Main Page   Modules   Data Structures   File List   Data Fields   Globals   Related Pages  

gencode.c

Go to the documentation of this file.
00001 /*#define CHASE_CHAIN*/
00002 /*
00003  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
00004  *  The Regents of the University of California.  All rights reserved.
00005  *
00006  * Redistribution and use in source and binary forms, with or without
00007  * modification, are permitted provided that: (1) source code distributions
00008  * retain the above copyright notice and this paragraph in its entirety, (2)
00009  * distributions including binary code include the above copyright notice and
00010  * this paragraph in its entirety in the documentation or other materials
00011  * provided with the distribution, and (3) all advertising materials mentioning
00012  * features or use of this software display the following acknowledgement:
00013  * ``This product includes software developed by the University of California,
00014  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
00015  * the University nor the names of its contributors may be used to endorse
00016  * or promote products derived from this software without specific prior
00017  * written permission.
00018  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
00019  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
00020  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
00021  */
00022 #ifndef lint
00023 static const char rcsid[] =
00024     "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.184 2003/01/23 07:24:51 guy Exp $ (LBL)";
00025 #endif
00026 
00027 #ifdef HAVE_CONFIG_H
00028 #include "config.h"
00029 #endif
00030 
00031 #ifdef WIN32
00032 #include <pcap-stdinc.h>
00033 #else /* WIN32 */
00034 #include <sys/types.h>
00035 #include <sys/socket.h>
00036 #include <sys/time.h>
00037 #endif /* WIN32 */
00038 
00039 /*
00040  * XXX - why was this included even on UNIX?
00041  */
00042 #ifdef __MINGW32__
00043 #include "IP6_misc.h"
00044 #endif
00045 
00046 #ifndef WIN32
00047 
00048 #ifdef __NetBSD__
00049 #include <sys/param.h>
00050 #endif
00051 
00052 #include <netinet/in.h>
00053 
00054 #endif /* WIN32 */
00055 
00056 #include <stdlib.h>
00057 #include <string.h>
00058 #include <memory.h>
00059 #include <setjmp.h>
00060 #include <stdarg.h>
00061 
00062 #include "pcap-int.h"
00063 
00064 #include "ethertype.h"
00065 #include "nlpid.h"
00066 #include "llc.h"
00067 #include "gencode.h"
00068 #include "atmuni31.h"
00069 #include "sunatmpos.h"
00070 #include "ppp.h"
00071 #include "sll.h"
00072 #include "arcnet.h"
00073 #ifdef INET6
00074 #ifndef WIN32
00075 #include <netdb.h>  /* for "struct addrinfo" */
00076 #endif /* WIN32 */
00077 #endif /*INET6*/
00078 #include <pcap-namedb.h>
00079 
00080 #define ETHERMTU    1500
00081 
00082 #ifndef IPPROTO_SCTP
00083 #define IPPROTO_SCTP 132
00084 #endif
00085 
00086 #ifdef HAVE_OS_PROTO_H
00087 #include "os-proto.h"
00088 #endif
00089 
00090 #define JMP(c) ((c)|BPF_JMP|BPF_K)
00091 
00092 /* Locals */
00093 static jmp_buf top_ctx;
00094 static pcap_t *bpf_pcap;
00095 
00096 /* Hack for updating VLAN offsets. */
00097 static u_int    orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
00098 
00099 /* XXX */
00100 #ifdef PCAP_FDDIPAD
00101 int pcap_fddipad = PCAP_FDDIPAD;
00102 #else
00103 int pcap_fddipad;
00104 #endif
00105 
00106 /* VARARGS */
00107 void
00108 bpf_error(const char *fmt, ...)
00109 
00110 {
00111     va_list ap;
00112 
00113     va_start(ap, fmt);
00114     if (bpf_pcap != NULL)
00115         (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
00116             fmt, ap);
00117     va_end(ap);
00118     longjmp(top_ctx, 1);
00119     /* NOTREACHED */
00120 }
00121 
00122 static void init_linktype(int);
00123 
00124 static int alloc_reg(void);
00125 static void free_reg(int);
00126 
00127 static struct block *root;
00128 
00129 /*
00130  * We divy out chunks of memory rather than call malloc each time so
00131  * we don't have to worry about leaking memory.  It's probably
00132  * not a big deal if all this memory was wasted but it this ever
00133  * goes into a library that would probably not be a good idea.
00134  */
00135 #define NCHUNKS 16
00136 #define CHUNK0SIZE 1024
00137 struct chunk {
00138     u_int n_left;
00139     void *m;
00140 };
00141 
00142 static struct chunk chunks[NCHUNKS];
00143 static int cur_chunk;
00144 
00145 static void *newchunk(u_int);
00146 static void freechunks(void);
00147 static inline struct block *new_block(int);
00148 static inline struct slist *new_stmt(int);
00149 static struct block *gen_retblk(int);
00150 static inline void syntax(void);
00151 
00152 static void backpatch(struct block *, struct block *);
00153 static void merge(struct block *, struct block *);
00154 static struct block *gen_cmp(u_int, u_int, bpf_int32);
00155 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
00156 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
00157 static struct block *gen_bcmp(u_int, u_int, const u_char *);
00158 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
00159     bpf_u_int32, bpf_u_int32, int);
00160 static struct block *gen_uncond(int);
00161 static inline struct block *gen_true(void);
00162 static inline struct block *gen_false(void);
00163 static struct block *gen_ether_linktype(int);
00164 static struct block *gen_linktype(int);
00165 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
00166 static struct block *gen_llc(int);
00167 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
00168 #ifdef INET6
00169 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
00170 #endif
00171 static struct block *gen_ahostop(const u_char *, int);
00172 static struct block *gen_ehostop(const u_char *, int);
00173 static struct block *gen_fhostop(const u_char *, int);
00174 static struct block *gen_thostop(const u_char *, int);
00175 static struct block *gen_wlanhostop(const u_char *, int);
00176 static struct block *gen_ipfchostop(const u_char *, int);
00177 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
00178 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
00179 #ifdef INET6
00180 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
00181 #endif
00182 #ifndef INET6
00183 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
00184 #endif
00185 static struct block *gen_ipfrag(void);
00186 static struct block *gen_portatom(int, bpf_int32);
00187 #ifdef INET6
00188 static struct block *gen_portatom6(int, bpf_int32);
00189 #endif
00190 struct block *gen_portop(int, int, int);
00191 static struct block *gen_port(int, int, int);
00192 #ifdef INET6
00193 struct block *gen_portop6(int, int, int);
00194 static struct block *gen_port6(int, int, int);
00195 #endif
00196 static int lookup_proto(const char *, int);
00197 static struct block *gen_protochain(int, int, int);
00198 static struct block *gen_proto(int, int, int);
00199 static struct slist *xfer_to_x(struct arth *);
00200 static struct slist *xfer_to_a(struct arth *);
00201 static struct block *gen_mac_multicast(int);
00202 static struct block *gen_len(int, int);
00203 
00204 static struct block *gen_msg_abbrev(int type);
00205 
00206 static void *
00207 newchunk(n)
00208     u_int n;
00209 {
00210     struct chunk *cp;
00211     int k, size;
00212 
00213 #ifndef __NetBSD__
00214     /* XXX Round up to nearest long. */
00215     n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
00216 #else
00217     /* XXX Round up to structure boundary. */
00218     n = ALIGN(n);
00219 #endif
00220 
00221     cp = &chunks[cur_chunk];
00222     if (n > cp->n_left) {
00223         ++cp, k = ++cur_chunk;
00224         if (k >= NCHUNKS)
00225             bpf_error("out of memory");
00226         size = CHUNK0SIZE << k;
00227         cp->m = (void *)malloc(size);
00228         memset((char *)cp->m, 0, size);
00229         cp->n_left = size;
00230         if (n > size)
00231             bpf_error("out of memory");
00232     }
00233     cp->n_left -= n;
00234     return (void *)((char *)cp->m + cp->n_left);
00235 }
00236 
00237 static void
00238 freechunks()
00239 {
00240     int i;
00241 
00242     cur_chunk = 0;
00243     for (i = 0; i < NCHUNKS; ++i)
00244         if (chunks[i].m != NULL) {
00245             free(chunks[i].m);
00246             chunks[i].m = NULL;
00247         }
00248 }
00249 
00250 /*
00251  * A strdup whose allocations are freed after code generation is over.
00252  */
00253 char *
00254 sdup(s)
00255     register const char *s;
00256 {
00257     int n = strlen(s) + 1;
00258     char *cp = newchunk(n);
00259 
00260     strlcpy(cp, s, n);
00261     return (cp);
00262 }
00263 
00264 static inline struct block *
00265 new_block(code)
00266     int code;
00267 {
00268     struct block *p;
00269 
00270     p = (struct block *)newchunk(sizeof(*p));
00271     p->s.code = code;
00272     p->head = p;
00273 
00274     return p;
00275 }
00276 
00277 static inline struct slist *
00278 new_stmt(code)
00279     int code;
00280 {
00281     struct slist *p;
00282 
00283     p = (struct slist *)newchunk(sizeof(*p));
00284     p->s.code = code;
00285 
00286     return p;
00287 }
00288 
00289 static struct block *
00290 gen_retblk(v)
00291     int v;
00292 {
00293     struct block *b = new_block(BPF_RET|BPF_K);
00294 
00295     b->s.k = v;
00296     return b;
00297 }
00298 
00299 static inline void
00300 syntax()
00301 {
00302     bpf_error("syntax error in filter expression");
00303 }
00304 
00305 static bpf_u_int32 netmask;
00306 static int snaplen;
00307 int no_optimize;
00308 
00309 int
00310 pcap_compile(pcap_t *p, struct bpf_program *program,
00311          char *buf, int optimize, bpf_u_int32 mask)
00312 {
00313     extern int n_errors;
00314     int len;
00315 
00316     no_optimize = 0;
00317     n_errors = 0;
00318     root = NULL;
00319     bpf_pcap = p;
00320     if (setjmp(top_ctx)) {
00321         lex_cleanup();
00322         freechunks();
00323         return (-1);
00324     }
00325 
00326     netmask = mask;
00327 
00328     snaplen = pcap_snapshot(p);
00329     if (snaplen == 0) {
00330         snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
00331              "snaplen of 0 rejects all packets");
00332         return -1;
00333     }
00334 
00335     lex_init(buf ? buf : "");
00336     init_linktype(pcap_datalink(p));
00337     (void)pcap_parse();
00338 
00339     if (n_errors)
00340         syntax();
00341 
00342     if (root == NULL)
00343         root = gen_retblk(snaplen);
00344 
00345     if (optimize && !no_optimize) {
00346         bpf_optimize(&root);
00347         if (root == NULL ||
00348             (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
00349             bpf_error("expression rejects all packets");
00350     }
00351     program->bf_insns = icode_to_fcode(root, &len);
00352     program->bf_len = len;
00353 
00354     lex_cleanup();
00355     freechunks();
00356     return (0);
00357 }
00358 
00359 /*
00360  * entry point for using the compiler with no pcap open
00361  * pass in all the stuff that is needed explicitly instead.
00362  */
00363 int
00364 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
00365             struct bpf_program *program,
00366          char *buf, int optimize, bpf_u_int32 mask)
00367 {
00368     pcap_t *p;
00369     int ret;
00370 
00371     p = pcap_open_dead(linktype_arg, snaplen_arg);
00372     if (p == NULL)
00373         return (-1);
00374     ret = pcap_compile(p, program, buf, optimize, mask);
00375     pcap_close(p);
00376     return (ret);
00377 }
00378 
00379 /*
00380  * Clean up a "struct bpf_program" by freeing all the memory allocated
00381  * in it.
00382  */
00383 void
00384 pcap_freecode(struct bpf_program *program)
00385 {
00386     program->bf_len = 0;
00387     if (program->bf_insns != NULL) {
00388         free((char *)program->bf_insns);
00389         program->bf_insns = NULL;
00390     }
00391 }
00392 
00393 /*
00394  * Backpatch the blocks in 'list' to 'target'.  The 'sense' field indicates
00395  * which of the jt and jf fields has been resolved and which is a pointer
00396  * back to another unresolved block (or nil).  At least one of the fields
00397  * in each block is already resolved.
00398  */
00399 static void
00400 backpatch(list, target)
00401     struct block *list, *target;
00402 {
00403     struct block *next;
00404 
00405     while (list) {
00406         if (!list->sense) {
00407             next = JT(list);
00408             JT(list) = target;
00409         } else {
00410             next = JF(list);
00411             JF(list) = target;
00412         }
00413         list = next;
00414     }
00415 }
00416 
00417 /*
00418  * Merge the lists in b0 and b1, using the 'sense' field to indicate
00419  * which of jt and jf is the link.
00420  */
00421 static void
00422 merge(b0, b1)
00423     struct block *b0, *b1;
00424 {
00425     register struct block **p = &b0;
00426 
00427     /* Find end of list. */
00428     while (*p)
00429         p = !((*p)->sense) ? &JT(*p) : &JF(*p);
00430 
00431     /* Concatenate the lists. */
00432     *p = b1;
00433 }
00434 
00435 void
00436 finish_parse(p)
00437     struct block *p;
00438 {
00439     backpatch(p, gen_retblk(snaplen));
00440     p->sense = !p->sense;
00441     backpatch(p, gen_retblk(0));
00442     root = p->head;
00443 }
00444 
00445 void
00446 gen_and(b0, b1)
00447     struct block *b0, *b1;
00448 {
00449     backpatch(b0, b1->head);
00450     b0->sense = !b0->sense;
00451     b1->sense = !b1->sense;
00452     merge(b1, b0);
00453     b1->sense = !b1->sense;
00454     b1->head = b0->head;
00455 }
00456 
00457 void
00458 gen_or(b0, b1)
00459     struct block *b0, *b1;
00460 {
00461     b0->sense = !b0->sense;
00462     backpatch(b0, b1->head);
00463     b0->sense = !b0->sense;
00464     merge(b1, b0);
00465     b1->head = b0->head;
00466 }
00467 
00468 void
00469 gen_not(b)
00470     struct block *b;
00471 {
00472     b->sense = !b->sense;
00473 }
00474 
00475 static struct block *
00476 gen_cmp(offset, size, v)
00477     u_int offset, size;
00478     bpf_int32 v;
00479 {
00480     struct slist *s;
00481     struct block *b;
00482 
00483     s = new_stmt(BPF_LD|BPF_ABS|size);
00484     s->s.k = offset;
00485 
00486     b = new_block(JMP(BPF_JEQ));
00487     b->stmts = s;
00488     b->s.k = v;
00489 
00490     return b;
00491 }
00492 
00493 static struct block *
00494 gen_cmp_gt(offset, size, v)
00495     u_int offset, size;
00496     bpf_int32 v;
00497 {
00498     struct slist *s;
00499     struct block *b;
00500 
00501     s = new_stmt(BPF_LD|BPF_ABS|size);
00502     s->s.k = offset;
00503 
00504     b = new_block(JMP(BPF_JGT));
00505     b->stmts = s;
00506     b->s.k = v;
00507 
00508     return b;
00509 }
00510 
00511 static struct block *
00512 gen_mcmp(offset, size, v, mask)
00513     u_int offset, size;
00514     bpf_int32 v;
00515     bpf_u_int32 mask;
00516 {
00517     struct block *b = gen_cmp(offset, size, v);
00518     struct slist *s;
00519 
00520     if (mask != 0xffffffff) {
00521         s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
00522         s->s.k = mask;
00523         b->stmts->next = s;
00524     }
00525     return b;
00526 }
00527 
00528 static struct block *
00529 gen_bcmp(offset, size, v)
00530     register u_int offset, size;
00531     register const u_char *v;
00532 {
00533     register struct block *b, *tmp;
00534 
00535     b = NULL;
00536     while (size >= 4) {
00537         register const u_char *p = &v[size - 4];
00538         bpf_int32 w = ((bpf_int32)p[0] << 24) |
00539             ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
00540 
00541         tmp = gen_cmp(offset + size - 4, BPF_W, w);
00542         if (b != NULL)
00543             gen_and(b, tmp);
00544         b = tmp;
00545         size -= 4;
00546     }
00547     while (size >= 2) {
00548         register const u_char *p = &v[size - 2];
00549         bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
00550 
00551         tmp = gen_cmp(offset + size - 2, BPF_H, w);
00552         if (b != NULL)
00553             gen_and(b, tmp);
00554         b = tmp;
00555         size -= 2;
00556     }
00557     if (size > 0) {
00558         tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
00559         if (b != NULL)
00560             gen_and(b, tmp);
00561         b = tmp;
00562     }
00563     return b;
00564 }
00565 
00566 static struct block *
00567 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
00568     bpf_u_int32 datasize, offset, mask, jtype, jvalue;
00569     int reverse;
00570 {
00571     struct slist *s;
00572     struct block *b;
00573  
00574     s = new_stmt(BPF_LD|datasize|BPF_ABS);
00575     s->s.k = offset;
00576  
00577     if (mask != 0xffffffff) {
00578         s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
00579         s->next->s.k = mask;
00580     }
00581  
00582     b = new_block(JMP(jtype));
00583     b->stmts = s;
00584     b->s.k = jvalue;
00585     if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
00586         gen_not(b);
00587     return b;
00588 }
00589 
00590 /*
00591  * Various code constructs need to know the layout of the data link
00592  * layer.  These variables give the necessary offsets.
00593  */
00594 
00595 /*
00596  * This is the offset of the beginning of the MAC-layer header.
00597  * It's usually 0, except for ATM LANE.
00598  */
00599 static u_int off_mac;
00600 
00601 /*
00602  * "off_linktype" is the offset to information in the link-layer header
00603  * giving the packet type.
00604  *
00605  * For Ethernet, it's the offset of the Ethernet type field.
00606  *
00607  * For link-layer types that always use 802.2 headers, it's the
00608  * offset of the LLC header.
00609  *
00610  * For PPP, it's the offset of the PPP type field.
00611  *
00612  * For Cisco HDLC, it's the offset of the CHDLC type field.
00613  *
00614  * For BSD loopback, it's the offset of the AF_ value.
00615  *
00616  * For Linux cooked sockets, it's the offset of the type field.
00617  *
00618  * It's set to -1 for no encapsulation, in which case, IP is assumed.
00619  */
00620 static u_int off_linktype;
00621 
00622 /*
00623  * TRUE if the link layer includes an ATM pseudo-header.
00624  */
00625 static int is_atm = 0;
00626 
00627 /*
00628  * TRUE if "lane" appeared in the filter; it causes us to generate
00629  * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
00630  */
00631 static int is_lane = 0;
00632 
00633 /*
00634  * These are offsets for the ATM pseudo-header.
00635  */
00636 static u_int off_vpi;
00637 static u_int off_vci;
00638 static u_int off_proto;
00639 
00640 /*
00641  * This is the offset of the first byte after the ATM pseudo_header,
00642  * or -1 if there is no ATM pseudo-header.
00643  */
00644 static u_int off_payload;
00645 
00646 /*
00647  * These are offsets to the beginning of the network-layer header.
00648  *
00649  * If the link layer never uses 802.2 LLC:
00650  *
00651  *  "off_nl" and "off_nl_nosnap" are the same.
00652  *
00653  * If the link layer always uses 802.2 LLC:
00654  *
00655  *  "off_nl" is the offset if there's a SNAP header following
00656  *  the 802.2 header;
00657  *
00658  *  "off_nl_nosnap" is the offset if there's no SNAP header.
00659  *
00660  * If the link layer is Ethernet:
00661  *
00662  *  "off_nl" is the offset if the packet is an Ethernet II packet
00663  *  (we assume no 802.3+802.2+SNAP);
00664  *
00665  *  "off_nl_nosnap" is the offset if the packet is an 802.3 packet
00666  *  with an 802.2 header following it.
00667  */
00668 static u_int off_nl;
00669 static u_int off_nl_nosnap;
00670 
00671 static int linktype;
00672 
00673 static void
00674 init_linktype(type)
00675     int type;
00676 {
00677     linktype = type;
00678 
00679     /*
00680      * Assume it's not raw ATM with a pseudo-header, for now.
00681      */
00682     off_mac = 0;
00683     is_atm = 0;
00684     is_lane = 0;
00685     off_vpi = -1;
00686     off_vci = -1;
00687     off_proto = -1;
00688     off_payload = -1;
00689 
00690     orig_linktype = -1;
00691     orig_nl = -1;
00692     orig_nl_nosnap = -1;
00693 
00694     switch (type) {
00695 
00696     case DLT_ARCNET:
00697         off_linktype = 2;
00698         off_nl = 6;     /* XXX in reality, variable! */
00699         off_nl_nosnap = 6;  /* no 802.2 LLC */
00700         return;
00701 
00702     case DLT_ARCNET_LINUX:
00703         off_linktype = 4;
00704         off_nl = 8;     /* XXX in reality, variable! */
00705         off_nl_nosnap = 8;  /* no 802.2 LLC */
00706         return;
00707 
00708     case DLT_EN10MB:
00709         off_linktype = 12;
00710         off_nl = 14;        /* Ethernet II */
00711         off_nl_nosnap = 17; /* 802.3+802.2 */
00712         return;
00713 
00714     case DLT_SLIP:
00715         /*
00716          * SLIP doesn't have a link level type.  The 16 byte
00717          * header is hacked into our SLIP driver.
00718          */
00719         off_linktype = -1;
00720         off_nl = 16;
00721         off_nl_nosnap = 16; /* no 802.2 LLC */
00722         return;
00723 
00724     case DLT_SLIP_BSDOS:
00725         /* XXX this may be the same as the DLT_PPP_BSDOS case */
00726         off_linktype = -1;
00727         /* XXX end */
00728         off_nl = 24;
00729         off_nl_nosnap = 24; /* no 802.2 LLC */
00730         return;
00731 
00732     case DLT_NULL:
00733     case DLT_LOOP:
00734         off_linktype = 0;
00735         off_nl = 4;
00736         off_nl_nosnap = 4;  /* no 802.2 LLC */
00737         return;
00738 
00739     case DLT_PPP:
00740     case DLT_C_HDLC:        /* BSD/OS Cisco HDLC */
00741     case DLT_PPP_SERIAL:        /* NetBSD sync/async serial PPP */
00742         off_linktype = 2;
00743         off_nl = 4;
00744         off_nl_nosnap = 4;  /* no 802.2 LLC */
00745         return;
00746 
00747     case DLT_PPP_ETHER:
00748         /*
00749          * This does no include the Ethernet header, and
00750          * only covers session state.
00751          */
00752         off_linktype = 6;
00753         off_nl = 8;
00754         off_nl_nosnap = 8;  /* no 802.2 LLC */
00755         return;
00756 
00757     case DLT_PPP_BSDOS:
00758         off_linktype = 5;
00759         off_nl = 24;
00760         off_nl_nosnap = 24; /* no 802.2 LLC */
00761         return;
00762 
00763     case DLT_FDDI:
00764         /*
00765          * FDDI doesn't really have a link-level type field.
00766          * We set "off_linktype" to the offset of the LLC header.
00767          *
00768          * To check for Ethernet types, we assume that SSAP = SNAP
00769          * is being used and pick out the encapsulated Ethernet type.
00770          * XXX - should we generate code to check for SNAP?
00771          */
00772         off_linktype = 13;
00773 #ifdef PCAP_FDDIPAD
00774         off_linktype += pcap_fddipad;
00775 #endif
00776         off_nl = 21;        /* FDDI+802.2+SNAP */
00777         off_nl_nosnap = 16; /* FDDI+802.2 */
00778 #ifdef PCAP_FDDIPAD
00779         off_nl += pcap_fddipad;
00780         off_nl_nosnap += pcap_fddipad;
00781 #endif
00782         return;
00783 
00784     case DLT_IEEE802:
00785         /*
00786          * Token Ring doesn't really have a link-level type field.
00787          * We set "off_linktype" to the offset of the LLC header.
00788          *
00789          * To check for Ethernet types, we assume that SSAP = SNAP
00790          * is being used and pick out the encapsulated Ethernet type.
00791          * XXX - should we generate code to check for SNAP?
00792          *
00793          * XXX - the header is actually variable-length.
00794          * Some various Linux patched versions gave 38
00795          * as "off_linktype" and 40 as "off_nl"; however,
00796          * if a token ring packet has *no* routing
00797          * information, i.e. is not source-routed, the correct
00798          * values are 20 and 22, as they are in the vanilla code.
00799          *
00800          * A packet is source-routed iff the uppermost bit
00801          * of the first byte of the source address, at an
00802          * offset of 8, has the uppermost bit set.  If the
00803          * packet is source-routed, the total number of bytes
00804          * of routing information is 2 plus bits 0x1F00 of
00805          * the 16-bit value at an offset of 14 (shifted right
00806          * 8 - figure out which byte that is).
00807          */
00808         off_linktype = 14;
00809         off_nl = 22;        /* Token Ring+802.2+SNAP */
00810         off_nl_nosnap = 17; /* Token Ring+802.2 */
00811         return;
00812 
00813     case DLT_IEEE802_11:
00814         /*
00815          * 802.11 doesn't really have a link-level type field.
00816          * We set "off_linktype" to the offset of the LLC header.
00817          *
00818          * To check for Ethernet types, we assume that SSAP = SNAP
00819          * is being used and pick out the encapsulated Ethernet type.
00820          * XXX - should we generate code to check for SNAP?
00821          *
00822          * XXX - the header is actually variable-length.  We
00823          * assume a 24-byte link-layer header, as appears in
00824          * data frames in networks with no bridges.
00825          */
00826         off_linktype = 24;
00827         off_nl = 32;        /* 802.11+802.2+SNAP */
00828         off_nl_nosnap = 27; /* 802.11+802.2 */
00829         return;
00830 
00831     case DLT_PRISM_HEADER:
00832         /*
00833          * Same as 802.11, but with an additional header before
00834          * the 802.11 header, containing a bunch of additional
00835          * information including radio-level information.
00836          *
00837          * The header is 144 bytes long.
00838          *
00839          * XXX - same variable-length header problem; at least
00840          * the Prism header is fixed-length.
00841          */
00842         off_linktype = 144+24;
00843         off_nl = 144+32;    /* Prism+802.11+802.2+SNAP */
00844         off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
00845         return;
00846 
00847     case DLT_IEEE802_11_RADIO:
00848         /*
00849          * Same as 802.11, but with an additional header before
00850          * the 802.11 header, containing a bunch of additional
00851          * information including radio-level information.
00852          *
00853          * The header is 64 bytes long.
00854          *
00855          * XXX - same variable-length header problem, only
00856          * more so; this header is also variable-length,
00857          * with the length being the 32-bit big-endian
00858          * number at an offset of 4 from the beginning
00859          * of the radio header.
00860          */
00861         off_linktype = 64+24;
00862         off_nl = 64+32;     /* Radio+802.11+802.2+SNAP */
00863         off_nl_nosnap = 64+27;  /* Radio+802.11+802.2 */
00864         return;
00865 
00866     case DLT_ATM_RFC1483:
00867         off_linktype = 0;
00868         off_nl = 4;             /* FIXME SNAP */
00869         return;
00870 
00871     case DLT_ATM_CLIP:  /* Linux ATM defines this */
00872         /*
00873          * assume routed, non-ISO PDUs
00874          * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
00875          */
00876         off_linktype = 0;
00877         off_nl = 8;     /* 802.2+SNAP */
00878         off_nl_nosnap = 3;  /* 802.2 */
00879         return;
00880 
00881     case DLT_SUNATM:
00882         /*
00883          * Full Frontal ATM; you get AALn PDUs with an ATM
00884          * pseudo-header.
00885          */
00886         is_atm = 1;
00887         off_vpi = SUNATM_VPI_POS;
00888         off_vci = SUNATM_VCI_POS;
00889         off_proto = PROTO_POS;
00890         off_mac = -1;   /* LLC-encapsulated, so no MAC-layer header */  
00891         off_payload = SUNATM_PKT_BEGIN_POS;
00892         off_linktype = off_payload;
00893         off_nl = off_payload+8;     /* 802.2+SNAP */
00894         off_nl_nosnap = off_payload+3;  /* 802.2 */
00895         return;
00896 
00897     case DLT_RAW:
00898         off_linktype = -1;
00899         off_nl = 0;
00900         off_nl_nosnap = 0;  /* no 802.2 LLC */
00901         return;
00902 
00903     case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
00904         off_linktype = 14;
00905         off_nl = 16;
00906         off_nl_nosnap = 16; /* no 802.2 LLC */
00907         return;
00908 
00909     case DLT_LTALK:
00910         /*
00911          * LocalTalk does have a 1-byte type field in the LLAP header,
00912          * but really it just indicates whether there is a "short" or
00913          * "long" DDP packet following.
00914          */
00915         off_linktype = -1;
00916         off_nl = 0;
00917         off_nl_nosnap = 0;  /* no 802.2 LLC */
00918         return;
00919 
00920     case DLT_IP_OVER_FC:
00921         /*
00922          * RFC 2625 IP-over-Fibre-Channel doesn't really have a
00923          * link-level type field.  We set "off_linktype" to the
00924          * offset of the LLC header.
00925          *
00926          * To check for Ethernet types, we assume that SSAP = SNAP
00927          * is being used and pick out the encapsulated Ethernet type.
00928          * XXX - should we generate code to check for SNAP? RFC
00929          * 2625 says SNAP should be used.
00930          */
00931         off_linktype = 16;
00932         off_nl = 24;        /* IPFC+802.2+SNAP */
00933         off_nl_nosnap = 19; /* IPFC+802.2 */
00934         return;
00935 
00936     case DLT_FRELAY:
00937         /*
00938          * XXX - we should set this to handle SNAP-encapsulated
00939          * frames (NLPID of 0x80).
00940          */
00941         off_linktype = -1;
00942         off_nl = 0;
00943         off_nl_nosnap = 0;  /* no 802.2 LLC */
00944         return;
00945     }
00946     bpf_error("unknown data link type %d", linktype);
00947     /* NOTREACHED */
00948 }
00949 
00950 static struct block *
00951 gen_uncond(rsense)
00952     int rsense;
00953 {
00954     struct block *b;
00955     struct slist *s;
00956 
00957     s = new_stmt(BPF_LD|BPF_IMM);
00958     s->s.k = !rsense;
00959     b = new_block(JMP(BPF_JEQ));
00960     b->stmts = s;
00961 
00962     return b;
00963 }
00964 
00965 static inline struct block *
00966 gen_true()
00967 {
00968     return gen_uncond(1);
00969 }
00970 
00971 static inline struct block *
00972 gen_false()
00973 {
00974     return gen_uncond(0);
00975 }
00976 
00977 /*
00978  * Byte-swap a 32-bit number.
00979  * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
00980  * big-endian platforms.)
00981  */
00982 #define SWAPLONG(y) \
00983 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
00984 
00985 static struct block *
00986 gen_ether_linktype(proto)
00987     register int proto;
00988 {
00989     struct block *b0, *b1;
00990 
00991     switch (proto) {
00992 
00993     case LLCSAP_ISONS:
00994         /*
00995          * OSI protocols always use 802.2 encapsulation.
00996          */
00997         b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
00998         gen_not(b0);
00999         b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01000                  ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
01001         gen_and(b0, b1);
01002         return b1;
01003 
01004     case LLCSAP_IP:
01005         b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01006         gen_not(b0);
01007         b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01008                  ((LLCSAP_IP << 8) | LLCSAP_IP));
01009         gen_and(b0, b1);
01010         return b1;
01011 
01012     case LLCSAP_NETBEUI:
01013         /*
01014          * NetBEUI always uses 802.2 encapsulation.
01015          */
01016         b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01017         gen_not(b0);
01018         b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01019                  ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
01020         gen_and(b0, b1);
01021         return b1;
01022 
01023     case LLCSAP_IPX:
01024         /*
01025          * Check for;
01026          *
01027          *  Ethernet_II frames, which are Ethernet
01028          *  frames with a frame type of ETHERTYPE_IPX;
01029          *
01030          *  Ethernet_802.3 frames, which are 802.3
01031          *  frames (i.e., the type/length field is
01032          *  a length field, <= ETHERMTU, rather than
01033          *  a type field) with the first two bytes
01034          *  after the Ethernet/802.3 header being
01035          *  0xFFFF;
01036          *
01037          *  Ethernet_802.2 frames, which are 802.3
01038          *  frames with an 802.2 LLC header and
01039          *  with the IPX LSAP as the DSAP in the LLC
01040          *  header;
01041          *
01042          *  Ethernet_SNAP frames, which are 802.3
01043          *  frames with an LLC header and a SNAP
01044          *  header and with an OUI of 0x000000
01045          *  (encapsulated Ethernet) and a protocol
01046          *  ID of ETHERTYPE_IPX in the SNAP header.
01047          *
01048          * XXX - should we generate the same code both
01049          * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
01050          */
01051 
01052         /*
01053          * This generates code to check both for the
01054          * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
01055          */
01056         b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
01057         b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
01058         gen_or(b0, b1);
01059 
01060         /*
01061          * Now we add code to check for SNAP frames with
01062          * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
01063          */
01064         b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
01065         gen_or(b0, b1);
01066 
01067         /*
01068          * Now we generate code to check for 802.3
01069          * frames in general.
01070          */
01071         b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01072         gen_not(b0);
01073 
01074         /*
01075          * Now add the check for 802.3 frames before the
01076          * check for Ethernet_802.2 and Ethernet_802.3,
01077          * as those checks should only be done on 802.3
01078          * frames, not on Ethernet frames.
01079          */
01080         gen_and(b0, b1);
01081 
01082         /*
01083          * Now add the check for Ethernet_II frames, and
01084          * do that before checking for the other frame
01085          * types.
01086          */
01087         b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
01088         gen_or(b0, b1);
01089         return b1;
01090 
01091     case ETHERTYPE_ATALK:
01092     case ETHERTYPE_AARP:
01093         /*
01094          * EtherTalk (AppleTalk protocols on Ethernet link
01095          * layer) may use 802.2 encapsulation.
01096          */
01097 
01098         /*
01099          * Check for 802.2 encapsulation (EtherTalk phase 2?);
01100          * we check for an Ethernet type field less than
01101          * 1500, which means it's an 802.3 length field.
01102          */
01103         b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01104         gen_not(b0);
01105 
01106         /*
01107          * 802.2-encapsulated ETHERTYPE_ATALK packets are
01108          * SNAP packets with an organization code of
01109          * 0x080007 (Apple, for Appletalk) and a protocol
01110          * type of ETHERTYPE_ATALK (Appletalk).
01111          *
01112          * 802.2-encapsulated ETHERTYPE_AARP packets are
01113          * SNAP packets with an organization code of
01114          * 0x000000 (encapsulated Ethernet) and a protocol
01115          * type of ETHERTYPE_AARP (Appletalk ARP).
01116          */
01117         if (proto == ETHERTYPE_ATALK)
01118             b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
01119         else    /* proto == ETHERTYPE_AARP */
01120             b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
01121         gen_and(b0, b1);
01122 
01123         /*
01124          * Check for Ethernet encapsulation (Ethertalk
01125          * phase 1?); we just check for the Ethernet
01126          * protocol type.
01127          */
01128         b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01129 
01130         gen_or(b0, b1);
01131         return b1;
01132 
01133     default:
01134         if (proto <= ETHERMTU) {
01135             /*
01136              * This is an LLC SAP value, so the frames
01137              * that match would be 802.2 frames.
01138              * Check that the frame is an 802.2 frame
01139              * (i.e., that the length/type field is
01140              * a length field, <= ETHERMTU) and
01141              * then check the DSAP.
01142              */
01143             b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01144             gen_not(b0);
01145             b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
01146             gen_and(b0, b1);
01147             return b1;
01148         } else {
01149             /*
01150              * This is an Ethernet type, so compare
01151              * the length/type field with it (if
01152              * the frame is an 802.2 frame, the length
01153              * field will be <= ETHERMTU, and, as
01154              * "proto" is > ETHERMTU, this test
01155              * will fail and the frame won't match,
01156              * which is what we want).
01157              */
01158             return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01159         }
01160     }
01161 }
01162 
01163 static struct block *
01164 gen_linktype(proto)
01165     register int proto;
01166 {
01167     struct block *b0, *b1, *b2;
01168 
01169     switch (linktype) {
01170 
01171     case DLT_EN10MB:
01172         return gen_ether_linktype(proto);
01173         break;
01174 
01175     case DLT_C_HDLC:
01176         switch (proto) {
01177 
01178         case LLCSAP_ISONS:
01179             proto = (proto << 8 | LLCSAP_ISONS);
01180             /* fall through */
01181 
01182         default:
01183             return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01184             break;
01185         }
01186         break;
01187 
01188     case DLT_IEEE802_11:
01189     case DLT_PRISM_HEADER:
01190     case DLT_IEEE802_11_RADIO:
01191     case DLT_FDDI:
01192     case DLT_IEEE802:
01193     case DLT_ATM_RFC1483:
01194     case DLT_ATM_CLIP:
01195     case DLT_IP_OVER_FC:
01196         return gen_llc(proto);
01197         break;
01198 
01199     case DLT_SUNATM:
01200         /*
01201          * If "is_lane" is set, check for a LANE-encapsulated
01202          * version of this protocol, otherwise check for an
01203          * LLC-encapsulated version of this protocol.
01204          *
01205          * We assume LANE means Ethernet, not Token Ring.
01206          */
01207         if (is_lane) {
01208             /*
01209              * Check that the packet doesn't begin with an
01210              * LE Control marker.  (We've already generated
01211              * a test for LANE.)
01212              */
01213             b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
01214             gen_not(b0);
01215 
01216             /*
01217              * Now generate an Ethernet test.
01218              */
01219             b1 = gen_ether_linktype(proto);
01220             gen_and(b0, b1);
01221             return b1;
01222         } else {
01223             /*
01224              * Check for LLC encapsulation and then check the
01225              * protocol.
01226              */
01227             b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
01228             b1 = gen_llc(proto);
01229             gen_and(b0, b1);
01230             return b1;
01231         }
01232 
01233     case DLT_LINUX_SLL:
01234         switch (proto) {
01235 
01236         case LLCSAP_IP:
01237             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01238             b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01239                      ((LLCSAP_IP << 8) | LLCSAP_IP));
01240             gen_and(b0, b1);
01241             return b1;
01242 
01243         case LLCSAP_ISONS:
01244             /*
01245              * OSI protocols always use 802.2 encapsulation.
01246              */
01247             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01248             b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01249                      ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
01250             gen_and(b0, b1);
01251             return b1;
01252 
01253         case LLCSAP_NETBEUI:
01254             /*
01255              * NetBEUI always uses 802.2 encapsulation.
01256              * XXX - should we check both the DSAP and the
01257              * LSAP, like this, or should we check just the
01258              * DSAP?
01259              */
01260             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01261             b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01262                      ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
01263             gen_and(b0, b1);
01264             return b1;
01265 
01266         case LLCSAP_IPX:
01267             /*
01268              *  Ethernet_II frames, which are Ethernet
01269              *  frames with a frame type of ETHERTYPE_IPX;
01270              *
01271              *  Ethernet_802.3 frames, which have a frame
01272              *  type of LINUX_SLL_P_802_3;
01273              *
01274              *  Ethernet_802.2 frames, which are 802.3
01275              *  frames with an 802.2 LLC header (i.e, have
01276              *  a frame type of LINUX_SLL_P_802_2) and
01277              *  with the IPX LSAP as the DSAP in the LLC
01278              *  header;
01279              *
01280              *  Ethernet_SNAP frames, which are 802.3
01281              *  frames with an LLC header and a SNAP
01282              *  header and with an OUI of 0x000000
01283              *  (encapsulated Ethernet) and a protocol
01284              *  ID of ETHERTYPE_IPX in the SNAP header.
01285              *
01286              * First, do the checks on LINUX_SLL_P_802_2
01287              * frames; generate the check for either
01288              * Ethernet_802.2 or Ethernet_SNAP frames, and
01289              * then put a check for LINUX_SLL_P_802_2 frames
01290              * before it.
01291              */
01292             b0 = gen_cmp(off_linktype + 2, BPF_B,
01293                 (bpf_int32)LLCSAP_IPX);
01294             b1 = gen_snap(0x000000, ETHERTYPE_IPX,
01295                 off_linktype + 2);
01296             gen_or(b0, b1);
01297             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01298             gen_and(b0, b1);
01299 
01300             /*
01301              * Now check for 802.3 frames and OR that with
01302              * the previous test.
01303              */
01304             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
01305             gen_or(b0, b1);
01306 
01307             /*
01308              * Now add the check for Ethernet_II frames, and
01309              * do that before checking for the other frame
01310              * types.
01311              */
01312             b0 = gen_cmp(off_linktype, BPF_H,
01313                 (bpf_int32)ETHERTYPE_IPX);
01314             gen_or(b0, b1);
01315             return b1;
01316 
01317         case ETHERTYPE_ATALK:
01318         case ETHERTYPE_AARP:
01319             /*
01320              * EtherTalk (AppleTalk protocols on Ethernet link
01321              * layer) may use 802.2 encapsulation.
01322              */
01323 
01324             /*
01325              * Check for 802.2 encapsulation (EtherTalk phase 2?);
01326              * we check for the 802.2 protocol type in the
01327              * "Ethernet type" field.
01328              */
01329             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01330 
01331             /*
01332              * 802.2-encapsulated ETHERTYPE_ATALK packets are
01333              * SNAP packets with an organization code of
01334              * 0x080007 (Apple, for Appletalk) and a protocol
01335              * type of ETHERTYPE_ATALK (Appletalk).
01336              *
01337              * 802.2-encapsulated ETHERTYPE_AARP packets are
01338              * SNAP packets with an organization code of
01339              * 0x000000 (encapsulated Ethernet) and a protocol
01340              * type of ETHERTYPE_AARP (Appletalk ARP).
01341              */
01342             if (proto == ETHERTYPE_ATALK)
01343                 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
01344                     off_linktype + 2);
01345             else    /* proto == ETHERTYPE_AARP */
01346                 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
01347                     off_linktype + 2);
01348             gen_and(b0, b1);
01349 
01350             /*
01351              * Check for Ethernet encapsulation (Ethertalk
01352              * phase 1?); we just check for the Ethernet
01353              * protocol type.
01354              */
01355             b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01356 
01357             gen_or(b0, b1);
01358             return b1;
01359 
01360         default:
01361             if (proto <= ETHERMTU) {
01362                 /*
01363                  * This is an LLC SAP value, so the frames
01364                  * that match would be 802.2 frames.
01365                  * Check for the 802.2 protocol type
01366                  * in the "Ethernet type" field, and
01367                  * then check the DSAP.
01368                  */
01369                 b0 = gen_cmp(off_linktype, BPF_H,
01370                     LINUX_SLL_P_802_2);
01371                 b1 = gen_cmp(off_linktype + 2, BPF_B,
01372                      (bpf_int32)proto);
01373                 gen_and(b0, b1);
01374                 return b1;
01375             } else {
01376                 /*
01377                  * This is an Ethernet type, so compare
01378                  * the length/type field with it (if
01379                  * the frame is an 802.2 frame, the length
01380                  * field will be <= ETHERMTU, and, as
01381                  * "proto" is > ETHERMTU, this test
01382                  * will fail and the frame won't match,
01383                  * which is what we want).
01384                  */
01385                 return gen_cmp(off_linktype, BPF_H,
01386                     (bpf_int32)proto);
01387             }
01388         }
01389         break;
01390 
01391     case DLT_SLIP:
01392     case DLT_SLIP_BSDOS:
01393     case DLT_RAW:
01394         /*
01395          * These types don't provide any type field; packets
01396          * are always IP.
01397          *
01398          * XXX - for IPv4, check for a version number of 4, and,
01399          * for IPv6, check for a version number of 6?
01400          */
01401         switch (proto) {
01402 
01403         case ETHERTYPE_IP:
01404 #ifdef INET6
01405         case ETHERTYPE_IPV6:
01406 #endif
01407             return gen_true();      /* always true */
01408 
01409         default:
01410             return gen_false();     /* always false */
01411         }
01412         break;
01413 
01414     case DLT_PPP:
01415     case DLT_PPP_SERIAL:
01416     case DLT_PPP_ETHER:
01417         /*
01418          * We use Ethernet protocol types inside libpcap;
01419          * map them to the corresponding PPP protocol types.
01420          */
01421         switch (proto) {
01422 
01423         case ETHERTYPE_IP:
01424             proto = PPP_IP;
01425             break;
01426 
01427 #ifdef INET6
01428         case ETHERTYPE_IPV6:
01429             proto = PPP_IPV6;
01430             break;
01431 #endif
01432 
01433         case ETHERTYPE_DN:
01434             proto = PPP_DECNET;
01435             break;
01436 
01437         case ETHERTYPE_ATALK:
01438             proto = PPP_APPLE;
01439             break;
01440 
01441         case ETHERTYPE_NS:
01442             proto = PPP_NS;
01443             break;
01444 
01445         case LLCSAP_ISONS:
01446             proto = PPP_OSI;
01447             break;
01448 
01449         case LLCSAP_8021D:
01450             /*
01451              * I'm assuming the "Bridging PDU"s that go
01452              * over PPP are Spanning Tree Protocol
01453              * Bridging PDUs.
01454              */
01455             proto = PPP_BRPDU;
01456             break;
01457 
01458         case LLCSAP_IPX:
01459             proto = PPP_IPX;
01460             break;
01461         }
01462         break;
01463 
01464     case DLT_PPP_BSDOS:
01465         /*
01466          * We use Ethernet protocol types inside libpcap;
01467          * map them to the corresponding PPP protocol types.
01468          */
01469         switch (proto) {
01470 
01471         case ETHERTYPE_IP:
01472             b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
01473             b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
01474             gen_or(b0, b1);
01475             b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
01476             gen_or(b1, b0);
01477             return b0;
01478 
01479 #ifdef INET6
01480         case ETHERTYPE_IPV6:
01481             proto = PPP_IPV6;
01482             /* more to go? */
01483             break;
01484 #endif
01485 
01486         case ETHERTYPE_DN:
01487             proto = PPP_DECNET;
01488             break;
01489 
01490         case ETHERTYPE_ATALK:
01491             proto = PPP_APPLE;
01492             break;
01493 
01494         case ETHERTYPE_NS:
01495             proto = PPP_NS;
01496             break;
01497 
01498         case LLCSAP_ISONS:
01499             proto = PPP_OSI;
01500             break;
01501 
01502         case LLCSAP_8021D:
01503             /*
01504              * I'm assuming the "Bridging PDU"s that go
01505              * over PPP are Spanning Tree Protocol
01506              * Bridging PDUs.
01507              */
01508             proto = PPP_BRPDU;
01509             break;
01510 
01511         case LLCSAP_IPX:
01512             proto = PPP_IPX;
01513             break;
01514         }
01515         break;
01516 
01517     case DLT_NULL:
01518     case DLT_LOOP:
01519         /*
01520          * For DLT_NULL, the link-layer header is a 32-bit
01521          * word containing an AF_ value in *host* byte order.
01522          *
01523          * In addition, if we're reading a saved capture file,
01524          * the host byte order in the capture may not be the
01525          * same as the host byte order on this machine.
01526          *
01527          * For DLT_LOOP, the link-layer header is a 32-bit
01528          * word containing an AF_ value in *network* byte order.
01529          *
01530          * XXX - AF_ values may, unfortunately, be platform-
01531          * dependent; for example, FreeBSD's AF_INET6 is 24
01532          * whilst NetBSD's and OpenBSD's is 26.
01533          *
01534          * This means that, when reading a capture file, just
01535          * checking for our AF_INET6 value won't work if the
01536          * capture file came from another OS.
01537          */
01538         switch (proto) {
01539 
01540         case ETHERTYPE_IP:
01541             proto = AF_INET;
01542             break;
01543 
01544 #ifdef INET6
01545         case ETHERTYPE_IPV6:
01546             proto = AF_INET6;
01547             break;
01548 #endif
01549 
01550         default:
01551             /*
01552              * Not a type on which we support filtering.
01553              * XXX - support those that have AF_ values
01554              * #defined on this platform, at least?
01555              */
01556             return gen_false();
01557         }
01558 
01559         if (linktype == DLT_NULL) {
01560             /*
01561              * The AF_ value is in host byte order, but
01562              * the BPF interpreter will convert it to
01563              * network byte order.
01564              *
01565              * If this is a save file, and it's from a
01566              * machine with the opposite byte order to
01567              * ours, we byte-swap the AF_ value.
01568              *
01569              * Then we run it through "htonl()", and
01570              * generate code to compare against the result.
01571              */
01572             if (bpf_pcap->sf.rfile != NULL &&
01573                 bpf_pcap->sf.swapped)
01574                 proto = SWAPLONG(proto);
01575             proto = htonl(proto);
01576         }
01577         return (gen_cmp(0, BPF_W, (bpf_int32)proto));
01578 
01579     case DLT_ARCNET:
01580     case DLT_ARCNET_LINUX:
01581         /*
01582          * XXX should we check for first fragment if the protocol
01583          * uses PHDS?
01584          */
01585         switch (proto) {
01586 
01587         default:
01588             return gen_false();
01589 
01590 #ifdef INET6
01591         case ETHERTYPE_IPV6:
01592             return (gen_cmp(off_linktype, BPF_B,
01593                 (bpf_int32)ARCTYPE_INET6));
01594 #endif /* INET6 */
01595 
01596         case ETHERTYPE_IP:
01597             b0 = gen_cmp(off_linktype, BPF_B, 
01598                      (bpf_int32)ARCTYPE_IP);
01599             b1 = gen_cmp(off_linktype, BPF_B,
01600                      (bpf_int32)ARCTYPE_IP_OLD);
01601             gen_or(b0, b1);
01602             return (b1);
01603 
01604         case ETHERTYPE_ARP:
01605             b0 = gen_cmp(off_linktype, BPF_B,
01606                      (bpf_int32)ARCTYPE_ARP);
01607             b1 = gen_cmp(off_linktype, BPF_B, 
01608                      (bpf_int32)ARCTYPE_ARP_OLD);
01609             gen_or(b0, b1);
01610             return (b1);
01611 
01612         case ETHERTYPE_REVARP:
01613             return (gen_cmp(off_linktype, BPF_B,
01614                     (bpf_int32)ARCTYPE_REVARP));
01615 
01616         case ETHERTYPE_ATALK:
01617             return (gen_cmp(off_linktype, BPF_B,
01618                     (bpf_int32)ARCTYPE_ATALK));
01619         }
01620         break;
01621 
01622     case DLT_LTALK:
01623         switch (proto) {
01624         case ETHERTYPE_ATALK:
01625             return gen_true();
01626         default:
01627             return gen_false();
01628         }
01629         break;
01630 
01631     case DLT_FRELAY:
01632         /*
01633          * XXX - assumes a 2-byte Frame Relay header with
01634          * DLCI and flags.  What if the address is longer?
01635          */
01636         switch (proto) {
01637 
01638         case ETHERTYPE_IP:
01639             /*
01640              * Check for the special NLPID for IP.
01641              */
01642             return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
01643 
01644 #ifdef INET6
01645         case ETHERTYPE_IPV6:
01646             /*
01647              * Check for the special NLPID for IPv6.
01648              */
01649             return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
01650 #endif
01651 
01652         case LLCSAP_ISONS:
01653             /*
01654              * Check for several OSI protocols.
01655              *
01656              * Frame Relay packets typically have an OSI
01657              * NLPID at the beginning; we check for each
01658              * of them.
01659              *
01660              * What we check for is the NLPID and a frame
01661              * control field of UI, i.e. 0x03 followed
01662              * by the NLPID.
01663              */
01664             b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
01665             b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
01666             b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
01667             gen_or(b1, b2);
01668             gen_or(b0, b2);
01669             return b2;
01670 
01671         default:
01672             return gen_false();
01673         }
01674         break;
01675     }
01676 
01677     /*
01678      * All the types that have no encapsulation should either be
01679      * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
01680      * all packets are IP packets, or should be handled in some
01681      * special case, if none of them are (if some are and some
01682      * aren't, the lack of encapsulation is a problem, as we'd
01683      * have to find some other way of determining the packet type).
01684      *
01685      * Therefore, if "off_linktype" is -1, there's an error.
01686      */
01687     if (off_linktype == -1)
01688         abort();
01689 
01690     /*
01691      * Any type not handled above should always have an Ethernet
01692      * type at an offset of "off_linktype".  (PPP is partially
01693      * handled above - the protocol type is mapped from the
01694      * Ethernet and LLC types we use internally to the corresponding
01695      * PPP type - but the PPP type is always specified by a value
01696      * at "off_linktype", so we don't have to do the code generation
01697      * above.)
01698      */
01699     return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01700 }
01701 
01702 /*
01703  * Check for an LLC SNAP packet with a given organization code and
01704  * protocol type; we check the entire contents of the 802.2 LLC and
01705  * snap headers, checking for DSAP and SSAP of SNAP and a control
01706  * field of 0x03 in the LLC header, and for the specified organization
01707  * code and protocol type in the SNAP header.
01708  */
01709 static struct block *
01710 gen_snap(orgcode, ptype, offset)
01711     bpf_u_int32 orgcode;
01712     bpf_u_int32 ptype;
01713     u_int offset;
01714 {
01715     u_char snapblock[8];
01716 
01717     snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
01718     snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
01719     snapblock[2] = 0x03;        /* control = UI */
01720     snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
01721     snapblock[4] = (orgcode >> 8);  /* middle 8 bits of organization code */
01722     snapblock[5] = (orgcode >> 0);  /* lower 8 bits of organization code */
01723     snapblock[6] = (ptype >> 8);    /* upper 8 bits of protocol type */
01724     snapblock[7] = (ptype >> 0);    /* lower 8 bits of protocol type */
01725     return gen_bcmp(offset, 8, snapblock);
01726 }
01727 
01728 /*
01729  * Check for a given protocol value assuming an 802.2 LLC header.
01730  */
01731 static struct block *
01732 gen_llc(proto)
01733     int proto;
01734 {
01735     /*
01736      * XXX - handle token-ring variable-length header.
01737      */
01738     switch (proto) {
01739 
01740         case LLCSAP_IP:
01741         return gen_cmp(off_linktype, BPF_H, (long)
01742                  ((LLCSAP_IP << 8) | LLCSAP_IP));
01743                 
01744     case LLCSAP_ISONS:
01745         return gen_cmp(off_linktype, BPF_H, (long)
01746                  ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
01747 
01748     case LLCSAP_NETBEUI:
01749         return gen_cmp(off_linktype, BPF_H, (long)
01750                  ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
01751 
01752     case LLCSAP_IPX:
01753         /*
01754          * XXX - are there ever SNAP frames for IPX on
01755          * non-Ethernet 802.x networks?
01756          */
01757         return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
01758 
01759     case ETHERTYPE_ATALK:
01760         /*
01761          * 802.2-encapsulated ETHERTYPE_ATALK packets are
01762          * SNAP packets with an organization code of
01763          * 0x080007 (Apple, for Appletalk) and a protocol
01764          * type of ETHERTYPE_ATALK (Appletalk).
01765          *
01766          * XXX - check for an organization code of
01767          * encapsulated Ethernet as well?
01768          */
01769         return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
01770 
01771     default:
01772         /*
01773          * XXX - we don't have to check for IPX 802.3
01774          * here, but should we check for the IPX Ethertype?
01775          */
01776         if (proto <= ETHERMTU) {
01777             /*
01778              * This is an LLC SAP value, so check
01779              * the DSAP.
01780              */
01781             return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
01782         } else {
01783             /*
01784              * This is an Ethernet type; we assume that it's
01785              * unlikely that it'll appear in the right place
01786              * at random, and therefore check only the
01787              * location that would hold the Ethernet type
01788              * in a SNAP frame with an organization code of
01789              * 0x000000 (encapsulated Ethernet).
01790              *
01791              * XXX - if we were to check for the SNAP DSAP and
01792              * LSAP, as per XXX, and were also to check for an
01793              * organization code of 0x000000 (encapsulated
01794              * Ethernet), we'd do
01795              *
01796              *  return gen_snap(0x000000, proto,
01797              *      off_linktype);
01798              *
01799              * here; for now, we don't, as per the above.
01800              * I don't know whether it's worth the extra CPU
01801              * time to do the right check or not.
01802              */
01803             return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
01804         }
01805     }
01806 }
01807 
01808 static struct block *
01809 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
01810     bpf_u_int32 addr;
01811     bpf_u_int32 mask;
01812     int dir, proto;
01813     u_int src_off, dst_off;
01814 {
01815     struct block *b0, *b1;
01816     u_int offset;
01817 
01818     switch (dir) {
01819 
01820     case Q_SRC:
01821         offset = src_off;
01822         break;
01823 
01824     case Q_DST:
01825         offset = dst_off;
01826         break;
01827 
01828     case Q_AND:
01829         b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
01830         b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
01831         gen_and(b0, b1);
01832         return b1;
01833 
01834     case Q_OR:
01835     case Q_DEFAULT:
01836         b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
01837         b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
01838         gen_or(b0, b1);
01839         return b1;
01840 
01841     default:
01842         abort();
01843     }
01844     b0 = gen_linktype(proto);
01845     b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
01846     gen_and(b0, b1);
01847     return b1;
01848 }
01849 
01850 #ifdef INET6
01851 static struct block *
01852 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
01853     struct in6_addr *addr;
01854     struct in6_addr *mask;
01855     int dir, proto;
01856     u_int src_off, dst_off;
01857 {
01858     struct block *b0, *b1;
01859     u_int offset;
01860     u_int32_t *a, *m;
01861 
01862     switch (dir) {
01863 
01864     case Q_SRC:
01865         offset = src_off;
01866         break;
01867 
01868     case Q_DST:
01869         offset = dst_off;
01870         break;
01871 
01872     case Q_AND:
01873         b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
01874         b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
01875         gen_and(b0, b1);
01876         return b1;
01877 
01878     case Q_OR:
01879     case Q_DEFAULT:
01880         b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
01881         b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
01882         gen_or(b0, b1);
01883         return b1;
01884 
01885     default:
01886         abort();
01887     }
01888     /* this order is important */
01889     a = (u_int32_t *)addr;
01890     m = (u_int32_t *)mask;
01891     b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
01892     b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
01893     gen_and(b0, b1);
01894     b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
01895     gen_and(b0, b1);
01896     b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
01897     gen_and(b0, b1);
01898     b0 = gen_linktype(proto);
01899     gen_and(b0, b1);
01900     return b1;
01901 }
01902 #endif /*INET6*/
01903 
01904 static struct block *
01905 gen_ehostop(eaddr, dir)
01906     register const u_char *eaddr;
01907     register int dir;
01908 {
01909     register struct block *b0, *b1;
01910 
01911     switch (dir) {
01912     case Q_SRC:
01913         return gen_bcmp(off_mac + 6, 6, eaddr);
01914 
01915     case Q_DST:
01916         return gen_bcmp(off_mac + 0, 6, eaddr);
01917 
01918     case Q_AND:
01919         b0 = gen_ehostop(eaddr, Q_SRC);
01920         b1 = gen_ehostop(eaddr, Q_DST);
01921         gen_and(b0, b1);
01922         return b1;
01923 
01924     case Q_DEFAULT:
01925     case Q_OR:
01926         b0 = gen_ehostop(eaddr, Q_SRC);
01927         b1 = gen_ehostop(eaddr, Q_DST);
01928         gen_or(b0, b1);
01929         return b1;
01930     }
01931     abort();
01932     /* NOTREACHED */
01933 }
01934 
01935 /*
01936  * Like gen_ehostop, but for DLT_FDDI
01937  */
01938 static struct block *
01939 gen_fhostop(eaddr, dir)
01940     register const u_char *eaddr;
01941     register int dir;
01942 {
01943     struct block *b0, *b1;
01944 
01945     switch (dir) {
01946     case Q_SRC:
01947 #ifdef PCAP_FDDIPAD
01948         return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
01949 #else
01950         return gen_bcmp(6 + 1, 6, eaddr);
01951 #endif
01952 
01953     case Q_DST:
01954 #ifdef PCAP_FDDIPAD
01955         return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
01956 #else
01957         return gen_bcmp(0 + 1, 6, eaddr);
01958 #endif
01959 
01960     case Q_AND:
01961         b0 = gen_fhostop(eaddr, Q_SRC);
01962         b1 = gen_fhostop(eaddr, Q_DST);
01963         gen_and(b0, b1);
01964         return b1;
01965 
01966     case Q_DEFAULT:
01967     case Q_OR:
01968         b0 = gen_fhostop(eaddr, Q_SRC);
01969         b1 = gen_fhostop(eaddr, Q_DST);
01970         gen_or(b0, b1);
01971         return b1;
01972     }
01973     abort();
01974     /* NOTREACHED */
01975 }
01976 
01977 /*
01978  * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
01979  */
01980 static struct block *
01981 gen_thostop(eaddr, dir)
01982     register const u_char *eaddr;
01983     register int dir;
01984 {
01985     register struct block *b0, *b1;
01986 
01987     switch (dir) {
01988     case Q_SRC:
01989         return gen_bcmp(8, 6, eaddr);
01990 
01991     case Q_DST:
01992         return gen_bcmp(2, 6, eaddr);
01993 
01994     case Q_AND:
01995         b0 = gen_thostop(eaddr, Q_SRC);
01996         b1 = gen_thostop(eaddr, Q_DST);
01997         gen_and(b0, b1);
01998         return b1;
01999 
02000     case Q_DEFAULT:
02001     case Q_OR:
02002         b0 = gen_thostop(eaddr, Q_SRC);
02003         b1 = gen_thostop(eaddr, Q_DST);
02004         gen_or(b0, b1);
02005         return b1;
02006     }
02007     abort();
02008     /* NOTREACHED */
02009 }
02010 
02011 /*
02012  * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
02013  */
02014 static struct block *
02015 gen_wlanhostop(eaddr, dir)
02016     register const u_char *eaddr;
02017     register int dir;
02018 {
02019     register struct block *b0, *b1, *b2;
02020     register struct slist *s;
02021 
02022     switch (dir) {
02023     case Q_SRC:
02024         /*
02025          * Oh, yuk.
02026          *
02027          *  For control frames, there is no SA.
02028          *
02029          *  For management frames, SA is at an
02030          *  offset of 10 from the beginning of
02031          *  the packet.
02032          *
02033          *  For data frames, SA is at an offset
02034          *  of 10 from the beginning of the packet
02035          *  if From DS is clear, at an offset of
02036          *  16 from the beginning of the packet
02037          *  if From DS is set and To DS is clear,
02038          *  and an offset of 24 from the beginning
02039          *  of the packet if From DS is set and To DS
02040          *  is set.
02041          */
02042 
02043         /*
02044          * Generate the tests to be done for data frames
02045          * with From DS set.
02046          *
02047          * First, check for To DS set, i.e. check "link[1] & 0x01".
02048          */
02049         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02050         s->s.k = 1;
02051         b1 = new_block(JMP(BPF_JSET));
02052         b1->s.k = 0x01; /* To DS */
02053         b1->stmts = s;
02054 
02055         /*
02056          * If To DS is set, the SA is at 24.
02057          */
02058         b0 = gen_bcmp(24, 6, eaddr);
02059         gen_and(b1, b0);
02060 
02061         /*
02062          * Now, check for To DS not set, i.e. check
02063          * "!(link[1] & 0x01)".
02064          */
02065         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02066         s->s.k = 1;
02067         b2 = new_block(JMP(BPF_JSET));
02068         b2->s.k = 0x01; /* To DS */
02069         b2->stmts = s;
02070         gen_not(b2);
02071 
02072         /*
02073          * If To DS is not set, the SA is at 16.
02074          */
02075         b1 = gen_bcmp(16, 6, eaddr);
02076         gen_and(b2, b1);
02077 
02078         /*
02079          * Now OR together the last two checks.  That gives
02080          * the complete set of checks for data frames with
02081          * From DS set.
02082          */
02083         gen_or(b1, b0);
02084 
02085         /*
02086          * Now check for From DS being set, and AND that with
02087          * the ORed-together checks.
02088          */
02089         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02090         s->s.k = 1;
02091         b1 = new_block(JMP(BPF_JSET));
02092         b1->s.k = 0x02; /* From DS */
02093         b1->stmts = s;
02094         gen_and(b1, b0);
02095 
02096         /*
02097          * Now check for data frames with From DS not set.
02098          */
02099         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02100         s->s.k = 1;
02101         b2 = new_block(JMP(BPF_JSET));
02102         b2->s.k = 0x02; /* From DS */
02103         b2->stmts = s;
02104         gen_not(b2);
02105 
02106         /*
02107          * If From DS isn't set, the SA is at 10.
02108          */
02109         b1 = gen_bcmp(10, 6, eaddr);
02110         gen_and(b2, b1);
02111 
02112         /*
02113          * Now OR together the checks for data frames with
02114          * From DS not set and for data frames with From DS
02115          * set; that gives the checks done for data frames.
02116          */
02117         gen_or(b1, b0);
02118 
02119         /*
02120          * Now check for a data frame.
02121          * I.e, check "link[0] & 0x08".
02122          */
02123         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02124         s->s.k = 0;
02125         b1 = new_block(JMP(BPF_JSET));
02126         b1->s.k = 0x08;
02127         b1->stmts = s;
02128 
02129         /*
02130          * AND that with the checks done for data frames.
02131          */
02132         gen_and(b1, b0);
02133 
02134         /*
02135          * If the high-order bit of the type value is 0, this
02136          * is a management frame.
02137          * I.e, check "!(link[0] & 0x08)".
02138          */
02139         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02140         s->s.k = 0;
02141         b2 = new_block(JMP(BPF_JSET));
02142         b2->s.k = 0x08;
02143         b2->stmts = s;
02144         gen_not(b2);
02145 
02146         /*
02147          * For management frames, the SA is at 10.
02148          */
02149         b1 = gen_bcmp(10, 6, eaddr);
02150         gen_and(b2, b1);
02151 
02152         /*
02153          * OR that with the checks done for data frames.
02154          * That gives the checks done for management and
02155          * data frames.
02156          */
02157         gen_or(b1, b0);
02158 
02159         /*
02160          * If the low-order bit of the type value is 1,
02161          * this is either a control frame or a frame
02162          * with a reserved type, and thus not a
02163          * frame with an SA.
02164          *
02165          * I.e., check "!(link[0] & 0x04)".
02166          */
02167         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02168         s->s.k = 0;
02169         b1 = new_block(JMP(BPF_JSET));
02170         b1->s.k = 0x04;
02171         b1->stmts = s;
02172         gen_not(b1);
02173 
02174         /*
02175          * AND that with the checks for data and management
02176          * frames.
02177          */
02178         gen_and(b1, b0);
02179         return b0;
02180 
02181     case Q_DST:
02182         /*
02183          * Oh, yuk.
02184          *
02185          *  For control frames, there is no DA.
02186          *
02187          *  For management frames, DA is at an
02188          *  offset of 4 from the beginning of
02189          *  the packet.
02190          *
02191          *  For data frames, DA is at an offset
02192          *  of 4 from the beginning of the packet
02193          *  if To DS is clear and at an offset of
02194          *  16 from the beginning of the packet
02195          *  if To DS is set.
02196          */
02197 
02198         /*
02199          * Generate the tests to be done for data frames.
02200          *
02201          * First, check for To DS set, i.e. "link[1] & 0x01".
02202          */
02203         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02204         s->s.k = 1;
02205         b1 = new_block(JMP(BPF_JSET));
02206         b1->s.k = 0x01; /* To DS */
02207         b1->stmts = s;
02208 
02209         /*
02210          * If To DS is set, the DA is at 16.
02211          */
02212         b0 = gen_bcmp(16, 6, eaddr);
02213         gen_and(b1, b0);
02214 
02215         /*
02216          * Now, check for To DS not set, i.e. check
02217          * "!(link[1] & 0x01)".
02218          */
02219         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02220         s->s.k = 1;
02221         b2 = new_block(JMP(BPF_JSET));
02222         b2->s.k = 0x01; /* To DS */
02223         b2->stmts = s;
02224         gen_not(b2);
02225 
02226         /*
02227          * If To DS is not set, the DA is at 4.
02228          */
02229         b1 = gen_bcmp(4, 6, eaddr);
02230         gen_and(b2, b1);
02231 
02232         /*
02233          * Now OR together the last two checks.  That gives
02234          * the complete set of checks for data frames.
02235          */
02236         gen_or(b1, b0);
02237 
02238         /*
02239          * Now check for a data frame.
02240          * I.e, check "link[0] & 0x08".
02241          */
02242         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02243         s->s.k = 0;
02244         b1 = new_block(JMP(BPF_JSET));
02245         b1->s.k = 0x08;
02246         b1->stmts = s;
02247 
02248         /*
02249          * AND that with the checks done for data frames.
02250          */
02251         gen_and(b1, b0);
02252 
02253         /*
02254          * If the high-order bit of the type value is 0, this
02255          * is a management frame.
02256          * I.e, check "!(link[0] & 0x08)".
02257          */
02258         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02259         s->s.k = 0;
02260         b2 = new_block(JMP(BPF_JSET));
02261         b2->s.k = 0x08;
02262         b2->stmts = s;
02263         gen_not(b2);
02264 
02265         /*
02266          * For management frames, the DA is at 4.
02267          */
02268         b1 = gen_bcmp(4, 6, eaddr);
02269         gen_and(b2, b1);
02270 
02271         /*
02272          * OR that with the checks done for data frames.
02273          * That gives the checks done for management and
02274          * data frames.
02275          */
02276         gen_or(b1, b0);
02277 
02278         /*
02279          * If the low-order bit of the type value is 1,
02280          * this is either a control frame or a frame
02281          * with a reserved type, and thus not a
02282          * frame with an SA.
02283          *
02284          * I.e., check "!(link[0] & 0x04)".
02285          */
02286         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02287         s->s.k = 0;
02288         b1 = new_block(JMP(BPF_JSET));
02289         b1->s.k = 0x04;
02290         b1->stmts = s;
02291         gen_not(b1);
02292 
02293         /*
02294          * AND that with the checks for data and management
02295          * frames.
02296          */
02297         gen_and(b1, b0);
02298         return b0;
02299 
02300     case Q_AND:
02301         b0 = gen_wlanhostop(eaddr, Q_SRC);
02302         b1 = gen_wlanhostop(eaddr, Q_DST);
02303         gen_and(b0, b1);
02304         return b1;
02305 
02306     case Q_DEFAULT:
02307     case Q_OR:
02308         b0 = gen_wlanhostop(eaddr, Q_SRC);
02309         b1 = gen_wlanhostop(eaddr, Q_DST);
02310         gen_or(b0, b1);
02311         return b1;
02312     }
02313     abort();
02314     /* NOTREACHED */
02315 }
02316 
02317 /*
02318  * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
02319  * (We assume that the addresses are IEEE 48-bit MAC addresses,
02320  * as the RFC states.)
02321  */
02322 static struct block *
02323 gen_ipfchostop(eaddr, dir)
02324     register const u_char *eaddr;
02325     register int dir;
02326 {
02327     register struct block *b0, *b1;
02328 
02329     switch (dir) {
02330     case Q_SRC:
02331         return gen_bcmp(10, 6, eaddr);
02332 
02333     case Q_DST:
02334         return gen_bcmp(2, 6, eaddr);
02335 
02336     case Q_AND:
02337         b0 = gen_ipfchostop(eaddr, Q_SRC);
02338         b1 = gen_ipfchostop(eaddr, Q_DST);
02339         gen_and(b0, b1);
02340         return b1;
02341 
02342     case Q_DEFAULT:
02343     case Q_OR:
02344         b0 = gen_ipfchostop(eaddr, Q_SRC);
02345         b1 = gen_ipfchostop(eaddr, Q_DST);
02346         gen_or(b0, b1);
02347         return b1;
02348     }
02349     abort();
02350     /* NOTREACHED */
02351 }
02352 
02353 /*
02354  * This is quite tricky because there may be pad bytes in front of the
02355  * DECNET header, and then there are two possible data packet formats that
02356  * carry both src and dst addresses, plus 5 packet types in a format that
02357  * carries only the src node, plus 2 types that use a different format and
02358  * also carry just the src node.
02359  *
02360  * Yuck.
02361  *
02362  * Instead of doing those all right, we just look for data packets with
02363  * 0 or 1 bytes of padding.  If you want to look at other packets, that
02364  * will require a lot more hacking.
02365  *
02366  * To add support for filtering on DECNET "areas" (network numbers)
02367  * one would want to add a "mask" argument to this routine.  That would
02368  * make the filter even more inefficient, although one could be clever
02369  * and not generate masking instructions if the mask is 0xFFFF.
02370  */
02371 static struct block *
02372 gen_dnhostop(addr, dir, base_off)
02373     bpf_u_int32 addr;
02374     int dir;
02375     u_int base_off;
02376 {
02377     struct block *b0, *b1, *b2, *tmp;
02378     u_int offset_lh;    /* offset if long header is received */
02379     u_int offset_sh;    /* offset if short header is received */
02380 
02381     switch (dir) {
02382 
02383     case Q_DST:
02384         offset_sh = 1;  /* follows flags */
02385         offset_lh = 7;  /* flgs,darea,dsubarea,HIORD */
02386         break;
02387 
02388     case Q_SRC:
02389         offset_sh = 3;  /* follows flags, dstnode */
02390         offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
02391         break;
02392 
02393     case Q_AND:
02394         /* Inefficient because we do our Calvinball dance twice */
02395         b0 = gen_dnhostop(addr, Q_SRC, base_off);
02396         b1 = gen_dnhostop(addr, Q_DST, base_off);
02397         gen_and(b0, b1);
02398         return b1;
02399 
02400     case Q_OR:
02401     case Q_DEFAULT:
02402         /* Inefficient because we do our Calvinball dance twice */
02403         b0 = gen_dnhostop(addr, Q_SRC, base_off);
02404         b1 = gen_dnhostop(addr, Q_DST, base_off);
02405         gen_or(b0, b1);
02406         return b1;
02407 
02408     case Q_ISO:
02409             bpf_error("ISO host filtering not implemented");
02410 
02411     default:
02412         abort();
02413     }
02414     b0 = gen_linktype(ETHERTYPE_DN);
02415     /* Check for pad = 1, long header case */
02416     tmp = gen_mcmp(base_off + 2, BPF_H,
02417         (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
02418     b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
02419         BPF_H, (bpf_int32)ntohs(addr));
02420     gen_and(tmp, b1);
02421     /* Check for pad = 0, long header case */
02422     tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
02423     b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
02424     gen_and(tmp, b2);
02425     gen_or(b2, b1);
02426     /* Check for pad = 1, short header case */
02427     tmp = gen_mcmp(base_off + 2, BPF_H,
02428         (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
02429     b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
02430         BPF_H, (bpf_int32)ntohs(addr));
02431     gen_and(tmp, b2);
02432     gen_or(b2, b1);
02433     /* Check for pad = 0, short header case */
02434     tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
02435     b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
02436     gen_and(tmp, b2);
02437     gen_or(b2, b1);
02438 
02439     /* Combine with test for linktype */
02440     gen_and(b0, b1);
02441     return b1;
02442 }
02443 
02444 static struct block *
02445 gen_host(addr, mask, proto, dir)
02446     bpf_u_int32 addr;
02447     bpf_u_int32 mask;
02448     int proto;
02449     int dir;
02450 {
02451     struct block *b0, *b1;
02452 
02453     switch (proto) {
02454 
02455     case Q_DEFAULT:
02456         b0 = gen_host(addr, mask, Q_IP, dir);
02457         if (off_linktype != -1) {
02458             b1 = gen_host(addr, mask, Q_ARP, dir);
02459             gen_or(b0, b1);
02460             b0 = gen_host(addr, mask, Q_RARP, dir);
02461             gen_or(b1, b0);
02462         }
02463         return b0;
02464 
02465     case Q_IP:
02466         return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
02467                   off_nl + 12, off_nl + 16);
02468 
02469     case Q_RARP:
02470         return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
02471                   off_nl + 14, off_nl + 24);
02472 
02473     case Q_ARP:
02474         return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
02475                   off_nl + 14, off_nl + 24);
02476 
02477     case Q_TCP:
02478         bpf_error("'tcp' modifier applied to host");
02479 
02480     case Q_SCTP:
02481         bpf_error("'sctp' modifier applied to host");
02482 
02483     case Q_UDP:
02484         bpf_error("'udp' modifier applied to host");
02485 
02486     case Q_ICMP:
02487         bpf_error("'icmp' modifier applied to host");
02488 
02489     case Q_IGMP:
02490         bpf_error("'igmp' modifier applied to host");
02491 
02492     case Q_IGRP:
02493         bpf_error("'igrp' modifier applied to host");
02494 
02495     case Q_PIM:
02496         bpf_error("'pim' modifier applied to host");
02497 
02498     case Q_VRRP:
02499         bpf_error("'vrrp' modifier applied to host");
02500 
02501     case Q_ATALK:
02502         bpf_error("ATALK host filtering not implemented");
02503 
02504     case Q_AARP:
02505         bpf_error("AARP host filtering not implemented");
02506 
02507     case Q_DECNET:
02508         return gen_dnhostop(addr, dir, off_nl);
02509 
02510     case Q_SCA:
02511         bpf_error("SCA host filtering not implemented");
02512 
02513     case Q_LAT:
02514         bpf_error("LAT host filtering not implemented");
02515 
02516     case Q_MOPDL:
02517         bpf_error("MOPDL host filtering not implemented");
02518 
02519     case Q_MOPRC:
02520         bpf_error("MOPRC host filtering not implemented");
02521 
02522 #ifdef INET6
02523     case Q_IPV6:
02524         bpf_error("'ip6' modifier applied to ip host");
02525 
02526     case Q_ICMPV6:
02527         bpf_error("'icmp6' modifier applied to host");
02528 #endif /* INET6 */
02529 
02530     case Q_AH:
02531         bpf_error("'ah' modifier applied to host");
02532 
02533     case Q_ESP:
02534         bpf_error("'esp' modifier applied to host");
02535 
02536     case Q_ISO:
02537         bpf_error("ISO host filtering not implemented");
02538 
02539     case Q_ESIS:
02540         bpf_error("'esis' modifier applied to host");
02541 
02542     case Q_ISIS:
02543         bpf_error("'isis' modifier applied to host");
02544 
02545     case Q_CLNP:
02546         bpf_error("'clnp' modifier applied to host");
02547 
02548     case Q_STP:
02549         bpf_error("'stp' modifier applied to host");
02550 
02551     case Q_IPX:
02552         bpf_error("IPX host filtering not implemented");
02553 
02554     case Q_NETBEUI:
02555         bpf_error("'netbeui' modifier applied to host");
02556 
02557     default:
02558         abort();
02559     }
02560     /* NOTREACHED */
02561 }
02562 
02563 #ifdef INET6
02564 static struct block *
02565 gen_host6(addr, mask, proto, dir)
02566     struct in6_addr *addr;
02567     struct in6_addr *mask;
02568     int proto;
02569     int dir;
02570 {
02571     switch (proto) {
02572 
02573     case Q_DEFAULT:
02574         return gen_host6(addr, mask, Q_IPV6, dir);
02575 
02576     case Q_IP:
02577         bpf_error("'ip' modifier applied to ip6 host");
02578 
02579     case Q_RARP:
02580         bpf_error("'rarp' modifier applied to ip6 host");
02581 
02582     case Q_ARP:
02583         bpf_error("'arp' modifier applied to ip6 host");
02584 
02585     case Q_SCTP:
02586         bpf_error("'sctp' modifier applied to host");
02587 
02588     case Q_TCP:
02589         bpf_error("'tcp' modifier applied to host");
02590 
02591     case Q_UDP:
02592         bpf_error("'udp' modifier applied to host");
02593 
02594     case Q_ICMP:
02595         bpf_error("'icmp' modifier applied to host");
02596 
02597     case Q_IGMP:
02598         bpf_error("'igmp' modifier applied to host");
02599 
02600     case Q_IGRP:
02601         bpf_error("'igrp' modifier applied to host");
02602 
02603     case Q_PIM:
02604         bpf_error("'pim' modifier applied to host");
02605 
02606     case Q_VRRP:
02607         bpf_error("'vrrp' modifier applied to host");
02608 
02609     case Q_ATALK:
02610         bpf_error("ATALK host filtering not implemented");
02611 
02612     case Q_AARP:
02613         bpf_error("AARP host filtering not implemented");
02614 
02615     case Q_DECNET:
02616         bpf_error("'decnet' modifier applied to ip6 host");
02617 
02618     case Q_SCA:
02619         bpf_error("SCA host filtering not implemented");
02620 
02621     case Q_LAT:
02622         bpf_error("LAT host filtering not implemented");
02623 
02624     case Q_MOPDL:
02625         bpf_error("MOPDL host filtering not implemented");
02626 
02627     case Q_MOPRC:
02628         bpf_error("MOPRC host filtering not implemented");
02629 
02630     case Q_IPV6:
02631         return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
02632                   off_nl + 8, off_nl + 24);
02633 
02634     case Q_ICMPV6:
02635         bpf_error("'icmp6' modifier applied to host");
02636 
02637     case Q_AH:
02638         bpf_error("'ah' modifier applied to host");
02639 
02640     case Q_ESP:
02641         bpf_error("'esp' modifier applied to host");
02642 
02643     case Q_ISO:
02644         bpf_error("ISO host filtering not implemented");
02645 
02646     case Q_ESIS:
02647         bpf_error("'esis' modifier applied to host");
02648 
02649     case Q_ISIS:
02650         bpf_error("'isis' modifier applied to host");
02651 
02652     case Q_CLNP:
02653         bpf_error("'clnp' modifier applied to host");
02654 
02655     case Q_STP:
02656         bpf_error("'stp' modifier applied to host");
02657 
02658     case Q_IPX:
02659         bpf_error("IPX host filtering not implemented");
02660 
02661     case Q_NETBEUI:
02662         bpf_error("'netbeui' modifier applied to host");
02663 
02664     default:
02665         abort();
02666     }
02667     /* NOTREACHED */
02668 }
02669 #endif /*INET6*/
02670 
02671 #ifndef INET6
02672 static struct block *
02673 gen_gateway(eaddr, alist, proto, dir)
02674     const u_char *eaddr;
02675     bpf_u_int32 **alist;
02676     int proto;
02677     int dir;
02678 {
02679     struct block *b0, *b1, *tmp;
02680 
02681     if (dir != 0)
02682         bpf_error("direction applied to 'gateway'");
02683 
02684     switch (proto) {
02685     case Q_DEFAULT:
02686     case Q_IP:
02687     case Q_ARP:
02688     case Q_RARP:
02689         if (linktype == DLT_EN10MB)
02690             b0 = gen_ehostop(eaddr, Q_OR);
02691         else if (linktype == DLT_FDDI)
02692             b0 = gen_fhostop(eaddr, Q_OR);
02693         else if (linktype == DLT_IEEE802)
02694             b0 = gen_thostop(eaddr, Q_OR);
02695         else if (linktype == DLT_IEEE802_11)
02696             b0 = gen_wlanhostop(eaddr, Q_OR);
02697         else if (linktype == DLT_SUNATM && is_lane) {
02698             /*
02699              * Check that the packet doesn't begin with an
02700              * LE Control marker.  (We've already generated
02701              * a test for LANE.)
02702              */
02703             b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
02704             gen_not(b1);
02705 
02706             /*
02707              * Now check the MAC address.
02708              */
02709             b0 = gen_ehostop(eaddr, Q_OR);
02710             gen_and(b1, b0);
02711         } else if (linktype == DLT_IP_OVER_FC)
02712             b0 = gen_ipfchostop(eaddr, Q_OR);
02713         else
02714             bpf_error(
02715                 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
02716 
02717         b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
02718         while (*alist) {
02719             tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
02720             gen_or(b1, tmp);
02721             b1 = tmp;
02722         }
02723         gen_not(b1);
02724         gen_and(b0, b1);
02725         return b1;
02726     }
02727     bpf_error("illegal modifier of 'gateway'");
02728     /* NOTREACHED */
02729 }
02730 #endif
02731 
02732 struct block *
02733 gen_proto_abbrev(proto)
02734     int proto;
02735 {
02736     struct block *b0;
02737         struct block *b1;
02738 
02739     switch (proto) {
02740 
02741     case Q_SCTP:
02742         b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
02743 #ifdef INET6
02744         b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
02745         gen_or(b0, b1);
02746 #endif
02747         break;
02748 
02749     case Q_TCP:
02750         b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
02751 #ifdef INET6
02752         b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
02753         gen_or(b0, b1);
02754 #endif
02755         break;
02756 
02757     case Q_UDP:
02758         b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
02759 #ifdef INET6
02760         b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
02761         gen_or(b0, b1);
02762 #endif
02763         break;
02764 
02765     case Q_ICMP:
02766         b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
02767         break;
02768 
02769 #ifndef IPPROTO_IGMP
02770 #define IPPROTO_IGMP    2
02771 #endif
02772 
02773     case Q_IGMP:
02774         b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
02775         break;
02776 
02777 #ifndef IPPROTO_IGRP
02778 #define IPPROTO_IGRP    9
02779 #endif
02780     case Q_IGRP:
02781         b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
02782         break;
02783 
02784 #ifndef IPPROTO_PIM
02785 #define IPPROTO_PIM 103
02786 #endif
02787 
02788     case Q_PIM:
02789         b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
02790 #ifdef INET6
02791         b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
02792         gen_or(b0, b1);
02793 #endif
02794         break;
02795 
02796 #ifndef IPPROTO_VRRP
02797 #define IPPROTO_VRRP    112
02798 #endif
02799 
02800     case Q_VRRP:
02801         b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
02802         break;
02803 
02804     case Q_IP:
02805         b1 =  gen_linktype(ETHERTYPE_IP);
02806         break;
02807 
02808     case Q_ARP:
02809         b1 =  gen_linktype(ETHERTYPE_ARP);
02810         break;
02811 
02812     case Q_RARP:
02813         b1 =  gen_linktype(ETHERTYPE_REVARP);
02814         break;
02815 
02816     case Q_LINK:
02817         bpf_error("link layer applied in wrong context");
02818 
02819     case Q_ATALK:
02820         b1 =  gen_linktype(ETHERTYPE_ATALK);
02821         break;
02822 
02823     case Q_AARP:
02824         b1 =  gen_linktype(ETHERTYPE_AARP);
02825         break;
02826 
02827     case Q_DECNET:
02828         b1 =  gen_linktype(ETHERTYPE_DN);
02829         break;
02830 
02831     case Q_SCA:
02832         b1 =  gen_linktype(ETHERTYPE_SCA);
02833         break;
02834 
02835     case Q_LAT:
02836         b1 =  gen_linktype(ETHERTYPE_LAT);
02837         break;
02838 
02839     case Q_MOPDL:
02840         b1 =  gen_linktype(ETHERTYPE_MOPDL);
02841         break;
02842 
02843     case Q_MOPRC:
02844         b1 =  gen_linktype(ETHERTYPE_MOPRC);
02845         break;
02846 
02847 #ifdef INET6
02848     case Q_IPV6:
02849         b1 = gen_linktype(ETHERTYPE_IPV6);
02850         break;
02851 
02852 #ifndef IPPROTO_ICMPV6
02853 #define IPPROTO_ICMPV6  58
02854 #endif
02855     case Q_ICMPV6:
02856         b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
02857         break;
02858 #endif /* INET6 */
02859 
02860 #ifndef IPPROTO_AH
02861 #define IPPROTO_AH  51
02862 #endif
02863     case Q_AH:
02864         b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
02865 #ifdef INET6
02866         b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
02867         gen_or(b0, b1);
02868 #endif
02869         break;
02870 
02871 #ifndef IPPROTO_ESP
02872 #define IPPROTO_ESP 50
02873 #endif
02874     case Q_ESP:
02875         b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
02876 #ifdef INET6
02877         b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
02878         gen_or(b0, b1);
02879 #endif
02880         break;
02881 
02882     case Q_ISO:
02883             b1 = gen_linktype(LLCSAP_ISONS);
02884         break;
02885 
02886     case Q_ESIS:
02887             b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
02888         break;
02889 
02890     case Q_ISIS:
02891             b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
02892         break;
02893 
02894     case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
02895             b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
02896             b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
02897         gen_or(b0, b1);
02898             b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
02899         gen_or(b0, b1);
02900             b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
02901         gen_or(b0, b1);
02902             b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
02903         gen_or(b0, b1);
02904         break;
02905 
02906     case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
02907             b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
02908             b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
02909         gen_or(b0, b1);
02910             b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
02911         gen_or(b0, b1);
02912             b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
02913         gen_or(b0, b1);
02914             b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
02915         gen_or(b0, b1);
02916         break;
02917 
02918     case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
02919             b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
02920             b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
02921         gen_or(b0, b1);
02922             b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);                
02923                 gen_or(b0, b1);
02924         break;
02925 
02926     case Q_ISIS_LSP: 
02927             b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
02928             b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
02929         gen_or(b0, b1);
02930         break;
02931 
02932     case Q_ISIS_SNP:
02933             b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
02934             b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
02935         gen_or(b0, b1);
02936             b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
02937         gen_or(b0, b1);
02938             b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
02939         gen_or(b0, b1);
02940         break;
02941 
02942     case Q_ISIS_CSNP:
02943             b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
02944             b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
02945         gen_or(b0, b1);
02946         break;
02947 
02948     case Q_ISIS_PSNP:
02949             b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
02950             b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
02951         gen_or(b0, b1);
02952         break;
02953 
02954     case Q_CLNP:
02955             b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
02956         break;
02957 
02958     case Q_STP:
02959             b1 = gen_linktype(LLCSAP_8021D);
02960         break;
02961 
02962     case Q_IPX:
02963             b1 = gen_linktype(LLCSAP_IPX);
02964         break;
02965 
02966     case Q_NETBEUI:
02967             b1 = gen_linktype(LLCSAP_NETBEUI);
02968         break;
02969 
02970     default:
02971         abort();
02972     }
02973     return b1;
02974 }
02975 
02976 static struct block *
02977 gen_ipfrag()
02978 {
02979     struct slist *s;
02980     struct block *b;
02981 
02982     /* not ip frag */
02983     s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
02984     s->s.k = off_nl + 6;
02985     b = new_block(JMP(BPF_JSET));
02986     b->s.k = 0x1fff;
02987     b->stmts = s;
02988     gen_not(b);
02989 
02990     return b;
02991 }
02992 
02993 static struct block *
02994 gen_portatom(off, v)
02995     int off;
02996     bpf_int32 v;
02997 {
02998     struct slist *s;
02999     struct block *b;
03000 
03001     s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
03002     s->s.k = off_nl;
03003 
03004     s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
03005     s->next->s.k = off_nl + off;
03006 
03007     b = new_block(JMP(BPF_JEQ));
03008     b->stmts = s;
03009     b->s.k = v;
03010 
03011     return b;
03012 }
03013 
03014 #ifdef INET6
03015 static struct block *
03016 gen_portatom6(off, v)
03017     int off;
03018     bpf_int32 v;
03019 {
03020     return gen_cmp(off_nl + 40 + off, BPF_H, v);
03021 }
03022 #endif/*INET6*/
03023 
03024 struct block *
03025 gen_portop(port, proto, dir)
03026     int port, proto, dir;
03027 {
03028     struct block *b0, *b1, *tmp;
03029 
03030     /* ip proto 'proto' */
03031     tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
03032     b0 = gen_ipfrag();
03033     gen_and(tmp, b0);
03034 
03035     switch (dir) {
03036     case Q_SRC:
03037         b1 = gen_portatom(0, (bpf_int32)port);
03038         break;
03039 
03040     case Q_DST:
03041         b1 = gen_portatom(2, (bpf_int32)port);
03042         break;
03043 
03044     case Q_OR:
03045     case Q_DEFAULT:
03046         tmp = gen_portatom(0, (bpf_int32)port);
03047         b1 = gen_portatom(2, (bpf_int32)port);
03048         gen_or(tmp, b1);
03049         break;
03050 
03051     case Q_AND:
03052         tmp = gen_portatom(0, (bpf_int32)port);
03053         b1 = gen_portatom(2, (bpf_int32)port);
03054         gen_and(tmp, b1);
03055         break;
03056 
03057     default:
03058         abort();
03059     }
03060     gen_and(b0, b1);
03061 
03062     return b1;
03063 }
03064 
03065 static struct block *
03066 gen_port(port, ip_proto, dir)
03067     int port;
03068     int ip_proto;
03069     int dir;
03070 {
03071     struct block *b0, *b1, *tmp;
03072 
03073         switch (linktype) {
03074         case DLT_IEEE802_11:
03075         case DLT_PRISM_HEADER:
03076     case DLT_IEEE802_11_RADIO:
03077         case DLT_FDDI:
03078         case DLT_IEEE802:
03079         case DLT_ATM_RFC1483:
03080         case DLT_ATM_CLIP:
03081                 b0 = gen_linktype(LLCSAP_IP);
03082                 break;
03083         default:
03084                 b0 = gen_linktype(ETHERTYPE_IP);
03085                 break;
03086         }
03087 
03088     switch (ip_proto) {
03089     case IPPROTO_UDP:
03090     case IPPROTO_TCP:
03091     case IPPROTO_SCTP:
03092         b1 = gen_portop(port, ip_proto, dir);
03093         break;
03094 
03095     case PROTO_UNDEF:
03096         tmp = gen_portop(port, IPPROTO_TCP, dir);
03097         b1 = gen_portop(port, IPPROTO_UDP, dir);
03098         gen_or(tmp, b1);
03099         tmp = gen_portop(port, IPPROTO_SCTP, dir);
03100         gen_or(tmp, b1);
03101         break;
03102 
03103     default:
03104         abort();
03105     }
03106     gen_and(b0, b1);
03107     return b1;
03108 }
03109 
03110 #ifdef INET6
03111 struct block *
03112 gen_portop6(port, proto, dir)
03113     int port, proto, dir;
03114 {
03115     struct block *b0, *b1, *tmp;
03116 
03117     /* ip proto 'proto' */
03118     b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
03119 
03120     switch (dir) {
03121     case Q_SRC:
03122         b1 = gen_portatom6(0, (bpf_int32)port);
03123         break;
03124 
03125     case Q_DST:
03126         b1 = gen_portatom6(2, (bpf_int32)port);
03127         break;
03128 
03129     case Q_OR:
03130     case Q_DEFAULT:
03131         tmp = gen_portatom6(0, (bpf_int32)port);
03132         b1 = gen_portatom6(2, (bpf_int32)port);
03133         gen_or(tmp, b1);
03134         break;
03135 
03136     case Q_AND:
03137         tmp = gen_portatom6(0, (bpf_int32)port);
03138         b1 = gen_portatom6(2, (bpf_int32)port);
03139         gen_and(tmp, b1);
03140         break;
03141 
03142     default:
03143         abort();
03144     }
03145     gen_and(b0, b1);
03146 
03147     return b1;
03148 }
03149 
03150 static struct block *
03151 gen_port6(port, ip_proto, dir)
03152     int port;
03153     int ip_proto;
03154     int dir;
03155 {
03156     struct block *b0, *b1, *tmp;
03157 
03158     /* ether proto ip */
03159     b0 =  gen_linktype(ETHERTYPE_IPV6);
03160 
03161     switch (ip_proto) {
03162     case IPPROTO_UDP:
03163     case IPPROTO_TCP:
03164     case IPPROTO_SCTP:
03165         b1 = gen_portop6(port, ip_proto, dir);
03166         break;
03167 
03168     case PROTO_UNDEF:
03169         tmp = gen_portop6(port, IPPROTO_TCP, dir);
03170         b1 = gen_portop6(port, IPPROTO_UDP, dir);
03171         gen_or(tmp, b1);
03172         tmp = gen_portop6(port, IPPROTO_SCTP, dir);
03173         gen_or(tmp, b1);
03174         break;
03175 
03176     default:
03177         abort();
03178     }
03179     gen_and(b0, b1);
03180     return b1;
03181 }
03182 #endif /* INET6 */
03183 
03184 static int
03185 lookup_proto(name, proto)
03186     register const char *name;
03187     register int proto;
03188 {
03189     register int v;
03190 
03191     switch (proto) {
03192 
03193     case Q_DEFAULT:
03194     case Q_IP:
03195     case Q_IPV6:
03196         v = pcap_nametoproto(name);
03197         if (v == PROTO_UNDEF)
03198             bpf_error("unknown ip proto '%s'", name);
03199         break;
03200 
03201     case Q_LINK:
03202         /* XXX should look up h/w protocol type based on linktype */
03203         v = pcap_nametoeproto(name);
03204         if (v == PROTO_UNDEF)
03205             bpf_error("unknown ether proto '%s'", name);
03206         break;
03207 
03208     case Q_ISO:
03209         if (strcmp(name, "esis") == 0)
03210             v = ISO9542_ESIS;
03211         else if (strcmp(name, "isis") == 0)
03212             v = ISO10589_ISIS;
03213         else if (strcmp(name, "clnp") == 0)
03214             v = ISO8473_CLNP;
03215         else
03216             bpf_error("unknown osi proto '%s'", name);
03217         break;
03218 
03219     default:
03220         v = PROTO_UNDEF;
03221         break;
03222     }
03223     return v;
03224 }
03225 
03226 #if 0
03227 struct stmt *
03228 gen_joinsp(s, n)
03229     struct stmt **s;
03230     int n;
03231 {
03232     return NULL;
03233 }
03234 #endif
03235 
03236 static struct block *
03237 gen_protochain(v, proto, dir)
03238     int v;
03239     int proto;
03240     int dir;
03241 {
03242 #ifdef NO_PROTOCHAIN
03243     return gen_proto(v, proto, dir);
03244 #else
03245     struct block *b0, *b;
03246     struct slist *s[100];
03247     int fix2, fix3, fix4, fix5;
03248     int ahcheck, again, end;
03249     int i, max;
03250     int reg2 = alloc_reg();
03251 
03252     memset(s, 0, sizeof(s));
03253     fix2 = fix3 = fix4 = fix5 = 0;
03254 
03255     switch (proto) {
03256     case Q_IP:
03257     case Q_IPV6:
03258         break;
03259     case Q_DEFAULT:
03260         b0 = gen_protochain(v, Q_IP, dir);
03261         b = gen_protochain(v, Q_IPV6, dir);
03262         gen_or(b0, b);
03263         return b;
03264     default:
03265         bpf_error("bad protocol applied for 'protochain'");
03266         /*NOTREACHED*/
03267     }
03268 
03269     no_optimize = 1; /*this code is not compatible with optimzer yet */
03270 
03271     /*
03272      * s[0] is a dummy entry to protect other BPF insn from damaged
03273      * by s[fix] = foo with uninitialized variable "fix".  It is somewhat
03274      * hard to find interdependency made by jump table fixup.
03275      */
03276     i = 0;
03277     s[i] = new_stmt(0); /*dummy*/
03278     i++;
03279 
03280     switch (proto) {
03281     case Q_IP:
03282         b0 = gen_linktype(ETHERTYPE_IP);
03283 
03284         /* A = ip->ip_p */
03285         s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
03286         s[i]->s.k = off_nl + 9;
03287         i++;
03288         /* X = ip->ip_hl << 2 */
03289         s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
03290         s[i]->s.k = off_nl;
03291         i++;
03292         break;
03293 #ifdef INET6
03294     case Q_IPV6:
03295         b0 = gen_linktype(ETHERTYPE_IPV6);
03296 
03297         /* A = ip6->ip_nxt */
03298         s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
03299         s[i]->s.k = off_nl + 6;
03300         i++;
03301         /* X = sizeof(struct ip6_hdr) */
03302         s[i] = new_stmt(BPF_LDX|BPF_IMM);
03303         s[i]->s.k = 40;
03304         i++;
03305         break;
03306 #endif
03307     default:
03308         bpf_error("unsupported proto to gen_protochain");
03309         /*NOTREACHED*/
03310     }
03311 
03312     /* again: if (A == v) goto end; else fall through; */
03313     again = i;
03314     s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03315     s[i]->s.k = v;
03316     s[i]->s.jt = NULL;      /*later*/
03317     s[i]->s.jf = NULL;      /*update in next stmt*/
03318     fix5 = i;
03319     i++;
03320 
03321 #ifndef IPPROTO_NONE
03322 #define IPPROTO_NONE    59
03323 #endif
03324     /* if (A == IPPROTO_NONE) goto end */
03325     s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03326     s[i]->s.jt = NULL;  /*later*/
03327     s[i]->s.jf = NULL;  /*update in next stmt*/
03328     s[i]->s.k = IPPROTO_NONE;
03329     s[fix5]->s.jf = s[i];
03330     fix2 = i;
03331     i++;
03332 
03333 #ifdef INET6
03334     if (proto == Q_IPV6) {
03335         int v6start, v6end, v6advance, j;
03336 
03337         v6start = i;
03338         /* if (A == IPPROTO_HOPOPTS) goto v6advance */
03339         s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03340         s[i]->s.jt = NULL;  /*later*/
03341         s[i]->s.jf = NULL;  /*update in next stmt*/
03342         s[i]->s.k = IPPROTO_HOPOPTS;
03343         s[fix2]->s.jf = s[i];
03344         i++;
03345         /* if (A == IPPROTO_DSTOPTS) goto v6advance */
03346         s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03347         s[i]->s.jt = NULL;  /*later*/
03348         s[i]->s.jf = NULL;  /*update in next stmt*/
03349         s[i]->s.k = IPPROTO_DSTOPTS;
03350         i++;
03351         /* if (A == IPPROTO_ROUTING) goto v6advance */
03352         s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03353         s[i]->s.jt = NULL;  /*later*/
03354         s[i]->s.jf = NULL;  /*update in next stmt*/
03355         s[i]->s.k = IPPROTO_ROUTING;
03356         i++;
03357         /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
03358         s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03359         s[i]->s.jt = NULL;  /*later*/
03360         s[i]->s.jf = NULL;  /*later*/
03361         s[i]->s.k = IPPROTO_FRAGMENT;
03362         fix3 = i;
03363         v6end = i;
03364         i++;
03365 
03366         /* v6advance: */
03367         v6advance = i;
03368 
03369         /*
03370          * in short,
03371          * A = P[X];
03372          * X = X + (P[X + 1] + 1) * 8;
03373          */
03374         /* A = X */
03375         s[i] = new_stmt(BPF_MISC|BPF_TXA);
03376         i++;
03377         /* A = P[X + packet head] */
03378         s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
03379         s[i]->s.k = off_nl;
03380         i++;
03381         /* MEM[reg2] = A */
03382         s[i] = new_stmt(BPF_ST);
03383         s[i]->s.k = reg2;
03384         i++;
03385         /* A = X */
03386         s[i] = new_stmt(BPF_MISC|BPF_TXA);
03387         i++;
03388         /* A += 1 */
03389         s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03390         s[i]->s.k = 1;
03391         i++;
03392         /* X = A */
03393         s[i] = new_stmt(BPF_MISC|BPF_TAX);
03394         i++;
03395         /* A = P[X + packet head]; */
03396         s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
03397         s[i]->s.k = off_nl;
03398         i++;
03399         /* A += 1 */
03400         s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03401         s[i]->s.k = 1;
03402         i++;
03403         /* A *= 8 */
03404         s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
03405         s[i]->s.k = 8;
03406         i++;
03407         /* X = A; */
03408         s[i] = new_stmt(BPF_MISC|BPF_TAX);
03409         i++;
03410         /* A = MEM[reg2] */
03411         s[i] = new_stmt(BPF_LD|BPF_MEM);
03412         s[i]->s.k = reg2;
03413         i++;
03414 
03415         /* goto again; (must use BPF_JA for backward jump) */
03416         s[i] = new_stmt(BPF_JMP|BPF_JA);
03417         s[i]->s.k = again - i - 1;
03418         s[i - 1]->s.jf = s[i];
03419         i++;
03420 
03421         /* fixup */
03422         for (j = v6start; j <= v6end; j++)
03423             s[j]->s.jt = s[v6advance];
03424     } else
03425 #endif
03426     {
03427         /* nop */
03428         s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03429         s[i]->s.k = 0;
03430         s[fix2]->s.jf = s[i];
03431         i++;
03432     }
03433 
03434     /* ahcheck: */
03435     ahcheck = i;
03436     /* if (A == IPPROTO_AH) then fall through; else goto end; */
03437     s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03438     s[i]->s.jt = NULL;  /*later*/
03439     s[i]->s.jf = NULL;  /*later*/
03440     s[i]->s.k = IPPROTO_AH;
03441     if (fix3)
03442         s[fix3]->s.jf = s[ahcheck];
03443     fix4 = i;
03444     i++;
03445 
03446     /*
03447      * in short,
03448      * A = P[X];
03449      * X = X + (P[X + 1] + 2) * 4;
03450      */
03451     /* A = X */
03452     s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
03453     i++;
03454     /* A = P[X + packet head]; */
03455     s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
03456     s[i]->s.k = off_nl;
03457     i++;
03458     /* MEM[reg2] = A */
03459     s[i] = new_stmt(BPF_ST);
03460     s[i]->s.k = reg2;
03461     i++;
03462     /* A = X */
03463     s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
03464     i++;
03465     /* A += 1 */
03466     s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03467     s[i]->s.k = 1;
03468     i++;
03469     /* X = A */
03470     s[i] = new_stmt(BPF_MISC|BPF_TAX);
03471     i++;
03472     /* A = P[X + packet head] */
03473     s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
03474     s[i]->s.k = off_nl;
03475     i++;
03476     /* A += 2 */
03477     s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03478     s[i]->s.k = 2;
03479     i++;
03480     /* A *= 4 */
03481     s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
03482     s[i]->s.k = 4;
03483     i++;
03484     /* X = A; */
03485     s[i] = new_stmt(BPF_MISC|BPF_TAX);
03486     i++;
03487     /* A = MEM[reg2] */
03488     s[i] = new_stmt(BPF_LD|BPF_MEM);
03489     s[i]->s.k = reg2;
03490     i++;
03491 
03492     /* goto again; (must use BPF_JA for backward jump) */
03493     s[i] = new_stmt(BPF_JMP|BPF_JA);
03494     s[i]->s.k = again - i - 1;
03495     i++;
03496 
03497     /* end: nop */
03498     end = i;
03499     s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03500     s[i]->s.k = 0;
03501     s[fix2]->s.jt = s[end];
03502     s[fix4]->s.jf = s[end];
03503     s[fix5]->s.jt = s[end];
03504     i++;
03505 
03506     /*
03507      * make slist chain
03508      */
03509     max = i;
03510     for (i = 0; i < max - 1; i++)
03511         s[i]->next = s[i + 1];
03512     s[max - 1]->next = NULL;
03513 
03514     /*
03515      * emit final check
03516      */
03517     b = new_block(JMP(BPF_JEQ));
03518     b->stmts = s[1];    /*remember, s[0] is dummy*/
03519     b->s.k = v;
03520 
03521     free_reg(reg2);
03522 
03523     gen_and(b0, b);
03524     return b;
03525 #endif
03526 }
03527 
03528 static struct block *
03529 gen_proto(v, proto, dir)
03530     int v;
03531     int proto;
03532     int dir;
03533 {
03534     struct block *b0, *b1;
03535 
03536     if (dir != Q_DEFAULT)
03537         bpf_error("direction applied to 'proto'");
03538 
03539     switch (proto) {
03540     case Q_DEFAULT:
03541 #ifdef INET6
03542         b0 = gen_proto(v, Q_IP, dir);
03543         b1 = gen_proto(v, Q_IPV6, dir);
03544         gen_or(b0, b1);
03545         return b1;
03546 #else
03547         /*FALLTHROUGH*/
03548 #endif
03549     case Q_IP:
03550                 switch (linktype) {
03551                 case DLT_IEEE802_11:
03552                 case DLT_PRISM_HEADER:
03553         case DLT_IEEE802_11_RADIO:
03554                 case DLT_FDDI:
03555                 case DLT_IEEE802:
03556                 case DLT_ATM_RFC1483:
03557                 case DLT_ATM_CLIP:
03558             b0 = gen_linktype(LLCSAP_IP);
03559                         break;
03560                 default:
03561                         b0 = gen_linktype(ETHERTYPE_IP);
03562                         break;
03563                 }
03564 #ifndef CHASE_CHAIN
03565         b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
03566 #else
03567         b1 = gen_protochain(v, Q_IP);
03568 #endif
03569         gen_and(b0, b1);
03570         return b1;
03571 
03572     case Q_ISO:
03573         switch (linktype) {
03574 
03575         case DLT_FRELAY:
03576             /*
03577              * Frame Relay packets typically have an OSI
03578              * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
03579              * generates code to check for all the OSI
03580              * NLPIDs, so calling it and then adding a check
03581              * for the particular NLPID for which we're
03582              * looking is bogus, as we can just check for
03583              * the NLPID.
03584              *
03585              * What we check for is the NLPID and a frame
03586              * control field value of UI, i.e. 0x03 followed
03587              * by the NLPID.
03588              *
03589              * XXX - assumes a 2-byte Frame Relay header with
03590              * DLCI and flags.  What if the address is longer?
03591              *
03592              * XXX - what about SNAP-encapsulated frames?
03593              */
03594             return gen_cmp(2, BPF_H, (0x03<<8) | v);
03595             break;
03596 
03597                 case DLT_C_HDLC:
03598                         /* Cisco uses an Ethertype lookalike - for OSI its 0xfefe */
03599                         b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
03600                         /* OSI in C-HDLC is stuffed with a fudge byte */
03601             b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
03602             gen_and(b0, b1);
03603                         return b1;
03604         default:
03605             b0 = gen_linktype(LLCSAP_ISONS);
03606             b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
03607             gen_and(b0, b1);
03608             return b1;
03609         }
03610 
03611         case Q_ISIS:
03612             b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
03613             /* 4 is the offset of the PDU type relative to the IS-IS header */
03614             b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
03615             gen_and(b0, b1);
03616             return b1;
03617 
03618     case Q_ARP:
03619         bpf_error("arp does not encapsulate another protocol");
03620         /* NOTREACHED */
03621 
03622     case Q_RARP:
03623         bpf_error("rarp does not encapsulate another protocol");
03624         /* NOTREACHED */
03625 
03626     case Q_ATALK:
03627         bpf_error("atalk encapsulation is not specifiable");
03628         /* NOTREACHED */
03629 
03630     case Q_DECNET:
03631         bpf_error("decnet encapsulation is not specifiable");
03632         /* NOTREACHED */
03633 
03634     case Q_SCA:
03635         bpf_error("sca does not encapsulate another protocol");
03636         /* NOTREACHED */
03637 
03638     case Q_LAT:
03639         bpf_error("lat does not encapsulate another protocol");
03640         /* NOTREACHED */
03641 
03642     case Q_MOPRC:
03643         bpf_error("moprc does not encapsulate another protocol");
03644         /* NOTREACHED */
03645 
03646     case Q_MOPDL:
03647         bpf_error("mopdl does not encapsulate another protocol");
03648         /* NOTREACHED */
03649 
03650     case Q_LINK:
03651         return gen_linktype(v);
03652 
03653     case Q_UDP:
03654         bpf_error("'udp proto' is bogus");
03655         /* NOTREACHED */
03656 
03657     case Q_TCP:
03658         bpf_error("'tcp proto' is bogus");
03659         /* NOTREACHED */
03660 
03661     case Q_SCTP:
03662         bpf_error("'sctp proto' is bogus");
03663         /* NOTREACHED */
03664 
03665     case Q_ICMP:
03666         bpf_error("'icmp proto' is bogus");
03667         /* NOTREACHED */
03668 
03669     case Q_IGMP:
03670         bpf_error("'igmp proto' is bogus");
03671         /* NOTREACHED */
03672 
03673     case Q_IGRP:
03674         bpf_error("'igrp proto' is bogus");
03675         /* NOTREACHED */
03676 
03677     case Q_PIM:
03678         bpf_error("'pim proto' is bogus");
03679         /* NOTREACHED */
03680 
03681     case Q_VRRP:
03682         bpf_error("'vrrp proto' is bogus");
03683         /* NOTREACHED */
03684 
03685 #ifdef INET6
03686     case Q_IPV6:
03687         b0 = gen_linktype(ETHERTYPE_IPV6);
03688 #ifndef CHASE_CHAIN
03689         b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
03690 #else
03691         b1 = gen_protochain(v, Q_IPV6);
03692 #endif
03693         gen_and(b0, b1);
03694         return b1;
03695 
03696     case Q_ICMPV6:
03697         bpf_error("'icmp6 proto' is bogus");
03698 #endif /* INET6 */
03699 
03700     case Q_AH:
03701         bpf_error("'ah proto' is bogus");
03702 
03703     case Q_ESP:
03704         bpf_error("'ah proto' is bogus");
03705 
03706     case Q_STP:
03707         bpf_error("'stp proto' is bogus");
03708 
03709     case Q_IPX:
03710         bpf_error("'ipx proto' is bogus");
03711 
03712     case Q_NETBEUI:
03713         bpf_error("'netbeui proto' is bogus");
03714 
03715     default:
03716         abort();
03717         /* NOTREACHED */
03718     }
03719     /* NOTREACHED */
03720 }
03721 
03722 struct block *
03723 gen_scode(name, q)
03724     register const char *name;
03725     struct qual q;
03726 {
03727     int proto = q.proto;
03728     int dir = q.dir;
03729     int tproto;
03730     u_char *eaddr;
03731     bpf_u_int32 mask, addr;
03732 #ifndef INET6
03733     bpf_u_int32 **alist;
03734 #else
03735     int tproto6;
03736     struct sockaddr_in *sin;
03737     struct sockaddr_in6 *sin6;
03738     struct addrinfo *res, *res0;
03739     struct in6_addr mask128;
03740 #endif /*INET6*/
03741     struct block *b, *tmp;
03742     int port, real_proto;
03743 
03744     switch (q.addr) {
03745 
03746     case Q_NET:
03747         addr = pcap_nametonetaddr(name);
03748         if (addr == 0)
03749             bpf_error("unknown network '%s'", name);
03750         /* Left justify network addr and calculate its network mask */
03751         mask = 0xffffffff;
03752         while (addr && (addr & 0xff000000) == 0) {
03753             addr <<= 8;
03754             mask <<= 8;
03755         }
03756         return gen_host(addr, mask, proto, dir);
03757 
03758     case Q_DEFAULT:
03759     case Q_HOST:
03760         if (proto == Q_LINK) {
03761             switch (linktype) {
03762 
03763             case DLT_EN10MB:
03764                 eaddr = pcap_ether_hostton(name);
03765                 if (eaddr == NULL)
03766                     bpf_error(
03767                         "unknown ether host '%s'", name);
03768                 b = gen_ehostop(eaddr, dir);
03769                 free(eaddr);
03770                 return b;
03771 
03772             case DLT_FDDI:
03773                 eaddr = pcap_ether_hostton(name);
03774                 if (eaddr == NULL)
03775                     bpf_error(
03776                         "unknown FDDI host '%s'", name);
03777                 b = gen_fhostop(eaddr, dir);
03778                 free(eaddr);
03779                 return b;
03780 
03781             case DLT_IEEE802:
03782                 eaddr = pcap_ether_hostton(name);
03783                 if (eaddr == NULL)
03784                     bpf_error(
03785                         "unknown token ring host '%s'", name);
03786                 b = gen_thostop(eaddr, dir);
03787                 free(eaddr);
03788                 return b;
03789 
03790             case DLT_IEEE802_11:
03791                 eaddr = pcap_ether_hostton(name);
03792                 if (eaddr == NULL)
03793                     bpf_error(
03794                         "unknown 802.11 host '%s'", name);
03795                 b = gen_wlanhostop(eaddr, dir);
03796                 free(eaddr);
03797                 return b;
03798 
03799             case DLT_IP_OVER_FC:
03800                 eaddr = pcap_ether_hostton(name);
03801                 if (eaddr == NULL)
03802                     bpf_error(
03803                         "unknown Fibre Channel host '%s'", name);
03804                 b = gen_ipfchostop(eaddr, dir);
03805                 free(eaddr);
03806                 return b;
03807 
03808             case DLT_SUNATM:
03809                 if (!is_lane)
03810                     break;
03811 
03812                 /*
03813                  * Check that the packet doesn't begin
03814                  * with an LE Control marker.  (We've
03815                  * already generated a test for LANE.)
03816                  */
03817                 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
03818                     0xFF00);
03819                 gen_not(tmp);
03820 
03821                 eaddr = pcap_ether_hostton(name);
03822                 if (eaddr == NULL)
03823                     bpf_error(
03824                         "unknown ether host '%s'", name);
03825                 b = gen_ehostop(eaddr, dir);
03826                 gen_and(tmp, b);
03827                 free(eaddr);
03828                 return b;
03829             }
03830 
03831             bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
03832         } else if (proto == Q_DECNET) {
03833             unsigned short dn_addr = __pcap_nametodnaddr(name);
03834             /*
03835              * I don't think DECNET hosts can be multihomed, so
03836              * there is no need to build up a list of addresses
03837              */
03838             return (gen_host(dn_addr, 0, proto, dir));
03839         } else {
03840 #ifndef INET6
03841             alist = pcap_nametoaddr(name);
03842             if (alist == NULL || *alist == NULL)
03843                 bpf_error("unknown host '%s'", name);
03844             tproto = proto;
03845             if (off_linktype == -1 && tproto == Q_DEFAULT)
03846                 tproto = Q_IP;
03847             b = gen_host(**alist++, 0xffffffff, tproto, dir);
03848             while (*alist) {
03849                 tmp = gen_host(**alist++, 0xffffffff,
03850                            tproto, dir);
03851                 gen_or(b, tmp);
03852                 b = tmp;
03853             }
03854             return b;
03855 #else
03856             memset(&mask128, 0xff, sizeof(mask128));
03857             res0 = res = pcap_nametoaddrinfo(name);
03858             if (res == NULL)
03859                 bpf_error("unknown host '%s'", name);
03860             b = tmp = NULL;
03861             tproto = tproto6 = proto;
03862             if (off_linktype == -1 && tproto == Q_DEFAULT) {
03863                 tproto = Q_IP;
03864                 tproto6 = Q_IPV6;
03865             }
03866             for (res = res0; res; res = res->ai_next) {
03867                 switch (res->ai_family) {
03868                 case AF_INET:
03869                     if (tproto == Q_IPV6)
03870                         continue;
03871 
03872                     sin = (struct sockaddr_in *)
03873                         res->ai_addr;
03874                     tmp = gen_host(ntohl(sin->sin_addr.s_addr),
03875                         0xffffffff, tproto, dir);
03876                     break;
03877                 case AF_INET6:
03878                     if (tproto6 == Q_IP)
03879                         continue;
03880 
03881                     sin6 = (struct sockaddr_in6 *)
03882                         res->ai_addr;
03883                     tmp = gen_host6(&sin6->sin6_addr,
03884                         &mask128, tproto6, dir);
03885                     break;
03886                 default:
03887                     continue;
03888                 }
03889                 if (b)
03890                     gen_or(b, tmp);
03891                 b = tmp;
03892             }
03893             freeaddrinfo(res0);
03894             if (b == NULL) {
03895                 bpf_error("unknown host '%s'%s", name,
03896                     (proto == Q_DEFAULT)
03897                     ? ""
03898                     : " for specified address family");
03899             }
03900             return b;
03901 #endif /*INET6*/
03902         }
03903 
03904     case Q_PORT:
03905         if (proto != Q_DEFAULT &&
03906             proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
03907             bpf_error("illegal qualifier of 'port'");
03908         if (pcap_nametoport(name, &port, &real_proto) == 0)
03909             bpf_error("unknown port '%s'", name);
03910         if (proto == Q_UDP) {
03911             if (real_proto == IPPROTO_TCP)
03912                 bpf_error("port '%s' is tcp", name);
03913             else if (real_proto == IPPROTO_SCTP)
03914                 bpf_error("port '%s' is sctp", name);
03915             else
03916                 /* override PROTO_UNDEF */
03917                 real_proto = IPPROTO_UDP;
03918         }
03919         if (proto == Q_TCP) {
03920             if (real_proto == IPPROTO_UDP)
03921                 bpf_error("port '%s' is udp", name);
03922 
03923             else if (real_proto == IPPROTO_SCTP)
03924                 bpf_error("port '%s' is sctp", name);
03925             else
03926                 /* override PROTO_UNDEF */
03927                 real_proto = IPPROTO_TCP;
03928         }
03929         if (proto == Q_SCTP) {
03930             if (real_proto == IPPROTO_UDP)
03931                 bpf_error("port '%s' is udp", name);
03932 
03933             else if (real_proto == IPPROTO_TCP)
03934                 bpf_error("port '%s' is tcp", name);
03935             else
03936                 /* override PROTO_UNDEF */
03937                 real_proto = IPPROTO_SCTP;
03938         }
03939 #ifndef INET6
03940         return gen_port(port, real_proto, dir);
03941 #else
03942         {
03943         struct block *b;
03944         b = gen_port(port, real_proto, dir);
03945         gen_or(gen_port6(port, real_proto, dir), b);
03946         return b;
03947         }
03948 #endif /* INET6 */
03949 
03950     case Q_GATEWAY:
03951 #ifndef INET6
03952         eaddr = pcap_ether_hostton(name);
03953         if (eaddr == NULL)
03954             bpf_error("unknown ether host: %s", name);
03955 
03956         alist = pcap_nametoaddr(name);
03957         if (alist == NULL || *alist == NULL)
03958             bpf_error("unknown host '%s'", name);
03959         b = gen_gateway(eaddr, alist, proto, dir);
03960         free(eaddr);
03961         return b;
03962 #else
03963         bpf_error("'gateway' not supported in this configuration");
03964 #endif /*INET6*/
03965 
03966     case Q_PROTO:
03967         real_proto = lookup_proto(name, proto);
03968         if (real_proto >= 0)
03969             return gen_proto(real_proto, proto, dir);
03970         else
03971             bpf_error("unknown protocol: %s", name);
03972 
03973     case Q_PROTOCHAIN:
03974         real_proto = lookup_proto(name, proto);
03975         if (real_proto >= 0)
03976             return gen_protochain(real_proto, proto, dir);
03977         else
03978             bpf_error("unknown protocol: %s", name);
03979 
03980 
03981     case Q_UNDEF:
03982         syntax();
03983         /* NOTREACHED */
03984     }
03985     abort();
03986     /* NOTREACHED */
03987 }
03988 
03989 struct block *
03990 gen_mcode(s1, s2, masklen, q)
03991     register const char *s1, *s2;
03992     register int masklen;
03993     struct qual q;
03994 {
03995     register int nlen, mlen;
03996     bpf_u_int32 n, m;
03997 
03998     nlen = __pcap_atoin(s1, &n);
03999     /* Promote short ipaddr */
04000     n <<= 32 - nlen;
04001 
04002     if (s2 != NULL) {
04003         mlen = __pcap_atoin(s2, &m);
04004         /* Promote short ipaddr */
04005         m <<= 32 - mlen;
04006         if ((n & ~m) != 0)
04007             bpf_error("non-network bits set in \"%s mask %s\"",
04008                 s1, s2);
04009     } else {
04010         /* Convert mask len to mask */
04011         if (masklen > 32)
04012             bpf_error("mask length must be <= 32");
04013         m = 0xffffffff << (32 - masklen);
04014         if ((n & ~m) != 0)
04015             bpf_error("non-network bits set in \"%s/%d\"",
04016                 s1, masklen);
04017     }
04018 
04019     switch (q.addr) {
04020 
04021     case Q_NET:
04022         return gen_host(n, m, q.proto, q.dir);
04023 
04024     default:
04025         bpf_error("Mask syntax for networks only");
04026         /* NOTREACHED */
04027     }
04028 }
04029 
04030 struct block *
04031 gen_ncode(s, v, q)
04032     register const char *s;
04033     bpf_u_int32 v;
04034     struct qual q;
04035 {
04036     bpf_u_int32 mask;
04037     int proto = q.proto;
04038     int dir = q.dir;
04039     register int vlen;
04040 
04041     if (s == NULL)
04042         vlen = 32;
04043     else if (q.proto == Q_DECNET)
04044         vlen = __pcap_atodn(s, &v);
04045     else
04046         vlen = __pcap_atoin(s, &v);
04047 
04048     switch (q.addr) {
04049 
04050     case Q_DEFAULT:
04051     case Q_HOST:
04052     case Q_NET:
04053         if (proto == Q_DECNET)
04054             return gen_host(v, 0, proto, dir);
04055         else if (proto == Q_LINK) {
04056             bpf_error("illegal link layer address");
04057         } else {
04058             mask = 0xffffffff;
04059             if (s == NULL && q.addr == Q_NET) {
04060                 /* Promote short net number */
04061                 while (v && (v & 0xff000000) == 0) {
04062                     v <<= 8;
04063                     mask <<= 8;
04064                 }
04065             } else {
04066                 /* Promote short ipaddr */
04067                 v <<= 32 - vlen;
04068                 mask <<= 32 - vlen;
04069             }
04070             return gen_host(v, mask, proto, dir);
04071         }
04072 
04073     case Q_PORT:
04074         if (proto == Q_UDP)
04075             proto = IPPROTO_UDP;
04076         else if (proto == Q_TCP)
04077             proto = IPPROTO_TCP;
04078         else if (proto == Q_SCTP)
04079             proto = IPPROTO_SCTP;
04080         else if (proto == Q_DEFAULT)
04081             proto = PROTO_UNDEF;
04082         else
04083             bpf_error("illegal qualifier of 'port'");
04084 
04085 #ifndef INET6
04086         return gen_port((int)v, proto, dir);
04087 #else
04088         {
04089         struct block *b;
04090         b = gen_port((int)v, proto, dir);
04091         gen_or(gen_port6((int)v, proto, dir), b);
04092         return b;
04093         }
04094 #endif /* INET6 */
04095 
04096     case Q_GATEWAY:
04097         bpf_error("'gateway' requires a name");
04098         /* NOTREACHED */
04099 
04100     case Q_PROTO:
04101         return gen_proto((int)v, proto, dir);
04102 
04103     case Q_PROTOCHAIN:
04104         return gen_protochain((int)v, proto, dir);
04105 
04106     case Q_UNDEF:
04107         syntax();
04108         /* NOTREACHED */
04109 
04110     default:
04111         abort();
04112         /* NOTREACHED */
04113     }
04114     /* NOTREACHED */
04115 }
04116 
04117 #ifdef INET6
04118 struct block *
04119 gen_mcode6(s1, s2, masklen, q)
04120     register const char *s1, *s2;
04121     register int masklen;
04122     struct qual q;
04123 {
04124     struct addrinfo *res;
04125     struct in6_addr *addr;
04126     struct in6_addr mask;
04127     struct block *b;
04128     u_int32_t *a, *m;
04129 
04130     if (s2)
04131         bpf_error("no mask %s supported", s2);
04132 
04133     res = pcap_nametoaddrinfo(s1);
04134     if (!res)
04135         bpf_error("invalid ip6 address %s", s1);
04136     if (res->ai_next)
04137         bpf_error("%s resolved to multiple address", s1);
04138     addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
04139 
04140     if (sizeof(mask) * 8 < masklen)
04141         bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
04142     memset(&mask, 0, sizeof(mask));
04143     memset(&mask, 0xff, masklen / 8);
04144     if (masklen % 8) {
04145         mask.s6_addr[masklen / 8] =
04146             (0xff << (8 - masklen % 8)) & 0xff;
04147     }
04148 
04149     a = (u_int32_t *)addr;
04150     m = (u_int32_t *)&mask;
04151     if ((a[0] & ~m[0]) || (a[1] & ~m[1])
04152      || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
04153         bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
04154     }
04155 
04156     switch (q.addr) {
04157 
04158     case Q_DEFAULT:
04159     case Q_HOST:
04160         if (masklen != 128)
04161             bpf_error("Mask syntax for networks only");
04162         /* FALLTHROUGH */
04163 
04164     case Q_NET:
04165         b = gen_host6(addr, &mask, q.proto, q.dir);
04166         freeaddrinfo(res);
04167         return b;
04168 
04169     default:
04170         bpf_error("invalid qualifier against IPv6 address");
04171         /* NOTREACHED */
04172     }
04173 }
04174 #endif /*INET6*/
04175 
04176 struct block *
04177 gen_ecode(eaddr, q)
04178     register const u_char *eaddr;
04179     struct qual q;
04180 {
04181     struct block *b, *tmp;
04182 
04183     if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
04184         if (linktype == DLT_EN10MB)
04185             return gen_ehostop(eaddr, (int)q.dir);
04186         if (linktype == DLT_FDDI)
04187             return gen_fhostop(eaddr, (int)q.dir);
04188         if (linktype == DLT_IEEE802)
04189             return gen_thostop(eaddr, (int)q.dir);
04190         if (linktype == DLT_IEEE802_11)
04191             return gen_wlanhostop(eaddr, (int)q.dir);
04192         if (linktype == DLT_SUNATM && is_lane) {
04193             /*
04194              * Check that the packet doesn't begin with an
04195              * LE Control marker.  (We've already generated
04196              * a test for LANE.)
04197              */
04198             tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
04199             gen_not(tmp);
04200 
04201             /*
04202              * Now check the MAC address.
04203              */
04204             b = gen_ehostop(eaddr, (int)q.dir);
04205             gen_and(tmp, b);
04206             return b;
04207         }
04208         if (linktype == DLT_IP_OVER_FC)
04209             return gen_ipfchostop(eaddr, (int)q.dir);
04210         bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
04211     }
04212     bpf_error("ethernet address used in non-ether expression");
04213     /* NOTREACHED */
04214 }
04215 
04216 void
04217 sappend(s0, s1)
04218     struct slist *s0, *s1;
04219 {
04220     /*
04221      * This is definitely not the best way to do this, but the
04222      * lists will rarely get long.
04223      */
04224     while (s0->next)
04225         s0 = s0->next;
04226     s0->next = s1;
04227 }
04228 
04229 static struct slist *
04230 xfer_to_x(a)
04231     struct arth *a;
04232 {
04233     struct slist *s;
04234 
04235     s = new_stmt(BPF_LDX|BPF_MEM);
04236     s->s.k = a->regno;
04237     return s;
04238 }
04239 
04240 static struct slist *
04241 xfer_to_a(a)
04242     struct arth *a;
04243 {
04244     struct slist *s;
04245 
04246     s = new_stmt(BPF_LD|BPF_MEM);
04247     s->s.k = a->regno;
04248     return s;
04249 }
04250 
04251 struct arth *
04252 gen_load(proto, index, size)
04253     int proto;
04254     struct arth *index;
04255     int size;
04256 {
04257     struct slist *s, *tmp;
04258     struct block *b;
04259     int regno = alloc_reg();
04260 
04261     free_reg(index->regno);
04262     switch (size) {
04263 
04264     default:
04265         bpf_error("data size must be 1, 2, or 4");
04266 
04267     case 1:
04268         size = BPF_B;
04269         break;
04270 
04271     case 2:
04272         size = BPF_H;
04273         break;
04274 
04275     case 4:
04276         size = BPF_W;
04277         break;
04278     }
04279     switch (proto) {
04280     default:
04281         bpf_error("unsupported index operation");
04282 
04283     case Q_LINK:
04284         /*
04285          * XXX - what about ATM LANE?  Should the index be
04286          * relative to the beginning of the AAL5 frame, so
04287          * that 0 refers to the beginning of the LE Control
04288          * field, or relative to the beginning of the LAN
04289          * frame, so that 0 refers, for Ethernet LANE, to
04290          * the beginning of the destination address?
04291          */
04292         s = xfer_to_x(index);
04293         tmp = new_stmt(BPF_LD|BPF_IND|size);
04294         sappend(s, tmp);
04295         sappend(index->s, s);
04296         break;
04297 
04298     case Q_IP:
04299     case Q_ARP:
04300     case Q_RARP:
04301     case Q_ATALK:
04302     case Q_DECNET:
04303     case Q_SCA:
04304     case Q_LAT:
04305     case Q_MOPRC:
04306     case Q_MOPDL:
04307 #ifdef INET6
04308     case Q_IPV6:
04309 #endif
04310         /* XXX Note that we assume a fixed link header here. */
04311         s = xfer_to_x(index);
04312         tmp = new_stmt(BPF_LD|BPF_IND|size);
04313         tmp->s.k = off_nl;
04314         sappend(s, tmp);
04315         sappend(index->s, s);
04316 
04317         b = gen_proto_abbrev(proto);
04318         if (index->b)
04319             gen_and(index->b, b);
04320         index->b = b;
04321         break;
04322 
04323     case Q_SCTP:
04324     case Q_TCP:
04325     case Q_UDP:
04326     case Q_ICMP:
04327     case Q_IGMP:
04328     case Q_IGRP:
04329     case Q_PIM:
04330     case Q_VRRP:
04331         s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
04332         s->s.k = off_nl;
04333         sappend(s, xfer_to_a(index));
04334         sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
04335         sappend(s, new_stmt(BPF_MISC|BPF_TAX));
04336         sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
04337         tmp->s.k = off_nl;
04338         sappend(index->s, s);
04339 
04340         gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
04341         if (index->b)
04342             gen_and(index->b, b);
04343 #ifdef INET6
04344         gen_and(gen_proto_abbrev(Q_IP), b);
04345 #endif
04346         index->b = b;
04347         break;
04348 #ifdef INET6
04349     case Q_ICMPV6:
04350         bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
04351         /*NOTREACHED*/
04352 #endif
04353     }
04354     index->regno = regno;
04355     s = new_stmt(BPF_ST);
04356     s->s.k = regno;
04357     sappend(index->s, s);
04358 
04359     return index;
04360 }
04361 
04362 struct block *
04363 gen_relation(code, a0, a1, reversed)
04364     int code;
04365     struct arth *a0, *a1;
04366     int reversed;
04367 {
04368     struct slist *s0, *s1, *s2;
04369     struct block *b, *tmp;
04370 
04371     s0 = xfer_to_x(a1);
04372     s1 = xfer_to_a(a0);
04373     if (code == BPF_JEQ) {
04374         s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
04375         b = new_block(JMP(code));
04376         sappend(s1, s2);
04377     }
04378     else
04379         b = new_block(BPF_JMP|code|BPF_X);
04380     if (reversed)
04381         gen_not(b);
04382 
04383     sappend(s0, s1);
04384     sappend(a1->s, s0);
04385     sappend(a0->s, a1->s);
04386 
04387     b->stmts = a0->s;
04388 
04389     free_reg(a0->regno);
04390     free_reg(a1->regno);
04391 
04392     /* 'and' together protocol checks */
04393     if (a0->b) {
04394         if (a1->b) {
04395             gen_and(a0->b, tmp = a1->b);
04396         }
04397         else
04398             tmp = a0->b;
04399     } else
04400         tmp = a1->b;
04401 
04402     if (tmp)
04403         gen_and(tmp, b);
04404 
04405     return b;
04406 }
04407 
04408 struct arth *
04409 gen_loadlen()
04410 {
04411     int regno = alloc_reg();
04412     struct arth *a = (struct arth *)newchunk(sizeof(*a));
04413     struct slist *s;
04414 
04415     s = new_stmt(BPF_LD|BPF_LEN);
04416     s->next = new_stmt(BPF_ST);
04417     s->next->s.k = regno;
04418     a->s = s;
04419     a->regno = regno;
04420 
04421     return a;
04422 }
04423 
04424 struct arth *
04425 gen_loadi(val)
04426     int val;
04427 {
04428     struct arth *a;
04429     struct slist *s;
04430     int reg;
04431 
04432     a = (struct arth *)newchunk(sizeof(*a));
04433 
04434     reg = alloc_reg();
04435 
04436     s = new_stmt(BPF_LD|BPF_IMM);
04437     s->s.k = val;
04438     s->next = new_stmt(BPF_ST);
04439     s->next->s.k = reg;
04440     a->s = s;
04441     a->regno = reg;
04442 
04443     return a;
04444 }
04445 
04446 struct arth *
04447 gen_neg(a)
04448     struct arth *a;
04449 {
04450     struct slist *s;
04451 
04452     s = xfer_to_a(a);
04453     sappend(a->s, s);
04454     s = new_stmt(BPF_ALU|BPF_NEG);
04455     s->s.k = 0;
04456     sappend(a->s, s);
04457     s = new_stmt(BPF_ST);
04458     s->s.k = a->regno;
04459     sappend(a->s, s);
04460 
04461     return a;
04462 }
04463 
04464 struct arth *
04465 gen_arth(code, a0, a1)
04466     int code;
04467     struct arth *a0, *a1;
04468 {
04469     struct slist *s0, *s1, *s2;
04470 
04471     s0 = xfer_to_x(a1);
04472     s1 = xfer_to_a(a0);
04473     s2 = new_stmt(BPF_ALU|BPF_X|code);
04474 
04475     sappend(s1, s2);
04476     sappend(s0, s1);
04477     sappend(a1->s, s0);
04478     sappend(a0->s, a1->s);
04479 
04480     free_reg(a0->regno);
04481     free_reg(a1->regno);
04482 
04483     s0 = new_stmt(BPF_ST);
04484     a0->regno = s0->s.k = alloc_reg();
04485     sappend(a0->s, s0);
04486 
04487     return a0;
04488 }
04489 
04490 /*
04491  * Here we handle simple allocation of the scratch registers.
04492  * If too many registers are alloc'd, the allocator punts.
04493  */
04494 static int regused[BPF_MEMWORDS];
04495 static int curreg;
04496 
04497 /*
04498  * Return the next free register.
04499  */
04500 static int
04501 alloc_reg()
04502 {
04503     int n = BPF_MEMWORDS;
04504 
04505     while (--n >= 0) {
04506         if (regused[curreg])
04507             curreg = (curreg + 1) % BPF_MEMWORDS;
04508         else {
04509             regused[curreg] = 1;
04510             return curreg;
04511         }
04512     }
04513     bpf_error("too many registers needed to evaluate expression");
04514     /* NOTREACHED */
04515 }
04516 
04517 /*
04518  * Return a register to the table so it can
04519  * be used later.
04520  */
04521 static void
04522 free_reg(n)
04523     int n;
04524 {
04525     regused[n] = 0;
04526 }
04527 
04528 static struct block *
04529 gen_len(jmp, n)
04530     int jmp, n;
04531 {
04532     struct slist *s;
04533     struct block *b;
04534 
04535     s = new_stmt(BPF_LD|BPF_LEN);
04536     b = new_block(JMP(jmp));
04537     b->stmts = s;
04538     b->s.k = n;
04539 
04540     return b;
04541 }
04542 
04543 struct block *
04544 gen_greater(n)
04545     int n;
04546 {
04547     return gen_len(BPF_JGE, n);
04548 }
04549 
04550 /*
04551  * Actually, this is less than or equal.
04552  */
04553 struct block *
04554 gen_less(n)
04555     int n;
04556 {
04557     struct block *b;
04558 
04559     b = gen_len(BPF_JGT, n);
04560     gen_not(b);
04561 
04562     return b;
04563 }
04564 
04565 struct block *
04566 gen_byteop(op, idx, val)
04567     int op, idx, val;
04568 {
04569     struct block *b;
04570     struct slist *s;
04571 
04572     switch (op) {
04573     default:
04574         abort();
04575 
04576     case '=':
04577         return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
04578 
04579     case '<':
04580         b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
04581         b->s.code = JMP(BPF_JGE);
04582         gen_not(b);
04583         return b;
04584 
04585     case '>':
04586         b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
04587         b->s.code = JMP(BPF_JGT);
04588         return b;
04589 
04590     case '|':
04591         s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
04592         break;
04593 
04594     case '&':
04595         s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
04596         break;
04597     }
04598     s->s.k = val;
04599     b = new_block(JMP(BPF_JEQ));
04600     b->stmts = s;
04601     gen_not(b);
04602 
04603     return b;
04604 }
04605 
04606 static u_char abroadcast[] = { 0x0 };
04607 
04608 struct block *
04609 gen_broadcast(proto)
04610     int proto;
04611 {
04612     bpf_u_int32 hostmask;
04613     struct block *b0, *b1, *b2;
04614     static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
04615 
04616     switch (proto) {
04617 
04618     case Q_DEFAULT:
04619     case Q_LINK:
04620         if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
04621             return gen_ahostop(abroadcast, Q_DST);
04622         if (linktype == DLT_EN10MB)
04623             return gen_ehostop(ebroadcast, Q_DST);
04624         if (linktype == DLT_FDDI)
04625             return gen_fhostop(ebroadcast, Q_DST);
04626         if (linktype == DLT_IEEE802)
04627             return gen_thostop(ebroadcast, Q_DST);
04628         if (linktype == DLT_IEEE802_11)
04629             return gen_wlanhostop(ebroadcast, Q_DST);
04630         if (linktype == DLT_SUNATM && is_lane) {
04631             /*
04632              * Check that the packet doesn't begin with an
04633              * LE Control marker.  (We've already generated
04634              * a test for LANE.)
04635              */
04636             b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
04637             gen_not(b1);
04638 
04639             /*
04640              * Now check the MAC address.
04641              */
04642             b0 = gen_ehostop(ebroadcast, Q_DST);
04643             gen_and(b1, b0);
04644             return b0;
04645         }
04646         bpf_error("not a broadcast link");
04647         break;
04648 
04649     case Q_IP:
04650         b0 = gen_linktype(ETHERTYPE_IP);
04651         hostmask = ~netmask;
04652         b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
04653         b2 = gen_mcmp(off_nl + 16, BPF_W,
04654                   (bpf_int32)(~0 & hostmask), hostmask);
04655         gen_or(b1, b2);
04656         gen_and(b0, b2);
04657         return b2;
04658     }
04659     bpf_error("only ether/ip broadcast filters supported");
04660 }
04661 
04662 /*
04663  * Generate code to test the low-order bit of a MAC address (that's
04664  * the bottom bit of the *first* byte).
04665  */
04666 static struct block *
04667 gen_mac_multicast(offset)
04668     int offset;
04669 {
04670     register struct block *b0;
04671     register struct slist *s;
04672 
04673     /* link[offset] & 1 != 0 */
04674     s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04675     s->s.k = offset;
04676     b0 = new_block(JMP(BPF_JSET));
04677     b0->s.k = 1;
04678     b0->stmts = s;
04679     return b0;
04680 }
04681 
04682 struct block *
04683 gen_multicast(proto)
04684     int proto;
04685 {
04686     register struct block *b0, *b1, *b2;
04687     register struct slist *s;
04688 
04689     switch (proto) {
04690 
04691     case Q_DEFAULT:
04692     case Q_LINK:
04693         if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
04694             /* all ARCnet multicasts use the same address */
04695             return gen_ahostop(abroadcast, Q_DST);
04696 
04697         if (linktype == DLT_EN10MB) {
04698             /* ether[0] & 1 != 0 */
04699             return gen_mac_multicast(0);
04700         }
04701 
04702         if (linktype == DLT_FDDI) {
04703             /*
04704              * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
04705              *
04706              * XXX - was that referring to bit-order issues?
04707              */
04708             /* fddi[1] & 1 != 0 */
04709             return gen_mac_multicast(1);
04710         }
04711 
04712         if (linktype == DLT_IEEE802) {
04713             /* tr[2] & 1 != 0 */
04714             return gen_mac_multicast(2);
04715         }
04716 
04717         if (linktype == DLT_IEEE802_11) {
04718             /*
04719              * Oh, yuk.
04720              *
04721              *  For control frames, there is no DA.
04722              *
04723              *  For management frames, DA is at an
04724              *  offset of 4 from the beginning of
04725              *  the packet.
04726              *
04727              *  For data frames, DA is at an offset
04728              *  of 4 from the beginning of the packet
04729              *  if To DS is clear and at an offset of
04730              *  16 from the beginning of the packet
04731              *  if To DS is set.
04732              */
04733 
04734             /*
04735              * Generate the tests to be done for data frames.
04736              *
04737              * First, check for To DS set, i.e. "link[1] & 0x01".
04738              */
04739             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04740             s->s.k = 1;
04741             b1 = new_block(JMP(BPF_JSET));
04742             b1->s.k = 0x01; /* To DS */
04743             b1->stmts = s;
04744 
04745             /*
04746              * If To DS is set, the DA is at 16.
04747              */
04748             b0 = gen_mac_multicast(16);
04749             gen_and(b1, b0);
04750 
04751             /*
04752              * Now, check for To DS not set, i.e. check
04753              * "!(link[1] & 0x01)".
04754              */
04755             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04756             s->s.k = 1;
04757             b2 = new_block(JMP(BPF_JSET));
04758             b2->s.k = 0x01; /* To DS */
04759             b2->stmts = s;
04760             gen_not(b2);
04761 
04762             /*
04763              * If To DS is not set, the DA is at 4.
04764              */
04765             b1 = gen_mac_multicast(4);
04766             gen_and(b2, b1);
04767 
04768             /*
04769              * Now OR together the last two checks.  That gives
04770              * the complete set of checks for data frames.
04771              */
04772             gen_or(b1, b0);
04773 
04774             /*
04775              * Now check for a data frame.
04776              * I.e, check "link[0] & 0x08".
04777              */
04778             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04779             s->s.k = 0;
04780             b1 = new_block(JMP(BPF_JSET));
04781             b1->s.k = 0x08;
04782             b1->stmts = s;
04783 
04784             /*
04785              * AND that with the checks done for data frames.
04786              */
04787             gen_and(b1, b0);
04788 
04789             /*
04790              * If the high-order bit of the type value is 0, this
04791              * is a management frame.
04792              * I.e, check "!(link[0] & 0x08)".
04793              */
04794             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04795             s->s.k = 0;
04796             b2 = new_block(JMP(BPF_JSET));
04797             b2->s.k = 0x08;
04798             b2->stmts = s;
04799             gen_not(b2);
04800 
04801             /*
04802              * For management frames, the DA is at 4.
04803              */
04804             b1 = gen_mac_multicast(4);
04805             gen_and(b2, b1);
04806 
04807             /*
04808              * OR that with the checks done for data frames.
04809              * That gives the checks done for management and
04810              * data frames.
04811              */
04812             gen_or(b1, b0);
04813 
04814             /*
04815              * If the low-order bit of the type value is 1,
04816              * this is either a control frame or a frame
04817              * with a reserved type, and thus not a
04818              * frame with an SA.
04819              *
04820              * I.e., check "!(link[0] & 0x04)".
04821              */
04822             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04823             s->s.k = 0;
04824             b1 = new_block(JMP(BPF_JSET));
04825             b1->s.k = 0x04;
04826             b1->stmts = s;
04827             gen_not(b1);
04828 
04829             /*
04830              * AND that with the checks for data and management
04831              * frames.
04832              */
04833             gen_and(b1, b0);
04834             return b0;
04835         }
04836 
04837         if (linktype == DLT_SUNATM && is_lane) {
04838             /*
04839              * Check that the packet doesn't begin with an
04840              * LE Control marker.  (We've already generated
04841              * a test for LANE.)
04842              */
04843             b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
04844             gen_not(b1);
04845 
04846             /* ether[off_mac] & 1 != 0 */
04847             b0 = gen_mac_multicast(off_mac);
04848             gen_and(b1, b0);
04849             return b0;
04850         }
04851 
04852         /* Link not known to support multicasts */
04853         break;
04854 
04855     case Q_IP:
04856         b0 = gen_linktype(ETHERTYPE_IP);
04857         b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
04858         b1->s.code = JMP(BPF_JGE);
04859         gen_and(b0, b1);
04860         return b1;
04861 
04862 #ifdef INET6
04863     case Q_IPV6:
04864         b0 = gen_linktype(ETHERTYPE_IPV6);
04865         b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
04866         gen_and(b0, b1);
04867         return b1;
04868 #endif /* INET6 */
04869     }
04870     bpf_error("only IP multicast filters supported on ethernet/FDDI");
04871 }
04872 
04873 /*
04874  * generate command for inbound/outbound.  It's here so we can
04875  * make it link-type specific.  'dir' = 0 implies "inbound",
04876  * = 1 implies "outbound".
04877  */
04878 struct block *
04879 gen_inbound(dir)
04880     int dir;
04881 {
04882     register struct block *b0;
04883 
04884     /*
04885      * Only some data link types support inbound/outbound qualifiers.
04886      */
04887     switch (linktype) {
04888     case DLT_SLIP:
04889     case DLT_PPP:
04890         b0 = gen_relation(BPF_JEQ,
04891               gen_load(Q_LINK, gen_loadi(0), 1),
04892               gen_loadi(0),
04893               dir);
04894         break;
04895 
04896     case DLT_LINUX_SLL:
04897         if (dir) {
04898             /*
04899              * Match packets sent by this machine.
04900              */
04901             b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
04902         } else {
04903             /*
04904              * Match packets sent to this machine.
04905              * (No broadcast or multicast packets, or
04906              * packets sent to some other machine and
04907              * received promiscuously.)
04908              *
04909              * XXX - packets sent to other machines probably
04910              * shouldn't be matched, but what about broadcast
04911              * or multicast packets we received?
04912              */
04913             b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
04914         }
04915         break;
04916 
04917     default:
04918         bpf_error("inbound/outbound not supported on linktype %d\n",
04919             linktype);
04920         b0 = NULL;
04921         /* NOTREACHED */
04922     }
04923     return (b0);
04924 }
04925 
04926 struct block *
04927 gen_acode(eaddr, q)
04928     register const u_char *eaddr;
04929     struct qual q;
04930 {
04931     if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
04932         if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
04933             return gen_ahostop(eaddr, (int)q.dir);
04934     }
04935     bpf_error("ARCnet address used in non-arc expression");
04936     /* NOTREACHED */
04937 }
04938 
04939 static struct block *
04940 gen_ahostop(eaddr, dir)
04941     register const u_char *eaddr;
04942     register int dir;
04943 {
04944     register struct block *b0, *b1;
04945 
04946     switch (dir) {
04947     /* src comes first, different from Ethernet */
04948     case Q_SRC:
04949         return gen_bcmp(0, 1, eaddr);
04950 
04951     case Q_DST:
04952         return gen_bcmp(1, 1, eaddr);
04953 
04954     case Q_AND:
04955         b0 = gen_ahostop(eaddr, Q_SRC);
04956         b1 = gen_ahostop(eaddr, Q_DST);
04957         gen_and(b0, b1);
04958         return b1;
04959 
04960     case Q_DEFAULT:
04961     case Q_OR:
04962         b0 = gen_ahostop(eaddr, Q_SRC);
04963         b1 = gen_ahostop(eaddr, Q_DST);
04964         gen_or(b0, b1);
04965         return b1;
04966     }
04967     abort();
04968     /* NOTREACHED */
04969 }
04970 
04971 /*
04972  * support IEEE 802.1Q VLAN trunk over ethernet
04973  */
04974 struct block *
04975 gen_vlan(vlan_num)
04976     int vlan_num;
04977 {
04978     struct  block   *b0;
04979 
04980     /*
04981      * Change the offsets to point to the type and data fields within
04982      * the VLAN packet.  This is somewhat of a kludge.
04983      */
04984     if (orig_nl == (u_int)-1) {
04985         orig_linktype = off_linktype;   /* save original values */
04986         orig_nl = off_nl;
04987         orig_nl_nosnap = off_nl_nosnap;
04988 
04989         switch (linktype) {
04990 
04991         case DLT_EN10MB:
04992             off_linktype = 16;
04993             off_nl_nosnap = 18;
04994             off_nl = 18;
04995             break;
04996 
04997         default:
04998             bpf_error("no VLAN support for data link type %d",
04999                   linktype);
05000             /*NOTREACHED*/
05001         }
05002     }
05003 
05004     /* check for VLAN */
05005     b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
05006 
05007     /* If a specific VLAN is requested, check VLAN id */
05008     if (vlan_num >= 0) {
05009         struct block *b1;
05010 
05011         b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
05012         gen_and(b0, b1);
05013         b0 = b1;
05014     }
05015 
05016     return (b0);
05017 }
05018 
05019 struct block *
05020 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
05021     int atmfield;
05022     bpf_u_int32 jvalue;
05023     bpf_u_int32 jtype;
05024     int reverse;
05025 {
05026     struct block *b0;
05027 
05028     switch (atmfield) {
05029 
05030     case A_VPI:
05031         if (!is_atm)
05032             bpf_error("'vpi' supported only on raw ATM");
05033         if (off_vpi == -1)
05034             abort();
05035         b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
05036             (u_int)jvalue, reverse);
05037         break;
05038 
05039     case A_VCI:
05040         if (!is_atm)
05041             bpf_error("'vci' supported only on raw ATM");
05042         if (off_vci == -1)
05043             abort();
05044         b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
05045             (u_int)jvalue, reverse);
05046         break;
05047 
05048     case A_PROTOTYPE:
05049         if (off_proto == -1)
05050             abort();    /* XXX - this isn't on FreeBSD */
05051         b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
05052             (u_int)jvalue, reverse);
05053         break;
05054 
05055     case A_MSGTYPE:
05056         if (off_payload == -1)
05057             abort();
05058         b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
05059             (u_int)jtype, (u_int)jvalue, reverse);
05060         break;
05061 
05062     case A_CALLREFTYPE:
05063         if (!is_atm)
05064             bpf_error("'callref' supported only on raw ATM");
05065         if (off_proto == -1)
05066             abort();
05067         b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
05068             (u_int)jvalue, reverse);
05069         break;
05070 
05071     default:
05072         abort();
05073     }
05074     return b0;
05075 }
05076 
05077 struct block *
05078 gen_atmtype_abbrev(type)
05079     int type;
05080 {
05081     struct block *b0, *b1;
05082 
05083     switch (type) {
05084 
05085     case A_METAC:
05086         /* Get all packets in Meta signalling Circuit */
05087         if (!is_atm)
05088             bpf_error("'metac' supported only on raw ATM");
05089         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05090         b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
05091         gen_and(b0, b1);
05092         break;
05093 
05094     case A_BCC:
05095         /* Get all packets in Broadcast Circuit*/
05096         if (!is_atm)
05097             bpf_error("'bcc' supported only on raw ATM");
05098         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05099         b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
05100         gen_and(b0, b1);
05101         break;
05102 
05103     case A_OAMF4SC:
05104         /* Get all cells in Segment OAM F4 circuit*/
05105         if (!is_atm)
05106             bpf_error("'oam4sc' supported only on raw ATM");
05107         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05108         b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
05109         gen_and(b0, b1);
05110         break;
05111 
05112     case A_OAMF4EC:
05113         /* Get all cells in End-to-End OAM F4 Circuit*/
05114         if (!is_atm)
05115             bpf_error("'oam4ec' supported only on raw ATM");
05116         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05117         b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
05118         gen_and(b0, b1);
05119         break;
05120 
05121     case A_SC:
05122         /*  Get all packets in connection Signalling Circuit */
05123         if (!is_atm)
05124             bpf_error("'sc' supported only on raw ATM");
05125         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05126         b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
05127         gen_and(b0, b1);
05128         break;
05129 
05130     case A_ILMIC:
05131         /* Get all packets in ILMI Circuit */
05132         if (!is_atm)
05133             bpf_error("'ilmic' supported only on raw ATM");
05134         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05135         b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
05136         gen_and(b0, b1);
05137         break;
05138 
05139     case A_LANE:
05140         /* Get all LANE packets */
05141         if (!is_atm)
05142             bpf_error("'lane' supported only on raw ATM");
05143         b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
05144 
05145         /*
05146          * Arrange that all subsequent tests assume LANE
05147          * rather than LLC-encapsulated packets, and set
05148          * the offsets appropriately for LANE-encapsulated
05149          * Ethernet.
05150          *
05151          * "off_mac" is the offset of the Ethernet header,
05152          * which is 2 bytes past the ATM pseudo-header
05153          * (skipping the pseudo-header and 2-byte LE Client
05154          * field).  The other offsets are Ethernet offsets
05155          * relative to "off_mac".
05156          */
05157         is_lane = 1;
05158         off_mac = off_payload + 2;  /* MAC header */
05159         off_linktype = off_mac + 12;
05160         off_nl = off_mac + 14;      /* Ethernet II */
05161         off_nl_nosnap = off_mac + 17;   /* 802.3+802.2 */
05162         break;
05163 
05164     case A_LLC:
05165         /* Get all LLC-encapsulated packets */
05166         if (!is_atm)
05167             bpf_error("'llc' supported only on raw ATM");
05168         b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
05169         is_lane = 0;
05170         break;
05171 
05172     default:
05173         abort();
05174     }
05175     return b1;
05176 }
05177 
05178 
05179 static struct block *
05180 gen_msg_abbrev(type)
05181     int type;
05182 {
05183     struct block *b1;
05184 
05185     /*
05186      * Q.2931 signalling protocol messages for handling virtual circuits
05187      * establishment and teardown
05188      */
05189     switch (type) {
05190 
05191     case A_SETUP:
05192         b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
05193         break;
05194 
05195     case A_CALLPROCEED:
05196         b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 
05197         break;
05198 
05199     case A_CONNECT:
05200         b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
05201         break;             
05202 
05203     case A_CONNECTACK:
05204         b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);  
05205         break;
05206 
05207     case A_RELEASE:
05208         b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
05209         break;
05210 
05211     case A_RELEASE_DONE:
05212         b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);  
05213         break;
05214 
05215     default:
05216         abort();
05217     }
05218     return b1;
05219 }
05220 
05221 struct block *
05222 gen_atmmulti_abbrev(type)
05223     int type;
05224 {
05225     struct block *b0, *b1;
05226 
05227     switch (type) {
05228 
05229     case A_OAM:
05230         if (!is_atm)
05231             bpf_error("'oam' supported only on raw ATM");
05232         b1 = gen_atmmulti_abbrev(A_OAMF4);
05233         break;
05234 
05235     case A_OAMF4:
05236         if (!is_atm)
05237             bpf_error("'oamf4' supported only on raw ATM");
05238         /* OAM F4 type */
05239         b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 
05240         b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
05241         gen_or(b0, b1); 
05242         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05243         gen_and(b0, b1);
05244         break;
05245 
05246     case A_CONNECTMSG:
05247         /*
05248          * Get Q.2931 signalling messages for switched
05249          * virtual connection
05250          */
05251         if (!is_atm)
05252             bpf_error("'connectmsg' supported only on raw ATM");
05253         b0 = gen_msg_abbrev(A_SETUP);
05254         b1 = gen_msg_abbrev(A_CALLPROCEED);
05255         gen_or(b0, b1);
05256         b0 = gen_msg_abbrev(A_CONNECT);
05257         gen_or(b0, b1);
05258         b0 = gen_msg_abbrev(A_CONNECTACK);
05259         gen_or(b0, b1);
05260         b0 = gen_msg_abbrev(A_RELEASE);
05261         gen_or(b0, b1);
05262         b0 = gen_msg_abbrev(A_RELEASE_DONE);
05263         gen_or(b0, b1);
05264         b0 = gen_atmtype_abbrev(A_SC);
05265         gen_and(b0, b1);
05266         break;
05267 
05268     case A_METACONNECT:
05269         if (!is_atm)
05270             bpf_error("'metaconnect' supported only on raw ATM");
05271         b0 = gen_msg_abbrev(A_SETUP);
05272         b1 = gen_msg_abbrev(A_CALLPROCEED);
05273         gen_or(b0, b1);
05274         b0 = gen_msg_abbrev(A_CONNECT);
05275         gen_or(b0, b1);
05276         b0 = gen_msg_abbrev(A_RELEASE);
05277         gen_or(b0, b1);
05278         b0 = gen_msg_abbrev(A_RELEASE_DONE);
05279         gen_or(b0, b1);
05280         b0 = gen_atmtype_abbrev(A_METAC);
05281         gen_and(b0, b1);
05282         break;
05283 
05284     default:
05285         abort();
05286     }
05287     return b1;
05288 }

documentation. Copyright (c) 2002-2003 Politecnico di Torino. All rights reserved.