) { 5334 5335 case DLT_EN10MB: 5336 off_linktype = 16; 5337 off_nl_nosnap = 18; 5338 off_nl = 18; 5339 break; 5340 5341 default: 5342 bpf_error("no VLAN support for data link type %d", 5343 linktype); 5344 /*NOTREACHED*/ 5345 } 5346 } 5347 5348 /* check for VLAN */ 5349 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 5350 5351 /* If a specific VLAN is requested, check VLAN id */ 5352 if (vlan_num >= 0) { 5353 struct block *b1; 5354 5355 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff); 5356 gen_and(b0, b1); 5357 b0 = b1; 5358 } 5359 5360 return (b0); 5361} 5362 5363/* 5364 * support for MPLS 5365 */ 5366struct block * 5367gen_mpls(label_num) 5368 int label_num; 5369{ 5370 struct block *b0; 5371 5372 /* 5373 * Change the offsets to point to the type and data fields within 5374 * the MPLS packet. This is somewhat of a kludge. 5375 */ 5376 if (orig_nl == (u_int)-1) { 5377 orig_linktype = off_linktype; /* save original values */ 5378 orig_nl = off_nl; 5379 orig_nl_nosnap = off_nl_nosnap; 5380 5381 switch (linktype) { 5382 5383 case DLT_EN10MB: 5384 off_linktype = 16; 5385 off_nl_nosnap = 18; 5386 off_nl = 18; 5387 5388 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS); 5389 break; 5390 5391 case DLT_PPP: 5392 off_linktype = 6; 5393 off_nl_nosnap = 8; 5394 off_nl = 8; 5395 5396 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)PPP_MPLS_UCAST); 5397 break; 5398 5399 case DLT_C_HDLC: 5400 off_linktype = 6; 5401 off_nl_nosnap = 8; 5402 off_nl = 8; 5403 5404 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_MPLS); 5405 break; 5406 5407 /* FIXME add other DLT_s ... 5408 * for Frame-Relay/and ATM this may get messy due to SNAP headers 5409 * leave it for now */ 5410 5411 default: 5412 bpf_error("no MPLS support for data link type %d", 5413 linktype); 5414 b0 = NULL; 5415 /*NOTREACHED*/ 5416 } 5417 } else { 5418 bpf_error("'mpls' can't be combined with 'vlan' or another 'mpls'"); 5419 b0 = NULL; 5420 /*NOTREACHED*/ 5421 } 5422 5423 /* If a specific MPLS label is requested, check it */ 5424 if (label_num >= 0) { 5425 struct block *b1; 5426 5427 label_num = label_num << 12; /* label is shifted 12 bits on the wire */ 5428 b1 = gen_mcmp(orig_nl, BPF_W, (bpf_int32)label_num, 0xfffff000); /* only compare the first 20 bits */ 5429 gen_and(b0, b1); 5430 b0 = b1; 5431 } 5432 5433 return (b0); 5434} 5435 5436struct block * 5437gen_atmfield_code(atmfield, jvalue, jtype, reverse) 5438 int atmfield; 5439 bpf_u_int32 jvalue; 5440 bpf_u_int32 jtype; 5441 int reverse; 5442{ 5443 struct block *b0; 5444 5445 switch (atmfield) { 5446 5447 case A_VPI: 5448 if (!is_atm) 5449 bpf_error("'vpi' supported only on raw ATM"); 5450 if (off_vpi == (u_int)-1) 5451 abort(); 5452 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype, 5453 (u_int)jvalue, reverse); 5454 break; 5455 5456 case A_VCI: 5457 if (!is_atm) 5458 bpf_error("'vci' supported only on raw ATM"); 5459 if (off_vci == (u_int)-1) 5460 abort(); 5461 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype, 5462 (u_int)jvalue, reverse); 5463 break; 5464 5465 case A_PROTOTYPE: 5466 if (off_proto == (u_int)-1) 5467 abort(); /* XXX - this isn't on FreeBSD */ 5468 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype, 5469 (u_int)jvalue, reverse); 5470 break; 5471 5472 case A_MSGTYPE: 5473 if (off_payload == (u_int)-1) 5474 abort(); 5475 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff, 5476 (u_int)jtype, (u_int)jvalue, reverse); 5477 break; 5478 5479 case A_CALLREFTYPE: 5480 if (!is_atm) 5481 bpf_error("'callref' supported only on raw ATM"); 5482 if (off_proto == (u_int)-1) 5483 abort(); 5484 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype, 5485 (u_int)jvalue, reverse); 5486 break; 5487 5488 default: 5489 abort(); 5490 } 5491 return b0; 5492} 5493 5494struct block * 5495gen_atmtype_abbrev(type) 5496 int type; 5497{ 5498 struct block *b0, *b1; 5499 5500 switch (type) { 5501 5502 case A_METAC: 5503 /* Get all packets in Meta signalling Circuit */ 5504 if (!is_atm) 5505 bpf_error("'metac' supported only on raw ATM"); 5506 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5507 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0); 5508 gen_and(b0, b1); 5509 break; 5510 5511 case A_BCC: 5512 /* Get all packets in Broadcast Circuit*/ 5513 if (!is_atm) 5514 bpf_error("'bcc' supported only on raw ATM"); 5515 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5516 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0); 5517 gen_and(b0, b1); 5518 break; 5519 5520 case A_OAMF4SC: 5521 /* Get all cells in Segment OAM F4 circuit*/ 5522 if (!is_atm) 5523 bpf_error("'oam4sc' supported only on raw ATM"); 5524 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5525 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 5526 gen_and(b0, b1); 5527 break; 5528 5529 case A_OAMF4EC: 5530 /* Get all cells in End-to-End OAM F4 Circuit*/ 5531 if (!is_atm) 5532 bpf_error("'oam4ec' supported only on raw ATM"); 5533 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5534 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 5535 gen_and(b0, b1); 5536 break; 5537 5538 case A_SC: 5539 /* Get all packets in connection Signalling Circuit */ 5540 if (!is_atm) 5541 bpf_error("'sc' supported only on raw ATM"); 5542 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5543 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0); 5544 gen_and(b0, b1); 5545 break; 5546 5547 case A_ILMIC: 5548 /* Get all packets in ILMI Circuit */ 5549 if (!is_atm) 5550 bpf_error("'ilmic' supported only on raw ATM"); 5551 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5552 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0); 5553 gen_and(b0, b1); 5554 break; 5555 5556 case A_LANE: 5557 /* Get all LANE packets */ 5558 if (!is_atm) 5559 bpf_error("'lane' supported only on raw ATM"); 5560 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 5561 5562 /* 5563 * Arrange that all subsequent tests assume LANE 5564 * rather than LLC-encapsulated packets, and set 5565 * the offsets appropriately for LANE-encapsulated 5566 * Ethernet. 5567 * 5568 * "off_mac" is the offset of the Ethernet header, 5569 * which is 2 bytes past the ATM pseudo-header 5570 * (skipping the pseudo-header and 2-byte LE Client 5571 * field). The other offsets are Ethernet offsets 5572 * relative to "off_mac". 5573 */ 5574 is_lane = 1; 5575 off_mac = off_payload + 2; /* MAC header */ 5576 off_linktype = off_mac + 12; 5577 off_nl = off_mac + 14; /* Ethernet II */ 5578 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */ 5579 break; 5580 5581 case A_LLC: 5582 /* Get all LLC-encapsulated packets */ 5583 if (!is_atm) 5584 bpf_error("'llc' supported only on raw ATM"); 5585 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 5586 is_lane = 0; 5587 break; 5588 5589 default: 5590 abort(); 5591 } 5592 return b1; 5593} 5594 5595 5596static struct block * 5597gen_msg_abbrev(type) 5598 int type; 5599{ 5600 struct block *b1; 5601 5602 /* 5603 * Q.2931 signalling protocol messages for handling virtual circuits 5604 * establishment and teardown 5605 */ 5606 switch (type) { 5607 5608 case A_SETUP: 5609 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0); 5610 break; 5611 5612 case A_CALLPROCEED: 5613 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 5614 break; 5615 5616 case A_CONNECT: 5617 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0); 5618 break; 5619 5620 case A_CONNECTACK: 5621 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 5622 break; 5623 5624 case A_RELEASE: 5625 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0); 5626 break; 5627 5628 case A_RELEASE_DONE: 5629 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 5630 break; 5631 5632 default: 5633 abort(); 5634 } 5635 return b1; 5636} 5637 5638struct block * 5639gen_atmmulti_abbrev(type) 5640 int type; 5641{ 5642 struct block *b0, *b1; 5643 5644 switch (type) { 5645 5646 case A_OAM: 5647 if (!is_atm) 5648 bpf_error("'oam' supported only on raw ATM"); 5649 b1 = gen_atmmulti_abbrev(A_OAMF4); 5650 break; 5651 5652 case A_OAMF4: 5653 if (!is_atm) 5654 bpf_error("'oamf4' supported only on raw ATM"); 5655 /* OAM F4 type */ 5656 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 5657 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 5658 gen_or(b0, b1); 5659 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 5660 gen_and(b0, b1); 5661 break; 5662 5663 case A_CONNECTMSG: 5664 /* 5665 * Get Q.2931 signalling messages for switched 5666 * virtual connection 5667 */ 5668 if (!is_atm) 5669 bpf_error("'connectmsg' supported only on raw ATM"); 5670 b0 = gen_msg_abbrev(A_SETUP); 5671 b1 = gen_msg_abbrev(A_CALLPROCEED); 5672 gen_or(b0, b1); 5673 b0 = gen_msg_abbrev(A_CONNECT); 5674 gen_or(b0, b1); 5675 b0 = gen_msg_abbrev(A_CONNECTACK); 5676 gen_or(b0, b1); 5677 b0 = gen_msg_abbrev(A_RELEASE); 5678 gen_or(b0, b1); 5679 b0 = gen_msg_abbrev(A_RELEASE_DONE); 5680 gen_or(b0, b1); 5681 b0 = gen_atmtype_abbrev(A_SC); 5682 gen_and(b0, b1); 5683 break; 5684 5685 case A_METACONNECT: 5686 if (!is_atm) 5687 bpf_error("'metaconnect' supported only on raw ATM"); 5688 b0 = gen_msg_abbrev(A_SETUP); 5689 b1 = gen_msg_abbrev(A_CALLPROCEED); 5690 gen_or(b0, b1); 5691 b0 = gen_msg_abbrev(A_CONNECT); 5692 gen_or(b0, b1); 5693 b0 = gen_msg_abbrev(A_RELEASE); 5694 gen_or(b0, b1); 5695 b0 = gen_msg_abbrev(A_RELEASE_DONE); 5696 gen_or(b0, b1); 5697 b0 = gen_atmtype_abbrev(A_METAC); 5698 gen_and(b0, b1); 5699 break; 5700 5701 default: 5702 abort(); 5703 } 5704 return b1; 5705} 5706