00001 /*#define CHASE_CHAIN*/ 00002 /* 00003 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 00004 * The Regents of the University of California. All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that: (1) source code distributions 00008 * retain the above copyright notice and this paragraph in its entirety, (2) 00009 * distributions including binary code include the above copyright notice and 00010 * this paragraph in its entirety in the documentation or other materials 00011 * provided with the distribution, and (3) all advertising materials mentioning 00012 * features or use of this software display the following acknowledgement: 00013 * ``This product includes software developed by the University of California, 00014 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 00015 * the University nor the names of its contributors may be used to endorse 00016 * or promote products derived from this software without specific prior 00017 * written permission. 00018 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 00019 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 00020 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 00021 */ 00022 #ifndef lint 00023 static const char rcsid[] _U_ = 00024 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.196 2004/01/14 01:09:03 guy Exp $ (LBL)"; 00025 #endif 00026 00027 #ifdef HAVE_CONFIG_H 00028 #include "config.h" 00029 #endif 00030 00031 #ifdef WIN32 00032 #include <pcap-stdinc.h> 00033 #else /* WIN32 */ 00034 #include <sys/types.h> 00035 #include <sys/socket.h> 00036 #include <sys/time.h> 00037 #endif /* WIN32 */ 00038 00039 /* 00040 * XXX - why was this included even on UNIX? 00041 */ 00042 #ifdef __MINGW32__ 00043 #include "IP6_misc.h" 00044 #endif 00045 00046 #ifndef WIN32 00047 00048 #ifdef __NetBSD__ 00049 #include <sys/param.h> 00050 #endif 00051 00052 #include <netinet/in.h> 00053 00054 #endif /* WIN32 */ 00055 00056 #include <stdlib.h> 00057 #include <string.h> 00058 #include <memory.h> 00059 #include <setjmp.h> 00060 #include <stdarg.h> 00061 00062 #include "pcap-int.h" 00063 00064 #include "ethertype.h" 00065 #include "nlpid.h" 00066 #include "llc.h" 00067 #include "gencode.h" 00068 #include "atmuni31.h" 00069 #include "sunatmpos.h" 00070 #include "ppp.h" 00071 #include "sll.h" 00072 #include "arcnet.h" 00073 #include "pf.h" 00074 #ifdef INET6 00075 #ifndef WIN32 00076 #include <netdb.h> /* for "struct addrinfo" */ 00077 #endif /* WIN32 */ 00078 #endif /*INET6*/ 00079 #include <pcap-namedb.h> 00080 00081 #define ETHERMTU 1500 00082 00083 #ifndef IPPROTO_SCTP 00084 #define IPPROTO_SCTP 132 00085 #endif 00086 00087 #ifdef HAVE_OS_PROTO_H 00088 #include "os-proto.h" 00089 #endif 00090 00091 #define JMP(c) ((c)|BPF_JMP|BPF_K) 00092 00093 /* Locals */ 00094 static jmp_buf top_ctx; 00095 static pcap_t *bpf_pcap; 00096 00097 /* Hack for updating VLAN offsets. */ 00098 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 00099 00100 /* XXX */ 00101 #ifdef PCAP_FDDIPAD 00102 int pcap_fddipad = PCAP_FDDIPAD; 00103 #else 00104 int pcap_fddipad; 00105 #endif 00106 00107 /* VARARGS */ 00108 void 00109 bpf_error(const char *fmt, ...) 00110 00111 { 00112 va_list ap; 00113 00114 va_start(ap, fmt); 00115 if (bpf_pcap != NULL) 00116 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 00117 fmt, ap); 00118 va_end(ap); 00119 longjmp(top_ctx, 1); 00120 /* NOTREACHED */ 00121 } 00122 00123 static void init_linktype(int); 00124 00125 static int alloc_reg(void); 00126 static void free_reg(int); 00127 00128 static struct block *root; 00129 00130 /* 00131 * We divy out chunks of memory rather than call malloc each time so 00132 * we don't have to worry about leaking memory. It's probably 00133 * not a big deal if all this memory was wasted but it this ever 00134 * goes into a library that would probably not be a good idea. 00135 */ 00136 #define NCHUNKS 16 00137 #define CHUNK0SIZE 1024 00138 struct chunk { 00139 u_int n_left; 00140 void *m; 00141 }; 00142 00143 static struct chunk chunks[NCHUNKS]; 00144 static int cur_chunk; 00145 00146 static void *newchunk(u_int); 00147 static void freechunks(void); 00148 static inline struct block *new_block(int); 00149 static inline struct slist *new_stmt(int); 00150 static struct block *gen_retblk(int); 00151 static inline void syntax(void); 00152 00153 static void backpatch(struct block *, struct block *); 00154 static void merge(struct block *, struct block *); 00155 static struct block *gen_cmp(u_int, u_int, bpf_int32); 00156 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 00157 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 00158 static struct block *gen_bcmp(u_int, u_int, const u_char *); 00159 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32, 00160 bpf_u_int32, bpf_u_int32, int); 00161 static struct block *gen_uncond(int); 00162 static inline struct block *gen_true(void); 00163 static inline struct block *gen_false(void); 00164 static struct block *gen_ether_linktype(int); 00165 static struct block *gen_linktype(int); 00166 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int); 00167 static struct block *gen_llc(int); 00168 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 00169 #ifdef INET6 00170 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 00171 #endif 00172 static struct block *gen_ahostop(const u_char *, int); 00173 static struct block *gen_ehostop(const u_char *, int); 00174 static struct block *gen_fhostop(const u_char *, int); 00175 static struct block *gen_thostop(const u_char *, int); 00176 static struct block *gen_wlanhostop(const u_char *, int); 00177 static struct block *gen_ipfchostop(const u_char *, int); 00178 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 00179 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 00180 #ifdef INET6 00181 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 00182 #endif 00183 #ifndef INET6 00184 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 00185 #endif 00186 static struct block *gen_ipfrag(void); 00187 static struct block *gen_portatom(int, bpf_int32); 00188 #ifdef INET6 00189 static struct block *gen_portatom6(int, bpf_int32); 00190 #endif 00191 struct block *gen_portop(int, int, int); 00192 static struct block *gen_port(int, int, int); 00193 #ifdef INET6 00194 struct block *gen_portop6(int, int, int); 00195 static struct block *gen_port6(int, int, int); 00196 #endif 00197 static int lookup_proto(const char *, int); 00198 static struct block *gen_protochain(int, int, int); 00199 static struct block *gen_proto(int, int, int); 00200 static struct slist *xfer_to_x(struct arth *); 00201 static struct slist *xfer_to_a(struct arth *); 00202 static struct block *gen_mac_multicast(int); 00203 static struct block *gen_len(int, int); 00204 00205 static struct block *gen_msg_abbrev(int type); 00206 00207 static void * 00208 newchunk(n) 00209 u_int n; 00210 { 00211 struct chunk *cp; 00212 int k; 00213 size_t size; 00214 00215 #ifndef __NetBSD__ 00216 /* XXX Round up to nearest long. */ 00217 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 00218 #else 00219 /* XXX Round up to structure boundary. */ 00220 n = ALIGN(n); 00221 #endif 00222 00223 cp = &chunks[cur_chunk]; 00224 if (n > cp->n_left) { 00225 ++cp, k = ++cur_chunk; 00226 if (k >= NCHUNKS) 00227 bpf_error("out of memory"); 00228 size = CHUNK0SIZE << k; 00229 cp->m = (void *)malloc(size); 00230 if (cp->m == NULL) 00231 bpf_error("out of memory"); 00232 memset((char *)cp->m, 0, size); 00233 cp->n_left = size; 00234 if (n > size) 00235 bpf_error("out of memory"); 00236 } 00237 cp->n_left -= n; 00238 return (void *)((char *)cp->m + cp->n_left); 00239 } 00240 00241 static void 00242 freechunks() 00243 { 00244 int i; 00245 00246 cur_chunk = 0; 00247 for (i = 0; i < NCHUNKS; ++i) 00248 if (chunks[i].m != NULL) { 00249 free(chunks[i].m); 00250 chunks[i].m = NULL; 00251 } 00252 } 00253 00254 /* 00255 * A strdup whose allocations are freed after code generation is over. 00256 */ 00257 char * 00258 sdup(s) 00259 register const char *s; 00260 { 00261 int n = strlen(s) + 1; 00262 char *cp = newchunk(n); 00263 00264 strlcpy(cp, s, n); 00265 return (cp); 00266 } 00267 00268 static inline struct block * 00269 new_block(code) 00270 int code; 00271 { 00272 struct block *p; 00273 00274 p = (struct block *)newchunk(sizeof(*p)); 00275 p->s.code = code; 00276 p->head = p; 00277 00278 return p; 00279 } 00280 00281 static inline struct slist * 00282 new_stmt(code) 00283 int code; 00284 { 00285 struct slist *p; 00286 00287 p = (struct slist *)newchunk(sizeof(*p)); 00288 p->s.code = code; 00289 00290 return p; 00291 } 00292 00293 static struct block * 00294 gen_retblk(v) 00295 int v; 00296 { 00297 struct block *b = new_block(BPF_RET|BPF_K); 00298 00299 b->s.k = v; 00300 return b; 00301 } 00302 00303 static inline void 00304 syntax() 00305 { 00306 bpf_error("syntax error in filter expression"); 00307 } 00308 00309 static bpf_u_int32 netmask; 00310 static int snaplen; 00311 int no_optimize; 00312 00313 int 00314 pcap_compile(pcap_t *p, struct bpf_program *program, 00315 char *buf, int optimize, bpf_u_int32 mask) 00316 { 00317 extern int n_errors; 00318 int len; 00319 00320 #ifdef HAVE_REMOTE 00321 /* 00322 Check if: 00323 - We are on an remote capture 00324 - we do not want to capture RPCAP traffic 00325 00326 If so, we have to save the current filter, because we have to add some 00327 piece of stuff later 00328 */ 00329 if ( (p->rmt_clientside) && (p->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP) ) 00330 { 00331 int bufferlen; 00332 00333 if (p->currentfilter) 00334 free (p->currentfilter); 00335 00336 if (buf) 00337 bufferlen= strlen(buf) + 1; 00338 else 00339 bufferlen= 1; 00340 00341 p->currentfilter= (char *) malloc( sizeof(char) * bufferlen); 00342 00343 strncpy(p->currentfilter, buf, bufferlen); 00344 00345 p->currentfilter[bufferlen - 1]= 0; 00346 } 00347 #endif /* HAVE_REMOTE */ 00348 00349 no_optimize = 0; 00350 n_errors = 0; 00351 root = NULL; 00352 bpf_pcap = p; 00353 if (setjmp(top_ctx)) { 00354 lex_cleanup(); 00355 freechunks(); 00356 return (-1); 00357 } 00358 00359 netmask = mask; 00360 00361 snaplen = pcap_snapshot(p); 00362 if (snaplen == 0) { 00363 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 00364 "snaplen of 0 rejects all packets"); 00365 return -1; 00366 } 00367 00368 lex_init(buf ? buf : ""); 00369 init_linktype(pcap_datalink(p)); 00370 (void)pcap_parse(); 00371 00372 if (n_errors) 00373 syntax(); 00374 00375 if (root == NULL) 00376 root = gen_retblk(snaplen); 00377 00378 if (optimize && !no_optimize) { 00379 bpf_optimize(&root); 00380 if (root == NULL || 00381 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 00382 bpf_error("expression rejects all packets"); 00383 } 00384 program->bf_insns = icode_to_fcode(root, &len); 00385 program->bf_len = len; 00386 00387 lex_cleanup(); 00388 freechunks(); 00389 return (0); 00390 } 00391 00392 /* 00393 * entry point for using the compiler with no pcap open 00394 * pass in all the stuff that is needed explicitly instead. 00395 */ 00396 int 00397 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 00398 struct bpf_program *program, 00399 char *buf, int optimize, bpf_u_int32 mask) 00400 { 00401 pcap_t *p; 00402 int ret; 00403 00404 p = pcap_open_dead(linktype_arg, snaplen_arg); 00405 if (p == NULL) 00406 return (-1); 00407 ret = pcap_compile(p, program, buf, optimize, mask); 00408 pcap_close(p); 00409 return (ret); 00410 } 00411 00412 /* 00413 * Clean up a "struct bpf_program" by freeing all the memory allocated 00414 * in it. 00415 */ 00416 void 00417 pcap_freecode(struct bpf_program *program) 00418 { 00419 program->bf_len = 0; 00420 if (program->bf_insns != NULL) { 00421 free((char *)program->bf_insns); 00422 program->bf_insns = NULL; 00423 } 00424 } 00425 00426 /* 00427 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 00428 * which of the jt and jf fields has been resolved and which is a pointer 00429 * back to another unresolved block (or nil). At least one of the fields 00430 * in each block is already resolved. 00431 */ 00432 static void 00433 backpatch(list, target) 00434 struct block *list, *target; 00435 { 00436 struct block *next; 00437 00438 while (list) { 00439 if (!list->sense) { 00440 next = JT(list); 00441 JT(list) = target; 00442 } else { 00443 next = JF(list); 00444 JF(list) = target; 00445 } 00446 list = next; 00447 } 00448 } 00449 00450 /* 00451 * Merge the lists in b0 and b1, using the 'sense' field to indicate 00452 * which of jt and jf is the link. 00453 */ 00454 static void 00455 merge(b0, b1) 00456 struct block *b0, *b1; 00457 { 00458 register struct block **p = &b0; 00459 00460 /* Find end of list. */ 00461 while (*p) 00462 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 00463 00464 /* Concatenate the lists. */ 00465 *p = b1; 00466 } 00467 00468 void 00469 finish_parse(p) 00470 struct block *p; 00471 { 00472 backpatch(p, gen_retblk(snaplen)); 00473 p->sense = !p->sense; 00474 backpatch(p, gen_retblk(0)); 00475 root = p->head; 00476 } 00477 00478 void 00479 gen_and(b0, b1) 00480 struct block *b0, *b1; 00481 { 00482 backpatch(b0, b1->head); 00483 b0->sense = !b0->sense; 00484 b1->sense = !b1->sense; 00485 merge(b1, b0); 00486 b1->sense = !b1->sense; 00487 b1->head = b0->head; 00488 } 00489 00490 void 00491 gen_or(b0, b1) 00492 struct block *b0, *b1; 00493 { 00494 b0->sense = !b0->sense; 00495 backpatch(b0, b1->head); 00496 b0->sense = !b0->sense; 00497 merge(b1, b0); 00498 b1->head = b0->head; 00499 } 00500 00501 void 00502 gen_not(b) 00503 struct block *b; 00504 { 00505 b->sense = !b->sense; 00506 } 00507 00508 static struct block * 00509 gen_cmp(offset, size, v) 00510 u_int offset, size; 00511 bpf_int32 v; 00512 { 00513 struct slist *s; 00514 struct block *b; 00515 00516 s = new_stmt(BPF_LD|BPF_ABS|size); 00517 s->s.k = offset; 00518 00519 b = new_block(JMP(BPF_JEQ)); 00520 b->stmts = s; 00521 b->s.k = v; 00522 00523 return b; 00524 } 00525 00526 static struct block * 00527 gen_cmp_gt(offset, size, v) 00528 u_int offset, size; 00529 bpf_int32 v; 00530 { 00531 struct slist *s; 00532 struct block *b; 00533 00534 s = new_stmt(BPF_LD|BPF_ABS|size); 00535 s->s.k = offset; 00536 00537 b = new_block(JMP(BPF_JGT)); 00538 b->stmts = s; 00539 b->s.k = v; 00540 00541 return b; 00542 } 00543 00544 static struct block * 00545 gen_mcmp(offset, size, v, mask) 00546 u_int offset, size; 00547 bpf_int32 v; 00548 bpf_u_int32 mask; 00549 { 00550 struct block *b = gen_cmp(offset, size, v); 00551 struct slist *s; 00552 00553 if (mask != 0xffffffff) { 00554 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 00555 s->s.k = mask; 00556 b->stmts->next = s; 00557 } 00558 return b; 00559 } 00560 00561 static struct block * 00562 gen_bcmp(offset, size, v) 00563 register u_int offset, size; 00564 register const u_char *v; 00565 { 00566 register struct block *b, *tmp; 00567 00568 b = NULL; 00569 while (size >= 4) { 00570 register const u_char *p = &v[size - 4]; 00571 bpf_int32 w = ((bpf_int32)p[0] << 24) | 00572 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 00573 00574 tmp = gen_cmp(offset + size - 4, BPF_W, w); 00575 if (b != NULL) 00576 gen_and(b, tmp); 00577 b = tmp; 00578 size -= 4; 00579 } 00580 while (size >= 2) { 00581 register const u_char *p = &v[size - 2]; 00582 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 00583 00584 tmp = gen_cmp(offset + size - 2, BPF_H, w); 00585 if (b != NULL) 00586 gen_and(b, tmp); 00587 b = tmp; 00588 size -= 2; 00589 } 00590 if (size > 0) { 00591 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 00592 if (b != NULL) 00593 gen_and(b, tmp); 00594 b = tmp; 00595 } 00596 return b; 00597 } 00598 00599 static struct block * 00600 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse) 00601 bpf_u_int32 datasize, offset, mask, jtype, jvalue; 00602 int reverse; 00603 { 00604 struct slist *s; 00605 struct block *b; 00606 00607 s = new_stmt(BPF_LD|datasize|BPF_ABS); 00608 s->s.k = offset; 00609 00610 if (mask != 0xffffffff) { 00611 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K); 00612 s->next->s.k = mask; 00613 } 00614 00615 b = new_block(JMP(jtype)); 00616 b->stmts = s; 00617 b->s.k = jvalue; 00618 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE)) 00619 gen_not(b); 00620 return b; 00621 } 00622 00623 /* 00624 * Various code constructs need to know the layout of the data link 00625 * layer. These variables give the necessary offsets. 00626 */ 00627 00628 /* 00629 * This is the offset of the beginning of the MAC-layer header. 00630 * It's usually 0, except for ATM LANE. 00631 */ 00632 static u_int off_mac; 00633 00634 /* 00635 * "off_linktype" is the offset to information in the link-layer header 00636 * giving the packet type. 00637 * 00638 * For Ethernet, it's the offset of the Ethernet type field. 00639 * 00640 * For link-layer types that always use 802.2 headers, it's the 00641 * offset of the LLC header. 00642 * 00643 * For PPP, it's the offset of the PPP type field. 00644 * 00645 * For Cisco HDLC, it's the offset of the CHDLC type field. 00646 * 00647 * For BSD loopback, it's the offset of the AF_ value. 00648 * 00649 * For Linux cooked sockets, it's the offset of the type field. 00650 * 00651 * It's set to -1 for no encapsulation, in which case, IP is assumed. 00652 */ 00653 static u_int off_linktype; 00654 00655 /* 00656 * TRUE if the link layer includes an ATM pseudo-header. 00657 */ 00658 static int is_atm = 0; 00659 00660 /* 00661 * TRUE if "lane" appeared in the filter; it causes us to generate 00662 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM. 00663 */ 00664 static int is_lane = 0; 00665 00666 /* 00667 * These are offsets for the ATM pseudo-header. 00668 */ 00669 static u_int off_vpi; 00670 static u_int off_vci; 00671 static u_int off_proto; 00672 00673 /* 00674 * This is the offset of the first byte after the ATM pseudo_header, 00675 * or -1 if there is no ATM pseudo-header. 00676 */ 00677 static u_int off_payload; 00678 00679 /* 00680 * These are offsets to the beginning of the network-layer header. 00681 * 00682 * If the link layer never uses 802.2 LLC: 00683 * 00684 * "off_nl" and "off_nl_nosnap" are the same. 00685 * 00686 * If the link layer always uses 802.2 LLC: 00687 * 00688 * "off_nl" is the offset if there's a SNAP header following 00689 * the 802.2 header; 00690 * 00691 * "off_nl_nosnap" is the offset if there's no SNAP header. 00692 * 00693 * If the link layer is Ethernet: 00694 * 00695 * "off_nl" is the offset if the packet is an Ethernet II packet 00696 * (we assume no 802.3+802.2+SNAP); 00697 * 00698 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 00699 * with an 802.2 header following it. 00700 */ 00701 static u_int off_nl; 00702 static u_int off_nl_nosnap; 00703 00704 static int linktype; 00705 00706 static void 00707 init_linktype(type) 00708 int type; 00709 { 00710 linktype = type; 00711 00712 /* 00713 * Assume it's not raw ATM with a pseudo-header, for now. 00714 */ 00715 off_mac = 0; 00716 is_atm = 0; 00717 is_lane = 0; 00718 off_vpi = -1; 00719 off_vci = -1; 00720 off_proto = -1; 00721 off_payload = -1; 00722 00723 orig_linktype = -1; 00724 orig_nl = -1; 00725 orig_nl_nosnap = -1; 00726 00727 switch (type) { 00728 00729 case DLT_ARCNET: 00730 off_linktype = 2; 00731 off_nl = 6; /* XXX in reality, variable! */ 00732 off_nl_nosnap = 6; /* no 802.2 LLC */ 00733 return; 00734 00735 case DLT_ARCNET_LINUX: 00736 off_linktype = 4; 00737 off_nl = 8; /* XXX in reality, variable! */ 00738 off_nl_nosnap = 8; /* no 802.2 LLC */ 00739 return; 00740 00741 case DLT_EN10MB: 00742 off_linktype = 12; 00743 off_nl = 14; /* Ethernet II */ 00744 off_nl_nosnap = 17; /* 802.3+802.2 */ 00745 return; 00746 00747 case DLT_SLIP: 00748 /* 00749 * SLIP doesn't have a link level type. The 16 byte 00750 * header is hacked into our SLIP driver. 00751 */ 00752 off_linktype = -1; 00753 off_nl = 16; 00754 off_nl_nosnap = 16; /* no 802.2 LLC */ 00755 return; 00756 00757 case DLT_SLIP_BSDOS: 00758 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 00759 off_linktype = -1; 00760 /* XXX end */ 00761 off_nl = 24; 00762 off_nl_nosnap = 24; /* no 802.2 LLC */ 00763 return; 00764 00765 case DLT_NULL: 00766 case DLT_LOOP: 00767 off_linktype = 0; 00768 off_nl = 4; 00769 off_nl_nosnap = 4; /* no 802.2 LLC */ 00770 return; 00771 00772 case DLT_ENC: 00773 off_linktype = 0; 00774 off_nl = 12; 00775 off_nl_nosnap = 12; /* no 802.2 LLC */ 00776 return; 00777 00778 case DLT_PFLOG: 00779 off_linktype = 0; 00780 off_nl = 28; 00781 off_nl_nosnap = 28; /* no 802.2 LLC */ 00782 return; 00783 00784 case DLT_PPP: 00785 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 00786 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 00787 off_linktype = 2; 00788 off_nl = 4; 00789 off_nl_nosnap = 4; /* no 802.2 LLC */ 00790 return; 00791 00792 case DLT_PPP_ETHER: 00793 /* 00794 * This does no include the Ethernet header, and 00795 * only covers session state. 00796 */ 00797 off_linktype = 6; 00798 off_nl = 8; 00799 off_nl_nosnap = 8; /* no 802.2 LLC */ 00800 return; 00801 00802 case DLT_PPP_BSDOS: 00803 off_linktype = 5; 00804 off_nl = 24; 00805 off_nl_nosnap = 24; /* no 802.2 LLC */ 00806 return; 00807 00808 case DLT_FDDI: 00809 /* 00810 * FDDI doesn't really have a link-level type field. 00811 * We set "off_linktype" to the offset of the LLC header. 00812 * 00813 * To check for Ethernet types, we assume that SSAP = SNAP 00814 * is being used and pick out the encapsulated Ethernet type. 00815 * XXX - should we generate code to check for SNAP? 00816 */ 00817 off_linktype = 13; 00818 #ifdef PCAP_FDDIPAD 00819 off_linktype += pcap_fddipad; 00820 #endif 00821 off_nl = 21; /* FDDI+802.2+SNAP */ 00822 off_nl_nosnap = 16; /* FDDI+802.2 */ 00823 #ifdef PCAP_FDDIPAD 00824 off_nl += pcap_fddipad; 00825 off_nl_nosnap += pcap_fddipad; 00826 #endif 00827 return; 00828 00829 case DLT_IEEE802: 00830 /* 00831 * Token Ring doesn't really have a link-level type field. 00832 * We set "off_linktype" to the offset of the LLC header. 00833 * 00834 * To check for Ethernet types, we assume that SSAP = SNAP 00835 * is being used and pick out the encapsulated Ethernet type. 00836 * XXX - should we generate code to check for SNAP? 00837 * 00838 * XXX - the header is actually variable-length. 00839 * Some various Linux patched versions gave 38 00840 * as "off_linktype" and 40 as "off_nl"; however, 00841 * if a token ring packet has *no* routing 00842 * information, i.e. is not source-routed, the correct 00843 * values are 20 and 22, as they are in the vanilla code. 00844 * 00845 * A packet is source-routed iff the uppermost bit 00846 * of the first byte of the source address, at an 00847 * offset of 8, has the uppermost bit set. If the 00848 * packet is source-routed, the total number of bytes 00849 * of routing information is 2 plus bits 0x1F00 of 00850 * the 16-bit value at an offset of 14 (shifted right 00851 * 8 - figure out which byte that is). 00852 */ 00853 off_linktype = 14; 00854 off_nl = 22; /* Token Ring+802.2+SNAP */ 00855 off_nl_nosnap = 17; /* Token Ring+802.2 */ 00856 return; 00857 00858 case DLT_IEEE802_11: 00859 /* 00860 * 802.11 doesn't really have a link-level type field. 00861 * We set "off_linktype" to the offset of the LLC header. 00862 * 00863 * To check for Ethernet types, we assume that SSAP = SNAP 00864 * is being used and pick out the encapsulated Ethernet type. 00865 * XXX - should we generate code to check for SNAP? 00866 * 00867 * XXX - the header is actually variable-length. We 00868 * assume a 24-byte link-layer header, as appears in 00869 * data frames in networks with no bridges. 00870 */ 00871 off_linktype = 24; 00872 off_nl = 32; /* 802.11+802.2+SNAP */ 00873 off_nl_nosnap = 27; /* 802.11+802.2 */ 00874 return; 00875 00876 case DLT_PRISM_HEADER: 00877 /* 00878 * Same as 802.11, but with an additional header before 00879 * the 802.11 header, containing a bunch of additional 00880 * information including radio-level information. 00881 * 00882 * The header is 144 bytes long. 00883 * 00884 * XXX - same variable-length header problem; at least 00885 * the Prism header is fixed-length. 00886 */ 00887 off_linktype = 144+24; 00888 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */ 00889 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */ 00890 return; 00891 00892 case DLT_IEEE802_11_RADIO: 00893 /* 00894 * Same as 802.11, but with an additional header before 00895 * the 802.11 header, containing a bunch of additional 00896 * information including radio-level information. 00897 * 00898 * The header is 64 bytes long. 00899 * 00900 * XXX - same variable-length header problem, only 00901 * more so; this header is also variable-length, 00902 * with the length being the 32-bit big-endian 00903 * number at an offset of 4 from the beginning 00904 * of the radio header. 00905 */ 00906 off_linktype = 64+24; 00907 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */ 00908 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */ 00909 return; 00910 00911 case DLT_ATM_RFC1483: 00912 case DLT_ATM_CLIP: /* Linux ATM defines this */ 00913 /* 00914 * assume routed, non-ISO PDUs 00915 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 00916 */ 00917 off_linktype = 0; 00918 off_nl = 8; /* 802.2+SNAP */ 00919 off_nl_nosnap = 3; /* 802.2 */ 00920 return; 00921 00922 case DLT_SUNATM: 00923 /* 00924 * Full Frontal ATM; you get AALn PDUs with an ATM 00925 * pseudo-header. 00926 */ 00927 is_atm = 1; 00928 off_vpi = SUNATM_VPI_POS; 00929 off_vci = SUNATM_VCI_POS; 00930 off_proto = PROTO_POS; 00931 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */ 00932 off_payload = SUNATM_PKT_BEGIN_POS; 00933 off_linktype = off_payload; 00934 off_nl = off_payload+8; /* 802.2+SNAP */ 00935 off_nl_nosnap = off_payload+3; /* 802.2 */ 00936 return; 00937 00938 case DLT_RAW: 00939 off_linktype = -1; 00940 off_nl = 0; 00941 off_nl_nosnap = 0; /* no 802.2 LLC */ 00942 return; 00943 00944 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 00945 off_linktype = 14; 00946 off_nl = 16; 00947 off_nl_nosnap = 16; /* no 802.2 LLC */ 00948 return; 00949 00950 case DLT_LTALK: 00951 /* 00952 * LocalTalk does have a 1-byte type field in the LLAP header, 00953 * but really it just indicates whether there is a "short" or 00954 * "long" DDP packet following. 00955 */ 00956 off_linktype = -1; 00957 off_nl = 0; 00958 off_nl_nosnap = 0; /* no 802.2 LLC */ 00959 return; 00960 00961 case DLT_IP_OVER_FC: 00962 /* 00963 * RFC 2625 IP-over-Fibre-Channel doesn't really have a 00964 * link-level type field. We set "off_linktype" to the 00965 * offset of the LLC header. 00966 * 00967 * To check for Ethernet types, we assume that SSAP = SNAP 00968 * is being used and pick out the encapsulated Ethernet type. 00969 * XXX - should we generate code to check for SNAP? RFC 00970 * 2625 says SNAP should be used. 00971 */ 00972 off_linktype = 16; 00973 off_nl = 24; /* IPFC+802.2+SNAP */ 00974 off_nl_nosnap = 19; /* IPFC+802.2 */ 00975 return; 00976 00977 case DLT_FRELAY: 00978 /* 00979 * XXX - we should set this to handle SNAP-encapsulated 00980 * frames (NLPID of 0x80). 00981 */ 00982 off_linktype = -1; 00983 off_nl = 0; 00984 off_nl_nosnap = 0; /* no 802.2 LLC */ 00985 return; 00986 00987 case DLT_LINUX_IRDA: 00988 /* 00989 * Currently, only raw "link[N:M]" filtering is supported. 00990 */ 00991 off_linktype = -1; 00992 off_nl = -1; 00993 off_nl_nosnap = -1; 00994 return; 00995 00996 case DLT_DOCSIS: 00997 /* 00998 * Currently, only raw "link[N:M]" filtering is supported. 00999 */ 01000 off_linktype = -1; 01001 off_nl = -1; 01002 off_nl_nosnap = -1; 01003 return; 01004 } 01005 bpf_error("unknown data link type %d", linktype); 01006 /* NOTREACHED */ 01007 } 01008 01009 static struct block * 01010 gen_uncond(rsense) 01011 int rsense; 01012 { 01013 struct block *b; 01014 struct slist *s; 01015 01016 s = new_stmt(BPF_LD|BPF_IMM); 01017 s->s.k = !rsense; 01018 b = new_block(JMP(BPF_JEQ)); 01019 b->stmts = s; 01020 01021 return b; 01022 } 01023 01024 static inline struct block * 01025 gen_true() 01026 { 01027 return gen_uncond(1); 01028 } 01029 01030 static inline struct block * 01031 gen_false() 01032 { 01033 return gen_uncond(0); 01034 } 01035 01036 /* 01037 * Byte-swap a 32-bit number. 01038 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 01039 * big-endian platforms.) 01040 */ 01041 #define SWAPLONG(y) \ 01042 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 01043 01044 static struct block * 01045 gen_ether_linktype(proto) 01046 register int proto; 01047 { 01048 struct block *b0, *b1; 01049 01050 switch (proto) { 01051 01052 case LLCSAP_ISONS: 01053 /* 01054 * OSI protocols always use 802.2 encapsulation. 01055 * XXX - should we check both the DSAP and the 01056 * SSAP, like this, or should we check just the 01057 * DSAP? 01058 */ 01059 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01060 gen_not(b0); 01061 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01062 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01063 gen_and(b0, b1); 01064 return b1; 01065 01066 case LLCSAP_IP: 01067 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01068 gen_not(b0); 01069 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01070 ((LLCSAP_IP << 8) | LLCSAP_IP)); 01071 gen_and(b0, b1); 01072 return b1; 01073 01074 case LLCSAP_NETBEUI: 01075 /* 01076 * NetBEUI always uses 802.2 encapsulation. 01077 * XXX - should we check both the DSAP and the 01078 * SSAP, like this, or should we check just the 01079 * DSAP? 01080 */ 01081 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01082 gen_not(b0); 01083 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01084 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01085 gen_and(b0, b1); 01086 return b1; 01087 01088 case LLCSAP_IPX: 01089 /* 01090 * Check for; 01091 * 01092 * Ethernet_II frames, which are Ethernet 01093 * frames with a frame type of ETHERTYPE_IPX; 01094 * 01095 * Ethernet_802.3 frames, which are 802.3 01096 * frames (i.e., the type/length field is 01097 * a length field, <= ETHERMTU, rather than 01098 * a type field) with the first two bytes 01099 * after the Ethernet/802.3 header being 01100 * 0xFFFF; 01101 * 01102 * Ethernet_802.2 frames, which are 802.3 01103 * frames with an 802.2 LLC header and 01104 * with the IPX LSAP as the DSAP in the LLC 01105 * header; 01106 * 01107 * Ethernet_SNAP frames, which are 802.3 01108 * frames with an LLC header and a SNAP 01109 * header and with an OUI of 0x000000 01110 * (encapsulated Ethernet) and a protocol 01111 * ID of ETHERTYPE_IPX in the SNAP header. 01112 * 01113 * XXX - should we generate the same code both 01114 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 01115 */ 01116 01117 /* 01118 * This generates code to check both for the 01119 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 01120 */ 01121 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX); 01122 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF); 01123 gen_or(b0, b1); 01124 01125 /* 01126 * Now we add code to check for SNAP frames with 01127 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 01128 */ 01129 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 01130 gen_or(b0, b1); 01131 01132 /* 01133 * Now we generate code to check for 802.3 01134 * frames in general. 01135 */ 01136 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01137 gen_not(b0); 01138 01139 /* 01140 * Now add the check for 802.3 frames before the 01141 * check for Ethernet_802.2 and Ethernet_802.3, 01142 * as those checks should only be done on 802.3 01143 * frames, not on Ethernet frames. 01144 */ 01145 gen_and(b0, b1); 01146 01147 /* 01148 * Now add the check for Ethernet_II frames, and 01149 * do that before checking for the other frame 01150 * types. 01151 */ 01152 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX); 01153 gen_or(b0, b1); 01154 return b1; 01155 01156 case ETHERTYPE_ATALK: 01157 case ETHERTYPE_AARP: 01158 /* 01159 * EtherTalk (AppleTalk protocols on Ethernet link 01160 * layer) may use 802.2 encapsulation. 01161 */ 01162 01163 /* 01164 * Check for 802.2 encapsulation (EtherTalk phase 2?); 01165 * we check for an Ethernet type field less than 01166 * 1500, which means it's an 802.3 length field. 01167 */ 01168 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01169 gen_not(b0); 01170 01171 /* 01172 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01173 * SNAP packets with an organization code of 01174 * 0x080007 (Apple, for Appletalk) and a protocol 01175 * type of ETHERTYPE_ATALK (Appletalk). 01176 * 01177 * 802.2-encapsulated ETHERTYPE_AARP packets are 01178 * SNAP packets with an organization code of 01179 * 0x000000 (encapsulated Ethernet) and a protocol 01180 * type of ETHERTYPE_AARP (Appletalk ARP). 01181 */ 01182 if (proto == ETHERTYPE_ATALK) 01183 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 01184 else /* proto == ETHERTYPE_AARP */ 01185 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 01186 gen_and(b0, b1); 01187 01188 /* 01189 * Check for Ethernet encapsulation (Ethertalk 01190 * phase 1?); we just check for the Ethernet 01191 * protocol type. 01192 */ 01193 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01194 01195 gen_or(b0, b1); 01196 return b1; 01197 01198 default: 01199 if (proto <= ETHERMTU) { 01200 /* 01201 * This is an LLC SAP value, so the frames 01202 * that match would be 802.2 frames. 01203 * Check that the frame is an 802.2 frame 01204 * (i.e., that the length/type field is 01205 * a length field, <= ETHERMTU) and 01206 * then check the DSAP. 01207 */ 01208 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01209 gen_not(b0); 01210 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 01211 gen_and(b0, b1); 01212 return b1; 01213 } else { 01214 /* 01215 * This is an Ethernet type, so compare 01216 * the length/type field with it (if 01217 * the frame is an 802.2 frame, the length 01218 * field will be <= ETHERMTU, and, as 01219 * "proto" is > ETHERMTU, this test 01220 * will fail and the frame won't match, 01221 * which is what we want). 01222 */ 01223 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01224 } 01225 } 01226 } 01227 01228 static struct block * 01229 gen_linktype(proto) 01230 register int proto; 01231 { 01232 struct block *b0, *b1, *b2; 01233 01234 switch (linktype) { 01235 01236 case DLT_EN10MB: 01237 return gen_ether_linktype(proto); 01238 break; 01239 01240 case DLT_C_HDLC: 01241 switch (proto) { 01242 01243 case LLCSAP_ISONS: 01244 proto = (proto << 8 | LLCSAP_ISONS); 01245 /* fall through */ 01246 01247 default: 01248 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01249 break; 01250 } 01251 break; 01252 01253 case DLT_IEEE802_11: 01254 case DLT_PRISM_HEADER: 01255 case DLT_IEEE802_11_RADIO: 01256 case DLT_FDDI: 01257 case DLT_IEEE802: 01258 case DLT_ATM_RFC1483: 01259 case DLT_ATM_CLIP: 01260 case DLT_IP_OVER_FC: 01261 return gen_llc(proto); 01262 break; 01263 01264 case DLT_SUNATM: 01265 /* 01266 * If "is_lane" is set, check for a LANE-encapsulated 01267 * version of this protocol, otherwise check for an 01268 * LLC-encapsulated version of this protocol. 01269 * 01270 * We assume LANE means Ethernet, not Token Ring. 01271 */ 01272 if (is_lane) { 01273 /* 01274 * Check that the packet doesn't begin with an 01275 * LE Control marker. (We've already generated 01276 * a test for LANE.) 01277 */ 01278 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 01279 gen_not(b0); 01280 01281 /* 01282 * Now generate an Ethernet test. 01283 */ 01284 b1 = gen_ether_linktype(proto); 01285 gen_and(b0, b1); 01286 return b1; 01287 } else { 01288 /* 01289 * Check for LLC encapsulation and then check the 01290 * protocol. 01291 */ 01292 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 01293 b1 = gen_llc(proto); 01294 gen_and(b0, b1); 01295 return b1; 01296 } 01297 01298 case DLT_LINUX_SLL: 01299 switch (proto) { 01300 01301 case LLCSAP_IP: 01302 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01303 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01304 ((LLCSAP_IP << 8) | LLCSAP_IP)); 01305 gen_and(b0, b1); 01306 return b1; 01307 01308 case LLCSAP_ISONS: 01309 /* 01310 * OSI protocols always use 802.2 encapsulation. 01311 * XXX - should we check both the DSAP and the 01312 * LSAP, like this, or should we check just the 01313 * DSAP? 01314 */ 01315 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01316 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01317 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01318 gen_and(b0, b1); 01319 return b1; 01320 01321 case LLCSAP_NETBEUI: 01322 /* 01323 * NetBEUI always uses 802.2 encapsulation. 01324 * XXX - should we check both the DSAP and the 01325 * LSAP, like this, or should we check just the 01326 * DSAP? 01327 */ 01328 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01329 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01330 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01331 gen_and(b0, b1); 01332 return b1; 01333 01334 case LLCSAP_IPX: 01335 /* 01336 * Ethernet_II frames, which are Ethernet 01337 * frames with a frame type of ETHERTYPE_IPX; 01338 * 01339 * Ethernet_802.3 frames, which have a frame 01340 * type of LINUX_SLL_P_802_3; 01341 * 01342 * Ethernet_802.2 frames, which are 802.3 01343 * frames with an 802.2 LLC header (i.e, have 01344 * a frame type of LINUX_SLL_P_802_2) and 01345 * with the IPX LSAP as the DSAP in the LLC 01346 * header; 01347 * 01348 * Ethernet_SNAP frames, which are 802.3 01349 * frames with an LLC header and a SNAP 01350 * header and with an OUI of 0x000000 01351 * (encapsulated Ethernet) and a protocol 01352 * ID of ETHERTYPE_IPX in the SNAP header. 01353 * 01354 * First, do the checks on LINUX_SLL_P_802_2 01355 * frames; generate the check for either 01356 * Ethernet_802.2 or Ethernet_SNAP frames, and 01357 * then put a check for LINUX_SLL_P_802_2 frames 01358 * before it. 01359 */ 01360 b0 = gen_cmp(off_linktype + 2, BPF_B, 01361 (bpf_int32)LLCSAP_IPX); 01362 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 01363 off_linktype + 2); 01364 gen_or(b0, b1); 01365 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01366 gen_and(b0, b1); 01367 01368 /* 01369 * Now check for 802.3 frames and OR that with 01370 * the previous test. 01371 */ 01372 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3); 01373 gen_or(b0, b1); 01374 01375 /* 01376 * Now add the check for Ethernet_II frames, and 01377 * do that before checking for the other frame 01378 * types. 01379 */ 01380 b0 = gen_cmp(off_linktype, BPF_H, 01381 (bpf_int32)ETHERTYPE_IPX); 01382 gen_or(b0, b1); 01383 return b1; 01384 01385 case ETHERTYPE_ATALK: 01386 case ETHERTYPE_AARP: 01387 /* 01388 * EtherTalk (AppleTalk protocols on Ethernet link 01389 * layer) may use 802.2 encapsulation. 01390 */ 01391 01392 /* 01393 * Check for 802.2 encapsulation (EtherTalk phase 2?); 01394 * we check for the 802.2 protocol type in the 01395 * "Ethernet type" field. 01396 */ 01397 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01398 01399 /* 01400 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01401 * SNAP packets with an organization code of 01402 * 0x080007 (Apple, for Appletalk) and a protocol 01403 * type of ETHERTYPE_ATALK (Appletalk). 01404 * 01405 * 802.2-encapsulated ETHERTYPE_AARP packets are 01406 * SNAP packets with an organization code of 01407 * 0x000000 (encapsulated Ethernet) and a protocol 01408 * type of ETHERTYPE_AARP (Appletalk ARP). 01409 */ 01410 if (proto == ETHERTYPE_ATALK) 01411 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 01412 off_linktype + 2); 01413 else /* proto == ETHERTYPE_AARP */ 01414 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 01415 off_linktype + 2); 01416 gen_and(b0, b1); 01417 01418 /* 01419 * Check for Ethernet encapsulation (Ethertalk 01420 * phase 1?); we just check for the Ethernet 01421 * protocol type. 01422 */ 01423 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01424 01425 gen_or(b0, b1); 01426 return b1; 01427 01428 default: 01429 if (proto <= ETHERMTU) { 01430 /* 01431 * This is an LLC SAP value, so the frames 01432 * that match would be 802.2 frames. 01433 * Check for the 802.2 protocol type 01434 * in the "Ethernet type" field, and 01435 * then check the DSAP. 01436 */ 01437 b0 = gen_cmp(off_linktype, BPF_H, 01438 LINUX_SLL_P_802_2); 01439 b1 = gen_cmp(off_linktype + 2, BPF_B, 01440 (bpf_int32)proto); 01441 gen_and(b0, b1); 01442 return b1; 01443 } else { 01444 /* 01445 * This is an Ethernet type, so compare 01446 * the length/type field with it (if 01447 * the frame is an 802.2 frame, the length 01448 * field will be <= ETHERMTU, and, as 01449 * "proto" is > ETHERMTU, this test 01450 * will fail and the frame won't match, 01451 * which is what we want). 01452 */ 01453 return gen_cmp(off_linktype, BPF_H, 01454 (bpf_int32)proto); 01455 } 01456 } 01457 break; 01458 01459 case DLT_SLIP: 01460 case DLT_SLIP_BSDOS: 01461 case DLT_RAW: 01462 /* 01463 * These types don't provide any type field; packets 01464 * are always IP. 01465 * 01466 * XXX - for IPv4, check for a version number of 4, and, 01467 * for IPv6, check for a version number of 6? 01468 */ 01469 switch (proto) { 01470 01471 case ETHERTYPE_IP: 01472 #ifdef INET6 01473 case ETHERTYPE_IPV6: 01474 #endif 01475 return gen_true(); /* always true */ 01476 01477 default: 01478 return gen_false(); /* always false */ 01479 } 01480 break; 01481 01482 case DLT_PPP: 01483 case DLT_PPP_SERIAL: 01484 case DLT_PPP_ETHER: 01485 /* 01486 * We use Ethernet protocol types inside libpcap; 01487 * map them to the corresponding PPP protocol types. 01488 */ 01489 switch (proto) { 01490 01491 case ETHERTYPE_IP: 01492 proto = PPP_IP; 01493 break; 01494 01495 #ifdef INET6 01496 case ETHERTYPE_IPV6: 01497 proto = PPP_IPV6; 01498 break; 01499 #endif 01500 01501 case ETHERTYPE_DN: 01502 proto = PPP_DECNET; 01503 break; 01504 01505 case ETHERTYPE_ATALK: 01506 proto = PPP_APPLE; 01507 break; 01508 01509 case ETHERTYPE_NS: 01510 proto = PPP_NS; 01511 break; 01512 01513 case LLCSAP_ISONS: 01514 proto = PPP_OSI; 01515 break; 01516 01517 case LLCSAP_8021D: 01518 /* 01519 * I'm assuming the "Bridging PDU"s that go 01520 * over PPP are Spanning Tree Protocol 01521 * Bridging PDUs. 01522 */ 01523 proto = PPP_BRPDU; 01524 break; 01525 01526 case LLCSAP_IPX: 01527 proto = PPP_IPX; 01528 break; 01529 } 01530 break; 01531 01532 case DLT_PPP_BSDOS: 01533 /* 01534 * We use Ethernet protocol types inside libpcap; 01535 * map them to the corresponding PPP protocol types. 01536 */ 01537 switch (proto) { 01538 01539 case ETHERTYPE_IP: 01540 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 01541 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 01542 gen_or(b0, b1); 01543 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 01544 gen_or(b1, b0); 01545 return b0; 01546 01547 #ifdef INET6 01548 case ETHERTYPE_IPV6: 01549 proto = PPP_IPV6; 01550 /* more to go? */ 01551 break; 01552 #endif 01553 01554 case ETHERTYPE_DN: 01555 proto = PPP_DECNET; 01556 break; 01557 01558 case ETHERTYPE_ATALK: 01559 proto = PPP_APPLE; 01560 break; 01561 01562 case ETHERTYPE_NS: 01563 proto = PPP_NS; 01564 break; 01565 01566 case LLCSAP_ISONS: 01567 proto = PPP_OSI; 01568 break; 01569 01570 case LLCSAP_8021D: 01571 /* 01572 * I'm assuming the "Bridging PDU"s that go 01573 * over PPP are Spanning Tree Protocol 01574 * Bridging PDUs. 01575 */ 01576 proto = PPP_BRPDU; 01577 break; 01578 01579 case LLCSAP_IPX: 01580 proto = PPP_IPX; 01581 break; 01582 } 01583 break; 01584 01585 case DLT_NULL: 01586 case DLT_LOOP: 01587 case DLT_ENC: 01588 case DLT_PFLOG: 01589 /* 01590 * For DLT_NULL, the link-layer header is a 32-bit 01591 * word containing an AF_ value in *host* byte order, 01592 * and for DLT_ENC, the link-layer header begins 01593 * with a 32-bit work containing an AF_ value in 01594 * host byte order. 01595 * 01596 * In addition, if we're reading a saved capture file, 01597 * the host byte order in the capture may not be the 01598 * same as the host byte order on this machine. 01599 * 01600 * For DLT_LOOP, the link-layer header is a 32-bit 01601 * word containing an AF_ value in *network* byte order. 01602 * 01603 * XXX - AF_ values may, unfortunately, be platform- 01604 * dependent; for example, FreeBSD's AF_INET6 is 24 01605 * whilst NetBSD's and OpenBSD's is 26. 01606 * 01607 * This means that, when reading a capture file, just 01608 * checking for our AF_INET6 value won't work if the 01609 * capture file came from another OS. 01610 * 01611 * XXX - what's the byte order for DLT_PFLOG? 01612 */ 01613 switch (proto) { 01614 01615 case ETHERTYPE_IP: 01616 proto = AF_INET; 01617 break; 01618 01619 #ifdef INET6 01620 case ETHERTYPE_IPV6: 01621 proto = AF_INET6; 01622 break; 01623 #endif 01624 01625 default: 01626 /* 01627 * Not a type on which we support filtering. 01628 * XXX - support those that have AF_ values 01629 * #defined on this platform, at least? 01630 */ 01631 return gen_false(); 01632 } 01633 01634 if (linktype == DLT_NULL || linktype == DLT_ENC) { 01635 /* 01636 * The AF_ value is in host byte order, but 01637 * the BPF interpreter will convert it to 01638 * network byte order. 01639 * 01640 * If this is a save file, and it's from a 01641 * machine with the opposite byte order to 01642 * ours, we byte-swap the AF_ value. 01643 * 01644 * Then we run it through "htonl()", and 01645 * generate code to compare against the result. 01646 */ 01647 if (bpf_pcap->sf.rfile != NULL && 01648 bpf_pcap->sf.swapped) 01649 proto = SWAPLONG(proto); 01650 proto = htonl(proto); 01651 } 01652 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 01653 01654 case DLT_ARCNET: 01655 case DLT_ARCNET_LINUX: 01656 /* 01657 * XXX should we check for first fragment if the protocol 01658 * uses PHDS? 01659 */ 01660 switch (proto) { 01661 01662 default: 01663 return gen_false(); 01664 01665 #ifdef INET6 01666 case ETHERTYPE_IPV6: 01667 return (gen_cmp(off_linktype, BPF_B, 01668 (bpf_int32)ARCTYPE_INET6)); 01669 #endif /* INET6 */ 01670 01671 case ETHERTYPE_IP: 01672 b0 = gen_cmp(off_linktype, BPF_B, 01673 (bpf_int32)ARCTYPE_IP); 01674 b1 = gen_cmp(off_linktype, BPF_B, 01675 (bpf_int32)ARCTYPE_IP_OLD); 01676 gen_or(b0, b1); 01677 return (b1); 01678 01679 case ETHERTYPE_ARP: 01680 b0 = gen_cmp(off_linktype, BPF_B, 01681 (bpf_int32)ARCTYPE_ARP); 01682 b1 = gen_cmp(off_linktype, BPF_B, 01683 (bpf_int32)ARCTYPE_ARP_OLD); 01684 gen_or(b0, b1); 01685 return (b1); 01686 01687 case ETHERTYPE_REVARP: 01688 return (gen_cmp(off_linktype, BPF_B, 01689 (bpf_int32)ARCTYPE_REVARP)); 01690 01691 case ETHERTYPE_ATALK: 01692 return (gen_cmp(off_linktype, BPF_B, 01693 (bpf_int32)ARCTYPE_ATALK)); 01694 } 01695 break; 01696 01697 case DLT_LTALK: 01698 switch (proto) { 01699 case ETHERTYPE_ATALK: 01700 return gen_true(); 01701 default: 01702 return gen_false(); 01703 } 01704 break; 01705 01706 case DLT_FRELAY: 01707 /* 01708 * XXX - assumes a 2-byte Frame Relay header with 01709 * DLCI and flags. What if the address is longer? 01710 */ 01711 switch (proto) { 01712 01713 case ETHERTYPE_IP: 01714 /* 01715 * Check for the special NLPID for IP. 01716 */ 01717 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc); 01718 01719 #ifdef INET6 01720 case ETHERTYPE_IPV6: 01721 /* 01722 * Check for the special NLPID for IPv6. 01723 */ 01724 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e); 01725 #endif 01726 01727 case LLCSAP_ISONS: 01728 /* 01729 * Check for several OSI protocols. 01730 * 01731 * Frame Relay packets typically have an OSI 01732 * NLPID at the beginning; we check for each 01733 * of them. 01734 * 01735 * What we check for is the NLPID and a frame 01736 * control field of UI, i.e. 0x03 followed 01737 * by the NLPID. 01738 */ 01739 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP); 01740 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS); 01741 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS); 01742 gen_or(b1, b2); 01743 gen_or(b0, b2); 01744 return b2; 01745 01746 default: 01747 return gen_false(); 01748 } 01749 break; 01750 01751 case DLT_LINUX_IRDA: 01752 bpf_error("IrDA link-layer type filtering not implemented"); 01753 01754 case DLT_DOCSIS: 01755 bpf_error("DOCSIS link-layer type filtering not implemented"); 01756 } 01757 01758 /* 01759 * All the types that have no encapsulation should either be 01760 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 01761 * all packets are IP packets, or should be handled in some 01762 * special case, if none of them are (if some are and some 01763 * aren't, the lack of encapsulation is a problem, as we'd 01764 * have to find some other way of determining the packet type). 01765 * 01766 * Therefore, if "off_linktype" is -1, there's an error. 01767 */ 01768 if (off_linktype == (u_int)-1) 01769 abort(); 01770 01771 /* 01772 * Any type not handled above should always have an Ethernet 01773 * type at an offset of "off_linktype". (PPP is partially 01774 * handled above - the protocol type is mapped from the 01775 * Ethernet and LLC types we use internally to the corresponding 01776 * PPP type - but the PPP type is always specified by a value 01777 * at "off_linktype", so we don't have to do the code generation 01778 * above.) 01779 */ 01780 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01781 } 01782 01783 /* 01784 * Check for an LLC SNAP packet with a given organization code and 01785 * protocol type; we check the entire contents of the 802.2 LLC and 01786 * snap headers, checking for DSAP and SSAP of SNAP and a control 01787 * field of 0x03 in the LLC header, and for the specified organization 01788 * code and protocol type in the SNAP header. 01789 */ 01790 static struct block * 01791 gen_snap(orgcode, ptype, offset) 01792 bpf_u_int32 orgcode; 01793 bpf_u_int32 ptype; 01794 u_int offset; 01795 { 01796 u_char snapblock[8]; 01797 01798 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 01799 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 01800 snapblock[2] = 0x03; /* control = UI */ 01801 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 01802 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 01803 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 01804 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 01805 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */ 01806 return gen_bcmp(offset, 8, snapblock); 01807 } 01808 01809 /* 01810 * Check for a given protocol value assuming an 802.2 LLC header. 01811 */ 01812 static struct block * 01813 gen_llc(proto) 01814 int proto; 01815 { 01816 /* 01817 * XXX - handle token-ring variable-length header. 01818 */ 01819 switch (proto) { 01820 01821 case LLCSAP_IP: 01822 return gen_cmp(off_linktype, BPF_H, (long) 01823 ((LLCSAP_IP << 8) | LLCSAP_IP)); 01824 01825 case LLCSAP_ISONS: 01826 return gen_cmp(off_linktype, BPF_H, (long) 01827 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01828 01829 case LLCSAP_NETBEUI: 01830 return gen_cmp(off_linktype, BPF_H, (long) 01831 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01832 01833 case LLCSAP_IPX: 01834 /* 01835 * XXX - are there ever SNAP frames for IPX on 01836 * non-Ethernet 802.x networks? 01837 */ 01838 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX); 01839 01840 case ETHERTYPE_ATALK: 01841 /* 01842 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01843 * SNAP packets with an organization code of 01844 * 0x080007 (Apple, for Appletalk) and a protocol 01845 * type of ETHERTYPE_ATALK (Appletalk). 01846 * 01847 * XXX - check for an organization code of 01848 * encapsulated Ethernet as well? 01849 */ 01850 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype); 01851 01852 default: 01853 /* 01854 * XXX - we don't have to check for IPX 802.3 01855 * here, but should we check for the IPX Ethertype? 01856 */ 01857 if (proto <= ETHERMTU) { 01858 /* 01859 * This is an LLC SAP value, so check 01860 * the DSAP. 01861 */ 01862 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto); 01863 } else { 01864 /* 01865 * This is an Ethernet type; we assume that it's 01866 * unlikely that it'll appear in the right place 01867 * at random, and therefore check only the 01868 * location that would hold the Ethernet type 01869 * in a SNAP frame with an organization code of 01870 * 0x000000 (encapsulated Ethernet). 01871 * 01872 * XXX - if we were to check for the SNAP DSAP and 01873 * LSAP, as per XXX, and were also to check for an 01874 * organization code of 0x000000 (encapsulated 01875 * Ethernet), we'd do 01876 * 01877 * return gen_snap(0x000000, proto, 01878 * off_linktype); 01879 * 01880 * here; for now, we don't, as per the above. 01881 * I don't know whether it's worth the extra CPU 01882 * time to do the right check or not. 01883 */ 01884 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto); 01885 } 01886 } 01887 } 01888 01889 static struct block * 01890 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 01891 bpf_u_int32 addr; 01892 bpf_u_int32 mask; 01893 int dir, proto; 01894 u_int src_off, dst_off; 01895 { 01896 struct block *b0, *b1; 01897 u_int offset; 01898 01899 switch (dir) { 01900 01901 case Q_SRC: 01902 offset = src_off; 01903 break; 01904 01905 case Q_DST: 01906 offset = dst_off; 01907 break; 01908 01909 case Q_AND: 01910 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 01911 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 01912 gen_and(b0, b1); 01913 return b1; 01914 01915 case Q_OR: 01916 case Q_DEFAULT: 01917 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 01918 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 01919 gen_or(b0, b1); 01920 return b1; 01921 01922 default: 01923 abort(); 01924 } 01925 b0 = gen_linktype(proto); 01926 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 01927 gen_and(b0, b1); 01928 return b1; 01929 } 01930 01931 #ifdef INET6 01932 static struct block * 01933 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 01934 struct in6_addr *addr; 01935 struct in6_addr *mask; 01936 int dir, proto; 01937 u_int src_off, dst_off; 01938 { 01939 struct block *b0, *b1; 01940 u_int offset; 01941 u_int32_t *a, *m; 01942 01943 switch (dir) { 01944 01945 case Q_SRC: 01946 offset = src_off; 01947 break; 01948 01949 case Q_DST: 01950 offset = dst_off; 01951 break; 01952 01953 case Q_AND: 01954 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 01955 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 01956 gen_and(b0, b1); 01957 return b1; 01958 01959 case Q_OR: 01960 case Q_DEFAULT: 01961 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 01962 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 01963 gen_or(b0, b1); 01964 return b1; 01965 01966 default: 01967 abort(); 01968 } 01969 /* this order is important */ 01970 a = (u_int32_t *)addr; 01971 m = (u_int32_t *)mask; 01972 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 01973 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 01974 gen_and(b0, b1); 01975 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 01976 gen_and(b0, b1); 01977 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 01978 gen_and(b0, b1); 01979 b0 = gen_linktype(proto); 01980 gen_and(b0, b1); 01981 return b1; 01982 } 01983 #endif /*INET6*/ 01984 01985 static struct block * 01986 gen_ehostop(eaddr, dir) 01987 register const u_char *eaddr; 01988 register int dir; 01989 { 01990 register struct block *b0, *b1; 01991 01992 switch (dir) { 01993 case Q_SRC: 01994 return gen_bcmp(off_mac + 6, 6, eaddr); 01995 01996 case Q_DST: 01997 return gen_bcmp(off_mac + 0, 6, eaddr); 01998 01999 case Q_AND: 02000 b0 = gen_ehostop(eaddr, Q_SRC); 02001 b1 = gen_ehostop(eaddr, Q_DST); 02002 gen_and(b0, b1); 02003 return b1; 02004 02005 case Q_DEFAULT: 02006 case Q_OR: 02007 b0 = gen_ehostop(eaddr, Q_SRC); 02008 b1 = gen_ehostop(eaddr, Q_DST); 02009 gen_or(b0, b1); 02010 return b1; 02011 } 02012 abort(); 02013 /* NOTREACHED */ 02014 } 02015 02016 /* 02017 * Like gen_ehostop, but for DLT_FDDI 02018 */ 02019 static struct block * 02020 gen_fhostop(eaddr, dir) 02021 register const u_char *eaddr; 02022 register int dir; 02023 { 02024 struct block *b0, *b1; 02025 02026 switch (dir) { 02027 case Q_SRC: 02028 #ifdef PCAP_FDDIPAD 02029 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 02030 #else 02031 return gen_bcmp(6 + 1, 6, eaddr); 02032 #endif 02033 02034 case Q_DST: 02035 #ifdef PCAP_FDDIPAD 02036 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 02037 #else 02038 return gen_bcmp(0 + 1, 6, eaddr); 02039 #endif 02040 02041 case Q_AND: 02042 b0 = gen_fhostop(eaddr, Q_SRC); 02043 b1 = gen_fhostop(eaddr, Q_DST); 02044 gen_and(b0, b1); 02045 return b1; 02046 02047 case Q_DEFAULT: 02048 case Q_OR: 02049 b0 = gen_fhostop(eaddr, Q_SRC); 02050 b1 = gen_fhostop(eaddr, Q_DST); 02051 gen_or(b0, b1); 02052 return b1; 02053 } 02054 abort(); 02055 /* NOTREACHED */ 02056 } 02057 02058 /* 02059 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 02060 */ 02061 static struct block * 02062 gen_thostop(eaddr, dir) 02063 register const u_char *eaddr; 02064 register int dir; 02065 { 02066 register struct block *b0, *b1; 02067 02068 switch (dir) { 02069 case Q_SRC: 02070 return gen_bcmp(8, 6, eaddr); 02071 02072 case Q_DST: 02073 return gen_bcmp(2, 6, eaddr); 02074 02075 case Q_AND: 02076 b0 = gen_thostop(eaddr, Q_SRC); 02077 b1 = gen_thostop(eaddr, Q_DST); 02078 gen_and(b0, b1); 02079 return b1; 02080 02081 case Q_DEFAULT: 02082 case Q_OR: 02083 b0 = gen_thostop(eaddr, Q_SRC); 02084 b1 = gen_thostop(eaddr, Q_DST); 02085 gen_or(b0, b1); 02086 return b1; 02087 } 02088 abort(); 02089 /* NOTREACHED */ 02090 } 02091 02092 /* 02093 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) 02094 */ 02095 static struct block * 02096 gen_wlanhostop(eaddr, dir) 02097 register const u_char *eaddr; 02098 register int dir; 02099 { 02100 register struct block *b0, *b1, *b2; 02101 register struct slist *s; 02102 02103 switch (dir) { 02104 case Q_SRC: 02105 /* 02106 * Oh, yuk. 02107 * 02108 * For control frames, there is no SA. 02109 * 02110 * For management frames, SA is at an 02111 * offset of 10 from the beginning of 02112 * the packet. 02113 * 02114 * For data frames, SA is at an offset 02115 * of 10 from the beginning of the packet 02116 * if From DS is clear, at an offset of 02117 * 16 from the beginning of the packet 02118 * if From DS is set and To DS is clear, 02119 * and an offset of 24 from the beginning 02120 * of the packet if From DS is set and To DS 02121 * is set. 02122 */ 02123 02124 /* 02125 * Generate the tests to be done for data frames 02126 * with From DS set. 02127 * 02128 * First, check for To DS set, i.e. check "link[1] & 0x01". 02129 */ 02130 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02131 s->s.k = 1; 02132 b1 = new_block(JMP(BPF_JSET)); 02133 b1->s.k = 0x01; /* To DS */ 02134 b1->stmts = s; 02135 02136 /* 02137 * If To DS is set, the SA is at 24. 02138 */ 02139 b0 = gen_bcmp(24, 6, eaddr); 02140 gen_and(b1, b0); 02141 02142 /* 02143 * Now, check for To DS not set, i.e. check 02144 * "!(link[1] & 0x01)". 02145 */ 02146 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02147 s->s.k = 1; 02148 b2 = new_block(JMP(BPF_JSET)); 02149 b2->s.k = 0x01; /* To DS */ 02150 b2->stmts = s; 02151 gen_not(b2); 02152 02153 /* 02154 * If To DS is not set, the SA is at 16. 02155 */ 02156 b1 = gen_bcmp(16, 6, eaddr); 02157 gen_and(b2, b1); 02158 02159 /* 02160 * Now OR together the last two checks. That gives 02161 * the complete set of checks for data frames with 02162 * From DS set. 02163 */ 02164 gen_or(b1, b0); 02165 02166 /* 02167 * Now check for From DS being set, and AND that with 02168 * the ORed-together checks. 02169 */ 02170 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02171 s->s.k = 1; 02172 b1 = new_block(JMP(BPF_JSET)); 02173 b1->s.k = 0x02; /* From DS */ 02174 b1->stmts = s; 02175 gen_and(b1, b0); 02176 02177 /* 02178 * Now check for data frames with From DS not set. 02179 */ 02180 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02181 s->s.k = 1; 02182 b2 = new_block(JMP(BPF_JSET)); 02183 b2->s.k = 0x02; /* From DS */ 02184 b2->stmts = s; 02185 gen_not(b2); 02186 02187 /* 02188 * If From DS isn't set, the SA is at 10. 02189 */ 02190 b1 = gen_bcmp(10, 6, eaddr); 02191 gen_and(b2, b1); 02192 02193 /* 02194 * Now OR together the checks for data frames with 02195 * From DS not set and for data frames with From DS 02196 * set; that gives the checks done for data frames. 02197 */ 02198 gen_or(b1, b0); 02199 02200 /* 02201 * Now check for a data frame. 02202 * I.e, check "link[0] & 0x08". 02203 */ 02204 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02205 s->s.k = 0; 02206 b1 = new_block(JMP(BPF_JSET)); 02207 b1->s.k = 0x08; 02208 b1->stmts = s; 02209 02210 /* 02211 * AND that with the checks done for data frames. 02212 */ 02213 gen_and(b1, b0); 02214 02215 /* 02216 * If the high-order bit of the type value is 0, this 02217 * is a management frame. 02218 * I.e, check "!(link[0] & 0x08)". 02219 */ 02220 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02221 s->s.k = 0; 02222 b2 = new_block(JMP(BPF_JSET)); 02223 b2->s.k = 0x08; 02224 b2->stmts = s; 02225 gen_not(b2); 02226 02227 /* 02228 * For management frames, the SA is at 10. 02229 */ 02230 b1 = gen_bcmp(10, 6, eaddr); 02231 gen_and(b2, b1); 02232 02233 /* 02234 * OR that with the checks done for data frames. 02235 * That gives the checks done for management and 02236 * data frames. 02237 */ 02238 gen_or(b1, b0); 02239 02240 /* 02241 * If the low-order bit of the type value is 1, 02242 * this is either a control frame or a frame 02243 * with a reserved type, and thus not a 02244 * frame with an SA. 02245 * 02246 * I.e., check "!(link[0] & 0x04)". 02247 */ 02248 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02249 s->s.k = 0; 02250 b1 = new_block(JMP(BPF_JSET)); 02251 b1->s.k = 0x04; 02252 b1->stmts = s; 02253 gen_not(b1); 02254 02255 /* 02256 * AND that with the checks for data and management 02257 * frames. 02258 */ 02259 gen_and(b1, b0); 02260 return b0; 02261 02262 case Q_DST: 02263 /* 02264 * Oh, yuk. 02265 * 02266 * For control frames, there is no DA. 02267 * 02268 * For management frames, DA is at an 02269 * offset of 4 from the beginning of 02270 * the packet. 02271 * 02272 * For data frames, DA is at an offset 02273 * of 4 from the beginning of the packet 02274 * if To DS is clear and at an offset of 02275 * 16 from the beginning of the packet 02276 * if To DS is set. 02277 */ 02278 02279 /* 02280 * Generate the tests to be done for data frames. 02281 * 02282 * First, check for To DS set, i.e. "link[1] & 0x01". 02283 */ 02284 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02285 s->s.k = 1; 02286 b1 = new_block(JMP(BPF_JSET)); 02287 b1->s.k = 0x01; /* To DS */ 02288 b1->stmts = s; 02289 02290 /* 02291 * If To DS is set, the DA is at 16. 02292 */ 02293 b0 = gen_bcmp(16, 6, eaddr); 02294 gen_and(b1, b0); 02295 02296 /* 02297 * Now, check for To DS not set, i.e. check 02298 * "!(link[1] & 0x01)". 02299 */ 02300 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02301 s->s.k = 1; 02302 b2 = new_block(JMP(BPF_JSET)); 02303 b2->s.k = 0x01; /* To DS */ 02304 b2->stmts = s; 02305 gen_not(b2); 02306 02307 /* 02308 * If To DS is not set, the DA is at 4. 02309 */ 02310 b1 = gen_bcmp(4, 6, eaddr); 02311 gen_and(b2, b1); 02312 02313 /* 02314 * Now OR together the last two checks. That gives 02315 * the complete set of checks for data frames. 02316 */ 02317 gen_or(b1, b0); 02318 02319 /* 02320 * Now check for a data frame. 02321 * I.e, check "link[0] & 0x08". 02322 */ 02323 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02324 s->s.k = 0; 02325 b1 = new_block(JMP(BPF_JSET)); 02326 b1->s.k = 0x08; 02327 b1->stmts = s; 02328 02329 /* 02330 * AND that with the checks done for data frames. 02331 */ 02332 gen_and(b1, b0); 02333 02334 /* 02335 * If the high-order bit of the type value is 0, this 02336 * is a management frame. 02337 * I.e, check "!(link[0] & 0x08)". 02338 */ 02339 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02340 s->s.k = 0; 02341 b2 = new_block(JMP(BPF_JSET)); 02342 b2->s.k = 0x08; 02343 b2->stmts = s; 02344 gen_not(b2); 02345 02346 /* 02347 * For management frames, the DA is at 4. 02348 */ 02349 b1 = gen_bcmp(4, 6, eaddr); 02350 gen_and(b2, b1); 02351 02352 /* 02353 * OR that with the checks done for data frames. 02354 * That gives the checks done for management and 02355 * data frames. 02356 */ 02357 gen_or(b1, b0); 02358 02359 /* 02360 * If the low-order bit of the type value is 1, 02361 * this is either a control frame or a frame 02362 * with a reserved type, and thus not a 02363 * frame with an SA. 02364 * 02365 * I.e., check "!(link[0] & 0x04)". 02366 */ 02367 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02368 s->s.k = 0; 02369 b1 = new_block(JMP(BPF_JSET)); 02370 b1->s.k = 0x04; 02371 b1->stmts = s; 02372 gen_not(b1); 02373 02374 /* 02375 * AND that with the checks for data and management 02376 * frames. 02377 */ 02378 gen_and(b1, b0); 02379 return b0; 02380 02381 case Q_AND: 02382 b0 = gen_wlanhostop(eaddr, Q_SRC); 02383 b1 = gen_wlanhostop(eaddr, Q_DST); 02384 gen_and(b0, b1); 02385 return b1; 02386 02387 case Q_DEFAULT: 02388 case Q_OR: 02389 b0 = gen_wlanhostop(eaddr, Q_SRC); 02390 b1 = gen_wlanhostop(eaddr, Q_DST); 02391 gen_or(b0, b1); 02392 return b1; 02393 } 02394 abort(); 02395 /* NOTREACHED */ 02396 } 02397 02398 /* 02399 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel. 02400 * (We assume that the addresses are IEEE 48-bit MAC addresses, 02401 * as the RFC states.) 02402 */ 02403 static struct block * 02404 gen_ipfchostop(eaddr, dir) 02405 register const u_char *eaddr; 02406 register int dir; 02407 { 02408 register struct block *b0, *b1; 02409 02410 switch (dir) { 02411 case Q_SRC: 02412 return gen_bcmp(10, 6, eaddr); 02413 02414 case Q_DST: 02415 return gen_bcmp(2, 6, eaddr); 02416 02417 case Q_AND: 02418 b0 = gen_ipfchostop(eaddr, Q_SRC); 02419 b1 = gen_ipfchostop(eaddr, Q_DST); 02420 gen_and(b0, b1); 02421 return b1; 02422 02423 case Q_DEFAULT: 02424 case Q_OR: 02425 b0 = gen_ipfchostop(eaddr, Q_SRC); 02426 b1 = gen_ipfchostop(eaddr, Q_DST); 02427 gen_or(b0, b1); 02428 return b1; 02429 } 02430 abort(); 02431 /* NOTREACHED */ 02432 } 02433 02434 /* 02435 * This is quite tricky because there may be pad bytes in front of the 02436 * DECNET header, and then there are two possible data packet formats that 02437 * carry both src and dst addresses, plus 5 packet types in a format that 02438 * carries only the src node, plus 2 types that use a different format and 02439 * also carry just the src node. 02440 * 02441 * Yuck. 02442 * 02443 * Instead of doing those all right, we just look for data packets with 02444 * 0 or 1 bytes of padding. If you want to look at other packets, that 02445 * will require a lot more hacking. 02446 * 02447 * To add support for filtering on DECNET "areas" (network numbers) 02448 * one would want to add a "mask" argument to this routine. That would 02449 * make the filter even more inefficient, although one could be clever 02450 * and not generate masking instructions if the mask is 0xFFFF. 02451 */ 02452 static struct block * 02453 gen_dnhostop(addr, dir, base_off) 02454 bpf_u_int32 addr; 02455 int dir; 02456 u_int base_off; 02457 { 02458 struct block *b0, *b1, *b2, *tmp; 02459 u_int offset_lh; /* offset if long header is received */ 02460 u_int offset_sh; /* offset if short header is received */ 02461 02462 switch (dir) { 02463 02464 case Q_DST: 02465 offset_sh = 1; /* follows flags */ 02466 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 02467 break; 02468 02469 case Q_SRC: 02470 offset_sh = 3; /* follows flags, dstnode */ 02471 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 02472 break; 02473 02474 case Q_AND: 02475 /* Inefficient because we do our Calvinball dance twice */ 02476 b0 = gen_dnhostop(addr, Q_SRC, base_off); 02477 b1 = gen_dnhostop(addr, Q_DST, base_off); 02478 gen_and(b0, b1); 02479 return b1; 02480 02481 case Q_OR: 02482 case Q_DEFAULT: 02483 /* Inefficient because we do our Calvinball dance twice */ 02484 b0 = gen_dnhostop(addr, Q_SRC, base_off); 02485 b1 = gen_dnhostop(addr, Q_DST, base_off); 02486 gen_or(b0, b1); 02487 return b1; 02488 02489 case Q_ISO: 02490 bpf_error("ISO host filtering not implemented"); 02491 02492 default: 02493 abort(); 02494 } 02495 b0 = gen_linktype(ETHERTYPE_DN); 02496 /* Check for pad = 1, long header case */ 02497 tmp = gen_mcmp(base_off + 2, BPF_H, 02498 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 02499 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 02500 BPF_H, (bpf_int32)ntohs(addr)); 02501 gen_and(tmp, b1); 02502 /* Check for pad = 0, long header case */ 02503 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 02504 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 02505 gen_and(tmp, b2); 02506 gen_or(b2, b1); 02507 /* Check for pad = 1, short header case */ 02508 tmp = gen_mcmp(base_off + 2, BPF_H, 02509 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 02510 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 02511 BPF_H, (bpf_int32)ntohs(addr)); 02512 gen_and(tmp, b2); 02513 gen_or(b2, b1); 02514 /* Check for pad = 0, short header case */ 02515 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 02516 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 02517 gen_and(tmp, b2); 02518 gen_or(b2, b1); 02519 02520 /* Combine with test for linktype */ 02521 gen_and(b0, b1); 02522 return b1; 02523 } 02524 02525 static struct block * 02526 gen_host(addr, mask, proto, dir) 02527 bpf_u_int32 addr; 02528 bpf_u_int32 mask; 02529 int proto; 02530 int dir; 02531 { 02532 struct block *b0, *b1; 02533 02534 switch (proto) { 02535 02536 case Q_DEFAULT: 02537 b0 = gen_host(addr, mask, Q_IP, dir); 02538 if (off_linktype != (u_int)-1) { 02539 b1 = gen_host(addr, mask, Q_ARP, dir); 02540 gen_or(b0, b1); 02541 b0 = gen_host(addr, mask, Q_RARP, dir); 02542 gen_or(b1, b0); 02543 } 02544 return b0; 02545 02546 case Q_IP: 02547 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 02548 off_nl + 12, off_nl + 16); 02549 02550 case Q_RARP: 02551 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 02552 off_nl + 14, off_nl + 24); 02553 02554 case Q_ARP: 02555 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 02556 off_nl + 14, off_nl + 24); 02557 02558 case Q_TCP: 02559 bpf_error("'tcp' modifier applied to host"); 02560 02561 case Q_SCTP: 02562 bpf_error("'sctp' modifier applied to host"); 02563 02564 case Q_UDP: 02565 bpf_error("'udp' modifier applied to host"); 02566 02567 case Q_ICMP: 02568 bpf_error("'icmp' modifier applied to host"); 02569 02570 case Q_IGMP: 02571 bpf_error("'igmp' modifier applied to host"); 02572 02573 case Q_IGRP: 02574 bpf_error("'igrp' modifier applied to host"); 02575 02576 case Q_PIM: 02577 bpf_error("'pim' modifier applied to host"); 02578 02579 case Q_VRRP: 02580 bpf_error("'vrrp' modifier applied to host"); 02581 02582 case Q_ATALK: 02583 bpf_error("ATALK host filtering not implemented"); 02584 02585 case Q_AARP: 02586 bpf_error("AARP host filtering not implemented"); 02587 02588 case Q_DECNET: 02589 return gen_dnhostop(addr, dir, off_nl); 02590 02591 case Q_SCA: 02592 bpf_error("SCA host filtering not implemented"); 02593 02594 case Q_LAT: 02595 bpf_error("LAT host filtering not implemented"); 02596 02597 case Q_MOPDL: 02598 bpf_error("MOPDL host filtering not implemented"); 02599 02600 case Q_MOPRC: 02601 bpf_error("MOPRC host filtering not implemented"); 02602 02603 #ifdef INET6 02604 case Q_IPV6: 02605 bpf_error("'ip6' modifier applied to ip host"); 02606 02607 case Q_ICMPV6: 02608 bpf_error("'icmp6' modifier applied to host"); 02609 #endif /* INET6 */ 02610 02611 case Q_AH: 02612 bpf_error("'ah' modifier applied to host"); 02613 02614 case Q_ESP: 02615 bpf_error("'esp' modifier applied to host"); 02616 02617 case Q_ISO: 02618 bpf_error("ISO host filtering not implemented"); 02619 02620 case Q_ESIS: 02621 bpf_error("'esis' modifier applied to host"); 02622 02623 case Q_ISIS: 02624 bpf_error("'isis' modifier applied to host"); 02625 02626 case Q_CLNP: 02627 bpf_error("'clnp' modifier applied to host"); 02628 02629 case Q_STP: 02630 bpf_error("'stp' modifier applied to host"); 02631 02632 case Q_IPX: 02633 bpf_error("IPX host filtering not implemented"); 02634 02635 case Q_NETBEUI: 02636 bpf_error("'netbeui' modifier applied to host"); 02637 02638 default: 02639 abort(); 02640 } 02641 /* NOTREACHED */ 02642 } 02643 02644 #ifdef INET6 02645 static struct block * 02646 gen_host6(addr, mask, proto, dir) 02647 struct in6_addr *addr; 02648 struct in6_addr *mask; 02649 int proto; 02650 int dir; 02651 { 02652 switch (proto) { 02653 02654 case Q_DEFAULT: 02655 return gen_host6(addr, mask, Q_IPV6, dir); 02656 02657 case Q_IP: 02658 bpf_error("'ip' modifier applied to ip6 host"); 02659 02660 case Q_RARP: 02661 bpf_error("'rarp' modifier applied to ip6 host"); 02662 02663 case Q_ARP: 02664 bpf_error("'arp' modifier applied to ip6 host"); 02665 02666 case Q_SCTP: 02667 bpf_error("'sctp' modifier applied to host"); 02668 02669 case Q_TCP: 02670 bpf_error("'tcp' modifier applied to host"); 02671 02672 case Q_UDP: 02673 bpf_error("'udp' modifier applied to host"); 02674 02675 case Q_ICMP: 02676 bpf_error("'icmp' modifier applied to host"); 02677 02678 case Q_IGMP: 02679 bpf_error("'igmp' modifier applied to host"); 02680 02681 case Q_IGRP: 02682 bpf_error("'igrp' modifier applied to host"); 02683 02684 case Q_PIM: 02685 bpf_error("'pim' modifier applied to host"); 02686 02687 case Q_VRRP: 02688 bpf_error("'vrrp' modifier applied to host"); 02689 02690 case Q_ATALK: 02691 bpf_error("ATALK host filtering not implemented"); 02692 02693 case Q_AARP: 02694 bpf_error("AARP host filtering not implemented"); 02695 02696 case Q_DECNET: 02697 bpf_error("'decnet' modifier applied to ip6 host"); 02698 02699 case Q_SCA: 02700 bpf_error("SCA host filtering not implemented"); 02701 02702 case Q_LAT: 02703 bpf_error("LAT host filtering not implemented"); 02704 02705 case Q_MOPDL: 02706 bpf_error("MOPDL host filtering not implemented"); 02707 02708 case Q_MOPRC: 02709 bpf_error("MOPRC host filtering not implemented"); 02710 02711 case Q_IPV6: 02712 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 02713 off_nl + 8, off_nl + 24); 02714 02715 case Q_ICMPV6: 02716 bpf_error("'icmp6' modifier applied to host"); 02717 02718 case Q_AH: 02719 bpf_error("'ah' modifier applied to host"); 02720 02721 case Q_ESP: 02722 bpf_error("'esp' modifier applied to host"); 02723 02724 case Q_ISO: 02725 bpf_error("ISO host filtering not implemented"); 02726 02727 case Q_ESIS: 02728 bpf_error("'esis' modifier applied to host"); 02729 02730 case Q_ISIS: 02731 bpf_error("'isis' modifier applied to host"); 02732 02733 case Q_CLNP: 02734 bpf_error("'clnp' modifier applied to host"); 02735 02736 case Q_STP: 02737 bpf_error("'stp' modifier applied to host"); 02738 02739 case Q_IPX: 02740 bpf_error("IPX host filtering not implemented"); 02741 02742 case Q_NETBEUI: 02743 bpf_error("'netbeui' modifier applied to host"); 02744 02745 default: 02746 abort(); 02747 } 02748 /* NOTREACHED */ 02749 } 02750 #endif /*INET6*/ 02751 02752 #ifndef INET6 02753 static struct block * 02754 gen_gateway(eaddr, alist, proto, dir) 02755 const u_char *eaddr; 02756 bpf_u_int32 **alist; 02757 int proto; 02758 int dir; 02759 { 02760 struct block *b0, *b1, *tmp; 02761 02762 if (dir != 0) 02763 bpf_error("direction applied to 'gateway'"); 02764 02765 switch (proto) { 02766 case Q_DEFAULT: 02767 case Q_IP: 02768 case Q_ARP: 02769 case Q_RARP: 02770 if (linktype == DLT_EN10MB) 02771 b0 = gen_ehostop(eaddr, Q_OR); 02772 else if (linktype == DLT_FDDI) 02773 b0 = gen_fhostop(eaddr, Q_OR); 02774 else if (linktype == DLT_IEEE802) 02775 b0 = gen_thostop(eaddr, Q_OR); 02776 else if (linktype == DLT_IEEE802_11) 02777 b0 = gen_wlanhostop(eaddr, Q_OR); 02778 else if (linktype == DLT_SUNATM && is_lane) { 02779 /* 02780 * Check that the packet doesn't begin with an 02781 * LE Control marker. (We've already generated 02782 * a test for LANE.) 02783 */ 02784 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 02785 gen_not(b1); 02786 02787 /* 02788 * Now check the MAC address. 02789 */ 02790 b0 = gen_ehostop(eaddr, Q_OR); 02791 gen_and(b1, b0); 02792 } else if (linktype == DLT_IP_OVER_FC) 02793 b0 = gen_ipfchostop(eaddr, Q_OR); 02794 else 02795 bpf_error( 02796 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel"); 02797 02798 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 02799 while (*alist) { 02800 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 02801 gen_or(b1, tmp); 02802 b1 = tmp; 02803 } 02804 gen_not(b1); 02805 gen_and(b0, b1); 02806 return b1; 02807 } 02808 bpf_error("illegal modifier of 'gateway'"); 02809 /* NOTREACHED */ 02810 } 02811 #endif 02812 02813 struct block * 02814 gen_proto_abbrev(proto) 02815 int proto; 02816 { 02817 struct block *b0; 02818 struct block *b1; 02819 02820 switch (proto) { 02821 02822 case Q_SCTP: 02823 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 02824 #ifdef INET6 02825 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 02826 gen_or(b0, b1); 02827 #endif 02828 break; 02829 02830 case Q_TCP: 02831 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 02832 #ifdef INET6 02833 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 02834 gen_or(b0, b1); 02835 #endif 02836 break; 02837 02838 case Q_UDP: 02839 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 02840 #ifdef INET6 02841 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 02842 gen_or(b0, b1); 02843 #endif 02844 break; 02845 02846 case Q_ICMP: 02847 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 02848 break; 02849 02850 #ifndef IPPROTO_IGMP 02851 #define IPPROTO_IGMP 2 02852 #endif 02853 02854 case Q_IGMP: 02855 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 02856 break; 02857 02858 #ifndef IPPROTO_IGRP 02859 #define IPPROTO_IGRP 9 02860 #endif 02861 case Q_IGRP: 02862 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 02863 break; 02864 02865 #ifndef IPPROTO_PIM 02866 #define IPPROTO_PIM 103 02867 #endif 02868 02869 case Q_PIM: 02870 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 02871 #ifdef INET6 02872 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 02873 gen_or(b0, b1); 02874 #endif 02875 break; 02876 02877 #ifndef IPPROTO_VRRP 02878 #define IPPROTO_VRRP 112 02879 #endif 02880 02881 case Q_VRRP: 02882 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 02883 break; 02884 02885 case Q_IP: 02886 b1 = gen_linktype(ETHERTYPE_IP); 02887 break; 02888 02889 case Q_ARP: 02890 b1 = gen_linktype(ETHERTYPE_ARP); 02891 break; 02892 02893 case Q_RARP: 02894 b1 = gen_linktype(ETHERTYPE_REVARP); 02895 break; 02896 02897 case Q_LINK: 02898 bpf_error("link layer applied in wrong context"); 02899 02900 case Q_ATALK: 02901 b1 = gen_linktype(ETHERTYPE_ATALK); 02902 break; 02903 02904 case Q_AARP: 02905 b1 = gen_linktype(ETHERTYPE_AARP); 02906 break; 02907 02908 case Q_DECNET: 02909 b1 = gen_linktype(ETHERTYPE_DN); 02910 break; 02911 02912 case Q_SCA: 02913 b1 = gen_linktype(ETHERTYPE_SCA); 02914 break; 02915 02916 case Q_LAT: 02917 b1 = gen_linktype(ETHERTYPE_LAT); 02918 break; 02919 02920 case Q_MOPDL: 02921 b1 = gen_linktype(ETHERTYPE_MOPDL); 02922 break; 02923 02924 case Q_MOPRC: 02925 b1 = gen_linktype(ETHERTYPE_MOPRC); 02926 break; 02927 02928 #ifdef INET6 02929 case Q_IPV6: 02930 b1 = gen_linktype(ETHERTYPE_IPV6); 02931 break; 02932 02933 #ifndef IPPROTO_ICMPV6 02934 #define IPPROTO_ICMPV6 58 02935 #endif 02936 case Q_ICMPV6: 02937 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 02938 break; 02939 #endif /* INET6 */ 02940 02941 #ifndef IPPROTO_AH 02942 #define IPPROTO_AH 51 02943 #endif 02944 case Q_AH: 02945 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 02946 #ifdef INET6 02947 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 02948 gen_or(b0, b1); 02949 #endif 02950 break; 02951 02952 #ifndef IPPROTO_ESP 02953 #define IPPROTO_ESP 50 02954 #endif 02955 case Q_ESP: 02956 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 02957 #ifdef INET6 02958 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 02959 gen_or(b0, b1); 02960 #endif 02961 break; 02962 02963 case Q_ISO: 02964 b1 = gen_linktype(LLCSAP_ISONS); 02965 break; 02966 02967 case Q_ESIS: 02968 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 02969 break; 02970 02971 case Q_ISIS: 02972 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 02973 break; 02974 02975 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */ 02976 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 02977 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 02978 gen_or(b0, b1); 02979 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 02980 gen_or(b0, b1); 02981 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 02982 gen_or(b0, b1); 02983 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 02984 gen_or(b0, b1); 02985 break; 02986 02987 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */ 02988 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 02989 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 02990 gen_or(b0, b1); 02991 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 02992 gen_or(b0, b1); 02993 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 02994 gen_or(b0, b1); 02995 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 02996 gen_or(b0, b1); 02997 break; 02998 02999 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */ 03000 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 03001 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 03002 gen_or(b0, b1); 03003 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); 03004 gen_or(b0, b1); 03005 break; 03006 03007 case Q_ISIS_LSP: 03008 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 03009 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 03010 gen_or(b0, b1); 03011 break; 03012 03013 case Q_ISIS_SNP: 03014 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 03015 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 03016 gen_or(b0, b1); 03017 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 03018 gen_or(b0, b1); 03019 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 03020 gen_or(b0, b1); 03021 break; 03022 03023 case Q_ISIS_CSNP: 03024 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 03025 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 03026 gen_or(b0, b1); 03027 break; 03028 03029 case Q_ISIS_PSNP: 03030 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 03031 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 03032 gen_or(b0, b1); 03033 break; 03034 03035 case Q_CLNP: 03036 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 03037 break; 03038 03039 case Q_STP: 03040 b1 = gen_linktype(LLCSAP_8021D); 03041 break; 03042 03043 case Q_IPX: 03044 b1 = gen_linktype(LLCSAP_IPX); 03045 break; 03046 03047 case Q_NETBEUI: 03048 b1 = gen_linktype(LLCSAP_NETBEUI); 03049 break; 03050 03051 default: 03052 abort(); 03053 } 03054 return b1; 03055 } 03056 03057 static struct block * 03058 gen_ipfrag() 03059 { 03060 struct slist *s; 03061 struct block *b; 03062 03063 /* not ip frag */ 03064 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 03065 s->s.k = off_nl + 6; 03066 b = new_block(JMP(BPF_JSET)); 03067 b->s.k = 0x1fff; 03068 b->stmts = s; 03069 gen_not(b); 03070 03071 return b; 03072 } 03073 03074 static struct block * 03075 gen_portatom(off, v) 03076 int off; 03077 bpf_int32 v; 03078 { 03079 struct slist *s; 03080 struct block *b; 03081 03082 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 03083 s->s.k = off_nl; 03084 03085 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 03086 s->next->s.k = off_nl + off; 03087 03088 b = new_block(JMP(BPF_JEQ)); 03089 b->stmts = s; 03090 b->s.k = v; 03091 03092 return b; 03093 } 03094 03095 #ifdef INET6 03096 static struct block * 03097 gen_portatom6(off, v) 03098 int off; 03099 bpf_int32 v; 03100 { 03101 return gen_cmp(off_nl + 40 + off, BPF_H, v); 03102 } 03103 #endif/*INET6*/ 03104 03105 struct block * 03106 gen_portop(port, proto, dir) 03107 int port, proto, dir; 03108 { 03109 struct block *b0, *b1, *tmp; 03110 03111 /* ip proto 'proto' */ 03112 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 03113 b0 = gen_ipfrag(); 03114 gen_and(tmp, b0); 03115 03116 switch (dir) { 03117 case Q_SRC: 03118 b1 = gen_portatom(0, (bpf_int32)port); 03119 break; 03120 03121 case Q_DST: 03122 b1 = gen_portatom(2, (bpf_int32)port); 03123 break; 03124 03125 case Q_OR: 03126 case Q_DEFAULT: 03127 tmp = gen_portatom(0, (bpf_int32)port); 03128 b1 = gen_portatom(2, (bpf_int32)port); 03129 gen_or(tmp, b1); 03130 break; 03131 03132 case Q_AND: 03133 tmp = gen_portatom(0, (bpf_int32)port); 03134 b1 = gen_portatom(2, (bpf_int32)port); 03135 gen_and(tmp, b1); 03136 break; 03137 03138 default: 03139 abort(); 03140 } 03141 gen_and(b0, b1); 03142 03143 return b1; 03144 } 03145 03146 static struct block * 03147 gen_port(port, ip_proto, dir) 03148 int port; 03149 int ip_proto; 03150 int dir; 03151 { 03152 struct block *b0, *b1, *tmp; 03153 03154 /* 03155 * ether proto ip 03156 * 03157 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 03158 * not LLC encapsulation with LLCSAP_IP. 03159 * 03160 * For IEEE 802 networks - which includes 802.5 token ring 03161 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 03162 * says that SNAP encapsulation is used, not LLC encapsulation 03163 * with LLCSAP_IP. 03164 * 03165 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 03166 * RFC 2225 say that SNAP encapsulation is used, not LLC 03167 * encapsulation with LLCSAP_IP. 03168 * 03169 * So we always check for ETHERTYPE_IP. 03170 */ 03171 b0 = gen_linktype(ETHERTYPE_IP); 03172 03173 switch (ip_proto) { 03174 case IPPROTO_UDP: 03175 case IPPROTO_TCP: 03176 case IPPROTO_SCTP: 03177 b1 = gen_portop(port, ip_proto, dir); 03178 break; 03179 03180 case PROTO_UNDEF: 03181 tmp = gen_portop(port, IPPROTO_TCP, dir); 03182 b1 = gen_portop(port, IPPROTO_UDP, dir); 03183 gen_or(tmp, b1); 03184 tmp = gen_portop(port, IPPROTO_SCTP, dir); 03185 gen_or(tmp, b1); 03186 break; 03187 03188 default: 03189 abort(); 03190 } 03191 gen_and(b0, b1); 03192 return b1; 03193 } 03194 03195 #ifdef INET6 03196 struct block * 03197 gen_portop6(port, proto, dir) 03198 int port, proto, dir; 03199 { 03200 struct block *b0, *b1, *tmp; 03201 03202 /* ip proto 'proto' */ 03203 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 03204 03205 switch (dir) { 03206 case Q_SRC: 03207 b1 = gen_portatom6(0, (bpf_int32)port); 03208 break; 03209 03210 case Q_DST: 03211 b1 = gen_portatom6(2, (bpf_int32)port); 03212 break; 03213 03214 case Q_OR: 03215 case Q_DEFAULT: 03216 tmp = gen_portatom6(0, (bpf_int32)port); 03217 b1 = gen_portatom6(2, (bpf_int32)port); 03218 gen_or(tmp, b1); 03219 break; 03220 03221 case Q_AND: 03222 tmp = gen_portatom6(0, (bpf_int32)port); 03223 b1 = gen_portatom6(2, (bpf_int32)port); 03224 gen_and(tmp, b1); 03225 break; 03226 03227 default: 03228 abort(); 03229 } 03230 gen_and(b0, b1); 03231 03232 return b1; 03233 } 03234 03235 static struct block * 03236 gen_port6(port, ip_proto, dir) 03237 int port; 03238 int ip_proto; 03239 int dir; 03240 { 03241 struct block *b0, *b1, *tmp; 03242 03243 /* ether proto ip */ 03244 b0 = gen_linktype(ETHERTYPE_IPV6); 03245 03246 switch (ip_proto) { 03247 case IPPROTO_UDP: 03248 case IPPROTO_TCP: 03249 case IPPROTO_SCTP: 03250 b1 = gen_portop6(port, ip_proto, dir); 03251 break; 03252 03253 case PROTO_UNDEF: 03254 tmp = gen_portop6(port, IPPROTO_TCP, dir); 03255 b1 = gen_portop6(port, IPPROTO_UDP, dir); 03256 gen_or(tmp, b1); 03257 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 03258 gen_or(tmp, b1); 03259 break; 03260 03261 default: 03262 abort(); 03263 } 03264 gen_and(b0, b1); 03265 return b1; 03266 } 03267 #endif /* INET6 */ 03268 03269 static int 03270 lookup_proto(name, proto) 03271 register const char *name; 03272 register int proto; 03273 { 03274 register int v; 03275 03276 switch (proto) { 03277 03278 case Q_DEFAULT: 03279 case Q_IP: 03280 case Q_IPV6: 03281 v = pcap_nametoproto(name); 03282 if (v == PROTO_UNDEF) 03283 bpf_error("unknown ip proto '%s'", name); 03284 break; 03285 03286 case Q_LINK: 03287 /* XXX should look up h/w protocol type based on linktype */ 03288 v = pcap_nametoeproto(name); 03289 if (v == PROTO_UNDEF) 03290 bpf_error("unknown ether proto '%s'", name); 03291 break; 03292 03293 case Q_ISO: 03294 if (strcmp(name, "esis") == 0) 03295 v = ISO9542_ESIS; 03296 else if (strcmp(name, "isis") == 0) 03297 v = ISO10589_ISIS; 03298 else if (strcmp(name, "clnp") == 0) 03299 v = ISO8473_CLNP; 03300 else 03301 bpf_error("unknown osi proto '%s'", name); 03302 break; 03303 03304 default: 03305 v = PROTO_UNDEF; 03306 break; 03307 } 03308 return v; 03309 } 03310 03311 #if 0 03312 struct stmt * 03313 gen_joinsp(s, n) 03314 struct stmt **s; 03315 int n; 03316 { 03317 return NULL; 03318 } 03319 #endif 03320 03321 static struct block * 03322 gen_protochain(v, proto, dir) 03323 int v; 03324 int proto; 03325 int dir; 03326 { 03327 #ifdef NO_PROTOCHAIN 03328 return gen_proto(v, proto, dir); 03329 #else 03330 struct block *b0, *b; 03331 struct slist *s[100]; 03332 int fix2, fix3, fix4, fix5; 03333 int ahcheck, again, end; 03334 int i, max; 03335 int reg2 = alloc_reg(); 03336 03337 memset(s, 0, sizeof(s)); 03338 fix2 = fix3 = fix4 = fix5 = 0; 03339 03340 switch (proto) { 03341 case Q_IP: 03342 case Q_IPV6: 03343 break; 03344 case Q_DEFAULT: 03345 b0 = gen_protochain(v, Q_IP, dir); 03346 b = gen_protochain(v, Q_IPV6, dir); 03347 gen_or(b0, b); 03348 return b; 03349 default: 03350 bpf_error("bad protocol applied for 'protochain'"); 03351 /*NOTREACHED*/ 03352 } 03353 03354 no_optimize = 1; /*this code is not compatible with optimzer yet */ 03355 03356 /* 03357 * s[0] is a dummy entry to protect other BPF insn from damaged 03358 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 03359 * hard to find interdependency made by jump table fixup. 03360 */ 03361 i = 0; 03362 s[i] = new_stmt(0); /*dummy*/ 03363 i++; 03364 03365 switch (proto) { 03366 case Q_IP: 03367 b0 = gen_linktype(ETHERTYPE_IP); 03368 03369 /* A = ip->ip_p */ 03370 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 03371 s[i]->s.k = off_nl + 9; 03372 i++; 03373 /* X = ip->ip_hl << 2 */ 03374 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 03375 s[i]->s.k = off_nl; 03376 i++; 03377 break; 03378 #ifdef INET6 03379 case Q_IPV6: 03380 b0 = gen_linktype(ETHERTYPE_IPV6); 03381 03382 /* A = ip6->ip_nxt */ 03383 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 03384 s[i]->s.k = off_nl + 6; 03385 i++; 03386 /* X = sizeof(struct ip6_hdr) */ 03387 s[i] = new_stmt(BPF_LDX|BPF_IMM); 03388 s[i]->s.k = 40; 03389 i++; 03390 break; 03391 #endif 03392 default: 03393 bpf_error("unsupported proto to gen_protochain"); 03394 /*NOTREACHED*/ 03395 } 03396 03397 /* again: if (A == v) goto end; else fall through; */ 03398 again = i; 03399 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03400 s[i]->s.k = v; 03401 s[i]->s.jt = NULL; /*later*/ 03402 s[i]->s.jf = NULL; /*update in next stmt*/ 03403 fix5 = i; 03404 i++; 03405 03406 #ifndef IPPROTO_NONE 03407 #define IPPROTO_NONE 59 03408 #endif 03409 /* if (A == IPPROTO_NONE) goto end */ 03410 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03411 s[i]->s.jt = NULL; /*later*/ 03412 s[i]->s.jf = NULL; /*update in next stmt*/ 03413 s[i]->s.k = IPPROTO_NONE; 03414 s[fix5]->s.jf = s[i]; 03415 fix2 = i; 03416 i++; 03417 03418 #ifdef INET6 03419 if (proto == Q_IPV6) { 03420 int v6start, v6end, v6advance, j; 03421 03422 v6start = i; 03423 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 03424 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03425 s[i]->s.jt = NULL; /*later*/ 03426 s[i]->s.jf = NULL; /*update in next stmt*/ 03427 s[i]->s.k = IPPROTO_HOPOPTS; 03428 s[fix2]->s.jf = s[i]; 03429 i++; 03430 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 03431 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03432 s[i]->s.jt = NULL; /*later*/ 03433 s[i]->s.jf = NULL; /*update in next stmt*/ 03434 s[i]->s.k = IPPROTO_DSTOPTS; 03435 i++; 03436 /* if (A == IPPROTO_ROUTING) goto v6advance */ 03437 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03438 s[i]->s.jt = NULL; /*later*/ 03439 s[i]->s.jf = NULL; /*update in next stmt*/ 03440 s[i]->s.k = IPPROTO_ROUTING; 03441 i++; 03442 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 03443 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03444 s[i]->s.jt = NULL; /*later*/ 03445 s[i]->s.jf = NULL; /*later*/ 03446 s[i]->s.k = IPPROTO_FRAGMENT; 03447 fix3 = i; 03448 v6end = i; 03449 i++; 03450 03451 /* v6advance: */ 03452 v6advance = i; 03453 03454 /* 03455 * in short, 03456 * A = P[X]; 03457 * X = X + (P[X + 1] + 1) * 8; 03458 */ 03459 /* A = X */ 03460 s[i] = new_stmt(BPF_MISC|BPF_TXA); 03461 i++; 03462 /* A = P[X + packet head] */ 03463 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03464 s[i]->s.k = off_nl; 03465 i++; 03466 /* MEM[reg2] = A */ 03467 s[i] = new_stmt(BPF_ST); 03468 s[i]->s.k = reg2; 03469 i++; 03470 /* A = X */ 03471 s[i] = new_stmt(BPF_MISC|BPF_TXA); 03472 i++; 03473 /* A += 1 */ 03474 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03475 s[i]->s.k = 1; 03476 i++; 03477 /* X = A */ 03478 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03479 i++; 03480 /* A = P[X + packet head]; */ 03481 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03482 s[i]->s.k = off_nl; 03483 i++; 03484 /* A += 1 */ 03485 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03486 s[i]->s.k = 1; 03487 i++; 03488 /* A *= 8 */ 03489 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 03490 s[i]->s.k = 8; 03491 i++; 03492 /* X = A; */ 03493 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03494 i++; 03495 /* A = MEM[reg2] */ 03496 s[i] = new_stmt(BPF_LD|BPF_MEM); 03497 s[i]->s.k = reg2; 03498 i++; 03499 03500 /* goto again; (must use BPF_JA for backward jump) */ 03501 s[i] = new_stmt(BPF_JMP|BPF_JA); 03502 s[i]->s.k = again - i - 1; 03503 s[i - 1]->s.jf = s[i]; 03504 i++; 03505 03506 /* fixup */ 03507 for (j = v6start; j <= v6end; j++) 03508 s[j]->s.jt = s[v6advance]; 03509 } else 03510 #endif 03511 { 03512 /* nop */ 03513 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03514 s[i]->s.k = 0; 03515 s[fix2]->s.jf = s[i]; 03516 i++; 03517 } 03518 03519 /* ahcheck: */ 03520 ahcheck = i; 03521 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 03522 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03523 s[i]->s.jt = NULL; /*later*/ 03524 s[i]->s.jf = NULL; /*later*/ 03525 s[i]->s.k = IPPROTO_AH; 03526 if (fix3) 03527 s[fix3]->s.jf = s[ahcheck]; 03528 fix4 = i; 03529 i++; 03530 03531 /* 03532 * in short, 03533 * A = P[X]; 03534 * X = X + (P[X + 1] + 2) * 4; 03535 */ 03536 /* A = X */ 03537 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 03538 i++; 03539 /* A = P[X + packet head]; */ 03540 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03541 s[i]->s.k = off_nl; 03542 i++; 03543 /* MEM[reg2] = A */ 03544 s[i] = new_stmt(BPF_ST); 03545 s[i]->s.k = reg2; 03546 i++; 03547 /* A = X */ 03548 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 03549 i++; 03550 /* A += 1 */ 03551 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03552 s[i]->s.k = 1; 03553 i++; 03554 /* X = A */ 03555 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03556 i++; 03557 /* A = P[X + packet head] */ 03558 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03559 s[i]->s.k = off_nl; 03560 i++; 03561 /* A += 2 */ 03562 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03563 s[i]->s.k = 2; 03564 i++; 03565 /* A *= 4 */ 03566 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 03567 s[i]->s.k = 4; 03568 i++; 03569 /* X = A; */ 03570 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03571 i++; 03572 /* A = MEM[reg2] */ 03573 s[i] = new_stmt(BPF_LD|BPF_MEM); 03574 s[i]->s.k = reg2; 03575 i++; 03576 03577 /* goto again; (must use BPF_JA for backward jump) */ 03578 s[i] = new_stmt(BPF_JMP|BPF_JA); 03579 s[i]->s.k = again - i - 1; 03580 i++; 03581 03582 /* end: nop */ 03583 end = i; 03584 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03585 s[i]->s.k = 0; 03586 s[fix2]->s.jt = s[end]; 03587 s[fix4]->s.jf = s[end]; 03588 s[fix5]->s.jt = s[end]; 03589 i++; 03590 03591 /* 03592 * make slist chain 03593 */ 03594 max = i; 03595 for (i = 0; i < max - 1; i++) 03596 s[i]->next = s[i + 1]; 03597 s[max - 1]->next = NULL; 03598 03599 /* 03600 * emit final check 03601 */ 03602 b = new_block(JMP(BPF_JEQ)); 03603 b->stmts = s[1]; /*remember, s[0] is dummy*/ 03604 b->s.k = v; 03605 03606 free_reg(reg2); 03607 03608 gen_and(b0, b); 03609 return b; 03610 #endif 03611 } 03612 03613 static struct block * 03614 gen_proto(v, proto, dir) 03615 int v; 03616 int proto; 03617 int dir; 03618 { 03619 struct block *b0, *b1; 03620 03621 if (dir != Q_DEFAULT) 03622 bpf_error("direction applied to 'proto'"); 03623 03624 switch (proto) { 03625 case Q_DEFAULT: 03626 #ifdef INET6 03627 b0 = gen_proto(v, Q_IP, dir); 03628 b1 = gen_proto(v, Q_IPV6, dir); 03629 gen_or(b0, b1); 03630 return b1; 03631 #else 03632 /*FALLTHROUGH*/ 03633 #endif 03634 case Q_IP: 03635 /* 03636 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 03637 * not LLC encapsulation with LLCSAP_IP. 03638 * 03639 * For IEEE 802 networks - which includes 802.5 token ring 03640 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 03641 * says that SNAP encapsulation is used, not LLC encapsulation 03642 * with LLCSAP_IP. 03643 * 03644 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 03645 * RFC 2225 say that SNAP encapsulation is used, not LLC 03646 * encapsulation with LLCSAP_IP. 03647 * 03648 * So we always check for ETHERTYPE_IP. 03649 */ 03650 b0 = gen_linktype(ETHERTYPE_IP); 03651 #ifndef CHASE_CHAIN 03652 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 03653 #else 03654 b1 = gen_protochain(v, Q_IP); 03655 #endif 03656 gen_and(b0, b1); 03657 return b1; 03658 03659 case Q_ISO: 03660 switch (linktype) { 03661 03662 case DLT_FRELAY: 03663 /* 03664 * Frame Relay packets typically have an OSI 03665 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)" 03666 * generates code to check for all the OSI 03667 * NLPIDs, so calling it and then adding a check 03668 * for the particular NLPID for which we're 03669 * looking is bogus, as we can just check for 03670 * the NLPID. 03671 * 03672 * What we check for is the NLPID and a frame 03673 * control field value of UI, i.e. 0x03 followed 03674 * by the NLPID. 03675 * 03676 * XXX - assumes a 2-byte Frame Relay header with 03677 * DLCI and flags. What if the address is longer? 03678 * 03679 * XXX - what about SNAP-encapsulated frames? 03680 */ 03681 return gen_cmp(2, BPF_H, (0x03<<8) | v); 03682 break; 03683 03684 case DLT_C_HDLC: 03685 /* 03686 * Cisco uses an Ethertype lookalike - for OSI, 03687 * it's 0xfefe. 03688 */ 03689 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS); 03690 /* OSI in C-HDLC is stuffed with a fudge byte */ 03691 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v); 03692 gen_and(b0, b1); 03693 return b1; 03694 03695 default: 03696 b0 = gen_linktype(LLCSAP_ISONS); 03697 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v); 03698 gen_and(b0, b1); 03699 return b1; 03700 } 03701 03702 case Q_ISIS: 03703 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 03704 /* 03705 * 4 is the offset of the PDU type relative to the IS-IS 03706 * header. 03707 */ 03708 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v); 03709 gen_and(b0, b1); 03710 return b1; 03711 03712 case Q_ARP: 03713 bpf_error("arp does not encapsulate another protocol"); 03714 /* NOTREACHED */ 03715 03716 case Q_RARP: 03717 bpf_error("rarp does not encapsulate another protocol"); 03718 /* NOTREACHED */ 03719 03720 case Q_ATALK: 03721 bpf_error("atalk encapsulation is not specifiable"); 03722 /* NOTREACHED */ 03723 03724 case Q_DECNET: 03725 bpf_error("decnet encapsulation is not specifiable"); 03726 /* NOTREACHED */ 03727 03728 case Q_SCA: 03729 bpf_error("sca does not encapsulate another protocol"); 03730 /* NOTREACHED */ 03731 03732 case Q_LAT: 03733 bpf_error("lat does not encapsulate another protocol"); 03734 /* NOTREACHED */ 03735 03736 case Q_MOPRC: 03737 bpf_error("moprc does not encapsulate another protocol"); 03738 /* NOTREACHED */ 03739 03740 case Q_MOPDL: 03741 bpf_error("mopdl does not encapsulate another protocol"); 03742 /* NOTREACHED */ 03743 03744 case Q_LINK: 03745 return gen_linktype(v); 03746 03747 case Q_UDP: 03748 bpf_error("'udp proto' is bogus"); 03749 /* NOTREACHED */ 03750 03751 case Q_TCP: 03752 bpf_error("'tcp proto' is bogus"); 03753 /* NOTREACHED */ 03754 03755 case Q_SCTP: 03756 bpf_error("'sctp proto' is bogus"); 03757 /* NOTREACHED */ 03758 03759 case Q_ICMP: 03760 bpf_error("'icmp proto' is bogus"); 03761 /* NOTREACHED */ 03762 03763 case Q_IGMP: 03764 bpf_error("'igmp proto' is bogus"); 03765 /* NOTREACHED */ 03766 03767 case Q_IGRP: 03768 bpf_error("'igrp proto' is bogus"); 03769 /* NOTREACHED */ 03770 03771 case Q_PIM: 03772 bpf_error("'pim proto' is bogus"); 03773 /* NOTREACHED */ 03774 03775 case Q_VRRP: 03776 bpf_error("'vrrp proto' is bogus"); 03777 /* NOTREACHED */ 03778 03779 #ifdef INET6 03780 case Q_IPV6: 03781 b0 = gen_linktype(ETHERTYPE_IPV6); 03782 #ifndef CHASE_CHAIN 03783 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 03784 #else 03785 b1 = gen_protochain(v, Q_IPV6); 03786 #endif 03787 gen_and(b0, b1); 03788 return b1; 03789 03790 case Q_ICMPV6: 03791 bpf_error("'icmp6 proto' is bogus"); 03792 #endif /* INET6 */ 03793 03794 case Q_AH: 03795 bpf_error("'ah proto' is bogus"); 03796 03797 case Q_ESP: 03798 bpf_error("'ah proto' is bogus"); 03799 03800 case Q_STP: 03801 bpf_error("'stp proto' is bogus"); 03802 03803 case Q_IPX: 03804 bpf_error("'ipx proto' is bogus"); 03805 03806 case Q_NETBEUI: 03807 bpf_error("'netbeui proto' is bogus"); 03808 03809 default: 03810 abort(); 03811 /* NOTREACHED */ 03812 } 03813 /* NOTREACHED */ 03814 } 03815 03816 struct block * 03817 gen_scode(name, q) 03818 register const char *name; 03819 struct qual q; 03820 { 03821 int proto = q.proto; 03822 int dir = q.dir; 03823 int tproto; 03824 u_char *eaddr; 03825 bpf_u_int32 mask, addr; 03826 #ifndef INET6 03827 bpf_u_int32 **alist; 03828 #else 03829 int tproto6; 03830 struct sockaddr_in *sin; 03831 struct sockaddr_in6 *sin6; 03832 struct addrinfo *res, *res0; 03833 struct in6_addr mask128; 03834 #endif /*INET6*/ 03835 struct block *b, *tmp; 03836 int port, real_proto; 03837 03838 switch (q.addr) { 03839 03840 case Q_NET: 03841 addr = pcap_nametonetaddr(name); 03842 if (addr == 0) 03843 bpf_error("unknown network '%s'", name); 03844 /* Left justify network addr and calculate its network mask */ 03845 mask = 0xffffffff; 03846 while (addr && (addr & 0xff000000) == 0) { 03847 addr <<= 8; 03848 mask <<= 8; 03849 } 03850 return gen_host(addr, mask, proto, dir); 03851 03852 case Q_DEFAULT: 03853 case Q_HOST: 03854 if (proto == Q_LINK) { 03855 switch (linktype) { 03856 03857 case DLT_EN10MB: 03858 eaddr = pcap_ether_hostton(name); 03859 if (eaddr == NULL) 03860 bpf_error( 03861 "unknown ether host '%s'", name); 03862 b = gen_ehostop(eaddr, dir); 03863 free(eaddr); 03864 return b; 03865 03866 case DLT_FDDI: 03867 eaddr = pcap_ether_hostton(name); 03868 if (eaddr == NULL) 03869 bpf_error( 03870 "unknown FDDI host '%s'", name); 03871 b = gen_fhostop(eaddr, dir); 03872 free(eaddr); 03873 return b; 03874 03875 case DLT_IEEE802: 03876 eaddr = pcap_ether_hostton(name); 03877 if (eaddr == NULL) 03878 bpf_error( 03879 "unknown token ring host '%s'", name); 03880 b = gen_thostop(eaddr, dir); 03881 free(eaddr); 03882 return b; 03883 03884 case DLT_IEEE802_11: 03885 eaddr = pcap_ether_hostton(name); 03886 if (eaddr == NULL) 03887 bpf_error( 03888 "unknown 802.11 host '%s'", name); 03889 b = gen_wlanhostop(eaddr, dir); 03890 free(eaddr); 03891 return b; 03892 03893 case DLT_IP_OVER_FC: 03894 eaddr = pcap_ether_hostton(name); 03895 if (eaddr == NULL) 03896 bpf_error( 03897 "unknown Fibre Channel host '%s'", name); 03898 b = gen_ipfchostop(eaddr, dir); 03899 free(eaddr); 03900 return b; 03901 03902 case DLT_SUNATM: 03903 if (!is_lane) 03904 break; 03905 03906 /* 03907 * Check that the packet doesn't begin 03908 * with an LE Control marker. (We've 03909 * already generated a test for LANE.) 03910 */ 03911 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 03912 0xFF00); 03913 gen_not(tmp); 03914 03915 eaddr = pcap_ether_hostton(name); 03916 if (eaddr == NULL) 03917 bpf_error( 03918 "unknown ether host '%s'", name); 03919 b = gen_ehostop(eaddr, dir); 03920 gen_and(tmp, b); 03921 free(eaddr); 03922 return b; 03923 } 03924 03925 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name"); 03926 } else if (proto == Q_DECNET) { 03927 unsigned short dn_addr = __pcap_nametodnaddr(name); 03928 /* 03929 * I don't think DECNET hosts can be multihomed, so 03930 * there is no need to build up a list of addresses 03931 */ 03932 return (gen_host(dn_addr, 0, proto, dir)); 03933 } else { 03934 #ifndef INET6 03935 alist = pcap_nametoaddr(name); 03936 if (alist == NULL || *alist == NULL) 03937 bpf_error("unknown host '%s'", name); 03938 tproto = proto; 03939 if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT) 03940 tproto = Q_IP; 03941 b = gen_host(**alist++, 0xffffffff, tproto, dir); 03942 while (*alist) { 03943 tmp = gen_host(**alist++, 0xffffffff, 03944 tproto, dir); 03945 gen_or(b, tmp); 03946 b = tmp; 03947 } 03948 return b; 03949 #else 03950 memset(&mask128, 0xff, sizeof(mask128)); 03951 res0 = res = pcap_nametoaddrinfo(name); 03952 if (res == NULL) 03953 bpf_error("unknown host '%s'", name); 03954 b = tmp = NULL; 03955 tproto = tproto6 = proto; 03956 if (off_linktype == -1 && tproto == Q_DEFAULT) { 03957 tproto = Q_IP; 03958 tproto6 = Q_IPV6; 03959 } 03960 for (res = res0; res; res = res->ai_next) { 03961 switch (res->ai_family) { 03962 case AF_INET: 03963 if (tproto == Q_IPV6) 03964 continue; 03965 03966 sin = (struct sockaddr_in *) 03967 res->ai_addr; 03968 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 03969 0xffffffff, tproto, dir); 03970 break; 03971 case AF_INET6: 03972 if (tproto6 == Q_IP) 03973 continue; 03974 03975 sin6 = (struct sockaddr_in6 *) 03976 res->ai_addr; 03977 tmp = gen_host6(&sin6->sin6_addr, 03978 &mask128, tproto6, dir); 03979 break; 03980 default: 03981 continue; 03982 } 03983 if (b) 03984 gen_or(b, tmp); 03985 b = tmp; 03986 } 03987 freeaddrinfo(res0); 03988 if (b == NULL) { 03989 bpf_error("unknown host '%s'%s", name, 03990 (proto == Q_DEFAULT) 03991 ? "" 03992 : " for specified address family"); 03993 } 03994 return b; 03995 #endif /*INET6*/ 03996 } 03997 03998 case Q_PORT: 03999 if (proto != Q_DEFAULT && 04000 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 04001 bpf_error("illegal qualifier of 'port'"); 04002 if (pcap_nametoport(name, &port, &real_proto) == 0) 04003 bpf_error("unknown port '%s'", name); 04004 if (proto == Q_UDP) { 04005 if (real_proto == IPPROTO_TCP) 04006 bpf_error("port '%s' is tcp", name); 04007 else if (real_proto == IPPROTO_SCTP) 04008 bpf_error("port '%s' is sctp", name); 04009 else 04010 /* override PROTO_UNDEF */ 04011 real_proto = IPPROTO_UDP; 04012 } 04013 if (proto == Q_TCP) { 04014 if (real_proto == IPPROTO_UDP) 04015 bpf_error("port '%s' is udp", name); 04016 04017 else if (real_proto == IPPROTO_SCTP) 04018 bpf_error("port '%s' is sctp", name); 04019 else 04020 /* override PROTO_UNDEF */ 04021 real_proto = IPPROTO_TCP; 04022 } 04023 if (proto == Q_SCTP) { 04024 if (real_proto == IPPROTO_UDP) 04025 bpf_error("port '%s' is udp", name); 04026 04027 else if (real_proto == IPPROTO_TCP) 04028 bpf_error("port '%s' is tcp", name); 04029 else 04030 /* override PROTO_UNDEF */ 04031 real_proto = IPPROTO_SCTP; 04032 } 04033 #ifndef INET6 04034 return gen_port(port, real_proto, dir); 04035 #else 04036 { 04037 struct block *b; 04038 b = gen_port(port, real_proto, dir); 04039 gen_or(gen_port6(port, real_proto, dir), b); 04040 return b; 04041 } 04042 #endif /* INET6 */ 04043 04044 case Q_GATEWAY: 04045 #ifndef INET6 04046 eaddr = pcap_ether_hostton(name); 04047 if (eaddr == NULL) 04048 bpf_error("unknown ether host: %s", name); 04049 04050 alist = pcap_nametoaddr(name); 04051 if (alist == NULL || *alist == NULL) 04052 bpf_error("unknown host '%s'", name); 04053 b = gen_gateway(eaddr, alist, proto, dir); 04054 free(eaddr); 04055 return b; 04056 #else 04057 bpf_error("'gateway' not supported in this configuration"); 04058 #endif /*INET6*/ 04059 04060 case Q_PROTO: 04061 real_proto = lookup_proto(name, proto); 04062 if (real_proto >= 0) 04063 return gen_proto(real_proto, proto, dir); 04064 else 04065 bpf_error("unknown protocol: %s", name); 04066 04067 case Q_PROTOCHAIN: 04068 real_proto = lookup_proto(name, proto); 04069 if (real_proto >= 0) 04070 return gen_protochain(real_proto, proto, dir); 04071 else 04072 bpf_error("unknown protocol: %s", name); 04073 04074 04075 case Q_UNDEF: 04076 syntax(); 04077 /* NOTREACHED */ 04078 } 04079 abort(); 04080 /* NOTREACHED */ 04081 } 04082 04083 struct block * 04084 gen_mcode(s1, s2, masklen, q) 04085 register const char *s1, *s2; 04086 register int masklen; 04087 struct qual q; 04088 { 04089 register int nlen, mlen; 04090 bpf_u_int32 n, m; 04091 04092 nlen = __pcap_atoin(s1, &n); 04093 /* Promote short ipaddr */ 04094 n <<= 32 - nlen; 04095 04096 if (s2 != NULL) { 04097 mlen = __pcap_atoin(s2, &m); 04098 /* Promote short ipaddr */ 04099 m <<= 32 - mlen; 04100 if ((n & ~m) != 0) 04101 bpf_error("non-network bits set in \"%s mask %s\"", 04102 s1, s2); 04103 } else { 04104 /* Convert mask len to mask */ 04105 if (masklen > 32) 04106 bpf_error("mask length must be <= 32"); 04107 m = 0xffffffff << (32 - masklen); 04108 if ((n & ~m) != 0) 04109 bpf_error("non-network bits set in \"%s/%d\"", 04110 s1, masklen); 04111 } 04112 04113 switch (q.addr) { 04114 04115 case Q_NET: 04116 return gen_host(n, m, q.proto, q.dir); 04117 04118 default: 04119 bpf_error("Mask syntax for networks only"); 04120 /* NOTREACHED */ 04121 } 04122 } 04123 04124 struct block * 04125 gen_ncode(s, v, q) 04126 register const char *s; 04127 bpf_u_int32 v; 04128 struct qual q; 04129 { 04130 bpf_u_int32 mask; 04131 int proto = q.proto; 04132 int dir = q.dir; 04133 register int vlen; 04134 04135 if (s == NULL) 04136 vlen = 32; 04137 else if (q.proto == Q_DECNET) 04138 vlen = __pcap_atodn(s, &v); 04139 else 04140 vlen = __pcap_atoin(s, &v); 04141 04142 switch (q.addr) { 04143 04144 case Q_DEFAULT: 04145 case Q_HOST: 04146 case Q_NET: 04147 if (proto == Q_DECNET) 04148 return gen_host(v, 0, proto, dir); 04149 else if (proto == Q_LINK) { 04150 bpf_error("illegal link layer address"); 04151 } else { 04152 mask = 0xffffffff; 04153 if (s == NULL && q.addr == Q_NET) { 04154 /* Promote short net number */ 04155 while (v && (v & 0xff000000) == 0) { 04156 v <<= 8; 04157 mask <<= 8; 04158 } 04159 } else { 04160 /* Promote short ipaddr */ 04161 v <<= 32 - vlen; 04162 mask <<= 32 - vlen; 04163 } 04164 return gen_host(v, mask, proto, dir); 04165 } 04166 04167 case Q_PORT: 04168 if (proto == Q_UDP) 04169 proto = IPPROTO_UDP; 04170 else if (proto == Q_TCP) 04171 proto = IPPROTO_TCP; 04172 else if (proto == Q_SCTP) 04173 proto = IPPROTO_SCTP; 04174 else if (proto == Q_DEFAULT) 04175 proto = PROTO_UNDEF; 04176 else 04177 bpf_error("illegal qualifier of 'port'"); 04178 04179 #ifndef INET6 04180 return gen_port((int)v, proto, dir); 04181 #else 04182 { 04183 struct block *b; 04184 b = gen_port((int)v, proto, dir); 04185 gen_or(gen_port6((int)v, proto, dir), b); 04186 return b; 04187 } 04188 #endif /* INET6 */ 04189 04190 case Q_GATEWAY: 04191 bpf_error("'gateway' requires a name"); 04192 /* NOTREACHED */ 04193 04194 case Q_PROTO: 04195 return gen_proto((int)v, proto, dir); 04196 04197 case Q_PROTOCHAIN: 04198 return gen_protochain((int)v, proto, dir); 04199 04200 case Q_UNDEF: 04201 syntax(); 04202 /* NOTREACHED */ 04203 04204 default: 04205 abort(); 04206 /* NOTREACHED */ 04207 } 04208 /* NOTREACHED */ 04209 } 04210 04211 #ifdef INET6 04212 struct block * 04213 gen_mcode6(s1, s2, masklen, q) 04214 register const char *s1, *s2; 04215 register int masklen; 04216 struct qual q; 04217 { 04218 struct addrinfo *res; 04219 struct in6_addr *addr; 04220 struct in6_addr mask; 04221 struct block *b; 04222 u_int32_t *a, *m; 04223 04224 if (s2) 04225 bpf_error("no mask %s supported", s2); 04226 04227 res = pcap_nametoaddrinfo(s1); 04228 if (!res) 04229 bpf_error("invalid ip6 address %s", s1); 04230 if (res->ai_next) 04231 bpf_error("%s resolved to multiple address", s1); 04232 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 04233 04234 if (sizeof(mask) * 8 < masklen) 04235 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 04236 memset(&mask, 0, sizeof(mask)); 04237 memset(&mask, 0xff, masklen / 8); 04238 if (masklen % 8) { 04239 mask.s6_addr[masklen / 8] = 04240 (0xff << (8 - masklen % 8)) & 0xff; 04241 } 04242 04243 a = (u_int32_t *)addr; 04244 m = (u_int32_t *)&mask; 04245 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 04246 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 04247 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 04248 } 04249 04250 switch (q.addr) { 04251 04252 case Q_DEFAULT: 04253 case Q_HOST: 04254 if (masklen != 128) 04255 bpf_error("Mask syntax for networks only"); 04256 /* FALLTHROUGH */ 04257 04258 case Q_NET: 04259 b = gen_host6(addr, &mask, q.proto, q.dir); 04260 freeaddrinfo(res); 04261 return b; 04262 04263 default: 04264 bpf_error("invalid qualifier against IPv6 address"); 04265 /* NOTREACHED */ 04266 } 04267 } 04268 #endif /*INET6*/ 04269 04270 struct block * 04271 gen_ecode(eaddr, q) 04272 register const u_char *eaddr; 04273 struct qual q; 04274 { 04275 struct block *b, *tmp; 04276 04277 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 04278 if (linktype == DLT_EN10MB) 04279 return gen_ehostop(eaddr, (int)q.dir); 04280 if (linktype == DLT_FDDI) 04281 return gen_fhostop(eaddr, (int)q.dir); 04282 if (linktype == DLT_IEEE802) 04283 return gen_thostop(eaddr, (int)q.dir); 04284 if (linktype == DLT_IEEE802_11) 04285 return gen_wlanhostop(eaddr, (int)q.dir); 04286 if (linktype == DLT_SUNATM && is_lane) { 04287 /* 04288 * Check that the packet doesn't begin with an 04289 * LE Control marker. (We've already generated 04290 * a test for LANE.) 04291 */ 04292 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 04293 gen_not(tmp); 04294 04295 /* 04296 * Now check the MAC address. 04297 */ 04298 b = gen_ehostop(eaddr, (int)q.dir); 04299 gen_and(tmp, b); 04300 return b; 04301 } 04302 if (linktype == DLT_IP_OVER_FC) 04303 return gen_ipfchostop(eaddr, (int)q.dir); 04304 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 04305 } 04306 bpf_error("ethernet address used in non-ether expression"); 04307 /* NOTREACHED */ 04308 } 04309 04310 void 04311 sappend(s0, s1) 04312 struct slist *s0, *s1; 04313 { 04314 /* 04315 * This is definitely not the best way to do this, but the 04316 * lists will rarely get long. 04317 */ 04318 while (s0->next) 04319 s0 = s0->next; 04320 s0->next = s1; 04321 } 04322 04323 static struct slist * 04324 xfer_to_x(a) 04325 struct arth *a; 04326 { 04327 struct slist *s; 04328 04329 s = new_stmt(BPF_LDX|BPF_MEM); 04330 s->s.k = a->regno; 04331 return s; 04332 } 04333 04334 static struct slist * 04335 xfer_to_a(a) 04336 struct arth *a; 04337 { 04338 struct slist *s; 04339 04340 s = new_stmt(BPF_LD|BPF_MEM); 04341 s->s.k = a->regno; 04342 return s; 04343 } 04344 04345 struct arth * 04346 gen_load(proto, index, size) 04347 int proto; 04348 struct arth *index; 04349 int size; 04350 { 04351 struct slist *s, *tmp; 04352 struct block *b; 04353 int regno = alloc_reg(); 04354 04355 free_reg(index->regno); 04356 switch (size) { 04357 04358 default: 04359 bpf_error("data size must be 1, 2, or 4"); 04360 04361 case 1: 04362 size = BPF_B; 04363 break; 04364 04365 case 2: 04366 size = BPF_H; 04367 break; 04368 04369 case 4: 04370 size = BPF_W; 04371 break; 04372 } 04373 switch (proto) { 04374 default: 04375 bpf_error("unsupported index operation"); 04376 04377 case Q_LINK: 04378 /* 04379 * XXX - what about ATM LANE? Should the index be 04380 * relative to the beginning of the AAL5 frame, so 04381 * that 0 refers to the beginning of the LE Control 04382 * field, or relative to the beginning of the LAN 04383 * frame, so that 0 refers, for Ethernet LANE, to 04384 * the beginning of the destination address? 04385 */ 04386 s = xfer_to_x(index); 04387 tmp = new_stmt(BPF_LD|BPF_IND|size); 04388 sappend(s, tmp); 04389 sappend(index->s, s); 04390 break; 04391 04392 case Q_IP: 04393 case Q_ARP: 04394 case Q_RARP: 04395 case Q_ATALK: 04396 case Q_DECNET: 04397 case Q_SCA: 04398 case Q_LAT: 04399 case Q_MOPRC: 04400 case Q_MOPDL: 04401 #ifdef INET6 04402 case Q_IPV6: 04403 #endif 04404 /* XXX Note that we assume a fixed link header here. */ 04405 s = xfer_to_x(index); 04406 tmp = new_stmt(BPF_LD|BPF_IND|size); 04407 tmp->s.k = off_nl; 04408 sappend(s, tmp); 04409 sappend(index->s, s); 04410 04411 b = gen_proto_abbrev(proto); 04412 if (index->b) 04413 gen_and(index->b, b); 04414 index->b = b; 04415 break; 04416 04417 case Q_SCTP: 04418 case Q_TCP: 04419 case Q_UDP: 04420 case Q_ICMP: 04421 case Q_IGMP: 04422 case Q_IGRP: 04423 case Q_PIM: 04424 case Q_VRRP: 04425 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 04426 s->s.k = off_nl; 04427 sappend(s, xfer_to_a(index)); 04428 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 04429 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 04430 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 04431 tmp->s.k = off_nl; 04432 sappend(index->s, s); 04433 04434 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 04435 if (index->b) 04436 gen_and(index->b, b); 04437 #ifdef INET6 04438 gen_and(gen_proto_abbrev(Q_IP), b); 04439 #endif 04440 index->b = b; 04441 break; 04442 #ifdef INET6 04443 case Q_ICMPV6: 04444 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 04445 /*NOTREACHED*/ 04446 #endif 04447 } 04448 index->regno = regno; 04449 s = new_stmt(BPF_ST); 04450 s->s.k = regno; 04451 sappend(index->s, s); 04452 04453 return index; 04454 } 04455 04456 struct block * 04457 gen_relation(code, a0, a1, reversed) 04458 int code; 04459 struct arth *a0, *a1; 04460 int reversed; 04461 { 04462 struct slist *s0, *s1, *s2; 04463 struct block *b, *tmp; 04464 04465 s0 = xfer_to_x(a1); 04466 s1 = xfer_to_a(a0); 04467 if (code == BPF_JEQ) { 04468 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 04469 b = new_block(JMP(code)); 04470 sappend(s1, s2); 04471 } 04472 else 04473 b = new_block(BPF_JMP|code|BPF_X); 04474 if (reversed) 04475 gen_not(b); 04476 04477 sappend(s0, s1); 04478 sappend(a1->s, s0); 04479 sappend(a0->s, a1->s); 04480 04481 b->stmts = a0->s; 04482 04483 free_reg(a0->regno); 04484 free_reg(a1->regno); 04485 04486 /* 'and' together protocol checks */ 04487 if (a0->b) { 04488 if (a1->b) { 04489 gen_and(a0->b, tmp = a1->b); 04490 } 04491 else 04492 tmp = a0->b; 04493 } else 04494 tmp = a1->b; 04495 04496 if (tmp) 04497 gen_and(tmp, b); 04498 04499 return b; 04500 } 04501 04502 struct arth * 04503 gen_loadlen() 04504 { 04505 int regno = alloc_reg(); 04506 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 04507 struct slist *s; 04508 04509 s = new_stmt(BPF_LD|BPF_LEN); 04510 s->next = new_stmt(BPF_ST); 04511 s->next->s.k = regno; 04512 a->s = s; 04513 a->regno = regno; 04514 04515 return a; 04516 } 04517 04518 struct arth * 04519 gen_loadi(val) 04520 int val; 04521 { 04522 struct arth *a; 04523 struct slist *s; 04524 int reg; 04525 04526 a = (struct arth *)newchunk(sizeof(*a)); 04527 04528 reg = alloc_reg(); 04529 04530 s = new_stmt(BPF_LD|BPF_IMM); 04531 s->s.k = val; 04532 s->next = new_stmt(BPF_ST); 04533 s->next->s.k = reg; 04534 a->s = s; 04535 a->regno = reg; 04536 04537 return a; 04538 } 04539 04540 struct arth * 04541 gen_neg(a) 04542 struct arth *a; 04543 { 04544 struct slist *s; 04545 04546 s = xfer_to_a(a); 04547 sappend(a->s, s); 04548 s = new_stmt(BPF_ALU|BPF_NEG); 04549 s->s.k = 0; 04550 sappend(a->s, s); 04551 s = new_stmt(BPF_ST); 04552 s->s.k = a->regno; 04553 sappend(a->s, s); 04554 04555 return a; 04556 } 04557 04558 struct arth * 04559 gen_arth(code, a0, a1) 04560 int code; 04561 struct arth *a0, *a1; 04562 { 04563 struct slist *s0, *s1, *s2; 04564 04565 s0 = xfer_to_x(a1); 04566 s1 = xfer_to_a(a0); 04567 s2 = new_stmt(BPF_ALU|BPF_X|code); 04568 04569 sappend(s1, s2); 04570 sappend(s0, s1); 04571 sappend(a1->s, s0); 04572 sappend(a0->s, a1->s); 04573 04574 free_reg(a0->regno); 04575 free_reg(a1->regno); 04576 04577 s0 = new_stmt(BPF_ST); 04578 a0->regno = s0->s.k = alloc_reg(); 04579 sappend(a0->s, s0); 04580 04581 return a0; 04582 } 04583 04584 /* 04585 * Here we handle simple allocation of the scratch registers. 04586 * If too many registers are alloc'd, the allocator punts. 04587 */ 04588 static int regused[BPF_MEMWORDS]; 04589 static int curreg; 04590 04591 /* 04592 * Return the next free register. 04593 */ 04594 static int 04595 alloc_reg() 04596 { 04597 int n = BPF_MEMWORDS; 04598 04599 while (--n >= 0) { 04600 if (regused[curreg]) 04601 curreg = (curreg + 1) % BPF_MEMWORDS; 04602 else { 04603 regused[curreg] = 1; 04604 return curreg; 04605 } 04606 } 04607 bpf_error("too many registers needed to evaluate expression"); 04608 /* NOTREACHED */ 04609 } 04610 04611 /* 04612 * Return a register to the table so it can 04613 * be used later. 04614 */ 04615 static void 04616 free_reg(n) 04617 int n; 04618 { 04619 regused[n] = 0; 04620 } 04621 04622 static struct block * 04623 gen_len(jmp, n) 04624 int jmp, n; 04625 { 04626 struct slist *s; 04627 struct block *b; 04628 04629 s = new_stmt(BPF_LD|BPF_LEN); 04630 b = new_block(JMP(jmp)); 04631 b->stmts = s; 04632 b->s.k = n; 04633 04634 return b; 04635 } 04636 04637 struct block * 04638 gen_greater(n) 04639 int n; 04640 { 04641 return gen_len(BPF_JGE, n); 04642 } 04643 04644 /* 04645 * Actually, this is less than or equal. 04646 */ 04647 struct block * 04648 gen_less(n) 04649 int n; 04650 { 04651 struct block *b; 04652 04653 b = gen_len(BPF_JGT, n); 04654 gen_not(b); 04655 04656 return b; 04657 } 04658 04659 struct block * 04660 gen_byteop(op, idx, val) 04661 int op, idx, val; 04662 { 04663 struct block *b; 04664 struct slist *s; 04665 04666 switch (op) { 04667 default: 04668 abort(); 04669 04670 case '=': 04671 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 04672 04673 case '<': 04674 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 04675 b->s.code = JMP(BPF_JGE); 04676 gen_not(b); 04677 return b; 04678 04679 case '>': 04680 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 04681 b->s.code = JMP(BPF_JGT); 04682 return b; 04683 04684 case '|': 04685 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 04686 break; 04687 04688 case '&': 04689 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 04690 break; 04691 } 04692 s->s.k = val; 04693 b = new_block(JMP(BPF_JEQ)); 04694 b->stmts = s; 04695 gen_not(b); 04696 04697 return b; 04698 } 04699 04700 static u_char abroadcast[] = { 0x0 }; 04701 04702 struct block * 04703 gen_broadcast(proto) 04704 int proto; 04705 { 04706 bpf_u_int32 hostmask; 04707 struct block *b0, *b1, *b2; 04708 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 04709 04710 switch (proto) { 04711 04712 case Q_DEFAULT: 04713 case Q_LINK: 04714 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 04715 return gen_ahostop(abroadcast, Q_DST); 04716 if (linktype == DLT_EN10MB) 04717 return gen_ehostop(ebroadcast, Q_DST); 04718 if (linktype == DLT_FDDI) 04719 return gen_fhostop(ebroadcast, Q_DST); 04720 if (linktype == DLT_IEEE802) 04721 return gen_thostop(ebroadcast, Q_DST); 04722 if (linktype == DLT_IEEE802_11) 04723 return gen_wlanhostop(ebroadcast, Q_DST); 04724 if (linktype == DLT_IP_OVER_FC) 04725 return gen_ipfchostop(ebroadcast, Q_DST); 04726 if (linktype == DLT_SUNATM && is_lane) { 04727 /* 04728 * Check that the packet doesn't begin with an 04729 * LE Control marker. (We've already generated 04730 * a test for LANE.) 04731 */ 04732 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 04733 gen_not(b1); 04734 04735 /* 04736 * Now check the MAC address. 04737 */ 04738 b0 = gen_ehostop(ebroadcast, Q_DST); 04739 gen_and(b1, b0); 04740 return b0; 04741 } 04742 bpf_error("not a broadcast link"); 04743 break; 04744 04745 case Q_IP: 04746 b0 = gen_linktype(ETHERTYPE_IP); 04747 hostmask = ~netmask; 04748 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 04749 b2 = gen_mcmp(off_nl + 16, BPF_W, 04750 (bpf_int32)(~0 & hostmask), hostmask); 04751 gen_or(b1, b2); 04752 gen_and(b0, b2); 04753 return b2; 04754 } 04755 bpf_error("only link-layer/IP broadcast filters supported"); 04756 } 04757 04758 /* 04759 * Generate code to test the low-order bit of a MAC address (that's 04760 * the bottom bit of the *first* byte). 04761 */ 04762 static struct block * 04763 gen_mac_multicast(offset) 04764 int offset; 04765 { 04766 register struct block *b0; 04767 register struct slist *s; 04768 04769 /* link[offset] & 1 != 0 */ 04770 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04771 s->s.k = offset; 04772 b0 = new_block(JMP(BPF_JSET)); 04773 b0->s.k = 1; 04774 b0->stmts = s; 04775 return b0; 04776 } 04777 04778 struct block * 04779 gen_multicast(proto) 04780 int proto; 04781 { 04782 register struct block *b0, *b1, *b2; 04783 register struct slist *s; 04784 04785 switch (proto) { 04786 04787 case Q_DEFAULT: 04788 case Q_LINK: 04789 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 04790 /* all ARCnet multicasts use the same address */ 04791 return gen_ahostop(abroadcast, Q_DST); 04792 04793 if (linktype == DLT_EN10MB) { 04794 /* ether[0] & 1 != 0 */ 04795 return gen_mac_multicast(0); 04796 } 04797 04798 if (linktype == DLT_FDDI) { 04799 /* 04800 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX 04801 * 04802 * XXX - was that referring to bit-order issues? 04803 */ 04804 /* fddi[1] & 1 != 0 */ 04805 return gen_mac_multicast(1); 04806 } 04807 04808 if (linktype == DLT_IEEE802) { 04809 /* tr[2] & 1 != 0 */ 04810 return gen_mac_multicast(2); 04811 } 04812 04813 if (linktype == DLT_IEEE802_11) { 04814 /* 04815 * Oh, yuk. 04816 * 04817 * For control frames, there is no DA. 04818 * 04819 * For management frames, DA is at an 04820 * offset of 4 from the beginning of 04821 * the packet. 04822 * 04823 * For data frames, DA is at an offset 04824 * of 4 from the beginning of the packet 04825 * if To DS is clear and at an offset of 04826 * 16 from the beginning of the packet 04827 * if To DS is set. 04828 */ 04829 04830 /* 04831 * Generate the tests to be done for data frames. 04832 * 04833 * First, check for To DS set, i.e. "link[1] & 0x01". 04834 */ 04835 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04836 s->s.k = 1; 04837 b1 = new_block(JMP(BPF_JSET)); 04838 b1->s.k = 0x01; /* To DS */ 04839 b1->stmts = s; 04840 04841 /* 04842 * If To DS is set, the DA is at 16. 04843 */ 04844 b0 = gen_mac_multicast(16); 04845 gen_and(b1, b0); 04846 04847 /* 04848 * Now, check for To DS not set, i.e. check 04849 * "!(link[1] & 0x01)". 04850 */ 04851 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04852 s->s.k = 1; 04853 b2 = new_block(JMP(BPF_JSET)); 04854 b2->s.k = 0x01; /* To DS */ 04855 b2->stmts = s; 04856 gen_not(b2); 04857 04858 /* 04859 * If To DS is not set, the DA is at 4. 04860 */ 04861 b1 = gen_mac_multicast(4); 04862 gen_and(b2, b1); 04863 04864 /* 04865 * Now OR together the last two checks. That gives 04866 * the complete set of checks for data frames. 04867 */ 04868 gen_or(b1, b0); 04869 04870 /* 04871 * Now check for a data frame. 04872 * I.e, check "link[0] & 0x08". 04873 */ 04874 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04875 s->s.k = 0; 04876 b1 = new_block(JMP(BPF_JSET)); 04877 b1->s.k = 0x08; 04878 b1->stmts = s; 04879 04880 /* 04881 * AND that with the checks done for data frames. 04882 */ 04883 gen_and(b1, b0); 04884 04885 /* 04886 * If the high-order bit of the type value is 0, this 04887 * is a management frame. 04888 * I.e, check "!(link[0] & 0x08)". 04889 */ 04890 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04891 s->s.k = 0; 04892 b2 = new_block(JMP(BPF_JSET)); 04893 b2->s.k = 0x08; 04894 b2->stmts = s; 04895 gen_not(b2); 04896 04897 /* 04898 * For management frames, the DA is at 4. 04899 */ 04900 b1 = gen_mac_multicast(4); 04901 gen_and(b2, b1); 04902 04903 /* 04904 * OR that with the checks done for data frames. 04905 * That gives the checks done for management and 04906 * data frames. 04907 */ 04908 gen_or(b1, b0); 04909 04910 /* 04911 * If the low-order bit of the type value is 1, 04912 * this is either a control frame or a frame 04913 * with a reserved type, and thus not a 04914 * frame with an SA. 04915 * 04916 * I.e., check "!(link[0] & 0x04)". 04917 */ 04918 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04919 s->s.k = 0; 04920 b1 = new_block(JMP(BPF_JSET)); 04921 b1->s.k = 0x04; 04922 b1->stmts = s; 04923 gen_not(b1); 04924 04925 /* 04926 * AND that with the checks for data and management 04927 * frames. 04928 */ 04929 gen_and(b1, b0); 04930 return b0; 04931 } 04932 04933 if (linktype == DLT_IP_OVER_FC) { 04934 b0 = gen_mac_multicast(2); 04935 return b0; 04936 } 04937 04938 if (linktype == DLT_SUNATM && is_lane) { 04939 /* 04940 * Check that the packet doesn't begin with an 04941 * LE Control marker. (We've already generated 04942 * a test for LANE.) 04943 */ 04944 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 04945 gen_not(b1); 04946 04947 /* ether[off_mac] & 1 != 0 */ 04948 b0 = gen_mac_multicast(off_mac); 04949 gen_and(b1, b0); 04950 return b0; 04951 } 04952 04953 /* Link not known to support multicasts */ 04954 break; 04955 04956 case Q_IP: 04957 b0 = gen_linktype(ETHERTYPE_IP); 04958 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 04959 b1->s.code = JMP(BPF_JGE); 04960 gen_and(b0, b1); 04961 return b1; 04962 04963 #ifdef INET6 04964 case Q_IPV6: 04965 b0 = gen_linktype(ETHERTYPE_IPV6); 04966 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 04967 gen_and(b0, b1); 04968 return b1; 04969 #endif /* INET6 */ 04970 } 04971 bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 04972 } 04973 04974 /* 04975 * generate command for inbound/outbound. It's here so we can 04976 * make it link-type specific. 'dir' = 0 implies "inbound", 04977 * = 1 implies "outbound". 04978 */ 04979 struct block * 04980 gen_inbound(dir) 04981 int dir; 04982 { 04983 register struct block *b0; 04984 04985 /* 04986 * Only some data link types support inbound/outbound qualifiers. 04987 */ 04988 switch (linktype) { 04989 case DLT_SLIP: 04990 b0 = gen_relation(BPF_JEQ, 04991 gen_load(Q_LINK, gen_loadi(0), 1), 04992 gen_loadi(0), 04993 dir); 04994 break; 04995 04996 case DLT_LINUX_SLL: 04997 if (dir) { 04998 /* 04999 * Match packets sent by this machine. 05000 */ 05001 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING); 05002 } else { 05003 /* 05004 * Match packets sent to this machine. 05005 * (No broadcast or multicast packets, or 05006 * packets sent to some other machine and 05007 * received promiscuously.) 05008 * 05009 * XXX - packets sent to other machines probably 05010 * shouldn't be matched, but what about broadcast 05011 * or multicast packets we received? 05012 */ 05013 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST); 05014 } 05015 break; 05016 05017 case DLT_PFLOG: 05018 b0 = gen_cmp(26, BPF_H, 05019 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 05020 break; 05021 05022 default: 05023 bpf_error("inbound/outbound not supported on linktype %d", 05024 linktype); 05025 b0 = NULL; 05026 /* NOTREACHED */ 05027 } 05028 return (b0); 05029 } 05030 05031 /* PF firewall log matched interface */ 05032 struct block * 05033 gen_pf_ifname(const char *ifname) 05034 { 05035 if (linktype != DLT_PFLOG) { 05036 bpf_error("ifname supported only for DLT_PFLOG"); 05037 /* NOTREACHED */ 05038 } 05039 if (strlen(ifname) >= 16) { 05040 bpf_error("ifname interface names can't be larger than 16 characters"); 05041 /* NOTREACHED */ 05042 } 05043 return (gen_bcmp(4, strlen(ifname), (const u_char *)ifname)); 05044 } 05045 05046 05047 /* PF firewall log rule number */ 05048 struct block * 05049 gen_pf_rnr(int rnr) 05050 { 05051 if (linktype != DLT_PFLOG) { 05052 bpf_error("rnr supported only for DLT_PFLOG"); 05053 /* NOTREACHED */ 05054 } 05055 05056 return (gen_cmp(20, BPF_H, (bpf_int32)rnr)); 05057 } 05058 05059 /* PF firewall log reason code */ 05060 struct block * 05061 gen_pf_reason(int reason) 05062 { 05063 if (linktype != DLT_PFLOG) { 05064 bpf_error("reason supported only for DLT_PFLOG"); 05065 /* NOTREACHED */ 05066 } 05067 05068 return (gen_cmp(22, BPF_H, (bpf_int32)reason)); 05069 } 05070 05071 /* PF firewall log action */ 05072 struct block * 05073 gen_pf_action(int action) 05074 { 05075 if (linktype != DLT_PFLOG) { 05076 bpf_error("action supported only for DLT_PFLOG"); 05077 /* NOTREACHED */ 05078 } 05079 05080 return (gen_cmp(24, BPF_H, (bpf_int32)action)); 05081 } 05082 05083 struct block * 05084 gen_acode(eaddr, q) 05085 register const u_char *eaddr; 05086 struct qual q; 05087 { 05088 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 05089 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 05090 return gen_ahostop(eaddr, (int)q.dir); 05091 } 05092 bpf_error("ARCnet address used in non-arc expression"); 05093 /* NOTREACHED */ 05094 } 05095 05096 static struct block * 05097 gen_ahostop(eaddr, dir) 05098 register const u_char *eaddr; 05099 register int dir; 05100 { 05101 register struct block *b0, *b1; 05102 05103 switch (dir) { 05104 /* src comes first, different from Ethernet */ 05105 case Q_SRC: 05106 return gen_bcmp(0, 1, eaddr); 05107 05108 case Q_DST: 05109 return gen_bcmp(1, 1, eaddr); 05110 05111 case Q_AND: 05112 b0 = gen_ahostop(eaddr, Q_SRC); 05113 b1 = gen_ahostop(eaddr, Q_DST); 05114 gen_and(b0, b1); 05115 return b1; 05116 05117 case Q_DEFAULT: 05118 case Q_OR: 05119 b0 = gen_ahostop(eaddr, Q_SRC); 05120 b1 = gen_ahostop(eaddr, Q_DST); 05121 gen_or(b0, b1); 05122 return b1; 05123 } 05124 abort(); 05125 /* NOTREACHED */ 05126 } 05127 05128 /* 05129 * support IEEE 802.1Q VLAN trunk over ethernet 05130 */ 05131 struct block * 05132 gen_vlan(vlan_num) 05133 int vlan_num; 05134 { 05135 struct block *b0; 05136 05137 /* 05138 * Change the offsets to point to the type and data fields within 05139 * the VLAN packet. This is somewhat of a kludge. 05140 */ 05141 if (orig_nl == (u_int)-1) { 05142 orig_linktype = off_linktype; /* save original values */ 05143 orig_nl = off_nl; 05144 orig_nl_nosnap = off_nl_nosnap; 05145 05146 switch (linktype) { 05147 05148 case DLT_EN10MB: 05149 off_linktype = 16; 05150 off_nl_nosnap = 18; 05151 off_nl = 18; 05152 break; 05153 05154 default: 05155 bpf_error("no VLAN support for data link type %d", 05156 linktype); 05157 /*NOTREACHED*/ 05158 } 05159 } 05160 05161 /* check for VLAN */ 05162 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 05163 05164 /* If a specific VLAN is requested, check VLAN id */ 05165 if (vlan_num >= 0) { 05166 struct block *b1; 05167 05168 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 05169 gen_and(b0, b1); 05170 b0 = b1; 05171 } 05172 05173 return (b0); 05174 } 05175 05176 struct block * 05177 gen_atmfield_code(atmfield, jvalue, jtype, reverse) 05178 int atmfield; 05179 bpf_u_int32 jvalue; 05180 bpf_u_int32 jtype; 05181 int reverse; 05182 { 05183 struct block *b0; 05184 05185 switch (atmfield) { 05186 05187 case A_VPI: 05188 if (!is_atm) 05189 bpf_error("'vpi' supported only on raw ATM"); 05190 if (off_vpi == (u_int)-1) 05191 abort(); 05192 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype, 05193 (u_int)jvalue, reverse); 05194 break; 05195 05196 case A_VCI: 05197 if (!is_atm) 05198 bpf_error("'vci' supported only on raw ATM"); 05199 if (off_vci == (u_int)-1) 05200 abort(); 05201 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype, 05202 (u_int)jvalue, reverse); 05203 break; 05204 05205 case A_PROTOTYPE: 05206 if (off_proto == (u_int)-1) 05207 abort(); /* XXX - this isn't on FreeBSD */ 05208 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype, 05209 (u_int)jvalue, reverse); 05210 break; 05211 05212 case A_MSGTYPE: 05213 if (off_payload == (u_int)-1) 05214 abort(); 05215 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff, 05216 (u_int)jtype, (u_int)jvalue, reverse); 05217 break; 05218 05219 case A_CALLREFTYPE: 05220 if (!is_atm) 05221 bpf_error("'callref' supported only on raw ATM"); 05222 if (off_proto == (u_int)-1) 05223 abort(); 05224 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype, 05225 (u_int)jvalue, reverse); 05226 break; 05227 05228 default: 05229 abort(); 05230 } 05231 return b0; 05232 } 05233 05234 struct block * 05235 gen_atmtype_abbrev(type) 05236 int type; 05237 { 05238 struct block *b0, *b1; 05239 05240 switch (type) { 05241 05242 case A_METAC: 05243 /* Get all packets in Meta signalling Circuit */ 05244 if (!is_atm) 05245 bpf_error("'metac' supported only on raw ATM"); 05246 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05247 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0); 05248 gen_and(b0, b1); 05249 break; 05250 05251 case A_BCC: 05252 /* Get all packets in Broadcast Circuit*/ 05253 if (!is_atm) 05254 bpf_error("'bcc' supported only on raw ATM"); 05255 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05256 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0); 05257 gen_and(b0, b1); 05258 break; 05259 05260 case A_OAMF4SC: 05261 /* Get all cells in Segment OAM F4 circuit*/ 05262 if (!is_atm) 05263 bpf_error("'oam4sc' supported only on raw ATM"); 05264 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05265 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 05266 gen_and(b0, b1); 05267 break; 05268 05269 case A_OAMF4EC: 05270 /* Get all cells in End-to-End OAM F4 Circuit*/ 05271 if (!is_atm) 05272 bpf_error("'oam4ec' supported only on raw ATM"); 05273 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05274 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 05275 gen_and(b0, b1); 05276 break; 05277 05278 case A_SC: 05279 /* Get all packets in connection Signalling Circuit */ 05280 if (!is_atm) 05281 bpf_error("'sc' supported only on raw ATM"); 05282 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05283 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0); 05284 gen_and(b0, b1); 05285 break; 05286 05287 case A_ILMIC: 05288 /* Get all packets in ILMI Circuit */ 05289 if (!is_atm) 05290 bpf_error("'ilmic' supported only on raw ATM"); 05291 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05292 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0); 05293 gen_and(b0, b1); 05294 break; 05295 05296 case A_LANE: 05297 /* Get all LANE packets */ 05298 if (!is_atm) 05299 bpf_error("'lane' supported only on raw ATM"); 05300 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 05301 05302 /* 05303 * Arrange that all subsequent tests assume LANE 05304 * rather than LLC-encapsulated packets, and set 05305 * the offsets appropriately for LANE-encapsulated 05306 * Ethernet. 05307 * 05308 * "off_mac" is the offset of the Ethernet header, 05309 * which is 2 bytes past the ATM pseudo-header 05310 * (skipping the pseudo-header and 2-byte LE Client 05311 * field). The other offsets are Ethernet offsets 05312 * relative to "off_mac". 05313 */ 05314 is_lane = 1; 05315 off_mac = off_payload + 2; /* MAC header */ 05316 off_linktype = off_mac + 12; 05317 off_nl = off_mac + 14; /* Ethernet II */ 05318 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */ 05319 break; 05320 05321 case A_LLC: 05322 /* Get all LLC-encapsulated packets */ 05323 if (!is_atm) 05324 bpf_error("'llc' supported only on raw ATM"); 05325 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 05326 is_lane = 0; 05327 break; 05328 05329 default: 05330 abort(); 05331 } 05332 return b1; 05333 } 05334 05335 05336 static struct block * 05337 gen_msg_abbrev(type) 05338 int type; 05339 { 05340 struct block *b1; 05341 05342 /* 05343 * Q.2931 signalling protocol messages for handling virtual circuits 05344 * establishment and teardown 05345 */ 05346 switch (type) { 05347 05348 case A_SETUP: 05349 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0); 05350 break; 05351 05352 case A_CALLPROCEED: 05353 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 05354 break; 05355 05356 case A_CONNECT: 05357 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0); 05358 break; 05359 05360 case A_CONNECTACK: 05361 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 05362 break; 05363 05364 case A_RELEASE: 05365 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0); 05366 break; 05367 05368 case A_RELEASE_DONE: 05369 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 05370 break; 05371 05372 default: 05373 abort(); 05374 } 05375 return b1; 05376 } 05377 05378 struct block * 05379 gen_atmmulti_abbrev(type) 05380 int type; 05381 { 05382 struct block *b0, *b1; 05383 05384 switch (type) { 05385 05386 case A_OAM: 05387 if (!is_atm) 05388 bpf_error("'oam' supported only on raw ATM"); 05389 b1 = gen_atmmulti_abbrev(A_OAMF4); 05390 break; 05391 05392 case A_OAMF4: 05393 if (!is_atm) 05394 bpf_error("'oamf4' supported only on raw ATM"); 05395 /* OAM F4 type */ 05396 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 05397 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 05398 gen_or(b0, b1); 05399 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05400 gen_and(b0, b1); 05401 break; 05402 05403 case A_CONNECTMSG: 05404 /* 05405 * Get Q.2931 signalling messages for switched 05406 * virtual connection 05407 */ 05408 if (!is_atm) 05409 bpf_error("'connectmsg' supported only on raw ATM"); 05410 b0 = gen_msg_abbrev(A_SETUP); 05411 b1 = gen_msg_abbrev(A_CALLPROCEED); 05412 gen_or(b0, b1); 05413 b0 = gen_msg_abbrev(A_CONNECT); 05414 gen_or(b0, b1); 05415 b0 = gen_msg_abbrev(A_CONNECTACK); 05416 gen_or(b0, b1); 05417 b0 = gen_msg_abbrev(A_RELEASE); 05418 gen_or(b0, b1); 05419 b0 = gen_msg_abbrev(A_RELEASE_DONE); 05420 gen_or(b0, b1); 05421 b0 = gen_atmtype_abbrev(A_SC); 05422 gen_and(b0, b1); 05423 break; 05424 05425 case A_METACONNECT: 05426 if (!is_atm) 05427 bpf_error("'metaconnect' supported only on raw ATM"); 05428 b0 = gen_msg_abbrev(A_SETUP); 05429 b1 = gen_msg_abbrev(A_CALLPROCEED); 05430 gen_or(b0, b1); 05431 b0 = gen_msg_abbrev(A_CONNECT); 05432 gen_or(b0, b1); 05433 b0 = gen_msg_abbrev(A_RELEASE); 05434 gen_or(b0, b1); 05435 b0 = gen_msg_abbrev(A_RELEASE_DONE); 05436 gen_or(b0, b1); 05437 b0 = gen_atmtype_abbrev(A_METAC); 05438 gen_and(b0, b1); 05439 break; 05440 05441 default: 05442 abort(); 05443 } 05444 return b1; 05445 }
documentation. Copyright (c) 2002-2003 Politecnico di Torino. All rights reserved.