Main Page   Modules   Data Structures   File List   Data Fields   Globals   Related Pages  

gencode.c

Go to the documentation of this file.
00001 /*#define CHASE_CHAIN*/
00002 /*
00003  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
00004  *  The Regents of the University of California.  All rights reserved.
00005  *
00006  * Redistribution and use in source and binary forms, with or without
00007  * modification, are permitted provided that: (1) source code distributions
00008  * retain the above copyright notice and this paragraph in its entirety, (2)
00009  * distributions including binary code include the above copyright notice and
00010  * this paragraph in its entirety in the documentation or other materials
00011  * provided with the distribution, and (3) all advertising materials mentioning
00012  * features or use of this software display the following acknowledgement:
00013  * ``This product includes software developed by the University of California,
00014  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
00015  * the University nor the names of its contributors may be used to endorse
00016  * or promote products derived from this software without specific prior
00017  * written permission.
00018  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
00019  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
00020  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
00021  */
00022 #ifndef lint
00023 static const char rcsid[] _U_ =
00024     "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.196 2004/01/14 01:09:03 guy Exp $ (LBL)";
00025 #endif
00026 
00027 #ifdef HAVE_CONFIG_H
00028 #include "config.h"
00029 #endif
00030 
00031 #ifdef WIN32
00032 #include <pcap-stdinc.h>
00033 #else /* WIN32 */
00034 #include <sys/types.h>
00035 #include <sys/socket.h>
00036 #include <sys/time.h>
00037 #endif /* WIN32 */
00038 
00039 /*
00040  * XXX - why was this included even on UNIX?
00041  */
00042 #ifdef __MINGW32__
00043 #include "IP6_misc.h"
00044 #endif
00045 
00046 #ifndef WIN32
00047 
00048 #ifdef __NetBSD__
00049 #include <sys/param.h>
00050 #endif
00051 
00052 #include <netinet/in.h>
00053 
00054 #endif /* WIN32 */
00055 
00056 #include <stdlib.h>
00057 #include <string.h>
00058 #include <memory.h>
00059 #include <setjmp.h>
00060 #include <stdarg.h>
00061 
00062 #include "pcap-int.h"
00063 
00064 #include "ethertype.h"
00065 #include "nlpid.h"
00066 #include "llc.h"
00067 #include "gencode.h"
00068 #include "atmuni31.h"
00069 #include "sunatmpos.h"
00070 #include "ppp.h"
00071 #include "sll.h"
00072 #include "arcnet.h"
00073 #include "pf.h"
00074 #ifdef INET6
00075 #ifndef WIN32
00076 #include <netdb.h>  /* for "struct addrinfo" */
00077 #endif /* WIN32 */
00078 #endif /*INET6*/
00079 #include <pcap-namedb.h>
00080 
00081 #define ETHERMTU    1500
00082 
00083 #ifndef IPPROTO_SCTP
00084 #define IPPROTO_SCTP 132
00085 #endif
00086 
00087 #ifdef HAVE_OS_PROTO_H
00088 #include "os-proto.h"
00089 #endif
00090 
00091 #define JMP(c) ((c)|BPF_JMP|BPF_K)
00092 
00093 /* Locals */
00094 static jmp_buf top_ctx;
00095 static pcap_t *bpf_pcap;
00096 
00097 /* Hack for updating VLAN offsets. */
00098 static u_int    orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
00099 
00100 /* XXX */
00101 #ifdef PCAP_FDDIPAD
00102 int pcap_fddipad = PCAP_FDDIPAD;
00103 #else
00104 int pcap_fddipad;
00105 #endif
00106 
00107 /* VARARGS */
00108 void
00109 bpf_error(const char *fmt, ...)
00110 
00111 {
00112     va_list ap;
00113 
00114     va_start(ap, fmt);
00115     if (bpf_pcap != NULL)
00116         (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
00117             fmt, ap);
00118     va_end(ap);
00119     longjmp(top_ctx, 1);
00120     /* NOTREACHED */
00121 }
00122 
00123 static void init_linktype(int);
00124 
00125 static int alloc_reg(void);
00126 static void free_reg(int);
00127 
00128 static struct block *root;
00129 
00130 /*
00131  * We divy out chunks of memory rather than call malloc each time so
00132  * we don't have to worry about leaking memory.  It's probably
00133  * not a big deal if all this memory was wasted but it this ever
00134  * goes into a library that would probably not be a good idea.
00135  */
00136 #define NCHUNKS 16
00137 #define CHUNK0SIZE 1024
00138 struct chunk {
00139     u_int n_left;
00140     void *m;
00141 };
00142 
00143 static struct chunk chunks[NCHUNKS];
00144 static int cur_chunk;
00145 
00146 static void *newchunk(u_int);
00147 static void freechunks(void);
00148 static inline struct block *new_block(int);
00149 static inline struct slist *new_stmt(int);
00150 static struct block *gen_retblk(int);
00151 static inline void syntax(void);
00152 
00153 static void backpatch(struct block *, struct block *);
00154 static void merge(struct block *, struct block *);
00155 static struct block *gen_cmp(u_int, u_int, bpf_int32);
00156 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
00157 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
00158 static struct block *gen_bcmp(u_int, u_int, const u_char *);
00159 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
00160     bpf_u_int32, bpf_u_int32, int);
00161 static struct block *gen_uncond(int);
00162 static inline struct block *gen_true(void);
00163 static inline struct block *gen_false(void);
00164 static struct block *gen_ether_linktype(int);
00165 static struct block *gen_linktype(int);
00166 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
00167 static struct block *gen_llc(int);
00168 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
00169 #ifdef INET6
00170 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
00171 #endif
00172 static struct block *gen_ahostop(const u_char *, int);
00173 static struct block *gen_ehostop(const u_char *, int);
00174 static struct block *gen_fhostop(const u_char *, int);
00175 static struct block *gen_thostop(const u_char *, int);
00176 static struct block *gen_wlanhostop(const u_char *, int);
00177 static struct block *gen_ipfchostop(const u_char *, int);
00178 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
00179 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
00180 #ifdef INET6
00181 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
00182 #endif
00183 #ifndef INET6
00184 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
00185 #endif
00186 static struct block *gen_ipfrag(void);
00187 static struct block *gen_portatom(int, bpf_int32);
00188 #ifdef INET6
00189 static struct block *gen_portatom6(int, bpf_int32);
00190 #endif
00191 struct block *gen_portop(int, int, int);
00192 static struct block *gen_port(int, int, int);
00193 #ifdef INET6
00194 struct block *gen_portop6(int, int, int);
00195 static struct block *gen_port6(int, int, int);
00196 #endif
00197 static int lookup_proto(const char *, int);
00198 static struct block *gen_protochain(int, int, int);
00199 static struct block *gen_proto(int, int, int);
00200 static struct slist *xfer_to_x(struct arth *);
00201 static struct slist *xfer_to_a(struct arth *);
00202 static struct block *gen_mac_multicast(int);
00203 static struct block *gen_len(int, int);
00204 
00205 static struct block *gen_msg_abbrev(int type);
00206 
00207 static void *
00208 newchunk(n)
00209     u_int n;
00210 {
00211     struct chunk *cp;
00212     int k;
00213     size_t size;
00214 
00215 #ifndef __NetBSD__
00216     /* XXX Round up to nearest long. */
00217     n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
00218 #else
00219     /* XXX Round up to structure boundary. */
00220     n = ALIGN(n);
00221 #endif
00222 
00223     cp = &chunks[cur_chunk];
00224     if (n > cp->n_left) {
00225         ++cp, k = ++cur_chunk;
00226         if (k >= NCHUNKS)
00227             bpf_error("out of memory");
00228         size = CHUNK0SIZE << k;
00229         cp->m = (void *)malloc(size);
00230         if (cp->m == NULL)
00231             bpf_error("out of memory");
00232         memset((char *)cp->m, 0, size);
00233         cp->n_left = size;
00234         if (n > size)
00235             bpf_error("out of memory");
00236     }
00237     cp->n_left -= n;
00238     return (void *)((char *)cp->m + cp->n_left);
00239 }
00240 
00241 static void
00242 freechunks()
00243 {
00244     int i;
00245 
00246     cur_chunk = 0;
00247     for (i = 0; i < NCHUNKS; ++i)
00248         if (chunks[i].m != NULL) {
00249             free(chunks[i].m);
00250             chunks[i].m = NULL;
00251         }
00252 }
00253 
00254 /*
00255  * A strdup whose allocations are freed after code generation is over.
00256  */
00257 char *
00258 sdup(s)
00259     register const char *s;
00260 {
00261     int n = strlen(s) + 1;
00262     char *cp = newchunk(n);
00263 
00264     strlcpy(cp, s, n);
00265     return (cp);
00266 }
00267 
00268 static inline struct block *
00269 new_block(code)
00270     int code;
00271 {
00272     struct block *p;
00273 
00274     p = (struct block *)newchunk(sizeof(*p));
00275     p->s.code = code;
00276     p->head = p;
00277 
00278     return p;
00279 }
00280 
00281 static inline struct slist *
00282 new_stmt(code)
00283     int code;
00284 {
00285     struct slist *p;
00286 
00287     p = (struct slist *)newchunk(sizeof(*p));
00288     p->s.code = code;
00289 
00290     return p;
00291 }
00292 
00293 static struct block *
00294 gen_retblk(v)
00295     int v;
00296 {
00297     struct block *b = new_block(BPF_RET|BPF_K);
00298 
00299     b->s.k = v;
00300     return b;
00301 }
00302 
00303 static inline void
00304 syntax()
00305 {
00306     bpf_error("syntax error in filter expression");
00307 }
00308 
00309 static bpf_u_int32 netmask;
00310 static int snaplen;
00311 int no_optimize;
00312 
00313 int
00314 pcap_compile(pcap_t *p, struct bpf_program *program,
00315          char *buf, int optimize, bpf_u_int32 mask)
00316 {
00317     extern int n_errors;
00318     int len;
00319 
00320 #ifdef HAVE_REMOTE
00321     /*
00322        Check if:
00323        - We are on an remote capture
00324        - we do not want to capture RPCAP traffic
00325        
00326        If so, we have to save the current filter, because we have to add some
00327        piece of stuff later
00328     */
00329     if ( (p->rmt_clientside) && (p->rmt_flags & PCAP_OPENFLAG_NOCAPTURE_RPCAP) )
00330     {
00331     int bufferlen;
00332 
00333         if (p->currentfilter)
00334             free (p->currentfilter);
00335 
00336         if (buf)
00337             bufferlen= strlen(buf) + 1;
00338         else
00339             bufferlen= 1;
00340 
00341         p->currentfilter= (char *) malloc( sizeof(char) * bufferlen);
00342 
00343         strncpy(p->currentfilter, buf, bufferlen);
00344 
00345         p->currentfilter[bufferlen - 1]= 0;
00346     }
00347 #endif /* HAVE_REMOTE */
00348 
00349     no_optimize = 0;
00350     n_errors = 0;
00351     root = NULL;
00352     bpf_pcap = p;
00353     if (setjmp(top_ctx)) {
00354         lex_cleanup();
00355         freechunks();
00356         return (-1);
00357     }
00358 
00359     netmask = mask;
00360 
00361     snaplen = pcap_snapshot(p);
00362     if (snaplen == 0) {
00363         snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
00364              "snaplen of 0 rejects all packets");
00365         return -1;
00366     }
00367 
00368     lex_init(buf ? buf : "");
00369     init_linktype(pcap_datalink(p));
00370     (void)pcap_parse();
00371 
00372     if (n_errors)
00373         syntax();
00374 
00375     if (root == NULL)
00376         root = gen_retblk(snaplen);
00377 
00378     if (optimize && !no_optimize) {
00379         bpf_optimize(&root);
00380         if (root == NULL ||
00381             (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
00382             bpf_error("expression rejects all packets");
00383     }
00384     program->bf_insns = icode_to_fcode(root, &len);
00385     program->bf_len = len;
00386 
00387     lex_cleanup();
00388     freechunks();
00389     return (0);
00390 }
00391 
00392 /*
00393  * entry point for using the compiler with no pcap open
00394  * pass in all the stuff that is needed explicitly instead.
00395  */
00396 int
00397 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
00398             struct bpf_program *program,
00399          char *buf, int optimize, bpf_u_int32 mask)
00400 {
00401     pcap_t *p;
00402     int ret;
00403 
00404     p = pcap_open_dead(linktype_arg, snaplen_arg);
00405     if (p == NULL)
00406         return (-1);
00407     ret = pcap_compile(p, program, buf, optimize, mask);
00408     pcap_close(p);
00409     return (ret);
00410 }
00411 
00412 /*
00413  * Clean up a "struct bpf_program" by freeing all the memory allocated
00414  * in it.
00415  */
00416 void
00417 pcap_freecode(struct bpf_program *program)
00418 {
00419     program->bf_len = 0;
00420     if (program->bf_insns != NULL) {
00421         free((char *)program->bf_insns);
00422         program->bf_insns = NULL;
00423     }
00424 }
00425 
00426 /*
00427  * Backpatch the blocks in 'list' to 'target'.  The 'sense' field indicates
00428  * which of the jt and jf fields has been resolved and which is a pointer
00429  * back to another unresolved block (or nil).  At least one of the fields
00430  * in each block is already resolved.
00431  */
00432 static void
00433 backpatch(list, target)
00434     struct block *list, *target;
00435 {
00436     struct block *next;
00437 
00438     while (list) {
00439         if (!list->sense) {
00440             next = JT(list);
00441             JT(list) = target;
00442         } else {
00443             next = JF(list);
00444             JF(list) = target;
00445         }
00446         list = next;
00447     }
00448 }
00449 
00450 /*
00451  * Merge the lists in b0 and b1, using the 'sense' field to indicate
00452  * which of jt and jf is the link.
00453  */
00454 static void
00455 merge(b0, b1)
00456     struct block *b0, *b1;
00457 {
00458     register struct block **p = &b0;
00459 
00460     /* Find end of list. */
00461     while (*p)
00462         p = !((*p)->sense) ? &JT(*p) : &JF(*p);
00463 
00464     /* Concatenate the lists. */
00465     *p = b1;
00466 }
00467 
00468 void
00469 finish_parse(p)
00470     struct block *p;
00471 {
00472     backpatch(p, gen_retblk(snaplen));
00473     p->sense = !p->sense;
00474     backpatch(p, gen_retblk(0));
00475     root = p->head;
00476 }
00477 
00478 void
00479 gen_and(b0, b1)
00480     struct block *b0, *b1;
00481 {
00482     backpatch(b0, b1->head);
00483     b0->sense = !b0->sense;
00484     b1->sense = !b1->sense;
00485     merge(b1, b0);
00486     b1->sense = !b1->sense;
00487     b1->head = b0->head;
00488 }
00489 
00490 void
00491 gen_or(b0, b1)
00492     struct block *b0, *b1;
00493 {
00494     b0->sense = !b0->sense;
00495     backpatch(b0, b1->head);
00496     b0->sense = !b0->sense;
00497     merge(b1, b0);
00498     b1->head = b0->head;
00499 }
00500 
00501 void
00502 gen_not(b)
00503     struct block *b;
00504 {
00505     b->sense = !b->sense;
00506 }
00507 
00508 static struct block *
00509 gen_cmp(offset, size, v)
00510     u_int offset, size;
00511     bpf_int32 v;
00512 {
00513     struct slist *s;
00514     struct block *b;
00515 
00516     s = new_stmt(BPF_LD|BPF_ABS|size);
00517     s->s.k = offset;
00518 
00519     b = new_block(JMP(BPF_JEQ));
00520     b->stmts = s;
00521     b->s.k = v;
00522 
00523     return b;
00524 }
00525 
00526 static struct block *
00527 gen_cmp_gt(offset, size, v)
00528     u_int offset, size;
00529     bpf_int32 v;
00530 {
00531     struct slist *s;
00532     struct block *b;
00533 
00534     s = new_stmt(BPF_LD|BPF_ABS|size);
00535     s->s.k = offset;
00536 
00537     b = new_block(JMP(BPF_JGT));
00538     b->stmts = s;
00539     b->s.k = v;
00540 
00541     return b;
00542 }
00543 
00544 static struct block *
00545 gen_mcmp(offset, size, v, mask)
00546     u_int offset, size;
00547     bpf_int32 v;
00548     bpf_u_int32 mask;
00549 {
00550     struct block *b = gen_cmp(offset, size, v);
00551     struct slist *s;
00552 
00553     if (mask != 0xffffffff) {
00554         s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
00555         s->s.k = mask;
00556         b->stmts->next = s;
00557     }
00558     return b;
00559 }
00560 
00561 static struct block *
00562 gen_bcmp(offset, size, v)
00563     register u_int offset, size;
00564     register const u_char *v;
00565 {
00566     register struct block *b, *tmp;
00567 
00568     b = NULL;
00569     while (size >= 4) {
00570         register const u_char *p = &v[size - 4];
00571         bpf_int32 w = ((bpf_int32)p[0] << 24) |
00572             ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
00573 
00574         tmp = gen_cmp(offset + size - 4, BPF_W, w);
00575         if (b != NULL)
00576             gen_and(b, tmp);
00577         b = tmp;
00578         size -= 4;
00579     }
00580     while (size >= 2) {
00581         register const u_char *p = &v[size - 2];
00582         bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
00583 
00584         tmp = gen_cmp(offset + size - 2, BPF_H, w);
00585         if (b != NULL)
00586             gen_and(b, tmp);
00587         b = tmp;
00588         size -= 2;
00589     }
00590     if (size > 0) {
00591         tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
00592         if (b != NULL)
00593             gen_and(b, tmp);
00594         b = tmp;
00595     }
00596     return b;
00597 }
00598 
00599 static struct block *
00600 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
00601     bpf_u_int32 datasize, offset, mask, jtype, jvalue;
00602     int reverse;
00603 {
00604     struct slist *s;
00605     struct block *b;
00606  
00607     s = new_stmt(BPF_LD|datasize|BPF_ABS);
00608     s->s.k = offset;
00609  
00610     if (mask != 0xffffffff) {
00611         s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
00612         s->next->s.k = mask;
00613     }
00614  
00615     b = new_block(JMP(jtype));
00616     b->stmts = s;
00617     b->s.k = jvalue;
00618     if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
00619         gen_not(b);
00620     return b;
00621 }
00622 
00623 /*
00624  * Various code constructs need to know the layout of the data link
00625  * layer.  These variables give the necessary offsets.
00626  */
00627 
00628 /*
00629  * This is the offset of the beginning of the MAC-layer header.
00630  * It's usually 0, except for ATM LANE.
00631  */
00632 static u_int off_mac;
00633 
00634 /*
00635  * "off_linktype" is the offset to information in the link-layer header
00636  * giving the packet type.
00637  *
00638  * For Ethernet, it's the offset of the Ethernet type field.
00639  *
00640  * For link-layer types that always use 802.2 headers, it's the
00641  * offset of the LLC header.
00642  *
00643  * For PPP, it's the offset of the PPP type field.
00644  *
00645  * For Cisco HDLC, it's the offset of the CHDLC type field.
00646  *
00647  * For BSD loopback, it's the offset of the AF_ value.
00648  *
00649  * For Linux cooked sockets, it's the offset of the type field.
00650  *
00651  * It's set to -1 for no encapsulation, in which case, IP is assumed.
00652  */
00653 static u_int off_linktype;
00654 
00655 /*
00656  * TRUE if the link layer includes an ATM pseudo-header.
00657  */
00658 static int is_atm = 0;
00659 
00660 /*
00661  * TRUE if "lane" appeared in the filter; it causes us to generate
00662  * code that assumes LANE rather than LLC-encapsulated traffic in SunATM.
00663  */
00664 static int is_lane = 0;
00665 
00666 /*
00667  * These are offsets for the ATM pseudo-header.
00668  */
00669 static u_int off_vpi;
00670 static u_int off_vci;
00671 static u_int off_proto;
00672 
00673 /*
00674  * This is the offset of the first byte after the ATM pseudo_header,
00675  * or -1 if there is no ATM pseudo-header.
00676  */
00677 static u_int off_payload;
00678 
00679 /*
00680  * These are offsets to the beginning of the network-layer header.
00681  *
00682  * If the link layer never uses 802.2 LLC:
00683  *
00684  *  "off_nl" and "off_nl_nosnap" are the same.
00685  *
00686  * If the link layer always uses 802.2 LLC:
00687  *
00688  *  "off_nl" is the offset if there's a SNAP header following
00689  *  the 802.2 header;
00690  *
00691  *  "off_nl_nosnap" is the offset if there's no SNAP header.
00692  *
00693  * If the link layer is Ethernet:
00694  *
00695  *  "off_nl" is the offset if the packet is an Ethernet II packet
00696  *  (we assume no 802.3+802.2+SNAP);
00697  *
00698  *  "off_nl_nosnap" is the offset if the packet is an 802.3 packet
00699  *  with an 802.2 header following it.
00700  */
00701 static u_int off_nl;
00702 static u_int off_nl_nosnap;
00703 
00704 static int linktype;
00705 
00706 static void
00707 init_linktype(type)
00708     int type;
00709 {
00710     linktype = type;
00711 
00712     /*
00713      * Assume it's not raw ATM with a pseudo-header, for now.
00714      */
00715     off_mac = 0;
00716     is_atm = 0;
00717     is_lane = 0;
00718     off_vpi = -1;
00719     off_vci = -1;
00720     off_proto = -1;
00721     off_payload = -1;
00722 
00723     orig_linktype = -1;
00724     orig_nl = -1;
00725     orig_nl_nosnap = -1;
00726 
00727     switch (type) {
00728 
00729     case DLT_ARCNET:
00730         off_linktype = 2;
00731         off_nl = 6;     /* XXX in reality, variable! */
00732         off_nl_nosnap = 6;  /* no 802.2 LLC */
00733         return;
00734 
00735     case DLT_ARCNET_LINUX:
00736         off_linktype = 4;
00737         off_nl = 8;     /* XXX in reality, variable! */
00738         off_nl_nosnap = 8;  /* no 802.2 LLC */
00739         return;
00740 
00741     case DLT_EN10MB:
00742         off_linktype = 12;
00743         off_nl = 14;        /* Ethernet II */
00744         off_nl_nosnap = 17; /* 802.3+802.2 */
00745         return;
00746 
00747     case DLT_SLIP:
00748         /*
00749          * SLIP doesn't have a link level type.  The 16 byte
00750          * header is hacked into our SLIP driver.
00751          */
00752         off_linktype = -1;
00753         off_nl = 16;
00754         off_nl_nosnap = 16; /* no 802.2 LLC */
00755         return;
00756 
00757     case DLT_SLIP_BSDOS:
00758         /* XXX this may be the same as the DLT_PPP_BSDOS case */
00759         off_linktype = -1;
00760         /* XXX end */
00761         off_nl = 24;
00762         off_nl_nosnap = 24; /* no 802.2 LLC */
00763         return;
00764 
00765     case DLT_NULL:
00766     case DLT_LOOP:
00767         off_linktype = 0;
00768         off_nl = 4;
00769         off_nl_nosnap = 4;  /* no 802.2 LLC */
00770         return;
00771 
00772     case DLT_ENC:
00773         off_linktype = 0;
00774         off_nl = 12;
00775         off_nl_nosnap = 12; /* no 802.2 LLC */
00776         return;
00777 
00778     case DLT_PFLOG:
00779         off_linktype = 0;
00780         off_nl = 28;
00781         off_nl_nosnap = 28; /* no 802.2 LLC */
00782         return;
00783 
00784     case DLT_PPP:
00785     case DLT_C_HDLC:        /* BSD/OS Cisco HDLC */
00786     case DLT_PPP_SERIAL:        /* NetBSD sync/async serial PPP */
00787         off_linktype = 2;
00788         off_nl = 4;
00789         off_nl_nosnap = 4;  /* no 802.2 LLC */
00790         return;
00791 
00792     case DLT_PPP_ETHER:
00793         /*
00794          * This does no include the Ethernet header, and
00795          * only covers session state.
00796          */
00797         off_linktype = 6;
00798         off_nl = 8;
00799         off_nl_nosnap = 8;  /* no 802.2 LLC */
00800         return;
00801 
00802     case DLT_PPP_BSDOS:
00803         off_linktype = 5;
00804         off_nl = 24;
00805         off_nl_nosnap = 24; /* no 802.2 LLC */
00806         return;
00807 
00808     case DLT_FDDI:
00809         /*
00810          * FDDI doesn't really have a link-level type field.
00811          * We set "off_linktype" to the offset of the LLC header.
00812          *
00813          * To check for Ethernet types, we assume that SSAP = SNAP
00814          * is being used and pick out the encapsulated Ethernet type.
00815          * XXX - should we generate code to check for SNAP?
00816          */
00817         off_linktype = 13;
00818 #ifdef PCAP_FDDIPAD
00819         off_linktype += pcap_fddipad;
00820 #endif
00821         off_nl = 21;        /* FDDI+802.2+SNAP */
00822         off_nl_nosnap = 16; /* FDDI+802.2 */
00823 #ifdef PCAP_FDDIPAD
00824         off_nl += pcap_fddipad;
00825         off_nl_nosnap += pcap_fddipad;
00826 #endif
00827         return;
00828 
00829     case DLT_IEEE802:
00830         /*
00831          * Token Ring doesn't really have a link-level type field.
00832          * We set "off_linktype" to the offset of the LLC header.
00833          *
00834          * To check for Ethernet types, we assume that SSAP = SNAP
00835          * is being used and pick out the encapsulated Ethernet type.
00836          * XXX - should we generate code to check for SNAP?
00837          *
00838          * XXX - the header is actually variable-length.
00839          * Some various Linux patched versions gave 38
00840          * as "off_linktype" and 40 as "off_nl"; however,
00841          * if a token ring packet has *no* routing
00842          * information, i.e. is not source-routed, the correct
00843          * values are 20 and 22, as they are in the vanilla code.
00844          *
00845          * A packet is source-routed iff the uppermost bit
00846          * of the first byte of the source address, at an
00847          * offset of 8, has the uppermost bit set.  If the
00848          * packet is source-routed, the total number of bytes
00849          * of routing information is 2 plus bits 0x1F00 of
00850          * the 16-bit value at an offset of 14 (shifted right
00851          * 8 - figure out which byte that is).
00852          */
00853         off_linktype = 14;
00854         off_nl = 22;        /* Token Ring+802.2+SNAP */
00855         off_nl_nosnap = 17; /* Token Ring+802.2 */
00856         return;
00857 
00858     case DLT_IEEE802_11:
00859         /*
00860          * 802.11 doesn't really have a link-level type field.
00861          * We set "off_linktype" to the offset of the LLC header.
00862          *
00863          * To check for Ethernet types, we assume that SSAP = SNAP
00864          * is being used and pick out the encapsulated Ethernet type.
00865          * XXX - should we generate code to check for SNAP?
00866          *
00867          * XXX - the header is actually variable-length.  We
00868          * assume a 24-byte link-layer header, as appears in
00869          * data frames in networks with no bridges.
00870          */
00871         off_linktype = 24;
00872         off_nl = 32;        /* 802.11+802.2+SNAP */
00873         off_nl_nosnap = 27; /* 802.11+802.2 */
00874         return;
00875 
00876     case DLT_PRISM_HEADER:
00877         /*
00878          * Same as 802.11, but with an additional header before
00879          * the 802.11 header, containing a bunch of additional
00880          * information including radio-level information.
00881          *
00882          * The header is 144 bytes long.
00883          *
00884          * XXX - same variable-length header problem; at least
00885          * the Prism header is fixed-length.
00886          */
00887         off_linktype = 144+24;
00888         off_nl = 144+32;    /* Prism+802.11+802.2+SNAP */
00889         off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
00890         return;
00891 
00892     case DLT_IEEE802_11_RADIO:
00893         /*
00894          * Same as 802.11, but with an additional header before
00895          * the 802.11 header, containing a bunch of additional
00896          * information including radio-level information.
00897          *
00898          * The header is 64 bytes long.
00899          *
00900          * XXX - same variable-length header problem, only
00901          * more so; this header is also variable-length,
00902          * with the length being the 32-bit big-endian
00903          * number at an offset of 4 from the beginning
00904          * of the radio header.
00905          */
00906         off_linktype = 64+24;
00907         off_nl = 64+32;     /* Radio+802.11+802.2+SNAP */
00908         off_nl_nosnap = 64+27;  /* Radio+802.11+802.2 */
00909         return;
00910 
00911     case DLT_ATM_RFC1483:
00912     case DLT_ATM_CLIP:  /* Linux ATM defines this */
00913         /*
00914          * assume routed, non-ISO PDUs
00915          * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
00916          */
00917         off_linktype = 0;
00918         off_nl = 8;     /* 802.2+SNAP */
00919         off_nl_nosnap = 3;  /* 802.2 */
00920         return;
00921 
00922     case DLT_SUNATM:
00923         /*
00924          * Full Frontal ATM; you get AALn PDUs with an ATM
00925          * pseudo-header.
00926          */
00927         is_atm = 1;
00928         off_vpi = SUNATM_VPI_POS;
00929         off_vci = SUNATM_VCI_POS;
00930         off_proto = PROTO_POS;
00931         off_mac = -1;   /* LLC-encapsulated, so no MAC-layer header */  
00932         off_payload = SUNATM_PKT_BEGIN_POS;
00933         off_linktype = off_payload;
00934         off_nl = off_payload+8;     /* 802.2+SNAP */
00935         off_nl_nosnap = off_payload+3;  /* 802.2 */
00936         return;
00937 
00938     case DLT_RAW:
00939         off_linktype = -1;
00940         off_nl = 0;
00941         off_nl_nosnap = 0;  /* no 802.2 LLC */
00942         return;
00943 
00944     case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
00945         off_linktype = 14;
00946         off_nl = 16;
00947         off_nl_nosnap = 16; /* no 802.2 LLC */
00948         return;
00949 
00950     case DLT_LTALK:
00951         /*
00952          * LocalTalk does have a 1-byte type field in the LLAP header,
00953          * but really it just indicates whether there is a "short" or
00954          * "long" DDP packet following.
00955          */
00956         off_linktype = -1;
00957         off_nl = 0;
00958         off_nl_nosnap = 0;  /* no 802.2 LLC */
00959         return;
00960 
00961     case DLT_IP_OVER_FC:
00962         /*
00963          * RFC 2625 IP-over-Fibre-Channel doesn't really have a
00964          * link-level type field.  We set "off_linktype" to the
00965          * offset of the LLC header.
00966          *
00967          * To check for Ethernet types, we assume that SSAP = SNAP
00968          * is being used and pick out the encapsulated Ethernet type.
00969          * XXX - should we generate code to check for SNAP? RFC
00970          * 2625 says SNAP should be used.
00971          */
00972         off_linktype = 16;
00973         off_nl = 24;        /* IPFC+802.2+SNAP */
00974         off_nl_nosnap = 19; /* IPFC+802.2 */
00975         return;
00976 
00977     case DLT_FRELAY:
00978         /*
00979          * XXX - we should set this to handle SNAP-encapsulated
00980          * frames (NLPID of 0x80).
00981          */
00982         off_linktype = -1;
00983         off_nl = 0;
00984         off_nl_nosnap = 0;  /* no 802.2 LLC */
00985         return;
00986 
00987     case DLT_LINUX_IRDA:
00988         /*
00989          * Currently, only raw "link[N:M]" filtering is supported.
00990          */
00991         off_linktype = -1;
00992         off_nl = -1;
00993         off_nl_nosnap = -1;
00994         return;
00995 
00996     case DLT_DOCSIS:
00997         /*
00998          * Currently, only raw "link[N:M]" filtering is supported.
00999          */
01000         off_linktype = -1;
01001         off_nl = -1;
01002         off_nl_nosnap = -1;
01003         return;
01004     }
01005     bpf_error("unknown data link type %d", linktype);
01006     /* NOTREACHED */
01007 }
01008 
01009 static struct block *
01010 gen_uncond(rsense)
01011     int rsense;
01012 {
01013     struct block *b;
01014     struct slist *s;
01015 
01016     s = new_stmt(BPF_LD|BPF_IMM);
01017     s->s.k = !rsense;
01018     b = new_block(JMP(BPF_JEQ));
01019     b->stmts = s;
01020 
01021     return b;
01022 }
01023 
01024 static inline struct block *
01025 gen_true()
01026 {
01027     return gen_uncond(1);
01028 }
01029 
01030 static inline struct block *
01031 gen_false()
01032 {
01033     return gen_uncond(0);
01034 }
01035 
01036 /*
01037  * Byte-swap a 32-bit number.
01038  * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
01039  * big-endian platforms.)
01040  */
01041 #define SWAPLONG(y) \
01042 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
01043 
01044 static struct block *
01045 gen_ether_linktype(proto)
01046     register int proto;
01047 {
01048     struct block *b0, *b1;
01049 
01050     switch (proto) {
01051 
01052     case LLCSAP_ISONS:
01053         /*
01054          * OSI protocols always use 802.2 encapsulation.
01055          * XXX - should we check both the DSAP and the
01056          * SSAP, like this, or should we check just the
01057          * DSAP?
01058          */
01059         b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01060         gen_not(b0);
01061         b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01062                  ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
01063         gen_and(b0, b1);
01064         return b1;
01065 
01066     case LLCSAP_IP:
01067         b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01068         gen_not(b0);
01069         b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01070                  ((LLCSAP_IP << 8) | LLCSAP_IP));
01071         gen_and(b0, b1);
01072         return b1;
01073 
01074     case LLCSAP_NETBEUI:
01075         /*
01076          * NetBEUI always uses 802.2 encapsulation.
01077          * XXX - should we check both the DSAP and the
01078          * SSAP, like this, or should we check just the
01079          * DSAP?
01080          */
01081         b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01082         gen_not(b0);
01083         b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01084                  ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
01085         gen_and(b0, b1);
01086         return b1;
01087 
01088     case LLCSAP_IPX:
01089         /*
01090          * Check for;
01091          *
01092          *  Ethernet_II frames, which are Ethernet
01093          *  frames with a frame type of ETHERTYPE_IPX;
01094          *
01095          *  Ethernet_802.3 frames, which are 802.3
01096          *  frames (i.e., the type/length field is
01097          *  a length field, <= ETHERMTU, rather than
01098          *  a type field) with the first two bytes
01099          *  after the Ethernet/802.3 header being
01100          *  0xFFFF;
01101          *
01102          *  Ethernet_802.2 frames, which are 802.3
01103          *  frames with an 802.2 LLC header and
01104          *  with the IPX LSAP as the DSAP in the LLC
01105          *  header;
01106          *
01107          *  Ethernet_SNAP frames, which are 802.3
01108          *  frames with an LLC header and a SNAP
01109          *  header and with an OUI of 0x000000
01110          *  (encapsulated Ethernet) and a protocol
01111          *  ID of ETHERTYPE_IPX in the SNAP header.
01112          *
01113          * XXX - should we generate the same code both
01114          * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
01115          */
01116 
01117         /*
01118          * This generates code to check both for the
01119          * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
01120          */
01121         b0 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)LLCSAP_IPX);
01122         b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)0xFFFF);
01123         gen_or(b0, b1);
01124 
01125         /*
01126          * Now we add code to check for SNAP frames with
01127          * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
01128          */
01129         b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
01130         gen_or(b0, b1);
01131 
01132         /*
01133          * Now we generate code to check for 802.3
01134          * frames in general.
01135          */
01136         b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01137         gen_not(b0);
01138 
01139         /*
01140          * Now add the check for 802.3 frames before the
01141          * check for Ethernet_802.2 and Ethernet_802.3,
01142          * as those checks should only be done on 802.3
01143          * frames, not on Ethernet frames.
01144          */
01145         gen_and(b0, b1);
01146 
01147         /*
01148          * Now add the check for Ethernet_II frames, and
01149          * do that before checking for the other frame
01150          * types.
01151          */
01152         b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)ETHERTYPE_IPX);
01153         gen_or(b0, b1);
01154         return b1;
01155 
01156     case ETHERTYPE_ATALK:
01157     case ETHERTYPE_AARP:
01158         /*
01159          * EtherTalk (AppleTalk protocols on Ethernet link
01160          * layer) may use 802.2 encapsulation.
01161          */
01162 
01163         /*
01164          * Check for 802.2 encapsulation (EtherTalk phase 2?);
01165          * we check for an Ethernet type field less than
01166          * 1500, which means it's an 802.3 length field.
01167          */
01168         b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01169         gen_not(b0);
01170 
01171         /*
01172          * 802.2-encapsulated ETHERTYPE_ATALK packets are
01173          * SNAP packets with an organization code of
01174          * 0x080007 (Apple, for Appletalk) and a protocol
01175          * type of ETHERTYPE_ATALK (Appletalk).
01176          *
01177          * 802.2-encapsulated ETHERTYPE_AARP packets are
01178          * SNAP packets with an organization code of
01179          * 0x000000 (encapsulated Ethernet) and a protocol
01180          * type of ETHERTYPE_AARP (Appletalk ARP).
01181          */
01182         if (proto == ETHERTYPE_ATALK)
01183             b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
01184         else    /* proto == ETHERTYPE_AARP */
01185             b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
01186         gen_and(b0, b1);
01187 
01188         /*
01189          * Check for Ethernet encapsulation (Ethertalk
01190          * phase 1?); we just check for the Ethernet
01191          * protocol type.
01192          */
01193         b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01194 
01195         gen_or(b0, b1);
01196         return b1;
01197 
01198     default:
01199         if (proto <= ETHERMTU) {
01200             /*
01201              * This is an LLC SAP value, so the frames
01202              * that match would be 802.2 frames.
01203              * Check that the frame is an 802.2 frame
01204              * (i.e., that the length/type field is
01205              * a length field, <= ETHERMTU) and
01206              * then check the DSAP.
01207              */
01208             b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01209             gen_not(b0);
01210             b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
01211             gen_and(b0, b1);
01212             return b1;
01213         } else {
01214             /*
01215              * This is an Ethernet type, so compare
01216              * the length/type field with it (if
01217              * the frame is an 802.2 frame, the length
01218              * field will be <= ETHERMTU, and, as
01219              * "proto" is > ETHERMTU, this test
01220              * will fail and the frame won't match,
01221              * which is what we want).
01222              */
01223             return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01224         }
01225     }
01226 }
01227 
01228 static struct block *
01229 gen_linktype(proto)
01230     register int proto;
01231 {
01232     struct block *b0, *b1, *b2;
01233 
01234     switch (linktype) {
01235 
01236     case DLT_EN10MB:
01237         return gen_ether_linktype(proto);
01238         break;
01239 
01240     case DLT_C_HDLC:
01241         switch (proto) {
01242 
01243         case LLCSAP_ISONS:
01244             proto = (proto << 8 | LLCSAP_ISONS);
01245             /* fall through */
01246 
01247         default:
01248             return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01249             break;
01250         }
01251         break;
01252 
01253     case DLT_IEEE802_11:
01254     case DLT_PRISM_HEADER:
01255     case DLT_IEEE802_11_RADIO:
01256     case DLT_FDDI:
01257     case DLT_IEEE802:
01258     case DLT_ATM_RFC1483:
01259     case DLT_ATM_CLIP:
01260     case DLT_IP_OVER_FC:
01261         return gen_llc(proto);
01262         break;
01263 
01264     case DLT_SUNATM:
01265         /*
01266          * If "is_lane" is set, check for a LANE-encapsulated
01267          * version of this protocol, otherwise check for an
01268          * LLC-encapsulated version of this protocol.
01269          *
01270          * We assume LANE means Ethernet, not Token Ring.
01271          */
01272         if (is_lane) {
01273             /*
01274              * Check that the packet doesn't begin with an
01275              * LE Control marker.  (We've already generated
01276              * a test for LANE.)
01277              */
01278             b0 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
01279             gen_not(b0);
01280 
01281             /*
01282              * Now generate an Ethernet test.
01283              */
01284             b1 = gen_ether_linktype(proto);
01285             gen_and(b0, b1);
01286             return b1;
01287         } else {
01288             /*
01289              * Check for LLC encapsulation and then check the
01290              * protocol.
01291              */
01292             b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
01293             b1 = gen_llc(proto);
01294             gen_and(b0, b1);
01295             return b1;
01296         }
01297 
01298     case DLT_LINUX_SLL:
01299         switch (proto) {
01300 
01301         case LLCSAP_IP:
01302             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01303             b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01304                      ((LLCSAP_IP << 8) | LLCSAP_IP));
01305             gen_and(b0, b1);
01306             return b1;
01307 
01308         case LLCSAP_ISONS:
01309             /*
01310              * OSI protocols always use 802.2 encapsulation.
01311              * XXX - should we check both the DSAP and the
01312              * LSAP, like this, or should we check just the
01313              * DSAP?
01314              */
01315             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01316             b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01317                      ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
01318             gen_and(b0, b1);
01319             return b1;
01320 
01321         case LLCSAP_NETBEUI:
01322             /*
01323              * NetBEUI always uses 802.2 encapsulation.
01324              * XXX - should we check both the DSAP and the
01325              * LSAP, like this, or should we check just the
01326              * DSAP?
01327              */
01328             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01329             b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01330                      ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
01331             gen_and(b0, b1);
01332             return b1;
01333 
01334         case LLCSAP_IPX:
01335             /*
01336              *  Ethernet_II frames, which are Ethernet
01337              *  frames with a frame type of ETHERTYPE_IPX;
01338              *
01339              *  Ethernet_802.3 frames, which have a frame
01340              *  type of LINUX_SLL_P_802_3;
01341              *
01342              *  Ethernet_802.2 frames, which are 802.3
01343              *  frames with an 802.2 LLC header (i.e, have
01344              *  a frame type of LINUX_SLL_P_802_2) and
01345              *  with the IPX LSAP as the DSAP in the LLC
01346              *  header;
01347              *
01348              *  Ethernet_SNAP frames, which are 802.3
01349              *  frames with an LLC header and a SNAP
01350              *  header and with an OUI of 0x000000
01351              *  (encapsulated Ethernet) and a protocol
01352              *  ID of ETHERTYPE_IPX in the SNAP header.
01353              *
01354              * First, do the checks on LINUX_SLL_P_802_2
01355              * frames; generate the check for either
01356              * Ethernet_802.2 or Ethernet_SNAP frames, and
01357              * then put a check for LINUX_SLL_P_802_2 frames
01358              * before it.
01359              */
01360             b0 = gen_cmp(off_linktype + 2, BPF_B,
01361                 (bpf_int32)LLCSAP_IPX);
01362             b1 = gen_snap(0x000000, ETHERTYPE_IPX,
01363                 off_linktype + 2);
01364             gen_or(b0, b1);
01365             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01366             gen_and(b0, b1);
01367 
01368             /*
01369              * Now check for 802.3 frames and OR that with
01370              * the previous test.
01371              */
01372             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
01373             gen_or(b0, b1);
01374 
01375             /*
01376              * Now add the check for Ethernet_II frames, and
01377              * do that before checking for the other frame
01378              * types.
01379              */
01380             b0 = gen_cmp(off_linktype, BPF_H,
01381                 (bpf_int32)ETHERTYPE_IPX);
01382             gen_or(b0, b1);
01383             return b1;
01384 
01385         case ETHERTYPE_ATALK:
01386         case ETHERTYPE_AARP:
01387             /*
01388              * EtherTalk (AppleTalk protocols on Ethernet link
01389              * layer) may use 802.2 encapsulation.
01390              */
01391 
01392             /*
01393              * Check for 802.2 encapsulation (EtherTalk phase 2?);
01394              * we check for the 802.2 protocol type in the
01395              * "Ethernet type" field.
01396              */
01397             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01398 
01399             /*
01400              * 802.2-encapsulated ETHERTYPE_ATALK packets are
01401              * SNAP packets with an organization code of
01402              * 0x080007 (Apple, for Appletalk) and a protocol
01403              * type of ETHERTYPE_ATALK (Appletalk).
01404              *
01405              * 802.2-encapsulated ETHERTYPE_AARP packets are
01406              * SNAP packets with an organization code of
01407              * 0x000000 (encapsulated Ethernet) and a protocol
01408              * type of ETHERTYPE_AARP (Appletalk ARP).
01409              */
01410             if (proto == ETHERTYPE_ATALK)
01411                 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
01412                     off_linktype + 2);
01413             else    /* proto == ETHERTYPE_AARP */
01414                 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
01415                     off_linktype + 2);
01416             gen_and(b0, b1);
01417 
01418             /*
01419              * Check for Ethernet encapsulation (Ethertalk
01420              * phase 1?); we just check for the Ethernet
01421              * protocol type.
01422              */
01423             b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01424 
01425             gen_or(b0, b1);
01426             return b1;
01427 
01428         default:
01429             if (proto <= ETHERMTU) {
01430                 /*
01431                  * This is an LLC SAP value, so the frames
01432                  * that match would be 802.2 frames.
01433                  * Check for the 802.2 protocol type
01434                  * in the "Ethernet type" field, and
01435                  * then check the DSAP.
01436                  */
01437                 b0 = gen_cmp(off_linktype, BPF_H,
01438                     LINUX_SLL_P_802_2);
01439                 b1 = gen_cmp(off_linktype + 2, BPF_B,
01440                      (bpf_int32)proto);
01441                 gen_and(b0, b1);
01442                 return b1;
01443             } else {
01444                 /*
01445                  * This is an Ethernet type, so compare
01446                  * the length/type field with it (if
01447                  * the frame is an 802.2 frame, the length
01448                  * field will be <= ETHERMTU, and, as
01449                  * "proto" is > ETHERMTU, this test
01450                  * will fail and the frame won't match,
01451                  * which is what we want).
01452                  */
01453                 return gen_cmp(off_linktype, BPF_H,
01454                     (bpf_int32)proto);
01455             }
01456         }
01457         break;
01458 
01459     case DLT_SLIP:
01460     case DLT_SLIP_BSDOS:
01461     case DLT_RAW:
01462         /*
01463          * These types don't provide any type field; packets
01464          * are always IP.
01465          *
01466          * XXX - for IPv4, check for a version number of 4, and,
01467          * for IPv6, check for a version number of 6?
01468          */
01469         switch (proto) {
01470 
01471         case ETHERTYPE_IP:
01472 #ifdef INET6
01473         case ETHERTYPE_IPV6:
01474 #endif
01475             return gen_true();      /* always true */
01476 
01477         default:
01478             return gen_false();     /* always false */
01479         }
01480         break;
01481 
01482     case DLT_PPP:
01483     case DLT_PPP_SERIAL:
01484     case DLT_PPP_ETHER:
01485         /*
01486          * We use Ethernet protocol types inside libpcap;
01487          * map them to the corresponding PPP protocol types.
01488          */
01489         switch (proto) {
01490 
01491         case ETHERTYPE_IP:
01492             proto = PPP_IP;
01493             break;
01494 
01495 #ifdef INET6
01496         case ETHERTYPE_IPV6:
01497             proto = PPP_IPV6;
01498             break;
01499 #endif
01500 
01501         case ETHERTYPE_DN:
01502             proto = PPP_DECNET;
01503             break;
01504 
01505         case ETHERTYPE_ATALK:
01506             proto = PPP_APPLE;
01507             break;
01508 
01509         case ETHERTYPE_NS:
01510             proto = PPP_NS;
01511             break;
01512 
01513         case LLCSAP_ISONS:
01514             proto = PPP_OSI;
01515             break;
01516 
01517         case LLCSAP_8021D:
01518             /*
01519              * I'm assuming the "Bridging PDU"s that go
01520              * over PPP are Spanning Tree Protocol
01521              * Bridging PDUs.
01522              */
01523             proto = PPP_BRPDU;
01524             break;
01525 
01526         case LLCSAP_IPX:
01527             proto = PPP_IPX;
01528             break;
01529         }
01530         break;
01531 
01532     case DLT_PPP_BSDOS:
01533         /*
01534          * We use Ethernet protocol types inside libpcap;
01535          * map them to the corresponding PPP protocol types.
01536          */
01537         switch (proto) {
01538 
01539         case ETHERTYPE_IP:
01540             b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
01541             b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
01542             gen_or(b0, b1);
01543             b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
01544             gen_or(b1, b0);
01545             return b0;
01546 
01547 #ifdef INET6
01548         case ETHERTYPE_IPV6:
01549             proto = PPP_IPV6;
01550             /* more to go? */
01551             break;
01552 #endif
01553 
01554         case ETHERTYPE_DN:
01555             proto = PPP_DECNET;
01556             break;
01557 
01558         case ETHERTYPE_ATALK:
01559             proto = PPP_APPLE;
01560             break;
01561 
01562         case ETHERTYPE_NS:
01563             proto = PPP_NS;
01564             break;
01565 
01566         case LLCSAP_ISONS:
01567             proto = PPP_OSI;
01568             break;
01569 
01570         case LLCSAP_8021D:
01571             /*
01572              * I'm assuming the "Bridging PDU"s that go
01573              * over PPP are Spanning Tree Protocol
01574              * Bridging PDUs.
01575              */
01576             proto = PPP_BRPDU;
01577             break;
01578 
01579         case LLCSAP_IPX:
01580             proto = PPP_IPX;
01581             break;
01582         }
01583         break;
01584 
01585     case DLT_NULL:
01586     case DLT_LOOP:
01587     case DLT_ENC:
01588     case DLT_PFLOG:
01589         /*
01590          * For DLT_NULL, the link-layer header is a 32-bit
01591          * word containing an AF_ value in *host* byte order,
01592          * and for DLT_ENC, the link-layer header begins
01593          * with a 32-bit work containing an AF_ value in
01594          * host byte order.
01595          *
01596          * In addition, if we're reading a saved capture file,
01597          * the host byte order in the capture may not be the
01598          * same as the host byte order on this machine.
01599          *
01600          * For DLT_LOOP, the link-layer header is a 32-bit
01601          * word containing an AF_ value in *network* byte order.
01602          *
01603          * XXX - AF_ values may, unfortunately, be platform-
01604          * dependent; for example, FreeBSD's AF_INET6 is 24
01605          * whilst NetBSD's and OpenBSD's is 26.
01606          *
01607          * This means that, when reading a capture file, just
01608          * checking for our AF_INET6 value won't work if the
01609          * capture file came from another OS.
01610          *
01611          * XXX - what's the byte order for DLT_PFLOG?
01612          */
01613         switch (proto) {
01614 
01615         case ETHERTYPE_IP:
01616             proto = AF_INET;
01617             break;
01618 
01619 #ifdef INET6
01620         case ETHERTYPE_IPV6:
01621             proto = AF_INET6;
01622             break;
01623 #endif
01624 
01625         default:
01626             /*
01627              * Not a type on which we support filtering.
01628              * XXX - support those that have AF_ values
01629              * #defined on this platform, at least?
01630              */
01631             return gen_false();
01632         }
01633 
01634         if (linktype == DLT_NULL || linktype == DLT_ENC) {
01635             /*
01636              * The AF_ value is in host byte order, but
01637              * the BPF interpreter will convert it to
01638              * network byte order.
01639              *
01640              * If this is a save file, and it's from a
01641              * machine with the opposite byte order to
01642              * ours, we byte-swap the AF_ value.
01643              *
01644              * Then we run it through "htonl()", and
01645              * generate code to compare against the result.
01646              */
01647             if (bpf_pcap->sf.rfile != NULL &&
01648                 bpf_pcap->sf.swapped)
01649                 proto = SWAPLONG(proto);
01650             proto = htonl(proto);
01651         }
01652         return (gen_cmp(0, BPF_W, (bpf_int32)proto));
01653 
01654     case DLT_ARCNET:
01655     case DLT_ARCNET_LINUX:
01656         /*
01657          * XXX should we check for first fragment if the protocol
01658          * uses PHDS?
01659          */
01660         switch (proto) {
01661 
01662         default:
01663             return gen_false();
01664 
01665 #ifdef INET6
01666         case ETHERTYPE_IPV6:
01667             return (gen_cmp(off_linktype, BPF_B,
01668                 (bpf_int32)ARCTYPE_INET6));
01669 #endif /* INET6 */
01670 
01671         case ETHERTYPE_IP:
01672             b0 = gen_cmp(off_linktype, BPF_B, 
01673                      (bpf_int32)ARCTYPE_IP);
01674             b1 = gen_cmp(off_linktype, BPF_B,
01675                      (bpf_int32)ARCTYPE_IP_OLD);
01676             gen_or(b0, b1);
01677             return (b1);
01678 
01679         case ETHERTYPE_ARP:
01680             b0 = gen_cmp(off_linktype, BPF_B,
01681                      (bpf_int32)ARCTYPE_ARP);
01682             b1 = gen_cmp(off_linktype, BPF_B, 
01683                      (bpf_int32)ARCTYPE_ARP_OLD);
01684             gen_or(b0, b1);
01685             return (b1);
01686 
01687         case ETHERTYPE_REVARP:
01688             return (gen_cmp(off_linktype, BPF_B,
01689                     (bpf_int32)ARCTYPE_REVARP));
01690 
01691         case ETHERTYPE_ATALK:
01692             return (gen_cmp(off_linktype, BPF_B,
01693                     (bpf_int32)ARCTYPE_ATALK));
01694         }
01695         break;
01696 
01697     case DLT_LTALK:
01698         switch (proto) {
01699         case ETHERTYPE_ATALK:
01700             return gen_true();
01701         default:
01702             return gen_false();
01703         }
01704         break;
01705 
01706     case DLT_FRELAY:
01707         /*
01708          * XXX - assumes a 2-byte Frame Relay header with
01709          * DLCI and flags.  What if the address is longer?
01710          */
01711         switch (proto) {
01712 
01713         case ETHERTYPE_IP:
01714             /*
01715              * Check for the special NLPID for IP.
01716              */
01717             return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
01718 
01719 #ifdef INET6
01720         case ETHERTYPE_IPV6:
01721             /*
01722              * Check for the special NLPID for IPv6.
01723              */
01724             return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
01725 #endif
01726 
01727         case LLCSAP_ISONS:
01728             /*
01729              * Check for several OSI protocols.
01730              *
01731              * Frame Relay packets typically have an OSI
01732              * NLPID at the beginning; we check for each
01733              * of them.
01734              *
01735              * What we check for is the NLPID and a frame
01736              * control field of UI, i.e. 0x03 followed
01737              * by the NLPID.
01738              */
01739             b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
01740             b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
01741             b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
01742             gen_or(b1, b2);
01743             gen_or(b0, b2);
01744             return b2;
01745 
01746         default:
01747             return gen_false();
01748         }
01749         break;
01750 
01751     case DLT_LINUX_IRDA:
01752             bpf_error("IrDA link-layer type filtering not implemented");
01753 
01754     case DLT_DOCSIS:
01755             bpf_error("DOCSIS link-layer type filtering not implemented");
01756     }
01757 
01758     /*
01759      * All the types that have no encapsulation should either be
01760      * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
01761      * all packets are IP packets, or should be handled in some
01762      * special case, if none of them are (if some are and some
01763      * aren't, the lack of encapsulation is a problem, as we'd
01764      * have to find some other way of determining the packet type).
01765      *
01766      * Therefore, if "off_linktype" is -1, there's an error.
01767      */
01768     if (off_linktype == (u_int)-1)
01769         abort();
01770 
01771     /*
01772      * Any type not handled above should always have an Ethernet
01773      * type at an offset of "off_linktype".  (PPP is partially
01774      * handled above - the protocol type is mapped from the
01775      * Ethernet and LLC types we use internally to the corresponding
01776      * PPP type - but the PPP type is always specified by a value
01777      * at "off_linktype", so we don't have to do the code generation
01778      * above.)
01779      */
01780     return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01781 }
01782 
01783 /*
01784  * Check for an LLC SNAP packet with a given organization code and
01785  * protocol type; we check the entire contents of the 802.2 LLC and
01786  * snap headers, checking for DSAP and SSAP of SNAP and a control
01787  * field of 0x03 in the LLC header, and for the specified organization
01788  * code and protocol type in the SNAP header.
01789  */
01790 static struct block *
01791 gen_snap(orgcode, ptype, offset)
01792     bpf_u_int32 orgcode;
01793     bpf_u_int32 ptype;
01794     u_int offset;
01795 {
01796     u_char snapblock[8];
01797 
01798     snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
01799     snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
01800     snapblock[2] = 0x03;        /* control = UI */
01801     snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
01802     snapblock[4] = (orgcode >> 8);  /* middle 8 bits of organization code */
01803     snapblock[5] = (orgcode >> 0);  /* lower 8 bits of organization code */
01804     snapblock[6] = (ptype >> 8);    /* upper 8 bits of protocol type */
01805     snapblock[7] = (ptype >> 0);    /* lower 8 bits of protocol type */
01806     return gen_bcmp(offset, 8, snapblock);
01807 }
01808 
01809 /*
01810  * Check for a given protocol value assuming an 802.2 LLC header.
01811  */
01812 static struct block *
01813 gen_llc(proto)
01814     int proto;
01815 {
01816     /*
01817      * XXX - handle token-ring variable-length header.
01818      */
01819     switch (proto) {
01820 
01821     case LLCSAP_IP:
01822         return gen_cmp(off_linktype, BPF_H, (long)
01823                  ((LLCSAP_IP << 8) | LLCSAP_IP));
01824 
01825     case LLCSAP_ISONS:
01826         return gen_cmp(off_linktype, BPF_H, (long)
01827                  ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
01828 
01829     case LLCSAP_NETBEUI:
01830         return gen_cmp(off_linktype, BPF_H, (long)
01831                  ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
01832 
01833     case LLCSAP_IPX:
01834         /*
01835          * XXX - are there ever SNAP frames for IPX on
01836          * non-Ethernet 802.x networks?
01837          */
01838         return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
01839 
01840     case ETHERTYPE_ATALK:
01841         /*
01842          * 802.2-encapsulated ETHERTYPE_ATALK packets are
01843          * SNAP packets with an organization code of
01844          * 0x080007 (Apple, for Appletalk) and a protocol
01845          * type of ETHERTYPE_ATALK (Appletalk).
01846          *
01847          * XXX - check for an organization code of
01848          * encapsulated Ethernet as well?
01849          */
01850         return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
01851 
01852     default:
01853         /*
01854          * XXX - we don't have to check for IPX 802.3
01855          * here, but should we check for the IPX Ethertype?
01856          */
01857         if (proto <= ETHERMTU) {
01858             /*
01859              * This is an LLC SAP value, so check
01860              * the DSAP.
01861              */
01862             return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
01863         } else {
01864             /*
01865              * This is an Ethernet type; we assume that it's
01866              * unlikely that it'll appear in the right place
01867              * at random, and therefore check only the
01868              * location that would hold the Ethernet type
01869              * in a SNAP frame with an organization code of
01870              * 0x000000 (encapsulated Ethernet).
01871              *
01872              * XXX - if we were to check for the SNAP DSAP and
01873              * LSAP, as per XXX, and were also to check for an
01874              * organization code of 0x000000 (encapsulated
01875              * Ethernet), we'd do
01876              *
01877              *  return gen_snap(0x000000, proto,
01878              *      off_linktype);
01879              *
01880              * here; for now, we don't, as per the above.
01881              * I don't know whether it's worth the extra CPU
01882              * time to do the right check or not.
01883              */
01884             return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
01885         }
01886     }
01887 }
01888 
01889 static struct block *
01890 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
01891     bpf_u_int32 addr;
01892     bpf_u_int32 mask;
01893     int dir, proto;
01894     u_int src_off, dst_off;
01895 {
01896     struct block *b0, *b1;
01897     u_int offset;
01898 
01899     switch (dir) {
01900 
01901     case Q_SRC:
01902         offset = src_off;
01903         break;
01904 
01905     case Q_DST:
01906         offset = dst_off;
01907         break;
01908 
01909     case Q_AND:
01910         b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
01911         b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
01912         gen_and(b0, b1);
01913         return b1;
01914 
01915     case Q_OR:
01916     case Q_DEFAULT:
01917         b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
01918         b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
01919         gen_or(b0, b1);
01920         return b1;
01921 
01922     default:
01923         abort();
01924     }
01925     b0 = gen_linktype(proto);
01926     b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
01927     gen_and(b0, b1);
01928     return b1;
01929 }
01930 
01931 #ifdef INET6
01932 static struct block *
01933 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
01934     struct in6_addr *addr;
01935     struct in6_addr *mask;
01936     int dir, proto;
01937     u_int src_off, dst_off;
01938 {
01939     struct block *b0, *b1;
01940     u_int offset;
01941     u_int32_t *a, *m;
01942 
01943     switch (dir) {
01944 
01945     case Q_SRC:
01946         offset = src_off;
01947         break;
01948 
01949     case Q_DST:
01950         offset = dst_off;
01951         break;
01952 
01953     case Q_AND:
01954         b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
01955         b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
01956         gen_and(b0, b1);
01957         return b1;
01958 
01959     case Q_OR:
01960     case Q_DEFAULT:
01961         b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
01962         b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
01963         gen_or(b0, b1);
01964         return b1;
01965 
01966     default:
01967         abort();
01968     }
01969     /* this order is important */
01970     a = (u_int32_t *)addr;
01971     m = (u_int32_t *)mask;
01972     b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
01973     b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
01974     gen_and(b0, b1);
01975     b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
01976     gen_and(b0, b1);
01977     b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
01978     gen_and(b0, b1);
01979     b0 = gen_linktype(proto);
01980     gen_and(b0, b1);
01981     return b1;
01982 }
01983 #endif /*INET6*/
01984 
01985 static struct block *
01986 gen_ehostop(eaddr, dir)
01987     register const u_char *eaddr;
01988     register int dir;
01989 {
01990     register struct block *b0, *b1;
01991 
01992     switch (dir) {
01993     case Q_SRC:
01994         return gen_bcmp(off_mac + 6, 6, eaddr);
01995 
01996     case Q_DST:
01997         return gen_bcmp(off_mac + 0, 6, eaddr);
01998 
01999     case Q_AND:
02000         b0 = gen_ehostop(eaddr, Q_SRC);
02001         b1 = gen_ehostop(eaddr, Q_DST);
02002         gen_and(b0, b1);
02003         return b1;
02004 
02005     case Q_DEFAULT:
02006     case Q_OR:
02007         b0 = gen_ehostop(eaddr, Q_SRC);
02008         b1 = gen_ehostop(eaddr, Q_DST);
02009         gen_or(b0, b1);
02010         return b1;
02011     }
02012     abort();
02013     /* NOTREACHED */
02014 }
02015 
02016 /*
02017  * Like gen_ehostop, but for DLT_FDDI
02018  */
02019 static struct block *
02020 gen_fhostop(eaddr, dir)
02021     register const u_char *eaddr;
02022     register int dir;
02023 {
02024     struct block *b0, *b1;
02025 
02026     switch (dir) {
02027     case Q_SRC:
02028 #ifdef PCAP_FDDIPAD
02029         return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
02030 #else
02031         return gen_bcmp(6 + 1, 6, eaddr);
02032 #endif
02033 
02034     case Q_DST:
02035 #ifdef PCAP_FDDIPAD
02036         return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
02037 #else
02038         return gen_bcmp(0 + 1, 6, eaddr);
02039 #endif
02040 
02041     case Q_AND:
02042         b0 = gen_fhostop(eaddr, Q_SRC);
02043         b1 = gen_fhostop(eaddr, Q_DST);
02044         gen_and(b0, b1);
02045         return b1;
02046 
02047     case Q_DEFAULT:
02048     case Q_OR:
02049         b0 = gen_fhostop(eaddr, Q_SRC);
02050         b1 = gen_fhostop(eaddr, Q_DST);
02051         gen_or(b0, b1);
02052         return b1;
02053     }
02054     abort();
02055     /* NOTREACHED */
02056 }
02057 
02058 /*
02059  * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
02060  */
02061 static struct block *
02062 gen_thostop(eaddr, dir)
02063     register const u_char *eaddr;
02064     register int dir;
02065 {
02066     register struct block *b0, *b1;
02067 
02068     switch (dir) {
02069     case Q_SRC:
02070         return gen_bcmp(8, 6, eaddr);
02071 
02072     case Q_DST:
02073         return gen_bcmp(2, 6, eaddr);
02074 
02075     case Q_AND:
02076         b0 = gen_thostop(eaddr, Q_SRC);
02077         b1 = gen_thostop(eaddr, Q_DST);
02078         gen_and(b0, b1);
02079         return b1;
02080 
02081     case Q_DEFAULT:
02082     case Q_OR:
02083         b0 = gen_thostop(eaddr, Q_SRC);
02084         b1 = gen_thostop(eaddr, Q_DST);
02085         gen_or(b0, b1);
02086         return b1;
02087     }
02088     abort();
02089     /* NOTREACHED */
02090 }
02091 
02092 /*
02093  * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN)
02094  */
02095 static struct block *
02096 gen_wlanhostop(eaddr, dir)
02097     register const u_char *eaddr;
02098     register int dir;
02099 {
02100     register struct block *b0, *b1, *b2;
02101     register struct slist *s;
02102 
02103     switch (dir) {
02104     case Q_SRC:
02105         /*
02106          * Oh, yuk.
02107          *
02108          *  For control frames, there is no SA.
02109          *
02110          *  For management frames, SA is at an
02111          *  offset of 10 from the beginning of
02112          *  the packet.
02113          *
02114          *  For data frames, SA is at an offset
02115          *  of 10 from the beginning of the packet
02116          *  if From DS is clear, at an offset of
02117          *  16 from the beginning of the packet
02118          *  if From DS is set and To DS is clear,
02119          *  and an offset of 24 from the beginning
02120          *  of the packet if From DS is set and To DS
02121          *  is set.
02122          */
02123 
02124         /*
02125          * Generate the tests to be done for data frames
02126          * with From DS set.
02127          *
02128          * First, check for To DS set, i.e. check "link[1] & 0x01".
02129          */
02130         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02131         s->s.k = 1;
02132         b1 = new_block(JMP(BPF_JSET));
02133         b1->s.k = 0x01; /* To DS */
02134         b1->stmts = s;
02135 
02136         /*
02137          * If To DS is set, the SA is at 24.
02138          */
02139         b0 = gen_bcmp(24, 6, eaddr);
02140         gen_and(b1, b0);
02141 
02142         /*
02143          * Now, check for To DS not set, i.e. check
02144          * "!(link[1] & 0x01)".
02145          */
02146         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02147         s->s.k = 1;
02148         b2 = new_block(JMP(BPF_JSET));
02149         b2->s.k = 0x01; /* To DS */
02150         b2->stmts = s;
02151         gen_not(b2);
02152 
02153         /*
02154          * If To DS is not set, the SA is at 16.
02155          */
02156         b1 = gen_bcmp(16, 6, eaddr);
02157         gen_and(b2, b1);
02158 
02159         /*
02160          * Now OR together the last two checks.  That gives
02161          * the complete set of checks for data frames with
02162          * From DS set.
02163          */
02164         gen_or(b1, b0);
02165 
02166         /*
02167          * Now check for From DS being set, and AND that with
02168          * the ORed-together checks.
02169          */
02170         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02171         s->s.k = 1;
02172         b1 = new_block(JMP(BPF_JSET));
02173         b1->s.k = 0x02; /* From DS */
02174         b1->stmts = s;
02175         gen_and(b1, b0);
02176 
02177         /*
02178          * Now check for data frames with From DS not set.
02179          */
02180         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02181         s->s.k = 1;
02182         b2 = new_block(JMP(BPF_JSET));
02183         b2->s.k = 0x02; /* From DS */
02184         b2->stmts = s;
02185         gen_not(b2);
02186 
02187         /*
02188          * If From DS isn't set, the SA is at 10.
02189          */
02190         b1 = gen_bcmp(10, 6, eaddr);
02191         gen_and(b2, b1);
02192 
02193         /*
02194          * Now OR together the checks for data frames with
02195          * From DS not set and for data frames with From DS
02196          * set; that gives the checks done for data frames.
02197          */
02198         gen_or(b1, b0);
02199 
02200         /*
02201          * Now check for a data frame.
02202          * I.e, check "link[0] & 0x08".
02203          */
02204         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02205         s->s.k = 0;
02206         b1 = new_block(JMP(BPF_JSET));
02207         b1->s.k = 0x08;
02208         b1->stmts = s;
02209 
02210         /*
02211          * AND that with the checks done for data frames.
02212          */
02213         gen_and(b1, b0);
02214 
02215         /*
02216          * If the high-order bit of the type value is 0, this
02217          * is a management frame.
02218          * I.e, check "!(link[0] & 0x08)".
02219          */
02220         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02221         s->s.k = 0;
02222         b2 = new_block(JMP(BPF_JSET));
02223         b2->s.k = 0x08;
02224         b2->stmts = s;
02225         gen_not(b2);
02226 
02227         /*
02228          * For management frames, the SA is at 10.
02229          */
02230         b1 = gen_bcmp(10, 6, eaddr);
02231         gen_and(b2, b1);
02232 
02233         /*
02234          * OR that with the checks done for data frames.
02235          * That gives the checks done for management and
02236          * data frames.
02237          */
02238         gen_or(b1, b0);
02239 
02240         /*
02241          * If the low-order bit of the type value is 1,
02242          * this is either a control frame or a frame
02243          * with a reserved type, and thus not a
02244          * frame with an SA.
02245          *
02246          * I.e., check "!(link[0] & 0x04)".
02247          */
02248         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02249         s->s.k = 0;
02250         b1 = new_block(JMP(BPF_JSET));
02251         b1->s.k = 0x04;
02252         b1->stmts = s;
02253         gen_not(b1);
02254 
02255         /*
02256          * AND that with the checks for data and management
02257          * frames.
02258          */
02259         gen_and(b1, b0);
02260         return b0;
02261 
02262     case Q_DST:
02263         /*
02264          * Oh, yuk.
02265          *
02266          *  For control frames, there is no DA.
02267          *
02268          *  For management frames, DA is at an
02269          *  offset of 4 from the beginning of
02270          *  the packet.
02271          *
02272          *  For data frames, DA is at an offset
02273          *  of 4 from the beginning of the packet
02274          *  if To DS is clear and at an offset of
02275          *  16 from the beginning of the packet
02276          *  if To DS is set.
02277          */
02278 
02279         /*
02280          * Generate the tests to be done for data frames.
02281          *
02282          * First, check for To DS set, i.e. "link[1] & 0x01".
02283          */
02284         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02285         s->s.k = 1;
02286         b1 = new_block(JMP(BPF_JSET));
02287         b1->s.k = 0x01; /* To DS */
02288         b1->stmts = s;
02289 
02290         /*
02291          * If To DS is set, the DA is at 16.
02292          */
02293         b0 = gen_bcmp(16, 6, eaddr);
02294         gen_and(b1, b0);
02295 
02296         /*
02297          * Now, check for To DS not set, i.e. check
02298          * "!(link[1] & 0x01)".
02299          */
02300         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02301         s->s.k = 1;
02302         b2 = new_block(JMP(BPF_JSET));
02303         b2->s.k = 0x01; /* To DS */
02304         b2->stmts = s;
02305         gen_not(b2);
02306 
02307         /*
02308          * If To DS is not set, the DA is at 4.
02309          */
02310         b1 = gen_bcmp(4, 6, eaddr);
02311         gen_and(b2, b1);
02312 
02313         /*
02314          * Now OR together the last two checks.  That gives
02315          * the complete set of checks for data frames.
02316          */
02317         gen_or(b1, b0);
02318 
02319         /*
02320          * Now check for a data frame.
02321          * I.e, check "link[0] & 0x08".
02322          */
02323         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02324         s->s.k = 0;
02325         b1 = new_block(JMP(BPF_JSET));
02326         b1->s.k = 0x08;
02327         b1->stmts = s;
02328 
02329         /*
02330          * AND that with the checks done for data frames.
02331          */
02332         gen_and(b1, b0);
02333 
02334         /*
02335          * If the high-order bit of the type value is 0, this
02336          * is a management frame.
02337          * I.e, check "!(link[0] & 0x08)".
02338          */
02339         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02340         s->s.k = 0;
02341         b2 = new_block(JMP(BPF_JSET));
02342         b2->s.k = 0x08;
02343         b2->stmts = s;
02344         gen_not(b2);
02345 
02346         /*
02347          * For management frames, the DA is at 4.
02348          */
02349         b1 = gen_bcmp(4, 6, eaddr);
02350         gen_and(b2, b1);
02351 
02352         /*
02353          * OR that with the checks done for data frames.
02354          * That gives the checks done for management and
02355          * data frames.
02356          */
02357         gen_or(b1, b0);
02358 
02359         /*
02360          * If the low-order bit of the type value is 1,
02361          * this is either a control frame or a frame
02362          * with a reserved type, and thus not a
02363          * frame with an SA.
02364          *
02365          * I.e., check "!(link[0] & 0x04)".
02366          */
02367         s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
02368         s->s.k = 0;
02369         b1 = new_block(JMP(BPF_JSET));
02370         b1->s.k = 0x04;
02371         b1->stmts = s;
02372         gen_not(b1);
02373 
02374         /*
02375          * AND that with the checks for data and management
02376          * frames.
02377          */
02378         gen_and(b1, b0);
02379         return b0;
02380 
02381     case Q_AND:
02382         b0 = gen_wlanhostop(eaddr, Q_SRC);
02383         b1 = gen_wlanhostop(eaddr, Q_DST);
02384         gen_and(b0, b1);
02385         return b1;
02386 
02387     case Q_DEFAULT:
02388     case Q_OR:
02389         b0 = gen_wlanhostop(eaddr, Q_SRC);
02390         b1 = gen_wlanhostop(eaddr, Q_DST);
02391         gen_or(b0, b1);
02392         return b1;
02393     }
02394     abort();
02395     /* NOTREACHED */
02396 }
02397 
02398 /*
02399  * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
02400  * (We assume that the addresses are IEEE 48-bit MAC addresses,
02401  * as the RFC states.)
02402  */
02403 static struct block *
02404 gen_ipfchostop(eaddr, dir)
02405     register const u_char *eaddr;
02406     register int dir;
02407 {
02408     register struct block *b0, *b1;
02409 
02410     switch (dir) {
02411     case Q_SRC:
02412         return gen_bcmp(10, 6, eaddr);
02413 
02414     case Q_DST:
02415         return gen_bcmp(2, 6, eaddr);
02416 
02417     case Q_AND:
02418         b0 = gen_ipfchostop(eaddr, Q_SRC);
02419         b1 = gen_ipfchostop(eaddr, Q_DST);
02420         gen_and(b0, b1);
02421         return b1;
02422 
02423     case Q_DEFAULT:
02424     case Q_OR:
02425         b0 = gen_ipfchostop(eaddr, Q_SRC);
02426         b1 = gen_ipfchostop(eaddr, Q_DST);
02427         gen_or(b0, b1);
02428         return b1;
02429     }
02430     abort();
02431     /* NOTREACHED */
02432 }
02433 
02434 /*
02435  * This is quite tricky because there may be pad bytes in front of the
02436  * DECNET header, and then there are two possible data packet formats that
02437  * carry both src and dst addresses, plus 5 packet types in a format that
02438  * carries only the src node, plus 2 types that use a different format and
02439  * also carry just the src node.
02440  *
02441  * Yuck.
02442  *
02443  * Instead of doing those all right, we just look for data packets with
02444  * 0 or 1 bytes of padding.  If you want to look at other packets, that
02445  * will require a lot more hacking.
02446  *
02447  * To add support for filtering on DECNET "areas" (network numbers)
02448  * one would want to add a "mask" argument to this routine.  That would
02449  * make the filter even more inefficient, although one could be clever
02450  * and not generate masking instructions if the mask is 0xFFFF.
02451  */
02452 static struct block *
02453 gen_dnhostop(addr, dir, base_off)
02454     bpf_u_int32 addr;
02455     int dir;
02456     u_int base_off;
02457 {
02458     struct block *b0, *b1, *b2, *tmp;
02459     u_int offset_lh;    /* offset if long header is received */
02460     u_int offset_sh;    /* offset if short header is received */
02461 
02462     switch (dir) {
02463 
02464     case Q_DST:
02465         offset_sh = 1;  /* follows flags */
02466         offset_lh = 7;  /* flgs,darea,dsubarea,HIORD */
02467         break;
02468 
02469     case Q_SRC:
02470         offset_sh = 3;  /* follows flags, dstnode */
02471         offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
02472         break;
02473 
02474     case Q_AND:
02475         /* Inefficient because we do our Calvinball dance twice */
02476         b0 = gen_dnhostop(addr, Q_SRC, base_off);
02477         b1 = gen_dnhostop(addr, Q_DST, base_off);
02478         gen_and(b0, b1);
02479         return b1;
02480 
02481     case Q_OR:
02482     case Q_DEFAULT:
02483         /* Inefficient because we do our Calvinball dance twice */
02484         b0 = gen_dnhostop(addr, Q_SRC, base_off);
02485         b1 = gen_dnhostop(addr, Q_DST, base_off);
02486         gen_or(b0, b1);
02487         return b1;
02488 
02489     case Q_ISO:
02490             bpf_error("ISO host filtering not implemented");
02491 
02492     default:
02493         abort();
02494     }
02495     b0 = gen_linktype(ETHERTYPE_DN);
02496     /* Check for pad = 1, long header case */
02497     tmp = gen_mcmp(base_off + 2, BPF_H,
02498         (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
02499     b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
02500         BPF_H, (bpf_int32)ntohs(addr));
02501     gen_and(tmp, b1);
02502     /* Check for pad = 0, long header case */
02503     tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
02504     b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
02505     gen_and(tmp, b2);
02506     gen_or(b2, b1);
02507     /* Check for pad = 1, short header case */
02508     tmp = gen_mcmp(base_off + 2, BPF_H,
02509         (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
02510     b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
02511         BPF_H, (bpf_int32)ntohs(addr));
02512     gen_and(tmp, b2);
02513     gen_or(b2, b1);
02514     /* Check for pad = 0, short header case */
02515     tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
02516     b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
02517     gen_and(tmp, b2);
02518     gen_or(b2, b1);
02519 
02520     /* Combine with test for linktype */
02521     gen_and(b0, b1);
02522     return b1;
02523 }
02524 
02525 static struct block *
02526 gen_host(addr, mask, proto, dir)
02527     bpf_u_int32 addr;
02528     bpf_u_int32 mask;
02529     int proto;
02530     int dir;
02531 {
02532     struct block *b0, *b1;
02533 
02534     switch (proto) {
02535 
02536     case Q_DEFAULT:
02537         b0 = gen_host(addr, mask, Q_IP, dir);
02538         if (off_linktype != (u_int)-1) {
02539             b1 = gen_host(addr, mask, Q_ARP, dir);
02540             gen_or(b0, b1);
02541             b0 = gen_host(addr, mask, Q_RARP, dir);
02542             gen_or(b1, b0);
02543         }
02544         return b0;
02545 
02546     case Q_IP:
02547         return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
02548                   off_nl + 12, off_nl + 16);
02549 
02550     case Q_RARP:
02551         return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
02552                   off_nl + 14, off_nl + 24);
02553 
02554     case Q_ARP:
02555         return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
02556                   off_nl + 14, off_nl + 24);
02557 
02558     case Q_TCP:
02559         bpf_error("'tcp' modifier applied to host");
02560 
02561     case Q_SCTP:
02562         bpf_error("'sctp' modifier applied to host");
02563 
02564     case Q_UDP:
02565         bpf_error("'udp' modifier applied to host");
02566 
02567     case Q_ICMP:
02568         bpf_error("'icmp' modifier applied to host");
02569 
02570     case Q_IGMP:
02571         bpf_error("'igmp' modifier applied to host");
02572 
02573     case Q_IGRP:
02574         bpf_error("'igrp' modifier applied to host");
02575 
02576     case Q_PIM:
02577         bpf_error("'pim' modifier applied to host");
02578 
02579     case Q_VRRP:
02580         bpf_error("'vrrp' modifier applied to host");
02581 
02582     case Q_ATALK:
02583         bpf_error("ATALK host filtering not implemented");
02584 
02585     case Q_AARP:
02586         bpf_error("AARP host filtering not implemented");
02587 
02588     case Q_DECNET:
02589         return gen_dnhostop(addr, dir, off_nl);
02590 
02591     case Q_SCA:
02592         bpf_error("SCA host filtering not implemented");
02593 
02594     case Q_LAT:
02595         bpf_error("LAT host filtering not implemented");
02596 
02597     case Q_MOPDL:
02598         bpf_error("MOPDL host filtering not implemented");
02599 
02600     case Q_MOPRC:
02601         bpf_error("MOPRC host filtering not implemented");
02602 
02603 #ifdef INET6
02604     case Q_IPV6:
02605         bpf_error("'ip6' modifier applied to ip host");
02606 
02607     case Q_ICMPV6:
02608         bpf_error("'icmp6' modifier applied to host");
02609 #endif /* INET6 */
02610 
02611     case Q_AH:
02612         bpf_error("'ah' modifier applied to host");
02613 
02614     case Q_ESP:
02615         bpf_error("'esp' modifier applied to host");
02616 
02617     case Q_ISO:
02618         bpf_error("ISO host filtering not implemented");
02619 
02620     case Q_ESIS:
02621         bpf_error("'esis' modifier applied to host");
02622 
02623     case Q_ISIS:
02624         bpf_error("'isis' modifier applied to host");
02625 
02626     case Q_CLNP:
02627         bpf_error("'clnp' modifier applied to host");
02628 
02629     case Q_STP:
02630         bpf_error("'stp' modifier applied to host");
02631 
02632     case Q_IPX:
02633         bpf_error("IPX host filtering not implemented");
02634 
02635     case Q_NETBEUI:
02636         bpf_error("'netbeui' modifier applied to host");
02637 
02638     default:
02639         abort();
02640     }
02641     /* NOTREACHED */
02642 }
02643 
02644 #ifdef INET6
02645 static struct block *
02646 gen_host6(addr, mask, proto, dir)
02647     struct in6_addr *addr;
02648     struct in6_addr *mask;
02649     int proto;
02650     int dir;
02651 {
02652     switch (proto) {
02653 
02654     case Q_DEFAULT:
02655         return gen_host6(addr, mask, Q_IPV6, dir);
02656 
02657     case Q_IP:
02658         bpf_error("'ip' modifier applied to ip6 host");
02659 
02660     case Q_RARP:
02661         bpf_error("'rarp' modifier applied to ip6 host");
02662 
02663     case Q_ARP:
02664         bpf_error("'arp' modifier applied to ip6 host");
02665 
02666     case Q_SCTP:
02667         bpf_error("'sctp' modifier applied to host");
02668 
02669     case Q_TCP:
02670         bpf_error("'tcp' modifier applied to host");
02671 
02672     case Q_UDP:
02673         bpf_error("'udp' modifier applied to host");
02674 
02675     case Q_ICMP:
02676         bpf_error("'icmp' modifier applied to host");
02677 
02678     case Q_IGMP:
02679         bpf_error("'igmp' modifier applied to host");
02680 
02681     case Q_IGRP:
02682         bpf_error("'igrp' modifier applied to host");
02683 
02684     case Q_PIM:
02685         bpf_error("'pim' modifier applied to host");
02686 
02687     case Q_VRRP:
02688         bpf_error("'vrrp' modifier applied to host");
02689 
02690     case Q_ATALK:
02691         bpf_error("ATALK host filtering not implemented");
02692 
02693     case Q_AARP:
02694         bpf_error("AARP host filtering not implemented");
02695 
02696     case Q_DECNET:
02697         bpf_error("'decnet' modifier applied to ip6 host");
02698 
02699     case Q_SCA:
02700         bpf_error("SCA host filtering not implemented");
02701 
02702     case Q_LAT:
02703         bpf_error("LAT host filtering not implemented");
02704 
02705     case Q_MOPDL:
02706         bpf_error("MOPDL host filtering not implemented");
02707 
02708     case Q_MOPRC:
02709         bpf_error("MOPRC host filtering not implemented");
02710 
02711     case Q_IPV6:
02712         return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
02713                   off_nl + 8, off_nl + 24);
02714 
02715     case Q_ICMPV6:
02716         bpf_error("'icmp6' modifier applied to host");
02717 
02718     case Q_AH:
02719         bpf_error("'ah' modifier applied to host");
02720 
02721     case Q_ESP:
02722         bpf_error("'esp' modifier applied to host");
02723 
02724     case Q_ISO:
02725         bpf_error("ISO host filtering not implemented");
02726 
02727     case Q_ESIS:
02728         bpf_error("'esis' modifier applied to host");
02729 
02730     case Q_ISIS:
02731         bpf_error("'isis' modifier applied to host");
02732 
02733     case Q_CLNP:
02734         bpf_error("'clnp' modifier applied to host");
02735 
02736     case Q_STP:
02737         bpf_error("'stp' modifier applied to host");
02738 
02739     case Q_IPX:
02740         bpf_error("IPX host filtering not implemented");
02741 
02742     case Q_NETBEUI:
02743         bpf_error("'netbeui' modifier applied to host");
02744 
02745     default:
02746         abort();
02747     }
02748     /* NOTREACHED */
02749 }
02750 #endif /*INET6*/
02751 
02752 #ifndef INET6
02753 static struct block *
02754 gen_gateway(eaddr, alist, proto, dir)
02755     const u_char *eaddr;
02756     bpf_u_int32 **alist;
02757     int proto;
02758     int dir;
02759 {
02760     struct block *b0, *b1, *tmp;
02761 
02762     if (dir != 0)
02763         bpf_error("direction applied to 'gateway'");
02764 
02765     switch (proto) {
02766     case Q_DEFAULT:
02767     case Q_IP:
02768     case Q_ARP:
02769     case Q_RARP:
02770         if (linktype == DLT_EN10MB)
02771             b0 = gen_ehostop(eaddr, Q_OR);
02772         else if (linktype == DLT_FDDI)
02773             b0 = gen_fhostop(eaddr, Q_OR);
02774         else if (linktype == DLT_IEEE802)
02775             b0 = gen_thostop(eaddr, Q_OR);
02776         else if (linktype == DLT_IEEE802_11)
02777             b0 = gen_wlanhostop(eaddr, Q_OR);
02778         else if (linktype == DLT_SUNATM && is_lane) {
02779             /*
02780              * Check that the packet doesn't begin with an
02781              * LE Control marker.  (We've already generated
02782              * a test for LANE.)
02783              */
02784             b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
02785             gen_not(b1);
02786 
02787             /*
02788              * Now check the MAC address.
02789              */
02790             b0 = gen_ehostop(eaddr, Q_OR);
02791             gen_and(b1, b0);
02792         } else if (linktype == DLT_IP_OVER_FC)
02793             b0 = gen_ipfchostop(eaddr, Q_OR);
02794         else
02795             bpf_error(
02796                 "'gateway' supported only on ethernet/FDDI/token ring/802.11/Fibre Channel");
02797 
02798         b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
02799         while (*alist) {
02800             tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
02801             gen_or(b1, tmp);
02802             b1 = tmp;
02803         }
02804         gen_not(b1);
02805         gen_and(b0, b1);
02806         return b1;
02807     }
02808     bpf_error("illegal modifier of 'gateway'");
02809     /* NOTREACHED */
02810 }
02811 #endif
02812 
02813 struct block *
02814 gen_proto_abbrev(proto)
02815     int proto;
02816 {
02817     struct block *b0;
02818     struct block *b1;
02819 
02820     switch (proto) {
02821 
02822     case Q_SCTP:
02823         b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
02824 #ifdef INET6
02825         b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
02826         gen_or(b0, b1);
02827 #endif
02828         break;
02829 
02830     case Q_TCP:
02831         b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
02832 #ifdef INET6
02833         b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
02834         gen_or(b0, b1);
02835 #endif
02836         break;
02837 
02838     case Q_UDP:
02839         b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
02840 #ifdef INET6
02841         b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
02842         gen_or(b0, b1);
02843 #endif
02844         break;
02845 
02846     case Q_ICMP:
02847         b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
02848         break;
02849 
02850 #ifndef IPPROTO_IGMP
02851 #define IPPROTO_IGMP    2
02852 #endif
02853 
02854     case Q_IGMP:
02855         b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
02856         break;
02857 
02858 #ifndef IPPROTO_IGRP
02859 #define IPPROTO_IGRP    9
02860 #endif
02861     case Q_IGRP:
02862         b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
02863         break;
02864 
02865 #ifndef IPPROTO_PIM
02866 #define IPPROTO_PIM 103
02867 #endif
02868 
02869     case Q_PIM:
02870         b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
02871 #ifdef INET6
02872         b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
02873         gen_or(b0, b1);
02874 #endif
02875         break;
02876 
02877 #ifndef IPPROTO_VRRP
02878 #define IPPROTO_VRRP    112
02879 #endif
02880 
02881     case Q_VRRP:
02882         b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
02883         break;
02884 
02885     case Q_IP:
02886         b1 =  gen_linktype(ETHERTYPE_IP);
02887         break;
02888 
02889     case Q_ARP:
02890         b1 =  gen_linktype(ETHERTYPE_ARP);
02891         break;
02892 
02893     case Q_RARP:
02894         b1 =  gen_linktype(ETHERTYPE_REVARP);
02895         break;
02896 
02897     case Q_LINK:
02898         bpf_error("link layer applied in wrong context");
02899 
02900     case Q_ATALK:
02901         b1 =  gen_linktype(ETHERTYPE_ATALK);
02902         break;
02903 
02904     case Q_AARP:
02905         b1 =  gen_linktype(ETHERTYPE_AARP);
02906         break;
02907 
02908     case Q_DECNET:
02909         b1 =  gen_linktype(ETHERTYPE_DN);
02910         break;
02911 
02912     case Q_SCA:
02913         b1 =  gen_linktype(ETHERTYPE_SCA);
02914         break;
02915 
02916     case Q_LAT:
02917         b1 =  gen_linktype(ETHERTYPE_LAT);
02918         break;
02919 
02920     case Q_MOPDL:
02921         b1 =  gen_linktype(ETHERTYPE_MOPDL);
02922         break;
02923 
02924     case Q_MOPRC:
02925         b1 =  gen_linktype(ETHERTYPE_MOPRC);
02926         break;
02927 
02928 #ifdef INET6
02929     case Q_IPV6:
02930         b1 = gen_linktype(ETHERTYPE_IPV6);
02931         break;
02932 
02933 #ifndef IPPROTO_ICMPV6
02934 #define IPPROTO_ICMPV6  58
02935 #endif
02936     case Q_ICMPV6:
02937         b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
02938         break;
02939 #endif /* INET6 */
02940 
02941 #ifndef IPPROTO_AH
02942 #define IPPROTO_AH  51
02943 #endif
02944     case Q_AH:
02945         b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
02946 #ifdef INET6
02947         b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
02948         gen_or(b0, b1);
02949 #endif
02950         break;
02951 
02952 #ifndef IPPROTO_ESP
02953 #define IPPROTO_ESP 50
02954 #endif
02955     case Q_ESP:
02956         b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
02957 #ifdef INET6
02958         b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
02959         gen_or(b0, b1);
02960 #endif
02961         break;
02962 
02963     case Q_ISO:
02964             b1 = gen_linktype(LLCSAP_ISONS);
02965         break;
02966 
02967     case Q_ESIS:
02968             b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
02969         break;
02970 
02971     case Q_ISIS:
02972             b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
02973         break;
02974 
02975     case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
02976             b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
02977             b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
02978         gen_or(b0, b1);
02979             b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
02980         gen_or(b0, b1);
02981             b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
02982         gen_or(b0, b1);
02983             b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
02984         gen_or(b0, b1);
02985         break;
02986 
02987     case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
02988             b0 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
02989             b1 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
02990         gen_or(b0, b1);
02991             b0 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
02992         gen_or(b0, b1);
02993             b0 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
02994         gen_or(b0, b1);
02995             b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
02996         gen_or(b0, b1);
02997         break;
02998 
02999     case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
03000             b0 = gen_proto(ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
03001             b1 = gen_proto(ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
03002         gen_or(b0, b1);
03003             b0 = gen_proto(ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);                
03004         gen_or(b0, b1);
03005         break;
03006 
03007     case Q_ISIS_LSP: 
03008             b0 = gen_proto(ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
03009             b1 = gen_proto(ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
03010         gen_or(b0, b1);
03011         break;
03012 
03013     case Q_ISIS_SNP:
03014             b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
03015             b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
03016         gen_or(b0, b1);
03017             b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
03018         gen_or(b0, b1);
03019             b0 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
03020         gen_or(b0, b1);
03021         break;
03022 
03023     case Q_ISIS_CSNP:
03024             b0 = gen_proto(ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
03025             b1 = gen_proto(ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
03026         gen_or(b0, b1);
03027         break;
03028 
03029     case Q_ISIS_PSNP:
03030             b0 = gen_proto(ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
03031             b1 = gen_proto(ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
03032         gen_or(b0, b1);
03033         break;
03034 
03035     case Q_CLNP:
03036             b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
03037         break;
03038 
03039     case Q_STP:
03040             b1 = gen_linktype(LLCSAP_8021D);
03041         break;
03042 
03043     case Q_IPX:
03044             b1 = gen_linktype(LLCSAP_IPX);
03045         break;
03046 
03047     case Q_NETBEUI:
03048             b1 = gen_linktype(LLCSAP_NETBEUI);
03049         break;
03050 
03051     default:
03052         abort();
03053     }
03054     return b1;
03055 }
03056 
03057 static struct block *
03058 gen_ipfrag()
03059 {
03060     struct slist *s;
03061     struct block *b;
03062 
03063     /* not ip frag */
03064     s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
03065     s->s.k = off_nl + 6;
03066     b = new_block(JMP(BPF_JSET));
03067     b->s.k = 0x1fff;
03068     b->stmts = s;
03069     gen_not(b);
03070 
03071     return b;
03072 }
03073 
03074 static struct block *
03075 gen_portatom(off, v)
03076     int off;
03077     bpf_int32 v;
03078 {
03079     struct slist *s;
03080     struct block *b;
03081 
03082     s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
03083     s->s.k = off_nl;
03084 
03085     s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
03086     s->next->s.k = off_nl + off;
03087 
03088     b = new_block(JMP(BPF_JEQ));
03089     b->stmts = s;
03090     b->s.k = v;
03091 
03092     return b;
03093 }
03094 
03095 #ifdef INET6
03096 static struct block *
03097 gen_portatom6(off, v)
03098     int off;
03099     bpf_int32 v;
03100 {
03101     return gen_cmp(off_nl + 40 + off, BPF_H, v);
03102 }
03103 #endif/*INET6*/
03104 
03105 struct block *
03106 gen_portop(port, proto, dir)
03107     int port, proto, dir;
03108 {
03109     struct block *b0, *b1, *tmp;
03110 
03111     /* ip proto 'proto' */
03112     tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
03113     b0 = gen_ipfrag();
03114     gen_and(tmp, b0);
03115 
03116     switch (dir) {
03117     case Q_SRC:
03118         b1 = gen_portatom(0, (bpf_int32)port);
03119         break;
03120 
03121     case Q_DST:
03122         b1 = gen_portatom(2, (bpf_int32)port);
03123         break;
03124 
03125     case Q_OR:
03126     case Q_DEFAULT:
03127         tmp = gen_portatom(0, (bpf_int32)port);
03128         b1 = gen_portatom(2, (bpf_int32)port);
03129         gen_or(tmp, b1);
03130         break;
03131 
03132     case Q_AND:
03133         tmp = gen_portatom(0, (bpf_int32)port);
03134         b1 = gen_portatom(2, (bpf_int32)port);
03135         gen_and(tmp, b1);
03136         break;
03137 
03138     default:
03139         abort();
03140     }
03141     gen_and(b0, b1);
03142 
03143     return b1;
03144 }
03145 
03146 static struct block *
03147 gen_port(port, ip_proto, dir)
03148     int port;
03149     int ip_proto;
03150     int dir;
03151 {
03152     struct block *b0, *b1, *tmp;
03153 
03154     /*
03155      * ether proto ip
03156      *
03157      * For FDDI, RFC 1188 says that SNAP encapsulation is used,
03158      * not LLC encapsulation with LLCSAP_IP.
03159      *
03160      * For IEEE 802 networks - which includes 802.5 token ring
03161      * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
03162      * says that SNAP encapsulation is used, not LLC encapsulation
03163      * with LLCSAP_IP.
03164      *
03165      * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
03166      * RFC 2225 say that SNAP encapsulation is used, not LLC
03167      * encapsulation with LLCSAP_IP.
03168      *
03169      * So we always check for ETHERTYPE_IP.
03170      */
03171     b0 =  gen_linktype(ETHERTYPE_IP);
03172 
03173     switch (ip_proto) {
03174     case IPPROTO_UDP:
03175     case IPPROTO_TCP:
03176     case IPPROTO_SCTP:
03177         b1 = gen_portop(port, ip_proto, dir);
03178         break;
03179 
03180     case PROTO_UNDEF:
03181         tmp = gen_portop(port, IPPROTO_TCP, dir);
03182         b1 = gen_portop(port, IPPROTO_UDP, dir);
03183         gen_or(tmp, b1);
03184         tmp = gen_portop(port, IPPROTO_SCTP, dir);
03185         gen_or(tmp, b1);
03186         break;
03187 
03188     default:
03189         abort();
03190     }
03191     gen_and(b0, b1);
03192     return b1;
03193 }
03194 
03195 #ifdef INET6
03196 struct block *
03197 gen_portop6(port, proto, dir)
03198     int port, proto, dir;
03199 {
03200     struct block *b0, *b1, *tmp;
03201 
03202     /* ip proto 'proto' */
03203     b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
03204 
03205     switch (dir) {
03206     case Q_SRC:
03207         b1 = gen_portatom6(0, (bpf_int32)port);
03208         break;
03209 
03210     case Q_DST:
03211         b1 = gen_portatom6(2, (bpf_int32)port);
03212         break;
03213 
03214     case Q_OR:
03215     case Q_DEFAULT:
03216         tmp = gen_portatom6(0, (bpf_int32)port);
03217         b1 = gen_portatom6(2, (bpf_int32)port);
03218         gen_or(tmp, b1);
03219         break;
03220 
03221     case Q_AND:
03222         tmp = gen_portatom6(0, (bpf_int32)port);
03223         b1 = gen_portatom6(2, (bpf_int32)port);
03224         gen_and(tmp, b1);
03225         break;
03226 
03227     default:
03228         abort();
03229     }
03230     gen_and(b0, b1);
03231 
03232     return b1;
03233 }
03234 
03235 static struct block *
03236 gen_port6(port, ip_proto, dir)
03237     int port;
03238     int ip_proto;
03239     int dir;
03240 {
03241     struct block *b0, *b1, *tmp;
03242 
03243     /* ether proto ip */
03244     b0 =  gen_linktype(ETHERTYPE_IPV6);
03245 
03246     switch (ip_proto) {
03247     case IPPROTO_UDP:
03248     case IPPROTO_TCP:
03249     case IPPROTO_SCTP:
03250         b1 = gen_portop6(port, ip_proto, dir);
03251         break;
03252 
03253     case PROTO_UNDEF:
03254         tmp = gen_portop6(port, IPPROTO_TCP, dir);
03255         b1 = gen_portop6(port, IPPROTO_UDP, dir);
03256         gen_or(tmp, b1);
03257         tmp = gen_portop6(port, IPPROTO_SCTP, dir);
03258         gen_or(tmp, b1);
03259         break;
03260 
03261     default:
03262         abort();
03263     }
03264     gen_and(b0, b1);
03265     return b1;
03266 }
03267 #endif /* INET6 */
03268 
03269 static int
03270 lookup_proto(name, proto)
03271     register const char *name;
03272     register int proto;
03273 {
03274     register int v;
03275 
03276     switch (proto) {
03277 
03278     case Q_DEFAULT:
03279     case Q_IP:
03280     case Q_IPV6:
03281         v = pcap_nametoproto(name);
03282         if (v == PROTO_UNDEF)
03283             bpf_error("unknown ip proto '%s'", name);
03284         break;
03285 
03286     case Q_LINK:
03287         /* XXX should look up h/w protocol type based on linktype */
03288         v = pcap_nametoeproto(name);
03289         if (v == PROTO_UNDEF)
03290             bpf_error("unknown ether proto '%s'", name);
03291         break;
03292 
03293     case Q_ISO:
03294         if (strcmp(name, "esis") == 0)
03295             v = ISO9542_ESIS;
03296         else if (strcmp(name, "isis") == 0)
03297             v = ISO10589_ISIS;
03298         else if (strcmp(name, "clnp") == 0)
03299             v = ISO8473_CLNP;
03300         else
03301             bpf_error("unknown osi proto '%s'", name);
03302         break;
03303 
03304     default:
03305         v = PROTO_UNDEF;
03306         break;
03307     }
03308     return v;
03309 }
03310 
03311 #if 0
03312 struct stmt *
03313 gen_joinsp(s, n)
03314     struct stmt **s;
03315     int n;
03316 {
03317     return NULL;
03318 }
03319 #endif
03320 
03321 static struct block *
03322 gen_protochain(v, proto, dir)
03323     int v;
03324     int proto;
03325     int dir;
03326 {
03327 #ifdef NO_PROTOCHAIN
03328     return gen_proto(v, proto, dir);
03329 #else
03330     struct block *b0, *b;
03331     struct slist *s[100];
03332     int fix2, fix3, fix4, fix5;
03333     int ahcheck, again, end;
03334     int i, max;
03335     int reg2 = alloc_reg();
03336 
03337     memset(s, 0, sizeof(s));
03338     fix2 = fix3 = fix4 = fix5 = 0;
03339 
03340     switch (proto) {
03341     case Q_IP:
03342     case Q_IPV6:
03343         break;
03344     case Q_DEFAULT:
03345         b0 = gen_protochain(v, Q_IP, dir);
03346         b = gen_protochain(v, Q_IPV6, dir);
03347         gen_or(b0, b);
03348         return b;
03349     default:
03350         bpf_error("bad protocol applied for 'protochain'");
03351         /*NOTREACHED*/
03352     }
03353 
03354     no_optimize = 1; /*this code is not compatible with optimzer yet */
03355 
03356     /*
03357      * s[0] is a dummy entry to protect other BPF insn from damaged
03358      * by s[fix] = foo with uninitialized variable "fix".  It is somewhat
03359      * hard to find interdependency made by jump table fixup.
03360      */
03361     i = 0;
03362     s[i] = new_stmt(0); /*dummy*/
03363     i++;
03364 
03365     switch (proto) {
03366     case Q_IP:
03367         b0 = gen_linktype(ETHERTYPE_IP);
03368 
03369         /* A = ip->ip_p */
03370         s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
03371         s[i]->s.k = off_nl + 9;
03372         i++;
03373         /* X = ip->ip_hl << 2 */
03374         s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
03375         s[i]->s.k = off_nl;
03376         i++;
03377         break;
03378 #ifdef INET6
03379     case Q_IPV6:
03380         b0 = gen_linktype(ETHERTYPE_IPV6);
03381 
03382         /* A = ip6->ip_nxt */
03383         s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
03384         s[i]->s.k = off_nl + 6;
03385         i++;
03386         /* X = sizeof(struct ip6_hdr) */
03387         s[i] = new_stmt(BPF_LDX|BPF_IMM);
03388         s[i]->s.k = 40;
03389         i++;
03390         break;
03391 #endif
03392     default:
03393         bpf_error("unsupported proto to gen_protochain");
03394         /*NOTREACHED*/
03395     }
03396 
03397     /* again: if (A == v) goto end; else fall through; */
03398     again = i;
03399     s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03400     s[i]->s.k = v;
03401     s[i]->s.jt = NULL;      /*later*/
03402     s[i]->s.jf = NULL;      /*update in next stmt*/
03403     fix5 = i;
03404     i++;
03405 
03406 #ifndef IPPROTO_NONE
03407 #define IPPROTO_NONE    59
03408 #endif
03409     /* if (A == IPPROTO_NONE) goto end */
03410     s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03411     s[i]->s.jt = NULL;  /*later*/
03412     s[i]->s.jf = NULL;  /*update in next stmt*/
03413     s[i]->s.k = IPPROTO_NONE;
03414     s[fix5]->s.jf = s[i];
03415     fix2 = i;
03416     i++;
03417 
03418 #ifdef INET6
03419     if (proto == Q_IPV6) {
03420         int v6start, v6end, v6advance, j;
03421 
03422         v6start = i;
03423         /* if (A == IPPROTO_HOPOPTS) goto v6advance */
03424         s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03425         s[i]->s.jt = NULL;  /*later*/
03426         s[i]->s.jf = NULL;  /*update in next stmt*/
03427         s[i]->s.k = IPPROTO_HOPOPTS;
03428         s[fix2]->s.jf = s[i];
03429         i++;
03430         /* if (A == IPPROTO_DSTOPTS) goto v6advance */
03431         s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03432         s[i]->s.jt = NULL;  /*later*/
03433         s[i]->s.jf = NULL;  /*update in next stmt*/
03434         s[i]->s.k = IPPROTO_DSTOPTS;
03435         i++;
03436         /* if (A == IPPROTO_ROUTING) goto v6advance */
03437         s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03438         s[i]->s.jt = NULL;  /*later*/
03439         s[i]->s.jf = NULL;  /*update in next stmt*/
03440         s[i]->s.k = IPPROTO_ROUTING;
03441         i++;
03442         /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
03443         s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03444         s[i]->s.jt = NULL;  /*later*/
03445         s[i]->s.jf = NULL;  /*later*/
03446         s[i]->s.k = IPPROTO_FRAGMENT;
03447         fix3 = i;
03448         v6end = i;
03449         i++;
03450 
03451         /* v6advance: */
03452         v6advance = i;
03453 
03454         /*
03455          * in short,
03456          * A = P[X];
03457          * X = X + (P[X + 1] + 1) * 8;
03458          */
03459         /* A = X */
03460         s[i] = new_stmt(BPF_MISC|BPF_TXA);
03461         i++;
03462         /* A = P[X + packet head] */
03463         s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
03464         s[i]->s.k = off_nl;
03465         i++;
03466         /* MEM[reg2] = A */
03467         s[i] = new_stmt(BPF_ST);
03468         s[i]->s.k = reg2;
03469         i++;
03470         /* A = X */
03471         s[i] = new_stmt(BPF_MISC|BPF_TXA);
03472         i++;
03473         /* A += 1 */
03474         s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03475         s[i]->s.k = 1;
03476         i++;
03477         /* X = A */
03478         s[i] = new_stmt(BPF_MISC|BPF_TAX);
03479         i++;
03480         /* A = P[X + packet head]; */
03481         s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
03482         s[i]->s.k = off_nl;
03483         i++;
03484         /* A += 1 */
03485         s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03486         s[i]->s.k = 1;
03487         i++;
03488         /* A *= 8 */
03489         s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
03490         s[i]->s.k = 8;
03491         i++;
03492         /* X = A; */
03493         s[i] = new_stmt(BPF_MISC|BPF_TAX);
03494         i++;
03495         /* A = MEM[reg2] */
03496         s[i] = new_stmt(BPF_LD|BPF_MEM);
03497         s[i]->s.k = reg2;
03498         i++;
03499 
03500         /* goto again; (must use BPF_JA for backward jump) */
03501         s[i] = new_stmt(BPF_JMP|BPF_JA);
03502         s[i]->s.k = again - i - 1;
03503         s[i - 1]->s.jf = s[i];
03504         i++;
03505 
03506         /* fixup */
03507         for (j = v6start; j <= v6end; j++)
03508             s[j]->s.jt = s[v6advance];
03509     } else
03510 #endif
03511     {
03512         /* nop */
03513         s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03514         s[i]->s.k = 0;
03515         s[fix2]->s.jf = s[i];
03516         i++;
03517     }
03518 
03519     /* ahcheck: */
03520     ahcheck = i;
03521     /* if (A == IPPROTO_AH) then fall through; else goto end; */
03522     s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
03523     s[i]->s.jt = NULL;  /*later*/
03524     s[i]->s.jf = NULL;  /*later*/
03525     s[i]->s.k = IPPROTO_AH;
03526     if (fix3)
03527         s[fix3]->s.jf = s[ahcheck];
03528     fix4 = i;
03529     i++;
03530 
03531     /*
03532      * in short,
03533      * A = P[X];
03534      * X = X + (P[X + 1] + 2) * 4;
03535      */
03536     /* A = X */
03537     s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
03538     i++;
03539     /* A = P[X + packet head]; */
03540     s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
03541     s[i]->s.k = off_nl;
03542     i++;
03543     /* MEM[reg2] = A */
03544     s[i] = new_stmt(BPF_ST);
03545     s[i]->s.k = reg2;
03546     i++;
03547     /* A = X */
03548     s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
03549     i++;
03550     /* A += 1 */
03551     s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03552     s[i]->s.k = 1;
03553     i++;
03554     /* X = A */
03555     s[i] = new_stmt(BPF_MISC|BPF_TAX);
03556     i++;
03557     /* A = P[X + packet head] */
03558     s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
03559     s[i]->s.k = off_nl;
03560     i++;
03561     /* A += 2 */
03562     s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03563     s[i]->s.k = 2;
03564     i++;
03565     /* A *= 4 */
03566     s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
03567     s[i]->s.k = 4;
03568     i++;
03569     /* X = A; */
03570     s[i] = new_stmt(BPF_MISC|BPF_TAX);
03571     i++;
03572     /* A = MEM[reg2] */
03573     s[i] = new_stmt(BPF_LD|BPF_MEM);
03574     s[i]->s.k = reg2;
03575     i++;
03576 
03577     /* goto again; (must use BPF_JA for backward jump) */
03578     s[i] = new_stmt(BPF_JMP|BPF_JA);
03579     s[i]->s.k = again - i - 1;
03580     i++;
03581 
03582     /* end: nop */
03583     end = i;
03584     s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
03585     s[i]->s.k = 0;
03586     s[fix2]->s.jt = s[end];
03587     s[fix4]->s.jf = s[end];
03588     s[fix5]->s.jt = s[end];
03589     i++;
03590 
03591     /*
03592      * make slist chain
03593      */
03594     max = i;
03595     for (i = 0; i < max - 1; i++)
03596         s[i]->next = s[i + 1];
03597     s[max - 1]->next = NULL;
03598 
03599     /*
03600      * emit final check
03601      */
03602     b = new_block(JMP(BPF_JEQ));
03603     b->stmts = s[1];    /*remember, s[0] is dummy*/
03604     b->s.k = v;
03605 
03606     free_reg(reg2);
03607 
03608     gen_and(b0, b);
03609     return b;
03610 #endif
03611 }
03612 
03613 static struct block *
03614 gen_proto(v, proto, dir)
03615     int v;
03616     int proto;
03617     int dir;
03618 {
03619     struct block *b0, *b1;
03620 
03621     if (dir != Q_DEFAULT)
03622         bpf_error("direction applied to 'proto'");
03623 
03624     switch (proto) {
03625     case Q_DEFAULT:
03626 #ifdef INET6
03627         b0 = gen_proto(v, Q_IP, dir);
03628         b1 = gen_proto(v, Q_IPV6, dir);
03629         gen_or(b0, b1);
03630         return b1;
03631 #else
03632         /*FALLTHROUGH*/
03633 #endif
03634     case Q_IP:
03635         /*
03636          * For FDDI, RFC 1188 says that SNAP encapsulation is used,
03637          * not LLC encapsulation with LLCSAP_IP.
03638          *
03639          * For IEEE 802 networks - which includes 802.5 token ring
03640          * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
03641          * says that SNAP encapsulation is used, not LLC encapsulation
03642          * with LLCSAP_IP.
03643          *
03644          * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
03645          * RFC 2225 say that SNAP encapsulation is used, not LLC
03646          * encapsulation with LLCSAP_IP.
03647          *
03648          * So we always check for ETHERTYPE_IP.
03649          */
03650         b0 = gen_linktype(ETHERTYPE_IP);
03651 #ifndef CHASE_CHAIN
03652         b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
03653 #else
03654         b1 = gen_protochain(v, Q_IP);
03655 #endif
03656         gen_and(b0, b1);
03657         return b1;
03658 
03659     case Q_ISO:
03660         switch (linktype) {
03661 
03662         case DLT_FRELAY:
03663             /*
03664              * Frame Relay packets typically have an OSI
03665              * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
03666              * generates code to check for all the OSI
03667              * NLPIDs, so calling it and then adding a check
03668              * for the particular NLPID for which we're
03669              * looking is bogus, as we can just check for
03670              * the NLPID.
03671              *
03672              * What we check for is the NLPID and a frame
03673              * control field value of UI, i.e. 0x03 followed
03674              * by the NLPID.
03675              *
03676              * XXX - assumes a 2-byte Frame Relay header with
03677              * DLCI and flags.  What if the address is longer?
03678              *
03679              * XXX - what about SNAP-encapsulated frames?
03680              */
03681             return gen_cmp(2, BPF_H, (0x03<<8) | v);
03682             break;
03683 
03684         case DLT_C_HDLC:
03685             /*
03686              * Cisco uses an Ethertype lookalike - for OSI,
03687              * it's 0xfefe.
03688              */
03689             b0 = gen_linktype(LLCSAP_ISONS<<8 | LLCSAP_ISONS);
03690             /* OSI in C-HDLC is stuffed with a fudge byte */
03691             b1 = gen_cmp(off_nl_nosnap+1, BPF_B, (long)v);
03692             gen_and(b0, b1);
03693             return b1;
03694 
03695         default:
03696             b0 = gen_linktype(LLCSAP_ISONS);
03697             b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
03698             gen_and(b0, b1);
03699             return b1;
03700         }
03701 
03702     case Q_ISIS:
03703         b0 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
03704         /*
03705          * 4 is the offset of the PDU type relative to the IS-IS
03706          * header.
03707          */
03708         b1 = gen_cmp(off_nl_nosnap+4, BPF_B, (long)v);
03709         gen_and(b0, b1);
03710         return b1;
03711 
03712     case Q_ARP:
03713         bpf_error("arp does not encapsulate another protocol");
03714         /* NOTREACHED */
03715 
03716     case Q_RARP:
03717         bpf_error("rarp does not encapsulate another protocol");
03718         /* NOTREACHED */
03719 
03720     case Q_ATALK:
03721         bpf_error("atalk encapsulation is not specifiable");
03722         /* NOTREACHED */
03723 
03724     case Q_DECNET:
03725         bpf_error("decnet encapsulation is not specifiable");
03726         /* NOTREACHED */
03727 
03728     case Q_SCA:
03729         bpf_error("sca does not encapsulate another protocol");
03730         /* NOTREACHED */
03731 
03732     case Q_LAT:
03733         bpf_error("lat does not encapsulate another protocol");
03734         /* NOTREACHED */
03735 
03736     case Q_MOPRC:
03737         bpf_error("moprc does not encapsulate another protocol");
03738         /* NOTREACHED */
03739 
03740     case Q_MOPDL:
03741         bpf_error("mopdl does not encapsulate another protocol");
03742         /* NOTREACHED */
03743 
03744     case Q_LINK:
03745         return gen_linktype(v);
03746 
03747     case Q_UDP:
03748         bpf_error("'udp proto' is bogus");
03749         /* NOTREACHED */
03750 
03751     case Q_TCP:
03752         bpf_error("'tcp proto' is bogus");
03753         /* NOTREACHED */
03754 
03755     case Q_SCTP:
03756         bpf_error("'sctp proto' is bogus");
03757         /* NOTREACHED */
03758 
03759     case Q_ICMP:
03760         bpf_error("'icmp proto' is bogus");
03761         /* NOTREACHED */
03762 
03763     case Q_IGMP:
03764         bpf_error("'igmp proto' is bogus");
03765         /* NOTREACHED */
03766 
03767     case Q_IGRP:
03768         bpf_error("'igrp proto' is bogus");
03769         /* NOTREACHED */
03770 
03771     case Q_PIM:
03772         bpf_error("'pim proto' is bogus");
03773         /* NOTREACHED */
03774 
03775     case Q_VRRP:
03776         bpf_error("'vrrp proto' is bogus");
03777         /* NOTREACHED */
03778 
03779 #ifdef INET6
03780     case Q_IPV6:
03781         b0 = gen_linktype(ETHERTYPE_IPV6);
03782 #ifndef CHASE_CHAIN
03783         b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
03784 #else
03785         b1 = gen_protochain(v, Q_IPV6);
03786 #endif
03787         gen_and(b0, b1);
03788         return b1;
03789 
03790     case Q_ICMPV6:
03791         bpf_error("'icmp6 proto' is bogus");
03792 #endif /* INET6 */
03793 
03794     case Q_AH:
03795         bpf_error("'ah proto' is bogus");
03796 
03797     case Q_ESP:
03798         bpf_error("'ah proto' is bogus");
03799 
03800     case Q_STP:
03801         bpf_error("'stp proto' is bogus");
03802 
03803     case Q_IPX:
03804         bpf_error("'ipx proto' is bogus");
03805 
03806     case Q_NETBEUI:
03807         bpf_error("'netbeui proto' is bogus");
03808 
03809     default:
03810         abort();
03811         /* NOTREACHED */
03812     }
03813     /* NOTREACHED */
03814 }
03815 
03816 struct block *
03817 gen_scode(name, q)
03818     register const char *name;
03819     struct qual q;
03820 {
03821     int proto = q.proto;
03822     int dir = q.dir;
03823     int tproto;
03824     u_char *eaddr;
03825     bpf_u_int32 mask, addr;
03826 #ifndef INET6
03827     bpf_u_int32 **alist;
03828 #else
03829     int tproto6;
03830     struct sockaddr_in *sin;
03831     struct sockaddr_in6 *sin6;
03832     struct addrinfo *res, *res0;
03833     struct in6_addr mask128;
03834 #endif /*INET6*/
03835     struct block *b, *tmp;
03836     int port, real_proto;
03837 
03838     switch (q.addr) {
03839 
03840     case Q_NET:
03841         addr = pcap_nametonetaddr(name);
03842         if (addr == 0)
03843             bpf_error("unknown network '%s'", name);
03844         /* Left justify network addr and calculate its network mask */
03845         mask = 0xffffffff;
03846         while (addr && (addr & 0xff000000) == 0) {
03847             addr <<= 8;
03848             mask <<= 8;
03849         }
03850         return gen_host(addr, mask, proto, dir);
03851 
03852     case Q_DEFAULT:
03853     case Q_HOST:
03854         if (proto == Q_LINK) {
03855             switch (linktype) {
03856 
03857             case DLT_EN10MB:
03858                 eaddr = pcap_ether_hostton(name);
03859                 if (eaddr == NULL)
03860                     bpf_error(
03861                         "unknown ether host '%s'", name);
03862                 b = gen_ehostop(eaddr, dir);
03863                 free(eaddr);
03864                 return b;
03865 
03866             case DLT_FDDI:
03867                 eaddr = pcap_ether_hostton(name);
03868                 if (eaddr == NULL)
03869                     bpf_error(
03870                         "unknown FDDI host '%s'", name);
03871                 b = gen_fhostop(eaddr, dir);
03872                 free(eaddr);
03873                 return b;
03874 
03875             case DLT_IEEE802:
03876                 eaddr = pcap_ether_hostton(name);
03877                 if (eaddr == NULL)
03878                     bpf_error(
03879                         "unknown token ring host '%s'", name);
03880                 b = gen_thostop(eaddr, dir);
03881                 free(eaddr);
03882                 return b;
03883 
03884             case DLT_IEEE802_11:
03885                 eaddr = pcap_ether_hostton(name);
03886                 if (eaddr == NULL)
03887                     bpf_error(
03888                         "unknown 802.11 host '%s'", name);
03889                 b = gen_wlanhostop(eaddr, dir);
03890                 free(eaddr);
03891                 return b;
03892 
03893             case DLT_IP_OVER_FC:
03894                 eaddr = pcap_ether_hostton(name);
03895                 if (eaddr == NULL)
03896                     bpf_error(
03897                         "unknown Fibre Channel host '%s'", name);
03898                 b = gen_ipfchostop(eaddr, dir);
03899                 free(eaddr);
03900                 return b;
03901 
03902             case DLT_SUNATM:
03903                 if (!is_lane)
03904                     break;
03905 
03906                 /*
03907                  * Check that the packet doesn't begin
03908                  * with an LE Control marker.  (We've
03909                  * already generated a test for LANE.)
03910                  */
03911                 tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H,
03912                     0xFF00);
03913                 gen_not(tmp);
03914 
03915                 eaddr = pcap_ether_hostton(name);
03916                 if (eaddr == NULL)
03917                     bpf_error(
03918                         "unknown ether host '%s'", name);
03919                 b = gen_ehostop(eaddr, dir);
03920                 gen_and(tmp, b);
03921                 free(eaddr);
03922                 return b;
03923             }
03924 
03925             bpf_error("only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
03926         } else if (proto == Q_DECNET) {
03927             unsigned short dn_addr = __pcap_nametodnaddr(name);
03928             /*
03929              * I don't think DECNET hosts can be multihomed, so
03930              * there is no need to build up a list of addresses
03931              */
03932             return (gen_host(dn_addr, 0, proto, dir));
03933         } else {
03934 #ifndef INET6
03935             alist = pcap_nametoaddr(name);
03936             if (alist == NULL || *alist == NULL)
03937                 bpf_error("unknown host '%s'", name);
03938             tproto = proto;
03939             if (off_linktype == (u_int)-1 && tproto == Q_DEFAULT)
03940                 tproto = Q_IP;
03941             b = gen_host(**alist++, 0xffffffff, tproto, dir);
03942             while (*alist) {
03943                 tmp = gen_host(**alist++, 0xffffffff,
03944                            tproto, dir);
03945                 gen_or(b, tmp);
03946                 b = tmp;
03947             }
03948             return b;
03949 #else
03950             memset(&mask128, 0xff, sizeof(mask128));
03951             res0 = res = pcap_nametoaddrinfo(name);
03952             if (res == NULL)
03953                 bpf_error("unknown host '%s'", name);
03954             b = tmp = NULL;
03955             tproto = tproto6 = proto;
03956             if (off_linktype == -1 && tproto == Q_DEFAULT) {
03957                 tproto = Q_IP;
03958                 tproto6 = Q_IPV6;
03959             }
03960             for (res = res0; res; res = res->ai_next) {
03961                 switch (res->ai_family) {
03962                 case AF_INET:
03963                     if (tproto == Q_IPV6)
03964                         continue;
03965 
03966                     sin = (struct sockaddr_in *)
03967                         res->ai_addr;
03968                     tmp = gen_host(ntohl(sin->sin_addr.s_addr),
03969                         0xffffffff, tproto, dir);
03970                     break;
03971                 case AF_INET6:
03972                     if (tproto6 == Q_IP)
03973                         continue;
03974 
03975                     sin6 = (struct sockaddr_in6 *)
03976                         res->ai_addr;
03977                     tmp = gen_host6(&sin6->sin6_addr,
03978                         &mask128, tproto6, dir);
03979                     break;
03980                 default:
03981                     continue;
03982                 }
03983                 if (b)
03984                     gen_or(b, tmp);
03985                 b = tmp;
03986             }
03987             freeaddrinfo(res0);
03988             if (b == NULL) {
03989                 bpf_error("unknown host '%s'%s", name,
03990                     (proto == Q_DEFAULT)
03991                     ? ""
03992                     : " for specified address family");
03993             }
03994             return b;
03995 #endif /*INET6*/
03996         }
03997 
03998     case Q_PORT:
03999         if (proto != Q_DEFAULT &&
04000             proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
04001             bpf_error("illegal qualifier of 'port'");
04002         if (pcap_nametoport(name, &port, &real_proto) == 0)
04003             bpf_error("unknown port '%s'", name);
04004         if (proto == Q_UDP) {
04005             if (real_proto == IPPROTO_TCP)
04006                 bpf_error("port '%s' is tcp", name);
04007             else if (real_proto == IPPROTO_SCTP)
04008                 bpf_error("port '%s' is sctp", name);
04009             else
04010                 /* override PROTO_UNDEF */
04011                 real_proto = IPPROTO_UDP;
04012         }
04013         if (proto == Q_TCP) {
04014             if (real_proto == IPPROTO_UDP)
04015                 bpf_error("port '%s' is udp", name);
04016 
04017             else if (real_proto == IPPROTO_SCTP)
04018                 bpf_error("port '%s' is sctp", name);
04019             else
04020                 /* override PROTO_UNDEF */
04021                 real_proto = IPPROTO_TCP;
04022         }
04023         if (proto == Q_SCTP) {
04024             if (real_proto == IPPROTO_UDP)
04025                 bpf_error("port '%s' is udp", name);
04026 
04027             else if (real_proto == IPPROTO_TCP)
04028                 bpf_error("port '%s' is tcp", name);
04029             else
04030                 /* override PROTO_UNDEF */
04031                 real_proto = IPPROTO_SCTP;
04032         }
04033 #ifndef INET6
04034         return gen_port(port, real_proto, dir);
04035 #else
04036         {
04037         struct block *b;
04038         b = gen_port(port, real_proto, dir);
04039         gen_or(gen_port6(port, real_proto, dir), b);
04040         return b;
04041         }
04042 #endif /* INET6 */
04043 
04044     case Q_GATEWAY:
04045 #ifndef INET6
04046         eaddr = pcap_ether_hostton(name);
04047         if (eaddr == NULL)
04048             bpf_error("unknown ether host: %s", name);
04049 
04050         alist = pcap_nametoaddr(name);
04051         if (alist == NULL || *alist == NULL)
04052             bpf_error("unknown host '%s'", name);
04053         b = gen_gateway(eaddr, alist, proto, dir);
04054         free(eaddr);
04055         return b;
04056 #else
04057         bpf_error("'gateway' not supported in this configuration");
04058 #endif /*INET6*/
04059 
04060     case Q_PROTO:
04061         real_proto = lookup_proto(name, proto);
04062         if (real_proto >= 0)
04063             return gen_proto(real_proto, proto, dir);
04064         else
04065             bpf_error("unknown protocol: %s", name);
04066 
04067     case Q_PROTOCHAIN:
04068         real_proto = lookup_proto(name, proto);
04069         if (real_proto >= 0)
04070             return gen_protochain(real_proto, proto, dir);
04071         else
04072             bpf_error("unknown protocol: %s", name);
04073 
04074 
04075     case Q_UNDEF:
04076         syntax();
04077         /* NOTREACHED */
04078     }
04079     abort();
04080     /* NOTREACHED */
04081 }
04082 
04083 struct block *
04084 gen_mcode(s1, s2, masklen, q)
04085     register const char *s1, *s2;
04086     register int masklen;
04087     struct qual q;
04088 {
04089     register int nlen, mlen;
04090     bpf_u_int32 n, m;
04091 
04092     nlen = __pcap_atoin(s1, &n);
04093     /* Promote short ipaddr */
04094     n <<= 32 - nlen;
04095 
04096     if (s2 != NULL) {
04097         mlen = __pcap_atoin(s2, &m);
04098         /* Promote short ipaddr */
04099         m <<= 32 - mlen;
04100         if ((n & ~m) != 0)
04101             bpf_error("non-network bits set in \"%s mask %s\"",
04102                 s1, s2);
04103     } else {
04104         /* Convert mask len to mask */
04105         if (masklen > 32)
04106             bpf_error("mask length must be <= 32");
04107         m = 0xffffffff << (32 - masklen);
04108         if ((n & ~m) != 0)
04109             bpf_error("non-network bits set in \"%s/%d\"",
04110                 s1, masklen);
04111     }
04112 
04113     switch (q.addr) {
04114 
04115     case Q_NET:
04116         return gen_host(n, m, q.proto, q.dir);
04117 
04118     default:
04119         bpf_error("Mask syntax for networks only");
04120         /* NOTREACHED */
04121     }
04122 }
04123 
04124 struct block *
04125 gen_ncode(s, v, q)
04126     register const char *s;
04127     bpf_u_int32 v;
04128     struct qual q;
04129 {
04130     bpf_u_int32 mask;
04131     int proto = q.proto;
04132     int dir = q.dir;
04133     register int vlen;
04134 
04135     if (s == NULL)
04136         vlen = 32;
04137     else if (q.proto == Q_DECNET)
04138         vlen = __pcap_atodn(s, &v);
04139     else
04140         vlen = __pcap_atoin(s, &v);
04141 
04142     switch (q.addr) {
04143 
04144     case Q_DEFAULT:
04145     case Q_HOST:
04146     case Q_NET:
04147         if (proto == Q_DECNET)
04148             return gen_host(v, 0, proto, dir);
04149         else if (proto == Q_LINK) {
04150             bpf_error("illegal link layer address");
04151         } else {
04152             mask = 0xffffffff;
04153             if (s == NULL && q.addr == Q_NET) {
04154                 /* Promote short net number */
04155                 while (v && (v & 0xff000000) == 0) {
04156                     v <<= 8;
04157                     mask <<= 8;
04158                 }
04159             } else {
04160                 /* Promote short ipaddr */
04161                 v <<= 32 - vlen;
04162                 mask <<= 32 - vlen;
04163             }
04164             return gen_host(v, mask, proto, dir);
04165         }
04166 
04167     case Q_PORT:
04168         if (proto == Q_UDP)
04169             proto = IPPROTO_UDP;
04170         else if (proto == Q_TCP)
04171             proto = IPPROTO_TCP;
04172         else if (proto == Q_SCTP)
04173             proto = IPPROTO_SCTP;
04174         else if (proto == Q_DEFAULT)
04175             proto = PROTO_UNDEF;
04176         else
04177             bpf_error("illegal qualifier of 'port'");
04178 
04179 #ifndef INET6
04180         return gen_port((int)v, proto, dir);
04181 #else
04182         {
04183         struct block *b;
04184         b = gen_port((int)v, proto, dir);
04185         gen_or(gen_port6((int)v, proto, dir), b);
04186         return b;
04187         }
04188 #endif /* INET6 */
04189 
04190     case Q_GATEWAY:
04191         bpf_error("'gateway' requires a name");
04192         /* NOTREACHED */
04193 
04194     case Q_PROTO:
04195         return gen_proto((int)v, proto, dir);
04196 
04197     case Q_PROTOCHAIN:
04198         return gen_protochain((int)v, proto, dir);
04199 
04200     case Q_UNDEF:
04201         syntax();
04202         /* NOTREACHED */
04203 
04204     default:
04205         abort();
04206         /* NOTREACHED */
04207     }
04208     /* NOTREACHED */
04209 }
04210 
04211 #ifdef INET6
04212 struct block *
04213 gen_mcode6(s1, s2, masklen, q)
04214     register const char *s1, *s2;
04215     register int masklen;
04216     struct qual q;
04217 {
04218     struct addrinfo *res;
04219     struct in6_addr *addr;
04220     struct in6_addr mask;
04221     struct block *b;
04222     u_int32_t *a, *m;
04223 
04224     if (s2)
04225         bpf_error("no mask %s supported", s2);
04226 
04227     res = pcap_nametoaddrinfo(s1);
04228     if (!res)
04229         bpf_error("invalid ip6 address %s", s1);
04230     if (res->ai_next)
04231         bpf_error("%s resolved to multiple address", s1);
04232     addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
04233 
04234     if (sizeof(mask) * 8 < masklen)
04235         bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
04236     memset(&mask, 0, sizeof(mask));
04237     memset(&mask, 0xff, masklen / 8);
04238     if (masklen % 8) {
04239         mask.s6_addr[masklen / 8] =
04240             (0xff << (8 - masklen % 8)) & 0xff;
04241     }
04242 
04243     a = (u_int32_t *)addr;
04244     m = (u_int32_t *)&mask;
04245     if ((a[0] & ~m[0]) || (a[1] & ~m[1])
04246      || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
04247         bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
04248     }
04249 
04250     switch (q.addr) {
04251 
04252     case Q_DEFAULT:
04253     case Q_HOST:
04254         if (masklen != 128)
04255             bpf_error("Mask syntax for networks only");
04256         /* FALLTHROUGH */
04257 
04258     case Q_NET:
04259         b = gen_host6(addr, &mask, q.proto, q.dir);
04260         freeaddrinfo(res);
04261         return b;
04262 
04263     default:
04264         bpf_error("invalid qualifier against IPv6 address");
04265         /* NOTREACHED */
04266     }
04267 }
04268 #endif /*INET6*/
04269 
04270 struct block *
04271 gen_ecode(eaddr, q)
04272     register const u_char *eaddr;
04273     struct qual q;
04274 {
04275     struct block *b, *tmp;
04276 
04277     if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
04278         if (linktype == DLT_EN10MB)
04279             return gen_ehostop(eaddr, (int)q.dir);
04280         if (linktype == DLT_FDDI)
04281             return gen_fhostop(eaddr, (int)q.dir);
04282         if (linktype == DLT_IEEE802)
04283             return gen_thostop(eaddr, (int)q.dir);
04284         if (linktype == DLT_IEEE802_11)
04285             return gen_wlanhostop(eaddr, (int)q.dir);
04286         if (linktype == DLT_SUNATM && is_lane) {
04287             /*
04288              * Check that the packet doesn't begin with an
04289              * LE Control marker.  (We've already generated
04290              * a test for LANE.)
04291              */
04292             tmp = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
04293             gen_not(tmp);
04294 
04295             /*
04296              * Now check the MAC address.
04297              */
04298             b = gen_ehostop(eaddr, (int)q.dir);
04299             gen_and(tmp, b);
04300             return b;
04301         }
04302         if (linktype == DLT_IP_OVER_FC)
04303             return gen_ipfchostop(eaddr, (int)q.dir);
04304         bpf_error("ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
04305     }
04306     bpf_error("ethernet address used in non-ether expression");
04307     /* NOTREACHED */
04308 }
04309 
04310 void
04311 sappend(s0, s1)
04312     struct slist *s0, *s1;
04313 {
04314     /*
04315      * This is definitely not the best way to do this, but the
04316      * lists will rarely get long.
04317      */
04318     while (s0->next)
04319         s0 = s0->next;
04320     s0->next = s1;
04321 }
04322 
04323 static struct slist *
04324 xfer_to_x(a)
04325     struct arth *a;
04326 {
04327     struct slist *s;
04328 
04329     s = new_stmt(BPF_LDX|BPF_MEM);
04330     s->s.k = a->regno;
04331     return s;
04332 }
04333 
04334 static struct slist *
04335 xfer_to_a(a)
04336     struct arth *a;
04337 {
04338     struct slist *s;
04339 
04340     s = new_stmt(BPF_LD|BPF_MEM);
04341     s->s.k = a->regno;
04342     return s;
04343 }
04344 
04345 struct arth *
04346 gen_load(proto, index, size)
04347     int proto;
04348     struct arth *index;
04349     int size;
04350 {
04351     struct slist *s, *tmp;
04352     struct block *b;
04353     int regno = alloc_reg();
04354 
04355     free_reg(index->regno);
04356     switch (size) {
04357 
04358     default:
04359         bpf_error("data size must be 1, 2, or 4");
04360 
04361     case 1:
04362         size = BPF_B;
04363         break;
04364 
04365     case 2:
04366         size = BPF_H;
04367         break;
04368 
04369     case 4:
04370         size = BPF_W;
04371         break;
04372     }
04373     switch (proto) {
04374     default:
04375         bpf_error("unsupported index operation");
04376 
04377     case Q_LINK:
04378         /*
04379          * XXX - what about ATM LANE?  Should the index be
04380          * relative to the beginning of the AAL5 frame, so
04381          * that 0 refers to the beginning of the LE Control
04382          * field, or relative to the beginning of the LAN
04383          * frame, so that 0 refers, for Ethernet LANE, to
04384          * the beginning of the destination address?
04385          */
04386         s = xfer_to_x(index);
04387         tmp = new_stmt(BPF_LD|BPF_IND|size);
04388         sappend(s, tmp);
04389         sappend(index->s, s);
04390         break;
04391 
04392     case Q_IP:
04393     case Q_ARP:
04394     case Q_RARP:
04395     case Q_ATALK:
04396     case Q_DECNET:
04397     case Q_SCA:
04398     case Q_LAT:
04399     case Q_MOPRC:
04400     case Q_MOPDL:
04401 #ifdef INET6
04402     case Q_IPV6:
04403 #endif
04404         /* XXX Note that we assume a fixed link header here. */
04405         s = xfer_to_x(index);
04406         tmp = new_stmt(BPF_LD|BPF_IND|size);
04407         tmp->s.k = off_nl;
04408         sappend(s, tmp);
04409         sappend(index->s, s);
04410 
04411         b = gen_proto_abbrev(proto);
04412         if (index->b)
04413             gen_and(index->b, b);
04414         index->b = b;
04415         break;
04416 
04417     case Q_SCTP:
04418     case Q_TCP:
04419     case Q_UDP:
04420     case Q_ICMP:
04421     case Q_IGMP:
04422     case Q_IGRP:
04423     case Q_PIM:
04424     case Q_VRRP:
04425         s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
04426         s->s.k = off_nl;
04427         sappend(s, xfer_to_a(index));
04428         sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
04429         sappend(s, new_stmt(BPF_MISC|BPF_TAX));
04430         sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
04431         tmp->s.k = off_nl;
04432         sappend(index->s, s);
04433 
04434         gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
04435         if (index->b)
04436             gen_and(index->b, b);
04437 #ifdef INET6
04438         gen_and(gen_proto_abbrev(Q_IP), b);
04439 #endif
04440         index->b = b;
04441         break;
04442 #ifdef INET6
04443     case Q_ICMPV6:
04444         bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
04445         /*NOTREACHED*/
04446 #endif
04447     }
04448     index->regno = regno;
04449     s = new_stmt(BPF_ST);
04450     s->s.k = regno;
04451     sappend(index->s, s);
04452 
04453     return index;
04454 }
04455 
04456 struct block *
04457 gen_relation(code, a0, a1, reversed)
04458     int code;
04459     struct arth *a0, *a1;
04460     int reversed;
04461 {
04462     struct slist *s0, *s1, *s2;
04463     struct block *b, *tmp;
04464 
04465     s0 = xfer_to_x(a1);
04466     s1 = xfer_to_a(a0);
04467     if (code == BPF_JEQ) {
04468         s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
04469         b = new_block(JMP(code));
04470         sappend(s1, s2);
04471     }
04472     else
04473         b = new_block(BPF_JMP|code|BPF_X);
04474     if (reversed)
04475         gen_not(b);
04476 
04477     sappend(s0, s1);
04478     sappend(a1->s, s0);
04479     sappend(a0->s, a1->s);
04480 
04481     b->stmts = a0->s;
04482 
04483     free_reg(a0->regno);
04484     free_reg(a1->regno);
04485 
04486     /* 'and' together protocol checks */
04487     if (a0->b) {
04488         if (a1->b) {
04489             gen_and(a0->b, tmp = a1->b);
04490         }
04491         else
04492             tmp = a0->b;
04493     } else
04494         tmp = a1->b;
04495 
04496     if (tmp)
04497         gen_and(tmp, b);
04498 
04499     return b;
04500 }
04501 
04502 struct arth *
04503 gen_loadlen()
04504 {
04505     int regno = alloc_reg();
04506     struct arth *a = (struct arth *)newchunk(sizeof(*a));
04507     struct slist *s;
04508 
04509     s = new_stmt(BPF_LD|BPF_LEN);
04510     s->next = new_stmt(BPF_ST);
04511     s->next->s.k = regno;
04512     a->s = s;
04513     a->regno = regno;
04514 
04515     return a;
04516 }
04517 
04518 struct arth *
04519 gen_loadi(val)
04520     int val;
04521 {
04522     struct arth *a;
04523     struct slist *s;
04524     int reg;
04525 
04526     a = (struct arth *)newchunk(sizeof(*a));
04527 
04528     reg = alloc_reg();
04529 
04530     s = new_stmt(BPF_LD|BPF_IMM);
04531     s->s.k = val;
04532     s->next = new_stmt(BPF_ST);
04533     s->next->s.k = reg;
04534     a->s = s;
04535     a->regno = reg;
04536 
04537     return a;
04538 }
04539 
04540 struct arth *
04541 gen_neg(a)
04542     struct arth *a;
04543 {
04544     struct slist *s;
04545 
04546     s = xfer_to_a(a);
04547     sappend(a->s, s);
04548     s = new_stmt(BPF_ALU|BPF_NEG);
04549     s->s.k = 0;
04550     sappend(a->s, s);
04551     s = new_stmt(BPF_ST);
04552     s->s.k = a->regno;
04553     sappend(a->s, s);
04554 
04555     return a;
04556 }
04557 
04558 struct arth *
04559 gen_arth(code, a0, a1)
04560     int code;
04561     struct arth *a0, *a1;
04562 {
04563     struct slist *s0, *s1, *s2;
04564 
04565     s0 = xfer_to_x(a1);
04566     s1 = xfer_to_a(a0);
04567     s2 = new_stmt(BPF_ALU|BPF_X|code);
04568 
04569     sappend(s1, s2);
04570     sappend(s0, s1);
04571     sappend(a1->s, s0);
04572     sappend(a0->s, a1->s);
04573 
04574     free_reg(a0->regno);
04575     free_reg(a1->regno);
04576 
04577     s0 = new_stmt(BPF_ST);
04578     a0->regno = s0->s.k = alloc_reg();
04579     sappend(a0->s, s0);
04580 
04581     return a0;
04582 }
04583 
04584 /*
04585  * Here we handle simple allocation of the scratch registers.
04586  * If too many registers are alloc'd, the allocator punts.
04587  */
04588 static int regused[BPF_MEMWORDS];
04589 static int curreg;
04590 
04591 /*
04592  * Return the next free register.
04593  */
04594 static int
04595 alloc_reg()
04596 {
04597     int n = BPF_MEMWORDS;
04598 
04599     while (--n >= 0) {
04600         if (regused[curreg])
04601             curreg = (curreg + 1) % BPF_MEMWORDS;
04602         else {
04603             regused[curreg] = 1;
04604             return curreg;
04605         }
04606     }
04607     bpf_error("too many registers needed to evaluate expression");
04608     /* NOTREACHED */
04609 }
04610 
04611 /*
04612  * Return a register to the table so it can
04613  * be used later.
04614  */
04615 static void
04616 free_reg(n)
04617     int n;
04618 {
04619     regused[n] = 0;
04620 }
04621 
04622 static struct block *
04623 gen_len(jmp, n)
04624     int jmp, n;
04625 {
04626     struct slist *s;
04627     struct block *b;
04628 
04629     s = new_stmt(BPF_LD|BPF_LEN);
04630     b = new_block(JMP(jmp));
04631     b->stmts = s;
04632     b->s.k = n;
04633 
04634     return b;
04635 }
04636 
04637 struct block *
04638 gen_greater(n)
04639     int n;
04640 {
04641     return gen_len(BPF_JGE, n);
04642 }
04643 
04644 /*
04645  * Actually, this is less than or equal.
04646  */
04647 struct block *
04648 gen_less(n)
04649     int n;
04650 {
04651     struct block *b;
04652 
04653     b = gen_len(BPF_JGT, n);
04654     gen_not(b);
04655 
04656     return b;
04657 }
04658 
04659 struct block *
04660 gen_byteop(op, idx, val)
04661     int op, idx, val;
04662 {
04663     struct block *b;
04664     struct slist *s;
04665 
04666     switch (op) {
04667     default:
04668         abort();
04669 
04670     case '=':
04671         return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
04672 
04673     case '<':
04674         b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
04675         b->s.code = JMP(BPF_JGE);
04676         gen_not(b);
04677         return b;
04678 
04679     case '>':
04680         b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
04681         b->s.code = JMP(BPF_JGT);
04682         return b;
04683 
04684     case '|':
04685         s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
04686         break;
04687 
04688     case '&':
04689         s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
04690         break;
04691     }
04692     s->s.k = val;
04693     b = new_block(JMP(BPF_JEQ));
04694     b->stmts = s;
04695     gen_not(b);
04696 
04697     return b;
04698 }
04699 
04700 static u_char abroadcast[] = { 0x0 };
04701 
04702 struct block *
04703 gen_broadcast(proto)
04704     int proto;
04705 {
04706     bpf_u_int32 hostmask;
04707     struct block *b0, *b1, *b2;
04708     static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
04709 
04710     switch (proto) {
04711 
04712     case Q_DEFAULT:
04713     case Q_LINK:
04714         if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
04715             return gen_ahostop(abroadcast, Q_DST);
04716         if (linktype == DLT_EN10MB)
04717             return gen_ehostop(ebroadcast, Q_DST);
04718         if (linktype == DLT_FDDI)
04719             return gen_fhostop(ebroadcast, Q_DST);
04720         if (linktype == DLT_IEEE802)
04721             return gen_thostop(ebroadcast, Q_DST);
04722         if (linktype == DLT_IEEE802_11)
04723             return gen_wlanhostop(ebroadcast, Q_DST);
04724         if (linktype == DLT_IP_OVER_FC)
04725             return gen_ipfchostop(ebroadcast, Q_DST);
04726         if (linktype == DLT_SUNATM && is_lane) {
04727             /*
04728              * Check that the packet doesn't begin with an
04729              * LE Control marker.  (We've already generated
04730              * a test for LANE.)
04731              */
04732             b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
04733             gen_not(b1);
04734 
04735             /*
04736              * Now check the MAC address.
04737              */
04738             b0 = gen_ehostop(ebroadcast, Q_DST);
04739             gen_and(b1, b0);
04740             return b0;
04741         }
04742         bpf_error("not a broadcast link");
04743         break;
04744 
04745     case Q_IP:
04746         b0 = gen_linktype(ETHERTYPE_IP);
04747         hostmask = ~netmask;
04748         b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
04749         b2 = gen_mcmp(off_nl + 16, BPF_W,
04750                   (bpf_int32)(~0 & hostmask), hostmask);
04751         gen_or(b1, b2);
04752         gen_and(b0, b2);
04753         return b2;
04754     }
04755     bpf_error("only link-layer/IP broadcast filters supported");
04756 }
04757 
04758 /*
04759  * Generate code to test the low-order bit of a MAC address (that's
04760  * the bottom bit of the *first* byte).
04761  */
04762 static struct block *
04763 gen_mac_multicast(offset)
04764     int offset;
04765 {
04766     register struct block *b0;
04767     register struct slist *s;
04768 
04769     /* link[offset] & 1 != 0 */
04770     s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04771     s->s.k = offset;
04772     b0 = new_block(JMP(BPF_JSET));
04773     b0->s.k = 1;
04774     b0->stmts = s;
04775     return b0;
04776 }
04777 
04778 struct block *
04779 gen_multicast(proto)
04780     int proto;
04781 {
04782     register struct block *b0, *b1, *b2;
04783     register struct slist *s;
04784 
04785     switch (proto) {
04786 
04787     case Q_DEFAULT:
04788     case Q_LINK:
04789         if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
04790             /* all ARCnet multicasts use the same address */
04791             return gen_ahostop(abroadcast, Q_DST);
04792 
04793         if (linktype == DLT_EN10MB) {
04794             /* ether[0] & 1 != 0 */
04795             return gen_mac_multicast(0);
04796         }
04797 
04798         if (linktype == DLT_FDDI) {
04799             /*
04800              * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
04801              *
04802              * XXX - was that referring to bit-order issues?
04803              */
04804             /* fddi[1] & 1 != 0 */
04805             return gen_mac_multicast(1);
04806         }
04807 
04808         if (linktype == DLT_IEEE802) {
04809             /* tr[2] & 1 != 0 */
04810             return gen_mac_multicast(2);
04811         }
04812 
04813         if (linktype == DLT_IEEE802_11) {
04814             /*
04815              * Oh, yuk.
04816              *
04817              *  For control frames, there is no DA.
04818              *
04819              *  For management frames, DA is at an
04820              *  offset of 4 from the beginning of
04821              *  the packet.
04822              *
04823              *  For data frames, DA is at an offset
04824              *  of 4 from the beginning of the packet
04825              *  if To DS is clear and at an offset of
04826              *  16 from the beginning of the packet
04827              *  if To DS is set.
04828              */
04829 
04830             /*
04831              * Generate the tests to be done for data frames.
04832              *
04833              * First, check for To DS set, i.e. "link[1] & 0x01".
04834              */
04835             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04836             s->s.k = 1;
04837             b1 = new_block(JMP(BPF_JSET));
04838             b1->s.k = 0x01; /* To DS */
04839             b1->stmts = s;
04840 
04841             /*
04842              * If To DS is set, the DA is at 16.
04843              */
04844             b0 = gen_mac_multicast(16);
04845             gen_and(b1, b0);
04846 
04847             /*
04848              * Now, check for To DS not set, i.e. check
04849              * "!(link[1] & 0x01)".
04850              */
04851             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04852             s->s.k = 1;
04853             b2 = new_block(JMP(BPF_JSET));
04854             b2->s.k = 0x01; /* To DS */
04855             b2->stmts = s;
04856             gen_not(b2);
04857 
04858             /*
04859              * If To DS is not set, the DA is at 4.
04860              */
04861             b1 = gen_mac_multicast(4);
04862             gen_and(b2, b1);
04863 
04864             /*
04865              * Now OR together the last two checks.  That gives
04866              * the complete set of checks for data frames.
04867              */
04868             gen_or(b1, b0);
04869 
04870             /*
04871              * Now check for a data frame.
04872              * I.e, check "link[0] & 0x08".
04873              */
04874             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04875             s->s.k = 0;
04876             b1 = new_block(JMP(BPF_JSET));
04877             b1->s.k = 0x08;
04878             b1->stmts = s;
04879 
04880             /*
04881              * AND that with the checks done for data frames.
04882              */
04883             gen_and(b1, b0);
04884 
04885             /*
04886              * If the high-order bit of the type value is 0, this
04887              * is a management frame.
04888              * I.e, check "!(link[0] & 0x08)".
04889              */
04890             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04891             s->s.k = 0;
04892             b2 = new_block(JMP(BPF_JSET));
04893             b2->s.k = 0x08;
04894             b2->stmts = s;
04895             gen_not(b2);
04896 
04897             /*
04898              * For management frames, the DA is at 4.
04899              */
04900             b1 = gen_mac_multicast(4);
04901             gen_and(b2, b1);
04902 
04903             /*
04904              * OR that with the checks done for data frames.
04905              * That gives the checks done for management and
04906              * data frames.
04907              */
04908             gen_or(b1, b0);
04909 
04910             /*
04911              * If the low-order bit of the type value is 1,
04912              * this is either a control frame or a frame
04913              * with a reserved type, and thus not a
04914              * frame with an SA.
04915              *
04916              * I.e., check "!(link[0] & 0x04)".
04917              */
04918             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04919             s->s.k = 0;
04920             b1 = new_block(JMP(BPF_JSET));
04921             b1->s.k = 0x04;
04922             b1->stmts = s;
04923             gen_not(b1);
04924 
04925             /*
04926              * AND that with the checks for data and management
04927              * frames.
04928              */
04929             gen_and(b1, b0);
04930             return b0;
04931         }
04932 
04933         if (linktype == DLT_IP_OVER_FC) {
04934             b0 = gen_mac_multicast(2);
04935             return b0;
04936         }
04937 
04938         if (linktype == DLT_SUNATM && is_lane) {
04939             /*
04940              * Check that the packet doesn't begin with an
04941              * LE Control marker.  (We've already generated
04942              * a test for LANE.)
04943              */
04944             b1 = gen_cmp(SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
04945             gen_not(b1);
04946 
04947             /* ether[off_mac] & 1 != 0 */
04948             b0 = gen_mac_multicast(off_mac);
04949             gen_and(b1, b0);
04950             return b0;
04951         }
04952 
04953         /* Link not known to support multicasts */
04954         break;
04955 
04956     case Q_IP:
04957         b0 = gen_linktype(ETHERTYPE_IP);
04958         b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
04959         b1->s.code = JMP(BPF_JGE);
04960         gen_and(b0, b1);
04961         return b1;
04962 
04963 #ifdef INET6
04964     case Q_IPV6:
04965         b0 = gen_linktype(ETHERTYPE_IPV6);
04966         b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
04967         gen_and(b0, b1);
04968         return b1;
04969 #endif /* INET6 */
04970     }
04971     bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
04972 }
04973 
04974 /*
04975  * generate command for inbound/outbound.  It's here so we can
04976  * make it link-type specific.  'dir' = 0 implies "inbound",
04977  * = 1 implies "outbound".
04978  */
04979 struct block *
04980 gen_inbound(dir)
04981     int dir;
04982 {
04983     register struct block *b0;
04984 
04985     /*
04986      * Only some data link types support inbound/outbound qualifiers.
04987      */
04988     switch (linktype) {
04989     case DLT_SLIP:
04990         b0 = gen_relation(BPF_JEQ,
04991               gen_load(Q_LINK, gen_loadi(0), 1),
04992               gen_loadi(0),
04993               dir);
04994         break;
04995 
04996     case DLT_LINUX_SLL:
04997         if (dir) {
04998             /*
04999              * Match packets sent by this machine.
05000              */
05001             b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
05002         } else {
05003             /*
05004              * Match packets sent to this machine.
05005              * (No broadcast or multicast packets, or
05006              * packets sent to some other machine and
05007              * received promiscuously.)
05008              *
05009              * XXX - packets sent to other machines probably
05010              * shouldn't be matched, but what about broadcast
05011              * or multicast packets we received?
05012              */
05013             b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
05014         }
05015         break;
05016 
05017     case DLT_PFLOG:
05018         b0 = gen_cmp(26, BPF_H,
05019             (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
05020         break;
05021 
05022     default:
05023         bpf_error("inbound/outbound not supported on linktype %d",
05024             linktype);
05025         b0 = NULL;
05026         /* NOTREACHED */
05027     }
05028     return (b0);
05029 }
05030 
05031 /* PF firewall log matched interface */
05032 struct block *
05033 gen_pf_ifname(const char *ifname)
05034 {
05035     if (linktype != DLT_PFLOG) {
05036         bpf_error("ifname supported only for DLT_PFLOG");
05037         /* NOTREACHED */
05038     }
05039     if (strlen(ifname) >= 16) {
05040         bpf_error("ifname interface names can't be larger than 16 characters");
05041         /* NOTREACHED */
05042     }
05043     return (gen_bcmp(4, strlen(ifname), (const u_char *)ifname));
05044 }
05045 
05046 
05047 /* PF firewall log rule number */
05048 struct block *
05049 gen_pf_rnr(int rnr)
05050 {
05051     if (linktype != DLT_PFLOG) {
05052         bpf_error("rnr supported only for DLT_PFLOG");
05053         /* NOTREACHED */
05054     }
05055 
05056     return (gen_cmp(20, BPF_H, (bpf_int32)rnr));
05057 }
05058 
05059 /* PF firewall log reason code */
05060 struct block *
05061 gen_pf_reason(int reason)
05062 {
05063     if (linktype != DLT_PFLOG) {
05064         bpf_error("reason supported only for DLT_PFLOG");
05065         /* NOTREACHED */
05066     }
05067 
05068     return (gen_cmp(22, BPF_H, (bpf_int32)reason));
05069 }
05070 
05071 /* PF firewall log action */
05072 struct block *
05073 gen_pf_action(int action)
05074 {
05075     if (linktype != DLT_PFLOG) {
05076         bpf_error("action supported only for DLT_PFLOG");
05077         /* NOTREACHED */
05078     }
05079 
05080     return (gen_cmp(24, BPF_H, (bpf_int32)action));
05081 }
05082 
05083 struct block *
05084 gen_acode(eaddr, q)
05085     register const u_char *eaddr;
05086     struct qual q;
05087 {
05088     if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
05089         if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
05090             return gen_ahostop(eaddr, (int)q.dir);
05091     }
05092     bpf_error("ARCnet address used in non-arc expression");
05093     /* NOTREACHED */
05094 }
05095 
05096 static struct block *
05097 gen_ahostop(eaddr, dir)
05098     register const u_char *eaddr;
05099     register int dir;
05100 {
05101     register struct block *b0, *b1;
05102 
05103     switch (dir) {
05104     /* src comes first, different from Ethernet */
05105     case Q_SRC:
05106         return gen_bcmp(0, 1, eaddr);
05107 
05108     case Q_DST:
05109         return gen_bcmp(1, 1, eaddr);
05110 
05111     case Q_AND:
05112         b0 = gen_ahostop(eaddr, Q_SRC);
05113         b1 = gen_ahostop(eaddr, Q_DST);
05114         gen_and(b0, b1);
05115         return b1;
05116 
05117     case Q_DEFAULT:
05118     case Q_OR:
05119         b0 = gen_ahostop(eaddr, Q_SRC);
05120         b1 = gen_ahostop(eaddr, Q_DST);
05121         gen_or(b0, b1);
05122         return b1;
05123     }
05124     abort();
05125     /* NOTREACHED */
05126 }
05127 
05128 /*
05129  * support IEEE 802.1Q VLAN trunk over ethernet
05130  */
05131 struct block *
05132 gen_vlan(vlan_num)
05133     int vlan_num;
05134 {
05135     struct  block   *b0;
05136 
05137     /*
05138      * Change the offsets to point to the type and data fields within
05139      * the VLAN packet.  This is somewhat of a kludge.
05140      */
05141     if (orig_nl == (u_int)-1) {
05142         orig_linktype = off_linktype;   /* save original values */
05143         orig_nl = off_nl;
05144         orig_nl_nosnap = off_nl_nosnap;
05145 
05146         switch (linktype) {
05147 
05148         case DLT_EN10MB:
05149             off_linktype = 16;
05150             off_nl_nosnap = 18;
05151             off_nl = 18;
05152             break;
05153 
05154         default:
05155             bpf_error("no VLAN support for data link type %d",
05156                   linktype);
05157             /*NOTREACHED*/
05158         }
05159     }
05160 
05161     /* check for VLAN */
05162     b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
05163 
05164     /* If a specific VLAN is requested, check VLAN id */
05165     if (vlan_num >= 0) {
05166         struct block *b1;
05167 
05168         b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
05169         gen_and(b0, b1);
05170         b0 = b1;
05171     }
05172 
05173     return (b0);
05174 }
05175 
05176 struct block *
05177 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
05178     int atmfield;
05179     bpf_u_int32 jvalue;
05180     bpf_u_int32 jtype;
05181     int reverse;
05182 {
05183     struct block *b0;
05184 
05185     switch (atmfield) {
05186 
05187     case A_VPI:
05188         if (!is_atm)
05189             bpf_error("'vpi' supported only on raw ATM");
05190         if (off_vpi == (u_int)-1)
05191             abort();
05192         b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
05193             (u_int)jvalue, reverse);
05194         break;
05195 
05196     case A_VCI:
05197         if (!is_atm)
05198             bpf_error("'vci' supported only on raw ATM");
05199         if (off_vci == (u_int)-1)
05200             abort();
05201         b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
05202             (u_int)jvalue, reverse);
05203         break;
05204 
05205     case A_PROTOTYPE:
05206         if (off_proto == (u_int)-1)
05207             abort();    /* XXX - this isn't on FreeBSD */
05208         b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
05209             (u_int)jvalue, reverse);
05210         break;
05211 
05212     case A_MSGTYPE:
05213         if (off_payload == (u_int)-1)
05214             abort();
05215         b0 = gen_ncmp(BPF_B, off_payload + MSG_TYPE_POS, 0xffffffff,
05216             (u_int)jtype, (u_int)jvalue, reverse);
05217         break;
05218 
05219     case A_CALLREFTYPE:
05220         if (!is_atm)
05221             bpf_error("'callref' supported only on raw ATM");
05222         if (off_proto == (u_int)-1)
05223             abort();
05224         b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
05225             (u_int)jvalue, reverse);
05226         break;
05227 
05228     default:
05229         abort();
05230     }
05231     return b0;
05232 }
05233 
05234 struct block *
05235 gen_atmtype_abbrev(type)
05236     int type;
05237 {
05238     struct block *b0, *b1;
05239 
05240     switch (type) {
05241 
05242     case A_METAC:
05243         /* Get all packets in Meta signalling Circuit */
05244         if (!is_atm)
05245             bpf_error("'metac' supported only on raw ATM");
05246         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05247         b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
05248         gen_and(b0, b1);
05249         break;
05250 
05251     case A_BCC:
05252         /* Get all packets in Broadcast Circuit*/
05253         if (!is_atm)
05254             bpf_error("'bcc' supported only on raw ATM");
05255         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05256         b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
05257         gen_and(b0, b1);
05258         break;
05259 
05260     case A_OAMF4SC:
05261         /* Get all cells in Segment OAM F4 circuit*/
05262         if (!is_atm)
05263             bpf_error("'oam4sc' supported only on raw ATM");
05264         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05265         b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
05266         gen_and(b0, b1);
05267         break;
05268 
05269     case A_OAMF4EC:
05270         /* Get all cells in End-to-End OAM F4 Circuit*/
05271         if (!is_atm)
05272             bpf_error("'oam4ec' supported only on raw ATM");
05273         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05274         b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
05275         gen_and(b0, b1);
05276         break;
05277 
05278     case A_SC:
05279         /*  Get all packets in connection Signalling Circuit */
05280         if (!is_atm)
05281             bpf_error("'sc' supported only on raw ATM");
05282         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05283         b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
05284         gen_and(b0, b1);
05285         break;
05286 
05287     case A_ILMIC:
05288         /* Get all packets in ILMI Circuit */
05289         if (!is_atm)
05290             bpf_error("'ilmic' supported only on raw ATM");
05291         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05292         b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
05293         gen_and(b0, b1);
05294         break;
05295 
05296     case A_LANE:
05297         /* Get all LANE packets */
05298         if (!is_atm)
05299             bpf_error("'lane' supported only on raw ATM");
05300         b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
05301 
05302         /*
05303          * Arrange that all subsequent tests assume LANE
05304          * rather than LLC-encapsulated packets, and set
05305          * the offsets appropriately for LANE-encapsulated
05306          * Ethernet.
05307          *
05308          * "off_mac" is the offset of the Ethernet header,
05309          * which is 2 bytes past the ATM pseudo-header
05310          * (skipping the pseudo-header and 2-byte LE Client
05311          * field).  The other offsets are Ethernet offsets
05312          * relative to "off_mac".
05313          */
05314         is_lane = 1;
05315         off_mac = off_payload + 2;  /* MAC header */
05316         off_linktype = off_mac + 12;
05317         off_nl = off_mac + 14;      /* Ethernet II */
05318         off_nl_nosnap = off_mac + 17;   /* 802.3+802.2 */
05319         break;
05320 
05321     case A_LLC:
05322         /* Get all LLC-encapsulated packets */
05323         if (!is_atm)
05324             bpf_error("'llc' supported only on raw ATM");
05325         b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
05326         is_lane = 0;
05327         break;
05328 
05329     default:
05330         abort();
05331     }
05332     return b1;
05333 }
05334 
05335 
05336 static struct block *
05337 gen_msg_abbrev(type)
05338     int type;
05339 {
05340     struct block *b1;
05341 
05342     /*
05343      * Q.2931 signalling protocol messages for handling virtual circuits
05344      * establishment and teardown
05345      */
05346     switch (type) {
05347 
05348     case A_SETUP:
05349         b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
05350         break;
05351 
05352     case A_CALLPROCEED:
05353         b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 
05354         break;
05355 
05356     case A_CONNECT:
05357         b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
05358         break;             
05359 
05360     case A_CONNECTACK:
05361         b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);  
05362         break;
05363 
05364     case A_RELEASE:
05365         b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
05366         break;
05367 
05368     case A_RELEASE_DONE:
05369         b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);  
05370         break;
05371 
05372     default:
05373         abort();
05374     }
05375     return b1;
05376 }
05377 
05378 struct block *
05379 gen_atmmulti_abbrev(type)
05380     int type;
05381 {
05382     struct block *b0, *b1;
05383 
05384     switch (type) {
05385 
05386     case A_OAM:
05387         if (!is_atm)
05388             bpf_error("'oam' supported only on raw ATM");
05389         b1 = gen_atmmulti_abbrev(A_OAMF4);
05390         break;
05391 
05392     case A_OAMF4:
05393         if (!is_atm)
05394             bpf_error("'oamf4' supported only on raw ATM");
05395         /* OAM F4 type */
05396         b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 
05397         b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
05398         gen_or(b0, b1); 
05399         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
05400         gen_and(b0, b1);
05401         break;
05402 
05403     case A_CONNECTMSG:
05404         /*
05405          * Get Q.2931 signalling messages for switched
05406          * virtual connection
05407          */
05408         if (!is_atm)
05409             bpf_error("'connectmsg' supported only on raw ATM");
05410         b0 = gen_msg_abbrev(A_SETUP);
05411         b1 = gen_msg_abbrev(A_CALLPROCEED);
05412         gen_or(b0, b1);
05413         b0 = gen_msg_abbrev(A_CONNECT);
05414         gen_or(b0, b1);
05415         b0 = gen_msg_abbrev(A_CONNECTACK);
05416         gen_or(b0, b1);
05417         b0 = gen_msg_abbrev(A_RELEASE);
05418         gen_or(b0, b1);
05419         b0 = gen_msg_abbrev(A_RELEASE_DONE);
05420         gen_or(b0, b1);
05421         b0 = gen_atmtype_abbrev(A_SC);
05422         gen_and(b0, b1);
05423         break;
05424 
05425     case A_METACONNECT:
05426         if (!is_atm)
05427             bpf_error("'metaconnect' supported only on raw ATM");
05428         b0 = gen_msg_abbrev(A_SETUP);
05429         b1 = gen_msg_abbrev(A_CALLPROCEED);
05430         gen_or(b0, b1);
05431         b0 = gen_msg_abbrev(A_CONNECT);
05432         gen_or(b0, b1);
05433         b0 = gen_msg_abbrev(A_RELEASE);
05434         gen_or(b0, b1);
05435         b0 = gen_msg_abbrev(A_RELEASE_DONE);
05436         gen_or(b0, b1);
05437         b0 = gen_atmtype_abbrev(A_METAC);
05438         gen_and(b0, b1);
05439         break;
05440 
05441     default:
05442         abort();
05443     }
05444     return b1;
05445 }

documentation. Copyright (c) 2002-2003 Politecnico di Torino. All rights reserved.