00001 /*#define CHASE_CHAIN*/ 00002 /* 00003 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 00004 * The Regents of the University of California. All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that: (1) source code distributions 00008 * retain the above copyright notice and this paragraph in its entirety, (2) 00009 * distributions including binary code include the above copyright notice and 00010 * this paragraph in its entirety in the documentation or other materials 00011 * provided with the distribution, and (3) all advertising materials mentioning 00012 * features or use of this software display the following acknowledgement: 00013 * ``This product includes software developed by the University of California, 00014 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 00015 * the University nor the names of its contributors may be used to endorse 00016 * or promote products derived from this software without specific prior 00017 * written permission. 00018 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 00019 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 00020 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 00021 */ 00022 #ifndef lint 00023 static const char rcsid[] _U_ = 00024 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.193.2.9 2004/08/27 07:38:11 guy Exp $ (LBL)"; 00025 #endif 00026 00027 #ifdef HAVE_CONFIG_H 00028 #include "config.h" 00029 #endif 00030 00031 #ifdef WIN32 00032 #include <pcap-stdinc.h> 00033 #else /* WIN32 */ 00034 #include <sys/types.h> 00035 #include <sys/socket.h> 00036 #include <sys/time.h> 00037 #endif /* WIN32 */ 00038 00039 /* 00040 * XXX - why was this included even on UNIX? 00041 */ 00042 #ifdef __MINGW32__ 00043 #include "IP6_misc.h" 00044 #endif 00045 00046 #ifndef WIN32 00047 00048 #ifdef __NetBSD__ 00049 #include <sys/param.h> 00050 #endif 00051 00052 #include <netinet/in.h> 00053 00054 #endif /* WIN32 */ 00055 00056 #include <stdlib.h> 00057 #include <string.h> 00058 #include <memory.h> 00059 #include <setjmp.h> 00060 #include <stdarg.h> 00061 00062 #include "pcap-int.h" 00063 00064 #include "ethertype.h" 00065 #include "nlpid.h" 00066 #include "llc.h" 00067 #include "gencode.h" 00068 #include "atmuni31.h" 00069 #include "sunatmpos.h" 00070 #include "ppp.h" 00071 #include "sll.h" 00072 #include "arcnet.h" 00073 #include "pf.h" 00074 #ifndef offsetof 00075 #define offsetof(s, e) ((size_t)&((s *)0)->e) 00076 #endif 00077 #ifdef INET6 00078 #ifndef WIN32 00079 #include <netdb.h> /* for "struct addrinfo" */ 00080 #endif /* WIN32 */ 00081 #endif /*INET6*/ 00082 #include <pcap-namedb.h> 00083 00084 #define ETHERMTU 1500 00085 00086 #ifndef IPPROTO_SCTP 00087 #define IPPROTO_SCTP 132 00088 #endif 00089 00090 #ifdef HAVE_OS_PROTO_H 00091 #include "os-proto.h" 00092 #endif 00093 00094 #define JMP(c) ((c)|BPF_JMP|BPF_K) 00095 00096 /* Locals */ 00097 static jmp_buf top_ctx; 00098 static pcap_t *bpf_pcap; 00099 00100 /* Hack for updating VLAN offsets. */ 00101 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 00102 00103 /* XXX */ 00104 #ifdef PCAP_FDDIPAD 00105 int pcap_fddipad = PCAP_FDDIPAD; 00106 #else 00107 int pcap_fddipad; 00108 #endif 00109 00110 /* VARARGS */ 00111 void 00112 bpf_error(const char *fmt, ...) 00113 00114 { 00115 va_list ap; 00116 00117 va_start(ap, fmt); 00118 if (bpf_pcap != NULL) 00119 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 00120 fmt, ap); 00121 va_end(ap); 00122 longjmp(top_ctx, 1); 00123 /* NOTREACHED */ 00124 } 00125 00126 static void init_linktype(int); 00127 00128 static int alloc_reg(void); 00129 static void free_reg(int); 00130 00131 static struct block *root; 00132 00133 /* 00134 * We divy out chunks of memory rather than call malloc each time so 00135 * we don't have to worry about leaking memory. It's probably 00136 * not a big deal if all this memory was wasted but it this ever 00137 * goes into a library that would probably not be a good idea. 00138 */ 00139 #define NCHUNKS 16 00140 #define CHUNK0SIZE 1024 00141 struct chunk { 00142 u_int n_left; 00143 void *m; 00144 }; 00145 00146 static struct chunk chunks[NCHUNKS]; 00147 static int cur_chunk; 00148 00149 static void *newchunk(u_int); 00150 static void freechunks(void); 00151 static inline struct block *new_block(int); 00152 static inline struct slist *new_stmt(int); 00153 static struct block *gen_retblk(int); 00154 static inline void syntax(void); 00155 00156 static void backpatch(struct block *, struct block *); 00157 static void merge(struct block *, struct block *); 00158 static struct block *gen_cmp(u_int, u_int, bpf_int32); 00159 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 00160 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 00161 static struct block *gen_bcmp(u_int, u_int, const u_char *); 00162 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32, 00163 bpf_u_int32, bpf_u_int32, int); 00164 static struct block *gen_uncond(int); 00165 static inline struct block *gen_true(void); 00166 static inline struct block *gen_false(void); 00167 static struct block *gen_ether_linktype(int); 00168 static struct block *gen_linktype(int); 00169 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int); 00170 static struct block *gen_llc(int); 00171 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 00172 #ifdef INET6 00173 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 00174 #endif 00175 static struct block *gen_ahostop(const u_char *, int); 00176 static struct block *gen_ehostop(const u_char *, int); 00177 static struct block *gen_fhostop(const u_char *, int); 00178 static struct block *gen_thostop(const u_char *, int); 00179 static struct block *gen_wlanhostop(const u_char *, int); 00180 static struct block *gen_ipfchostop(const u_char *, int); 00181 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 00182 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 00183 #ifdef INET6 00184 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 00185 #endif 00186 #ifndef INET6 00187 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 00188 #endif 00189 static struct block *gen_ipfrag(void); 00190 static struct block *gen_portatom(int, bpf_int32); 00191 #ifdef INET6 00192 static struct block *gen_portatom6(int, bpf_int32); 00193 #endif 00194 struct block *gen_portop(int, int, int); 00195 static struct block *gen_port(int, int, int); 00196 #ifdef INET6 00197 struct block *gen_portop6(int, int, int); 00198 static struct block *gen_port6(int, int, int); 00199 #endif 00200 static int lookup_proto(const char *, int); 00201 static struct block *gen_protochain(int, int, int); 00202 static struct block *gen_proto(int, int, int); 00203 static struct slist *xfer_to_x(struct arth *); 00204 static struct slist *xfer_to_a(struct arth *); 00205 static struct block *gen_mac_multicast(int); 00206 static struct block *gen_len(int, int); 00207 00208 static struct block *gen_msg_abbrev(int type); 00209 00210 static void * 00211 newchunk(n) 00212 u_int n; 00213 { 00214 struct chunk *cp; 00215 int k; 00216 size_t size; 00217 00218 #ifndef __NetBSD__ 00219 /* XXX Round up to nearest long. */ 00220 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 00221 #else 00222 /* XXX Round up to structure boundary. */ 00223 n = ALIGN(n); 00224 #endif 00225 00226 cp = &chunks[cur_chunk]; 00227 if (n > cp->n_left) { 00228 ++cp, k = ++cur_chunk; 00229 if (k >= NCHUNKS) 00230 bpf_error("out of memory"); 00231 size = CHUNK0SIZE << k; 00232 cp->m = (void *)malloc(size); 00233 if (cp->m == NULL) 00234 bpf_error("out of memory"); 00235 memset((char *)cp->m, 0, size); 00236 cp->n_left = size; 00237 if (n > size) 00238 bpf_error("out of memory"); 00239 } 00240 cp->n_left -= n; 00241 return (void *)((char *)cp->m + cp->n_left); 00242 } 00243 00244 static void 00245 freechunks() 00246 { 00247 int i; 00248 00249 cur_chunk = 0; 00250 for (i = 0; i < NCHUNKS; ++i) 00251 if (chunks[i].m != NULL) { 00252 free(chunks[i].m); 00253 chunks[i].m = NULL; 00254 } 00255 } 00256 00257 /* 00258 * A strdup whose allocations are freed after code generation is over. 00259 */ 00260 char * 00261 sdup(s) 00262 register const char *s; 00263 { 00264 int n = strlen(s) + 1; 00265 char *cp = newchunk(n); 00266 00267 strlcpy(cp, s, n); 00268 return (cp); 00269 } 00270 00271 static inline struct block * 00272 new_block(code) 00273 int code; 00274 { 00275 struct block *p; 00276 00277 p = (struct block *)newchunk(sizeof(*p)); 00278 p->s.code = code; 00279 p->head = p; 00280 00281 return p; 00282 } 00283 00284 static inline struct slist * 00285 new_stmt(code) 00286 int code; 00287 { 00288 struct slist *p; 00289 00290 p = (struct slist *)newchunk(sizeof(*p)); 00291 p->s.code = code; 00292 00293 return p; 00294 } 00295 00296 static struct block * 00297 gen_retblk(v) 00298 int v; 00299 { 00300 struct block *b = new_block(BPF_RET|BPF_K); 00301 00302 b->s.k = v; 00303 return b; 00304 } 00305 00306 static inline void 00307 syntax() 00308 { 00309 bpf_error("syntax error in filter expression"); 00310 } 00311 00312 static bpf_u_int32 netmask; 00313 static int snaplen; 00314 int no_optimize; 00315 00316 int 00317 pcap_compile(pcap_t *p, struct bpf_program *program, 00318 char *buf, int optimize, bpf_u_int32 mask) 00319 { 00320 extern int n_errors; 00321 int len; 00322 00323 #ifdef HAVE_REMOTE 00324 /* 00325 Check if: 00326 - We are on an remote capture 00327 - we do not want to capture RPCAP traffic 00328 00329 If so, we have to save the current filter, because we have to add some 00330 piece of stuff later 00331 */ 00332 if ( (p->rmt_clientside) && (p->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP) ) 00333 { 00334 int bufferlen; 00335 00336 if (p->currentfilter) 00337 free (p->currentfilter); 00338 00339 if (buf) 00340 bufferlen= strlen(buf) + 1; 00341 else 00342 bufferlen= 1; 00343 00344 p->currentfilter= (char *) malloc( sizeof(char) * bufferlen); 00345 00346 strncpy(p->currentfilter, buf, bufferlen); 00347 00348 p->currentfilter[bufferlen - 1]= 0; 00349 } 00350 #endif /* HAVE_REMOTE */ 00351 00352 no_optimize = 0; 00353 n_errors = 0; 00354 root = NULL; 00355 bpf_pcap = p; 00356 if (setjmp(top_ctx)) { 00357 lex_cleanup(); 00358 freechunks(); 00359 return (-1); 00360 } 00361 00362 netmask = mask; 00363 00364 snaplen = pcap_snapshot(p); 00365 if (snaplen == 0) { 00366 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 00367 "snaplen of 0 rejects all packets"); 00368 return -1; 00369 } 00370 00371 lex_init(buf ? buf : ""); 00372 init_linktype(pcap_datalink(p)); 00373 (void)pcap_parse(); 00374 00375 if (n_errors) 00376 syntax(); 00377 00378 if (root == NULL) 00379 root = gen_retblk(snaplen); 00380 00381 if (optimize && !no_optimize) { 00382 bpf_optimize(&root); 00383 if (root == NULL || 00384 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 00385 bpf_error("expression rejects all packets"); 00386 } 00387 program->bf_insns = icode_to_fcode(root, &len); 00388 program->bf_len = len; 00389 00390 lex_cleanup(); 00391 freechunks(); 00392 return (0); 00393 } 00394 00395 /* 00396 * entry point for using the compiler with no pcap open 00397 * pass in all the stuff that is needed explicitly instead. 00398 */ 00399 int 00400 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 00401 struct bpf_program *program, 00402 char *buf, int optimize, bpf_u_int32 mask) 00403 { 00404 pcap_t *p; 00405 int ret; 00406 00407 p = pcap_open_dead(linktype_arg, snaplen_arg); 00408 if (p == NULL) 00409 return (-1); 00410 ret = pcap_compile(p, program, buf, optimize, mask); 00411 pcap_close(p); 00412 return (ret); 00413 } 00414 00415 /* 00416 * Clean up a "struct bpf_program" by freeing all the memory allocated 00417 * in it. 00418 */ 00419 void 00420 pcap_freecode(struct bpf_program *program) 00421 { 00422 program->bf_len = 0; 00423 if (program->bf_insns != NULL) { 00424 free((char *)program->bf_insns); 00425 program->bf_insns = NULL; 00426 } 00427 } 00428 00429 /* 00430 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 00431 * which of the jt and jf fields has been resolved and which is a pointer 00432 * back to another unresolved block (or nil). At least one of the fields 00433 * in each block is already resolved. 00434 */ 00435 static void 00436 backpatch(list, target) 00437 struct block *list, *target; 00438 { 00439 struct block *next; 00440 00441 while (list) { 00442 if (!list->sense) { 00443 next = JT(list); 00444 JT(list) = target; 00445 } else { 00446 next = JF(list); 00447 JF(list) = target; 00448 } 00449 list = next; 00450 } 00451 } 00452 00453 /* 00454 * Merge the lists in b0 and b1, using the 'sense' field to indicate 00455 * which of jt and jf is the link. 00456 */ 00457 static void 00458 merge(b0, b1) 00459 struct block *b0, *b1; 00460 { 00461 register struct block **p = &b0; 00462 00463 /* Find end of list. */ 00464 while (*p) 00465 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 00466 00467 /* Concatenate the lists. */ 00468 *p = b1; 00469 } 00470 00471 void 00472 finish_parse(p) 00473 struct block *p; 00474 { 00475 backpatch(p, gen_retblk(snaplen)); 00476 p->sense = !p->sense; 00477 backpatch(p, gen_retblk(0)); 00478 root = p->head; 00479 } 00480 00481 void 00482 gen_and(b0, b1) 00483 struct block *b0, *b1; 00484 { 00485 backpatch(b0, b1->head); 00486 b0->sense = !b0->sense; 00487 b1->sense = !b1->sense; 00488 merge(b1, b0); 00489 b1->sense = !b1->sense; 00490 b1->head = b0->head; 00491 } 00492 00493 void 00494 gen_or(b0, b1) 00495 struct block *b0, *b1; 00496 { 00497 b0->sense = !b0->sense; 00498 backpatch(b0, b1->head); 00499 b0->sense = !b0->sense; 00500 merge(b1, b0); 00501 b1->head = b0->head; 00502 } 00503 00504 void 00505 gen_not(b) 00506 struct block *b; 00507 { 00508 b->sense = !b->sense; 00509 } 00510 00511 static struct block * 00512 gen_cmp(offset, size, v) 00513 u_int offset, size; 00514 bpf_int32 v; 00515 { 00516 struct slist *s; 00517 struct block *b; 00518 00519 s = new_stmt(BPF_LD|BPF_ABS|size); 00520 s->s.k = offset; 00521 00522 b = new_block(JMP(BPF_JEQ)); 00523 b->stmts = s; 00524 b->s.k = v; 00525 00526 return b; 00527 } 00528 00529 static struct block * 00530 gen_cmp_gt(offset, size, v) 00531 u_int offset, size; 00532 bpf_int32 v; 00533 { 00534 struct slist *s; 00535 struct block *b; 00536 00537 s = new_stmt(BPF_LD|BPF_ABS|size); 00538 s->s.k = offset; 00539 00540 b = new_block(JMP(BPF_JGT)); 00541 b->stmts = s; 00542 b->s.k = v; 00543 00544 return b; 00545 } 00546 00547 static struct block * 00548 gen_mcmp(offset, size, v, mask) 00549 u_int offset, size; 00550 bpf_int32 v; 00551 bpf_u_int32 mask; 00552 { 00553 struct block *b = gen_cmp(offset, size, v); 00554 struct slist *s; 00555 00556 if (mask != 0xffffffff) { 00557 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 00558 s->s.k = mask; 00559 b->stmts->next = s; 00560 } 00561 return b; 00562 } 00563 00564 static struct block * 00565 gen_bcmp(offset, size, v) 00566 register u_int offset, size; 00567 register const u_char *v; 00568 { 00569 register struct block *b, *tmp; 00570 00571 b = NULL; 00572 while (size >= 4) { 00573 register const u_char *p = &v[size - 4]; 00574 bpf_int32 w = ((bpf_int32)p[0] << 24) | 00575 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 00576 00577 tmp = gen_cmp(offset + size - 4, BPF_W, w); 00578 if (b != NULL) 00579 gen_and(b, tmp); 00580 b = tmp; 00581 size -= 4; 00582 } 00583 while (size >= 2) { 00584 register const u_char *p = &v[size - 2]; 00585 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 00586 00587 tmp = gen_cmp(offset + size - 2, BPF_H, w); 00588 if (b != NULL) 00589 gen_and(b, tmp); 00590 b = tmp; 00591 size -= 2; 00592 } 00593 if (size > 0) { 00594 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 00595 if (b != NULL) 00596 gen_and(b, tmp); 00597 b = tmp; 00598 } 00599 return b; 00600 } 00601 00602 static struct block * 00603 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse) 00604 bpf_u_int32 datasize, offset, mask, jtype, jvalue; 00605 int reverse; 00606 { 00607 struct slist *s; 00608 struct block *b; 00609 00610 s = new_stmt(BPF_LD|datasize|BPF_ABS); 00611 s->s.k = offset; 00612 00613 if (mask != 0xffffffff) { 00614 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K); 00615 s->next->s.k = mask; 00616 } 00617 00618 b = new_block(JMP(jtype)); 00619 b->stmts = s; 00620 b->s.k = jvalue; 00621 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE)) 00622 gen_not(b); 00623 return b; 00624 } 00625 00626 /* 00627 * Various code constructs need to know the layout of the data link 00628 * layer. These variables give the necessary offsets. 00629 */ 00630 00631 /* 00632 * This is the offset of the beginning of the MAC-layer header. 00633 * It's usually 0, except for ATM LANE. 00634 */ 00635 static u_int off_mac; 00636 00637 /* 00638 * "off_linktype" is the offset to information in the link-layer header 00639 * giving the packet type. 00640 * 00641 * For Ethernet, it's the offset of the Ethernet type field. 00642 * 00643 * For link-layer types that always use 802.2 headers, it's the 00644 * offset of the LLC header. 00645 * 00646 * For PPP, it's the offset of the PPP type field. 00647 * 00648 * For Cisco HDLC, it's the offset of the CHDLC type field. 00649 * 00650 * For BSD loopback, it's the offset of the AF_ value. 00651 * 00652 * For Linux cooked sockets, it's the offset of the type field. 00653 * 00654 * It's set to -1 for no encapsulation, in which case, IP is assumed. 00655 */ 00656 static u_int off_linktype; 00657 00658 /* 00659 * TRUE if the link layer includes an ATM pseudo-header. 00660 */ 00661 static int is_atm = 0; 00662 00663 /* 00664 * TRUE if "lane" appeared in the filter; it causes us to generate 00665 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM. 00666 */ 00667 static int is_lane = 0; 00668 00669 /* 00670 * These are offsets for the ATM pseudo-header. 00671 */ 00672 static u_int off_vpi; 00673 static u_int off_vci; 00674 static u_int off_proto; 00675 00676 /* 00677 * This is the offset of the first byte after the ATM pseudo_header, 00678 * or -1 if there is no ATM pseudo-header. 00679 */ 00680 static u_int off_payload; 00681 00682 /* 00683 * These are offsets to the beginning of the network-layer header. 00684 * 00685 * If the link layer never uses 802.2 LLC: 00686 * 00687 * "off_nl" and "off_nl_nosnap" are the same. 00688 * 00689 * If the link layer always uses 802.2 LLC: 00690 * 00691 * "off_nl" is the offset if there's a SNAP header following 00692 * the 802.2 header; 00693 * 00694 * "off_nl_nosnap" is the offset if there's no SNAP header. 00695 * 00696 * If the link layer is Ethernet: 00697 * 00698 * "off_nl" is the offset if the packet is an Ethernet II packet 00699 * (we assume no 802.3+802.2+SNAP); 00700 * 00701 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 00702 * with an 802.2 header following it. 00703 */ 00704 static u_int off_nl; 00705 static u_int off_nl_nosnap; 00706 00707 static int linktype; 00708 00709 static void 00710 init_linktype(type) 00711 int type; 00712 { 00713 linktype = type; 00714 00715 /* 00716 * Assume it's not raw ATM with a pseudo-header, for now. 00717 */ 00718 off_mac = 0; 00719 is_atm = 0; 00720 is_lane = 0; 00721 off_vpi = -1; 00722 off_vci = -1; 00723 off_proto = -1; 00724 off_payload = -1; 00725 00726 orig_linktype = -1; 00727 orig_nl = -1; 00728 orig_nl_nosnap = -1; 00729 00730 switch (type) { 00731 00732 case DLT_ARCNET: 00733 off_linktype = 2; 00734 off_nl = 6; /* XXX in reality, variable! */ 00735 off_nl_nosnap = 6; /* no 802.2 LLC */ 00736 return; 00737 00738 case DLT_ARCNET_LINUX: 00739 off_linktype = 4; 00740 off_nl = 8; /* XXX in reality, variable! */ 00741 off_nl_nosnap = 8; /* no 802.2 LLC */ 00742 return; 00743 00744 case DLT_EN10MB: 00745 off_linktype = 12; 00746 off_nl = 14; /* Ethernet II */ 00747 off_nl_nosnap = 17; /* 802.3+802.2 */ 00748 return; 00749 00750 case DLT_SLIP: 00751 /* 00752 * SLIP doesn't have a link level type. The 16 byte 00753 * header is hacked into our SLIP driver. 00754 */ 00755 off_linktype = -1; 00756 off_nl = 16; 00757 off_nl_nosnap = 16; /* no 802.2 LLC */ 00758 return; 00759 00760 case DLT_SLIP_BSDOS: 00761 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 00762 off_linktype = -1; 00763 /* XXX end */ 00764 off_nl = 24; 00765 off_nl_nosnap = 24; /* no 802.2 LLC */ 00766 return; 00767 00768 case DLT_NULL: 00769 case DLT_LOOP: 00770 off_linktype = 0; 00771 off_nl = 4; 00772 off_nl_nosnap = 4; /* no 802.2 LLC */ 00773 return; 00774 00775 case DLT_ENC: 00776 off_linktype = 0; 00777 off_nl = 12; 00778 off_nl_nosnap = 12; /* no 802.2 LLC */ 00779 return; 00780 00781 case DLT_PPP: 00782 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 00783 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 00784 off_linktype = 2; 00785 off_nl = 4; 00786 off_nl_nosnap = 4; /* no 802.2 LLC */ 00787 return; 00788 00789 case DLT_PPP_ETHER: 00790 /* 00791 * This does no include the Ethernet header, and 00792 * only covers session state. 00793 */ 00794 off_linktype = 6; 00795 off_nl = 8; 00796 off_nl_nosnap = 8; /* no 802.2 LLC */ 00797 return; 00798 00799 case DLT_PPP_BSDOS: 00800 off_linktype = 5; 00801 off_nl = 24; 00802 off_nl_nosnap = 24; /* no 802.2 LLC */ 00803 return; 00804 00805 case DLT_FDDI: 00806 /* 00807 * FDDI doesn't really have a link-level type field. 00808 * We set "off_linktype" to the offset of the LLC header. 00809 * 00810 * To check for Ethernet types, we assume that SSAP = SNAP 00811 * is being used and pick out the encapsulated Ethernet type. 00812 * XXX - should we generate code to check for SNAP? 00813 */ 00814 off_linktype = 13; 00815 #ifdef PCAP_FDDIPAD 00816 off_linktype += pcap_fddipad; 00817 #endif 00818 off_nl = 21; /* FDDI+802.2+SNAP */ 00819 off_nl_nosnap = 16; /* FDDI+802.2 */ 00820 #ifdef PCAP_FDDIPAD 00821 off_nl += pcap_fddipad; 00822 off_nl_nosnap += pcap_fddipad; 00823 #endif 00824 return; 00825 00826 case DLT_IEEE802: 00827 /* 00828 * Token Ring doesn't really have a link-level type field. 00829 * We set "off_linktype" to the offset of the LLC header. 00830 * 00831 * To check for Ethernet types, we assume that SSAP = SNAP 00832 * is being used and pick out the encapsulated Ethernet type. 00833 * XXX - should we generate code to check for SNAP? 00834 * 00835 * XXX - the header is actually variable-length. 00836 * Some various Linux patched versions gave 38 00837 * as "off_linktype" and 40 as "off_nl"; however, 00838 * if a token ring packet has *no* routing 00839 * information, i.e. is not source-routed, the correct 00840 * values are 20 and 22, as they are in the vanilla code. 00841 * 00842 * A packet is source-routed iff the uppermost bit 00843 * of the first byte of the source address, at an 00844 * offset of 8, has the uppermost bit set. If the 00845 * packet is source-routed, the total number of bytes 00846 * of routing information is 2 plus bits 0x1F00 of 00847 * the 16-bit value at an offset of 14 (shifted right 00848 * 8 - figure out which byte that is). 00849 */ 00850 off_linktype = 14; 00851 off_nl = 22; /* Token Ring+802.2+SNAP */ 00852 off_nl_nosnap = 17; /* Token Ring+802.2 */ 00853 return; 00854 00855 case DLT_IEEE802_11: 00856 /* 00857 * 802.11 doesn't really have a link-level type field. 00858 * We set "off_linktype" to the offset of the LLC header. 00859 * 00860 * To check for Ethernet types, we assume that SSAP = SNAP 00861 * is being used and pick out the encapsulated Ethernet type. 00862 * XXX - should we generate code to check for SNAP? 00863 * 00864 * XXX - the header is actually variable-length. We 00865 * assume a 24-byte link-layer header, as appears in 00866 * data frames in networks with no bridges. If the 00867 * fromds and tods 802.11 header bits are both set, 00868 * it's actually supposed to be 30 bytes. 00869 */ 00870 off_linktype = 24; 00871 off_nl = 32; /* 802.11+802.2+SNAP */ 00872 off_nl_nosnap = 27; /* 802.11+802.2 */ 00873 return; 00874 00875 case DLT_PRISM_HEADER: 00876 /* 00877 * Same as 802.11, but with an additional header before 00878 * the 802.11 header, containing a bunch of additional 00879 * information including radio-level information. 00880 * 00881 * The header is 144 bytes long. 00882 * 00883 * XXX - same variable-length header problem; at least 00884 * the Prism header is fixed-length. 00885 */ 00886 off_linktype = 144+24; 00887 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */ 00888 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */ 00889 return; 00890 00891 case DLT_IEEE802_11_RADIO_AVS: 00892 /* 00893 * Same as 802.11, but with an additional header before 00894 * the 802.11 header, containing a bunch of additional 00895 * information including radio-level information. 00896 * 00897 * The header is 64 bytes long, at least in its 00898 * current incarnation. 00899 * 00900 * XXX - same variable-length header problem, only 00901 * more so; this header is also variable-length, 00902 * with the length being the 32-bit big-endian 00903 * number at an offset of 4 from the beginning 00904 * of the radio header. 00905 */ 00906 off_linktype = 64+24; 00907 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */ 00908 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */ 00909 return; 00910 00911 case DLT_IEEE802_11_RADIO: 00912 /* 00913 * Same as 802.11, but with an additional header before 00914 * the 802.11 header, containing a bunch of additional 00915 * information including radio-level information. 00916 * 00917 * XXX - same variable-length header problem, only 00918 * even *more* so; this header is also variable-length, 00919 * with the length being the 16-bit number at an offset 00920 * of 2 from the beginning of the radio header, and it's 00921 * device-dependent (different devices might supply 00922 * different amounts of information), so we can't even 00923 * assume a fixed length for the current version of the 00924 * header. 00925 * 00926 * Therefore, currently, only raw "link[N:M]" filtering is 00927 * supported. 00928 */ 00929 off_linktype = -1; 00930 off_nl = -1; 00931 off_nl_nosnap = -1; 00932 return; 00933 00934 case DLT_ATM_RFC1483: 00935 case DLT_ATM_CLIP: /* Linux ATM defines this */ 00936 /* 00937 * assume routed, non-ISO PDUs 00938 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 00939 */ 00940 off_linktype = 0; 00941 off_nl = 8; /* 802.2+SNAP */ 00942 off_nl_nosnap = 3; /* 802.2 */ 00943 return; 00944 00945 case DLT_SUNATM: 00946 /* 00947 * Full Frontal ATM; you get AALn PDUs with an ATM 00948 * pseudo-header. 00949 */ 00950 is_atm = 1; 00951 off_vpi = SUNATM_VPI_POS; 00952 off_vci = SUNATM_VCI_POS; 00953 off_proto = PROTO_POS; 00954 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */ 00955 off_payload = SUNATM_PKT_BEGIN_POS; 00956 off_linktype = off_payload; 00957 off_nl = off_payload+8; /* 802.2+SNAP */ 00958 off_nl_nosnap = off_payload+3; /* 802.2 */ 00959 return; 00960 00961 case DLT_RAW: 00962 off_linktype = -1; 00963 off_nl = 0; 00964 off_nl_nosnap = 0; /* no 802.2 LLC */ 00965 return; 00966 00967 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 00968 off_linktype = 14; 00969 off_nl = 16; 00970 off_nl_nosnap = 16; /* no 802.2 LLC */ 00971 return; 00972 00973 case DLT_LTALK: 00974 /* 00975 * LocalTalk does have a 1-byte type field in the LLAP header, 00976 * but really it just indicates whether there is a "short" or 00977 * "long" DDP packet following. 00978 */ 00979 off_linktype = -1; 00980 off_nl = 0; 00981 off_nl_nosnap = 0; /* no 802.2 LLC */ 00982 return; 00983 00984 case DLT_IP_OVER_FC: 00985 /* 00986 * RFC 2625 IP-over-Fibre-Channel doesn't really have a 00987 * link-level type field. We set "off_linktype" to the 00988 * offset of the LLC header. 00989 * 00990 * To check for Ethernet types, we assume that SSAP = SNAP 00991 * is being used and pick out the encapsulated Ethernet type. 00992 * XXX - should we generate code to check for SNAP? RFC 00993 * 2625 says SNAP should be used. 00994 */ 00995 off_linktype = 16; 00996 off_nl = 24; /* IPFC+802.2+SNAP */ 00997 off_nl_nosnap = 19; /* IPFC+802.2 */ 00998 return; 00999 01000 case DLT_FRELAY: 01001 /* 01002 * XXX - we should set this to handle SNAP-encapsulated 01003 * frames (NLPID of 0x80). 01004 */ 01005 off_linktype = -1; 01006 off_nl = 0; 01007 off_nl_nosnap = 0; /* no 802.2 LLC */ 01008 return; 01009 01010 case DLT_APPLE_IP_OVER_IEEE1394: 01011 off_linktype = 16; 01012 off_nl = 18; 01013 off_nl_nosnap = 0; /* no 802.2 LLC */ 01014 return; 01015 01016 case DLT_LINUX_IRDA: 01017 /* 01018 * Currently, only raw "link[N:M]" filtering is supported. 01019 */ 01020 off_linktype = -1; 01021 off_nl = -1; 01022 off_nl_nosnap = -1; 01023 return; 01024 01025 case DLT_PFLOG: 01026 off_linktype = 0; 01027 /* XXX read from header? */ 01028 off_nl = PFLOG_HDRLEN; 01029 off_nl_nosnap = PFLOG_HDRLEN; 01030 return; 01031 01032 #ifdef DLT_PFSYNC 01033 case DLT_PFSYNC: 01034 off_linktype = -1; 01035 off_nl = 4; 01036 off_nl_nosnap = 4; 01037 return; 01038 #endif 01039 } 01040 bpf_error("unknown data link type %d", linktype); 01041 /* NOTREACHED */ 01042 } 01043 01044 static struct block * 01045 gen_uncond(rsense) 01046 int rsense; 01047 { 01048 struct block *b; 01049 struct slist *s; 01050 01051 s = new_stmt(BPF_LD|BPF_IMM); 01052 s->s.k = !rsense; 01053 b = new_block(JMP(BPF_JEQ)); 01054 b->stmts = s; 01055 01056 return b; 01057 } 01058 01059 static inline struct block * 01060 gen_true() 01061 { 01062 return gen_uncond(1); 01063 } 01064 01065 static inline struct block * 01066 gen_false() 01067 { 01068 return gen_uncond(0); 01069 } 01070 01071 /* 01072 * Byte-swap a 32-bit number. 01073 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 01074 * big-endian platforms.) 01075 */ 01076 #define SWAPLONG(y) \ 01077 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 01078 01079 static struct block * 01080 gen_ether_linktype(proto) 01081 register int proto; 01082 { 01083 struct block *b0, *b1; 01084 01085 switch (proto) { 01086 01087 case LLCSAP_ISONS: 01088 /* 01089 * OSI protocols always use 802.2 encapsulation. 01090 * XXX - should we check both the DSAP and the 01091 * SSAP, like this, or should we check just the 01092 * DSAP? 01093 */ 01094 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01095 gen_not(b0); 01096 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01097 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01098 gen_and(b0, b1); 01099 return b1; 01100 01101 case LLCSAP_IP: 01102 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01103 gen_not(b0); 01104 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01105 ((LLCSAP_IP << 8) | LLCSAP_IP)); 01106 gen_and(b0, b1); 01107 return b1; 01108 01109 case LLCSAP_NETBEUI: 01110 /* 01111 * NetBEUI always uses 802.2 encapsulation. 01112 * XXX - should we check both the DSAP and the 01113 * SSAP, like this, or should we check just the 01114 * DSAP? 01115 */ 01116 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01117 gen_not(b0); 01118 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01119 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01120 gen_and(b0, b1); 01121 return b1; 01122 01123 case LLCSAP_IPX: 01124 /* 01125 * Check for; 01126 * 01127 * Ethernet_II frames, which are Ethernet 01128 * frames with a frame type of ETHERTYPE_IPX; 01129 * 01130 * Ethernet_802.3 frames, which are 802.3 01131 * frames (i.e., the type/length field is 01132 * a length field, <= ETHERMTU, rather than 01133 * a type field) with the first two bytes 01134 * after the Ethernet/802.3 header being 01135 * 0xFFFF; 01136 * 01137 * Ethernet_802.2 frames, which are 802.3 01138 * frames with an 802.2 LLC header and 01139 * with the IPX LSAP as the DSAP in the LLC 01140 * header; 01141 * 01142 * Ethernet_SNAP frames, which are 802.3 01143 * frames with an LLC header and a SNAP 01144 * header and with an OUI of 0x000000 01145 * (encapsulated Ethernet) and a protocol 01146 * ID of ETHERTYPE_IPX in the SNAP header. 01147 * 01148 * XXX - should we generate the same code both 01149 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 01150 */ 01151 01152 /* 01153 * This generates code to check both for the 01154 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 01155 */ 01156 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX); 01157 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF); 01158 gen_or(b0, b1); 01159 01160 /* 01161 * Now we add code to check for SNAP frames with 01162 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 01163 */ 01164 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 01165 gen_or(b0, b1); 01166 01167 /* 01168 * Now we generate code to check for 802.3 01169 * frames in general. 01170 */ 01171 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01172 gen_not(b0); 01173 01174 /* 01175 * Now add the check for 802.3 frames before the 01176 * check for Ethernet_802.2 and Ethernet_802.3, 01177 * as those checks should only be done on 802.3 01178 * frames, not on Ethernet frames. 01179 */ 01180 gen_and(b0, b1); 01181 01182 /* 01183 * Now add the check for Ethernet_II frames, and 01184 * do that before checking for the other frame 01185 * types. 01186 */ 01187 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX); 01188 gen_or(b0, b1); 01189 return b1; 01190 01191 case ETHERTYPE_ATALK: 01192 case ETHERTYPE_AARP: 01193 /* 01194 * EtherTalk (AppleTalk protocols on Ethernet link 01195 * layer) may use 802.2 encapsulation. 01196 */ 01197 01198 /* 01199 * Check for 802.2 encapsulation (EtherTalk phase 2?); 01200 * we check for an Ethernet type field less than 01201 * 1500, which means it's an 802.3 length field. 01202 */ 01203 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01204 gen_not(b0); 01205 01206 /* 01207 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01208 * SNAP packets with an organization code of 01209 * 0x080007 (Apple, for Appletalk) and a protocol 01210 * type of ETHERTYPE_ATALK (Appletalk). 01211 * 01212 * 802.2-encapsulated ETHERTYPE_AARP packets are 01213 * SNAP packets with an organization code of 01214 * 0x000000 (encapsulated Ethernet) and a protocol 01215 * type of ETHERTYPE_AARP (Appletalk ARP). 01216 */ 01217 if (proto == ETHERTYPE_ATALK) 01218 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 01219 else /* proto == ETHERTYPE_AARP */ 01220 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 01221 gen_and(b0, b1); 01222 01223 /* 01224 * Check for Ethernet encapsulation (Ethertalk 01225 * phase 1?); we just check for the Ethernet 01226 * protocol type. 01227 */ 01228 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01229 01230 gen_or(b0, b1); 01231 return b1; 01232 01233 default: 01234 if (proto <= ETHERMTU) { 01235 /* 01236 * This is an LLC SAP value, so the frames 01237 * that match would be 802.2 frames. 01238 * Check that the frame is an 802.2 frame 01239 * (i.e., that the length/type field is 01240 * a length field, <= ETHERMTU) and 01241 * then check the DSAP. 01242 */ 01243 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01244 gen_not(b0); 01245 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 01246 gen_and(b0, b1); 01247 return b1; 01248 } else { 01249 /* 01250 * This is an Ethernet type, so compare 01251 * the length/type field with it (if 01252 * the frame is an 802.2 frame, the length 01253 * field will be <= ETHERMTU, and, as 01254 * "proto" is > ETHERMTU, this test 01255 * will fail and the frame won't match, 01256 * which is what we want). 01257 */ 01258 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01259 } 01260 } 01261 } 01262 01263 static struct block * 01264 gen_linktype(proto) 01265 register int proto; 01266 { 01267 struct block *b0, *b1, *b2; 01268 01269 switch (linktype) { 01270 01271 case DLT_EN10MB: 01272 return gen_ether_linktype(proto); 01273 break; 01274 01275 case DLT_C_HDLC: 01276 switch (proto) { 01277 01278 case LLCSAP_ISONS: 01279 proto = (proto << 8 | LLCSAP_ISONS); 01280 /* fall through */ 01281 01282 default: 01283 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01284 break; 01285 } 01286 break; 01287 01288 case DLT_IEEE802_11: 01289 case DLT_PRISM_HEADER: 01290 case DLT_IEEE802_11_RADIO: 01291 case DLT_FDDI: 01292 case DLT_IEEE802: 01293 case DLT_ATM_RFC1483: 01294 case DLT_ATM_CLIP: 01295 case DLT_IP_OVER_FC: 01296 return gen_llc(proto); 01297 break; 01298 01299 case DLT_SUNATM: 01300 /* 01301 * If "is_lane" is set, check for a LANE-encapsulated 01302 * version of this protocol, otherwise check for an 01303 * LLC-encapsulated version of this protocol. 01304 * 01305 * We assume LANE means Ethernet, not Token Ring. 01306 */ 01307 if (is_lane) { 01308 /* 01309 * Check that the packet doesn't begin with an 01310 * LE Control marker. (We've already generated 01311 * a test for LANE.) 01312 */ 01313 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 01314 gen_not(b0); 01315 01316 /* 01317 * Now generate an Ethernet test. 01318 */ 01319 b1 = gen_ether_linktype(proto); 01320 gen_and(b0, b1); 01321 return b1; 01322 } else { 01323 /* 01324 * Check for LLC encapsulation and then check the 01325 * protocol. 01326 */ 01327 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 01328 b1 = gen_llc(proto); 01329 gen_and(b0, b1); 01330 return b1; 01331 } 01332 01333 case DLT_LINUX_SLL: 01334 switch (proto) { 01335 01336 case LLCSAP_IP: 01337 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01338 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01339 ((LLCSAP_IP << 8) | LLCSAP_IP)); 01340 gen_and(b0, b1); 01341 return b1; 01342 01343 case LLCSAP_ISONS: 01344 /* 01345 * OSI protocols always use 802.2 encapsulation. 01346 * XXX - should we check both the DSAP and the 01347 * LSAP, like this, or should we check just the 01348 * DSAP? 01349 */ 01350 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01351 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01352 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01353 gen_and(b0, b1); 01354 return b1; 01355 01356 case LLCSAP_NETBEUI: 01357 /* 01358 * NetBEUI always uses 802.2 encapsulation. 01359 * XXX - should we check both the DSAP and the 01360 * LSAP, like this, or should we check just the 01361 * DSAP? 01362 */ 01363 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01364 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01365 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01366 gen_and(b0, b1); 01367 return b1; 01368 01369 case LLCSAP_IPX: 01370 /* 01371 * Ethernet_II frames, which are Ethernet 01372 * frames with a frame type of ETHERTYPE_IPX; 01373 * 01374 * Ethernet_802.3 frames, which have a frame 01375 * type of LINUX_SLL_P_802_3; 01376 * 01377 * Ethernet_802.2 frames, which are 802.3 01378 * frames with an 802.2 LLC header (i.e, have 01379 * a frame type of LINUX_SLL_P_802_2) and 01380 * with the IPX LSAP as the DSAP in the LLC 01381 * header; 01382 * 01383 * Ethernet_SNAP frames, which are 802.3 01384 * frames with an LLC header and a SNAP 01385 * header and with an OUI of 0x000000 01386 * (encapsulated Ethernet) and a protocol 01387 * ID of ETHERTYPE_IPX in the SNAP header. 01388 * 01389 * First, do the checks on LINUX_SLL_P_802_2 01390 * frames; generate the check for either 01391 * Ethernet_802.2 or Ethernet_SNAP frames, and 01392 * then put a check for LINUX_SLL_P_802_2 frames 01393 * before it. 01394 */ 01395 b0 = gen_cmp(off_linktype + 2, BPF_B, 01396 (bpf_int32)LLCSAP_IPX); 01397 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 01398 off_linktype + 2); 01399 gen_or(b0, b1); 01400 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01401 gen_and(b0, b1); 01402 01403 /* 01404 * Now check for 802.3 frames and OR that with 01405 * the previous test. 01406 */ 01407 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3); 01408 gen_or(b0, b1); 01409 01410 /* 01411 * Now add the check for Ethernet_II frames, and 01412 * do that before checking for the other frame 01413 * types. 01414 */ 01415 b0 = gen_cmp(off_linktype, BPF_H, 01416 (bpf_int32)ETHERTYPE_IPX); 01417 gen_or(b0, b1); 01418 return b1; 01419 01420 case ETHERTYPE_ATALK: 01421 case ETHERTYPE_AARP: 01422 /* 01423 * EtherTalk (AppleTalk protocols on Ethernet link 01424 * layer) may use 802.2 encapsulation. 01425 */ 01426 01427 /* 01428 * Check for 802.2 encapsulation (EtherTalk phase 2?); 01429 * we check for the 802.2 protocol type in the 01430 * "Ethernet type" field. 01431 */ 01432 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01433 01434 /* 01435 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01436 * SNAP packets with an organization code of 01437 * 0x080007 (Apple, for Appletalk) and a protocol 01438 * type of ETHERTYPE_ATALK (Appletalk). 01439 * 01440 * 802.2-encapsulated ETHERTYPE_AARP packets are 01441 * SNAP packets with an organization code of 01442 * 0x000000 (encapsulated Ethernet) and a protocol 01443 * type of ETHERTYPE_AARP (Appletalk ARP). 01444 */ 01445 if (proto == ETHERTYPE_ATALK) 01446 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 01447 off_linktype + 2); 01448 else /* proto == ETHERTYPE_AARP */ 01449 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 01450 off_linktype + 2); 01451 gen_and(b0, b1); 01452 01453 /* 01454 * Check for Ethernet encapsulation (Ethertalk 01455 * phase 1?); we just check for the Ethernet 01456 * protocol type. 01457 */ 01458 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01459 01460 gen_or(b0, b1); 01461 return b1; 01462 01463 default: 01464 if (proto <= ETHERMTU) { 01465 /* 01466 * This is an LLC SAP value, so the frames 01467 * that match would be 802.2 frames. 01468 * Check for the 802.2 protocol type 01469 * in the "Ethernet type" field, and 01470 * then check the DSAP. 01471 */ 01472 b0 = gen_cmp(off_linktype, BPF_H, 01473 LINUX_SLL_P_802_2); 01474 b1 = gen_cmp(off_linktype + 2, BPF_B, 01475 (bpf_int32)proto); 01476 gen_and(b0, b1); 01477 return b1; 01478 } else { 01479 /* 01480 * This is an Ethernet type, so compare 01481 * the length/type field with it (if 01482 * the frame is an 802.2 frame, the length 01483 * field will be <= ETHERMTU, and, as 01484 * "proto" is > ETHERMTU, this test 01485 * will fail and the frame won't match, 01486 * which is what we want). 01487 */ 01488 return gen_cmp(off_linktype, BPF_H, 01489 (bpf_int32)proto); 01490 } 01491 } 01492 break; 01493 01494 case DLT_SLIP: 01495 case DLT_SLIP_BSDOS: 01496 case DLT_RAW: 01497 /* 01498 * These types don't provide any type field; packets 01499 * are always IP. 01500 * 01501 * XXX - for IPv4, check for a version number of 4, and, 01502 * for IPv6, check for a version number of 6? 01503 */ 01504 switch (proto) { 01505 01506 case ETHERTYPE_IP: 01507 #ifdef INET6 01508 case ETHERTYPE_IPV6: 01509 #endif 01510 return gen_true(); /* always true */ 01511 01512 default: 01513 return gen_false(); /* always false */ 01514 } 01515 break; 01516 01517 case DLT_PPP: 01518 case DLT_PPP_SERIAL: 01519 case DLT_PPP_ETHER: 01520 /* 01521 * We use Ethernet protocol types inside libpcap; 01522 * map them to the corresponding PPP protocol types. 01523 */ 01524 switch (proto) { 01525 01526 case ETHERTYPE_IP: 01527 proto = PPP_IP; 01528 break; 01529 01530 #ifdef INET6 01531 case ETHERTYPE_IPV6: 01532 proto = PPP_IPV6; 01533 break; 01534 #endif 01535 01536 case ETHERTYPE_DN: 01537 proto = PPP_DECNET; 01538 break; 01539 01540 case ETHERTYPE_ATALK: 01541 proto = PPP_APPLE; 01542 break; 01543 01544 case ETHERTYPE_NS: 01545 proto = PPP_NS; 01546 break; 01547 01548 case LLCSAP_ISONS: 01549 proto = PPP_OSI; 01550 break; 01551 01552 case LLCSAP_8021D: 01553 /* 01554 * I'm assuming the "Bridging PDU"s that go 01555 * over PPP are Spanning Tree Protocol 01556 * Bridging PDUs. 01557 */ 01558 proto = PPP_BRPDU; 01559 break; 01560 01561 case LLCSAP_IPX: 01562 proto = PPP_IPX; 01563 break; 01564 } 01565 break; 01566 01567 case DLT_PPP_BSDOS: 01568 /* 01569 * We use Ethernet protocol types inside libpcap; 01570 * map them to the corresponding PPP protocol types. 01571 */ 01572 switch (proto) { 01573 01574 case ETHERTYPE_IP: 01575 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 01576 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 01577 gen_or(b0, b1); 01578 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 01579 gen_or(b1, b0); 01580 return b0; 01581 01582 #ifdef INET6 01583 case ETHERTYPE_IPV6: 01584 proto = PPP_IPV6; 01585 /* more to go? */ 01586 break; 01587 #endif 01588 01589 case ETHERTYPE_DN: 01590 proto = PPP_DECNET; 01591 break; 01592 01593 case ETHERTYPE_ATALK: 01594 proto = PPP_APPLE; 01595 break; 01596 01597 case ETHERTYPE_NS: 01598 proto = PPP_NS; 01599 break; 01600 01601 case LLCSAP_ISONS: 01602 proto = PPP_OSI; 01603 break; 01604 01605 case LLCSAP_8021D: 01606 /* 01607 * I'm assuming the "Bridging PDU"s that go 01608 * over PPP are Spanning Tree Protocol 01609 * Bridging PDUs. 01610 */ 01611 proto = PPP_BRPDU; 01612 break; 01613 01614 case LLCSAP_IPX: 01615 proto = PPP_IPX; 01616 break; 01617 } 01618 break; 01619 01620 case DLT_NULL: 01621 case DLT_LOOP: 01622 case DLT_ENC: 01623 /* 01624 * For DLT_NULL, the link-layer header is a 32-bit 01625 * word containing an AF_ value in *host* byte order, 01626 * and for DLT_ENC, the link-layer header begins 01627 * with a 32-bit work containing an AF_ value in 01628 * host byte order. 01629 * 01630 * In addition, if we're reading a saved capture file, 01631 * the host byte order in the capture may not be the 01632 * same as the host byte order on this machine. 01633 * 01634 * For DLT_LOOP, the link-layer header is a 32-bit 01635 * word containing an AF_ value in *network* byte order. 01636 * 01637 * XXX - AF_ values may, unfortunately, be platform- 01638 * dependent; for example, FreeBSD's AF_INET6 is 24 01639 * whilst NetBSD's and OpenBSD's is 26. 01640 * 01641 * This means that, when reading a capture file, just 01642 * checking for our AF_INET6 value won't work if the 01643 * capture file came from another OS. 01644 */ 01645 switch (proto) { 01646 01647 case ETHERTYPE_IP: 01648 proto = AF_INET; 01649 break; 01650 01651 #ifdef INET6 01652 case ETHERTYPE_IPV6: 01653 proto = AF_INET6; 01654 break; 01655 #endif 01656 01657 default: 01658 /* 01659 * Not a type on which we support filtering. 01660 * XXX - support those that have AF_ values 01661 * #defined on this platform, at least? 01662 */ 01663 return gen_false(); 01664 } 01665 01666 if (linktype == DLT_NULL || linktype == DLT_ENC) { 01667 /* 01668 * The AF_ value is in host byte order, but 01669 * the BPF interpreter will convert it to 01670 * network byte order. 01671 * 01672 * If this is a save file, and it's from a 01673 * machine with the opposite byte order to 01674 * ours, we byte-swap the AF_ value. 01675 * 01676 * Then we run it through "htonl()", and 01677 * generate code to compare against the result. 01678 */ 01679 if (bpf_pcap->sf.rfile != NULL && 01680 bpf_pcap->sf.swapped) 01681 proto = SWAPLONG(proto); 01682 proto = htonl(proto); 01683 } 01684 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 01685 01686 case DLT_PFLOG: 01687 /* 01688 * af field is host byte order in contrast to the rest of 01689 * the packet. 01690 */ 01691 if (proto == ETHERTYPE_IP) 01692 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 01693 (bpf_int32)AF_INET)); 01694 #ifdef INET6 01695 else if (proto == ETHERTYPE_IPV6) 01696 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 01697 (bpf_int32)AF_INET6)); 01698 #endif /* INET6 */ 01699 else 01700 return gen_false(); 01701 break; 01702 01703 case DLT_ARCNET: 01704 case DLT_ARCNET_LINUX: 01705 /* 01706 * XXX should we check for first fragment if the protocol 01707 * uses PHDS? 01708 */ 01709 switch (proto) { 01710 01711 default: 01712 return gen_false(); 01713 01714 #ifdef INET6 01715 case ETHERTYPE_IPV6: 01716 return (gen_cmp(off_linktype, BPF_B, 01717 (bpf_int32)ARCTYPE_INET6)); 01718 #endif /* INET6 */ 01719 01720 case ETHERTYPE_IP: 01721 b0 = gen_cmp(off_linktype, BPF_B, 01722 (bpf_int32)ARCTYPE_IP); 01723 b1 = gen_cmp(off_linktype, BPF_B, 01724 (bpf_int32)ARCTYPE_IP_OLD); 01725 gen_or(b0, b1); 01726 return (b1); 01727 01728 case ETHERTYPE_ARP: 01729 b0 = gen_cmp(off_linktype, BPF_B, 01730 (bpf_int32)ARCTYPE_ARP); 01731 b1 = gen_cmp(off_linktype, BPF_B, 01732 (bpf_int32)ARCTYPE_ARP_OLD); 01733 gen_or(b0, b1); 01734 return (b1); 01735 01736 case ETHERTYPE_REVARP: 01737 return (gen_cmp(off_linktype, BPF_B, 01738 (bpf_int32)ARCTYPE_REVARP)); 01739 01740 case ETHERTYPE_ATALK: 01741 return (gen_cmp(off_linktype, BPF_B, 01742 (bpf_int32)ARCTYPE_ATALK)); 01743 } 01744 break; 01745 01746 case DLT_LTALK: 01747 switch (proto) { 01748 case ETHERTYPE_ATALK: 01749 return gen_true(); 01750 default: 01751 return gen_false(); 01752 } 01753 break; 01754 01755 case DLT_FRELAY: 01756 /* 01757 * XXX - assumes a 2-byte Frame Relay header with 01758 * DLCI and flags. What if the address is longer? 01759 */ 01760 switch (proto) { 01761 01762 case ETHERTYPE_IP: 01763 /* 01764 * Check for the special NLPID for IP. 01765 */ 01766 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc); 01767 01768 #ifdef INET6 01769 case ETHERTYPE_IPV6: 01770 /* 01771 * Check for the special NLPID for IPv6. 01772 */ 01773 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e); 01774 #endif 01775 01776 case LLCSAP_ISONS: 01777 /* 01778 * Check for several OSI protocols. 01779 * 01780 * Frame Relay packets typically have an OSI 01781 * NLPID at the beginning; we check for each 01782 * of them. 01783 * 01784 * What we check for is the NLPID and a frame 01785 * control field of UI, i.e. 0x03 followed 01786 * by the NLPID. 01787 */ 01788 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP); 01789 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS); 01790 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS); 01791 gen_or(b1, b2); 01792 gen_or(b0, b2); 01793 return b2; 01794 01795 default: 01796 return gen_false(); 01797 } 01798 break; 01799 01800 case DLT_LINUX_IRDA: 01801 bpf_error("IrDA link-layer type filtering not implemented"); 01802 } 01803 01804 /* 01805 * All the types that have no encapsulation should either be 01806 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 01807 * all packets are IP packets, or should be handled in some 01808 * special case, if none of them are (if some are and some 01809 * aren't, the lack of encapsulation is a problem, as we'd 01810 * have to find some other way of determining the packet type). 01811 * 01812 * Therefore, if "off_linktype" is -1, there's an error. 01813 */ 01814 if (off_linktype == (u_int)-1) 01815 abort(); 01816 01817 /* 01818 * Any type not handled above should always have an Ethernet 01819 * type at an offset of "off_linktype". (PPP is partially 01820 * handled above - the protocol type is mapped from the 01821 * Ethernet and LLC types we use internally to the corresponding 01822 * PPP type - but the PPP type is always specified by a value 01823 * at "off_linktype", so we don't have to do the code generation 01824 * above.) 01825 */ 01826 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01827 } 01828 01829 /* 01830 * Check for an LLC SNAP packet with a given organization code and 01831 * protocol type; we check the entire contents of the 802.2 LLC and 01832 * snap headers, checking for DSAP and SSAP of SNAP and a control 01833 * field of 0x03 in the LLC header, and for the specified organization 01834 * code and protocol type in the SNAP header. 01835 */ 01836 static struct block * 01837 gen_snap(orgcode, ptype, offset) 01838 bpf_u_int32 orgcode; 01839 bpf_u_int32 ptype; 01840 u_int offset; 01841 { 01842 u_char snapblock[8]; 01843 01844 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 01845 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 01846 snapblock[2] = 0x03; /* control = UI */ 01847 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 01848 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 01849 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 01850 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 01851 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */ 01852 return gen_bcmp(offset, 8, snapblock); 01853 } 01854 01855 /* 01856 * Check for a given protocol value assuming an 802.2 LLC header. 01857 */ 01858 static struct block * 01859 gen_llc(proto) 01860 int proto; 01861 { 01862 /* 01863 * XXX - handle token-ring variable-length header. 01864 */ 01865 switch (proto) { 01866 01867 case LLCSAP_IP: 01868 return gen_cmp(off_linktype, BPF_H, (long) 01869 ((LLCSAP_IP << 8) | LLCSAP_IP)); 01870 01871 case LLCSAP_ISONS: 01872 return gen_cmp(off_linktype, BPF_H, (long) 01873 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01874 01875 case LLCSAP_NETBEUI: 01876 return gen_cmp(off_linktype, BPF_H, (long) 01877 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01878 01879 case LLCSAP_IPX: 01880 /* 01881 * XXX - are there ever SNAP frames for IPX on 01882 * non-Ethernet 802.x networks? 01883 */ 01884 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX); 01885 01886 case ETHERTYPE_ATALK: 01887 /* 01888 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01889 * SNAP packets with an organization code of 01890 * 0x080007 (Apple, for Appletalk) and a protocol 01891 * type of ETHERTYPE_ATALK (Appletalk). 01892 * 01893 * XXX - check for an organization code of 01894 * encapsulated Ethernet as well? 01895 */ 01896 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype); 01897 01898 default: 01899 /* 01900 * XXX - we don't have to check for IPX 802.3 01901 * here, but should we check for the IPX Ethertype? 01902 */ 01903 if (proto <= ETHERMTU) { 01904 /* 01905 * This is an LLC SAP value, so check 01906 * the DSAP. 01907 */ 01908 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto); 01909 } else { 01910 /* 01911 * This is an Ethernet type; we assume that it's 01912 * unlikely that it'll appear in the right place 01913 * at random, and therefore check only the 01914 * location that would hold the Ethernet type 01915 * in a SNAP frame with an organization code of 01916 * 0x000000 (encapsulated Ethernet). 01917 * 01918 * XXX - if we were to check for the SNAP DSAP and 01919 * LSAP, as per XXX, and were also to check for an 01920 * organization code of 0x000000 (encapsulated 01921 * Ethernet), we'd do 01922 * 01923 * return gen_snap(0x000000, proto, 01924 * off_linktype); 01925 * 01926 * here; for now, we don't, as per the above. 01927 * I don't know whether it's worth the extra CPU 01928 * time to do the right check or not. 01929 */ 01930 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto); 01931 } 01932 } 01933 } 01934 01935 static struct block * 01936 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 01937 bpf_u_int32 addr; 01938 bpf_u_int32 mask; 01939 int dir, proto; 01940 u_int src_off, dst_off; 01941 { 01942 struct block *b0, *b1; 01943 u_int offset; 01944 01945 switch (dir) { 01946 01947 case Q_SRC: 01948 offset = src_off; 01949 break; 01950 01951 case Q_DST: 01952 offset = dst_off; 01953 break; 01954 01955 case Q_AND: 01956 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 01957 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 01958 gen_and(b0, b1); 01959 return b1; 01960 01961 case Q_OR: 01962 case Q_DEFAULT: 01963 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 01964 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 01965 gen_or(b0, b1); 01966 return b1; 01967 01968 default: 01969 abort(); 01970 } 01971 b0 = gen_linktype(proto); 01972 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 01973 gen_and(b0, b1); 01974 return b1; 01975 } 01976 01977 #ifdef INET6 01978 static struct block * 01979 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 01980 struct in6_addr *addr; 01981 struct in6_addr *mask; 01982 int dir, proto; 01983 u_int src_off, dst_off; 01984 { 01985 struct block *b0, *b1; 01986 u_int offset; 01987 u_int32_t *a, *m; 01988 01989 switch (dir) { 01990 01991 case Q_SRC: 01992 offset = src_off; 01993 break; 01994 01995 case Q_DST: 01996 offset = dst_off; 01997 break; 01998 01999 case Q_AND: 02000 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 02001 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 02002 gen_and(b0, b1); 02003 return b1; 02004 02005 case Q_OR: 02006 case Q_DEFAULT: 02007 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 02008 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 02009 gen_or(b0, b1); 02010 return b1; 02011 02012 default: 02013 abort(); 02014 } 02015 /* this order is important */ 02016 a = (u_int32_t *)addr; 02017 m = (u_int32_t *)mask; 02018 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 02019 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 02020 gen_and(b0, b1); 02021 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 02022 gen_and(b0, b1); 02023 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 02024 gen_and(b0, b1); 02025 b0 = gen_linktype(proto); 02026 gen_and(b0, b1); 02027 return b1; 02028 } 02029 #endif /*INET6*/ 02030 02031 static struct block * 02032 gen_ehostop(eaddr, dir) 02033 register const u_char *eaddr; 02034 register int dir; 02035 { 02036 register struct block *b0, *b1; 02037 02038 switch (dir) { 02039 case Q_SRC: 02040 return gen_bcmp(off_mac + 6, 6, eaddr); 02041 02042 case Q_DST: 02043 return gen_bcmp(off_mac + 0, 6, eaddr); 02044 02045 case Q_AND: 02046 b0 = gen_ehostop(eaddr, Q_SRC); 02047 b1 = gen_ehostop(eaddr, Q_DST); 02048 gen_and(b0, b1); 02049 return b1; 02050 02051 case Q_DEFAULT: 02052 case Q_OR: 02053 b0 = gen_ehostop(eaddr, Q_SRC); 02054 b1 = gen_ehostop(eaddr, Q_DST); 02055 gen_or(b0, b1); 02056 return b1; 02057 } 02058 abort(); 02059 /* NOTREACHED */ 02060 } 02061 02062 /* 02063 * Like gen_ehostop, but for DLT_FDDI 02064 */ 02065 static struct block * 02066 gen_fhostop(eaddr, dir) 02067 register const u_char *eaddr; 02068 register int dir; 02069 { 02070 struct block *b0, *b1; 02071 02072 switch (dir) { 02073 case Q_SRC: 02074 #ifdef PCAP_FDDIPAD 02075 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 02076 #else 02077 return gen_bcmp(6 + 1, 6, eaddr); 02078 #endif 02079 02080 case Q_DST: 02081 #ifdef PCAP_FDDIPAD 02082 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 02083 #else 02084 return gen_bcmp(0 + 1, 6, eaddr); 02085 #endif 02086 02087 case Q_AND: 02088 b0 = gen_fhostop(eaddr, Q_SRC); 02089 b1 = gen_fhostop(eaddr, Q_DST); 02090 gen_and(b0, b1); 02091 return b1; 02092 02093 case Q_DEFAULT: 02094 case Q_OR: 02095 b0 = gen_fhostop(eaddr, Q_SRC); 02096 b1 = gen_fhostop(eaddr, Q_DST); 02097 gen_or(b0, b1); 02098 return b1; 02099 } 02100 abort(); 02101 /* NOTREACHED */ 02102 } 02103 02104 /* 02105 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 02106 */ 02107 static struct block * 02108 gen_thostop(eaddr, dir) 02109 register const u_char *eaddr; 02110 register int dir; 02111 { 02112 register struct block *b0, *b1; 02113 02114 switch (dir) { 02115 case Q_SRC: 02116 return gen_bcmp(8, 6, eaddr); 02117 02118 case Q_DST: 02119 return gen_bcmp(2, 6, eaddr); 02120 02121 case Q_AND: 02122 b0 = gen_thostop(eaddr, Q_SRC); 02123 b1 = gen_thostop(eaddr, Q_DST); 02124 gen_and(b0, b1); 02125 return b1; 02126 02127 case Q_DEFAULT: 02128 case Q_OR: 02129 b0 = gen_thostop(eaddr, Q_SRC); 02130 b1 = gen_thostop(eaddr, Q_DST); 02131 gen_or(b0, b1); 02132 return b1; 02133 } 02134 abort(); 02135 /* NOTREACHED */ 02136 } 02137 02138 /* 02139 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) 02140 */ 02141 static struct block * 02142 gen_wlanhostop(eaddr, dir) 02143 register const u_char *eaddr; 02144 register int dir; 02145 { 02146 register struct block *b0, *b1, *b2; 02147 register struct slist *s; 02148 02149 switch (dir) { 02150 case Q_SRC: 02151 /* 02152 * Oh, yuk. 02153 * 02154 * For control frames, there is no SA. 02155 * 02156 * For management frames, SA is at an 02157 * offset of 10 from the beginning of 02158 * the packet. 02159 * 02160 * For data frames, SA is at an offset 02161 * of 10 from the beginning of the packet 02162 * if From DS is clear, at an offset of 02163 * 16 from the beginning of the packet 02164 * if From DS is set and To DS is clear, 02165 * and an offset of 24 from the beginning 02166 * of the packet if From DS is set and To DS 02167 * is set. 02168 */ 02169 02170 /* 02171 * Generate the tests to be done for data frames 02172 * with From DS set. 02173 * 02174 * First, check for To DS set, i.e. check "link[1] & 0x01". 02175 */ 02176 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02177 s->s.k = 1; 02178 b1 = new_block(JMP(BPF_JSET)); 02179 b1->s.k = 0x01; /* To DS */ 02180 b1->stmts = s; 02181 02182 /* 02183 * If To DS is set, the SA is at 24. 02184 */ 02185 b0 = gen_bcmp(24, 6, eaddr); 02186 gen_and(b1, b0); 02187 02188 /* 02189 * Now, check for To DS not set, i.e. check 02190 * "!(link[1] & 0x01)". 02191 */ 02192 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02193 s->s.k = 1; 02194 b2 = new_block(JMP(BPF_JSET)); 02195 b2->s.k = 0x01; /* To DS */ 02196 b2->stmts = s; 02197 gen_not(b2); 02198 02199 /* 02200 * If To DS is not set, the SA is at 16. 02201 */ 02202 b1 = gen_bcmp(16, 6, eaddr); 02203 gen_and(b2, b1); 02204 02205 /* 02206 * Now OR together the last two checks. That gives 02207 * the complete set of checks for data frames with 02208 * From DS set. 02209 */ 02210 gen_or(b1, b0); 02211 02212 /* 02213 * Now check for From DS being set, and AND that with 02214 * the ORed-together checks. 02215 */ 02216 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02217 s->s.k = 1; 02218 b1 = new_block(JMP(BPF_JSET)); 02219 b1->s.k = 0x02; /* From DS */ 02220 b1->stmts = s; 02221 gen_and(b1, b0); 02222 02223 /* 02224 * Now check for data frames with From DS not set. 02225 */ 02226 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02227 s->s.k = 1; 02228 b2 = new_block(JMP(BPF_JSET)); 02229 b2->s.k = 0x02; /* From DS */ 02230 b2->stmts = s; 02231 gen_not(b2); 02232 02233 /* 02234 * If From DS isn't set, the SA is at 10. 02235 */ 02236 b1 = gen_bcmp(10, 6, eaddr); 02237 gen_and(b2, b1); 02238 02239 /* 02240 * Now OR together the checks for data frames with 02241 * From DS not set and for data frames with From DS 02242 * set; that gives the checks done for data frames. 02243 */ 02244 gen_or(b1, b0); 02245 02246 /* 02247 * Now check for a data frame. 02248 * I.e, check "link[0] & 0x08". 02249 */ 02250 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02251 s->s.k = 0; 02252 b1 = new_block(JMP(BPF_JSET)); 02253 b1->s.k = 0x08; 02254 b1->stmts = s; 02255 02256 /* 02257 * AND that with the checks done for data frames. 02258 */ 02259 gen_and(b1, b0); 02260 02261 /* 02262 * If the high-order bit of the type value is 0, this 02263 * is a management frame. 02264 * I.e, check "!(link[0] & 0x08)". 02265 */ 02266 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02267 s->s.k = 0; 02268 b2 = new_block(JMP(BPF_JSET)); 02269 b2->s.k = 0x08; 02270 b2->stmts = s; 02271 gen_not(b2); 02272 02273 /* 02274 * For management frames, the SA is at 10. 02275 */ 02276 b1 = gen_bcmp(10, 6, eaddr); 02277 gen_and(b2, b1); 02278 02279 /* 02280 * OR that with the checks done for data frames. 02281 * That gives the checks done for management and 02282 * data frames. 02283 */ 02284 gen_or(b1, b0); 02285 02286 /* 02287 * If the low-order bit of the type value is 1, 02288 * this is either a control frame or a frame 02289 * with a reserved type, and thus not a 02290 * frame with an SA. 02291 * 02292 * I.e., check "!(link[0] & 0x04)". 02293 */ 02294 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02295 s->s.k = 0; 02296 b1 = new_block(JMP(BPF_JSET)); 02297 b1->s.k = 0x04; 02298 b1->stmts = s; 02299 gen_not(b1); 02300 02301 /* 02302 * AND that with the checks for data and management 02303 * frames. 02304 */ 02305 gen_and(b1, b0); 02306 return b0; 02307 02308 case Q_DST: 02309 /* 02310 * Oh, yuk. 02311 * 02312 * For control frames, there is no DA. 02313 * 02314 * For management frames, DA is at an 02315 * offset of 4 from the beginning of 02316 * the packet. 02317 * 02318 * For data frames, DA is at an offset 02319 * of 4 from the beginning of the packet 02320 * if To DS is clear and at an offset of 02321 * 16 from the beginning of the packet 02322 * if To DS is set. 02323 */ 02324 02325 /* 02326 * Generate the tests to be done for data frames. 02327 * 02328 * First, check for To DS set, i.e. "link[1] & 0x01". 02329 */ 02330 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02331 s->s.k = 1; 02332 b1 = new_block(JMP(BPF_JSET)); 02333 b1->s.k = 0x01; /* To DS */ 02334 b1->stmts = s; 02335 02336 /* 02337 * If To DS is set, the DA is at 16. 02338 */ 02339 b0 = gen_bcmp(16, 6, eaddr); 02340 gen_and(b1, b0); 02341 02342 /* 02343 * Now, check for To DS not set, i.e. check 02344 * "!(link[1] & 0x01)". 02345 */ 02346 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02347 s->s.k = 1; 02348 b2 = new_block(JMP(BPF_JSET)); 02349 b2->s.k = 0x01; /* To DS */ 02350 b2->stmts = s; 02351 gen_not(b2); 02352 02353 /* 02354 * If To DS is not set, the DA is at 4. 02355 */ 02356 b1 = gen_bcmp(4, 6, eaddr); 02357 gen_and(b2, b1); 02358 02359 /* 02360 * Now OR together the last two checks. That gives 02361 * the complete set of checks for data frames. 02362 */ 02363 gen_or(b1, b0); 02364 02365 /* 02366 * Now check for a data frame. 02367 * I.e, check "link[0] & 0x08". 02368 */ 02369 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02370 s->s.k = 0; 02371 b1 = new_block(JMP(BPF_JSET)); 02372 b1->s.k = 0x08; 02373 b1->stmts = s; 02374 02375 /* 02376 * AND that with the checks done for data frames. 02377 */ 02378 gen_and(b1, b0); 02379 02380 /* 02381 * If the high-order bit of the type value is 0, this 02382 * is a management frame. 02383 * I.e, check "!(link[0] & 0x08)". 02384 */ 02385 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02386 s->s.k = 0; 02387 b2 = new_block(JMP(BPF_JSET)); 02388 b2->s.k = 0x08; 02389 b2->stmts = s; 02390 gen_not(b2); 02391 02392 /* 02393 * For management frames, the DA is at 4. 02394 */ 02395 b1 = gen_bcmp(4, 6, eaddr); 02396 gen_and(b2, b1); 02397 02398 /* 02399 * OR that with the checks done for data frames. 02400 * That gives the checks done for management and 02401 * data frames. 02402 */ 02403 gen_or(b1, b0); 02404 02405 /* 02406 * If the low-order bit of the type value is 1, 02407 * this is either a control frame or a frame 02408 * with a reserved type, and thus not a 02409 * frame with an SA. 02410 * 02411 * I.e., check "!(link[0] & 0x04)". 02412 */ 02413 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02414 s->s.k = 0; 02415 b1 = new_block(JMP(BPF_JSET)); 02416 b1->s.k = 0x04; 02417 b1->stmts = s; 02418 gen_not(b1); 02419 02420 /* 02421 * AND that with the checks for data and management 02422 * frames. 02423 */ 02424 gen_and(b1, b0); 02425 return b0; 02426 02427 case Q_AND: 02428 b0 = gen_wlanhostop(eaddr, Q_SRC); 02429 b1 = gen_wlanhostop(eaddr, Q_DST); 02430 gen_and(b0, b1); 02431 return b1; 02432 02433 case Q_DEFAULT: 02434 case Q_OR: 02435 b0 = gen_wlanhostop(eaddr, Q_SRC); 02436 b1 = gen_wlanhostop(eaddr, Q_DST); 02437 gen_or(b0, b1); 02438 return b1; 02439 } 02440 abort(); 02441 /* NOTREACHED */ 02442 } 02443 02444 /* 02445 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel. 02446 * (We assume that the addresses are IEEE 48-bit MAC addresses, 02447 * as the RFC states.) 02448 */ 02449 static struct block * 02450 gen_ipfchostop(eaddr, dir) 02451 register const u_char *eaddr; 02452 register int dir; 02453 { 02454 register struct block *b0, *b1; 02455 02456 switch (dir) { 02457 case Q_SRC: 02458 return gen_bcmp(10, 6, eaddr); 02459 02460 case Q_DST: 02461 return gen_bcmp(2, 6, eaddr); 02462 02463 case Q_AND: 02464 b0 = gen_ipfchostop(eaddr, Q_SRC); 02465 b1 = gen_ipfchostop(eaddr, Q_DST); 02466 gen_and(b0, b1); 02467 return b1; 02468 02469 case Q_DEFAULT: 02470 case Q_OR: 02471 b0 = gen_ipfchostop(eaddr, Q_SRC); 02472 b1 = gen_ipfchostop(eaddr, Q_DST); 02473 gen_or(b0, b1); 02474 return b1; 02475 } 02476 abort(); 02477 /* NOTREACHED */ 02478 } 02479 02480 /* 02481 * This is quite tricky because there may be pad bytes in front of the 02482 * DECNET header, and then there are two possible data packet formats that 02483 * carry both src and dst addresses, plus 5 packet types in a format that 02484 * carries only the src node, plus 2 types that use a different format and 02485 * also carry just the src node. 02486 * 02487 * Yuck. 02488 * 02489 * Instead of doing those all right, we just look for data packets with 02490 * 0 or 1 bytes of padding. If you want to look at other packets, that 02491 * will require a lot more hacking. 02492 * 02493 * To add support for filtering on DECNET "areas" (network numbers) 02494 * one would want to add a "mask" argument to this routine. That would 02495 * make the filter even more inefficient, although one could be clever 02496 * and not generate masking instructions if the mask is 0xFFFF. 02497 */ 02498 static struct block * 02499 gen_dnhostop(addr, dir, base_off) 02500 bpf_u_int32 addr; 02501 int dir; 02502 u_int base_off; 02503 { 02504 struct block *b0, *b1, *b2, *tmp; 02505 u_int offset_lh; /* offset if long header is received */ 02506 u_int offset_sh; /* offset if short header is received */ 02507 02508 switch (dir) { 02509 02510 case Q_DST: 02511 offset_sh = 1; /* follows flags */ 02512 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 02513 break; 02514 02515 case Q_SRC: 02516 offset_sh = 3; /* follows flags, dstnode */ 02517 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 02518 break; 02519 02520 case Q_AND: 02521 /* Inefficient because we do our Calvinball dance twice */ 02522 b0 = gen_dnhostop(addr, Q_SRC, base_off); 02523 b1 = gen_dnhostop(addr, Q_DST, base_off); 02524 gen_and(b0, b1); 02525 return b1; 02526 02527 case Q_OR: 02528 case Q_DEFAULT: 02529 /* Inefficient because we do our Calvinball dance twice */ 02530 b0 = gen_dnhostop(addr, Q_SRC, base_off); 02531 b1 = gen_dnhostop(addr, Q_DST, base_off); 02532 gen_or(b0, b1); 02533 return b1; 02534 02535 case Q_ISO: 02536 bpf_error("ISO host filtering not implemented"); 02537 02538 default: 02539 abort(); 02540 } 02541 b0 = gen_linktype(ETHERTYPE_DN); 02542 /* Check for pad = 1, long header case */ 02543 tmp = gen_mcmp(base_off + 2, BPF_H, 02544 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 02545 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 02546 BPF_H, (bpf_int32)ntohs(addr)); 02547 gen_and(tmp, b1); 02548 /* Check for pad = 0, long header case */ 02549 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 02550 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 02551 gen_and(tmp, b2); 02552 gen_or(b2, b1); 02553 /* Check for pad = 1, short header case */ 02554 tmp = gen_mcmp(base_off + 2, BPF_H, 02555 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 02556 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 02557 BPF_H, (bpf_int32)ntohs(addr)); 02558 gen_and(tmp, b2); 02559 gen_or(b2, b1); 02560 /* Check for pad = 0, short header case */ 02561 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 02562 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 02563 gen_and(tmp, b2); 02564 gen_or(b2, b1); 02565 02566 /* Combine with test for linktype */ 02567 gen_and(b0, b1); 02568 return b1; 02569 } 02570 02571 static struct block * 02572 gen_host(addr, mask, proto, dir) 02573 bpf_u_int32 addr; 02574 bpf_u_int32 mask; 02575 int proto; 02576 int dir; 02577 { 02578 struct block *b0, *b1; 02579 02580 switch (proto) { 02581 02582 case Q_DEFAULT: 02583 b0 = gen_host(addr, mask, Q_IP, dir); 02584 if (off_linktype != (u_int)-1) { 02585 b1 = gen_host(addr, mask, Q_ARP, dir); 02586 gen_or(b0, b1); 02587 b0 = gen_host(addr, mask, Q_RARP, dir); 02588 gen_or(b1, b0); 02589 } 02590 return b0; 02591 02592 case Q_IP: 02593 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 02594 off_nl + 12, off_nl + 16); 02595 02596 case Q_RARP: 02597 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 02598 off_nl + 14, off_nl + 24); 02599 02600 case Q_ARP: 02601 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 02602 off_nl + 14, off_nl + 24); 02603 02604 case Q_TCP: 02605 bpf_error("'tcp' modifier applied to host"); 02606 02607 case Q_SCTP: 02608 bpf_error("'sctp' modifier applied to host"); 02609 02610 case Q_UDP: 02611 bpf_error("'udp' modifier applied to host"); 02612 02613 case Q_ICMP: 02614 bpf_error("'icmp' modifier applied to host"); 02615 02616 case Q_IGMP: 02617 bpf_error("'igmp' modifier applied to host"); 02618 02619 case Q_IGRP: 02620 bpf_error("'igrp' modifier applied to host"); 02621 02622 case Q_PIM: 02623 bpf_error("'pim' modifier applied to host"); 02624 02625 case Q_VRRP: 02626 bpf_error("'vrrp' modifier applied to host"); 02627 02628 case Q_ATALK: 02629 bpf_error("ATALK host filtering not implemented"); 02630 02631 case Q_AARP: 02632 bpf_error("AARP host filtering not implemented"); 02633 02634 case Q_DECNET: 02635 return gen_dnhostop(addr, dir, off_nl); 02636 02637 case Q_SCA: 02638 bpf_error("SCA host filtering not implemented"); 02639 02640 case Q_LAT: 02641 bpf_error("LAT host filtering not implemented"); 02642 02643 case Q_MOPDL: 02644 bpf_error("MOPDL host filtering not implemented"); 02645 02646 case Q_MOPRC: 02647 bpf_error("MOPRC host filtering not implemented"); 02648 02649 #ifdef INET6 02650 case Q_IPV6: 02651 bpf_error("'ip6' modifier applied to ip host"); 02652 02653 case Q_ICMPV6: 02654 bpf_error("'icmp6' modifier applied to host"); 02655 #endif /* INET6 */ 02656 02657 case Q_AH: 02658 bpf_error("'ah' modifier applied to host"); 02659 02660 case Q_ESP: 02661 bpf_error("'esp' modifier applied to host"); 02662 02663 case Q_ISO: 02664 bpf_error("ISO host filtering not implemented"); 02665 02666 case Q_ESIS: 02667 bpf_error("'esis' modifier applied to host"); 02668 02669 case Q_ISIS: 02670 bpf_error("'isis' modifier applied to host"); 02671 02672 case Q_CLNP: 02673 bpf_error("'clnp' modifier applied to host"); 02674 02675 case Q_STP: 02676 bpf_error("'stp' modifier applied to host"); 02677 02678 case Q_IPX: 02679 bpf_error("IPX host filtering not implemented"); 02680 02681 case Q_NETBEUI: 02682 bpf_error("'netbeui' modifier applied to host"); 02683 02684 default: 02685 abort(); 02686 } 02687 /* NOTREACHED */ 02688 } 02689 02690 #ifdef INET6 02691 static struct block * 02692 gen_host6(addr, mask, proto, dir) 02693 struct in6_addr *addr; 02694 struct in6_addr *mask; 02695 int proto; 02696 int dir; 02697 { 02698 switch (proto) { 02699 02700 case Q_DEFAULT: 02701 return gen_host6(addr, mask, Q_IPV6, dir); 02702 02703 case Q_IP: 02704 bpf_error("'ip' modifier applied to ip6 host"); 02705 02706 case Q_RARP: 02707 bpf_error("'rarp' modifier applied to ip6 host"); 02708 02709 case Q_ARP: 02710 bpf_error("'arp' modifier applied to ip6 host"); 02711 02712 case Q_SCTP: 02713 bpf_error("'sctp' modifier applied to host"); 02714 02715 case Q_TCP: 02716 bpf_error("'tcp' modifier applied to host"); 02717 02718 case Q_UDP: 02719 bpf_error("'udp' modifier applied to host"); 02720 02721 case Q_ICMP: 02722 bpf_error("'icmp' modifier applied to host"); 02723 02724 case Q_IGMP: 02725 bpf_error("'igmp' modifier applied to host"); 02726 02727 case Q_IGRP: 02728 bpf_error("'igrp' modifier applied to host"); 02729 02730 case Q_PIM: 02731 bpf_error("'pim' modifier applied to host"); 02732 02733 case Q_VRRP: 02734 bpf_error("'vrrp' modifier applied to host"); 02735 02736 case Q_ATALK: 02737 bpf_error("ATALK host filtering not implemented"); 02738 02739 case Q_AARP: 02740 bpf_error("AARP host filtering not implemented"); 02741 02742 case Q_DECNET: 02743 bpf_error("'decnet' modifier applied to ip6 host"); 02744 02745 case Q_SCA: 02746 bpf_error("SCA host filtering not implemented"); 02747 02748 case Q_LAT: 02749 bpf_error("LAT host filtering not implemented"); 02750 02751 case Q_MOPDL: 02752 bpf_error("MOPDL host filtering not implemented"); 02753 02754 case Q_MOPRC: 02755 bpf_error("MOPRC host filtering not implemented"); 02756 02757 case Q_IPV6: 02758 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 02759 off_nl + 8, off_nl + 24); 02760 02761 case Q_ICMPV6: 02762 bpf_error("'icmp6' modifier applied to host"); 02763 02764 case Q_AH: 02765 bpf_error("'ah' modifier applied to host"); 02766 02767 case Q_ESP: 02768 bpf_error("'esp' modifier applied to host"); 02769 02770 case Q_ISO: 02771 bpf_error("ISO host filtering not implemented"); 02772 02773 case Q_ESIS: 02774 bpf_error("'esis' modifier applied to host"); 02775 02776 case Q_ISIS: 02777 bpf_error("'isis' modifier applied to host"); 02778 02779 case Q_CLNP: 02780 bpf_error("'clnp' modifier applied to host"); 02781 02782 case Q_STP: 02783 bpf_error("'stp' modifier applied to host"); 02784 02785 case Q_IPX: 02786 bpf_error("IPX host filtering not implemented"); 02787 02788 case Q_NETBEUI: 02789 bpf_error("'netbeui' modifier applied to host"); 02790 02791 default: 02792 abort(); 02793 } 02794 /* NOTREACHED */ 02795 } 02796 #endif /*INET6*/ 02797 02798 #ifndef INET6 02799 static struct block * 02800 gen_gateway(eaddr, alist, proto, dir) 02801 const u_char *eaddr; 02802 bpf_u_int32 **alist; 02803 int proto; 02804 int dir; 02805 { 02806 struct block *b0, *b1, *tmp; 02807 02808 if (dir != 0) 02809 bpf_error("direction applied to 'gateway'"); 02810 02811 switch (proto) { 02812 case Q_DEFAULT: 02813 case Q_IP: 02814 case Q_ARP: 02815 case Q_RARP: 02816 if (linktype == DLT_EN10MB) 02817 b0 = gen_ehostop(eaddr, Q_OR); 02818 else if (linktype == DLT_FDDI) 02819 b0 = gen_fhostop(eaddr, Q_OR); 02820 else if (linktype == DLT_IEEE802) 02821 b0 = gen_thostop(eaddr, Q_OR); 02822 else if (linktype == DLT_IEEE802_11) 02823 b0 = gen_wlanhostop(eaddr, Q_OR); 02824 else if (linktype == DLT_SUNATM && is_lane) { 02825 /* 02826 * Check that the packet doesn't begin with an 02827 * LE Control marker. (We've already generated 02828 * a test for LANE.) 02829 */ 02830 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 02831 gen_not(b1); 02832 02833 /* 02834 * Now check the MAC address. 02835 */ 02836 b0 = gen_ehostop(eaddr, Q_OR); 02837 gen_and(b1, b0); 02838 } else if (linktype == DLT_IP_OVER_FC) 02839 b0 = gen_ipfchostop(eaddr, Q_OR); 02840 else 02841 bpf_error( 02842 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel"); 02843 02844 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 02845 while (*alist) { 02846 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 02847 gen_or(b1, tmp); 02848 b1 = tmp; 02849 } 02850 gen_not(b1); 02851 gen_and(b0, b1); 02852 return b1; 02853 } 02854 bpf_error("illegal modifier of 'gateway'"); 02855 /* NOTREACHED */ 02856 } 02857 #endif 02858 02859 struct block * 02860 gen_proto_abbrev(proto) 02861 int proto; 02862 { 02863 struct block *b0; 02864 struct block *b1; 02865 02866 switch (proto) { 02867 02868 case Q_SCTP: 02869 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 02870 #ifdef INET6 02871 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 02872 gen_or(b0, b1); 02873 #endif 02874 break; 02875 02876 case Q_TCP: 02877 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 02878 #ifdef INET6 02879 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 02880 gen_or(b0, b1); 02881 #endif 02882 break; 02883 02884 case Q_UDP: 02885 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 02886 #ifdef INET6 02887 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 02888 gen_or(b0, b1); 02889 #endif 02890 break; 02891 02892 case Q_ICMP: 02893 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 02894 break; 02895 02896 #ifndef IPPROTO_IGMP 02897 #define IPPROTO_IGMP 2 02898 #endif 02899 02900 case Q_IGMP: 02901 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 02902 break; 02903 02904 #ifndef IPPROTO_IGRP 02905 #define IPPROTO_IGRP 9 02906 #endif 02907 case Q_IGRP: 02908 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 02909 break; 02910 02911 #ifndef IPPROTO_PIM 02912 #define IPPROTO_PIM 103 02913 #endif 02914 02915 case Q_PIM: 02916 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 02917 #ifdef INET6 02918 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 02919 gen_or(b0, b1); 02920 #endif 02921 break; 02922 02923 #ifndef IPPROTO_VRRP 02924 #define IPPROTO_VRRP 112 02925 #endif 02926 02927 case Q_VRRP: 02928 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 02929 break; 02930 02931 case Q_IP: 02932 b1 = gen_linktype(ETHERTYPE_IP); 02933 break; 02934 02935 case Q_ARP: 02936 b1 = gen_linktype(ETHERTYPE_ARP); 02937 break; 02938 02939 case Q_RARP: 02940 b1 = gen_linktype(ETHERTYPE_REVARP); 02941 break; 02942 02943 case Q_LINK: 02944 bpf_error("link layer applied in wrong context"); 02945 02946 case Q_ATALK: 02947 b1 = gen_linktype(ETHERTYPE_ATALK); 02948 break; 02949 02950 case Q_AARP: 02951 b1 = gen_linktype(ETHERTYPE_AARP); 02952 break; 02953 02954 case Q_DECNET: 02955 b1 = gen_linktype(ETHERTYPE_DN); 02956 break; 02957 02958 case Q_SCA: 02959 b1 = gen_linktype(ETHERTYPE_SCA); 02960 break; 02961 02962 case Q_LAT: 02963 b1 = gen_linktype(ETHERTYPE_LAT); 02964 break; 02965 02966 case Q_MOPDL: 02967 b1 = gen_linktype(ETHERTYPE_MOPDL); 02968 break; 02969 02970 case Q_MOPRC: 02971 b1 = gen_linktype(ETHERTYPE_MOPRC); 02972 break; 02973 02974 #ifdef INET6 02975 case Q_IPV6: 02976 b1 = gen_linktype(ETHERTYPE_IPV6); 02977 break; 02978 02979 #ifndef IPPROTO_ICMPV6 02980 #define IPPROTO_ICMPV6 58 02981 #endif 02982 case Q_ICMPV6: 02983 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 02984 break; 02985 #endif /* INET6 */ 02986 02987 #ifndef IPPROTO_AH 02988 #define IPPROTO_AH 51 02989 #endif 02990 case Q_AH: 02991 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 02992 #ifdef INET6 02993 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 02994 gen_or(b0, b1); 02995 #endif 02996 break; 02997 02998 #ifndef IPPROTO_ESP 02999 #define IPPROTO_ESP 50 03000 #endif 03001 case Q_ESP: 03002 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 03003 #ifdef INET6 03004 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 03005 gen_or(b0, b1); 03006 #endif 03007 break; 03008 03009 case Q_ISO: 03010 b1 = gen_linktype(LLCSAP_ISONS); 03011 break; 03012 03013 case Q_ESIS: 03014 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 03015 break; 03016 03017 case Q_ISIS: 03018 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 03019 break; 03020 03021 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */ 03022 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 03023 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 03024 gen_or(b0, b1); 03025 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 03026 gen_or(b0, b1); 03027 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 03028 gen_or(b0, b1); 03029 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 03030 gen_or(b0, b1); 03031 break; 03032 03033 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */ 03034 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 03035 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 03036 gen_or(b0, b1); 03037 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 03038 gen_or(b0, b1); 03039 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 03040 gen_or(b0, b1); 03041 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 03042 gen_or(b0, b1); 03043 break; 03044 03045 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */ 03046 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 03047 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 03048 gen_or(b0, b1); 03049 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); 03050 gen_or(b0, b1); 03051 break; 03052 03053 case Q_ISIS_LSP: 03054 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 03055 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 03056 gen_or(b0, b1); 03057 break; 03058 03059 case Q_ISIS_SNP: 03060 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 03061 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 03062 gen_or(b0, b1); 03063 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 03064 gen_or(b0, b1); 03065 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 03066 gen_or(b0, b1); 03067 break; 03068 03069 case Q_ISIS_CSNP: 03070 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 03071 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 03072 gen_or(b0, b1); 03073 break; 03074 03075 case Q_ISIS_PSNP: 03076 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 03077 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 03078 gen_or(b0, b1); 03079 break; 03080 03081 case Q_CLNP: 03082 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 03083 break; 03084 03085 case Q_STP: 03086 b1 = gen_linktype(LLCSAP_8021D); 03087 break; 03088 03089 case Q_IPX: 03090 b1 = gen_linktype(LLCSAP_IPX); 03091 break; 03092 03093 case Q_NETBEUI: 03094 b1 = gen_linktype(LLCSAP_NETBEUI); 03095 break; 03096 03097 default: 03098 abort(); 03099 } 03100 return b1; 03101 } 03102 03103 static struct block * 03104 gen_ipfrag() 03105 { 03106 struct slist *s; 03107 struct block *b; 03108 03109 /* not ip frag */ 03110 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 03111 s->s.k = off_nl + 6; 03112 b = new_block(JMP(BPF_JSET)); 03113 b->s.k = 0x1fff; 03114 b->stmts = s; 03115 gen_not(b); 03116 03117 return b; 03118 } 03119 03120 static struct block * 03121 gen_portatom(off, v) 03122 int off; 03123 bpf_int32 v; 03124 { 03125 struct slist *s; 03126 struct block *b; 03127 03128 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 03129 s->s.k = off_nl; 03130 03131 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 03132 s->next->s.k = off_nl + off; 03133 03134 b = new_block(JMP(BPF_JEQ)); 03135 b->stmts = s; 03136 b->s.k = v; 03137 03138 return b; 03139 } 03140 03141 #ifdef INET6 03142 static struct block * 03143 gen_portatom6(off, v) 03144 int off; 03145 bpf_int32 v; 03146 { 03147 return gen_cmp(off_nl + 40 + off, BPF_H, v); 03148 } 03149 #endif/*INET6*/ 03150 03151 struct block * 03152 gen_portop(port, proto, dir) 03153 int port, proto, dir; 03154 { 03155 struct block *b0, *b1, *tmp; 03156 03157 /* ip proto 'proto' */ 03158 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 03159 b0 = gen_ipfrag(); 03160 gen_and(tmp, b0); 03161 03162 switch (dir) { 03163 case Q_SRC: 03164 b1 = gen_portatom(0, (bpf_int32)port); 03165 break; 03166 03167 case Q_DST: 03168 b1 = gen_portatom(2, (bpf_int32)port); 03169 break; 03170 03171 case Q_OR: 03172 case Q_DEFAULT: 03173 tmp = gen_portatom(0, (bpf_int32)port); 03174 b1 = gen_portatom(2, (bpf_int32)port); 03175 gen_or(tmp, b1); 03176 break; 03177 03178 case Q_AND: 03179 tmp = gen_portatom(0, (bpf_int32)port); 03180 b1 = gen_portatom(2, (bpf_int32)port); 03181 gen_and(tmp, b1); 03182 break; 03183 03184 default: 03185 abort(); 03186 } 03187 gen_and(b0, b1); 03188 03189 return b1; 03190 } 03191 03192 static struct block * 03193 gen_port(port, ip_proto, dir) 03194 int port; 03195 int ip_proto; 03196 int dir; 03197 { 03198 struct block *b0, *b1, *tmp; 03199 03200 /* 03201 * ether proto ip 03202 * 03203 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 03204 * not LLC encapsulation with LLCSAP_IP. 03205 * 03206 * For IEEE 802 networks - which includes 802.5 token ring 03207 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 03208 * says that SNAP encapsulation is used, not LLC encapsulation 03209 * with LLCSAP_IP. 03210 * 03211 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 03212 * RFC 2225 say that SNAP encapsulation is used, not LLC 03213 * encapsulation with LLCSAP_IP. 03214 * 03215 * So we always check for ETHERTYPE_IP. 03216 */ 03217 b0 = gen_linktype(ETHERTYPE_IP); 03218 03219 switch (ip_proto) { 03220 case IPPROTO_UDP: 03221 case IPPROTO_TCP: 03222 case IPPROTO_SCTP: 03223 b1 = gen_portop(port, ip_proto, dir); 03224 break; 03225 03226 case PROTO_UNDEF: 03227 tmp = gen_portop(port, IPPROTO_TCP, dir); 03228 b1 = gen_portop(port, IPPROTO_UDP, dir); 03229 gen_or(tmp, b1); 03230 tmp = gen_portop(port, IPPROTO_SCTP, dir); 03231 gen_or(tmp, b1); 03232 break; 03233 03234 default: 03235 abort(); 03236 } 03237 gen_and(b0, b1); 03238 return b1; 03239 } 03240 03241 #ifdef INET6 03242 struct block * 03243 gen_portop6(port, proto, dir) 03244 int port, proto, dir; 03245 { 03246 struct block *b0, *b1, *tmp; 03247 03248 /* ip proto 'proto' */ 03249 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 03250 03251 switch (dir) { 03252 case Q_SRC: 03253 b1 = gen_portatom6(0, (bpf_int32)port); 03254 break; 03255 03256 case Q_DST: 03257 b1 = gen_portatom6(2, (bpf_int32)port); 03258 break; 03259 03260 case Q_OR: 03261 case Q_DEFAULT: 03262 tmp = gen_portatom6(0, (bpf_int32)port); 03263 b1 = gen_portatom6(2, (bpf_int32)port); 03264 gen_or(tmp, b1); 03265 break; 03266 03267 case Q_AND: 03268 tmp = gen_portatom6(0, (bpf_int32)port); 03269 b1 = gen_portatom6(2, (bpf_int32)port); 03270 gen_and(tmp, b1); 03271 break; 03272 03273 default: 03274 abort(); 03275 } 03276 gen_and(b0, b1); 03277 03278 return b1; 03279 } 03280 03281 static struct block * 03282 gen_port6(port, ip_proto, dir) 03283 int port; 03284 int ip_proto; 03285 int dir; 03286 { 03287 struct block *b0, *b1, *tmp; 03288 03289 /* ether proto ip */ 03290 b0 = gen_linktype(ETHERTYPE_IPV6); 03291 03292 switch (ip_proto) { 03293 case IPPROTO_UDP: 03294 case IPPROTO_TCP: 03295 case IPPROTO_SCTP: 03296 b1 = gen_portop6(port, ip_proto, dir); 03297 break; 03298 03299 case PROTO_UNDEF: 03300 tmp = gen_portop6(port, IPPROTO_TCP, dir); 03301 b1 = gen_portop6(port, IPPROTO_UDP, dir); 03302 gen_or(tmp, b1); 03303 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 03304 gen_or(tmp, b1); 03305 break; 03306 03307 default: 03308 abort(); 03309 } 03310 gen_and(b0, b1); 03311 return b1; 03312 } 03313 #endif /* INET6 */ 03314 03315 static int 03316 lookup_proto(name, proto) 03317 register const char *name; 03318 register int proto; 03319 { 03320 register int v; 03321 03322 switch (proto) { 03323 03324 case Q_DEFAULT: 03325 case Q_IP: 03326 case Q_IPV6: 03327 v = pcap_nametoproto(name); 03328 if (v == PROTO_UNDEF) 03329 bpf_error("unknown ip proto '%s'", name); 03330 break; 03331 03332 case Q_LINK: 03333 /* XXX should look up h/w protocol type based on linktype */ 03334 v = pcap_nametoeproto(name); 03335 if (v == PROTO_UNDEF) 03336 bpf_error("unknown ether proto '%s'", name); 03337 break; 03338 03339 case Q_ISO: 03340 if (strcmp(name, "esis") == 0) 03341 v = ISO9542_ESIS; 03342 else if (strcmp(name, "isis") == 0) 03343 v = ISO10589_ISIS; 03344 else if (strcmp(name, "clnp") == 0) 03345 v = ISO8473_CLNP; 03346 else 03347 bpf_error("unknown osi proto '%s'", name); 03348 break; 03349 03350 default: 03351 v = PROTO_UNDEF; 03352 break; 03353 } 03354 return v; 03355 } 03356 03357 #if 0 03358 struct stmt * 03359 gen_joinsp(s, n) 03360 struct stmt **s; 03361 int n; 03362 { 03363 return NULL; 03364 } 03365 #endif 03366 03367 static struct block * 03368 gen_protochain(v, proto, dir) 03369 int v; 03370 int proto; 03371 int dir; 03372 { 03373 #ifdef NO_PROTOCHAIN 03374 return gen_proto(v, proto, dir); 03375 #else 03376 struct block *b0, *b; 03377 struct slist *s[100]; 03378 int fix2, fix3, fix4, fix5; 03379 int ahcheck, again, end; 03380 int i, max; 03381 int reg2 = alloc_reg(); 03382 03383 memset(s, 0, sizeof(s)); 03384 fix2 = fix3 = fix4 = fix5 = 0; 03385 03386 switch (proto) { 03387 case Q_IP: 03388 case Q_IPV6: 03389 break; 03390 case Q_DEFAULT: 03391 b0 = gen_protochain(v, Q_IP, dir); 03392 b = gen_protochain(v, Q_IPV6, dir); 03393 gen_or(b0, b); 03394 return b; 03395 default: 03396 bpf_error("bad protocol applied for 'protochain'"); 03397 /*NOTREACHED*/ 03398 } 03399 03400 no_optimize = 1; /*this code is not compatible with optimzer yet */ 03401 03402 /* 03403 * s[0] is a dummy entry to protect other BPF insn from damaged 03404 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 03405 * hard to find interdependency made by jump table fixup. 03406 */ 03407 i = 0; 03408 s[i] = new_stmt(0); /*dummy*/ 03409 i++; 03410 03411 switch (proto) { 03412 case Q_IP: 03413 b0 = gen_linktype(ETHERTYPE_IP); 03414 03415 /* A = ip->ip_p */ 03416 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 03417 s[i]->s.k = off_nl + 9; 03418 i++; 03419 /* X = ip->ip_hl << 2 */ 03420 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 03421 s[i]->s.k = off_nl; 03422 i++; 03423 break; 03424 #ifdef INET6 03425 case Q_IPV6: 03426 b0 = gen_linktype(ETHERTYPE_IPV6); 03427 03428 /* A = ip6->ip_nxt */ 03429 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 03430 s[i]->s.k = off_nl + 6; 03431 i++; 03432 /* X = sizeof(struct ip6_hdr) */ 03433 s[i] = new_stmt(BPF_LDX|BPF_IMM); 03434 s[i]->s.k = 40; 03435 i++; 03436 break; 03437 #endif 03438 default: 03439 bpf_error("unsupported proto to gen_protochain"); 03440 /*NOTREACHED*/ 03441 } 03442 03443 /* again: if (A == v) goto end; else fall through; */ 03444 again = i; 03445 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03446 s[i]->s.k = v; 03447 s[i]->s.jt = NULL; /*later*/ 03448 s[i]->s.jf = NULL; /*update in next stmt*/ 03449 fix5 = i; 03450 i++; 03451 03452 #ifndef IPPROTO_NONE 03453 #define IPPROTO_NONE 59 03454 #endif 03455 /* if (A == IPPROTO_NONE) goto end */ 03456 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03457 s[i]->s.jt = NULL; /*later*/ 03458 s[i]->s.jf = NULL; /*update in next stmt*/ 03459 s[i]->s.k = IPPROTO_NONE; 03460 s[fix5]->s.jf = s[i]; 03461 fix2 = i; 03462 i++; 03463 03464 #ifdef INET6 03465 if (proto == Q_IPV6) { 03466 int v6start, v6end, v6advance, j; 03467 03468 v6start = i; 03469 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 03470 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03471 s[i]->s.jt = NULL; /*later*/ 03472 s[i]->s.jf = NULL; /*update in next stmt*/ 03473 s[i]->s.k = IPPROTO_HOPOPTS; 03474 s[fix2]->s.jf = s[i]; 03475 i++; 03476 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 03477 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03478 s[i]->s.jt = NULL; /*later*/ 03479 s[i]->s.jf = NULL; /*update in next stmt*/ 03480 s[i]->s.k = IPPROTO_DSTOPTS; 03481 i++; 03482 /* if (A == IPPROTO_ROUTING) goto v6advance */ 03483 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03484 s[i]->s.jt = NULL; /*later*/ 03485 s[i]->s.jf = NULL; /*update in next stmt*/ 03486 s[i]->s.k = IPPROTO_ROUTING; 03487 i++; 03488 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 03489 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03490 s[i]->s.jt = NULL; /*later*/ 03491 s[i]->s.jf = NULL; /*later*/ 03492 s[i]->s.k = IPPROTO_FRAGMENT; 03493 fix3 = i; 03494 v6end = i; 03495 i++; 03496 03497 /* v6advance: */ 03498 v6advance = i; 03499 03500 /* 03501 * in short, 03502 * A = P[X]; 03503 * X = X + (P[X + 1] + 1) * 8; 03504 */ 03505 /* A = X */ 03506 s[i] = new_stmt(BPF_MISC|BPF_TXA); 03507 i++; 03508 /* A = P[X + packet head] */ 03509 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03510 s[i]->s.k = off_nl; 03511 i++; 03512 /* MEM[reg2] = A */ 03513 s[i] = new_stmt(BPF_ST); 03514 s[i]->s.k = reg2; 03515 i++; 03516 /* A = X */ 03517 s[i] = new_stmt(BPF_MISC|BPF_TXA); 03518 i++; 03519 /* A += 1 */ 03520 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03521 s[i]->s.k = 1; 03522 i++; 03523 /* X = A */ 03524 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03525 i++; 03526 /* A = P[X + packet head]; */ 03527 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03528 s[i]->s.k = off_nl; 03529 i++; 03530 /* A += 1 */ 03531 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03532 s[i]->s.k = 1; 03533 i++; 03534 /* A *= 8 */ 03535 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 03536 s[i]->s.k = 8; 03537 i++; 03538 /* X = A; */ 03539 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03540 i++; 03541 /* A = MEM[reg2] */ 03542 s[i] = new_stmt(BPF_LD|BPF_MEM); 03543 s[i]->s.k = reg2; 03544 i++; 03545 03546 /* goto again; (must use BPF_JA for backward jump) */ 03547 s[i] = new_stmt(BPF_JMP|BPF_JA); 03548 s[i]->s.k = again - i - 1; 03549 s[i - 1]->s.jf = s[i]; 03550 i++; 03551 03552 /* fixup */ 03553 for (j = v6start; j <= v6end; j++) 03554 s[j]->s.jt = s[v6advance]; 03555 } else 03556 #endif 03557 { 03558 /* nop */ 03559 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03560 s[i]->s.k = 0; 03561 s[fix2]->s.jf = s[i]; 03562 i++; 03563 } 03564 03565 /* ahcheck: */ 03566 ahcheck = i; 03567 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 03568 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03569 s[i]->s.jt = NULL; /*later*/ 03570 s[i]->s.jf = NULL; /*later*/ 03571 s[i]->s.k = IPPROTO_AH; 03572 if (fix3) 03573 s[fix3]->s.jf = s[ahcheck]; 03574 fix4 = i; 03575 i++; 03576 03577 /* 03578 * in short, 03579 * A = P[X]; 03580 * X = X + (P[X + 1] + 2) * 4; 03581 */ 03582 /* A = X */ 03583 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 03584 i++; 03585 /* A = P[X + packet head]; */ 03586 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03587 s[i]->s.k = off_nl; 03588 i++; 03589 /* MEM[reg2] = A */ 03590 s[i] = new_stmt(BPF_ST); 03591 s[i]->s.k = reg2; 03592 i++; 03593 /* A = X */ 03594 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 03595 i++; 03596 /* A += 1 */ 03597 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03598 s[i]->s.k = 1; 03599 i++; 03600 /* X = A */ 03601 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03602 i++; 03603 /* A = P[X + packet head] */ 03604 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03605 s[i]->s.k = off_nl; 03606 i++; 03607 /* A += 2 */ 03608 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03609 s[i]->s.k = 2; 03610 i++; 03611 /* A *= 4 */ 03612 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 03613 s[i]->s.k = 4; 03614 i++; 03615 /* X = A; */ 03616 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03617 i++; 03618 /* A = MEM[reg2] */ 03619 s[i] = new_stmt(BPF_LD|BPF_MEM); 03620 s[i]->s.k = reg2; 03621 i++; 03622 03623 /* goto again; (must use BPF_JA for backward jump) */ 03624 s[i] = new_stmt(BPF_JMP|BPF_JA); 03625 s[i]->s.k = again - i - 1; 03626 i++; 03627 03628 /* end: nop */ 03629 end = i; 03630 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03631 s[i]->s.k = 0; 03632 s[fix2]->s.jt = s[end]; 03633 s[fix4]->s.jf = s[end]; 03634 s[fix5]->s.jt = s[end]; 03635 i++; 03636 03637 /* 03638 * make slist chain 03639 */ 03640 max = i; 03641 for (i = 0; i < max - 1; i++) 03642 s[i]->next = s[i + 1]; 03643 s[max - 1]->next = NULL; 03644 03645 /* 03646 * emit final check 03647 */ 03648 b = new_block(JMP(BPF_JEQ)); 03649 b->stmts = s[1]; /*remember, s[0] is dummy*/ 03650 b->s.k = v; 03651 03652 free_reg(reg2); 03653 03654 gen_and(b0, b); 03655 return b; 03656 #endif 03657 } 03658 03659 static struct block * 03660 gen_proto(v, proto, dir) 03661 int v; 03662 int proto; 03663 int dir; 03664 { 03665 struct block *b0, *b1; 03666 03667 if (dir != Q_DEFAULT) 03668 bpf_error("direction applied to 'proto'"); 03669 03670 switch (proto) { 03671 case Q_DEFAULT: 03672 #ifdef INET6 03673 b0 = gen_proto(v, Q_IP, dir); 03674 b1 = gen_proto(v, Q_IPV6, dir); 03675 gen_or(b0, b1); 03676 return b1; 03677 #else 03678 /*FALLTHROUGH*/ 03679 #endif 03680 case Q_IP: 03681 /* 03682 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 03683 * not LLC encapsulation with LLCSAP_IP. 03684 * 03685 * For IEEE 802 networks - which includes 802.5 token ring 03686 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 03687 * says that SNAP encapsulation is used, not LLC encapsulation 03688 * with LLCSAP_IP. 03689 * 03690 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 03691 * RFC 2225 say that SNAP encapsulation is used, not LLC 03692 * encapsulation with LLCSAP_IP. 03693 * 03694 * So we always check for ETHERTYPE_IP. 03695 */ 03696 b0 = gen_linktype(ETHERTYPE_IP); 03697 #ifndef CHASE_CHAIN 03698 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 03699 #else 03700 b1 = gen_protochain(v, Q_IP); 03701 #endif 03702 gen_and(b0, b1); 03703 return b1; 03704 03705 case Q_ISO: 03706 switch (linktype) { 03707 03708 case DLT_FRELAY: 03709 /* 03710 * Frame Relay packets typically have an OSI 03711 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)" 03712 * generates code to check for all the OSI 03713 * NLPIDs, so calling it and then adding a check 03714 * for the particular NLPID for which we're 03715 * looking is bogus, as we can just check for 03716 * the NLPID. 03717 * 03718 * What we check for is the NLPID and a frame 03719 * control field value of UI, i.e. 0x03 followed 03720 * by the NLPID. 03721 * 03722 * XXX - assumes a 2-byte Frame Relay header with 03723 * DLCI and flags. What if the address is longer? 03724 * 03725 * XXX - what about SNAP-encapsulated frames? 03726 */ 03727 return gen_cmp(2, BPF_H, (0x03<<8) | v); 03728 break; 03729 03730 case DLT_C_HDLC: 03731 /* 03732 * Cisco uses an Ethertype lookalike - for OSI, 03733 * it's 0xfefe. 03734 */ 03735 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS); 03736 /* OSI in C-HDLC is stuffed with a fudge byte */ 03737 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v); 03738 gen_and(b0, b1); 03739 return b1; 03740 03741 default: 03742 b0 = gen_linktype(LLCSAP_ISONS); 03743 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v); 03744 gen_and(b0, b1); 03745 return b1; 03746 } 03747 03748 case Q_ISIS: 03749 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 03750 /* 03751 * 4 is the offset of the PDU type relative to the IS-IS 03752 * header. 03753 */ 03754 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v); 03755 gen_and(b0, b1); 03756 return b1; 03757 03758 case Q_ARP: 03759 bpf_error("arp does not encapsulate another protocol"); 03760 /* NOTREACHED */ 03761 03762 case Q_RARP: 03763 bpf_error("rarp does not encapsulate another protocol"); 03764 /* NOTREACHED */ 03765 03766 case Q_ATALK: 03767 bpf_error("atalk encapsulation is not specifiable"); 03768 /* NOTREACHED */ 03769 03770 case Q_DECNET: 03771 bpf_error("decnet encapsulation is not specifiable"); 03772 /* NOTREACHED */ 03773 03774 case Q_SCA: 03775 bpf_error("sca does not encapsulate another protocol"); 03776 /* NOTREACHED */ 03777 03778 case Q_LAT: 03779 bpf_error("lat does not encapsulate another protocol"); 03780 /* NOTREACHED */ 03781 03782 case Q_MOPRC: 03783 bpf_error("moprc does not encapsulate another protocol"); 03784 /* NOTREACHED */ 03785 03786 case Q_MOPDL: 03787 bpf_error("mopdl does not encapsulate another protocol"); 03788 /* NOTREACHED */ 03789 03790 case Q_LINK: 03791 return gen_linktype(v); 03792 03793 case Q_UDP: 03794 bpf_error("'udp proto' is bogus"); 03795 /* NOTREACHED */ 03796 03797 case Q_TCP: 03798 bpf_error("'tcp proto' is bogus"); 03799 /* NOTREACHED */ 03800 03801 case Q_SCTP: 03802 bpf_error("'sctp proto' is bogus"); 03803 /* NOTREACHED */ 03804 03805 case Q_ICMP: 03806 bpf_error("'icmp proto' is bogus"); 03807 /* NOTREACHED */ 03808 03809 case Q_IGMP: 03810 bpf_error("'igmp proto' is bogus"); 03811 /* NOTREACHED */ 03812 03813 case Q_IGRP: 03814 bpf_error("'igrp proto' is bogus"); 03815 /* NOTREACHED */ 03816 03817 case Q_PIM: 03818 bpf_error("'pim proto' is bogus"); 03819 /* NOTREACHED */ 03820 03821 case Q_VRRP: 03822 bpf_error("'vrrp proto' is bogus"); 03823 /* NOTREACHED */ 03824 03825 #ifdef INET6 03826 case Q_IPV6: 03827 b0 = gen_linktype(ETHERTYPE_IPV6); 03828 #ifndef CHASE_CHAIN 03829 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 03830 #else 03831 b1 = gen_protochain(v, Q_IPV6); 03832 #endif 03833 gen_and(b0, b1); 03834 return b1; 03835 03836 case Q_ICMPV6: 03837 bpf_error("'icmp6 proto' is bogus"); 03838 #endif /* INET6 */ 03839 03840 case Q_AH: 03841 bpf_error("'ah proto' is bogus"); 03842 03843 case Q_ESP: 03844 bpf_error("'ah proto' is bogus"); 03845 03846 case Q_STP: 03847 bpf_error("'stp proto' is bogus"); 03848 03849 case Q_IPX: 03850 bpf_error("'ipx proto' is bogus"); 03851 03852 case Q_NETBEUI: 03853 bpf_error("'netbeui proto' is bogus"); 03854 03855 default: 03856 abort(); 03857 /* NOTREACHED */ 03858 } 03859 /* NOTREACHED */ 03860 } 03861 03862 struct block * 03863 gen_scode(name, q) 03864 register const char *name; 03865 struct qual q; 03866 { 03867 int proto = q.proto; 03868 int dir = q.dir; 03869 int tproto; 03870 u_char *eaddr; 03871 bpf_u_int32 mask, addr; 03872 #ifndef INET6 03873 bpf_u_int32 **alist; 03874 #else 03875 int tproto6; 03876 struct sockaddr_in *sin; 03877 struct sockaddr_in6 *sin6; 03878 struct addrinfo *res, *res0; 03879 struct in6_addr mask128; 03880 #endif /*INET6*/ 03881 struct block *b, *tmp; 03882 int port, real_proto; 03883 03884 switch (q.addr) { 03885 03886 case Q_NET: 03887 addr = pcap_nametonetaddr(name); 03888 if (addr == 0) 03889 bpf_error("unknown network '%s'", name); 03890 /* Left justify network addr and calculate its network mask */ 03891 mask = 0xffffffff; 03892 while (addr && (addr & 0xff000000) == 0) { 03893 addr <<= 8; 03894 mask <<= 8; 03895 } 03896 return gen_host(addr, mask, proto, dir); 03897 03898 case Q_DEFAULT: 03899 case Q_HOST: 03900 if (proto == Q_LINK) { 03901 switch (linktype) { 03902 03903 case DLT_EN10MB: 03904 eaddr = pcap_ether_hostton(name); 03905 if (eaddr == NULL) 03906 bpf_error( 03907 "unknown ether host '%s'", name); 03908 b = gen_ehostop(eaddr, dir); 03909 free(eaddr); 03910 return b; 03911 03912 case DLT_FDDI: 03913 eaddr = pcap_ether_hostton(name); 03914 if (eaddr == NULL) 03915 bpf_error( 03916 "unknown FDDI host '%s'", name); 03917 b = gen_fhostop(eaddr, dir); 03918 free(eaddr); 03919 return b; 03920 03921 case DLT_IEEE802: 03922 eaddr = pcap_ether_hostton(name); 03923 if (eaddr == NULL) 03924 bpf_error( 03925 "unknown token ring host '%s'", name); 03926 b = gen_thostop(eaddr, dir); 03927 free(eaddr); 03928 return b; 03929 03930 case DLT_IEEE802_11: 03931 eaddr = pcap_ether_hostton(name); 03932 if (eaddr == NULL) 03933 bpf_error( 03934 "unknown 802.11 host '%s'", name); 03935 b = gen_wlanhostop(eaddr, dir); 03936 free(eaddr); 03937 return b; 03938 03939 case DLT_IP_OVER_FC: 03940 eaddr = pcap_ether_hostton(name); 03941 if (eaddr == NULL) 03942 bpf_error( 03943 "unknown Fibre Channel host '%s'", name); 03944 b = gen_ipfchostop(eaddr, dir); 03945 free(eaddr); 03946 return b; 03947 03948 case DLT_SUNATM: 03949 if (!is_lane) 03950 break; 03951 03952 /* 03953 * Check that the packet doesn't begin 03954 * with an LE Control marker. (We've 03955 * already generated a test for LANE.) 03956 */ 03957 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 03958 0xFF00); 03959 gen_not(tmp); 03960 03961 eaddr = pcap_ether_hostton(name); 03962 if (eaddr == NULL) 03963 bpf_error( 03964 "unknown ether host '%s'", name); 03965 b = gen_ehostop(eaddr, dir); 03966 gen_and(tmp, b); 03967 free(eaddr); 03968 return b; 03969 } 03970 03971 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name"); 03972 } else if (proto == Q_DECNET) { 03973 unsigned short dn_addr = __pcap_nametodnaddr(name); 03974 /* 03975 * I don't think DECNET hosts can be multihomed, so 03976 * there is no need to build up a list of addresses 03977 */ 03978 return (gen_host(dn_addr, 0, proto, dir)); 03979 } else { 03980 #ifndef INET6 03981 alist = pcap_nametoaddr(name); 03982 if (alist == NULL || *alist == NULL) 03983 bpf_error("unknown host '%s'", name); 03984 tproto = proto; 03985 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT) 03986 tproto = Q_IP; 03987 b = gen_host(**alist++, 0xffffffff, tproto, dir); 03988 while (*alist) { 03989 tmp = gen_host(**alist++, 0xffffffff, 03990 tproto, dir); 03991 gen_or(b, tmp); 03992 b = tmp; 03993 } 03994 return b; 03995 #else 03996 memset(&mask128, 0xff, sizeof(mask128)); 03997 res0 = res = pcap_nametoaddrinfo(name); 03998 if (res == NULL) 03999 bpf_error("unknown host '%s'", name); 04000 b = tmp = NULL; 04001 tproto = tproto6 = proto; 04002 if (off_linktype == -1 && tproto == Q_DEFAULT) { 04003 tproto = Q_IP; 04004 tproto6 = Q_IPV6; 04005 } 04006 for (res = res0; res; res = res->ai_next) { 04007 switch (res->ai_family) { 04008 case AF_INET: 04009 if (tproto == Q_IPV6) 04010 continue; 04011 04012 sin = (struct sockaddr_in *) 04013 res->ai_addr; 04014 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 04015 0xffffffff, tproto, dir); 04016 break; 04017 case AF_INET6: 04018 if (tproto6 == Q_IP) 04019 continue; 04020 04021 sin6 = (struct sockaddr_in6 *) 04022 res->ai_addr; 04023 tmp = gen_host6(&sin6->sin6_addr, 04024 &mask128, tproto6, dir); 04025 break; 04026 default: 04027 continue; 04028 } 04029 if (b) 04030 gen_or(b, tmp); 04031 b = tmp; 04032 } 04033 freeaddrinfo(res0); 04034 if (b == NULL) { 04035 bpf_error("unknown host '%s'%s", name, 04036 (proto == Q_DEFAULT) 04037 ? "" 04038 : " for specified address family"); 04039 } 04040 return b; 04041 #endif /*INET6*/ 04042 } 04043 04044 case Q_PORT: 04045 if (proto != Q_DEFAULT && 04046 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 04047 bpf_error("illegal qualifier of 'port'"); 04048 if (pcap_nametoport(name, &port, &real_proto) == 0) 04049 bpf_error("unknown port '%s'", name); 04050 if (proto == Q_UDP) { 04051 if (real_proto == IPPROTO_TCP) 04052 bpf_error("port '%s' is tcp", name); 04053 else if (real_proto == IPPROTO_SCTP) 04054 bpf_error("port '%s' is sctp", name); 04055 else 04056 /* override PROTO_UNDEF */ 04057 real_proto = IPPROTO_UDP; 04058 } 04059 if (proto == Q_TCP) { 04060 if (real_proto == IPPROTO_UDP) 04061 bpf_error("port '%s' is udp", name); 04062 04063 else if (real_proto == IPPROTO_SCTP) 04064 bpf_error("port '%s' is sctp", name); 04065 else 04066 /* override PROTO_UNDEF */ 04067 real_proto = IPPROTO_TCP; 04068 } 04069 if (proto == Q_SCTP) { 04070 if (real_proto == IPPROTO_UDP) 04071 bpf_error("port '%s' is udp", name); 04072 04073 else if (real_proto == IPPROTO_TCP) 04074 bpf_error("port '%s' is tcp", name); 04075 else 04076 /* override PROTO_UNDEF */ 04077 real_proto = IPPROTO_SCTP; 04078 } 04079 #ifndef INET6 04080 return gen_port(port, real_proto, dir); 04081 #else 04082 { 04083 struct block *b; 04084 b = gen_port(port, real_proto, dir); 04085 gen_or(gen_port6(port, real_proto, dir), b); 04086 return b; 04087 } 04088 #endif /* INET6 */ 04089 04090 case Q_GATEWAY: 04091 #ifndef INET6 04092 eaddr = pcap_ether_hostton(name); 04093 if (eaddr == NULL) 04094 bpf_error("unknown ether host: %s", name); 04095 04096 alist = pcap_nametoaddr(name); 04097 if (alist == NULL || *alist == NULL) 04098 bpf_error("unknown host '%s'", name); 04099 b = gen_gateway(eaddr, alist, proto, dir); 04100 free(eaddr); 04101 return b; 04102 #else 04103 bpf_error("'gateway' not supported in this configuration"); 04104 #endif /*INET6*/ 04105 04106 case Q_PROTO: 04107 real_proto = lookup_proto(name, proto); 04108 if (real_proto >= 0) 04109 return gen_proto(real_proto, proto, dir); 04110 else 04111 bpf_error("unknown protocol: %s", name); 04112 04113 case Q_PROTOCHAIN: 04114 real_proto = lookup_proto(name, proto); 04115 if (real_proto >= 0) 04116 return gen_protochain(real_proto, proto, dir); 04117 else 04118 bpf_error("unknown protocol: %s", name); 04119 04120 04121 case Q_UNDEF: 04122 syntax(); 04123 /* NOTREACHED */ 04124 } 04125 abort(); 04126 /* NOTREACHED */ 04127 } 04128 04129 struct block * 04130 gen_mcode(s1, s2, masklen, q) 04131 register const char *s1, *s2; 04132 register int masklen; 04133 struct qual q; 04134 { 04135 register int nlen, mlen; 04136 bpf_u_int32 n, m; 04137 04138 nlen = __pcap_atoin(s1, &n); 04139 /* Promote short ipaddr */ 04140 n <<= 32 - nlen; 04141 04142 if (s2 != NULL) { 04143 mlen = __pcap_atoin(s2, &m); 04144 /* Promote short ipaddr */ 04145 m <<= 32 - mlen; 04146 if ((n & ~m) != 0) 04147 bpf_error("non-network bits set in \"%s mask %s\"", 04148 s1, s2); 04149 } else { 04150 /* Convert mask len to mask */ 04151 if (masklen > 32) 04152 bpf_error("mask length must be <= 32"); 04153 m = 0xffffffff << (32 - masklen); 04154 if ((n & ~m) != 0) 04155 bpf_error("non-network bits set in \"%s/%d\"", 04156 s1, masklen); 04157 } 04158 04159 switch (q.addr) { 04160 04161 case Q_NET: 04162 return gen_host(n, m, q.proto, q.dir); 04163 04164 default: 04165 bpf_error("Mask syntax for networks only"); 04166 /* NOTREACHED */ 04167 } 04168 } 04169 04170 struct block * 04171 gen_ncode(s, v, q) 04172 register const char *s; 04173 bpf_u_int32 v; 04174 struct qual q; 04175 { 04176 bpf_u_int32 mask; 04177 int proto = q.proto; 04178 int dir = q.dir; 04179 register int vlen; 04180 04181 if (s == NULL) 04182 vlen = 32; 04183 else if (q.proto == Q_DECNET) 04184 vlen = __pcap_atodn(s, &v); 04185 else 04186 vlen = __pcap_atoin(s, &v); 04187 04188 switch (q.addr) { 04189 04190 case Q_DEFAULT: 04191 case Q_HOST: 04192 case Q_NET: 04193 if (proto == Q_DECNET) 04194 return gen_host(v, 0, proto, dir); 04195 else if (proto == Q_LINK) { 04196 bpf_error("illegal link layer address"); 04197 } else { 04198 mask = 0xffffffff; 04199 if (s == NULL && q.addr == Q_NET) { 04200 /* Promote short net number */ 04201 while (v && (v & 0xff000000) == 0) { 04202 v <<= 8; 04203 mask <<= 8; 04204 } 04205 } else { 04206 /* Promote short ipaddr */ 04207 v <<= 32 - vlen; 04208 mask <<= 32 - vlen; 04209 } 04210 return gen_host(v, mask, proto, dir); 04211 } 04212 04213 case Q_PORT: 04214 if (proto == Q_UDP) 04215 proto = IPPROTO_UDP; 04216 else if (proto == Q_TCP) 04217 proto = IPPROTO_TCP; 04218 else if (proto == Q_SCTP) 04219 proto = IPPROTO_SCTP; 04220 else if (proto == Q_DEFAULT) 04221 proto = PROTO_UNDEF; 04222 else 04223 bpf_error("illegal qualifier of 'port'"); 04224 04225 #ifndef INET6 04226 return gen_port((int)v, proto, dir); 04227 #else 04228 { 04229 struct block *b; 04230 b = gen_port((int)v, proto, dir); 04231 gen_or(gen_port6((int)v, proto, dir), b); 04232 return b; 04233 } 04234 #endif /* INET6 */ 04235 04236 case Q_GATEWAY: 04237 bpf_error("'gateway' requires a name"); 04238 /* NOTREACHED */ 04239 04240 case Q_PROTO: 04241 return gen_proto((int)v, proto, dir); 04242 04243 case Q_PROTOCHAIN: 04244 return gen_protochain((int)v, proto, dir); 04245 04246 case Q_UNDEF: 04247 syntax(); 04248 /* NOTREACHED */ 04249 04250 default: 04251 abort(); 04252 /* NOTREACHED */ 04253 } 04254 /* NOTREACHED */ 04255 } 04256 04257 #ifdef INET6 04258 struct block * 04259 gen_mcode6(s1, s2, masklen, q) 04260 register const char *s1, *s2; 04261 register int masklen; 04262 struct qual q; 04263 { 04264 struct addrinfo *res; 04265 struct in6_addr *addr; 04266 struct in6_addr mask; 04267 struct block *b; 04268 u_int32_t *a, *m; 04269 04270 if (s2) 04271 bpf_error("no mask %s supported", s2); 04272 04273 res = pcap_nametoaddrinfo(s1); 04274 if (!res) 04275 bpf_error("invalid ip6 address %s", s1); 04276 if (res->ai_next) 04277 bpf_error("%s resolved to multiple address", s1); 04278 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 04279 04280 if (sizeof(mask) * 8 < masklen) 04281 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 04282 memset(&mask, 0, sizeof(mask)); 04283 memset(&mask, 0xff, masklen / 8); 04284 if (masklen % 8) { 04285 mask.s6_addr[masklen / 8] = 04286 (0xff << (8 - masklen % 8)) & 0xff; 04287 } 04288 04289 a = (u_int32_t *)addr; 04290 m = (u_int32_t *)&mask; 04291 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 04292 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 04293 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 04294 } 04295 04296 switch (q.addr) { 04297 04298 case Q_DEFAULT: 04299 case Q_HOST: 04300 if (masklen != 128) 04301 bpf_error("Mask syntax for networks only"); 04302 /* FALLTHROUGH */ 04303 04304 case Q_NET: 04305 b = gen_host6(addr, &mask, q.proto, q.dir); 04306 freeaddrinfo(res); 04307 return b; 04308 04309 default: 04310 bpf_error("invalid qualifier against IPv6 address"); 04311 /* NOTREACHED */ 04312 } 04313 } 04314 #endif /*INET6*/ 04315 04316 struct block * 04317 gen_ecode(eaddr, q) 04318 register const u_char *eaddr; 04319 struct qual q; 04320 { 04321 struct block *b, *tmp; 04322 04323 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 04324 if (linktype == DLT_EN10MB) 04325 return gen_ehostop(eaddr, (int)q.dir); 04326 if (linktype == DLT_FDDI) 04327 return gen_fhostop(eaddr, (int)q.dir); 04328 if (linktype == DLT_IEEE802) 04329 return gen_thostop(eaddr, (int)q.dir); 04330 if (linktype == DLT_IEEE802_11) 04331 return gen_wlanhostop(eaddr, (int)q.dir); 04332 if (linktype == DLT_SUNATM && is_lane) { 04333 /* 04334 * Check that the packet doesn't begin with an 04335 * LE Control marker. (We've already generated 04336 * a test for LANE.) 04337 */ 04338 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 04339 gen_not(tmp); 04340 04341 /* 04342 * Now check the MAC address. 04343 */ 04344 b = gen_ehostop(eaddr, (int)q.dir); 04345 gen_and(tmp, b); 04346 return b; 04347 } 04348 if (linktype == DLT_IP_OVER_FC) 04349 return gen_ipfchostop(eaddr, (int)q.dir); 04350 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 04351 } 04352 bpf_error("ethernet address used in non-ether expression"); 04353 /* NOTREACHED */ 04354 } 04355 04356 void 04357 sappend(s0, s1) 04358 struct slist *s0, *s1; 04359 { 04360 /* 04361 * This is definitely not the best way to do this, but the 04362 * lists will rarely get long. 04363 */ 04364 while (s0->next) 04365 s0 = s0->next; 04366 s0->next = s1; 04367 } 04368 04369 static struct slist * 04370 xfer_to_x(a) 04371 struct arth *a; 04372 { 04373 struct slist *s; 04374 04375 s = new_stmt(BPF_LDX|BPF_MEM); 04376 s->s.k = a->regno; 04377 return s; 04378 } 04379 04380 static struct slist * 04381 xfer_to_a(a) 04382 struct arth *a; 04383 { 04384 struct slist *s; 04385 04386 s = new_stmt(BPF_LD|BPF_MEM); 04387 s->s.k = a->regno; 04388 return s; 04389 } 04390 04391 struct arth * 04392 gen_load(proto, index, size) 04393 int proto; 04394 struct arth *index; 04395 int size; 04396 { 04397 struct slist *s, *tmp; 04398 struct block *b; 04399 int regno = alloc_reg(); 04400 04401 free_reg(index->regno); 04402 switch (size) { 04403 04404 default: 04405 bpf_error("data size must be 1, 2, or 4"); 04406 04407 case 1: 04408 size = BPF_B; 04409 break; 04410 04411 case 2: 04412 size = BPF_H; 04413 break; 04414 04415 case 4: 04416 size = BPF_W; 04417 break; 04418 } 04419 switch (proto) { 04420 default: 04421 bpf_error("unsupported index operation"); 04422 04423 case Q_LINK: 04424 /* 04425 * XXX - what about ATM LANE? Should the index be 04426 * relative to the beginning of the AAL5 frame, so 04427 * that 0 refers to the beginning of the LE Control 04428 * field, or relative to the beginning of the LAN 04429 * frame, so that 0 refers, for Ethernet LANE, to 04430 * the beginning of the destination address? 04431 */ 04432 s = xfer_to_x(index); 04433 tmp = new_stmt(BPF_LD|BPF_IND|size); 04434 sappend(s, tmp); 04435 sappend(index->s, s); 04436 break; 04437 04438 case Q_IP: 04439 case Q_ARP: 04440 case Q_RARP: 04441 case Q_ATALK: 04442 case Q_DECNET: 04443 case Q_SCA: 04444 case Q_LAT: 04445 case Q_MOPRC: 04446 case Q_MOPDL: 04447 #ifdef INET6 04448 case Q_IPV6: 04449 #endif 04450 /* XXX Note that we assume a fixed link header here. */ 04451 s = xfer_to_x(index); 04452 tmp = new_stmt(BPF_LD|BPF_IND|size); 04453 tmp->s.k = off_nl; 04454 sappend(s, tmp); 04455 sappend(index->s, s); 04456 04457 b = gen_proto_abbrev(proto); 04458 if (index->b) 04459 gen_and(index->b, b); 04460 index->b = b; 04461 break; 04462 04463 case Q_SCTP: 04464 case Q_TCP: 04465 case Q_UDP: 04466 case Q_ICMP: 04467 case Q_IGMP: 04468 case Q_IGRP: 04469 case Q_PIM: 04470 case Q_VRRP: 04471 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 04472 s->s.k = off_nl; 04473 sappend(s, xfer_to_a(index)); 04474 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 04475 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 04476 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 04477 tmp->s.k = off_nl; 04478 sappend(index->s, s); 04479 04480 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 04481 if (index->b) 04482 gen_and(index->b, b); 04483 #ifdef INET6 04484 gen_and(gen_proto_abbrev(Q_IP), b); 04485 #endif 04486 index->b = b; 04487 break; 04488 #ifdef INET6 04489 case Q_ICMPV6: 04490 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 04491 /*NOTREACHED*/ 04492 #endif 04493 } 04494 index->regno = regno; 04495 s = new_stmt(BPF_ST); 04496 s->s.k = regno; 04497 sappend(index->s, s); 04498 04499 return index; 04500 } 04501 04502 struct block * 04503 gen_relation(code, a0, a1, reversed) 04504 int code; 04505 struct arth *a0, *a1; 04506 int reversed; 04507 { 04508 struct slist *s0, *s1, *s2; 04509 struct block *b, *tmp; 04510 04511 s0 = xfer_to_x(a1); 04512 s1 = xfer_to_a(a0); 04513 if (code == BPF_JEQ) { 04514 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 04515 b = new_block(JMP(code)); 04516 sappend(s1, s2); 04517 } 04518 else 04519 b = new_block(BPF_JMP|code|BPF_X); 04520 if (reversed) 04521 gen_not(b); 04522 04523 sappend(s0, s1); 04524 sappend(a1->s, s0); 04525 sappend(a0->s, a1->s); 04526 04527 b->stmts = a0->s; 04528 04529 free_reg(a0->regno); 04530 free_reg(a1->regno); 04531 04532 /* 'and' together protocol checks */ 04533 if (a0->b) { 04534 if (a1->b) { 04535 gen_and(a0->b, tmp = a1->b); 04536 } 04537 else 04538 tmp = a0->b; 04539 } else 04540 tmp = a1->b; 04541 04542 if (tmp) 04543 gen_and(tmp, b); 04544 04545 return b; 04546 } 04547 04548 struct arth * 04549 gen_loadlen() 04550 { 04551 int regno = alloc_reg(); 04552 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 04553 struct slist *s; 04554 04555 s = new_stmt(BPF_LD|BPF_LEN); 04556 s->next = new_stmt(BPF_ST); 04557 s->next->s.k = regno; 04558 a->s = s; 04559 a->regno = regno; 04560 04561 return a; 04562 } 04563 04564 struct arth * 04565 gen_loadi(val) 04566 int val; 04567 { 04568 struct arth *a; 04569 struct slist *s; 04570 int reg; 04571 04572 a = (struct arth *)newchunk(sizeof(*a)); 04573 04574 reg = alloc_reg(); 04575 04576 s = new_stmt(BPF_LD|BPF_IMM); 04577 s->s.k = val; 04578 s->next = new_stmt(BPF_ST); 04579 s->next->s.k = reg; 04580 a->s = s; 04581 a->regno = reg; 04582 04583 return a; 04584 } 04585 04586 struct arth * 04587 gen_neg(a) 04588 struct arth *a; 04589 { 04590 struct slist *s; 04591 04592 s = xfer_to_a(a); 04593 sappend(a->s, s); 04594 s = new_stmt(BPF_ALU|BPF_NEG); 04595 s->s.k = 0; 04596 sappend(a->s, s); 04597 s = new_stmt(BPF_ST); 04598 s->s.k = a->regno; 04599 sappend(a->s, s); 04600 04601 return a; 04602 } 04603 04604 struct arth * 04605 gen_arth(code, a0, a1) 04606 int code; 04607 struct arth *a0, *a1; 04608 { 04609 struct slist *s0, *s1, *s2; 04610 04611 s0 = xfer_to_x(a1); 04612 s1 = xfer_to_a(a0); 04613 s2 = new_stmt(BPF_ALU|BPF_X|code); 04614 04615 sappend(s1, s2); 04616 sappend(s0, s1); 04617 sappend(a1->s, s0); 04618 sappend(a0->s, a1->s); 04619 04620 free_reg(a0->regno); 04621 free_reg(a1->regno); 04622 04623 s0 = new_stmt(BPF_ST); 04624 a0->regno = s0->s.k = alloc_reg(); 04625 sappend(a0->s, s0); 04626 04627 return a0; 04628 } 04629 04630 /* 04631 * Here we handle simple allocation of the scratch registers. 04632 * If too many registers are alloc'd, the allocator punts. 04633 */ 04634 static int regused[BPF_MEMWORDS]; 04635 static int curreg; 04636 04637 /* 04638 * Return the next free register. 04639 */ 04640 static int 04641 alloc_reg() 04642 { 04643 int n = BPF_MEMWORDS; 04644 04645 while (--n >= 0) { 04646 if (regused[curreg]) 04647 curreg = (curreg + 1) % BPF_MEMWORDS; 04648 else { 04649 regused[curreg] = 1; 04650 return curreg; 04651 } 04652 } 04653 bpf_error("too many registers needed to evaluate expression"); 04654 /* NOTREACHED */ 04655 } 04656 04657 /* 04658 * Return a register to the table so it can 04659 * be used later. 04660 */ 04661 static void 04662 free_reg(n) 04663 int n; 04664 { 04665 regused[n] = 0; 04666 } 04667 04668 static struct block * 04669 gen_len(jmp, n) 04670 int jmp, n; 04671 { 04672 struct slist *s; 04673 struct block *b; 04674 04675 s = new_stmt(BPF_LD|BPF_LEN); 04676 b = new_block(JMP(jmp)); 04677 b->stmts = s; 04678 b->s.k = n; 04679 04680 return b; 04681 } 04682 04683 struct block * 04684 gen_greater(n) 04685 int n; 04686 { 04687 return gen_len(BPF_JGE, n); 04688 } 04689 04690 /* 04691 * Actually, this is less than or equal. 04692 */ 04693 struct block * 04694 gen_less(n) 04695 int n; 04696 { 04697 struct block *b; 04698 04699 b = gen_len(BPF_JGT, n); 04700 gen_not(b); 04701 04702 return b; 04703 } 04704 04705 struct block * 04706 gen_byteop(op, idx, val) 04707 int op, idx, val; 04708 { 04709 struct block *b; 04710 struct slist *s; 04711 04712 switch (op) { 04713 default: 04714 abort(); 04715 04716 case '=': 04717 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 04718 04719 case '<': 04720 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 04721 b->s.code = JMP(BPF_JGE); 04722 gen_not(b); 04723 return b; 04724 04725 case '>': 04726 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 04727 b->s.code = JMP(BPF_JGT); 04728 return b; 04729 04730 case '|': 04731 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 04732 break; 04733 04734 case '&': 04735 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 04736 break; 04737 } 04738 s->s.k = val; 04739 b = new_block(JMP(BPF_JEQ)); 04740 b->stmts = s; 04741 gen_not(b); 04742 04743 return b; 04744 } 04745 04746 static u_char abroadcast[] = { 0x0 }; 04747 04748 struct block * 04749 gen_broadcast(proto) 04750 int proto; 04751 { 04752 bpf_u_int32 hostmask; 04753 struct block *b0, *b1, *b2; 04754 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 04755 04756 switch (proto) { 04757 04758 case Q_DEFAULT: 04759 case Q_LINK: 04760 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 04761 return gen_ahostop(abroadcast, Q_DST); 04762 if (linktype == DLT_EN10MB) 04763 return gen_ehostop(ebroadcast, Q_DST); 04764 if (linktype == DLT_FDDI) 04765 return gen_fhostop(ebroadcast, Q_DST); 04766 if (linktype == DLT_IEEE802) 04767 return gen_thostop(ebroadcast, Q_DST); 04768 if (linktype == DLT_IEEE802_11) 04769 return gen_wlanhostop(ebroadcast, Q_DST); 04770 if (linktype == DLT_IP_OVER_FC) 04771 return gen_ipfchostop(ebroadcast, Q_DST); 04772 if (linktype == DLT_SUNATM && is_lane) { 04773 /* 04774 * Check that the packet doesn't begin with an 04775 * LE Control marker. (We've already generated 04776 * a test for LANE.) 04777 */ 04778 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 04779 gen_not(b1); 04780 04781 /* 04782 * Now check the MAC address. 04783 */ 04784 b0 = gen_ehostop(ebroadcast, Q_DST); 04785 gen_and(b1, b0); 04786 return b0; 04787 } 04788 bpf_error("not a broadcast link"); 04789 break; 04790 04791 case Q_IP: 04792 b0 = gen_linktype(ETHERTYPE_IP); 04793 hostmask = ~netmask; 04794 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 04795 b2 = gen_mcmp(off_nl + 16, BPF_W, 04796 (bpf_int32)(~0 & hostmask), hostmask); 04797 gen_or(b1, b2); 04798 gen_and(b0, b2); 04799 return b2; 04800 } 04801 bpf_error("only link-layer/IP broadcast filters supported"); 04802 } 04803 04804 /* 04805 * Generate code to test the low-order bit of a MAC address (that's 04806 * the bottom bit of the *first* byte). 04807 */ 04808 static struct block * 04809 gen_mac_multicast(offset) 04810 int offset; 04811 { 04812 register struct block *b0; 04813 register struct slist *s; 04814 04815 /* link[offset] & 1 != 0 */ 04816 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04817 s->s.k = offset; 04818 b0 = new_block(JMP(BPF_JSET)); 04819 b0->s.k = 1; 04820 b0->stmts = s; 04821 return b0; 04822 } 04823 04824 struct block * 04825 gen_multicast(proto) 04826 int proto; 04827 { 04828 register struct block *b0, *b1, *b2; 04829 register struct slist *s; 04830 04831 switch (proto) { 04832 04833 case Q_DEFAULT: 04834 case Q_LINK: 04835 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 04836 /* all ARCnet multicasts use the same address */ 04837 return gen_ahostop(abroadcast, Q_DST); 04838 04839 if (linktype == DLT_EN10MB) { 04840 /* ether[0] & 1 != 0 */ 04841 return gen_mac_multicast(0); 04842 } 04843 04844 if (linktype == DLT_FDDI) { 04845 /* 04846 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX 04847 * 04848 * XXX - was that referring to bit-order issues? 04849 */ 04850 /* fddi[1] & 1 != 0 */ 04851 return gen_mac_multicast(1); 04852 } 04853 04854 if (linktype == DLT_IEEE802) { 04855 /* tr[2] & 1 != 0 */ 04856 return gen_mac_multicast(2); 04857 } 04858 04859 if (linktype == DLT_IEEE802_11) { 04860 /* 04861 * Oh, yuk. 04862 * 04863 * For control frames, there is no DA. 04864 * 04865 * For management frames, DA is at an 04866 * offset of 4 from the beginning of 04867 * the packet. 04868 * 04869 * For data frames, DA is at an offset 04870 * of 4 from the beginning of the packet 04871 * if To DS is clear and at an offset of 04872 * 16 from the beginning of the packet 04873 * if To DS is set. 04874 */ 04875 04876 /* 04877 * Generate the tests to be done for data frames. 04878 * 04879 * First, check for To DS set, i.e. "link[1] & 0x01". 04880 */ 04881 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04882 s->s.k = 1; 04883 b1 = new_block(JMP(BPF_JSET)); 04884 b1->s.k = 0x01; /* To DS */ 04885 b1->stmts = s; 04886 04887 /* 04888 * If To DS is set, the DA is at 16. 04889 */ 04890 b0 = gen_mac_multicast(16); 04891 gen_and(b1, b0); 04892 04893 /* 04894 * Now, check for To DS not set, i.e. check 04895 * "!(link[1] & 0x01)". 04896 */ 04897 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04898 s->s.k = 1; 04899 b2 = new_block(JMP(BPF_JSET)); 04900 b2->s.k = 0x01; /* To DS */ 04901 b2->stmts = s; 04902 gen_not(b2); 04903 04904 /* 04905 * If To DS is not set, the DA is at 4. 04906 */ 04907 b1 = gen_mac_multicast(4); 04908 gen_and(b2, b1); 04909 04910 /* 04911 * Now OR together the last two checks. That gives 04912 * the complete set of checks for data frames. 04913 */ 04914 gen_or(b1, b0); 04915 04916 /* 04917 * Now check for a data frame. 04918 * I.e, check "link[0] & 0x08". 04919 */ 04920 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04921 s->s.k = 0; 04922 b1 = new_block(JMP(BPF_JSET)); 04923 b1->s.k = 0x08; 04924 b1->stmts = s; 04925 04926 /* 04927 * AND that with the checks done for data frames. 04928 */ 04929 gen_and(b1, b0); 04930 04931 /* 04932 * If the high-order bit of the type value is 0, this 04933 * is a management frame. 04934 * I.e, check "!(link[0] & 0x08)". 04935 */ 04936 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04937 s->s.k = 0; 04938 b2 = new_block(JMP(BPF_JSET)); 04939 b2->s.k = 0x08; 04940 b2->stmts = s; 04941 gen_not(b2); 04942 04943 /* 04944 * For management frames, the DA is at 4. 04945 */ 04946 b1 = gen_mac_multicast(4); 04947 gen_and(b2, b1); 04948 04949 /* 04950 * OR that with the checks done for data frames. 04951 * That gives the checks done for management and 04952 * data frames. 04953 */ 04954 gen_or(b1, b0); 04955 04956 /* 04957 * If the low-order bit of the type value is 1, 04958 * this is either a control frame or a frame 04959 * with a reserved type, and thus not a 04960 * frame with an SA. 04961 * 04962 * I.e., check "!(link[0] & 0x04)". 04963 */ 04964 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04965 s->s.k = 0; 04966 b1 = new_block(JMP(BPF_JSET)); 04967 b1->s.k = 0x04; 04968 b1->stmts = s; 04969 gen_not(b1); 04970 04971 /* 04972 * AND that with the checks for data and management 04973 * frames. 04974 */ 04975 gen_and(b1, b0); 04976 return b0; 04977 } 04978 04979 if (linktype == DLT_IP_OVER_FC) { 04980 b0 = gen_mac_multicast(2); 04981 return b0; 04982 } 04983 04984 if (linktype == DLT_SUNATM && is_lane) { 04985 /* 04986 * Check that the packet doesn't begin with an 04987 * LE Control marker. (We've already generated 04988 * a test for LANE.) 04989 */ 04990 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 04991 gen_not(b1); 04992 04993 /* ether[off_mac] & 1 != 0 */ 04994 b0 = gen_mac_multicast(off_mac); 04995 gen_and(b1, b0); 04996 return b0; 04997 } 04998 04999 /* Link not known to support multicasts */ 05000 break; 05001 05002 case Q_IP: 05003 b0 = gen_linktype(ETHERTYPE_IP); 05004 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 05005 b1->s.code = JMP(BPF_JGE); 05006 gen_and(b0, b1); 05007 return b1; 05008 05009 #ifdef INET6 05010 case Q_IPV6: 05011 b0 = gen_linktype(ETHERTYPE_IPV6); 05012 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 05013 gen_and(b0, b1); 05014 return b1; 05015 #endif /* INET6 */ 05016 } 05017 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 05018 } 05019 05020 /* 05021 * generate command for inbound/outbound. It's here so we can 05022 * make it link-type specific. 'dir' = 0 implies "inbound", 05023 * = 1 implies "outbound". 05024 */ 05025 struct block * 05026 gen_inbound(dir) 05027 int dir; 05028 { 05029 register struct block *b0; 05030 05031 /* 05032 * Only some data link types support inbound/outbound qualifiers. 05033 */ 05034 switch (linktype) { 05035 case DLT_SLIP: 05036 b0 = gen_relation(BPF_JEQ, 05037 gen_load(Q_LINK, gen_loadi(0), 1), 05038 gen_loadi(0), 05039 dir); 05040 break; 05041 05042 case DLT_LINUX_SLL: 05043 if (dir) { 05044 /* 05045 * Match packets sent by this machine. 05046 */ 05047 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING); 05048 } else { 05049 /* 05050 * Match packets sent to this machine. 05051 * (No broadcast or multicast packets, or 05052 * packets sent to some other machine and 05053 * received promiscuously.) 05054 * 05055 * XXX - packets sent to other machines probably 05056 * shouldn't be matched, but what about broadcast 05057 * or multicast packets we received? 05058 */ 05059 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST); 05060 } 05061 break; 05062 05063 case DLT_PFLOG: 05064 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 05065 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 05066 break; 05067 05068 default: 05069 bpf_error("inbound/outbound not supported on linktype %d", 05070 linktype); 05071 b0 = NULL; 05072 /* NOTREACHED */ 05073 } 05074 return (b0); 05075 } 05076 05077 /* PF firewall log matched interface */ 05078 struct block * 05079 gen_pf_ifname(const char *ifname) 05080 { 05081 struct block *b0; 05082 u_int len, off; 05083 05084 if (linktype == DLT_PFLOG) { 05085 len = sizeof(((struct pfloghdr *)0)->ifname); 05086 off = offsetof(struct pfloghdr, ifname); 05087 } else { 05088 bpf_error("ifname not supported on linktype 0x%x", linktype); 05089 /* NOTREACHED */ 05090 } 05091 if (strlen(ifname) >= len) { 05092 bpf_error("ifname interface names can only be %d characters", 05093 len-1); 05094 /* NOTREACHED */ 05095 } 05096 b0 = gen_bcmp(off, strlen(ifname), ifname); 05097 return (b0); 05098 } 05099 05100 /* PF firewall log matched interface */ 05101 struct block * 05102 gen_pf_ruleset(char *ruleset) 05103 { 05104 struct block *b0; 05105 05106 if (linktype != DLT_PFLOG) { 05107 bpf_error("ruleset not supported on linktype 0x%x", linktype); 05108 /* NOTREACHED */ 05109 } 05110 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 05111 bpf_error("ruleset names can only be %ld characters", 05112 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1)); 05113 /* NOTREACHED */ 05114 } 05115 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 05116 strlen(ruleset), ruleset); 05117 return (b0); 05118 } 05119 05120 /* PF firewall log rule number */ 05121 struct block * 05122 gen_pf_rnr(int rnr) 05123 { 05124 struct block *b0; 05125 05126 if (linktype == DLT_PFLOG) { 05127 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 05128 (bpf_int32)rnr); 05129 } else { 05130 bpf_error("rnr not supported on linktype 0x%x", linktype); 05131 /* NOTREACHED */ 05132 } 05133 05134 return (b0); 05135 } 05136 05137 /* PF firewall log sub-rule number */ 05138 struct block * 05139 gen_pf_srnr(int srnr) 05140 { 05141 struct block *b0; 05142 05143 if (linktype != DLT_PFLOG) { 05144 bpf_error("srnr not supported on linktype 0x%x", linktype); 05145 /* NOTREACHED */ 05146 } 05147 05148 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 05149 (bpf_int32)srnr); 05150 return (b0); 05151 } 05152 05153 /* PF firewall log reason code */ 05154 struct block * 05155 gen_pf_reason(int reason) 05156 { 05157 struct block *b0; 05158 05159 if (linktype == DLT_PFLOG) { 05160 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 05161 (bpf_int32)reason); 05162 } else { 05163 bpf_error("reason not supported on linktype 0x%x", linktype); 05164 /* NOTREACHED */ 05165 } 05166 05167 return (b0); 05168 } 05169 05170 /* PF firewall log action */ 05171 struct block * 05172 gen_pf_action(int action) 05173 { 05174 struct block *b0; 05175 05176 if (linktype == DLT_PFLOG) { 05177 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 05178 (bpf_int32)action); 05179 } else { 05180 bpf_error("action not supported on linktype 0x%x", linktype); 05181 /* NOTREACHED */ 05182 } 05183 05184 return (b0); 05185 } 05186 05187 struct block * 05188 gen_acode(eaddr, q) 05189 register const u_char *eaddr; 05190 struct qual q; 05191 { 05192 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 05193 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 05194 return gen_ahostop(eaddr, (int)q.dir); 05195 } 05196 bpf_error("ARCnet address used in non-arc expression"); 05197 /* NOTREACHED */ 05198 } 05199 05200 static struct block * 05201 gen_ahostop(eaddr, dir) 05202 register const u_char *eaddr; 05203 register int dir; 05204 { 05205 register struct block *b0, *b1; 05206 05207 switch (dir) { 05208 /* src comes first, different from Ethernet */ 05209 case Q_SRC: 05210 return gen_bcmp(0, 1, eaddr); 05211 05212 case Q_DST: 05213 return gen_bcmp(1, 1, eaddr); 05214 05215 case Q_AND: 05216 b0 = gen_ahostop(eaddr, Q_SRC); 05217 b1 = gen_ahostop(eaddr, Q_DST); 05218 gen_and(b0, b1); 05219 return b1; 05220 05221 case Q_DEFAULT: 05222 case Q_OR: 05223 b0 = gen_ahostop(eaddr, Q_SRC); 05224 b1 = gen_ahostop(eaddr, Q_DST); 05225 gen_or(b0, b1); 05226 return b1; 05227 } 05228 abort(); 05229 /* NOTREACHED */ 05230 } 05231 05232 /* 05233 * support IEEE 802.1Q VLAN trunk over ethernet 05234 */ 05235 struct block * 05236 gen_vlan(vlan_num) 05237 int vlan_num; 05238 { 05239 struct block *b0; 05240 05241 /* 05242 * Change the offsets to point to the type and data fields within 05243 * the VLAN packet. This is somewhat of a kludge. 05244 */ 05245 if (orig_nl == (u_int)-1) { 05246 orig_linktype = off_linktype; /* save original values */ 05247 orig_nl = off_nl; 05248 orig_nl_nosnap = off_nl_nosnap; 05249 05250 switch (linktype) { 05251 05252 case DLT_EN10MB: 05253 off_linktype = 16; 05254 off_nl_nosnap = 18; 05255 off_nl = 18; 05256 break; 05257 05258 default: 05259 bpf_error("no VLAN support for data link type %d", 05260 linktype); 05261 /*NOTREACHED*/ 05262 } 05263 } 05264 05265 /* check for VLAN */ 05266 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 05267 05268 /* If a specific VLAN is requested, check VLAN id */ 05269 if (vlan_num >= 0) { 05270 struct block *b1; 05271 05272 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0fff); 05273 gen_and(b0, b1); 05274 b0 = b1; 05275 } 05276 05277 return (b0); 05278 } 05279 05280 struct block * 05281 gen_atmfield_code(atmfield, jvalue, jtype, reverse) 05282 int atmfield; 05283 bpf_u_int32 jvalue; 05284 bpf_u_int32 jtype; 05285 int reverse; 05286 { 05287 struct block *b0; 05288 05289 switch (atmfield) { 05290 05291 case A_VPI: 05292 if (!is_atm) 05293 bpf_error("'vpi' supported only on raw ATM"); 05294 if (off_vpi == (u_int)-1) 05295 abort(); 05296 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype, 05297 (u_int)jvalue, reverse); 05298 break; 05299 05300 case A_VCI: 05301 if (!is_atm) 05302 bpf_error("'vci' supported only on raw ATM"); 05303 if (off_vci == (u_int)-1) 05304 abort(); 05305 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype, 05306 (u_int)jvalue, reverse); 05307 break; 05308 05309 case A_PROTOTYPE: 05310 if (off_proto == (u_int)-1) 05311 abort(); /* XXX - this isn't on FreeBSD */ 05312 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype, 05313 (u_int)jvalue, reverse); 05314 break; 05315 05316 case A_MSGTYPE: 05317 if (off_payload == (u_int)-1) 05318 abort(); 05319 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff, 05320 (u_int)jtype, (u_int)jvalue, reverse); 05321 break; 05322 05323 case A_CALLREFTYPE: 05324 if (!is_atm) 05325 bpf_error("'callref' supported only on raw ATM"); 05326 if (off_proto == (u_int)-1) 05327 abort(); 05328 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype, 05329 (u_int)jvalue, reverse); 05330 break; 05331 05332 default: 05333 abort(); 05334 } 05335 return b0; 05336 } 05337 05338 struct block * 05339 gen_atmtype_abbrev(type) 05340 int type; 05341 { 05342 struct block *b0, *b1; 05343 05344 switch (type) { 05345 05346 case A_METAC: 05347 /* Get all packets in Meta signalling Circuit */ 05348 if (!is_atm) 05349 bpf_error("'metac' supported only on raw ATM"); 05350 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05351 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0); 05352 gen_and(b0, b1); 05353 break; 05354 05355 case A_BCC: 05356 /* Get all packets in Broadcast Circuit*/ 05357 if (!is_atm) 05358 bpf_error("'bcc' supported only on raw ATM"); 05359 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05360 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0); 05361 gen_and(b0, b1); 05362 break; 05363 05364 case A_OAMF4SC: 05365 /* Get all cells in Segment OAM F4 circuit*/ 05366 if (!is_atm) 05367 bpf_error("'oam4sc' supported only on raw ATM"); 05368 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05369 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 05370 gen_and(b0, b1); 05371 break; 05372 05373 case A_OAMF4EC: 05374 /* Get all cells in End-to-End OAM F4 Circuit*/ 05375 if (!is_atm) 05376 bpf_error("'oam4ec' supported only on raw ATM"); 05377 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05378 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 05379 gen_and(b0, b1); 05380 break; 05381 05382 case A_SC: 05383 /* Get all packets in connection Signalling Circuit */ 05384 if (!is_atm) 05385 bpf_error("'sc' supported only on raw ATM"); 05386 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05387 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0); 05388 gen_and(b0, b1); 05389 break; 05390 05391 case A_ILMIC: 05392 /* Get all packets in ILMI Circuit */ 05393 if (!is_atm) 05394 bpf_error("'ilmic' supported only on raw ATM"); 05395 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05396 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0); 05397 gen_and(b0, b1); 05398 break; 05399 05400 case A_LANE: 05401 /* Get all LANE packets */ 05402 if (!is_atm) 05403 bpf_error("'lane' supported only on raw ATM"); 05404 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 05405 05406 /* 05407 * Arrange that all subsequent tests assume LANE 05408 * rather than LLC-encapsulated packets, and set 05409 * the offsets appropriately for LANE-encapsulated 05410 * Ethernet. 05411 * 05412 * "off_mac" is the offset of the Ethernet header, 05413 * which is 2 bytes past the ATM pseudo-header 05414 * (skipping the pseudo-header and 2-byte LE Client 05415 * field). The other offsets are Ethernet offsets 05416 * relative to "off_mac". 05417 */ 05418 is_lane = 1; 05419 off_mac = off_payload + 2; /* MAC header */ 05420 off_linktype = off_mac + 12; 05421 off_nl = off_mac + 14; /* Ethernet II */ 05422 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */ 05423 break; 05424 05425 case A_LLC: 05426 /* Get all LLC-encapsulated packets */ 05427 if (!is_atm) 05428 bpf_error("'llc' supported only on raw ATM"); 05429 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 05430 is_lane = 0; 05431 break; 05432 05433 default: 05434 abort(); 05435 } 05436 return b1; 05437 } 05438 05439 05440 static struct block * 05441 gen_msg_abbrev(type) 05442 int type; 05443 { 05444 struct block *b1; 05445 05446 /* 05447 * Q.2931 signalling protocol messages for handling virtual circuits 05448 * establishment and teardown 05449 */ 05450 switch (type) { 05451 05452 case A_SETUP: 05453 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0); 05454 break; 05455 05456 case A_CALLPROCEED: 05457 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 05458 break; 05459 05460 case A_CONNECT: 05461 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0); 05462 break; 05463 05464 case A_CONNECTACK: 05465 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 05466 break; 05467 05468 case A_RELEASE: 05469 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0); 05470 break; 05471 05472 case A_RELEASE_DONE: 05473 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 05474 break; 05475 05476 default: 05477 abort(); 05478 } 05479 return b1; 05480 } 05481 05482 struct block * 05483 gen_atmmulti_abbrev(type) 05484 int type; 05485 { 05486 struct block *b0, *b1; 05487 05488 switch (type) { 05489 05490 case A_OAM: 05491 if (!is_atm) 05492 bpf_error("'oam' supported only on raw ATM"); 05493 b1 = gen_atmmulti_abbrev(A_OAMF4); 05494 break; 05495 05496 case A_OAMF4: 05497 if (!is_atm) 05498 bpf_error("'oamf4' supported only on raw ATM"); 05499 /* OAM F4 type */ 05500 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 05501 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 05502 gen_or(b0, b1); 05503 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05504 gen_and(b0, b1); 05505 break; 05506 05507 case A_CONNECTMSG: 05508 /* 05509 * Get Q.2931 signalling messages for switched 05510 * virtual connection 05511 */ 05512 if (!is_atm) 05513 bpf_error("'connectmsg' supported only on raw ATM"); 05514 b0 = gen_msg_abbrev(A_SETUP); 05515 b1 = gen_msg_abbrev(A_CALLPROCEED); 05516 gen_or(b0, b1); 05517 b0 = gen_msg_abbrev(A_CONNECT); 05518 gen_or(b0, b1); 05519 b0 = gen_msg_abbrev(A_CONNECTACK); 05520 gen_or(b0, b1); 05521 b0 = gen_msg_abbrev(A_RELEASE); 05522 gen_or(b0, b1); 05523 b0 = gen_msg_abbrev(A_RELEASE_DONE); 05524 gen_or(b0, b1); 05525 b0 = gen_atmtype_abbrev(A_SC); 05526 gen_and(b0, b1); 05527 break; 05528 05529 case A_METACONNECT: 05530 if (!is_atm) 05531 bpf_error("'metaconnect' supported only on raw ATM"); 05532 b0 = gen_msg_abbrev(A_SETUP); 05533 b1 = gen_msg_abbrev(A_CALLPROCEED); 05534 gen_or(b0, b1); 05535 b0 = gen_msg_abbrev(A_CONNECT); 05536 gen_or(b0, b1); 05537 b0 = gen_msg_abbrev(A_RELEASE); 05538 gen_or(b0, b1); 05539 b0 = gen_msg_abbrev(A_RELEASE_DONE); 05540 gen_or(b0, b1); 05541 b0 = gen_atmtype_abbrev(A_METAC); 05542 gen_and(b0, b1); 05543 break; 05544 05545 default: 05546 abort(); 05547 } 05548 return b1; 05549 }
documentation. Copyright (c) 2002-2003 Politecnico di Torino. All rights reserved.