00001 /*#define CHASE_CHAIN*/ 00002 /* 00003 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 00004 * The Regents of the University of California. All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that: (1) source code distributions 00008 * retain the above copyright notice and this paragraph in its entirety, (2) 00009 * distributions including binary code include the above copyright notice and 00010 * this paragraph in its entirety in the documentation or other materials 00011 * provided with the distribution, and (3) all advertising materials mentioning 00012 * features or use of this software display the following acknowledgement: 00013 * ``This product includes software developed by the University of California, 00014 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 00015 * the University nor the names of its contributors may be used to endorse 00016 * or promote products derived from this software without specific prior 00017 * written permission. 00018 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 00019 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 00020 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 00021 */ 00022 #ifndef lint 00023 static const char rcsid[] = 00024 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.184 2003/01/23 07:24:51 guy Exp $ (LBL)"; 00025 #endif 00026 00027 #ifdef HAVE_CONFIG_H 00028 #include "config.h" 00029 #endif 00030 00031 #ifdef WIN32 00032 #include <pcap-stdinc.h> 00033 #else /* WIN32 */ 00034 #include <sys/types.h> 00035 #include <sys/socket.h> 00036 #include <sys/time.h> 00037 #endif /* WIN32 */ 00038 00039 /* 00040 * XXX - why was this included even on UNIX? 00041 */ 00042 #ifdef __MINGW32__ 00043 #include "IP6_misc.h" 00044 #endif 00045 00046 #ifndef WIN32 00047 00048 #ifdef __NetBSD__ 00049 #include <sys/param.h> 00050 #endif 00051 00052 #include <netinet/in.h> 00053 00054 #endif /* WIN32 */ 00055 00056 #include <stdlib.h> 00057 #include <string.h> 00058 #include <memory.h> 00059 #include <setjmp.h> 00060 #include <stdarg.h> 00061 00062 #include "pcap-int.h" 00063 00064 #include "ethertype.h" 00065 #include "nlpid.h" 00066 #include "llc.h" 00067 #include "gencode.h" 00068 #include "atmuni31.h" 00069 #include "sunatmpos.h" 00070 #include "ppp.h" 00071 #include "sll.h" 00072 #include "arcnet.h" 00073 #ifdef INET6 00074 #ifndef WIN32 00075 #include <netdb.h> /* for "struct addrinfo" */ 00076 #endif /* WIN32 */ 00077 #endif /*INET6*/ 00078 #include <pcap-namedb.h> 00079 00080 #define ETHERMTU 1500 00081 00082 #ifndef IPPROTO_SCTP 00083 #define IPPROTO_SCTP 132 00084 #endif 00085 00086 #ifdef HAVE_OS_PROTO_H 00087 #include "os-proto.h" 00088 #endif 00089 00090 #define JMP(c) ((c)|BPF_JMP|BPF_K) 00091 00092 /* Locals */ 00093 static jmp_buf top_ctx; 00094 static pcap_t *bpf_pcap; 00095 00096 /* Hack for updating VLAN offsets. */ 00097 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 00098 00099 /* XXX */ 00100 #ifdef PCAP_FDDIPAD 00101 int pcap_fddipad = PCAP_FDDIPAD; 00102 #else 00103 int pcap_fddipad; 00104 #endif 00105 00106 /* VARARGS */ 00107 void 00108 bpf_error(const char *fmt, ...) 00109 00110 { 00111 va_list ap; 00112 00113 va_start(ap, fmt); 00114 if (bpf_pcap != NULL) 00115 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 00116 fmt, ap); 00117 va_end(ap); 00118 longjmp(top_ctx, 1); 00119 /* NOTREACHED */ 00120 } 00121 00122 static void init_linktype(int); 00123 00124 static int alloc_reg(void); 00125 static void free_reg(int); 00126 00127 static struct block *root; 00128 00129 /* 00130 * We divy out chunks of memory rather than call malloc each time so 00131 * we don't have to worry about leaking memory. It's probably 00132 * not a big deal if all this memory was wasted but it this ever 00133 * goes into a library that would probably not be a good idea. 00134 */ 00135 #define NCHUNKS 16 00136 #define CHUNK0SIZE 1024 00137 struct chunk { 00138 u_int n_left; 00139 void *m; 00140 }; 00141 00142 static struct chunk chunks[NCHUNKS]; 00143 static int cur_chunk; 00144 00145 static void *newchunk(u_int); 00146 static void freechunks(void); 00147 static inline struct block *new_block(int); 00148 static inline struct slist *new_stmt(int); 00149 static struct block *gen_retblk(int); 00150 static inline void syntax(void); 00151 00152 static void backpatch(struct block *, struct block *); 00153 static void merge(struct block *, struct block *); 00154 static struct block *gen_cmp(u_int, u_int, bpf_int32); 00155 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 00156 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 00157 static struct block *gen_bcmp(u_int, u_int, const u_char *); 00158 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32, 00159 bpf_u_int32, bpf_u_int32, int); 00160 static struct block *gen_uncond(int); 00161 static inline struct block *gen_true(void); 00162 static inline struct block *gen_false(void); 00163 static struct block *gen_ether_linktype(int); 00164 static struct block *gen_linktype(int); 00165 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int); 00166 static struct block *gen_llc(int); 00167 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 00168 #ifdef INET6 00169 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 00170 #endif 00171 static struct block *gen_ahostop(const u_char *, int); 00172 static struct block *gen_ehostop(const u_char *, int); 00173 static struct block *gen_fhostop(const u_char *, int); 00174 static struct block *gen_thostop(const u_char *, int); 00175 static struct block *gen_wlanhostop(const u_char *, int); 00176 static struct block *gen_ipfchostop(const u_char *, int); 00177 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 00178 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 00179 #ifdef INET6 00180 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 00181 #endif 00182 #ifndef INET6 00183 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 00184 #endif 00185 static struct block *gen_ipfrag(void); 00186 static struct block *gen_portatom(int, bpf_int32); 00187 #ifdef INET6 00188 static struct block *gen_portatom6(int, bpf_int32); 00189 #endif 00190 struct block *gen_portop(int, int, int); 00191 static struct block *gen_port(int, int, int); 00192 #ifdef INET6 00193 struct block *gen_portop6(int, int, int); 00194 static struct block *gen_port6(int, int, int); 00195 #endif 00196 static int lookup_proto(const char *, int); 00197 static struct block *gen_protochain(int, int, int); 00198 static struct block *gen_proto(int, int, int); 00199 static struct slist *xfer_to_x(struct arth *); 00200 static struct slist *xfer_to_a(struct arth *); 00201 static struct block *gen_mac_multicast(int); 00202 static struct block *gen_len(int, int); 00203 00204 static struct block *gen_msg_abbrev(int type); 00205 00206 static void * 00207 newchunk(n) 00208 u_int n; 00209 { 00210 struct chunk *cp; 00211 int k, size; 00212 00213 #ifndef __NetBSD__ 00214 /* XXX Round up to nearest long. */ 00215 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 00216 #else 00217 /* XXX Round up to structure boundary. */ 00218 n = ALIGN(n); 00219 #endif 00220 00221 cp = &chunks[cur_chunk]; 00222 if (n > cp->n_left) { 00223 ++cp, k = ++cur_chunk; 00224 if (k >= NCHUNKS) 00225 bpf_error("out of memory"); 00226 size = CHUNK0SIZE << k; 00227 cp->m = (void *)malloc(size); 00228 memset((char *)cp->m, 0, size); 00229 cp->n_left = size; 00230 if (n > size) 00231 bpf_error("out of memory"); 00232 } 00233 cp->n_left -= n; 00234 return (void *)((char *)cp->m + cp->n_left); 00235 } 00236 00237 static void 00238 freechunks() 00239 { 00240 int i; 00241 00242 cur_chunk = 0; 00243 for (i = 0; i < NCHUNKS; ++i) 00244 if (chunks[i].m != NULL) { 00245 free(chunks[i].m); 00246 chunks[i].m = NULL; 00247 } 00248 } 00249 00250 /* 00251 * A strdup whose allocations are freed after code generation is over. 00252 */ 00253 char * 00254 sdup(s) 00255 register const char *s; 00256 { 00257 int n = strlen(s) + 1; 00258 char *cp = newchunk(n); 00259 00260 strlcpy(cp, s, n); 00261 return (cp); 00262 } 00263 00264 static inline struct block * 00265 new_block(code) 00266 int code; 00267 { 00268 struct block *p; 00269 00270 p = (struct block *)newchunk(sizeof(*p)); 00271 p->s.code = code; 00272 p->head = p; 00273 00274 return p; 00275 } 00276 00277 static inline struct slist * 00278 new_stmt(code) 00279 int code; 00280 { 00281 struct slist *p; 00282 00283 p = (struct slist *)newchunk(sizeof(*p)); 00284 p->s.code = code; 00285 00286 return p; 00287 } 00288 00289 static struct block * 00290 gen_retblk(v) 00291 int v; 00292 { 00293 struct block *b = new_block(BPF_RET|BPF_K); 00294 00295 b->s.k = v; 00296 return b; 00297 } 00298 00299 static inline void 00300 syntax() 00301 { 00302 bpf_error("syntax error in filter expression"); 00303 } 00304 00305 static bpf_u_int32 netmask; 00306 static int snaplen; 00307 int no_optimize; 00308 00309 int 00310 pcap_compile(pcap_t *p, struct bpf_program *program, 00311 char *buf, int optimize, bpf_u_int32 mask) 00312 { 00313 extern int n_errors; 00314 int len; 00315 00316 no_optimize = 0; 00317 n_errors = 0; 00318 root = NULL; 00319 bpf_pcap = p; 00320 if (setjmp(top_ctx)) { 00321 lex_cleanup(); 00322 freechunks(); 00323 return (-1); 00324 } 00325 00326 netmask = mask; 00327 00328 snaplen = pcap_snapshot(p); 00329 if (snaplen == 0) { 00330 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 00331 "snaplen of 0 rejects all packets"); 00332 return -1; 00333 } 00334 00335 lex_init(buf ? buf : ""); 00336 init_linktype(pcap_datalink(p)); 00337 (void)pcap_parse(); 00338 00339 if (n_errors) 00340 syntax(); 00341 00342 if (root == NULL) 00343 root = gen_retblk(snaplen); 00344 00345 if (optimize && !no_optimize) { 00346 bpf_optimize(&root); 00347 if (root == NULL || 00348 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 00349 bpf_error("expression rejects all packets"); 00350 } 00351 program->bf_insns = icode_to_fcode(root, &len); 00352 program->bf_len = len; 00353 00354 lex_cleanup(); 00355 freechunks(); 00356 return (0); 00357 } 00358 00359 /* 00360 * entry point for using the compiler with no pcap open 00361 * pass in all the stuff that is needed explicitly instead. 00362 */ 00363 int 00364 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 00365 struct bpf_program *program, 00366 char *buf, int optimize, bpf_u_int32 mask) 00367 { 00368 pcap_t *p; 00369 int ret; 00370 00371 p = pcap_open_dead(linktype_arg, snaplen_arg); 00372 if (p == NULL) 00373 return (-1); 00374 ret = pcap_compile(p, program, buf, optimize, mask); 00375 pcap_close(p); 00376 return (ret); 00377 } 00378 00379 /* 00380 * Clean up a "struct bpf_program" by freeing all the memory allocated 00381 * in it. 00382 */ 00383 void 00384 pcap_freecode(struct bpf_program *program) 00385 { 00386 program->bf_len = 0; 00387 if (program->bf_insns != NULL) { 00388 free((char *)program->bf_insns); 00389 program->bf_insns = NULL; 00390 } 00391 } 00392 00393 /* 00394 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 00395 * which of the jt and jf fields has been resolved and which is a pointer 00396 * back to another unresolved block (or nil). At least one of the fields 00397 * in each block is already resolved. 00398 */ 00399 static void 00400 backpatch(list, target) 00401 struct block *list, *target; 00402 { 00403 struct block *next; 00404 00405 while (list) { 00406 if (!list->sense) { 00407 next = JT(list); 00408 JT(list) = target; 00409 } else { 00410 next = JF(list); 00411 JF(list) = target; 00412 } 00413 list = next; 00414 } 00415 } 00416 00417 /* 00418 * Merge the lists in b0 and b1, using the 'sense' field to indicate 00419 * which of jt and jf is the link. 00420 */ 00421 static void 00422 merge(b0, b1) 00423 struct block *b0, *b1; 00424 { 00425 register struct block **p = &b0; 00426 00427 /* Find end of list. */ 00428 while (*p) 00429 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 00430 00431 /* Concatenate the lists. */ 00432 *p = b1; 00433 } 00434 00435 void 00436 finish_parse(p) 00437 struct block *p; 00438 { 00439 backpatch(p, gen_retblk(snaplen)); 00440 p->sense = !p->sense; 00441 backpatch(p, gen_retblk(0)); 00442 root = p->head; 00443 } 00444 00445 void 00446 gen_and(b0, b1) 00447 struct block *b0, *b1; 00448 { 00449 backpatch(b0, b1->head); 00450 b0->sense = !b0->sense; 00451 b1->sense = !b1->sense; 00452 merge(b1, b0); 00453 b1->sense = !b1->sense; 00454 b1->head = b0->head; 00455 } 00456 00457 void 00458 gen_or(b0, b1) 00459 struct block *b0, *b1; 00460 { 00461 b0->sense = !b0->sense; 00462 backpatch(b0, b1->head); 00463 b0->sense = !b0->sense; 00464 merge(b1, b0); 00465 b1->head = b0->head; 00466 } 00467 00468 void 00469 gen_not(b) 00470 struct block *b; 00471 { 00472 b->sense = !b->sense; 00473 } 00474 00475 static struct block * 00476 gen_cmp(offset, size, v) 00477 u_int offset, size; 00478 bpf_int32 v; 00479 { 00480 struct slist *s; 00481 struct block *b; 00482 00483 s = new_stmt(BPF_LD|BPF_ABS|size); 00484 s->s.k = offset; 00485 00486 b = new_block(JMP(BPF_JEQ)); 00487 b->stmts = s; 00488 b->s.k = v; 00489 00490 return b; 00491 } 00492 00493 static struct block * 00494 gen_cmp_gt(offset, size, v) 00495 u_int offset, size; 00496 bpf_int32 v; 00497 { 00498 struct slist *s; 00499 struct block *b; 00500 00501 s = new_stmt(BPF_LD|BPF_ABS|size); 00502 s->s.k = offset; 00503 00504 b = new_block(JMP(BPF_JGT)); 00505 b->stmts = s; 00506 b->s.k = v; 00507 00508 return b; 00509 } 00510 00511 static struct block * 00512 gen_mcmp(offset, size, v, mask) 00513 u_int offset, size; 00514 bpf_int32 v; 00515 bpf_u_int32 mask; 00516 { 00517 struct block *b = gen_cmp(offset, size, v); 00518 struct slist *s; 00519 00520 if (mask != 0xffffffff) { 00521 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 00522 s->s.k = mask; 00523 b->stmts->next = s; 00524 } 00525 return b; 00526 } 00527 00528 static struct block * 00529 gen_bcmp(offset, size, v) 00530 register u_int offset, size; 00531 register const u_char *v; 00532 { 00533 register struct block *b, *tmp; 00534 00535 b = NULL; 00536 while (size >= 4) { 00537 register const u_char *p = &v[size - 4]; 00538 bpf_int32 w = ((bpf_int32)p[0] << 24) | 00539 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 00540 00541 tmp = gen_cmp(offset + size - 4, BPF_W, w); 00542 if (b != NULL) 00543 gen_and(b, tmp); 00544 b = tmp; 00545 size -= 4; 00546 } 00547 while (size >= 2) { 00548 register const u_char *p = &v[size - 2]; 00549 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 00550 00551 tmp = gen_cmp(offset + size - 2, BPF_H, w); 00552 if (b != NULL) 00553 gen_and(b, tmp); 00554 b = tmp; 00555 size -= 2; 00556 } 00557 if (size > 0) { 00558 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 00559 if (b != NULL) 00560 gen_and(b, tmp); 00561 b = tmp; 00562 } 00563 return b; 00564 } 00565 00566 static struct block * 00567 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse) 00568 bpf_u_int32 datasize, offset, mask, jtype, jvalue; 00569 int reverse; 00570 { 00571 struct slist *s; 00572 struct block *b; 00573 00574 s = new_stmt(BPF_LD|datasize|BPF_ABS); 00575 s->s.k = offset; 00576 00577 if (mask != 0xffffffff) { 00578 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K); 00579 s->next->s.k = mask; 00580 } 00581 00582 b = new_block(JMP(jtype)); 00583 b->stmts = s; 00584 b->s.k = jvalue; 00585 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE)) 00586 gen_not(b); 00587 return b; 00588 } 00589 00590 /* 00591 * Various code constructs need to know the layout of the data link 00592 * layer. These variables give the necessary offsets. 00593 */ 00594 00595 /* 00596 * This is the offset of the beginning of the MAC-layer header. 00597 * It's usually 0, except for ATM LANE. 00598 */ 00599 static u_int off_mac; 00600 00601 /* 00602 * "off_linktype" is the offset to information in the link-layer header 00603 * giving the packet type. 00604 * 00605 * For Ethernet, it's the offset of the Ethernet type field. 00606 * 00607 * For link-layer types that always use 802.2 headers, it's the 00608 * offset of the LLC header. 00609 * 00610 * For PPP, it's the offset of the PPP type field. 00611 * 00612 * For Cisco HDLC, it's the offset of the CHDLC type field. 00613 * 00614 * For BSD loopback, it's the offset of the AF_ value. 00615 * 00616 * For Linux cooked sockets, it's the offset of the type field. 00617 * 00618 * It's set to -1 for no encapsulation, in which case, IP is assumed. 00619 */ 00620 static u_int off_linktype; 00621 00622 /* 00623 * TRUE if the link layer includes an ATM pseudo-header. 00624 */ 00625 static int is_atm = 0; 00626 00627 /* 00628 * TRUE if "lane" appeared in the filter; it causes us to generate 00629 * code that assumes LANE rather than LLC-encapsulated traffic in SunATM. 00630 */ 00631 static int is_lane = 0; 00632 00633 /* 00634 * These are offsets for the ATM pseudo-header. 00635 */ 00636 static u_int off_vpi; 00637 static u_int off_vci; 00638 static u_int off_proto; 00639 00640 /* 00641 * This is the offset of the first byte after the ATM pseudo_header, 00642 * or -1 if there is no ATM pseudo-header. 00643 */ 00644 static u_int off_payload; 00645 00646 /* 00647 * These are offsets to the beginning of the network-layer header. 00648 * 00649 * If the link layer never uses 802.2 LLC: 00650 * 00651 * "off_nl" and "off_nl_nosnap" are the same. 00652 * 00653 * If the link layer always uses 802.2 LLC: 00654 * 00655 * "off_nl" is the offset if there's a SNAP header following 00656 * the 802.2 header; 00657 * 00658 * "off_nl_nosnap" is the offset if there's no SNAP header. 00659 * 00660 * If the link layer is Ethernet: 00661 * 00662 * "off_nl" is the offset if the packet is an Ethernet II packet 00663 * (we assume no 802.3+802.2+SNAP); 00664 * 00665 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 00666 * with an 802.2 header following it. 00667 */ 00668 static u_int off_nl; 00669 static u_int off_nl_nosnap; 00670 00671 static int linktype; 00672 00673 static void 00674 init_linktype(type) 00675 int type; 00676 { 00677 linktype = type; 00678 00679 /* 00680 * Assume it's not raw ATM with a pseudo-header, for now. 00681 */ 00682 off_mac = 0; 00683 is_atm = 0; 00684 is_lane = 0; 00685 off_vpi = -1; 00686 off_vci = -1; 00687 off_proto = -1; 00688 off_payload = -1; 00689 00690 orig_linktype = -1; 00691 orig_nl = -1; 00692 orig_nl_nosnap = -1; 00693 00694 switch (type) { 00695 00696 case DLT_ARCNET: 00697 off_linktype = 2; 00698 off_nl = 6; /* XXX in reality, variable! */ 00699 off_nl_nosnap = 6; /* no 802.2 LLC */ 00700 return; 00701 00702 case DLT_ARCNET_LINUX: 00703 off_linktype = 4; 00704 off_nl = 8; /* XXX in reality, variable! */ 00705 off_nl_nosnap = 8; /* no 802.2 LLC */ 00706 return; 00707 00708 case DLT_EN10MB: 00709 off_linktype = 12; 00710 off_nl = 14; /* Ethernet II */ 00711 off_nl_nosnap = 17; /* 802.3+802.2 */ 00712 return; 00713 00714 case DLT_SLIP: 00715 /* 00716 * SLIP doesn't have a link level type. The 16 byte 00717 * header is hacked into our SLIP driver. 00718 */ 00719 off_linktype = -1; 00720 off_nl = 16; 00721 off_nl_nosnap = 16; /* no 802.2 LLC */ 00722 return; 00723 00724 case DLT_SLIP_BSDOS: 00725 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 00726 off_linktype = -1; 00727 /* XXX end */ 00728 off_nl = 24; 00729 off_nl_nosnap = 24; /* no 802.2 LLC */ 00730 return; 00731 00732 case DLT_NULL: 00733 case DLT_LOOP: 00734 off_linktype = 0; 00735 off_nl = 4; 00736 off_nl_nosnap = 4; /* no 802.2 LLC */ 00737 return; 00738 00739 case DLT_PPP: 00740 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 00741 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 00742 off_linktype = 2; 00743 off_nl = 4; 00744 off_nl_nosnap = 4; /* no 802.2 LLC */ 00745 return; 00746 00747 case DLT_PPP_ETHER: 00748 /* 00749 * This does no include the Ethernet header, and 00750 * only covers session state. 00751 */ 00752 off_linktype = 6; 00753 off_nl = 8; 00754 off_nl_nosnap = 8; /* no 802.2 LLC */ 00755 return; 00756 00757 case DLT_PPP_BSDOS: 00758 off_linktype = 5; 00759 off_nl = 24; 00760 off_nl_nosnap = 24; /* no 802.2 LLC */ 00761 return; 00762 00763 case DLT_FDDI: 00764 /* 00765 * FDDI doesn't really have a link-level type field. 00766 * We set "off_linktype" to the offset of the LLC header. 00767 * 00768 * To check for Ethernet types, we assume that SSAP = SNAP 00769 * is being used and pick out the encapsulated Ethernet type. 00770 * XXX - should we generate code to check for SNAP? 00771 */ 00772 off_linktype = 13; 00773 #ifdef PCAP_FDDIPAD 00774 off_linktype += pcap_fddipad; 00775 #endif 00776 off_nl = 21; /* FDDI+802.2+SNAP */ 00777 off_nl_nosnap = 16; /* FDDI+802.2 */ 00778 #ifdef PCAP_FDDIPAD 00779 off_nl += pcap_fddipad; 00780 off_nl_nosnap += pcap_fddipad; 00781 #endif 00782 return; 00783 00784 case DLT_IEEE802: 00785 /* 00786 * Token Ring doesn't really have a link-level type field. 00787 * We set "off_linktype" to the offset of the LLC header. 00788 * 00789 * To check for Ethernet types, we assume that SSAP = SNAP 00790 * is being used and pick out the encapsulated Ethernet type. 00791 * XXX - should we generate code to check for SNAP? 00792 * 00793 * XXX - the header is actually variable-length. 00794 * Some various Linux patched versions gave 38 00795 * as "off_linktype" and 40 as "off_nl"; however, 00796 * if a token ring packet has *no* routing 00797 * information, i.e. is not source-routed, the correct 00798 * values are 20 and 22, as they are in the vanilla code. 00799 * 00800 * A packet is source-routed iff the uppermost bit 00801 * of the first byte of the source address, at an 00802 * offset of 8, has the uppermost bit set. If the 00803 * packet is source-routed, the total number of bytes 00804 * of routing information is 2 plus bits 0x1F00 of 00805 * the 16-bit value at an offset of 14 (shifted right 00806 * 8 - figure out which byte that is). 00807 */ 00808 off_linktype = 14; 00809 off_nl = 22; /* Token Ring+802.2+SNAP */ 00810 off_nl_nosnap = 17; /* Token Ring+802.2 */ 00811 return; 00812 00813 case DLT_IEEE802_11: 00814 /* 00815 * 802.11 doesn't really have a link-level type field. 00816 * We set "off_linktype" to the offset of the LLC header. 00817 * 00818 * To check for Ethernet types, we assume that SSAP = SNAP 00819 * is being used and pick out the encapsulated Ethernet type. 00820 * XXX - should we generate code to check for SNAP? 00821 * 00822 * XXX - the header is actually variable-length. We 00823 * assume a 24-byte link-layer header, as appears in 00824 * data frames in networks with no bridges. 00825 */ 00826 off_linktype = 24; 00827 off_nl = 32; /* 802.11+802.2+SNAP */ 00828 off_nl_nosnap = 27; /* 802.11+802.2 */ 00829 return; 00830 00831 case DLT_PRISM_HEADER: 00832 /* 00833 * Same as 802.11, but with an additional header before 00834 * the 802.11 header, containing a bunch of additional 00835 * information including radio-level information. 00836 * 00837 * The header is 144 bytes long. 00838 * 00839 * XXX - same variable-length header problem; at least 00840 * the Prism header is fixed-length. 00841 */ 00842 off_linktype = 144+24; 00843 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */ 00844 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */ 00845 return; 00846 00847 case DLT_IEEE802_11_RADIO: 00848 /* 00849 * Same as 802.11, but with an additional header before 00850 * the 802.11 header, containing a bunch of additional 00851 * information including radio-level information. 00852 * 00853 * The header is 64 bytes long. 00854 * 00855 * XXX - same variable-length header problem, only 00856 * more so; this header is also variable-length, 00857 * with the length being the 32-bit big-endian 00858 * number at an offset of 4 from the beginning 00859 * of the radio header. 00860 */ 00861 off_linktype = 64+24; 00862 off_nl = 64+32; /* Radio+802.11+802.2+SNAP */ 00863 off_nl_nosnap = 64+27; /* Radio+802.11+802.2 */ 00864 return; 00865 00866 case DLT_ATM_RFC1483: 00867 off_linktype = 0; 00868 off_nl = 4; /* FIXME SNAP */ 00869 return; 00870 00871 case DLT_ATM_CLIP: /* Linux ATM defines this */ 00872 /* 00873 * assume routed, non-ISO PDUs 00874 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 00875 */ 00876 off_linktype = 0; 00877 off_nl = 8; /* 802.2+SNAP */ 00878 off_nl_nosnap = 3; /* 802.2 */ 00879 return; 00880 00881 case DLT_SUNATM: 00882 /* 00883 * Full Frontal ATM; you get AALn PDUs with an ATM 00884 * pseudo-header. 00885 */ 00886 is_atm = 1; 00887 off_vpi = SUNATM_VPI_POS; 00888 off_vci = SUNATM_VCI_POS; 00889 off_proto = PROTO_POS; 00890 off_mac = -1; /* LLC-encapsulated, so no MAC-layer header */ 00891 off_payload = SUNATM_PKT_BEGIN_POS; 00892 off_linktype = off_payload; 00893 off_nl = off_payload+8; /* 802.2+SNAP */ 00894 off_nl_nosnap = off_payload+3; /* 802.2 */ 00895 return; 00896 00897 case DLT_RAW: 00898 off_linktype = -1; 00899 off_nl = 0; 00900 off_nl_nosnap = 0; /* no 802.2 LLC */ 00901 return; 00902 00903 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 00904 off_linktype = 14; 00905 off_nl = 16; 00906 off_nl_nosnap = 16; /* no 802.2 LLC */ 00907 return; 00908 00909 case DLT_LTALK: 00910 /* 00911 * LocalTalk does have a 1-byte type field in the LLAP header, 00912 * but really it just indicates whether there is a "short" or 00913 * "long" DDP packet following. 00914 */ 00915 off_linktype = -1; 00916 off_nl = 0; 00917 off_nl_nosnap = 0; /* no 802.2 LLC */ 00918 return; 00919 00920 case DLT_IP_OVER_FC: 00921 /* 00922 * RFC 2625 IP-over-Fibre-Channel doesn't really have a 00923 * link-level type field. We set "off_linktype" to the 00924 * offset of the LLC header. 00925 * 00926 * To check for Ethernet types, we assume that SSAP = SNAP 00927 * is being used and pick out the encapsulated Ethernet type. 00928 * XXX - should we generate code to check for SNAP? RFC 00929 * 2625 says SNAP should be used. 00930 */ 00931 off_linktype = 16; 00932 off_nl = 24; /* IPFC+802.2+SNAP */ 00933 off_nl_nosnap = 19; /* IPFC+802.2 */ 00934 return; 00935 00936 case DLT_FRELAY: 00937 /* 00938 * XXX - we should set this to handle SNAP-encapsulated 00939 * frames (NLPID of 0x80). 00940 */ 00941 off_linktype = -1; 00942 off_nl = 0; 00943 off_nl_nosnap = 0; /* no 802.2 LLC */ 00944 return; 00945 } 00946 bpf_error("unknown data link type %d", linktype); 00947 /* NOTREACHED */ 00948 } 00949 00950 static struct block * 00951 gen_uncond(rsense) 00952 int rsense; 00953 { 00954 struct block *b; 00955 struct slist *s; 00956 00957 s = new_stmt(BPF_LD|BPF_IMM); 00958 s->s.k = !rsense; 00959 b = new_block(JMP(BPF_JEQ)); 00960 b->stmts = s; 00961 00962 return b; 00963 } 00964 00965 static inline struct block * 00966 gen_true() 00967 { 00968 return gen_uncond(1); 00969 } 00970 00971 static inline struct block * 00972 gen_false() 00973 { 00974 return gen_uncond(0); 00975 } 00976 00977 /* 00978 * Byte-swap a 32-bit number. 00979 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 00980 * big-endian platforms.) 00981 */ 00982 #define SWAPLONG(y) \ 00983 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 00984 00985 static struct block * 00986 gen_ether_linktype(proto) 00987 register int proto; 00988 { 00989 struct block *b0, *b1; 00990 00991 switch (proto) { 00992 00993 case LLCSAP_ISONS: 00994 /* 00995 * OSI protocols always use 802.2 encapsulation. 00996 */ 00997 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 00998 gen_not(b0); 00999 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01000 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01001 gen_and(b0, b1); 01002 return b1; 01003 01004 case LLCSAP_IP: 01005 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01006 gen_not(b0); 01007 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01008 ((LLCSAP_IP << 8) | LLCSAP_IP)); 01009 gen_and(b0, b1); 01010 return b1; 01011 01012 case LLCSAP_NETBEUI: 01013 /* 01014 * NetBEUI always uses 802.2 encapsulation. 01015 */ 01016 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01017 gen_not(b0); 01018 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01019 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01020 gen_and(b0, b1); 01021 return b1; 01022 01023 case LLCSAP_IPX: 01024 /* 01025 * Check for; 01026 * 01027 * Ethernet_II frames, which are Ethernet 01028 * frames with a frame type of ETHERTYPE_IPX; 01029 * 01030 * Ethernet_802.3 frames, which are 802.3 01031 * frames (i.e., the type/length field is 01032 * a length field, <= ETHERMTU, rather than 01033 * a type field) with the first two bytes 01034 * after the Ethernet/802.3 header being 01035 * 0xFFFF; 01036 * 01037 * Ethernet_802.2 frames, which are 802.3 01038 * frames with an 802.2 LLC header and 01039 * with the IPX LSAP as the DSAP in the LLC 01040 * header; 01041 * 01042 * Ethernet_SNAP frames, which are 802.3 01043 * frames with an LLC header and a SNAP 01044 * header and with an OUI of 0x000000 01045 * (encapsulated Ethernet) and a protocol 01046 * ID of ETHERTYPE_IPX in the SNAP header. 01047 * 01048 * XXX - should we generate the same code both 01049 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 01050 */ 01051 01052 /* 01053 * This generates code to check both for the 01054 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 01055 */ 01056 b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX); 01057 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF); 01058 gen_or(b0, b1); 01059 01060 /* 01061 * Now we add code to check for SNAP frames with 01062 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 01063 */ 01064 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 01065 gen_or(b0, b1); 01066 01067 /* 01068 * Now we generate code to check for 802.3 01069 * frames in general. 01070 */ 01071 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01072 gen_not(b0); 01073 01074 /* 01075 * Now add the check for 802.3 frames before the 01076 * check for Ethernet_802.2 and Ethernet_802.3, 01077 * as those checks should only be done on 802.3 01078 * frames, not on Ethernet frames. 01079 */ 01080 gen_and(b0, b1); 01081 01082 /* 01083 * Now add the check for Ethernet_II frames, and 01084 * do that before checking for the other frame 01085 * types. 01086 */ 01087 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX); 01088 gen_or(b0, b1); 01089 return b1; 01090 01091 case ETHERTYPE_ATALK: 01092 case ETHERTYPE_AARP: 01093 /* 01094 * EtherTalk (AppleTalk protocols on Ethernet link 01095 * layer) may use 802.2 encapsulation. 01096 */ 01097 01098 /* 01099 * Check for 802.2 encapsulation (EtherTalk phase 2?); 01100 * we check for an Ethernet type field less than 01101 * 1500, which means it's an 802.3 length field. 01102 */ 01103 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01104 gen_not(b0); 01105 01106 /* 01107 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01108 * SNAP packets with an organization code of 01109 * 0x080007 (Apple, for Appletalk) and a protocol 01110 * type of ETHERTYPE_ATALK (Appletalk). 01111 * 01112 * 802.2-encapsulated ETHERTYPE_AARP packets are 01113 * SNAP packets with an organization code of 01114 * 0x000000 (encapsulated Ethernet) and a protocol 01115 * type of ETHERTYPE_AARP (Appletalk ARP). 01116 */ 01117 if (proto == ETHERTYPE_ATALK) 01118 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 01119 else /* proto == ETHERTYPE_AARP */ 01120 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 01121 gen_and(b0, b1); 01122 01123 /* 01124 * Check for Ethernet encapsulation (Ethertalk 01125 * phase 1?); we just check for the Ethernet 01126 * protocol type. 01127 */ 01128 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01129 01130 gen_or(b0, b1); 01131 return b1; 01132 01133 default: 01134 if (proto <= ETHERMTU) { 01135 /* 01136 * This is an LLC SAP value, so the frames 01137 * that match would be 802.2 frames. 01138 * Check that the frame is an 802.2 frame 01139 * (i.e., that the length/type field is 01140 * a length field, <= ETHERMTU) and 01141 * then check the DSAP. 01142 */ 01143 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01144 gen_not(b0); 01145 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 01146 gen_and(b0, b1); 01147 return b1; 01148 } else { 01149 /* 01150 * This is an Ethernet type, so compare 01151 * the length/type field with it (if 01152 * the frame is an 802.2 frame, the length 01153 * field will be <= ETHERMTU, and, as 01154 * "proto" is > ETHERMTU, this test 01155 * will fail and the frame won't match, 01156 * which is what we want). 01157 */ 01158 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01159 } 01160 } 01161 } 01162 01163 static struct block * 01164 gen_linktype(proto) 01165 register int proto; 01166 { 01167 struct block *b0, *b1, *b2; 01168 01169 switch (linktype) { 01170 01171 case DLT_EN10MB: 01172 return gen_ether_linktype(proto); 01173 break; 01174 01175 case DLT_C_HDLC: 01176 switch (proto) { 01177 01178 case LLCSAP_ISONS: 01179 proto = (proto << 8 | LLCSAP_ISONS); 01180 /* fall through */ 01181 01182 default: 01183 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01184 break; 01185 } 01186 break; 01187 01188 case DLT_IEEE802_11: 01189 case DLT_PRISM_HEADER: 01190 case DLT_IEEE802_11_RADIO: 01191 case DLT_FDDI: 01192 case DLT_IEEE802: 01193 case DLT_ATM_RFC1483: 01194 case DLT_ATM_CLIP: 01195 case DLT_IP_OVER_FC: 01196 return gen_llc(proto); 01197 break; 01198 01199 case DLT_SUNATM: 01200 /* 01201 * If "is_lane" is set, check for a LANE-encapsulated 01202 * version of this protocol, otherwise check for an 01203 * LLC-encapsulated version of this protocol. 01204 * 01205 * We assume LANE means Ethernet, not Token Ring. 01206 */ 01207 if (is_lane) { 01208 /* 01209 * Check that the packet doesn't begin with an 01210 * LE Control marker. (We've already generated 01211 * a test for LANE.) 01212 */ 01213 b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 01214 gen_not(b0); 01215 01216 /* 01217 * Now generate an Ethernet test. 01218 */ 01219 b1 = gen_ether_linktype(proto); 01220 gen_and(b0, b1); 01221 return b1; 01222 } else { 01223 /* 01224 * Check for LLC encapsulation and then check the 01225 * protocol. 01226 */ 01227 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 01228 b1 = gen_llc(proto); 01229 gen_and(b0, b1); 01230 return b1; 01231 } 01232 01233 case DLT_LINUX_SLL: 01234 switch (proto) { 01235 01236 case LLCSAP_IP: 01237 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01238 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01239 ((LLCSAP_IP << 8) | LLCSAP_IP)); 01240 gen_and(b0, b1); 01241 return b1; 01242 01243 case LLCSAP_ISONS: 01244 /* 01245 * OSI protocols always use 802.2 encapsulation. 01246 */ 01247 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01248 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01249 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01250 gen_and(b0, b1); 01251 return b1; 01252 01253 case LLCSAP_NETBEUI: 01254 /* 01255 * NetBEUI always uses 802.2 encapsulation. 01256 * XXX - should we check both the DSAP and the 01257 * LSAP, like this, or should we check just the 01258 * DSAP? 01259 */ 01260 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01261 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01262 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01263 gen_and(b0, b1); 01264 return b1; 01265 01266 case LLCSAP_IPX: 01267 /* 01268 * Ethernet_II frames, which are Ethernet 01269 * frames with a frame type of ETHERTYPE_IPX; 01270 * 01271 * Ethernet_802.3 frames, which have a frame 01272 * type of LINUX_SLL_P_802_3; 01273 * 01274 * Ethernet_802.2 frames, which are 802.3 01275 * frames with an 802.2 LLC header (i.e, have 01276 * a frame type of LINUX_SLL_P_802_2) and 01277 * with the IPX LSAP as the DSAP in the LLC 01278 * header; 01279 * 01280 * Ethernet_SNAP frames, which are 802.3 01281 * frames with an LLC header and a SNAP 01282 * header and with an OUI of 0x000000 01283 * (encapsulated Ethernet) and a protocol 01284 * ID of ETHERTYPE_IPX in the SNAP header. 01285 * 01286 * First, do the checks on LINUX_SLL_P_802_2 01287 * frames; generate the check for either 01288 * Ethernet_802.2 or Ethernet_SNAP frames, and 01289 * then put a check for LINUX_SLL_P_802_2 frames 01290 * before it. 01291 */ 01292 b0 = gen_cmp(off_linktype + 2, BPF_B, 01293 (bpf_int32)LLCSAP_IPX); 01294 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 01295 off_linktype + 2); 01296 gen_or(b0, b1); 01297 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01298 gen_and(b0, b1); 01299 01300 /* 01301 * Now check for 802.3 frames and OR that with 01302 * the previous test. 01303 */ 01304 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3); 01305 gen_or(b0, b1); 01306 01307 /* 01308 * Now add the check for Ethernet_II frames, and 01309 * do that before checking for the other frame 01310 * types. 01311 */ 01312 b0 = gen_cmp(off_linktype, BPF_H, 01313 (bpf_int32)ETHERTYPE_IPX); 01314 gen_or(b0, b1); 01315 return b1; 01316 01317 case ETHERTYPE_ATALK: 01318 case ETHERTYPE_AARP: 01319 /* 01320 * EtherTalk (AppleTalk protocols on Ethernet link 01321 * layer) may use 802.2 encapsulation. 01322 */ 01323 01324 /* 01325 * Check for 802.2 encapsulation (EtherTalk phase 2?); 01326 * we check for the 802.2 protocol type in the 01327 * "Ethernet type" field. 01328 */ 01329 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01330 01331 /* 01332 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01333 * SNAP packets with an organization code of 01334 * 0x080007 (Apple, for Appletalk) and a protocol 01335 * type of ETHERTYPE_ATALK (Appletalk). 01336 * 01337 * 802.2-encapsulated ETHERTYPE_AARP packets are 01338 * SNAP packets with an organization code of 01339 * 0x000000 (encapsulated Ethernet) and a protocol 01340 * type of ETHERTYPE_AARP (Appletalk ARP). 01341 */ 01342 if (proto == ETHERTYPE_ATALK) 01343 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 01344 off_linktype + 2); 01345 else /* proto == ETHERTYPE_AARP */ 01346 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 01347 off_linktype + 2); 01348 gen_and(b0, b1); 01349 01350 /* 01351 * Check for Ethernet encapsulation (Ethertalk 01352 * phase 1?); we just check for the Ethernet 01353 * protocol type. 01354 */ 01355 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01356 01357 gen_or(b0, b1); 01358 return b1; 01359 01360 default: 01361 if (proto <= ETHERMTU) { 01362 /* 01363 * This is an LLC SAP value, so the frames 01364 * that match would be 802.2 frames. 01365 * Check for the 802.2 protocol type 01366 * in the "Ethernet type" field, and 01367 * then check the DSAP. 01368 */ 01369 b0 = gen_cmp(off_linktype, BPF_H, 01370 LINUX_SLL_P_802_2); 01371 b1 = gen_cmp(off_linktype + 2, BPF_B, 01372 (bpf_int32)proto); 01373 gen_and(b0, b1); 01374 return b1; 01375 } else { 01376 /* 01377 * This is an Ethernet type, so compare 01378 * the length/type field with it (if 01379 * the frame is an 802.2 frame, the length 01380 * field will be <= ETHERMTU, and, as 01381 * "proto" is > ETHERMTU, this test 01382 * will fail and the frame won't match, 01383 * which is what we want). 01384 */ 01385 return gen_cmp(off_linktype, BPF_H, 01386 (bpf_int32)proto); 01387 } 01388 } 01389 break; 01390 01391 case DLT_SLIP: 01392 case DLT_SLIP_BSDOS: 01393 case DLT_RAW: 01394 /* 01395 * These types don't provide any type field; packets 01396 * are always IP. 01397 * 01398 * XXX - for IPv4, check for a version number of 4, and, 01399 * for IPv6, check for a version number of 6? 01400 */ 01401 switch (proto) { 01402 01403 case ETHERTYPE_IP: 01404 #ifdef INET6 01405 case ETHERTYPE_IPV6: 01406 #endif 01407 return gen_true(); /* always true */ 01408 01409 default: 01410 return gen_false(); /* always false */ 01411 } 01412 break; 01413 01414 case DLT_PPP: 01415 case DLT_PPP_SERIAL: 01416 case DLT_PPP_ETHER: 01417 /* 01418 * We use Ethernet protocol types inside libpcap; 01419 * map them to the corresponding PPP protocol types. 01420 */ 01421 switch (proto) { 01422 01423 case ETHERTYPE_IP: 01424 proto = PPP_IP; 01425 break; 01426 01427 #ifdef INET6 01428 case ETHERTYPE_IPV6: 01429 proto = PPP_IPV6; 01430 break; 01431 #endif 01432 01433 case ETHERTYPE_DN: 01434 proto = PPP_DECNET; 01435 break; 01436 01437 case ETHERTYPE_ATALK: 01438 proto = PPP_APPLE; 01439 break; 01440 01441 case ETHERTYPE_NS: 01442 proto = PPP_NS; 01443 break; 01444 01445 case LLCSAP_ISONS: 01446 proto = PPP_OSI; 01447 break; 01448 01449 case LLCSAP_8021D: 01450 /* 01451 * I'm assuming the "Bridging PDU"s that go 01452 * over PPP are Spanning Tree Protocol 01453 * Bridging PDUs. 01454 */ 01455 proto = PPP_BRPDU; 01456 break; 01457 01458 case LLCSAP_IPX: 01459 proto = PPP_IPX; 01460 break; 01461 } 01462 break; 01463 01464 case DLT_PPP_BSDOS: 01465 /* 01466 * We use Ethernet protocol types inside libpcap; 01467 * map them to the corresponding PPP protocol types. 01468 */ 01469 switch (proto) { 01470 01471 case ETHERTYPE_IP: 01472 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 01473 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 01474 gen_or(b0, b1); 01475 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 01476 gen_or(b1, b0); 01477 return b0; 01478 01479 #ifdef INET6 01480 case ETHERTYPE_IPV6: 01481 proto = PPP_IPV6; 01482 /* more to go? */ 01483 break; 01484 #endif 01485 01486 case ETHERTYPE_DN: 01487 proto = PPP_DECNET; 01488 break; 01489 01490 case ETHERTYPE_ATALK: 01491 proto = PPP_APPLE; 01492 break; 01493 01494 case ETHERTYPE_NS: 01495 proto = PPP_NS; 01496 break; 01497 01498 case LLCSAP_ISONS: 01499 proto = PPP_OSI; 01500 break; 01501 01502 case LLCSAP_8021D: 01503 /* 01504 * I'm assuming the "Bridging PDU"s that go 01505 * over PPP are Spanning Tree Protocol 01506 * Bridging PDUs. 01507 */ 01508 proto = PPP_BRPDU; 01509 break; 01510 01511 case LLCSAP_IPX: 01512 proto = PPP_IPX; 01513 break; 01514 } 01515 break; 01516 01517 case DLT_NULL: 01518 case DLT_LOOP: 01519 /* 01520 * For DLT_NULL, the link-layer header is a 32-bit 01521 * word containing an AF_ value in *host* byte order. 01522 * 01523 * In addition, if we're reading a saved capture file, 01524 * the host byte order in the capture may not be the 01525 * same as the host byte order on this machine. 01526 * 01527 * For DLT_LOOP, the link-layer header is a 32-bit 01528 * word containing an AF_ value in *network* byte order. 01529 * 01530 * XXX - AF_ values may, unfortunately, be platform- 01531 * dependent; for example, FreeBSD's AF_INET6 is 24 01532 * whilst NetBSD's and OpenBSD's is 26. 01533 * 01534 * This means that, when reading a capture file, just 01535 * checking for our AF_INET6 value won't work if the 01536 * capture file came from another OS. 01537 */ 01538 switch (proto) { 01539 01540 case ETHERTYPE_IP: 01541 proto = AF_INET; 01542 break; 01543 01544 #ifdef INET6 01545 case ETHERTYPE_IPV6: 01546 proto = AF_INET6; 01547 break; 01548 #endif 01549 01550 default: 01551 /* 01552 * Not a type on which we support filtering. 01553 * XXX - support those that have AF_ values 01554 * #defined on this platform, at least? 01555 */ 01556 return gen_false(); 01557 } 01558 01559 if (linktype == DLT_NULL) { 01560 /* 01561 * The AF_ value is in host byte order, but 01562 * the BPF interpreter will convert it to 01563 * network byte order. 01564 * 01565 * If this is a save file, and it's from a 01566 * machine with the opposite byte order to 01567 * ours, we byte-swap the AF_ value. 01568 * 01569 * Then we run it through "htonl()", and 01570 * generate code to compare against the result. 01571 */ 01572 if (bpf_pcap->sf.rfile != NULL && 01573 bpf_pcap->sf.swapped) 01574 proto = SWAPLONG(proto); 01575 proto = htonl(proto); 01576 } 01577 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 01578 01579 case DLT_ARCNET: 01580 case DLT_ARCNET_LINUX: 01581 /* 01582 * XXX should we check for first fragment if the protocol 01583 * uses PHDS? 01584 */ 01585 switch (proto) { 01586 01587 default: 01588 return gen_false(); 01589 01590 #ifdef INET6 01591 case ETHERTYPE_IPV6: 01592 return (gen_cmp(off_linktype, BPF_B, 01593 (bpf_int32)ARCTYPE_INET6)); 01594 #endif /* INET6 */ 01595 01596 case ETHERTYPE_IP: 01597 b0 = gen_cmp(off_linktype, BPF_B, 01598 (bpf_int32)ARCTYPE_IP); 01599 b1 = gen_cmp(off_linktype, BPF_B, 01600 (bpf_int32)ARCTYPE_IP_OLD); 01601 gen_or(b0, b1); 01602 return (b1); 01603 01604 case ETHERTYPE_ARP: 01605 b0 = gen_cmp(off_linktype, BPF_B, 01606 (bpf_int32)ARCTYPE_ARP); 01607 b1 = gen_cmp(off_linktype, BPF_B, 01608 (bpf_int32)ARCTYPE_ARP_OLD); 01609 gen_or(b0, b1); 01610 return (b1); 01611 01612 case ETHERTYPE_REVARP: 01613 return (gen_cmp(off_linktype, BPF_B, 01614 (bpf_int32)ARCTYPE_REVARP)); 01615 01616 case ETHERTYPE_ATALK: 01617 return (gen_cmp(off_linktype, BPF_B, 01618 (bpf_int32)ARCTYPE_ATALK)); 01619 } 01620 break; 01621 01622 case DLT_LTALK: 01623 switch (proto) { 01624 case ETHERTYPE_ATALK: 01625 return gen_true(); 01626 default: 01627 return gen_false(); 01628 } 01629 break; 01630 01631 case DLT_FRELAY: 01632 /* 01633 * XXX - assumes a 2-byte Frame Relay header with 01634 * DLCI and flags. What if the address is longer? 01635 */ 01636 switch (proto) { 01637 01638 case ETHERTYPE_IP: 01639 /* 01640 * Check for the special NLPID for IP. 01641 */ 01642 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc); 01643 01644 #ifdef INET6 01645 case ETHERTYPE_IPV6: 01646 /* 01647 * Check for the special NLPID for IPv6. 01648 */ 01649 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e); 01650 #endif 01651 01652 case LLCSAP_ISONS: 01653 /* 01654 * Check for several OSI protocols. 01655 * 01656 * Frame Relay packets typically have an OSI 01657 * NLPID at the beginning; we check for each 01658 * of them. 01659 * 01660 * What we check for is the NLPID and a frame 01661 * control field of UI, i.e. 0x03 followed 01662 * by the NLPID. 01663 */ 01664 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP); 01665 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS); 01666 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS); 01667 gen_or(b1, b2); 01668 gen_or(b0, b2); 01669 return b2; 01670 01671 default: 01672 return gen_false(); 01673 } 01674 break; 01675 } 01676 01677 /* 01678 * All the types that have no encapsulation should either be 01679 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 01680 * all packets are IP packets, or should be handled in some 01681 * special case, if none of them are (if some are and some 01682 * aren't, the lack of encapsulation is a problem, as we'd 01683 * have to find some other way of determining the packet type). 01684 * 01685 * Therefore, if "off_linktype" is -1, there's an error. 01686 */ 01687 if (off_linktype == -1) 01688 abort(); 01689 01690 /* 01691 * Any type not handled above should always have an Ethernet 01692 * type at an offset of "off_linktype". (PPP is partially 01693 * handled above - the protocol type is mapped from the 01694 * Ethernet and LLC types we use internally to the corresponding 01695 * PPP type - but the PPP type is always specified by a value 01696 * at "off_linktype", so we don't have to do the code generation 01697 * above.) 01698 */ 01699 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01700 } 01701 01702 /* 01703 * Check for an LLC SNAP packet with a given organization code and 01704 * protocol type; we check the entire contents of the 802.2 LLC and 01705 * snap headers, checking for DSAP and SSAP of SNAP and a control 01706 * field of 0x03 in the LLC header, and for the specified organization 01707 * code and protocol type in the SNAP header. 01708 */ 01709 static struct block * 01710 gen_snap(orgcode, ptype, offset) 01711 bpf_u_int32 orgcode; 01712 bpf_u_int32 ptype; 01713 u_int offset; 01714 { 01715 u_char snapblock[8]; 01716 01717 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 01718 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 01719 snapblock[2] = 0x03; /* control = UI */ 01720 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 01721 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 01722 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 01723 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 01724 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */ 01725 return gen_bcmp(offset, 8, snapblock); 01726 } 01727 01728 /* 01729 * Check for a given protocol value assuming an 802.2 LLC header. 01730 */ 01731 static struct block * 01732 gen_llc(proto) 01733 int proto; 01734 { 01735 /* 01736 * XXX - handle token-ring variable-length header. 01737 */ 01738 switch (proto) { 01739 01740 case LLCSAP_IP: 01741 return gen_cmp(off_linktype, BPF_H, (long) 01742 ((LLCSAP_IP << 8) | LLCSAP_IP)); 01743 01744 case LLCSAP_ISONS: 01745 return gen_cmp(off_linktype, BPF_H, (long) 01746 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01747 01748 case LLCSAP_NETBEUI: 01749 return gen_cmp(off_linktype, BPF_H, (long) 01750 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01751 01752 case LLCSAP_IPX: 01753 /* 01754 * XXX - are there ever SNAP frames for IPX on 01755 * non-Ethernet 802.x networks? 01756 */ 01757 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX); 01758 01759 case ETHERTYPE_ATALK: 01760 /* 01761 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01762 * SNAP packets with an organization code of 01763 * 0x080007 (Apple, for Appletalk) and a protocol 01764 * type of ETHERTYPE_ATALK (Appletalk). 01765 * 01766 * XXX - check for an organization code of 01767 * encapsulated Ethernet as well? 01768 */ 01769 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype); 01770 01771 default: 01772 /* 01773 * XXX - we don't have to check for IPX 802.3 01774 * here, but should we check for the IPX Ethertype? 01775 */ 01776 if (proto <= ETHERMTU) { 01777 /* 01778 * This is an LLC SAP value, so check 01779 * the DSAP. 01780 */ 01781 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto); 01782 } else { 01783 /* 01784 * This is an Ethernet type; we assume that it's 01785 * unlikely that it'll appear in the right place 01786 * at random, and therefore check only the 01787 * location that would hold the Ethernet type 01788 * in a SNAP frame with an organization code of 01789 * 0x000000 (encapsulated Ethernet). 01790 * 01791 * XXX - if we were to check for the SNAP DSAP and 01792 * LSAP, as per XXX, and were also to check for an 01793 * organization code of 0x000000 (encapsulated 01794 * Ethernet), we'd do 01795 * 01796 * return gen_snap(0x000000, proto, 01797 * off_linktype); 01798 * 01799 * here; for now, we don't, as per the above. 01800 * I don't know whether it's worth the extra CPU 01801 * time to do the right check or not. 01802 */ 01803 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto); 01804 } 01805 } 01806 } 01807 01808 static struct block * 01809 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 01810 bpf_u_int32 addr; 01811 bpf_u_int32 mask; 01812 int dir, proto; 01813 u_int src_off, dst_off; 01814 { 01815 struct block *b0, *b1; 01816 u_int offset; 01817 01818 switch (dir) { 01819 01820 case Q_SRC: 01821 offset = src_off; 01822 break; 01823 01824 case Q_DST: 01825 offset = dst_off; 01826 break; 01827 01828 case Q_AND: 01829 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 01830 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 01831 gen_and(b0, b1); 01832 return b1; 01833 01834 case Q_OR: 01835 case Q_DEFAULT: 01836 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 01837 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 01838 gen_or(b0, b1); 01839 return b1; 01840 01841 default: 01842 abort(); 01843 } 01844 b0 = gen_linktype(proto); 01845 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 01846 gen_and(b0, b1); 01847 return b1; 01848 } 01849 01850 #ifdef INET6 01851 static struct block * 01852 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 01853 struct in6_addr *addr; 01854 struct in6_addr *mask; 01855 int dir, proto; 01856 u_int src_off, dst_off; 01857 { 01858 struct block *b0, *b1; 01859 u_int offset; 01860 u_int32_t *a, *m; 01861 01862 switch (dir) { 01863 01864 case Q_SRC: 01865 offset = src_off; 01866 break; 01867 01868 case Q_DST: 01869 offset = dst_off; 01870 break; 01871 01872 case Q_AND: 01873 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 01874 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 01875 gen_and(b0, b1); 01876 return b1; 01877 01878 case Q_OR: 01879 case Q_DEFAULT: 01880 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 01881 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 01882 gen_or(b0, b1); 01883 return b1; 01884 01885 default: 01886 abort(); 01887 } 01888 /* this order is important */ 01889 a = (u_int32_t *)addr; 01890 m = (u_int32_t *)mask; 01891 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 01892 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 01893 gen_and(b0, b1); 01894 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 01895 gen_and(b0, b1); 01896 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 01897 gen_and(b0, b1); 01898 b0 = gen_linktype(proto); 01899 gen_and(b0, b1); 01900 return b1; 01901 } 01902 #endif /*INET6*/ 01903 01904 static struct block * 01905 gen_ehostop(eaddr, dir) 01906 register const u_char *eaddr; 01907 register int dir; 01908 { 01909 register struct block *b0, *b1; 01910 01911 switch (dir) { 01912 case Q_SRC: 01913 return gen_bcmp(off_mac + 6, 6, eaddr); 01914 01915 case Q_DST: 01916 return gen_bcmp(off_mac + 0, 6, eaddr); 01917 01918 case Q_AND: 01919 b0 = gen_ehostop(eaddr, Q_SRC); 01920 b1 = gen_ehostop(eaddr, Q_DST); 01921 gen_and(b0, b1); 01922 return b1; 01923 01924 case Q_DEFAULT: 01925 case Q_OR: 01926 b0 = gen_ehostop(eaddr, Q_SRC); 01927 b1 = gen_ehostop(eaddr, Q_DST); 01928 gen_or(b0, b1); 01929 return b1; 01930 } 01931 abort(); 01932 /* NOTREACHED */ 01933 } 01934 01935 /* 01936 * Like gen_ehostop, but for DLT_FDDI 01937 */ 01938 static struct block * 01939 gen_fhostop(eaddr, dir) 01940 register const u_char *eaddr; 01941 register int dir; 01942 { 01943 struct block *b0, *b1; 01944 01945 switch (dir) { 01946 case Q_SRC: 01947 #ifdef PCAP_FDDIPAD 01948 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 01949 #else 01950 return gen_bcmp(6 + 1, 6, eaddr); 01951 #endif 01952 01953 case Q_DST: 01954 #ifdef PCAP_FDDIPAD 01955 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 01956 #else 01957 return gen_bcmp(0 + 1, 6, eaddr); 01958 #endif 01959 01960 case Q_AND: 01961 b0 = gen_fhostop(eaddr, Q_SRC); 01962 b1 = gen_fhostop(eaddr, Q_DST); 01963 gen_and(b0, b1); 01964 return b1; 01965 01966 case Q_DEFAULT: 01967 case Q_OR: 01968 b0 = gen_fhostop(eaddr, Q_SRC); 01969 b1 = gen_fhostop(eaddr, Q_DST); 01970 gen_or(b0, b1); 01971 return b1; 01972 } 01973 abort(); 01974 /* NOTREACHED */ 01975 } 01976 01977 /* 01978 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 01979 */ 01980 static struct block * 01981 gen_thostop(eaddr, dir) 01982 register const u_char *eaddr; 01983 register int dir; 01984 { 01985 register struct block *b0, *b1; 01986 01987 switch (dir) { 01988 case Q_SRC: 01989 return gen_bcmp(8, 6, eaddr); 01990 01991 case Q_DST: 01992 return gen_bcmp(2, 6, eaddr); 01993 01994 case Q_AND: 01995 b0 = gen_thostop(eaddr, Q_SRC); 01996 b1 = gen_thostop(eaddr, Q_DST); 01997 gen_and(b0, b1); 01998 return b1; 01999 02000 case Q_DEFAULT: 02001 case Q_OR: 02002 b0 = gen_thostop(eaddr, Q_SRC); 02003 b1 = gen_thostop(eaddr, Q_DST); 02004 gen_or(b0, b1); 02005 return b1; 02006 } 02007 abort(); 02008 /* NOTREACHED */ 02009 } 02010 02011 /* 02012 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) 02013 */ 02014 static struct block * 02015 gen_wlanhostop(eaddr, dir) 02016 register const u_char *eaddr; 02017 register int dir; 02018 { 02019 register struct block *b0, *b1, *b2; 02020 register struct slist *s; 02021 02022 switch (dir) { 02023 case Q_SRC: 02024 /* 02025 * Oh, yuk. 02026 * 02027 * For control frames, there is no SA. 02028 * 02029 * For management frames, SA is at an 02030 * offset of 10 from the beginning of 02031 * the packet. 02032 * 02033 * For data frames, SA is at an offset 02034 * of 10 from the beginning of the packet 02035 * if From DS is clear, at an offset of 02036 * 16 from the beginning of the packet 02037 * if From DS is set and To DS is clear, 02038 * and an offset of 24 from the beginning 02039 * of the packet if From DS is set and To DS 02040 * is set. 02041 */ 02042 02043 /* 02044 * Generate the tests to be done for data frames 02045 * with From DS set. 02046 * 02047 * First, check for To DS set, i.e. check "link[1] & 0x01". 02048 */ 02049 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02050 s->s.k = 1; 02051 b1 = new_block(JMP(BPF_JSET)); 02052 b1->s.k = 0x01; /* To DS */ 02053 b1->stmts = s; 02054 02055 /* 02056 * If To DS is set, the SA is at 24. 02057 */ 02058 b0 = gen_bcmp(24, 6, eaddr); 02059 gen_and(b1, b0); 02060 02061 /* 02062 * Now, check for To DS not set, i.e. check 02063 * "!(link[1] & 0x01)". 02064 */ 02065 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02066 s->s.k = 1; 02067 b2 = new_block(JMP(BPF_JSET)); 02068 b2->s.k = 0x01; /* To DS */ 02069 b2->stmts = s; 02070 gen_not(b2); 02071 02072 /* 02073 * If To DS is not set, the SA is at 16. 02074 */ 02075 b1 = gen_bcmp(16, 6, eaddr); 02076 gen_and(b2, b1); 02077 02078 /* 02079 * Now OR together the last two checks. That gives 02080 * the complete set of checks for data frames with 02081 * From DS set. 02082 */ 02083 gen_or(b1, b0); 02084 02085 /* 02086 * Now check for From DS being set, and AND that with 02087 * the ORed-together checks. 02088 */ 02089 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02090 s->s.k = 1; 02091 b1 = new_block(JMP(BPF_JSET)); 02092 b1->s.k = 0x02; /* From DS */ 02093 b1->stmts = s; 02094 gen_and(b1, b0); 02095 02096 /* 02097 * Now check for data frames with From DS not set. 02098 */ 02099 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02100 s->s.k = 1; 02101 b2 = new_block(JMP(BPF_JSET)); 02102 b2->s.k = 0x02; /* From DS */ 02103 b2->stmts = s; 02104 gen_not(b2); 02105 02106 /* 02107 * If From DS isn't set, the SA is at 10. 02108 */ 02109 b1 = gen_bcmp(10, 6, eaddr); 02110 gen_and(b2, b1); 02111 02112 /* 02113 * Now OR together the checks for data frames with 02114 * From DS not set and for data frames with From DS 02115 * set; that gives the checks done for data frames. 02116 */ 02117 gen_or(b1, b0); 02118 02119 /* 02120 * Now check for a data frame. 02121 * I.e, check "link[0] & 0x08". 02122 */ 02123 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02124 s->s.k = 0; 02125 b1 = new_block(JMP(BPF_JSET)); 02126 b1->s.k = 0x08; 02127 b1->stmts = s; 02128 02129 /* 02130 * AND that with the checks done for data frames. 02131 */ 02132 gen_and(b1, b0); 02133 02134 /* 02135 * If the high-order bit of the type value is 0, this 02136 * is a management frame. 02137 * I.e, check "!(link[0] & 0x08)". 02138 */ 02139 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02140 s->s.k = 0; 02141 b2 = new_block(JMP(BPF_JSET)); 02142 b2->s.k = 0x08; 02143 b2->stmts = s; 02144 gen_not(b2); 02145 02146 /* 02147 * For management frames, the SA is at 10. 02148 */ 02149 b1 = gen_bcmp(10, 6, eaddr); 02150 gen_and(b2, b1); 02151 02152 /* 02153 * OR that with the checks done for data frames. 02154 * That gives the checks done for management and 02155 * data frames. 02156 */ 02157 gen_or(b1, b0); 02158 02159 /* 02160 * If the low-order bit of the type value is 1, 02161 * this is either a control frame or a frame 02162 * with a reserved type, and thus not a 02163 * frame with an SA. 02164 * 02165 * I.e., check "!(link[0] & 0x04)". 02166 */ 02167 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02168 s->s.k = 0; 02169 b1 = new_block(JMP(BPF_JSET)); 02170 b1->s.k = 0x04; 02171 b1->stmts = s; 02172 gen_not(b1); 02173 02174 /* 02175 * AND that with the checks for data and management 02176 * frames. 02177 */ 02178 gen_and(b1, b0); 02179 return b0; 02180 02181 case Q_DST: 02182 /* 02183 * Oh, yuk. 02184 * 02185 * For control frames, there is no DA. 02186 * 02187 * For management frames, DA is at an 02188 * offset of 4 from the beginning of 02189 * the packet. 02190 * 02191 * For data frames, DA is at an offset 02192 * of 4 from the beginning of the packet 02193 * if To DS is clear and at an offset of 02194 * 16 from the beginning of the packet 02195 * if To DS is set. 02196 */ 02197 02198 /* 02199 * Generate the tests to be done for data frames. 02200 * 02201 * First, check for To DS set, i.e. "link[1] & 0x01". 02202 */ 02203 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02204 s->s.k = 1; 02205 b1 = new_block(JMP(BPF_JSET)); 02206 b1->s.k = 0x01; /* To DS */ 02207 b1->stmts = s; 02208 02209 /* 02210 * If To DS is set, the DA is at 16. 02211 */ 02212 b0 = gen_bcmp(16, 6, eaddr); 02213 gen_and(b1, b0); 02214 02215 /* 02216 * Now, check for To DS not set, i.e. check 02217 * "!(link[1] & 0x01)". 02218 */ 02219 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02220 s->s.k = 1; 02221 b2 = new_block(JMP(BPF_JSET)); 02222 b2->s.k = 0x01; /* To DS */ 02223 b2->stmts = s; 02224 gen_not(b2); 02225 02226 /* 02227 * If To DS is not set, the DA is at 4. 02228 */ 02229 b1 = gen_bcmp(4, 6, eaddr); 02230 gen_and(b2, b1); 02231 02232 /* 02233 * Now OR together the last two checks. That gives 02234 * the complete set of checks for data frames. 02235 */ 02236 gen_or(b1, b0); 02237 02238 /* 02239 * Now check for a data frame. 02240 * I.e, check "link[0] & 0x08". 02241 */ 02242 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02243 s->s.k = 0; 02244 b1 = new_block(JMP(BPF_JSET)); 02245 b1->s.k = 0x08; 02246 b1->stmts = s; 02247 02248 /* 02249 * AND that with the checks done for data frames. 02250 */ 02251 gen_and(b1, b0); 02252 02253 /* 02254 * If the high-order bit of the type value is 0, this 02255 * is a management frame. 02256 * I.e, check "!(link[0] & 0x08)". 02257 */ 02258 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02259 s->s.k = 0; 02260 b2 = new_block(JMP(BPF_JSET)); 02261 b2->s.k = 0x08; 02262 b2->stmts = s; 02263 gen_not(b2); 02264 02265 /* 02266 * For management frames, the DA is at 4. 02267 */ 02268 b1 = gen_bcmp(4, 6, eaddr); 02269 gen_and(b2, b1); 02270 02271 /* 02272 * OR that with the checks done for data frames. 02273 * That gives the checks done for management and 02274 * data frames. 02275 */ 02276 gen_or(b1, b0); 02277 02278 /* 02279 * If the low-order bit of the type value is 1, 02280 * this is either a control frame or a frame 02281 * with a reserved type, and thus not a 02282 * frame with an SA. 02283 * 02284 * I.e., check "!(link[0] & 0x04)". 02285 */ 02286 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 02287 s->s.k = 0; 02288 b1 = new_block(JMP(BPF_JSET)); 02289 b1->s.k = 0x04; 02290 b1->stmts = s; 02291 gen_not(b1); 02292 02293 /* 02294 * AND that with the checks for data and management 02295 * frames. 02296 */ 02297 gen_and(b1, b0); 02298 return b0; 02299 02300 case Q_AND: 02301 b0 = gen_wlanhostop(eaddr, Q_SRC); 02302 b1 = gen_wlanhostop(eaddr, Q_DST); 02303 gen_and(b0, b1); 02304 return b1; 02305 02306 case Q_DEFAULT: 02307 case Q_OR: 02308 b0 = gen_wlanhostop(eaddr, Q_SRC); 02309 b1 = gen_wlanhostop(eaddr, Q_DST); 02310 gen_or(b0, b1); 02311 return b1; 02312 } 02313 abort(); 02314 /* NOTREACHED */ 02315 } 02316 02317 /* 02318 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel. 02319 * (We assume that the addresses are IEEE 48-bit MAC addresses, 02320 * as the RFC states.) 02321 */ 02322 static struct block * 02323 gen_ipfchostop(eaddr, dir) 02324 register const u_char *eaddr; 02325 register int dir; 02326 { 02327 register struct block *b0, *b1; 02328 02329 switch (dir) { 02330 case Q_SRC: 02331 return gen_bcmp(10, 6, eaddr); 02332 02333 case Q_DST: 02334 return gen_bcmp(2, 6, eaddr); 02335 02336 case Q_AND: 02337 b0 = gen_ipfchostop(eaddr, Q_SRC); 02338 b1 = gen_ipfchostop(eaddr, Q_DST); 02339 gen_and(b0, b1); 02340 return b1; 02341 02342 case Q_DEFAULT: 02343 case Q_OR: 02344 b0 = gen_ipfchostop(eaddr, Q_SRC); 02345 b1 = gen_ipfchostop(eaddr, Q_DST); 02346 gen_or(b0, b1); 02347 return b1; 02348 } 02349 abort(); 02350 /* NOTREACHED */ 02351 } 02352 02353 /* 02354 * This is quite tricky because there may be pad bytes in front of the 02355 * DECNET header, and then there are two possible data packet formats that 02356 * carry both src and dst addresses, plus 5 packet types in a format that 02357 * carries only the src node, plus 2 types that use a different format and 02358 * also carry just the src node. 02359 * 02360 * Yuck. 02361 * 02362 * Instead of doing those all right, we just look for data packets with 02363 * 0 or 1 bytes of padding. If you want to look at other packets, that 02364 * will require a lot more hacking. 02365 * 02366 * To add support for filtering on DECNET "areas" (network numbers) 02367 * one would want to add a "mask" argument to this routine. That would 02368 * make the filter even more inefficient, although one could be clever 02369 * and not generate masking instructions if the mask is 0xFFFF. 02370 */ 02371 static struct block * 02372 gen_dnhostop(addr, dir, base_off) 02373 bpf_u_int32 addr; 02374 int dir; 02375 u_int base_off; 02376 { 02377 struct block *b0, *b1, *b2, *tmp; 02378 u_int offset_lh; /* offset if long header is received */ 02379 u_int offset_sh; /* offset if short header is received */ 02380 02381 switch (dir) { 02382 02383 case Q_DST: 02384 offset_sh = 1; /* follows flags */ 02385 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 02386 break; 02387 02388 case Q_SRC: 02389 offset_sh = 3; /* follows flags, dstnode */ 02390 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 02391 break; 02392 02393 case Q_AND: 02394 /* Inefficient because we do our Calvinball dance twice */ 02395 b0 = gen_dnhostop(addr, Q_SRC, base_off); 02396 b1 = gen_dnhostop(addr, Q_DST, base_off); 02397 gen_and(b0, b1); 02398 return b1; 02399 02400 case Q_OR: 02401 case Q_DEFAULT: 02402 /* Inefficient because we do our Calvinball dance twice */ 02403 b0 = gen_dnhostop(addr, Q_SRC, base_off); 02404 b1 = gen_dnhostop(addr, Q_DST, base_off); 02405 gen_or(b0, b1); 02406 return b1; 02407 02408 case Q_ISO: 02409 bpf_error("ISO host filtering not implemented"); 02410 02411 default: 02412 abort(); 02413 } 02414 b0 = gen_linktype(ETHERTYPE_DN); 02415 /* Check for pad = 1, long header case */ 02416 tmp = gen_mcmp(base_off + 2, BPF_H, 02417 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 02418 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 02419 BPF_H, (bpf_int32)ntohs(addr)); 02420 gen_and(tmp, b1); 02421 /* Check for pad = 0, long header case */ 02422 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 02423 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 02424 gen_and(tmp, b2); 02425 gen_or(b2, b1); 02426 /* Check for pad = 1, short header case */ 02427 tmp = gen_mcmp(base_off + 2, BPF_H, 02428 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 02429 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 02430 BPF_H, (bpf_int32)ntohs(addr)); 02431 gen_and(tmp, b2); 02432 gen_or(b2, b1); 02433 /* Check for pad = 0, short header case */ 02434 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 02435 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 02436 gen_and(tmp, b2); 02437 gen_or(b2, b1); 02438 02439 /* Combine with test for linktype */ 02440 gen_and(b0, b1); 02441 return b1; 02442 } 02443 02444 static struct block * 02445 gen_host(addr, mask, proto, dir) 02446 bpf_u_int32 addr; 02447 bpf_u_int32 mask; 02448 int proto; 02449 int dir; 02450 { 02451 struct block *b0, *b1; 02452 02453 switch (proto) { 02454 02455 case Q_DEFAULT: 02456 b0 = gen_host(addr, mask, Q_IP, dir); 02457 if (off_linktype != -1) { 02458 b1 = gen_host(addr, mask, Q_ARP, dir); 02459 gen_or(b0, b1); 02460 b0 = gen_host(addr, mask, Q_RARP, dir); 02461 gen_or(b1, b0); 02462 } 02463 return b0; 02464 02465 case Q_IP: 02466 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 02467 off_nl + 12, off_nl + 16); 02468 02469 case Q_RARP: 02470 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 02471 off_nl + 14, off_nl + 24); 02472 02473 case Q_ARP: 02474 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 02475 off_nl + 14, off_nl + 24); 02476 02477 case Q_TCP: 02478 bpf_error("'tcp' modifier applied to host"); 02479 02480 case Q_SCTP: 02481 bpf_error("'sctp' modifier applied to host"); 02482 02483 case Q_UDP: 02484 bpf_error("'udp' modifier applied to host"); 02485 02486 case Q_ICMP: 02487 bpf_error("'icmp' modifier applied to host"); 02488 02489 case Q_IGMP: 02490 bpf_error("'igmp' modifier applied to host"); 02491 02492 case Q_IGRP: 02493 bpf_error("'igrp' modifier applied to host"); 02494 02495 case Q_PIM: 02496 bpf_error("'pim' modifier applied to host"); 02497 02498 case Q_VRRP: 02499 bpf_error("'vrrp' modifier applied to host"); 02500 02501 case Q_ATALK: 02502 bpf_error("ATALK host filtering not implemented"); 02503 02504 case Q_AARP: 02505 bpf_error("AARP host filtering not implemented"); 02506 02507 case Q_DECNET: 02508 return gen_dnhostop(addr, dir, off_nl); 02509 02510 case Q_SCA: 02511 bpf_error("SCA host filtering not implemented"); 02512 02513 case Q_LAT: 02514 bpf_error("LAT host filtering not implemented"); 02515 02516 case Q_MOPDL: 02517 bpf_error("MOPDL host filtering not implemented"); 02518 02519 case Q_MOPRC: 02520 bpf_error("MOPRC host filtering not implemented"); 02521 02522 #ifdef INET6 02523 case Q_IPV6: 02524 bpf_error("'ip6' modifier applied to ip host"); 02525 02526 case Q_ICMPV6: 02527 bpf_error("'icmp6' modifier applied to host"); 02528 #endif /* INET6 */ 02529 02530 case Q_AH: 02531 bpf_error("'ah' modifier applied to host"); 02532 02533 case Q_ESP: 02534 bpf_error("'esp' modifier applied to host"); 02535 02536 case Q_ISO: 02537 bpf_error("ISO host filtering not implemented"); 02538 02539 case Q_ESIS: 02540 bpf_error("'esis' modifier applied to host"); 02541 02542 case Q_ISIS: 02543 bpf_error("'isis' modifier applied to host"); 02544 02545 case Q_CLNP: 02546 bpf_error("'clnp' modifier applied to host"); 02547 02548 case Q_STP: 02549 bpf_error("'stp' modifier applied to host"); 02550 02551 case Q_IPX: 02552 bpf_error("IPX host filtering not implemented"); 02553 02554 case Q_NETBEUI: 02555 bpf_error("'netbeui' modifier applied to host"); 02556 02557 default: 02558 abort(); 02559 } 02560 /* NOTREACHED */ 02561 } 02562 02563 #ifdef INET6 02564 static struct block * 02565 gen_host6(addr, mask, proto, dir) 02566 struct in6_addr *addr; 02567 struct in6_addr *mask; 02568 int proto; 02569 int dir; 02570 { 02571 switch (proto) { 02572 02573 case Q_DEFAULT: 02574 return gen_host6(addr, mask, Q_IPV6, dir); 02575 02576 case Q_IP: 02577 bpf_error("'ip' modifier applied to ip6 host"); 02578 02579 case Q_RARP: 02580 bpf_error("'rarp' modifier applied to ip6 host"); 02581 02582 case Q_ARP: 02583 bpf_error("'arp' modifier applied to ip6 host"); 02584 02585 case Q_SCTP: 02586 bpf_error("'sctp' modifier applied to host"); 02587 02588 case Q_TCP: 02589 bpf_error("'tcp' modifier applied to host"); 02590 02591 case Q_UDP: 02592 bpf_error("'udp' modifier applied to host"); 02593 02594 case Q_ICMP: 02595 bpf_error("'icmp' modifier applied to host"); 02596 02597 case Q_IGMP: 02598 bpf_error("'igmp' modifier applied to host"); 02599 02600 case Q_IGRP: 02601 bpf_error("'igrp' modifier applied to host"); 02602 02603 case Q_PIM: 02604 bpf_error("'pim' modifier applied to host"); 02605 02606 case Q_VRRP: 02607 bpf_error("'vrrp' modifier applied to host"); 02608 02609 case Q_ATALK: 02610 bpf_error("ATALK host filtering not implemented"); 02611 02612 case Q_AARP: 02613 bpf_error("AARP host filtering not implemented"); 02614 02615 case Q_DECNET: 02616 bpf_error("'decnet' modifier applied to ip6 host"); 02617 02618 case Q_SCA: 02619 bpf_error("SCA host filtering not implemented"); 02620 02621 case Q_LAT: 02622 bpf_error("LAT host filtering not implemented"); 02623 02624 case Q_MOPDL: 02625 bpf_error("MOPDL host filtering not implemented"); 02626 02627 case Q_MOPRC: 02628 bpf_error("MOPRC host filtering not implemented"); 02629 02630 case Q_IPV6: 02631 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 02632 off_nl + 8, off_nl + 24); 02633 02634 case Q_ICMPV6: 02635 bpf_error("'icmp6' modifier applied to host"); 02636 02637 case Q_AH: 02638 bpf_error("'ah' modifier applied to host"); 02639 02640 case Q_ESP: 02641 bpf_error("'esp' modifier applied to host"); 02642 02643 case Q_ISO: 02644 bpf_error("ISO host filtering not implemented"); 02645 02646 case Q_ESIS: 02647 bpf_error("'esis' modifier applied to host"); 02648 02649 case Q_ISIS: 02650 bpf_error("'isis' modifier applied to host"); 02651 02652 case Q_CLNP: 02653 bpf_error("'clnp' modifier applied to host"); 02654 02655 case Q_STP: 02656 bpf_error("'stp' modifier applied to host"); 02657 02658 case Q_IPX: 02659 bpf_error("IPX host filtering not implemented"); 02660 02661 case Q_NETBEUI: 02662 bpf_error("'netbeui' modifier applied to host"); 02663 02664 default: 02665 abort(); 02666 } 02667 /* NOTREACHED */ 02668 } 02669 #endif /*INET6*/ 02670 02671 #ifndef INET6 02672 static struct block * 02673 gen_gateway(eaddr, alist, proto, dir) 02674 const u_char *eaddr; 02675 bpf_u_int32 **alist; 02676 int proto; 02677 int dir; 02678 { 02679 struct block *b0, *b1, *tmp; 02680 02681 if (dir != 0) 02682 bpf_error("direction applied to 'gateway'"); 02683 02684 switch (proto) { 02685 case Q_DEFAULT: 02686 case Q_IP: 02687 case Q_ARP: 02688 case Q_RARP: 02689 if (linktype == DLT_EN10MB) 02690 b0 = gen_ehostop(eaddr, Q_OR); 02691 else if (linktype == DLT_FDDI) 02692 b0 = gen_fhostop(eaddr, Q_OR); 02693 else if (linktype == DLT_IEEE802) 02694 b0 = gen_thostop(eaddr, Q_OR); 02695 else if (linktype == DLT_IEEE802_11) 02696 b0 = gen_wlanhostop(eaddr, Q_OR); 02697 else if (linktype == DLT_SUNATM && is_lane) { 02698 /* 02699 * Check that the packet doesn't begin with an 02700 * LE Control marker. (We've already generated 02701 * a test for LANE.) 02702 */ 02703 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 02704 gen_not(b1); 02705 02706 /* 02707 * Now check the MAC address. 02708 */ 02709 b0 = gen_ehostop(eaddr, Q_OR); 02710 gen_and(b1, b0); 02711 } else if (linktype == DLT_IP_OVER_FC) 02712 b0 = gen_ipfchostop(eaddr, Q_OR); 02713 else 02714 bpf_error( 02715 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel"); 02716 02717 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 02718 while (*alist) { 02719 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 02720 gen_or(b1, tmp); 02721 b1 = tmp; 02722 } 02723 gen_not(b1); 02724 gen_and(b0, b1); 02725 return b1; 02726 } 02727 bpf_error("illegal modifier of 'gateway'"); 02728 /* NOTREACHED */ 02729 } 02730 #endif 02731 02732 struct block * 02733 gen_proto_abbrev(proto) 02734 int proto; 02735 { 02736 struct block *b0; 02737 struct block *b1; 02738 02739 switch (proto) { 02740 02741 case Q_SCTP: 02742 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 02743 #ifdef INET6 02744 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 02745 gen_or(b0, b1); 02746 #endif 02747 break; 02748 02749 case Q_TCP: 02750 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 02751 #ifdef INET6 02752 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 02753 gen_or(b0, b1); 02754 #endif 02755 break; 02756 02757 case Q_UDP: 02758 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 02759 #ifdef INET6 02760 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 02761 gen_or(b0, b1); 02762 #endif 02763 break; 02764 02765 case Q_ICMP: 02766 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 02767 break; 02768 02769 #ifndef IPPROTO_IGMP 02770 #define IPPROTO_IGMP 2 02771 #endif 02772 02773 case Q_IGMP: 02774 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 02775 break; 02776 02777 #ifndef IPPROTO_IGRP 02778 #define IPPROTO_IGRP 9 02779 #endif 02780 case Q_IGRP: 02781 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 02782 break; 02783 02784 #ifndef IPPROTO_PIM 02785 #define IPPROTO_PIM 103 02786 #endif 02787 02788 case Q_PIM: 02789 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 02790 #ifdef INET6 02791 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 02792 gen_or(b0, b1); 02793 #endif 02794 break; 02795 02796 #ifndef IPPROTO_VRRP 02797 #define IPPROTO_VRRP 112 02798 #endif 02799 02800 case Q_VRRP: 02801 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 02802 break; 02803 02804 case Q_IP: 02805 b1 = gen_linktype(ETHERTYPE_IP); 02806 break; 02807 02808 case Q_ARP: 02809 b1 = gen_linktype(ETHERTYPE_ARP); 02810 break; 02811 02812 case Q_RARP: 02813 b1 = gen_linktype(ETHERTYPE_REVARP); 02814 break; 02815 02816 case Q_LINK: 02817 bpf_error("link layer applied in wrong context"); 02818 02819 case Q_ATALK: 02820 b1 = gen_linktype(ETHERTYPE_ATALK); 02821 break; 02822 02823 case Q_AARP: 02824 b1 = gen_linktype(ETHERTYPE_AARP); 02825 break; 02826 02827 case Q_DECNET: 02828 b1 = gen_linktype(ETHERTYPE_DN); 02829 break; 02830 02831 case Q_SCA: 02832 b1 = gen_linktype(ETHERTYPE_SCA); 02833 break; 02834 02835 case Q_LAT: 02836 b1 = gen_linktype(ETHERTYPE_LAT); 02837 break; 02838 02839 case Q_MOPDL: 02840 b1 = gen_linktype(ETHERTYPE_MOPDL); 02841 break; 02842 02843 case Q_MOPRC: 02844 b1 = gen_linktype(ETHERTYPE_MOPRC); 02845 break; 02846 02847 #ifdef INET6 02848 case Q_IPV6: 02849 b1 = gen_linktype(ETHERTYPE_IPV6); 02850 break; 02851 02852 #ifndef IPPROTO_ICMPV6 02853 #define IPPROTO_ICMPV6 58 02854 #endif 02855 case Q_ICMPV6: 02856 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 02857 break; 02858 #endif /* INET6 */ 02859 02860 #ifndef IPPROTO_AH 02861 #define IPPROTO_AH 51 02862 #endif 02863 case Q_AH: 02864 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 02865 #ifdef INET6 02866 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 02867 gen_or(b0, b1); 02868 #endif 02869 break; 02870 02871 #ifndef IPPROTO_ESP 02872 #define IPPROTO_ESP 50 02873 #endif 02874 case Q_ESP: 02875 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 02876 #ifdef INET6 02877 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 02878 gen_or(b0, b1); 02879 #endif 02880 break; 02881 02882 case Q_ISO: 02883 b1 = gen_linktype(LLCSAP_ISONS); 02884 break; 02885 02886 case Q_ESIS: 02887 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 02888 break; 02889 02890 case Q_ISIS: 02891 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 02892 break; 02893 02894 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */ 02895 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 02896 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 02897 gen_or(b0, b1); 02898 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 02899 gen_or(b0, b1); 02900 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 02901 gen_or(b0, b1); 02902 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 02903 gen_or(b0, b1); 02904 break; 02905 02906 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */ 02907 b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 02908 b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 02909 gen_or(b0, b1); 02910 b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 02911 gen_or(b0, b1); 02912 b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 02913 gen_or(b0, b1); 02914 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 02915 gen_or(b0, b1); 02916 break; 02917 02918 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */ 02919 b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 02920 b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 02921 gen_or(b0, b1); 02922 b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); 02923 gen_or(b0, b1); 02924 break; 02925 02926 case Q_ISIS_LSP: 02927 b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 02928 b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 02929 gen_or(b0, b1); 02930 break; 02931 02932 case Q_ISIS_SNP: 02933 b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 02934 b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 02935 gen_or(b0, b1); 02936 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 02937 gen_or(b0, b1); 02938 b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 02939 gen_or(b0, b1); 02940 break; 02941 02942 case Q_ISIS_CSNP: 02943 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 02944 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 02945 gen_or(b0, b1); 02946 break; 02947 02948 case Q_ISIS_PSNP: 02949 b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 02950 b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 02951 gen_or(b0, b1); 02952 break; 02953 02954 case Q_CLNP: 02955 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 02956 break; 02957 02958 case Q_STP: 02959 b1 = gen_linktype(LLCSAP_8021D); 02960 break; 02961 02962 case Q_IPX: 02963 b1 = gen_linktype(LLCSAP_IPX); 02964 break; 02965 02966 case Q_NETBEUI: 02967 b1 = gen_linktype(LLCSAP_NETBEUI); 02968 break; 02969 02970 default: 02971 abort(); 02972 } 02973 return b1; 02974 } 02975 02976 static struct block * 02977 gen_ipfrag() 02978 { 02979 struct slist *s; 02980 struct block *b; 02981 02982 /* not ip frag */ 02983 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 02984 s->s.k = off_nl + 6; 02985 b = new_block(JMP(BPF_JSET)); 02986 b->s.k = 0x1fff; 02987 b->stmts = s; 02988 gen_not(b); 02989 02990 return b; 02991 } 02992 02993 static struct block * 02994 gen_portatom(off, v) 02995 int off; 02996 bpf_int32 v; 02997 { 02998 struct slist *s; 02999 struct block *b; 03000 03001 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 03002 s->s.k = off_nl; 03003 03004 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 03005 s->next->s.k = off_nl + off; 03006 03007 b = new_block(JMP(BPF_JEQ)); 03008 b->stmts = s; 03009 b->s.k = v; 03010 03011 return b; 03012 } 03013 03014 #ifdef INET6 03015 static struct block * 03016 gen_portatom6(off, v) 03017 int off; 03018 bpf_int32 v; 03019 { 03020 return gen_cmp(off_nl + 40 + off, BPF_H, v); 03021 } 03022 #endif/*INET6*/ 03023 03024 struct block * 03025 gen_portop(port, proto, dir) 03026 int port, proto, dir; 03027 { 03028 struct block *b0, *b1, *tmp; 03029 03030 /* ip proto 'proto' */ 03031 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 03032 b0 = gen_ipfrag(); 03033 gen_and(tmp, b0); 03034 03035 switch (dir) { 03036 case Q_SRC: 03037 b1 = gen_portatom(0, (bpf_int32)port); 03038 break; 03039 03040 case Q_DST: 03041 b1 = gen_portatom(2, (bpf_int32)port); 03042 break; 03043 03044 case Q_OR: 03045 case Q_DEFAULT: 03046 tmp = gen_portatom(0, (bpf_int32)port); 03047 b1 = gen_portatom(2, (bpf_int32)port); 03048 gen_or(tmp, b1); 03049 break; 03050 03051 case Q_AND: 03052 tmp = gen_portatom(0, (bpf_int32)port); 03053 b1 = gen_portatom(2, (bpf_int32)port); 03054 gen_and(tmp, b1); 03055 break; 03056 03057 default: 03058 abort(); 03059 } 03060 gen_and(b0, b1); 03061 03062 return b1; 03063 } 03064 03065 static struct block * 03066 gen_port(port, ip_proto, dir) 03067 int port; 03068 int ip_proto; 03069 int dir; 03070 { 03071 struct block *b0, *b1, *tmp; 03072 03073 switch (linktype) { 03074 case DLT_IEEE802_11: 03075 case DLT_PRISM_HEADER: 03076 case DLT_IEEE802_11_RADIO: 03077 case DLT_FDDI: 03078 case DLT_IEEE802: 03079 case DLT_ATM_RFC1483: 03080 case DLT_ATM_CLIP: 03081 b0 = gen_linktype(LLCSAP_IP); 03082 break; 03083 default: 03084 b0 = gen_linktype(ETHERTYPE_IP); 03085 break; 03086 } 03087 03088 switch (ip_proto) { 03089 case IPPROTO_UDP: 03090 case IPPROTO_TCP: 03091 case IPPROTO_SCTP: 03092 b1 = gen_portop(port, ip_proto, dir); 03093 break; 03094 03095 case PROTO_UNDEF: 03096 tmp = gen_portop(port, IPPROTO_TCP, dir); 03097 b1 = gen_portop(port, IPPROTO_UDP, dir); 03098 gen_or(tmp, b1); 03099 tmp = gen_portop(port, IPPROTO_SCTP, dir); 03100 gen_or(tmp, b1); 03101 break; 03102 03103 default: 03104 abort(); 03105 } 03106 gen_and(b0, b1); 03107 return b1; 03108 } 03109 03110 #ifdef INET6 03111 struct block * 03112 gen_portop6(port, proto, dir) 03113 int port, proto, dir; 03114 { 03115 struct block *b0, *b1, *tmp; 03116 03117 /* ip proto 'proto' */ 03118 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 03119 03120 switch (dir) { 03121 case Q_SRC: 03122 b1 = gen_portatom6(0, (bpf_int32)port); 03123 break; 03124 03125 case Q_DST: 03126 b1 = gen_portatom6(2, (bpf_int32)port); 03127 break; 03128 03129 case Q_OR: 03130 case Q_DEFAULT: 03131 tmp = gen_portatom6(0, (bpf_int32)port); 03132 b1 = gen_portatom6(2, (bpf_int32)port); 03133 gen_or(tmp, b1); 03134 break; 03135 03136 case Q_AND: 03137 tmp = gen_portatom6(0, (bpf_int32)port); 03138 b1 = gen_portatom6(2, (bpf_int32)port); 03139 gen_and(tmp, b1); 03140 break; 03141 03142 default: 03143 abort(); 03144 } 03145 gen_and(b0, b1); 03146 03147 return b1; 03148 } 03149 03150 static struct block * 03151 gen_port6(port, ip_proto, dir) 03152 int port; 03153 int ip_proto; 03154 int dir; 03155 { 03156 struct block *b0, *b1, *tmp; 03157 03158 /* ether proto ip */ 03159 b0 = gen_linktype(ETHERTYPE_IPV6); 03160 03161 switch (ip_proto) { 03162 case IPPROTO_UDP: 03163 case IPPROTO_TCP: 03164 case IPPROTO_SCTP: 03165 b1 = gen_portop6(port, ip_proto, dir); 03166 break; 03167 03168 case PROTO_UNDEF: 03169 tmp = gen_portop6(port, IPPROTO_TCP, dir); 03170 b1 = gen_portop6(port, IPPROTO_UDP, dir); 03171 gen_or(tmp, b1); 03172 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 03173 gen_or(tmp, b1); 03174 break; 03175 03176 default: 03177 abort(); 03178 } 03179 gen_and(b0, b1); 03180 return b1; 03181 } 03182 #endif /* INET6 */ 03183 03184 static int 03185 lookup_proto(name, proto) 03186 register const char *name; 03187 register int proto; 03188 { 03189 register int v; 03190 03191 switch (proto) { 03192 03193 case Q_DEFAULT: 03194 case Q_IP: 03195 case Q_IPV6: 03196 v = pcap_nametoproto(name); 03197 if (v == PROTO_UNDEF) 03198 bpf_error("unknown ip proto '%s'", name); 03199 break; 03200 03201 case Q_LINK: 03202 /* XXX should look up h/w protocol type based on linktype */ 03203 v = pcap_nametoeproto(name); 03204 if (v == PROTO_UNDEF) 03205 bpf_error("unknown ether proto '%s'", name); 03206 break; 03207 03208 case Q_ISO: 03209 if (strcmp(name, "esis") == 0) 03210 v = ISO9542_ESIS; 03211 else if (strcmp(name, "isis") == 0) 03212 v = ISO10589_ISIS; 03213 else if (strcmp(name, "clnp") == 0) 03214 v = ISO8473_CLNP; 03215 else 03216 bpf_error("unknown osi proto '%s'", name); 03217 break; 03218 03219 default: 03220 v = PROTO_UNDEF; 03221 break; 03222 } 03223 return v; 03224 } 03225 03226 #if 0 03227 struct stmt * 03228 gen_joinsp(s, n) 03229 struct stmt **s; 03230 int n; 03231 { 03232 return NULL; 03233 } 03234 #endif 03235 03236 static struct block * 03237 gen_protochain(v, proto, dir) 03238 int v; 03239 int proto; 03240 int dir; 03241 { 03242 #ifdef NO_PROTOCHAIN 03243 return gen_proto(v, proto, dir); 03244 #else 03245 struct block *b0, *b; 03246 struct slist *s[100]; 03247 int fix2, fix3, fix4, fix5; 03248 int ahcheck, again, end; 03249 int i, max; 03250 int reg2 = alloc_reg(); 03251 03252 memset(s, 0, sizeof(s)); 03253 fix2 = fix3 = fix4 = fix5 = 0; 03254 03255 switch (proto) { 03256 case Q_IP: 03257 case Q_IPV6: 03258 break; 03259 case Q_DEFAULT: 03260 b0 = gen_protochain(v, Q_IP, dir); 03261 b = gen_protochain(v, Q_IPV6, dir); 03262 gen_or(b0, b); 03263 return b; 03264 default: 03265 bpf_error("bad protocol applied for 'protochain'"); 03266 /*NOTREACHED*/ 03267 } 03268 03269 no_optimize = 1; /*this code is not compatible with optimzer yet */ 03270 03271 /* 03272 * s[0] is a dummy entry to protect other BPF insn from damaged 03273 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 03274 * hard to find interdependency made by jump table fixup. 03275 */ 03276 i = 0; 03277 s[i] = new_stmt(0); /*dummy*/ 03278 i++; 03279 03280 switch (proto) { 03281 case Q_IP: 03282 b0 = gen_linktype(ETHERTYPE_IP); 03283 03284 /* A = ip->ip_p */ 03285 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 03286 s[i]->s.k = off_nl + 9; 03287 i++; 03288 /* X = ip->ip_hl << 2 */ 03289 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 03290 s[i]->s.k = off_nl; 03291 i++; 03292 break; 03293 #ifdef INET6 03294 case Q_IPV6: 03295 b0 = gen_linktype(ETHERTYPE_IPV6); 03296 03297 /* A = ip6->ip_nxt */ 03298 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 03299 s[i]->s.k = off_nl + 6; 03300 i++; 03301 /* X = sizeof(struct ip6_hdr) */ 03302 s[i] = new_stmt(BPF_LDX|BPF_IMM); 03303 s[i]->s.k = 40; 03304 i++; 03305 break; 03306 #endif 03307 default: 03308 bpf_error("unsupported proto to gen_protochain"); 03309 /*NOTREACHED*/ 03310 } 03311 03312 /* again: if (A == v) goto end; else fall through; */ 03313 again = i; 03314 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03315 s[i]->s.k = v; 03316 s[i]->s.jt = NULL; /*later*/ 03317 s[i]->s.jf = NULL; /*update in next stmt*/ 03318 fix5 = i; 03319 i++; 03320 03321 #ifndef IPPROTO_NONE 03322 #define IPPROTO_NONE 59 03323 #endif 03324 /* if (A == IPPROTO_NONE) goto end */ 03325 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03326 s[i]->s.jt = NULL; /*later*/ 03327 s[i]->s.jf = NULL; /*update in next stmt*/ 03328 s[i]->s.k = IPPROTO_NONE; 03329 s[fix5]->s.jf = s[i]; 03330 fix2 = i; 03331 i++; 03332 03333 #ifdef INET6 03334 if (proto == Q_IPV6) { 03335 int v6start, v6end, v6advance, j; 03336 03337 v6start = i; 03338 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 03339 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03340 s[i]->s.jt = NULL; /*later*/ 03341 s[i]->s.jf = NULL; /*update in next stmt*/ 03342 s[i]->s.k = IPPROTO_HOPOPTS; 03343 s[fix2]->s.jf = s[i]; 03344 i++; 03345 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 03346 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03347 s[i]->s.jt = NULL; /*later*/ 03348 s[i]->s.jf = NULL; /*update in next stmt*/ 03349 s[i]->s.k = IPPROTO_DSTOPTS; 03350 i++; 03351 /* if (A == IPPROTO_ROUTING) goto v6advance */ 03352 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03353 s[i]->s.jt = NULL; /*later*/ 03354 s[i]->s.jf = NULL; /*update in next stmt*/ 03355 s[i]->s.k = IPPROTO_ROUTING; 03356 i++; 03357 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 03358 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03359 s[i]->s.jt = NULL; /*later*/ 03360 s[i]->s.jf = NULL; /*later*/ 03361 s[i]->s.k = IPPROTO_FRAGMENT; 03362 fix3 = i; 03363 v6end = i; 03364 i++; 03365 03366 /* v6advance: */ 03367 v6advance = i; 03368 03369 /* 03370 * in short, 03371 * A = P[X]; 03372 * X = X + (P[X + 1] + 1) * 8; 03373 */ 03374 /* A = X */ 03375 s[i] = new_stmt(BPF_MISC|BPF_TXA); 03376 i++; 03377 /* A = P[X + packet head] */ 03378 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03379 s[i]->s.k = off_nl; 03380 i++; 03381 /* MEM[reg2] = A */ 03382 s[i] = new_stmt(BPF_ST); 03383 s[i]->s.k = reg2; 03384 i++; 03385 /* A = X */ 03386 s[i] = new_stmt(BPF_MISC|BPF_TXA); 03387 i++; 03388 /* A += 1 */ 03389 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03390 s[i]->s.k = 1; 03391 i++; 03392 /* X = A */ 03393 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03394 i++; 03395 /* A = P[X + packet head]; */ 03396 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03397 s[i]->s.k = off_nl; 03398 i++; 03399 /* A += 1 */ 03400 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03401 s[i]->s.k = 1; 03402 i++; 03403 /* A *= 8 */ 03404 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 03405 s[i]->s.k = 8; 03406 i++; 03407 /* X = A; */ 03408 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03409 i++; 03410 /* A = MEM[reg2] */ 03411 s[i] = new_stmt(BPF_LD|BPF_MEM); 03412 s[i]->s.k = reg2; 03413 i++; 03414 03415 /* goto again; (must use BPF_JA for backward jump) */ 03416 s[i] = new_stmt(BPF_JMP|BPF_JA); 03417 s[i]->s.k = again - i - 1; 03418 s[i - 1]->s.jf = s[i]; 03419 i++; 03420 03421 /* fixup */ 03422 for (j = v6start; j <= v6end; j++) 03423 s[j]->s.jt = s[v6advance]; 03424 } else 03425 #endif 03426 { 03427 /* nop */ 03428 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03429 s[i]->s.k = 0; 03430 s[fix2]->s.jf = s[i]; 03431 i++; 03432 } 03433 03434 /* ahcheck: */ 03435 ahcheck = i; 03436 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 03437 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 03438 s[i]->s.jt = NULL; /*later*/ 03439 s[i]->s.jf = NULL; /*later*/ 03440 s[i]->s.k = IPPROTO_AH; 03441 if (fix3) 03442 s[fix3]->s.jf = s[ahcheck]; 03443 fix4 = i; 03444 i++; 03445 03446 /* 03447 * in short, 03448 * A = P[X]; 03449 * X = X + (P[X + 1] + 2) * 4; 03450 */ 03451 /* A = X */ 03452 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 03453 i++; 03454 /* A = P[X + packet head]; */ 03455 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03456 s[i]->s.k = off_nl; 03457 i++; 03458 /* MEM[reg2] = A */ 03459 s[i] = new_stmt(BPF_ST); 03460 s[i]->s.k = reg2; 03461 i++; 03462 /* A = X */ 03463 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 03464 i++; 03465 /* A += 1 */ 03466 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03467 s[i]->s.k = 1; 03468 i++; 03469 /* X = A */ 03470 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03471 i++; 03472 /* A = P[X + packet head] */ 03473 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 03474 s[i]->s.k = off_nl; 03475 i++; 03476 /* A += 2 */ 03477 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03478 s[i]->s.k = 2; 03479 i++; 03480 /* A *= 4 */ 03481 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 03482 s[i]->s.k = 4; 03483 i++; 03484 /* X = A; */ 03485 s[i] = new_stmt(BPF_MISC|BPF_TAX); 03486 i++; 03487 /* A = MEM[reg2] */ 03488 s[i] = new_stmt(BPF_LD|BPF_MEM); 03489 s[i]->s.k = reg2; 03490 i++; 03491 03492 /* goto again; (must use BPF_JA for backward jump) */ 03493 s[i] = new_stmt(BPF_JMP|BPF_JA); 03494 s[i]->s.k = again - i - 1; 03495 i++; 03496 03497 /* end: nop */ 03498 end = i; 03499 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 03500 s[i]->s.k = 0; 03501 s[fix2]->s.jt = s[end]; 03502 s[fix4]->s.jf = s[end]; 03503 s[fix5]->s.jt = s[end]; 03504 i++; 03505 03506 /* 03507 * make slist chain 03508 */ 03509 max = i; 03510 for (i = 0; i < max - 1; i++) 03511 s[i]->next = s[i + 1]; 03512 s[max - 1]->next = NULL; 03513 03514 /* 03515 * emit final check 03516 */ 03517 b = new_block(JMP(BPF_JEQ)); 03518 b->stmts = s[1]; /*remember, s[0] is dummy*/ 03519 b->s.k = v; 03520 03521 free_reg(reg2); 03522 03523 gen_and(b0, b); 03524 return b; 03525 #endif 03526 } 03527 03528 static struct block * 03529 gen_proto(v, proto, dir) 03530 int v; 03531 int proto; 03532 int dir; 03533 { 03534 struct block *b0, *b1; 03535 03536 if (dir != Q_DEFAULT) 03537 bpf_error("direction applied to 'proto'"); 03538 03539 switch (proto) { 03540 case Q_DEFAULT: 03541 #ifdef INET6 03542 b0 = gen_proto(v, Q_IP, dir); 03543 b1 = gen_proto(v, Q_IPV6, dir); 03544 gen_or(b0, b1); 03545 return b1; 03546 #else 03547 /*FALLTHROUGH*/ 03548 #endif 03549 case Q_IP: 03550 switch (linktype) { 03551 case DLT_IEEE802_11: 03552 case DLT_PRISM_HEADER: 03553 case DLT_IEEE802_11_RADIO: 03554 case DLT_FDDI: 03555 case DLT_IEEE802: 03556 case DLT_ATM_RFC1483: 03557 case DLT_ATM_CLIP: 03558 b0 = gen_linktype(LLCSAP_IP); 03559 break; 03560 default: 03561 b0 = gen_linktype(ETHERTYPE_IP); 03562 break; 03563 } 03564 #ifndef CHASE_CHAIN 03565 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 03566 #else 03567 b1 = gen_protochain(v, Q_IP); 03568 #endif 03569 gen_and(b0, b1); 03570 return b1; 03571 03572 case Q_ISO: 03573 switch (linktype) { 03574 03575 case DLT_FRELAY: 03576 /* 03577 * Frame Relay packets typically have an OSI 03578 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)" 03579 * generates code to check for all the OSI 03580 * NLPIDs, so calling it and then adding a check 03581 * for the particular NLPID for which we're 03582 * looking is bogus, as we can just check for 03583 * the NLPID. 03584 * 03585 * What we check for is the NLPID and a frame 03586 * control field value of UI, i.e. 0x03 followed 03587 * by the NLPID. 03588 * 03589 * XXX - assumes a 2-byte Frame Relay header with 03590 * DLCI and flags. What if the address is longer? 03591 * 03592 * XXX - what about SNAP-encapsulated frames? 03593 */ 03594 return gen_cmp(2, BPF_H, (0x03<<8) | v); 03595 break; 03596 03597 case DLT_C_HDLC: 03598 /* Cisco uses an Ethertype lookalike - for OSI its 0xfefe */ 03599 b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS); 03600 /* OSI in C-HDLC is stuffed with a fudge byte */ 03601 b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v); 03602 gen_and(b0, b1); 03603 return b1; 03604 default: 03605 b0 = gen_linktype(LLCSAP_ISONS); 03606 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v); 03607 gen_and(b0, b1); 03608 return b1; 03609 } 03610 03611 case Q_ISIS: 03612 b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 03613 /* 4 is the offset of the PDU type relative to the IS-IS header */ 03614 b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v); 03615 gen_and(b0, b1); 03616 return b1; 03617 03618 case Q_ARP: 03619 bpf_error("arp does not encapsulate another protocol"); 03620 /* NOTREACHED */ 03621 03622 case Q_RARP: 03623 bpf_error("rarp does not encapsulate another protocol"); 03624 /* NOTREACHED */ 03625 03626 case Q_ATALK: 03627 bpf_error("atalk encapsulation is not specifiable"); 03628 /* NOTREACHED */ 03629 03630 case Q_DECNET: 03631 bpf_error("decnet encapsulation is not specifiable"); 03632 /* NOTREACHED */ 03633 03634 case Q_SCA: 03635 bpf_error("sca does not encapsulate another protocol"); 03636 /* NOTREACHED */ 03637 03638 case Q_LAT: 03639 bpf_error("lat does not encapsulate another protocol"); 03640 /* NOTREACHED */ 03641 03642 case Q_MOPRC: 03643 bpf_error("moprc does not encapsulate another protocol"); 03644 /* NOTREACHED */ 03645 03646 case Q_MOPDL: 03647 bpf_error("mopdl does not encapsulate another protocol"); 03648 /* NOTREACHED */ 03649 03650 case Q_LINK: 03651 return gen_linktype(v); 03652 03653 case Q_UDP: 03654 bpf_error("'udp proto' is bogus"); 03655 /* NOTREACHED */ 03656 03657 case Q_TCP: 03658 bpf_error("'tcp proto' is bogus"); 03659 /* NOTREACHED */ 03660 03661 case Q_SCTP: 03662 bpf_error("'sctp proto' is bogus"); 03663 /* NOTREACHED */ 03664 03665 case Q_ICMP: 03666 bpf_error("'icmp proto' is bogus"); 03667 /* NOTREACHED */ 03668 03669 case Q_IGMP: 03670 bpf_error("'igmp proto' is bogus"); 03671 /* NOTREACHED */ 03672 03673 case Q_IGRP: 03674 bpf_error("'igrp proto' is bogus"); 03675 /* NOTREACHED */ 03676 03677 case Q_PIM: 03678 bpf_error("'pim proto' is bogus"); 03679 /* NOTREACHED */ 03680 03681 case Q_VRRP: 03682 bpf_error("'vrrp proto' is bogus"); 03683 /* NOTREACHED */ 03684 03685 #ifdef INET6 03686 case Q_IPV6: 03687 b0 = gen_linktype(ETHERTYPE_IPV6); 03688 #ifndef CHASE_CHAIN 03689 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 03690 #else 03691 b1 = gen_protochain(v, Q_IPV6); 03692 #endif 03693 gen_and(b0, b1); 03694 return b1; 03695 03696 case Q_ICMPV6: 03697 bpf_error("'icmp6 proto' is bogus"); 03698 #endif /* INET6 */ 03699 03700 case Q_AH: 03701 bpf_error("'ah proto' is bogus"); 03702 03703 case Q_ESP: 03704 bpf_error("'ah proto' is bogus"); 03705 03706 case Q_STP: 03707 bpf_error("'stp proto' is bogus"); 03708 03709 case Q_IPX: 03710 bpf_error("'ipx proto' is bogus"); 03711 03712 case Q_NETBEUI: 03713 bpf_error("'netbeui proto' is bogus"); 03714 03715 default: 03716 abort(); 03717 /* NOTREACHED */ 03718 } 03719 /* NOTREACHED */ 03720 } 03721 03722 struct block * 03723 gen_scode(name, q) 03724 register const char *name; 03725 struct qual q; 03726 { 03727 int proto = q.proto; 03728 int dir = q.dir; 03729 int tproto; 03730 u_char *eaddr; 03731 bpf_u_int32 mask, addr; 03732 #ifndef INET6 03733 bpf_u_int32 **alist; 03734 #else 03735 int tproto6; 03736 struct sockaddr_in *sin; 03737 struct sockaddr_in6 *sin6; 03738 struct addrinfo *res, *res0; 03739 struct in6_addr mask128; 03740 #endif /*INET6*/ 03741 struct block *b, *tmp; 03742 int port, real_proto; 03743 03744 switch (q.addr) { 03745 03746 case Q_NET: 03747 addr = pcap_nametonetaddr(name); 03748 if (addr == 0) 03749 bpf_error("unknown network '%s'", name); 03750 /* Left justify network addr and calculate its network mask */ 03751 mask = 0xffffffff; 03752 while (addr && (addr & 0xff000000) == 0) { 03753 addr <<= 8; 03754 mask <<= 8; 03755 } 03756 return gen_host(addr, mask, proto, dir); 03757 03758 case Q_DEFAULT: 03759 case Q_HOST: 03760 if (proto == Q_LINK) { 03761 switch (linktype) { 03762 03763 case DLT_EN10MB: 03764 eaddr = pcap_ether_hostton(name); 03765 if (eaddr == NULL) 03766 bpf_error( 03767 "unknown ether host '%s'", name); 03768 b = gen_ehostop(eaddr, dir); 03769 free(eaddr); 03770 return b; 03771 03772 case DLT_FDDI: 03773 eaddr = pcap_ether_hostton(name); 03774 if (eaddr == NULL) 03775 bpf_error( 03776 "unknown FDDI host '%s'", name); 03777 b = gen_fhostop(eaddr, dir); 03778 free(eaddr); 03779 return b; 03780 03781 case DLT_IEEE802: 03782 eaddr = pcap_ether_hostton(name); 03783 if (eaddr == NULL) 03784 bpf_error( 03785 "unknown token ring host '%s'", name); 03786 b = gen_thostop(eaddr, dir); 03787 free(eaddr); 03788 return b; 03789 03790 case DLT_IEEE802_11: 03791 eaddr = pcap_ether_hostton(name); 03792 if (eaddr == NULL) 03793 bpf_error( 03794 "unknown 802.11 host '%s'", name); 03795 b = gen_wlanhostop(eaddr, dir); 03796 free(eaddr); 03797 return b; 03798 03799 case DLT_IP_OVER_FC: 03800 eaddr = pcap_ether_hostton(name); 03801 if (eaddr == NULL) 03802 bpf_error( 03803 "unknown Fibre Channel host '%s'", name); 03804 b = gen_ipfchostop(eaddr, dir); 03805 free(eaddr); 03806 return b; 03807 03808 case DLT_SUNATM: 03809 if (!is_lane) 03810 break; 03811 03812 /* 03813 * Check that the packet doesn't begin 03814 * with an LE Control marker. (We've 03815 * already generated a test for LANE.) 03816 */ 03817 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 03818 0xFF00); 03819 gen_not(tmp); 03820 03821 eaddr = pcap_ether_hostton(name); 03822 if (eaddr == NULL) 03823 bpf_error( 03824 "unknown ether host '%s'", name); 03825 b = gen_ehostop(eaddr, dir); 03826 gen_and(tmp, b); 03827 free(eaddr); 03828 return b; 03829 } 03830 03831 bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name"); 03832 } else if (proto == Q_DECNET) { 03833 unsigned short dn_addr = __pcap_nametodnaddr(name); 03834 /* 03835 * I don't think DECNET hosts can be multihomed, so 03836 * there is no need to build up a list of addresses 03837 */ 03838 return (gen_host(dn_addr, 0, proto, dir)); 03839 } else { 03840 #ifndef INET6 03841 alist = pcap_nametoaddr(name); 03842 if (alist == NULL || *alist == NULL) 03843 bpf_error("unknown host '%s'", name); 03844 tproto = proto; 03845 if (off_linktype == -1 && tproto == Q_DEFAULT) 03846 tproto = Q_IP; 03847 b = gen_host(**alist++, 0xffffffff, tproto, dir); 03848 while (*alist) { 03849 tmp = gen_host(**alist++, 0xffffffff, 03850 tproto, dir); 03851 gen_or(b, tmp); 03852 b = tmp; 03853 } 03854 return b; 03855 #else 03856 memset(&mask128, 0xff, sizeof(mask128)); 03857 res0 = res = pcap_nametoaddrinfo(name); 03858 if (res == NULL) 03859 bpf_error("unknown host '%s'", name); 03860 b = tmp = NULL; 03861 tproto = tproto6 = proto; 03862 if (off_linktype == -1 && tproto == Q_DEFAULT) { 03863 tproto = Q_IP; 03864 tproto6 = Q_IPV6; 03865 } 03866 for (res = res0; res; res = res->ai_next) { 03867 switch (res->ai_family) { 03868 case AF_INET: 03869 if (tproto == Q_IPV6) 03870 continue; 03871 03872 sin = (struct sockaddr_in *) 03873 res->ai_addr; 03874 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 03875 0xffffffff, tproto, dir); 03876 break; 03877 case AF_INET6: 03878 if (tproto6 == Q_IP) 03879 continue; 03880 03881 sin6 = (struct sockaddr_in6 *) 03882 res->ai_addr; 03883 tmp = gen_host6(&sin6->sin6_addr, 03884 &mask128, tproto6, dir); 03885 break; 03886 default: 03887 continue; 03888 } 03889 if (b) 03890 gen_or(b, tmp); 03891 b = tmp; 03892 } 03893 freeaddrinfo(res0); 03894 if (b == NULL) { 03895 bpf_error("unknown host '%s'%s", name, 03896 (proto == Q_DEFAULT) 03897 ? "" 03898 : " for specified address family"); 03899 } 03900 return b; 03901 #endif /*INET6*/ 03902 } 03903 03904 case Q_PORT: 03905 if (proto != Q_DEFAULT && 03906 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 03907 bpf_error("illegal qualifier of 'port'"); 03908 if (pcap_nametoport(name, &port, &real_proto) == 0) 03909 bpf_error("unknown port '%s'", name); 03910 if (proto == Q_UDP) { 03911 if (real_proto == IPPROTO_TCP) 03912 bpf_error("port '%s' is tcp", name); 03913 else if (real_proto == IPPROTO_SCTP) 03914 bpf_error("port '%s' is sctp", name); 03915 else 03916 /* override PROTO_UNDEF */ 03917 real_proto = IPPROTO_UDP; 03918 } 03919 if (proto == Q_TCP) { 03920 if (real_proto == IPPROTO_UDP) 03921 bpf_error("port '%s' is udp", name); 03922 03923 else if (real_proto == IPPROTO_SCTP) 03924 bpf_error("port '%s' is sctp", name); 03925 else 03926 /* override PROTO_UNDEF */ 03927 real_proto = IPPROTO_TCP; 03928 } 03929 if (proto == Q_SCTP) { 03930 if (real_proto == IPPROTO_UDP) 03931 bpf_error("port '%s' is udp", name); 03932 03933 else if (real_proto == IPPROTO_TCP) 03934 bpf_error("port '%s' is tcp", name); 03935 else 03936 /* override PROTO_UNDEF */ 03937 real_proto = IPPROTO_SCTP; 03938 } 03939 #ifndef INET6 03940 return gen_port(port, real_proto, dir); 03941 #else 03942 { 03943 struct block *b; 03944 b = gen_port(port, real_proto, dir); 03945 gen_or(gen_port6(port, real_proto, dir), b); 03946 return b; 03947 } 03948 #endif /* INET6 */ 03949 03950 case Q_GATEWAY: 03951 #ifndef INET6 03952 eaddr = pcap_ether_hostton(name); 03953 if (eaddr == NULL) 03954 bpf_error("unknown ether host: %s", name); 03955 03956 alist = pcap_nametoaddr(name); 03957 if (alist == NULL || *alist == NULL) 03958 bpf_error("unknown host '%s'", name); 03959 b = gen_gateway(eaddr, alist, proto, dir); 03960 free(eaddr); 03961 return b; 03962 #else 03963 bpf_error("'gateway' not supported in this configuration"); 03964 #endif /*INET6*/ 03965 03966 case Q_PROTO: 03967 real_proto = lookup_proto(name, proto); 03968 if (real_proto >= 0) 03969 return gen_proto(real_proto, proto, dir); 03970 else 03971 bpf_error("unknown protocol: %s", name); 03972 03973 case Q_PROTOCHAIN: 03974 real_proto = lookup_proto(name, proto); 03975 if (real_proto >= 0) 03976 return gen_protochain(real_proto, proto, dir); 03977 else 03978 bpf_error("unknown protocol: %s", name); 03979 03980 03981 case Q_UNDEF: 03982 syntax(); 03983 /* NOTREACHED */ 03984 } 03985 abort(); 03986 /* NOTREACHED */ 03987 } 03988 03989 struct block * 03990 gen_mcode(s1, s2, masklen, q) 03991 register const char *s1, *s2; 03992 register int masklen; 03993 struct qual q; 03994 { 03995 register int nlen, mlen; 03996 bpf_u_int32 n, m; 03997 03998 nlen = __pcap_atoin(s1, &n); 03999 /* Promote short ipaddr */ 04000 n <<= 32 - nlen; 04001 04002 if (s2 != NULL) { 04003 mlen = __pcap_atoin(s2, &m); 04004 /* Promote short ipaddr */ 04005 m <<= 32 - mlen; 04006 if ((n & ~m) != 0) 04007 bpf_error("non-network bits set in \"%s mask %s\"", 04008 s1, s2); 04009 } else { 04010 /* Convert mask len to mask */ 04011 if (masklen > 32) 04012 bpf_error("mask length must be <= 32"); 04013 m = 0xffffffff << (32 - masklen); 04014 if ((n & ~m) != 0) 04015 bpf_error("non-network bits set in \"%s/%d\"", 04016 s1, masklen); 04017 } 04018 04019 switch (q.addr) { 04020 04021 case Q_NET: 04022 return gen_host(n, m, q.proto, q.dir); 04023 04024 default: 04025 bpf_error("Mask syntax for networks only"); 04026 /* NOTREACHED */ 04027 } 04028 } 04029 04030 struct block * 04031 gen_ncode(s, v, q) 04032 register const char *s; 04033 bpf_u_int32 v; 04034 struct qual q; 04035 { 04036 bpf_u_int32 mask; 04037 int proto = q.proto; 04038 int dir = q.dir; 04039 register int vlen; 04040 04041 if (s == NULL) 04042 vlen = 32; 04043 else if (q.proto == Q_DECNET) 04044 vlen = __pcap_atodn(s, &v); 04045 else 04046 vlen = __pcap_atoin(s, &v); 04047 04048 switch (q.addr) { 04049 04050 case Q_DEFAULT: 04051 case Q_HOST: 04052 case Q_NET: 04053 if (proto == Q_DECNET) 04054 return gen_host(v, 0, proto, dir); 04055 else if (proto == Q_LINK) { 04056 bpf_error("illegal link layer address"); 04057 } else { 04058 mask = 0xffffffff; 04059 if (s == NULL && q.addr == Q_NET) { 04060 /* Promote short net number */ 04061 while (v && (v & 0xff000000) == 0) { 04062 v <<= 8; 04063 mask <<= 8; 04064 } 04065 } else { 04066 /* Promote short ipaddr */ 04067 v <<= 32 - vlen; 04068 mask <<= 32 - vlen; 04069 } 04070 return gen_host(v, mask, proto, dir); 04071 } 04072 04073 case Q_PORT: 04074 if (proto == Q_UDP) 04075 proto = IPPROTO_UDP; 04076 else if (proto == Q_TCP) 04077 proto = IPPROTO_TCP; 04078 else if (proto == Q_SCTP) 04079 proto = IPPROTO_SCTP; 04080 else if (proto == Q_DEFAULT) 04081 proto = PROTO_UNDEF; 04082 else 04083 bpf_error("illegal qualifier of 'port'"); 04084 04085 #ifndef INET6 04086 return gen_port((int)v, proto, dir); 04087 #else 04088 { 04089 struct block *b; 04090 b = gen_port((int)v, proto, dir); 04091 gen_or(gen_port6((int)v, proto, dir), b); 04092 return b; 04093 } 04094 #endif /* INET6 */ 04095 04096 case Q_GATEWAY: 04097 bpf_error("'gateway' requires a name"); 04098 /* NOTREACHED */ 04099 04100 case Q_PROTO: 04101 return gen_proto((int)v, proto, dir); 04102 04103 case Q_PROTOCHAIN: 04104 return gen_protochain((int)v, proto, dir); 04105 04106 case Q_UNDEF: 04107 syntax(); 04108 /* NOTREACHED */ 04109 04110 default: 04111 abort(); 04112 /* NOTREACHED */ 04113 } 04114 /* NOTREACHED */ 04115 } 04116 04117 #ifdef INET6 04118 struct block * 04119 gen_mcode6(s1, s2, masklen, q) 04120 register const char *s1, *s2; 04121 register int masklen; 04122 struct qual q; 04123 { 04124 struct addrinfo *res; 04125 struct in6_addr *addr; 04126 struct in6_addr mask; 04127 struct block *b; 04128 u_int32_t *a, *m; 04129 04130 if (s2) 04131 bpf_error("no mask %s supported", s2); 04132 04133 res = pcap_nametoaddrinfo(s1); 04134 if (!res) 04135 bpf_error("invalid ip6 address %s", s1); 04136 if (res->ai_next) 04137 bpf_error("%s resolved to multiple address", s1); 04138 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 04139 04140 if (sizeof(mask) * 8 < masklen) 04141 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 04142 memset(&mask, 0, sizeof(mask)); 04143 memset(&mask, 0xff, masklen / 8); 04144 if (masklen % 8) { 04145 mask.s6_addr[masklen / 8] = 04146 (0xff << (8 - masklen % 8)) & 0xff; 04147 } 04148 04149 a = (u_int32_t *)addr; 04150 m = (u_int32_t *)&mask; 04151 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 04152 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 04153 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 04154 } 04155 04156 switch (q.addr) { 04157 04158 case Q_DEFAULT: 04159 case Q_HOST: 04160 if (masklen != 128) 04161 bpf_error("Mask syntax for networks only"); 04162 /* FALLTHROUGH */ 04163 04164 case Q_NET: 04165 b = gen_host6(addr, &mask, q.proto, q.dir); 04166 freeaddrinfo(res); 04167 return b; 04168 04169 default: 04170 bpf_error("invalid qualifier against IPv6 address"); 04171 /* NOTREACHED */ 04172 } 04173 } 04174 #endif /*INET6*/ 04175 04176 struct block * 04177 gen_ecode(eaddr, q) 04178 register const u_char *eaddr; 04179 struct qual q; 04180 { 04181 struct block *b, *tmp; 04182 04183 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 04184 if (linktype == DLT_EN10MB) 04185 return gen_ehostop(eaddr, (int)q.dir); 04186 if (linktype == DLT_FDDI) 04187 return gen_fhostop(eaddr, (int)q.dir); 04188 if (linktype == DLT_IEEE802) 04189 return gen_thostop(eaddr, (int)q.dir); 04190 if (linktype == DLT_IEEE802_11) 04191 return gen_wlanhostop(eaddr, (int)q.dir); 04192 if (linktype == DLT_SUNATM && is_lane) { 04193 /* 04194 * Check that the packet doesn't begin with an 04195 * LE Control marker. (We've already generated 04196 * a test for LANE.) 04197 */ 04198 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 04199 gen_not(tmp); 04200 04201 /* 04202 * Now check the MAC address. 04203 */ 04204 b = gen_ehostop(eaddr, (int)q.dir); 04205 gen_and(tmp, b); 04206 return b; 04207 } 04208 if (linktype == DLT_IP_OVER_FC) 04209 return gen_ipfchostop(eaddr, (int)q.dir); 04210 bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 04211 } 04212 bpf_error("ethernet address used in non-ether expression"); 04213 /* NOTREACHED */ 04214 } 04215 04216 void 04217 sappend(s0, s1) 04218 struct slist *s0, *s1; 04219 { 04220 /* 04221 * This is definitely not the best way to do this, but the 04222 * lists will rarely get long. 04223 */ 04224 while (s0->next) 04225 s0 = s0->next; 04226 s0->next = s1; 04227 } 04228 04229 static struct slist * 04230 xfer_to_x(a) 04231 struct arth *a; 04232 { 04233 struct slist *s; 04234 04235 s = new_stmt(BPF_LDX|BPF_MEM); 04236 s->s.k = a->regno; 04237 return s; 04238 } 04239 04240 static struct slist * 04241 xfer_to_a(a) 04242 struct arth *a; 04243 { 04244 struct slist *s; 04245 04246 s = new_stmt(BPF_LD|BPF_MEM); 04247 s->s.k = a->regno; 04248 return s; 04249 } 04250 04251 struct arth * 04252 gen_load(proto, index, size) 04253 int proto; 04254 struct arth *index; 04255 int size; 04256 { 04257 struct slist *s, *tmp; 04258 struct block *b; 04259 int regno = alloc_reg(); 04260 04261 free_reg(index->regno); 04262 switch (size) { 04263 04264 default: 04265 bpf_error("data size must be 1, 2, or 4"); 04266 04267 case 1: 04268 size = BPF_B; 04269 break; 04270 04271 case 2: 04272 size = BPF_H; 04273 break; 04274 04275 case 4: 04276 size = BPF_W; 04277 break; 04278 } 04279 switch (proto) { 04280 default: 04281 bpf_error("unsupported index operation"); 04282 04283 case Q_LINK: 04284 /* 04285 * XXX - what about ATM LANE? Should the index be 04286 * relative to the beginning of the AAL5 frame, so 04287 * that 0 refers to the beginning of the LE Control 04288 * field, or relative to the beginning of the LAN 04289 * frame, so that 0 refers, for Ethernet LANE, to 04290 * the beginning of the destination address? 04291 */ 04292 s = xfer_to_x(index); 04293 tmp = new_stmt(BPF_LD|BPF_IND|size); 04294 sappend(s, tmp); 04295 sappend(index->s, s); 04296 break; 04297 04298 case Q_IP: 04299 case Q_ARP: 04300 case Q_RARP: 04301 case Q_ATALK: 04302 case Q_DECNET: 04303 case Q_SCA: 04304 case Q_LAT: 04305 case Q_MOPRC: 04306 case Q_MOPDL: 04307 #ifdef INET6 04308 case Q_IPV6: 04309 #endif 04310 /* XXX Note that we assume a fixed link header here. */ 04311 s = xfer_to_x(index); 04312 tmp = new_stmt(BPF_LD|BPF_IND|size); 04313 tmp->s.k = off_nl; 04314 sappend(s, tmp); 04315 sappend(index->s, s); 04316 04317 b = gen_proto_abbrev(proto); 04318 if (index->b) 04319 gen_and(index->b, b); 04320 index->b = b; 04321 break; 04322 04323 case Q_SCTP: 04324 case Q_TCP: 04325 case Q_UDP: 04326 case Q_ICMP: 04327 case Q_IGMP: 04328 case Q_IGRP: 04329 case Q_PIM: 04330 case Q_VRRP: 04331 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 04332 s->s.k = off_nl; 04333 sappend(s, xfer_to_a(index)); 04334 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 04335 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 04336 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 04337 tmp->s.k = off_nl; 04338 sappend(index->s, s); 04339 04340 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 04341 if (index->b) 04342 gen_and(index->b, b); 04343 #ifdef INET6 04344 gen_and(gen_proto_abbrev(Q_IP), b); 04345 #endif 04346 index->b = b; 04347 break; 04348 #ifdef INET6 04349 case Q_ICMPV6: 04350 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 04351 /*NOTREACHED*/ 04352 #endif 04353 } 04354 index->regno = regno; 04355 s = new_stmt(BPF_ST); 04356 s->s.k = regno; 04357 sappend(index->s, s); 04358 04359 return index; 04360 } 04361 04362 struct block * 04363 gen_relation(code, a0, a1, reversed) 04364 int code; 04365 struct arth *a0, *a1; 04366 int reversed; 04367 { 04368 struct slist *s0, *s1, *s2; 04369 struct block *b, *tmp; 04370 04371 s0 = xfer_to_x(a1); 04372 s1 = xfer_to_a(a0); 04373 if (code == BPF_JEQ) { 04374 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 04375 b = new_block(JMP(code)); 04376 sappend(s1, s2); 04377 } 04378 else 04379 b = new_block(BPF_JMP|code|BPF_X); 04380 if (reversed) 04381 gen_not(b); 04382 04383 sappend(s0, s1); 04384 sappend(a1->s, s0); 04385 sappend(a0->s, a1->s); 04386 04387 b->stmts = a0->s; 04388 04389 free_reg(a0->regno); 04390 free_reg(a1->regno); 04391 04392 /* 'and' together protocol checks */ 04393 if (a0->b) { 04394 if (a1->b) { 04395 gen_and(a0->b, tmp = a1->b); 04396 } 04397 else 04398 tmp = a0->b; 04399 } else 04400 tmp = a1->b; 04401 04402 if (tmp) 04403 gen_and(tmp, b); 04404 04405 return b; 04406 } 04407 04408 struct arth * 04409 gen_loadlen() 04410 { 04411 int regno = alloc_reg(); 04412 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 04413 struct slist *s; 04414 04415 s = new_stmt(BPF_LD|BPF_LEN); 04416 s->next = new_stmt(BPF_ST); 04417 s->next->s.k = regno; 04418 a->s = s; 04419 a->regno = regno; 04420 04421 return a; 04422 } 04423 04424 struct arth * 04425 gen_loadi(val) 04426 int val; 04427 { 04428 struct arth *a; 04429 struct slist *s; 04430 int reg; 04431 04432 a = (struct arth *)newchunk(sizeof(*a)); 04433 04434 reg = alloc_reg(); 04435 04436 s = new_stmt(BPF_LD|BPF_IMM); 04437 s->s.k = val; 04438 s->next = new_stmt(BPF_ST); 04439 s->next->s.k = reg; 04440 a->s = s; 04441 a->regno = reg; 04442 04443 return a; 04444 } 04445 04446 struct arth * 04447 gen_neg(a) 04448 struct arth *a; 04449 { 04450 struct slist *s; 04451 04452 s = xfer_to_a(a); 04453 sappend(a->s, s); 04454 s = new_stmt(BPF_ALU|BPF_NEG); 04455 s->s.k = 0; 04456 sappend(a->s, s); 04457 s = new_stmt(BPF_ST); 04458 s->s.k = a->regno; 04459 sappend(a->s, s); 04460 04461 return a; 04462 } 04463 04464 struct arth * 04465 gen_arth(code, a0, a1) 04466 int code; 04467 struct arth *a0, *a1; 04468 { 04469 struct slist *s0, *s1, *s2; 04470 04471 s0 = xfer_to_x(a1); 04472 s1 = xfer_to_a(a0); 04473 s2 = new_stmt(BPF_ALU|BPF_X|code); 04474 04475 sappend(s1, s2); 04476 sappend(s0, s1); 04477 sappend(a1->s, s0); 04478 sappend(a0->s, a1->s); 04479 04480 free_reg(a0->regno); 04481 free_reg(a1->regno); 04482 04483 s0 = new_stmt(BPF_ST); 04484 a0->regno = s0->s.k = alloc_reg(); 04485 sappend(a0->s, s0); 04486 04487 return a0; 04488 } 04489 04490 /* 04491 * Here we handle simple allocation of the scratch registers. 04492 * If too many registers are alloc'd, the allocator punts. 04493 */ 04494 static int regused[BPF_MEMWORDS]; 04495 static int curreg; 04496 04497 /* 04498 * Return the next free register. 04499 */ 04500 static int 04501 alloc_reg() 04502 { 04503 int n = BPF_MEMWORDS; 04504 04505 while (--n >= 0) { 04506 if (regused[curreg]) 04507 curreg = (curreg + 1) % BPF_MEMWORDS; 04508 else { 04509 regused[curreg] = 1; 04510 return curreg; 04511 } 04512 } 04513 bpf_error("too many registers needed to evaluate expression"); 04514 /* NOTREACHED */ 04515 } 04516 04517 /* 04518 * Return a register to the table so it can 04519 * be used later. 04520 */ 04521 static void 04522 free_reg(n) 04523 int n; 04524 { 04525 regused[n] = 0; 04526 } 04527 04528 static struct block * 04529 gen_len(jmp, n) 04530 int jmp, n; 04531 { 04532 struct slist *s; 04533 struct block *b; 04534 04535 s = new_stmt(BPF_LD|BPF_LEN); 04536 b = new_block(JMP(jmp)); 04537 b->stmts = s; 04538 b->s.k = n; 04539 04540 return b; 04541 } 04542 04543 struct block * 04544 gen_greater(n) 04545 int n; 04546 { 04547 return gen_len(BPF_JGE, n); 04548 } 04549 04550 /* 04551 * Actually, this is less than or equal. 04552 */ 04553 struct block * 04554 gen_less(n) 04555 int n; 04556 { 04557 struct block *b; 04558 04559 b = gen_len(BPF_JGT, n); 04560 gen_not(b); 04561 04562 return b; 04563 } 04564 04565 struct block * 04566 gen_byteop(op, idx, val) 04567 int op, idx, val; 04568 { 04569 struct block *b; 04570 struct slist *s; 04571 04572 switch (op) { 04573 default: 04574 abort(); 04575 04576 case '=': 04577 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 04578 04579 case '<': 04580 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 04581 b->s.code = JMP(BPF_JGE); 04582 gen_not(b); 04583 return b; 04584 04585 case '>': 04586 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 04587 b->s.code = JMP(BPF_JGT); 04588 return b; 04589 04590 case '|': 04591 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 04592 break; 04593 04594 case '&': 04595 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 04596 break; 04597 } 04598 s->s.k = val; 04599 b = new_block(JMP(BPF_JEQ)); 04600 b->stmts = s; 04601 gen_not(b); 04602 04603 return b; 04604 } 04605 04606 static u_char abroadcast[] = { 0x0 }; 04607 04608 struct block * 04609 gen_broadcast(proto) 04610 int proto; 04611 { 04612 bpf_u_int32 hostmask; 04613 struct block *b0, *b1, *b2; 04614 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 04615 04616 switch (proto) { 04617 04618 case Q_DEFAULT: 04619 case Q_LINK: 04620 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 04621 return gen_ahostop(abroadcast, Q_DST); 04622 if (linktype == DLT_EN10MB) 04623 return gen_ehostop(ebroadcast, Q_DST); 04624 if (linktype == DLT_FDDI) 04625 return gen_fhostop(ebroadcast, Q_DST); 04626 if (linktype == DLT_IEEE802) 04627 return gen_thostop(ebroadcast, Q_DST); 04628 if (linktype == DLT_IEEE802_11) 04629 return gen_wlanhostop(ebroadcast, Q_DST); 04630 if (linktype == DLT_SUNATM && is_lane) { 04631 /* 04632 * Check that the packet doesn't begin with an 04633 * LE Control marker. (We've already generated 04634 * a test for LANE.) 04635 */ 04636 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 04637 gen_not(b1); 04638 04639 /* 04640 * Now check the MAC address. 04641 */ 04642 b0 = gen_ehostop(ebroadcast, Q_DST); 04643 gen_and(b1, b0); 04644 return b0; 04645 } 04646 bpf_error("not a broadcast link"); 04647 break; 04648 04649 case Q_IP: 04650 b0 = gen_linktype(ETHERTYPE_IP); 04651 hostmask = ~netmask; 04652 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 04653 b2 = gen_mcmp(off_nl + 16, BPF_W, 04654 (bpf_int32)(~0 & hostmask), hostmask); 04655 gen_or(b1, b2); 04656 gen_and(b0, b2); 04657 return b2; 04658 } 04659 bpf_error("only ether/ip broadcast filters supported"); 04660 } 04661 04662 /* 04663 * Generate code to test the low-order bit of a MAC address (that's 04664 * the bottom bit of the *first* byte). 04665 */ 04666 static struct block * 04667 gen_mac_multicast(offset) 04668 int offset; 04669 { 04670 register struct block *b0; 04671 register struct slist *s; 04672 04673 /* link[offset] & 1 != 0 */ 04674 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04675 s->s.k = offset; 04676 b0 = new_block(JMP(BPF_JSET)); 04677 b0->s.k = 1; 04678 b0->stmts = s; 04679 return b0; 04680 } 04681 04682 struct block * 04683 gen_multicast(proto) 04684 int proto; 04685 { 04686 register struct block *b0, *b1, *b2; 04687 register struct slist *s; 04688 04689 switch (proto) { 04690 04691 case Q_DEFAULT: 04692 case Q_LINK: 04693 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 04694 /* all ARCnet multicasts use the same address */ 04695 return gen_ahostop(abroadcast, Q_DST); 04696 04697 if (linktype == DLT_EN10MB) { 04698 /* ether[0] & 1 != 0 */ 04699 return gen_mac_multicast(0); 04700 } 04701 04702 if (linktype == DLT_FDDI) { 04703 /* 04704 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX 04705 * 04706 * XXX - was that referring to bit-order issues? 04707 */ 04708 /* fddi[1] & 1 != 0 */ 04709 return gen_mac_multicast(1); 04710 } 04711 04712 if (linktype == DLT_IEEE802) { 04713 /* tr[2] & 1 != 0 */ 04714 return gen_mac_multicast(2); 04715 } 04716 04717 if (linktype == DLT_IEEE802_11) { 04718 /* 04719 * Oh, yuk. 04720 * 04721 * For control frames, there is no DA. 04722 * 04723 * For management frames, DA is at an 04724 * offset of 4 from the beginning of 04725 * the packet. 04726 * 04727 * For data frames, DA is at an offset 04728 * of 4 from the beginning of the packet 04729 * if To DS is clear and at an offset of 04730 * 16 from the beginning of the packet 04731 * if To DS is set. 04732 */ 04733 04734 /* 04735 * Generate the tests to be done for data frames. 04736 * 04737 * First, check for To DS set, i.e. "link[1] & 0x01". 04738 */ 04739 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04740 s->s.k = 1; 04741 b1 = new_block(JMP(BPF_JSET)); 04742 b1->s.k = 0x01; /* To DS */ 04743 b1->stmts = s; 04744 04745 /* 04746 * If To DS is set, the DA is at 16. 04747 */ 04748 b0 = gen_mac_multicast(16); 04749 gen_and(b1, b0); 04750 04751 /* 04752 * Now, check for To DS not set, i.e. check 04753 * "!(link[1] & 0x01)". 04754 */ 04755 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04756 s->s.k = 1; 04757 b2 = new_block(JMP(BPF_JSET)); 04758 b2->s.k = 0x01; /* To DS */ 04759 b2->stmts = s; 04760 gen_not(b2); 04761 04762 /* 04763 * If To DS is not set, the DA is at 4. 04764 */ 04765 b1 = gen_mac_multicast(4); 04766 gen_and(b2, b1); 04767 04768 /* 04769 * Now OR together the last two checks. That gives 04770 * the complete set of checks for data frames. 04771 */ 04772 gen_or(b1, b0); 04773 04774 /* 04775 * Now check for a data frame. 04776 * I.e, check "link[0] & 0x08". 04777 */ 04778 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04779 s->s.k = 0; 04780 b1 = new_block(JMP(BPF_JSET)); 04781 b1->s.k = 0x08; 04782 b1->stmts = s; 04783 04784 /* 04785 * AND that with the checks done for data frames. 04786 */ 04787 gen_and(b1, b0); 04788 04789 /* 04790 * If the high-order bit of the type value is 0, this 04791 * is a management frame. 04792 * I.e, check "!(link[0] & 0x08)". 04793 */ 04794 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04795 s->s.k = 0; 04796 b2 = new_block(JMP(BPF_JSET)); 04797 b2->s.k = 0x08; 04798 b2->stmts = s; 04799 gen_not(b2); 04800 04801 /* 04802 * For management frames, the DA is at 4. 04803 */ 04804 b1 = gen_mac_multicast(4); 04805 gen_and(b2, b1); 04806 04807 /* 04808 * OR that with the checks done for data frames. 04809 * That gives the checks done for management and 04810 * data frames. 04811 */ 04812 gen_or(b1, b0); 04813 04814 /* 04815 * If the low-order bit of the type value is 1, 04816 * this is either a control frame or a frame 04817 * with a reserved type, and thus not a 04818 * frame with an SA. 04819 * 04820 * I.e., check "!(link[0] & 0x04)". 04821 */ 04822 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04823 s->s.k = 0; 04824 b1 = new_block(JMP(BPF_JSET)); 04825 b1->s.k = 0x04; 04826 b1->stmts = s; 04827 gen_not(b1); 04828 04829 /* 04830 * AND that with the checks for data and management 04831 * frames. 04832 */ 04833 gen_and(b1, b0); 04834 return b0; 04835 } 04836 04837 if (linktype == DLT_SUNATM && is_lane) { 04838 /* 04839 * Check that the packet doesn't begin with an 04840 * LE Control marker. (We've already generated 04841 * a test for LANE.) 04842 */ 04843 b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 04844 gen_not(b1); 04845 04846 /* ether[off_mac] & 1 != 0 */ 04847 b0 = gen_mac_multicast(off_mac); 04848 gen_and(b1, b0); 04849 return b0; 04850 } 04851 04852 /* Link not known to support multicasts */ 04853 break; 04854 04855 case Q_IP: 04856 b0 = gen_linktype(ETHERTYPE_IP); 04857 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 04858 b1->s.code = JMP(BPF_JGE); 04859 gen_and(b0, b1); 04860 return b1; 04861 04862 #ifdef INET6 04863 case Q_IPV6: 04864 b0 = gen_linktype(ETHERTYPE_IPV6); 04865 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 04866 gen_and(b0, b1); 04867 return b1; 04868 #endif /* INET6 */ 04869 } 04870 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 04871 } 04872 04873 /* 04874 * generate command for inbound/outbound. It's here so we can 04875 * make it link-type specific. 'dir' = 0 implies "inbound", 04876 * = 1 implies "outbound". 04877 */ 04878 struct block * 04879 gen_inbound(dir) 04880 int dir; 04881 { 04882 register struct block *b0; 04883 04884 /* 04885 * Only some data link types support inbound/outbound qualifiers. 04886 */ 04887 switch (linktype) { 04888 case DLT_SLIP: 04889 case DLT_PPP: 04890 b0 = gen_relation(BPF_JEQ, 04891 gen_load(Q_LINK, gen_loadi(0), 1), 04892 gen_loadi(0), 04893 dir); 04894 break; 04895 04896 case DLT_LINUX_SLL: 04897 if (dir) { 04898 /* 04899 * Match packets sent by this machine. 04900 */ 04901 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING); 04902 } else { 04903 /* 04904 * Match packets sent to this machine. 04905 * (No broadcast or multicast packets, or 04906 * packets sent to some other machine and 04907 * received promiscuously.) 04908 * 04909 * XXX - packets sent to other machines probably 04910 * shouldn't be matched, but what about broadcast 04911 * or multicast packets we received? 04912 */ 04913 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST); 04914 } 04915 break; 04916 04917 default: 04918 bpf_error("inbound/outbound not supported on linktype %d\n", 04919 linktype); 04920 b0 = NULL; 04921 /* NOTREACHED */ 04922 } 04923 return (b0); 04924 } 04925 04926 struct block * 04927 gen_acode(eaddr, q) 04928 register const u_char *eaddr; 04929 struct qual q; 04930 { 04931 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 04932 if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX) 04933 return gen_ahostop(eaddr, (int)q.dir); 04934 } 04935 bpf_error("ARCnet address used in non-arc expression"); 04936 /* NOTREACHED */ 04937 } 04938 04939 static struct block * 04940 gen_ahostop(eaddr, dir) 04941 register const u_char *eaddr; 04942 register int dir; 04943 { 04944 register struct block *b0, *b1; 04945 04946 switch (dir) { 04947 /* src comes first, different from Ethernet */ 04948 case Q_SRC: 04949 return gen_bcmp(0, 1, eaddr); 04950 04951 case Q_DST: 04952 return gen_bcmp(1, 1, eaddr); 04953 04954 case Q_AND: 04955 b0 = gen_ahostop(eaddr, Q_SRC); 04956 b1 = gen_ahostop(eaddr, Q_DST); 04957 gen_and(b0, b1); 04958 return b1; 04959 04960 case Q_DEFAULT: 04961 case Q_OR: 04962 b0 = gen_ahostop(eaddr, Q_SRC); 04963 b1 = gen_ahostop(eaddr, Q_DST); 04964 gen_or(b0, b1); 04965 return b1; 04966 } 04967 abort(); 04968 /* NOTREACHED */ 04969 } 04970 04971 /* 04972 * support IEEE 802.1Q VLAN trunk over ethernet 04973 */ 04974 struct block * 04975 gen_vlan(vlan_num) 04976 int vlan_num; 04977 { 04978 struct block *b0; 04979 04980 /* 04981 * Change the offsets to point to the type and data fields within 04982 * the VLAN packet. This is somewhat of a kludge. 04983 */ 04984 if (orig_nl == (u_int)-1) { 04985 orig_linktype = off_linktype; /* save original values */ 04986 orig_nl = off_nl; 04987 orig_nl_nosnap = off_nl_nosnap; 04988 04989 switch (linktype) { 04990 04991 case DLT_EN10MB: 04992 off_linktype = 16; 04993 off_nl_nosnap = 18; 04994 off_nl = 18; 04995 break; 04996 04997 default: 04998 bpf_error("no VLAN support for data link type %d", 04999 linktype); 05000 /*NOTREACHED*/ 05001 } 05002 } 05003 05004 /* check for VLAN */ 05005 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 05006 05007 /* If a specific VLAN is requested, check VLAN id */ 05008 if (vlan_num >= 0) { 05009 struct block *b1; 05010 05011 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 05012 gen_and(b0, b1); 05013 b0 = b1; 05014 } 05015 05016 return (b0); 05017 } 05018 05019 struct block * 05020 gen_atmfield_code(atmfield, jvalue, jtype, reverse) 05021 int atmfield; 05022 bpf_u_int32 jvalue; 05023 bpf_u_int32 jtype; 05024 int reverse; 05025 { 05026 struct block *b0; 05027 05028 switch (atmfield) { 05029 05030 case A_VPI: 05031 if (!is_atm) 05032 bpf_error("'vpi' supported only on raw ATM"); 05033 if (off_vpi == -1) 05034 abort(); 05035 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype, 05036 (u_int)jvalue, reverse); 05037 break; 05038 05039 case A_VCI: 05040 if (!is_atm) 05041 bpf_error("'vci' supported only on raw ATM"); 05042 if (off_vci == -1) 05043 abort(); 05044 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype, 05045 (u_int)jvalue, reverse); 05046 break; 05047 05048 case A_PROTOTYPE: 05049 if (off_proto == -1) 05050 abort(); /* XXX - this isn't on FreeBSD */ 05051 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype, 05052 (u_int)jvalue, reverse); 05053 break; 05054 05055 case A_MSGTYPE: 05056 if (off_payload == -1) 05057 abort(); 05058 b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff, 05059 (u_int)jtype, (u_int)jvalue, reverse); 05060 break; 05061 05062 case A_CALLREFTYPE: 05063 if (!is_atm) 05064 bpf_error("'callref' supported only on raw ATM"); 05065 if (off_proto == -1) 05066 abort(); 05067 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype, 05068 (u_int)jvalue, reverse); 05069 break; 05070 05071 default: 05072 abort(); 05073 } 05074 return b0; 05075 } 05076 05077 struct block * 05078 gen_atmtype_abbrev(type) 05079 int type; 05080 { 05081 struct block *b0, *b1; 05082 05083 switch (type) { 05084 05085 case A_METAC: 05086 /* Get all packets in Meta signalling Circuit */ 05087 if (!is_atm) 05088 bpf_error("'metac' supported only on raw ATM"); 05089 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05090 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0); 05091 gen_and(b0, b1); 05092 break; 05093 05094 case A_BCC: 05095 /* Get all packets in Broadcast Circuit*/ 05096 if (!is_atm) 05097 bpf_error("'bcc' supported only on raw ATM"); 05098 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05099 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0); 05100 gen_and(b0, b1); 05101 break; 05102 05103 case A_OAMF4SC: 05104 /* Get all cells in Segment OAM F4 circuit*/ 05105 if (!is_atm) 05106 bpf_error("'oam4sc' supported only on raw ATM"); 05107 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05108 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 05109 gen_and(b0, b1); 05110 break; 05111 05112 case A_OAMF4EC: 05113 /* Get all cells in End-to-End OAM F4 Circuit*/ 05114 if (!is_atm) 05115 bpf_error("'oam4ec' supported only on raw ATM"); 05116 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05117 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 05118 gen_and(b0, b1); 05119 break; 05120 05121 case A_SC: 05122 /* Get all packets in connection Signalling Circuit */ 05123 if (!is_atm) 05124 bpf_error("'sc' supported only on raw ATM"); 05125 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05126 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0); 05127 gen_and(b0, b1); 05128 break; 05129 05130 case A_ILMIC: 05131 /* Get all packets in ILMI Circuit */ 05132 if (!is_atm) 05133 bpf_error("'ilmic' supported only on raw ATM"); 05134 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05135 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0); 05136 gen_and(b0, b1); 05137 break; 05138 05139 case A_LANE: 05140 /* Get all LANE packets */ 05141 if (!is_atm) 05142 bpf_error("'lane' supported only on raw ATM"); 05143 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 05144 05145 /* 05146 * Arrange that all subsequent tests assume LANE 05147 * rather than LLC-encapsulated packets, and set 05148 * the offsets appropriately for LANE-encapsulated 05149 * Ethernet. 05150 * 05151 * "off_mac" is the offset of the Ethernet header, 05152 * which is 2 bytes past the ATM pseudo-header 05153 * (skipping the pseudo-header and 2-byte LE Client 05154 * field). The other offsets are Ethernet offsets 05155 * relative to "off_mac". 05156 */ 05157 is_lane = 1; 05158 off_mac = off_payload + 2; /* MAC header */ 05159 off_linktype = off_mac + 12; 05160 off_nl = off_mac + 14; /* Ethernet II */ 05161 off_nl_nosnap = off_mac + 17; /* 802.3+802.2 */ 05162 break; 05163 05164 case A_LLC: 05165 /* Get all LLC-encapsulated packets */ 05166 if (!is_atm) 05167 bpf_error("'llc' supported only on raw ATM"); 05168 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 05169 is_lane = 0; 05170 break; 05171 05172 default: 05173 abort(); 05174 } 05175 return b1; 05176 } 05177 05178 05179 static struct block * 05180 gen_msg_abbrev(type) 05181 int type; 05182 { 05183 struct block *b1; 05184 05185 /* 05186 * Q.2931 signalling protocol messages for handling virtual circuits 05187 * establishment and teardown 05188 */ 05189 switch (type) { 05190 05191 case A_SETUP: 05192 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0); 05193 break; 05194 05195 case A_CALLPROCEED: 05196 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 05197 break; 05198 05199 case A_CONNECT: 05200 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0); 05201 break; 05202 05203 case A_CONNECTACK: 05204 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 05205 break; 05206 05207 case A_RELEASE: 05208 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0); 05209 break; 05210 05211 case A_RELEASE_DONE: 05212 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 05213 break; 05214 05215 default: 05216 abort(); 05217 } 05218 return b1; 05219 } 05220 05221 struct block * 05222 gen_atmmulti_abbrev(type) 05223 int type; 05224 { 05225 struct block *b0, *b1; 05226 05227 switch (type) { 05228 05229 case A_OAM: 05230 if (!is_atm) 05231 bpf_error("'oam' supported only on raw ATM"); 05232 b1 = gen_atmmulti_abbrev(A_OAMF4); 05233 break; 05234 05235 case A_OAMF4: 05236 if (!is_atm) 05237 bpf_error("'oamf4' supported only on raw ATM"); 05238 /* OAM F4 type */ 05239 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 05240 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 05241 gen_or(b0, b1); 05242 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 05243 gen_and(b0, b1); 05244 break; 05245 05246 case A_CONNECTMSG: 05247 /* 05248 * Get Q.2931 signalling messages for switched 05249 * virtual connection 05250 */ 05251 if (!is_atm) 05252 bpf_error("'connectmsg' supported only on raw ATM"); 05253 b0 = gen_msg_abbrev(A_SETUP); 05254 b1 = gen_msg_abbrev(A_CALLPROCEED); 05255 gen_or(b0, b1); 05256 b0 = gen_msg_abbrev(A_CONNECT); 05257 gen_or(b0, b1); 05258 b0 = gen_msg_abbrev(A_CONNECTACK); 05259 gen_or(b0, b1); 05260 b0 = gen_msg_abbrev(A_RELEASE); 05261 gen_or(b0, b1); 05262 b0 = gen_msg_abbrev(A_RELEASE_DONE); 05263 gen_or(b0, b1); 05264 b0 = gen_atmtype_abbrev(A_SC); 05265 gen_and(b0, b1); 05266 break; 05267 05268 case A_METACONNECT: 05269 if (!is_atm) 05270 bpf_error("'metaconnect' supported only on raw ATM"); 05271 b0 = gen_msg_abbrev(A_SETUP); 05272 b1 = gen_msg_abbrev(A_CALLPROCEED); 05273 gen_or(b0, b1); 05274 b0 = gen_msg_abbrev(A_CONNECT); 05275 gen_or(b0, b1); 05276 b0 = gen_msg_abbrev(A_RELEASE); 05277 gen_or(b0, b1); 05278 b0 = gen_msg_abbrev(A_RELEASE_DONE); 05279 gen_or(b0, b1); 05280 b0 = gen_atmtype_abbrev(A_METAC); 05281 gen_and(b0, b1); 05282 break; 05283 05284 default: 05285 abort(); 05286 } 05287 return b1; 05288 }
documentation. Copyright (c) 2002-2003 Politecnico di Torino. All rights reserved.