00001 /*#define CHASE_CHAIN*/ 00002 /* 00003 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 00004 * The Regents of the University of California. All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that: (1) source code distributions 00008 * retain the above copyright notice and this paragraph in its entirety, (2) 00009 * distributions including binary code include the above copyright notice and 00010 * this paragraph in its entirety in the documentation or other materials 00011 * provided with the distribution, and (3) all advertising materials mentioning 00012 * features or use of this software display the following acknowledgement: 00013 * ``This product includes software developed by the University of California, 00014 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 00015 * the University nor the names of its contributors may be used to endorse 00016 * or promote products derived from this software without specific prior 00017 * written permission. 00018 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 00019 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 00020 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 00021 */ 00022 #ifndef lint 00023 static const char rcsid[] = 00024 "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.175 2002/08/06 07:35:46 guy Exp $ (LBL)"; 00025 #endif 00026 00027 #ifdef HAVE_CONFIG_H 00028 #include "config.h" 00029 #endif 00030 00031 #ifdef WIN32 00032 #include <pcap-stdinc.h> 00033 #else /* WIN32 */ 00034 #include <sys/types.h> 00035 #include <sys/socket.h> 00036 #include <sys/time.h> 00037 #endif /* WIN32 */ 00038 00039 /* 00040 * XXX - why was this included even on UNIX? 00041 */ 00042 #ifdef __MINGW32__ 00043 #include "IP6_misc.h" 00044 #endif 00045 00046 #ifndef WIN32 00047 00048 #ifdef __NetBSD__ 00049 #include <sys/param.h> 00050 #endif 00051 00052 #include <netinet/in.h> 00053 00054 #endif /* WIN32 */ 00055 00056 #include <stdlib.h> 00057 #include <string.h> 00058 #include <memory.h> 00059 #include <setjmp.h> 00060 #include <stdarg.h> 00061 00062 #include "pcap-int.h" 00063 00064 #include "ethertype.h" 00065 #include "nlpid.h" 00066 #include "llc.h" 00067 #include "gencode.h" 00068 #include "atmuni31.h" 00069 #include "sunatmpos.h" 00070 #include "ppp.h" 00071 #include "sll.h" 00072 #include "arcnet.h" 00073 #ifdef INET6 00074 #ifndef WIN32 00075 #include <netdb.h> /* for "struct addrinfo" */ 00076 #endif /* WIN32 */ 00077 #endif /*INET6*/ 00078 #include <pcap-namedb.h> 00079 00080 #define ETHERMTU 1500 00081 00082 #ifndef IPPROTO_SCTP 00083 #define IPPROTO_SCTP 132 00084 #endif 00085 00086 #ifdef HAVE_OS_PROTO_H 00087 #include "os-proto.h" 00088 #endif 00089 00090 #define JMP(c) ((c)|BPF_JMP|BPF_K) 00091 00092 /* Locals */ 00093 static jmp_buf top_ctx; 00094 static pcap_t *bpf_pcap; 00095 00096 /* Hack for updating VLAN offsets. */ 00097 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 00098 00099 /* XXX */ 00100 #ifdef PCAP_FDDIPAD 00101 int pcap_fddipad = PCAP_FDDIPAD; 00102 #else 00103 int pcap_fddipad; 00104 #endif 00105 00106 /* VARARGS */ 00107 void 00108 bpf_error(const char *fmt, ...) 00109 00110 { 00111 va_list ap; 00112 00113 va_start(ap, fmt); 00114 if (bpf_pcap != NULL) 00115 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 00116 fmt, ap); 00117 va_end(ap); 00118 longjmp(top_ctx, 1); 00119 /* NOTREACHED */ 00120 } 00121 00122 static void init_linktype(int); 00123 00124 static int alloc_reg(void); 00125 static void free_reg(int); 00126 00127 static struct block *root; 00128 00129 /* 00130 * We divy out chunks of memory rather than call malloc each time so 00131 * we don't have to worry about leaking memory. It's probably 00132 * not a big deal if all this memory was wasted but it this ever 00133 * goes into a library that would probably not be a good idea. 00134 */ 00135 #define NCHUNKS 16 00136 #define CHUNK0SIZE 1024 00137 struct chunk { 00138 u_int n_left; 00139 void *m; 00140 }; 00141 00142 static struct chunk chunks[NCHUNKS]; 00143 static int cur_chunk; 00144 00145 static void *newchunk(u_int); 00146 static void freechunks(void); 00147 static inline struct block *new_block(int); 00148 static inline struct slist *new_stmt(int); 00149 static struct block *gen_retblk(int); 00150 static inline void syntax(void); 00151 00152 static void backpatch(struct block *, struct block *); 00153 static void merge(struct block *, struct block *); 00154 static struct block *gen_cmp(u_int, u_int, bpf_int32); 00155 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 00156 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 00157 static struct block *gen_bcmp(u_int, u_int, const u_char *); 00158 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32, 00159 bpf_u_int32, bpf_u_int32, int); 00160 static struct block *gen_uncond(int); 00161 static inline struct block *gen_true(void); 00162 static inline struct block *gen_false(void); 00163 static struct block *gen_linktype(int); 00164 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int); 00165 static struct block *gen_llc(int); 00166 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 00167 #ifdef INET6 00168 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 00169 #endif 00170 static struct block *gen_ahostop(const u_char *, int); 00171 static struct block *gen_ehostop(const u_char *, int); 00172 static struct block *gen_fhostop(const u_char *, int); 00173 static struct block *gen_thostop(const u_char *, int); 00174 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 00175 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 00176 #ifdef INET6 00177 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 00178 #endif 00179 #ifndef INET6 00180 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 00181 #endif 00182 static struct block *gen_ipfrag(void); 00183 static struct block *gen_portatom(int, bpf_int32); 00184 #ifdef INET6 00185 static struct block *gen_portatom6(int, bpf_int32); 00186 #endif 00187 struct block *gen_portop(int, int, int); 00188 static struct block *gen_port(int, int, int); 00189 #ifdef INET6 00190 struct block *gen_portop6(int, int, int); 00191 static struct block *gen_port6(int, int, int); 00192 #endif 00193 static int lookup_proto(const char *, int); 00194 static struct block *gen_protochain(int, int, int); 00195 static struct block *gen_proto(int, int, int); 00196 static struct slist *xfer_to_x(struct arth *); 00197 static struct slist *xfer_to_a(struct arth *); 00198 static struct block *gen_len(int, int); 00199 00200 static struct block *gen_msg_abbrev(int type); 00201 00202 static void * 00203 newchunk(n) 00204 u_int n; 00205 { 00206 struct chunk *cp; 00207 int k, size; 00208 00209 #ifndef __NetBSD__ 00210 /* XXX Round up to nearest long. */ 00211 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 00212 #else 00213 /* XXX Round up to structure boundary. */ 00214 n = ALIGN(n); 00215 #endif 00216 00217 cp = &chunks[cur_chunk]; 00218 if (n > cp->n_left) { 00219 ++cp, k = ++cur_chunk; 00220 if (k >= NCHUNKS) 00221 bpf_error("out of memory"); 00222 size = CHUNK0SIZE << k; 00223 cp->m = (void *)malloc(size); 00224 memset((char *)cp->m, 0, size); 00225 cp->n_left = size; 00226 if (n > size) 00227 bpf_error("out of memory"); 00228 } 00229 cp->n_left -= n; 00230 return (void *)((char *)cp->m + cp->n_left); 00231 } 00232 00233 static void 00234 freechunks() 00235 { 00236 int i; 00237 00238 cur_chunk = 0; 00239 for (i = 0; i < NCHUNKS; ++i) 00240 if (chunks[i].m != NULL) { 00241 free(chunks[i].m); 00242 chunks[i].m = NULL; 00243 } 00244 } 00245 00246 /* 00247 * A strdup whose allocations are freed after code generation is over. 00248 */ 00249 char * 00250 sdup(s) 00251 register const char *s; 00252 { 00253 int n = strlen(s) + 1; 00254 char *cp = newchunk(n); 00255 00256 strlcpy(cp, s, n); 00257 return (cp); 00258 } 00259 00260 static inline struct block * 00261 new_block(code) 00262 int code; 00263 { 00264 struct block *p; 00265 00266 p = (struct block *)newchunk(sizeof(*p)); 00267 p->s.code = code; 00268 p->head = p; 00269 00270 return p; 00271 } 00272 00273 static inline struct slist * 00274 new_stmt(code) 00275 int code; 00276 { 00277 struct slist *p; 00278 00279 p = (struct slist *)newchunk(sizeof(*p)); 00280 p->s.code = code; 00281 00282 return p; 00283 } 00284 00285 static struct block * 00286 gen_retblk(v) 00287 int v; 00288 { 00289 struct block *b = new_block(BPF_RET|BPF_K); 00290 00291 b->s.k = v; 00292 return b; 00293 } 00294 00295 static inline void 00296 syntax() 00297 { 00298 bpf_error("syntax error in filter expression"); 00299 } 00300 00301 static bpf_u_int32 netmask; 00302 static int snaplen; 00303 int no_optimize; 00304 00305 int 00306 pcap_compile(pcap_t *p, struct bpf_program *program, 00307 char *buf, int optimize, bpf_u_int32 mask) 00308 { 00309 extern int n_errors; 00310 int len; 00311 00312 no_optimize = 0; 00313 n_errors = 0; 00314 root = NULL; 00315 bpf_pcap = p; 00316 if (setjmp(top_ctx)) { 00317 lex_cleanup(); 00318 freechunks(); 00319 return (-1); 00320 } 00321 00322 netmask = mask; 00323 00324 snaplen = pcap_snapshot(p); 00325 if (snaplen == 0) { 00326 snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 00327 "snaplen of 0 rejects all packets"); 00328 return -1; 00329 } 00330 00331 lex_init(buf ? buf : ""); 00332 init_linktype(pcap_datalink(p)); 00333 (void)pcap_parse(); 00334 00335 if (n_errors) 00336 syntax(); 00337 00338 if (root == NULL) 00339 root = gen_retblk(snaplen); 00340 00341 if (optimize && !no_optimize) { 00342 bpf_optimize(&root); 00343 if (root == NULL || 00344 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 00345 bpf_error("expression rejects all packets"); 00346 } 00347 program->bf_insns = icode_to_fcode(root, &len); 00348 program->bf_len = len; 00349 00350 lex_cleanup(); 00351 freechunks(); 00352 return (0); 00353 } 00354 00355 /* 00356 * entry point for using the compiler with no pcap open 00357 * pass in all the stuff that is needed explicitly instead. 00358 */ 00359 int 00360 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 00361 struct bpf_program *program, 00362 char *buf, int optimize, bpf_u_int32 mask) 00363 { 00364 pcap_t *p; 00365 int ret; 00366 00367 p = pcap_open_dead(linktype_arg, snaplen_arg); 00368 if (p == NULL) 00369 return (-1); 00370 ret = pcap_compile(p, program, buf, optimize, mask); 00371 pcap_close(p); 00372 return (ret); 00373 } 00374 00375 /* 00376 * Clean up a "struct bpf_program" by freeing all the memory allocated 00377 * in it. 00378 */ 00379 void 00380 pcap_freecode(struct bpf_program *program) 00381 { 00382 program->bf_len = 0; 00383 if (program->bf_insns != NULL) { 00384 free((char *)program->bf_insns); 00385 program->bf_insns = NULL; 00386 } 00387 } 00388 00389 /* 00390 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 00391 * which of the jt and jf fields has been resolved and which is a pointer 00392 * back to another unresolved block (or nil). At least one of the fields 00393 * in each block is already resolved. 00394 */ 00395 static void 00396 backpatch(list, target) 00397 struct block *list, *target; 00398 { 00399 struct block *next; 00400 00401 while (list) { 00402 if (!list->sense) { 00403 next = JT(list); 00404 JT(list) = target; 00405 } else { 00406 next = JF(list); 00407 JF(list) = target; 00408 } 00409 list = next; 00410 } 00411 } 00412 00413 /* 00414 * Merge the lists in b0 and b1, using the 'sense' field to indicate 00415 * which of jt and jf is the link. 00416 */ 00417 static void 00418 merge(b0, b1) 00419 struct block *b0, *b1; 00420 { 00421 register struct block **p = &b0; 00422 00423 /* Find end of list. */ 00424 while (*p) 00425 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 00426 00427 /* Concatenate the lists. */ 00428 *p = b1; 00429 } 00430 00431 void 00432 finish_parse(p) 00433 struct block *p; 00434 { 00435 backpatch(p, gen_retblk(snaplen)); 00436 p->sense = !p->sense; 00437 backpatch(p, gen_retblk(0)); 00438 root = p->head; 00439 } 00440 00441 void 00442 gen_and(b0, b1) 00443 struct block *b0, *b1; 00444 { 00445 backpatch(b0, b1->head); 00446 b0->sense = !b0->sense; 00447 b1->sense = !b1->sense; 00448 merge(b1, b0); 00449 b1->sense = !b1->sense; 00450 b1->head = b0->head; 00451 } 00452 00453 void 00454 gen_or(b0, b1) 00455 struct block *b0, *b1; 00456 { 00457 b0->sense = !b0->sense; 00458 backpatch(b0, b1->head); 00459 b0->sense = !b0->sense; 00460 merge(b1, b0); 00461 b1->head = b0->head; 00462 } 00463 00464 void 00465 gen_not(b) 00466 struct block *b; 00467 { 00468 b->sense = !b->sense; 00469 } 00470 00471 static struct block * 00472 gen_cmp(offset, size, v) 00473 u_int offset, size; 00474 bpf_int32 v; 00475 { 00476 struct slist *s; 00477 struct block *b; 00478 00479 s = new_stmt(BPF_LD|BPF_ABS|size); 00480 s->s.k = offset; 00481 00482 b = new_block(JMP(BPF_JEQ)); 00483 b->stmts = s; 00484 b->s.k = v; 00485 00486 return b; 00487 } 00488 00489 static struct block * 00490 gen_cmp_gt(offset, size, v) 00491 u_int offset, size; 00492 bpf_int32 v; 00493 { 00494 struct slist *s; 00495 struct block *b; 00496 00497 s = new_stmt(BPF_LD|BPF_ABS|size); 00498 s->s.k = offset; 00499 00500 b = new_block(JMP(BPF_JGT)); 00501 b->stmts = s; 00502 b->s.k = v; 00503 00504 return b; 00505 } 00506 00507 static struct block * 00508 gen_mcmp(offset, size, v, mask) 00509 u_int offset, size; 00510 bpf_int32 v; 00511 bpf_u_int32 mask; 00512 { 00513 struct block *b = gen_cmp(offset, size, v); 00514 struct slist *s; 00515 00516 if (mask != 0xffffffff) { 00517 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 00518 s->s.k = mask; 00519 b->stmts->next = s; 00520 } 00521 return b; 00522 } 00523 00524 static struct block * 00525 gen_bcmp(offset, size, v) 00526 register u_int offset, size; 00527 register const u_char *v; 00528 { 00529 register struct block *b, *tmp; 00530 00531 b = NULL; 00532 while (size >= 4) { 00533 register const u_char *p = &v[size - 4]; 00534 bpf_int32 w = ((bpf_int32)p[0] << 24) | 00535 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 00536 00537 tmp = gen_cmp(offset + size - 4, BPF_W, w); 00538 if (b != NULL) 00539 gen_and(b, tmp); 00540 b = tmp; 00541 size -= 4; 00542 } 00543 while (size >= 2) { 00544 register const u_char *p = &v[size - 2]; 00545 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 00546 00547 tmp = gen_cmp(offset + size - 2, BPF_H, w); 00548 if (b != NULL) 00549 gen_and(b, tmp); 00550 b = tmp; 00551 size -= 2; 00552 } 00553 if (size > 0) { 00554 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 00555 if (b != NULL) 00556 gen_and(b, tmp); 00557 b = tmp; 00558 } 00559 return b; 00560 } 00561 00562 static struct block * 00563 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse) 00564 bpf_u_int32 datasize, offset, mask, jtype, jvalue; 00565 int reverse; 00566 { 00567 struct slist *s; 00568 struct block *b; 00569 00570 s = new_stmt(BPF_LD|datasize|BPF_ABS); 00571 s->s.k = offset; 00572 00573 if (mask != 0xffffffff) { 00574 s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K); 00575 s->next->s.k = mask; 00576 } 00577 00578 b = new_block(JMP(jtype)); 00579 b->stmts = s; 00580 b->s.k = jvalue; 00581 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE)) 00582 gen_not(b); 00583 return b; 00584 } 00585 00586 /* 00587 * Various code constructs need to know the layout of the data link 00588 * layer. These variables give the necessary offsets. 00589 */ 00590 00591 /* 00592 * "off_linktype" is the offset to information in the link-layer header 00593 * giving the packet type. 00594 * 00595 * For Ethernet, it's the offset of the Ethernet type field. 00596 * 00597 * For link-layer types that always use 802.2 headers, it's the 00598 * offset of the LLC header. 00599 * 00600 * For PPP, it's the offset of the PPP type field. 00601 * 00602 * For Cisco HDLC, it's the offset of the CHDLC type field. 00603 * 00604 * For BSD loopback, it's the offset of the AF_ value. 00605 * 00606 * For Linux cooked sockets, it's the offset of the type field. 00607 * 00608 * It's set to -1 for no encapsulation, in which case, IP is assumed. 00609 */ 00610 static u_int off_linktype; 00611 00612 /* 00613 * TRUE if the link layer includes an ATM pseudo-header. 00614 */ 00615 static int is_atm = 0; 00616 00617 /* 00618 * These are offsets for the ATM pseudo-header. 00619 */ 00620 static u_int off_vpi; 00621 static u_int off_vci; 00622 static u_int off_proto; 00623 00624 /* 00625 * This is the offset to the message type for Q.2931 messages. 00626 */ 00627 static u_int off_msg_type; 00628 00629 /* 00630 * These are offsets to the beginning of the network-layer header. 00631 * 00632 * If the link layer never uses 802.2 LLC: 00633 * 00634 * "off_nl" and "off_nl_nosnap" are the same. 00635 * 00636 * If the link layer always uses 802.2 LLC: 00637 * 00638 * "off_nl" is the offset if there's a SNAP header following 00639 * the 802.2 header; 00640 * 00641 * "off_nl_nosnap" is the offset if there's no SNAP header. 00642 * 00643 * If the link layer is Ethernet: 00644 * 00645 * "off_nl" is the offset if the packet is an Ethernet II packet 00646 * (we assume no 802.3+802.2+SNAP); 00647 * 00648 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 00649 * with an 802.2 header following it. 00650 */ 00651 static u_int off_nl; 00652 static u_int off_nl_nosnap; 00653 00654 static int linktype; 00655 00656 static void 00657 init_linktype(type) 00658 int type; 00659 { 00660 linktype = type; 00661 00662 /* 00663 * Assume it's not raw ATM with a pseudo-header, for now. 00664 */ 00665 is_atm = 0; 00666 off_vpi = -1; 00667 off_vci = -1; 00668 off_proto = -1; 00669 off_msg_type = -1; 00670 00671 orig_linktype = -1; 00672 orig_nl = -1; 00673 orig_nl_nosnap = -1; 00674 00675 switch (type) { 00676 00677 case DLT_ARCNET: 00678 off_linktype = 2; 00679 off_nl = 6; /* XXX in reality, variable! */ 00680 off_nl_nosnap = 6; /* no 802.2 LLC */ 00681 return; 00682 00683 case DLT_EN10MB: 00684 off_linktype = 12; 00685 off_nl = 14; /* Ethernet II */ 00686 off_nl_nosnap = 17; /* 802.3+802.2 */ 00687 return; 00688 00689 case DLT_SLIP: 00690 /* 00691 * SLIP doesn't have a link level type. The 16 byte 00692 * header is hacked into our SLIP driver. 00693 */ 00694 off_linktype = -1; 00695 off_nl = 16; 00696 off_nl_nosnap = 16; /* no 802.2 LLC */ 00697 return; 00698 00699 case DLT_SLIP_BSDOS: 00700 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 00701 off_linktype = -1; 00702 /* XXX end */ 00703 off_nl = 24; 00704 off_nl_nosnap = 24; /* no 802.2 LLC */ 00705 return; 00706 00707 case DLT_NULL: 00708 case DLT_LOOP: 00709 off_linktype = 0; 00710 off_nl = 4; 00711 off_nl_nosnap = 4; /* no 802.2 LLC */ 00712 return; 00713 00714 case DLT_PPP: 00715 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 00716 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 00717 off_linktype = 2; 00718 off_nl = 4; 00719 off_nl_nosnap = 4; /* no 802.2 LLC */ 00720 return; 00721 00722 case DLT_PPP_ETHER: 00723 /* 00724 * This does no include the Ethernet header, and 00725 * only covers session state. 00726 */ 00727 off_linktype = 6; 00728 off_nl = 8; 00729 off_nl_nosnap = 8; /* no 802.2 LLC */ 00730 return; 00731 00732 case DLT_PPP_BSDOS: 00733 off_linktype = 5; 00734 off_nl = 24; 00735 off_nl_nosnap = 24; /* no 802.2 LLC */ 00736 return; 00737 00738 case DLT_FDDI: 00739 /* 00740 * FDDI doesn't really have a link-level type field. 00741 * We set "off_linktype" to the offset of the LLC header. 00742 * 00743 * To check for Ethernet types, we assume that SSAP = SNAP 00744 * is being used and pick out the encapsulated Ethernet type. 00745 * XXX - should we generate code to check for SNAP? 00746 */ 00747 off_linktype = 13; 00748 #ifdef PCAP_FDDIPAD 00749 off_linktype += pcap_fddipad; 00750 #endif 00751 off_nl = 21; /* FDDI+802.2+SNAP */ 00752 off_nl_nosnap = 16; /* FDDI+802.2 */ 00753 #ifdef PCAP_FDDIPAD 00754 off_nl += pcap_fddipad; 00755 off_nl_nosnap += pcap_fddipad; 00756 #endif 00757 return; 00758 00759 case DLT_IEEE802: 00760 /* 00761 * Token Ring doesn't really have a link-level type field. 00762 * We set "off_linktype" to the offset of the LLC header. 00763 * 00764 * To check for Ethernet types, we assume that SSAP = SNAP 00765 * is being used and pick out the encapsulated Ethernet type. 00766 * XXX - should we generate code to check for SNAP? 00767 * 00768 * XXX - the header is actually variable-length. 00769 * Some various Linux patched versions gave 38 00770 * as "off_linktype" and 40 as "off_nl"; however, 00771 * if a token ring packet has *no* routing 00772 * information, i.e. is not source-routed, the correct 00773 * values are 20 and 22, as they are in the vanilla code. 00774 * 00775 * A packet is source-routed iff the uppermost bit 00776 * of the first byte of the source address, at an 00777 * offset of 8, has the uppermost bit set. If the 00778 * packet is source-routed, the total number of bytes 00779 * of routing information is 2 plus bits 0x1F00 of 00780 * the 16-bit value at an offset of 14 (shifted right 00781 * 8 - figure out which byte that is). 00782 */ 00783 off_linktype = 14; 00784 off_nl = 22; /* Token Ring+802.2+SNAP */ 00785 off_nl_nosnap = 17; /* Token Ring+802.2 */ 00786 return; 00787 00788 case DLT_IEEE802_11: 00789 /* 00790 * 802.11 doesn't really have a link-level type field. 00791 * We set "off_linktype" to the offset of the LLC header. 00792 * 00793 * To check for Ethernet types, we assume that SSAP = SNAP 00794 * is being used and pick out the encapsulated Ethernet type. 00795 * XXX - should we generate code to check for SNAP? 00796 * 00797 * XXX - the header is actually variable-length. We 00798 * assume a 24-byte link-layer header, as appears in 00799 * data frames in networks with no bridges. 00800 */ 00801 off_linktype = 24; 00802 off_nl = 32; /* 802.11+802.2+SNAP */ 00803 off_nl_nosnap = 27; /* 802.11+802.2 */ 00804 return; 00805 00806 case DLT_PRISM_HEADER: 00807 /* 00808 * Same as 802.11, but with an additional header before 00809 * the 802.11 header, containing a bunch of additional 00810 * information including radio-level information. 00811 * 00812 * The header is 144 bytes long. 00813 * 00814 * XXX - same variable-length header problem; at least 00815 * the Prism header is fixed-length. 00816 */ 00817 off_linktype = 144+24; 00818 off_nl = 144+32; /* Prism+802.11+802.2+SNAP */ 00819 off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */ 00820 return; 00821 00822 case DLT_ATM_RFC1483: 00823 case DLT_ATM_CLIP: /* Linux ATM defines this */ 00824 /* 00825 * assume routed, non-ISO PDUs 00826 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 00827 */ 00828 off_linktype = 0; 00829 off_nl = 8; /* 802.2+SNAP */ 00830 off_nl_nosnap = 3; /* 802.2 */ 00831 return; 00832 00833 case DLT_SUNATM: 00834 /* 00835 * Full Frontal ATM; you get AALn PDUs with an ATM 00836 * pseudo-header. 00837 */ 00838 is_atm = 1; 00839 off_linktype = SUNATM_PKT_BEGIN_POS; 00840 off_vpi = SUNATM_VPI_POS; 00841 off_vci = SUNATM_VCI_POS; 00842 off_proto = PROTO_POS; 00843 off_msg_type = SUNATM_PKT_BEGIN_POS+MSG_TYPE_POS; 00844 off_nl = SUNATM_PKT_BEGIN_POS+8; /* 802.2+SNAP */ 00845 off_nl_nosnap = SUNATM_PKT_BEGIN_POS+3; /* 802.2 */ 00846 return; 00847 00848 case DLT_RAW: 00849 off_linktype = -1; 00850 off_nl = 0; 00851 off_nl_nosnap = 0; /* no 802.2 LLC */ 00852 return; 00853 00854 case DLT_LINUX_SLL: /* fake header for Linux cooked socket */ 00855 off_linktype = 14; 00856 off_nl = 16; 00857 off_nl_nosnap = 16; /* no 802.2 LLC */ 00858 return; 00859 00860 case DLT_LTALK: 00861 /* 00862 * LocalTalk does have a 1-byte type field in the LLAP header, 00863 * but really it just indicates whether there is a "short" or 00864 * "long" DDP packet following. 00865 */ 00866 off_linktype = -1; 00867 off_nl = 0; 00868 off_nl_nosnap = 0; /* no 802.2 LLC */ 00869 return; 00870 00871 case DLT_FRELAY: 00872 /* 00873 * XXX - we should set this to handle SNAP-encapsulated 00874 * frames (NLPID of 0x80). 00875 */ 00876 off_linktype = -1; 00877 off_nl = 0; 00878 off_nl_nosnap = 0; /* no 802.2 LLC */ 00879 return; 00880 } 00881 bpf_error("unknown data link type %d", linktype); 00882 /* NOTREACHED */ 00883 } 00884 00885 static struct block * 00886 gen_uncond(rsense) 00887 int rsense; 00888 { 00889 struct block *b; 00890 struct slist *s; 00891 00892 s = new_stmt(BPF_LD|BPF_IMM); 00893 s->s.k = !rsense; 00894 b = new_block(JMP(BPF_JEQ)); 00895 b->stmts = s; 00896 00897 return b; 00898 } 00899 00900 static inline struct block * 00901 gen_true() 00902 { 00903 return gen_uncond(1); 00904 } 00905 00906 static inline struct block * 00907 gen_false() 00908 { 00909 return gen_uncond(0); 00910 } 00911 00912 /* 00913 * Byte-swap a 32-bit number. 00914 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 00915 * big-endian platforms.) 00916 */ 00917 #define SWAPLONG(y) \ 00918 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 00919 00920 static struct block * 00921 gen_linktype(proto) 00922 register int proto; 00923 { 00924 struct block *b0, *b1, *b2; 00925 00926 switch (linktype) { 00927 00928 case DLT_EN10MB: 00929 switch (proto) { 00930 00931 case LLCSAP_ISONS: 00932 /* 00933 * OSI protocols always use 802.2 encapsulation. 00934 * XXX - should we check both the DSAP and the 00935 * SSAP, like this, or should we check just the 00936 * DSAP? 00937 */ 00938 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 00939 gen_not(b0); 00940 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 00941 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 00942 gen_and(b0, b1); 00943 return b1; 00944 00945 case LLCSAP_NETBEUI: 00946 /* 00947 * NetBEUI always uses 802.2 encapsulation. 00948 * XXX - should we check both the DSAP and the 00949 * SSAP, like this, or should we check just the 00950 * DSAP? 00951 */ 00952 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 00953 gen_not(b0); 00954 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 00955 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 00956 gen_and(b0, b1); 00957 return b1; 00958 00959 case LLCSAP_IPX: 00960 /* 00961 * Check for; 00962 * 00963 * Ethernet_II frames, which are Ethernet 00964 * frames with a frame type of ETHERTYPE_IPX; 00965 * 00966 * Ethernet_802.3 frames, which are 802.3 00967 * frames (i.e., the type/length field is 00968 * a length field, <= ETHERMTU, rather than 00969 * a type field) with the first two bytes 00970 * after the Ethernet/802.3 header being 00971 * 0xFFFF; 00972 * 00973 * Ethernet_802.2 frames, which are 802.3 00974 * frames with an 802.2 LLC header and 00975 * with the IPX LSAP as the DSAP in the LLC 00976 * header; 00977 * 00978 * Ethernet_SNAP frames, which are 802.3 00979 * frames with an LLC header and a SNAP 00980 * header and with an OUI of 0x000000 00981 * (encapsulated Ethernet) and a protocol 00982 * ID of ETHERTYPE_IPX in the SNAP header. 00983 * 00984 * XXX - should we generate the same code both 00985 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 00986 */ 00987 00988 /* 00989 * This generates code to check both for the 00990 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 00991 */ 00992 b0 = gen_cmp(off_linktype + 2, BPF_B, 00993 (bpf_int32)LLCSAP_IPX); 00994 b1 = gen_cmp(off_linktype + 2, BPF_H, 00995 (bpf_int32)0xFFFF); 00996 gen_or(b0, b1); 00997 00998 /* 00999 * Now we add code to check for SNAP frames with 01000 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 01001 */ 01002 b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14); 01003 gen_or(b0, b1); 01004 01005 /* 01006 * Now we generate code to check for 802.3 01007 * frames in general. 01008 */ 01009 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01010 gen_not(b0); 01011 01012 /* 01013 * Now add the check for 802.3 frames before the 01014 * check for Ethernet_802.2 and Ethernet_802.3, 01015 * as those checks should only be done on 802.3 01016 * frames, not on Ethernet frames. 01017 */ 01018 gen_and(b0, b1); 01019 01020 /* 01021 * Now add the check for Ethernet_II frames, and 01022 * do that before checking for the other frame 01023 * types. 01024 */ 01025 b0 = gen_cmp(off_linktype, BPF_H, 01026 (bpf_int32)ETHERTYPE_IPX); 01027 gen_or(b0, b1); 01028 return b1; 01029 01030 case ETHERTYPE_ATALK: 01031 case ETHERTYPE_AARP: 01032 /* 01033 * EtherTalk (AppleTalk protocols on Ethernet link 01034 * layer) may use 802.2 encapsulation. 01035 */ 01036 01037 /* 01038 * Check for 802.2 encapsulation (EtherTalk phase 2?); 01039 * we check for an Ethernet type field less than 01040 * 1500, which means it's an 802.3 length field. 01041 */ 01042 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01043 gen_not(b0); 01044 01045 /* 01046 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01047 * SNAP packets with an organization code of 01048 * 0x080007 (Apple, for Appletalk) and a protocol 01049 * type of ETHERTYPE_ATALK (Appletalk). 01050 * 01051 * 802.2-encapsulated ETHERTYPE_AARP packets are 01052 * SNAP packets with an organization code of 01053 * 0x000000 (encapsulated Ethernet) and a protocol 01054 * type of ETHERTYPE_AARP (Appletalk ARP). 01055 */ 01056 if (proto == ETHERTYPE_ATALK) 01057 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14); 01058 else /* proto == ETHERTYPE_AARP */ 01059 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14); 01060 gen_and(b0, b1); 01061 01062 /* 01063 * Check for Ethernet encapsulation (Ethertalk 01064 * phase 1?); we just check for the Ethernet 01065 * protocol type. 01066 */ 01067 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01068 01069 gen_or(b0, b1); 01070 return b1; 01071 01072 default: 01073 if (proto <= ETHERMTU) { 01074 /* 01075 * This is an LLC SAP value, so the frames 01076 * that match would be 802.2 frames. 01077 * Check that the frame is an 802.2 frame 01078 * (i.e., that the length/type field is 01079 * a length field, <= ETHERMTU) and 01080 * then check the DSAP. 01081 */ 01082 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 01083 gen_not(b0); 01084 b1 = gen_cmp(off_linktype + 2, BPF_B, 01085 (bpf_int32)proto); 01086 gen_and(b0, b1); 01087 return b1; 01088 } else { 01089 /* 01090 * This is an Ethernet type, so compare 01091 * the length/type field with it (if 01092 * the frame is an 802.2 frame, the length 01093 * field will be <= ETHERMTU, and, as 01094 * "proto" is > ETHERMTU, this test 01095 * will fail and the frame won't match, 01096 * which is what we want). 01097 */ 01098 return gen_cmp(off_linktype, BPF_H, 01099 (bpf_int32)proto); 01100 } 01101 } 01102 break; 01103 01104 case DLT_IEEE802_11: 01105 case DLT_PRISM_HEADER: 01106 case DLT_FDDI: 01107 case DLT_IEEE802: 01108 case DLT_ATM_RFC1483: 01109 case DLT_ATM_CLIP: 01110 return gen_llc(proto); 01111 break; 01112 01113 case DLT_SUNATM: 01114 /* 01115 * Check for LLC encapsulation and then check the protocol. 01116 * XXX - also check for LANE and then check for an Ethernet 01117 * type? 01118 */ 01119 b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 01120 b1 = gen_llc(proto); 01121 gen_and(b0, b1); 01122 return b1; 01123 01124 case DLT_LINUX_SLL: 01125 switch (proto) { 01126 01127 case LLCSAP_ISONS: 01128 /* 01129 * OSI protocols always use 802.2 encapsulation. 01130 * XXX - should we check both the DSAP and the 01131 * LSAP, like this, or should we check just the 01132 * DSAP? 01133 */ 01134 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01135 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01136 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01137 gen_and(b0, b1); 01138 return b1; 01139 01140 case LLCSAP_NETBEUI: 01141 /* 01142 * NetBEUI always uses 802.2 encapsulation. 01143 * XXX - should we check both the DSAP and the 01144 * LSAP, like this, or should we check just the 01145 * DSAP? 01146 */ 01147 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01148 b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32) 01149 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01150 gen_and(b0, b1); 01151 return b1; 01152 01153 case LLCSAP_IPX: 01154 /* 01155 * Ethernet_II frames, which are Ethernet 01156 * frames with a frame type of ETHERTYPE_IPX; 01157 * 01158 * Ethernet_802.3 frames, which have a frame 01159 * type of LINUX_SLL_P_802_3; 01160 * 01161 * Ethernet_802.2 frames, which are 802.3 01162 * frames with an 802.2 LLC header (i.e, have 01163 * a frame type of LINUX_SLL_P_802_2) and 01164 * with the IPX LSAP as the DSAP in the LLC 01165 * header; 01166 * 01167 * Ethernet_SNAP frames, which are 802.3 01168 * frames with an LLC header and a SNAP 01169 * header and with an OUI of 0x000000 01170 * (encapsulated Ethernet) and a protocol 01171 * ID of ETHERTYPE_IPX in the SNAP header. 01172 * 01173 * First, do the checks on LINUX_SLL_P_802_2 01174 * frames; generate the check for either 01175 * Ethernet_802.2 or Ethernet_SNAP frames, and 01176 * then put a check for LINUX_SLL_P_802_2 frames 01177 * before it. 01178 */ 01179 b0 = gen_cmp(off_linktype + 2, BPF_B, 01180 (bpf_int32)LLCSAP_IPX); 01181 b1 = gen_snap(0x000000, ETHERTYPE_IPX, 01182 off_linktype + 2); 01183 gen_or(b0, b1); 01184 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01185 gen_and(b0, b1); 01186 01187 /* 01188 * Now check for 802.3 frames and OR that with 01189 * the previous test. 01190 */ 01191 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3); 01192 gen_or(b0, b1); 01193 01194 /* 01195 * Now add the check for Ethernet_II frames, and 01196 * do that before checking for the other frame 01197 * types. 01198 */ 01199 b0 = gen_cmp(off_linktype, BPF_H, 01200 (bpf_int32)ETHERTYPE_IPX); 01201 gen_or(b0, b1); 01202 return b1; 01203 01204 case ETHERTYPE_ATALK: 01205 case ETHERTYPE_AARP: 01206 /* 01207 * EtherTalk (AppleTalk protocols on Ethernet link 01208 * layer) may use 802.2 encapsulation. 01209 */ 01210 01211 /* 01212 * Check for 802.2 encapsulation (EtherTalk phase 2?); 01213 * we check for the 802.2 protocol type in the 01214 * "Ethernet type" field. 01215 */ 01216 b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2); 01217 01218 /* 01219 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01220 * SNAP packets with an organization code of 01221 * 0x080007 (Apple, for Appletalk) and a protocol 01222 * type of ETHERTYPE_ATALK (Appletalk). 01223 * 01224 * 802.2-encapsulated ETHERTYPE_AARP packets are 01225 * SNAP packets with an organization code of 01226 * 0x000000 (encapsulated Ethernet) and a protocol 01227 * type of ETHERTYPE_AARP (Appletalk ARP). 01228 */ 01229 if (proto == ETHERTYPE_ATALK) 01230 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 01231 off_linktype + 2); 01232 else /* proto == ETHERTYPE_AARP */ 01233 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 01234 off_linktype + 2); 01235 gen_and(b0, b1); 01236 01237 /* 01238 * Check for Ethernet encapsulation (Ethertalk 01239 * phase 1?); we just check for the Ethernet 01240 * protocol type. 01241 */ 01242 b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01243 01244 gen_or(b0, b1); 01245 return b1; 01246 01247 default: 01248 if (proto <= ETHERMTU) { 01249 /* 01250 * This is an LLC SAP value, so the frames 01251 * that match would be 802.2 frames. 01252 * Check for the 802.2 protocol type 01253 * in the "Ethernet type" field, and 01254 * then check the DSAP. 01255 */ 01256 b0 = gen_cmp(off_linktype, BPF_H, 01257 LINUX_SLL_P_802_2); 01258 b1 = gen_cmp(off_linktype + 2, BPF_B, 01259 (bpf_int32)proto); 01260 gen_and(b0, b1); 01261 return b1; 01262 } else { 01263 /* 01264 * This is an Ethernet type, so compare 01265 * the length/type field with it (if 01266 * the frame is an 802.2 frame, the length 01267 * field will be <= ETHERMTU, and, as 01268 * "proto" is > ETHERMTU, this test 01269 * will fail and the frame won't match, 01270 * which is what we want). 01271 */ 01272 return gen_cmp(off_linktype, BPF_H, 01273 (bpf_int32)proto); 01274 } 01275 } 01276 break; 01277 01278 case DLT_SLIP: 01279 case DLT_SLIP_BSDOS: 01280 case DLT_RAW: 01281 /* 01282 * These types don't provide any type field; packets 01283 * are always IP. 01284 * 01285 * XXX - for IPv4, check for a version number of 4, and, 01286 * for IPv6, check for a version number of 6? 01287 */ 01288 switch (proto) { 01289 01290 case ETHERTYPE_IP: 01291 #ifdef INET6 01292 case ETHERTYPE_IPV6: 01293 #endif 01294 return gen_true(); /* always true */ 01295 01296 default: 01297 return gen_false(); /* always false */ 01298 } 01299 break; 01300 01301 case DLT_PPP: 01302 case DLT_PPP_SERIAL: 01303 case DLT_PPP_ETHER: 01304 /* 01305 * We use Ethernet protocol types inside libpcap; 01306 * map them to the corresponding PPP protocol types. 01307 */ 01308 switch (proto) { 01309 01310 case ETHERTYPE_IP: 01311 proto = PPP_IP; /* XXX was 0x21 */ 01312 break; 01313 01314 #ifdef INET6 01315 case ETHERTYPE_IPV6: 01316 proto = PPP_IPV6; 01317 break; 01318 #endif 01319 01320 case ETHERTYPE_DN: 01321 proto = PPP_DECNET; 01322 break; 01323 01324 case ETHERTYPE_ATALK: 01325 proto = PPP_APPLE; 01326 break; 01327 01328 case ETHERTYPE_NS: 01329 proto = PPP_NS; 01330 break; 01331 01332 case LLCSAP_ISONS: 01333 proto = PPP_OSI; 01334 break; 01335 01336 case LLCSAP_8021D: 01337 /* 01338 * I'm assuming the "Bridging PDU"s that go 01339 * over PPP are Spanning Tree Protocol 01340 * Bridging PDUs. 01341 */ 01342 proto = PPP_BRPDU; 01343 break; 01344 01345 case LLCSAP_IPX: 01346 proto = PPP_IPX; 01347 break; 01348 } 01349 break; 01350 01351 case DLT_PPP_BSDOS: 01352 /* 01353 * We use Ethernet protocol types inside libpcap; 01354 * map them to the corresponding PPP protocol types. 01355 */ 01356 switch (proto) { 01357 01358 case ETHERTYPE_IP: 01359 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 01360 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 01361 gen_or(b0, b1); 01362 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 01363 gen_or(b1, b0); 01364 return b0; 01365 01366 #ifdef INET6 01367 case ETHERTYPE_IPV6: 01368 proto = PPP_IPV6; 01369 /* more to go? */ 01370 break; 01371 #endif 01372 01373 case ETHERTYPE_DN: 01374 proto = PPP_DECNET; 01375 break; 01376 01377 case ETHERTYPE_ATALK: 01378 proto = PPP_APPLE; 01379 break; 01380 01381 case ETHERTYPE_NS: 01382 proto = PPP_NS; 01383 break; 01384 01385 case LLCSAP_ISONS: 01386 proto = PPP_OSI; 01387 break; 01388 01389 case LLCSAP_8021D: 01390 /* 01391 * I'm assuming the "Bridging PDU"s that go 01392 * over PPP are Spanning Tree Protocol 01393 * Bridging PDUs. 01394 */ 01395 proto = PPP_BRPDU; 01396 break; 01397 01398 case LLCSAP_IPX: 01399 proto = PPP_IPX; 01400 break; 01401 } 01402 break; 01403 01404 case DLT_NULL: 01405 case DLT_LOOP: 01406 /* 01407 * For DLT_NULL, the link-layer header is a 32-bit 01408 * word containing an AF_ value in *host* byte order. 01409 * 01410 * In addition, if we're reading a saved capture file, 01411 * the host byte order in the capture may not be the 01412 * same as the host byte order on this machine. 01413 * 01414 * For DLT_LOOP, the link-layer header is a 32-bit 01415 * word containing an AF_ value in *network* byte order. 01416 * 01417 * XXX - AF_ values may, unfortunately, be platform- 01418 * dependent; for example, FreeBSD's AF_INET6 is 24 01419 * whilst NetBSD's and OpenBSD's is 26. 01420 * 01421 * This means that, when reading a capture file, just 01422 * checking for our AF_INET6 value won't work if the 01423 * capture file came from another OS. 01424 */ 01425 switch (proto) { 01426 01427 case ETHERTYPE_IP: 01428 proto = AF_INET; 01429 break; 01430 01431 #ifdef INET6 01432 case ETHERTYPE_IPV6: 01433 proto = AF_INET6; 01434 break; 01435 #endif 01436 01437 default: 01438 /* 01439 * Not a type on which we support filtering. 01440 * XXX - support those that have AF_ values 01441 * #defined on this platform, at least? 01442 */ 01443 return gen_false(); 01444 } 01445 01446 if (linktype == DLT_NULL) { 01447 /* 01448 * The AF_ value is in host byte order, but 01449 * the BPF interpreter will convert it to 01450 * network byte order. 01451 * 01452 * If this is a save file, and it's from a 01453 * machine with the opposite byte order to 01454 * ours, we byte-swap the AF_ value. 01455 * 01456 * Then we run it through "htonl()", and 01457 * generate code to compare against the result. 01458 */ 01459 if (bpf_pcap->sf.rfile != NULL && 01460 bpf_pcap->sf.swapped) 01461 proto = SWAPLONG(proto); 01462 proto = htonl(proto); 01463 } 01464 return (gen_cmp(0, BPF_W, (bpf_int32)proto)); 01465 01466 case DLT_ARCNET: 01467 /* 01468 * XXX should we check for first fragment if the protocol 01469 * uses PHDS? 01470 */ 01471 switch(proto) { 01472 default: 01473 return gen_false(); 01474 #ifdef INET6 01475 case ETHERTYPE_IPV6: 01476 return(gen_cmp(2, BPF_B, 01477 (bpf_int32)htonl(ARCTYPE_INET6))); 01478 #endif /* INET6 */ 01479 case ETHERTYPE_IP: 01480 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP)); 01481 b1 = gen_cmp(2, BPF_B, 01482 (bpf_int32)htonl(ARCTYPE_IP_OLD)); 01483 gen_or(b0, b1); 01484 return(b1); 01485 case ETHERTYPE_ARP: 01486 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP)); 01487 b1 = gen_cmp(2, BPF_B, 01488 (bpf_int32)htonl(ARCTYPE_ARP_OLD)); 01489 gen_or(b0, b1); 01490 return(b1); 01491 case ETHERTYPE_REVARP: 01492 return(gen_cmp(2, BPF_B, 01493 (bpf_int32)htonl(ARCTYPE_REVARP))); 01494 case ETHERTYPE_ATALK: 01495 return(gen_cmp(2, BPF_B, 01496 (bpf_int32)htonl(ARCTYPE_ATALK))); 01497 } 01498 break; 01499 01500 case DLT_LTALK: 01501 switch (proto) { 01502 case ETHERTYPE_ATALK: 01503 return gen_true(); 01504 default: 01505 return gen_false(); 01506 } 01507 break; 01508 01509 case DLT_FRELAY: 01510 /* 01511 * XXX - assumes a 2-byte Frame Relay header with 01512 * DLCI and flags. What if the address is longer? 01513 */ 01514 switch (proto) { 01515 01516 case ETHERTYPE_IP: 01517 /* 01518 * Check for the special NLPID for IP. 01519 */ 01520 return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc); 01521 01522 #ifdef INET6 01523 case ETHERTYPE_IPV6: 01524 /* 01525 * Check for the special NLPID for IPv6. 01526 */ 01527 return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e); 01528 #endif 01529 01530 case LLCSAP_ISONS: 01531 /* 01532 * Check for several OSI protocols. 01533 * 01534 * Frame Relay packets typically have an OSI 01535 * NLPID at the beginning; we check for each 01536 * of them. 01537 * 01538 * What we check for is the NLPID and a frame 01539 * control field of UI, i.e. 0x03 followed 01540 * by the NLPID. 01541 */ 01542 b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP); 01543 b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS); 01544 b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS); 01545 gen_or(b1, b2); 01546 gen_or(b0, b2); 01547 return b2; 01548 01549 default: 01550 return gen_false(); 01551 } 01552 break; 01553 } 01554 01555 /* 01556 * All the types that have no encapsulation should either be 01557 * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if 01558 * all packets are IP packets, or should be handled in some 01559 * special case, if none of them are (if some are and some 01560 * aren't, the lack of encapsulation is a problem, as we'd 01561 * have to find some other way of determining the packet type). 01562 * 01563 * Therefore, if "off_linktype" is -1, there's an error. 01564 */ 01565 if (off_linktype == -1) 01566 abort(); 01567 01568 /* 01569 * Any type not handled above should always have an Ethernet 01570 * type at an offset of "off_linktype". (PPP is partially 01571 * handled above - the protocol type is mapped from the 01572 * Ethernet and LLC types we use internally to the corresponding 01573 * PPP type - but the PPP type is always specified by a value 01574 * at "off_linktype", so we don't have to do the code generation 01575 * above.) 01576 */ 01577 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 01578 } 01579 01580 /* 01581 * Check for an LLC SNAP packet with a given organization code and 01582 * protocol type; we check the entire contents of the 802.2 LLC and 01583 * snap headers, checking for DSAP and SSAP of SNAP and a control 01584 * field of 0x03 in the LLC header, and for the specified organization 01585 * code and protocol type in the SNAP header. 01586 */ 01587 static struct block * 01588 gen_snap(orgcode, ptype, offset) 01589 bpf_u_int32 orgcode; 01590 bpf_u_int32 ptype; 01591 u_int offset; 01592 { 01593 u_char snapblock[8]; 01594 01595 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 01596 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 01597 snapblock[2] = 0x03; /* control = UI */ 01598 snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */ 01599 snapblock[4] = (orgcode >> 8); /* middle 8 bits of organization code */ 01600 snapblock[5] = (orgcode >> 0); /* lower 8 bits of organization code */ 01601 snapblock[6] = (ptype >> 8); /* upper 8 bits of protocol type */ 01602 snapblock[7] = (ptype >> 0); /* lower 8 bits of protocol type */ 01603 return gen_bcmp(offset, 8, snapblock); 01604 } 01605 01606 /* 01607 * Check for a given protocol value assuming an 802.2 LLC header. 01608 */ 01609 static struct block * 01610 gen_llc(proto) 01611 int proto; 01612 { 01613 /* 01614 * XXX - handle token-ring variable-length header. 01615 */ 01616 switch (proto) { 01617 01618 case LLCSAP_ISONS: 01619 return gen_cmp(off_linktype, BPF_H, (long) 01620 ((LLCSAP_ISONS << 8) | LLCSAP_ISONS)); 01621 01622 case LLCSAP_NETBEUI: 01623 return gen_cmp(off_linktype, BPF_H, (long) 01624 ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI)); 01625 01626 case LLCSAP_IPX: 01627 /* 01628 * XXX - are there ever SNAP frames for IPX on 01629 * non-Ethernet 802.x networks? 01630 */ 01631 return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX); 01632 01633 case ETHERTYPE_ATALK: 01634 /* 01635 * 802.2-encapsulated ETHERTYPE_ATALK packets are 01636 * SNAP packets with an organization code of 01637 * 0x080007 (Apple, for Appletalk) and a protocol 01638 * type of ETHERTYPE_ATALK (Appletalk). 01639 * 01640 * XXX - check for an organization code of 01641 * encapsulated Ethernet as well? 01642 */ 01643 return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype); 01644 01645 default: 01646 /* 01647 * XXX - we don't have to check for IPX 802.3 01648 * here, but should we check for the IPX Ethertype? 01649 */ 01650 if (proto <= ETHERMTU) { 01651 /* 01652 * This is an LLC SAP value, so check 01653 * the DSAP. 01654 */ 01655 return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto); 01656 } else { 01657 /* 01658 * This is an Ethernet type; we assume that it's 01659 * unlikely that it'll appear in the right place 01660 * at random, and therefore check only the 01661 * location that would hold the Ethernet type 01662 * in a SNAP frame with an organization code of 01663 * 0x000000 (encapsulated Ethernet). 01664 * 01665 * XXX - if we were to check for the SNAP DSAP and 01666 * LSAP, as per XXX, and were also to check for an 01667 * organization code of 0x000000 (encapsulated 01668 * Ethernet), we'd do 01669 * 01670 * return gen_snap(0x000000, proto, 01671 * off_linktype); 01672 * 01673 * here; for now, we don't, as per the above. 01674 * I don't know whether it's worth the extra CPU 01675 * time to do the right check or not. 01676 */ 01677 return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto); 01678 } 01679 } 01680 } 01681 01682 static struct block * 01683 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 01684 bpf_u_int32 addr; 01685 bpf_u_int32 mask; 01686 int dir, proto; 01687 u_int src_off, dst_off; 01688 { 01689 struct block *b0, *b1; 01690 u_int offset; 01691 01692 switch (dir) { 01693 01694 case Q_SRC: 01695 offset = src_off; 01696 break; 01697 01698 case Q_DST: 01699 offset = dst_off; 01700 break; 01701 01702 case Q_AND: 01703 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 01704 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 01705 gen_and(b0, b1); 01706 return b1; 01707 01708 case Q_OR: 01709 case Q_DEFAULT: 01710 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 01711 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 01712 gen_or(b0, b1); 01713 return b1; 01714 01715 default: 01716 abort(); 01717 } 01718 b0 = gen_linktype(proto); 01719 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 01720 gen_and(b0, b1); 01721 return b1; 01722 } 01723 01724 #ifdef INET6 01725 static struct block * 01726 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 01727 struct in6_addr *addr; 01728 struct in6_addr *mask; 01729 int dir, proto; 01730 u_int src_off, dst_off; 01731 { 01732 struct block *b0, *b1; 01733 u_int offset; 01734 u_int32_t *a, *m; 01735 01736 switch (dir) { 01737 01738 case Q_SRC: 01739 offset = src_off; 01740 break; 01741 01742 case Q_DST: 01743 offset = dst_off; 01744 break; 01745 01746 case Q_AND: 01747 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 01748 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 01749 gen_and(b0, b1); 01750 return b1; 01751 01752 case Q_OR: 01753 case Q_DEFAULT: 01754 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 01755 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 01756 gen_or(b0, b1); 01757 return b1; 01758 01759 default: 01760 abort(); 01761 } 01762 /* this order is important */ 01763 a = (u_int32_t *)addr; 01764 m = (u_int32_t *)mask; 01765 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 01766 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 01767 gen_and(b0, b1); 01768 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 01769 gen_and(b0, b1); 01770 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 01771 gen_and(b0, b1); 01772 b0 = gen_linktype(proto); 01773 gen_and(b0, b1); 01774 return b1; 01775 } 01776 #endif /*INET6*/ 01777 01778 static struct block * 01779 gen_ehostop(eaddr, dir) 01780 register const u_char *eaddr; 01781 register int dir; 01782 { 01783 register struct block *b0, *b1; 01784 01785 switch (dir) { 01786 case Q_SRC: 01787 return gen_bcmp(6, 6, eaddr); 01788 01789 case Q_DST: 01790 return gen_bcmp(0, 6, eaddr); 01791 01792 case Q_AND: 01793 b0 = gen_ehostop(eaddr, Q_SRC); 01794 b1 = gen_ehostop(eaddr, Q_DST); 01795 gen_and(b0, b1); 01796 return b1; 01797 01798 case Q_DEFAULT: 01799 case Q_OR: 01800 b0 = gen_ehostop(eaddr, Q_SRC); 01801 b1 = gen_ehostop(eaddr, Q_DST); 01802 gen_or(b0, b1); 01803 return b1; 01804 } 01805 abort(); 01806 /* NOTREACHED */ 01807 } 01808 01809 /* 01810 * Like gen_ehostop, but for DLT_FDDI 01811 */ 01812 static struct block * 01813 gen_fhostop(eaddr, dir) 01814 register const u_char *eaddr; 01815 register int dir; 01816 { 01817 struct block *b0, *b1; 01818 01819 switch (dir) { 01820 case Q_SRC: 01821 #ifdef PCAP_FDDIPAD 01822 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 01823 #else 01824 return gen_bcmp(6 + 1, 6, eaddr); 01825 #endif 01826 01827 case Q_DST: 01828 #ifdef PCAP_FDDIPAD 01829 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 01830 #else 01831 return gen_bcmp(0 + 1, 6, eaddr); 01832 #endif 01833 01834 case Q_AND: 01835 b0 = gen_fhostop(eaddr, Q_SRC); 01836 b1 = gen_fhostop(eaddr, Q_DST); 01837 gen_and(b0, b1); 01838 return b1; 01839 01840 case Q_DEFAULT: 01841 case Q_OR: 01842 b0 = gen_fhostop(eaddr, Q_SRC); 01843 b1 = gen_fhostop(eaddr, Q_DST); 01844 gen_or(b0, b1); 01845 return b1; 01846 } 01847 abort(); 01848 /* NOTREACHED */ 01849 } 01850 01851 /* 01852 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 01853 */ 01854 static struct block * 01855 gen_thostop(eaddr, dir) 01856 register const u_char *eaddr; 01857 register int dir; 01858 { 01859 register struct block *b0, *b1; 01860 01861 switch (dir) { 01862 case Q_SRC: 01863 return gen_bcmp(8, 6, eaddr); 01864 01865 case Q_DST: 01866 return gen_bcmp(2, 6, eaddr); 01867 01868 case Q_AND: 01869 b0 = gen_thostop(eaddr, Q_SRC); 01870 b1 = gen_thostop(eaddr, Q_DST); 01871 gen_and(b0, b1); 01872 return b1; 01873 01874 case Q_DEFAULT: 01875 case Q_OR: 01876 b0 = gen_thostop(eaddr, Q_SRC); 01877 b1 = gen_thostop(eaddr, Q_DST); 01878 gen_or(b0, b1); 01879 return b1; 01880 } 01881 abort(); 01882 /* NOTREACHED */ 01883 } 01884 01885 /* 01886 * This is quite tricky because there may be pad bytes in front of the 01887 * DECNET header, and then there are two possible data packet formats that 01888 * carry both src and dst addresses, plus 5 packet types in a format that 01889 * carries only the src node, plus 2 types that use a different format and 01890 * also carry just the src node. 01891 * 01892 * Yuck. 01893 * 01894 * Instead of doing those all right, we just look for data packets with 01895 * 0 or 1 bytes of padding. If you want to look at other packets, that 01896 * will require a lot more hacking. 01897 * 01898 * To add support for filtering on DECNET "areas" (network numbers) 01899 * one would want to add a "mask" argument to this routine. That would 01900 * make the filter even more inefficient, although one could be clever 01901 * and not generate masking instructions if the mask is 0xFFFF. 01902 */ 01903 static struct block * 01904 gen_dnhostop(addr, dir, base_off) 01905 bpf_u_int32 addr; 01906 int dir; 01907 u_int base_off; 01908 { 01909 struct block *b0, *b1, *b2, *tmp; 01910 u_int offset_lh; /* offset if long header is received */ 01911 u_int offset_sh; /* offset if short header is received */ 01912 01913 switch (dir) { 01914 01915 case Q_DST: 01916 offset_sh = 1; /* follows flags */ 01917 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 01918 break; 01919 01920 case Q_SRC: 01921 offset_sh = 3; /* follows flags, dstnode */ 01922 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 01923 break; 01924 01925 case Q_AND: 01926 /* Inefficient because we do our Calvinball dance twice */ 01927 b0 = gen_dnhostop(addr, Q_SRC, base_off); 01928 b1 = gen_dnhostop(addr, Q_DST, base_off); 01929 gen_and(b0, b1); 01930 return b1; 01931 01932 case Q_OR: 01933 case Q_DEFAULT: 01934 /* Inefficient because we do our Calvinball dance twice */ 01935 b0 = gen_dnhostop(addr, Q_SRC, base_off); 01936 b1 = gen_dnhostop(addr, Q_DST, base_off); 01937 gen_or(b0, b1); 01938 return b1; 01939 01940 case Q_ISO: 01941 bpf_error("ISO host filtering not implemented"); 01942 01943 default: 01944 abort(); 01945 } 01946 b0 = gen_linktype(ETHERTYPE_DN); 01947 /* Check for pad = 1, long header case */ 01948 tmp = gen_mcmp(base_off + 2, BPF_H, 01949 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 01950 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 01951 BPF_H, (bpf_int32)ntohs(addr)); 01952 gen_and(tmp, b1); 01953 /* Check for pad = 0, long header case */ 01954 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 01955 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 01956 gen_and(tmp, b2); 01957 gen_or(b2, b1); 01958 /* Check for pad = 1, short header case */ 01959 tmp = gen_mcmp(base_off + 2, BPF_H, 01960 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 01961 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 01962 BPF_H, (bpf_int32)ntohs(addr)); 01963 gen_and(tmp, b2); 01964 gen_or(b2, b1); 01965 /* Check for pad = 0, short header case */ 01966 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 01967 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 01968 gen_and(tmp, b2); 01969 gen_or(b2, b1); 01970 01971 /* Combine with test for linktype */ 01972 gen_and(b0, b1); 01973 return b1; 01974 } 01975 01976 static struct block * 01977 gen_host(addr, mask, proto, dir) 01978 bpf_u_int32 addr; 01979 bpf_u_int32 mask; 01980 int proto; 01981 int dir; 01982 { 01983 struct block *b0, *b1; 01984 01985 switch (proto) { 01986 01987 case Q_DEFAULT: 01988 b0 = gen_host(addr, mask, Q_IP, dir); 01989 if (off_linktype != -1) { 01990 b1 = gen_host(addr, mask, Q_ARP, dir); 01991 gen_or(b0, b1); 01992 b0 = gen_host(addr, mask, Q_RARP, dir); 01993 gen_or(b1, b0); 01994 } 01995 return b0; 01996 01997 case Q_IP: 01998 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 01999 off_nl + 12, off_nl + 16); 02000 02001 case Q_RARP: 02002 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 02003 off_nl + 14, off_nl + 24); 02004 02005 case Q_ARP: 02006 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 02007 off_nl + 14, off_nl + 24); 02008 02009 case Q_TCP: 02010 bpf_error("'tcp' modifier applied to host"); 02011 02012 case Q_SCTP: 02013 bpf_error("'sctp' modifier applied to host"); 02014 02015 case Q_UDP: 02016 bpf_error("'udp' modifier applied to host"); 02017 02018 case Q_ICMP: 02019 bpf_error("'icmp' modifier applied to host"); 02020 02021 case Q_IGMP: 02022 bpf_error("'igmp' modifier applied to host"); 02023 02024 case Q_IGRP: 02025 bpf_error("'igrp' modifier applied to host"); 02026 02027 case Q_PIM: 02028 bpf_error("'pim' modifier applied to host"); 02029 02030 case Q_VRRP: 02031 bpf_error("'vrrp' modifier applied to host"); 02032 02033 case Q_ATALK: 02034 bpf_error("ATALK host filtering not implemented"); 02035 02036 case Q_AARP: 02037 bpf_error("AARP host filtering not implemented"); 02038 02039 case Q_DECNET: 02040 return gen_dnhostop(addr, dir, off_nl); 02041 02042 case Q_SCA: 02043 bpf_error("SCA host filtering not implemented"); 02044 02045 case Q_LAT: 02046 bpf_error("LAT host filtering not implemented"); 02047 02048 case Q_MOPDL: 02049 bpf_error("MOPDL host filtering not implemented"); 02050 02051 case Q_MOPRC: 02052 bpf_error("MOPRC host filtering not implemented"); 02053 02054 #ifdef INET6 02055 case Q_IPV6: 02056 bpf_error("'ip6' modifier applied to ip host"); 02057 02058 case Q_ICMPV6: 02059 bpf_error("'icmp6' modifier applied to host"); 02060 #endif /* INET6 */ 02061 02062 case Q_AH: 02063 bpf_error("'ah' modifier applied to host"); 02064 02065 case Q_ESP: 02066 bpf_error("'esp' modifier applied to host"); 02067 02068 case Q_ISO: 02069 bpf_error("ISO host filtering not implemented"); 02070 02071 case Q_ESIS: 02072 bpf_error("'esis' modifier applied to host"); 02073 02074 case Q_ISIS: 02075 bpf_error("'isis' modifier applied to host"); 02076 02077 case Q_CLNP: 02078 bpf_error("'clnp' modifier applied to host"); 02079 02080 case Q_STP: 02081 bpf_error("'stp' modifier applied to host"); 02082 02083 case Q_IPX: 02084 bpf_error("IPX host filtering not implemented"); 02085 02086 case Q_NETBEUI: 02087 bpf_error("'netbeui' modifier applied to host"); 02088 02089 default: 02090 abort(); 02091 } 02092 /* NOTREACHED */ 02093 } 02094 02095 #ifdef INET6 02096 static struct block * 02097 gen_host6(addr, mask, proto, dir) 02098 struct in6_addr *addr; 02099 struct in6_addr *mask; 02100 int proto; 02101 int dir; 02102 { 02103 switch (proto) { 02104 02105 case Q_DEFAULT: 02106 return gen_host6(addr, mask, Q_IPV6, dir); 02107 02108 case Q_IP: 02109 bpf_error("'ip' modifier applied to ip6 host"); 02110 02111 case Q_RARP: 02112 bpf_error("'rarp' modifier applied to ip6 host"); 02113 02114 case Q_ARP: 02115 bpf_error("'arp' modifier applied to ip6 host"); 02116 02117 case Q_SCTP: 02118 bpf_error("'sctp' modifier applied to host"); 02119 02120 case Q_TCP: 02121 bpf_error("'tcp' modifier applied to host"); 02122 02123 case Q_UDP: 02124 bpf_error("'udp' modifier applied to host"); 02125 02126 case Q_ICMP: 02127 bpf_error("'icmp' modifier applied to host"); 02128 02129 case Q_IGMP: 02130 bpf_error("'igmp' modifier applied to host"); 02131 02132 case Q_IGRP: 02133 bpf_error("'igrp' modifier applied to host"); 02134 02135 case Q_PIM: 02136 bpf_error("'pim' modifier applied to host"); 02137 02138 case Q_VRRP: 02139 bpf_error("'vrrp' modifier applied to host"); 02140 02141 case Q_ATALK: 02142 bpf_error("ATALK host filtering not implemented"); 02143 02144 case Q_AARP: 02145 bpf_error("AARP host filtering not implemented"); 02146 02147 case Q_DECNET: 02148 bpf_error("'decnet' modifier applied to ip6 host"); 02149 02150 case Q_SCA: 02151 bpf_error("SCA host filtering not implemented"); 02152 02153 case Q_LAT: 02154 bpf_error("LAT host filtering not implemented"); 02155 02156 case Q_MOPDL: 02157 bpf_error("MOPDL host filtering not implemented"); 02158 02159 case Q_MOPRC: 02160 bpf_error("MOPRC host filtering not implemented"); 02161 02162 case Q_IPV6: 02163 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 02164 off_nl + 8, off_nl + 24); 02165 02166 case Q_ICMPV6: 02167 bpf_error("'icmp6' modifier applied to host"); 02168 02169 case Q_AH: 02170 bpf_error("'ah' modifier applied to host"); 02171 02172 case Q_ESP: 02173 bpf_error("'esp' modifier applied to host"); 02174 02175 case Q_ISO: 02176 bpf_error("ISO host filtering not implemented"); 02177 02178 case Q_ESIS: 02179 bpf_error("'esis' modifier applied to host"); 02180 02181 case Q_ISIS: 02182 bpf_error("'isis' modifier applied to host"); 02183 02184 case Q_CLNP: 02185 bpf_error("'clnp' modifier applied to host"); 02186 02187 case Q_STP: 02188 bpf_error("'stp' modifier applied to host"); 02189 02190 case Q_IPX: 02191 bpf_error("IPX host filtering not implemented"); 02192 02193 case Q_NETBEUI: 02194 bpf_error("'netbeui' modifier applied to host"); 02195 02196 default: 02197 abort(); 02198 } 02199 /* NOTREACHED */ 02200 } 02201 #endif /*INET6*/ 02202 02203 #ifndef INET6 02204 static struct block * 02205 gen_gateway(eaddr, alist, proto, dir) 02206 const u_char *eaddr; 02207 bpf_u_int32 **alist; 02208 int proto; 02209 int dir; 02210 { 02211 struct block *b0, *b1, *tmp; 02212 02213 if (dir != 0) 02214 bpf_error("direction applied to 'gateway'"); 02215 02216 switch (proto) { 02217 case Q_DEFAULT: 02218 case Q_IP: 02219 case Q_ARP: 02220 case Q_RARP: 02221 if (linktype == DLT_EN10MB) 02222 b0 = gen_ehostop(eaddr, Q_OR); 02223 else if (linktype == DLT_FDDI) 02224 b0 = gen_fhostop(eaddr, Q_OR); 02225 else if (linktype == DLT_IEEE802) 02226 b0 = gen_thostop(eaddr, Q_OR); 02227 else 02228 bpf_error( 02229 "'gateway' supported only on ethernet, FDDI or token ring"); 02230 02231 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 02232 while (*alist) { 02233 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 02234 gen_or(b1, tmp); 02235 b1 = tmp; 02236 } 02237 gen_not(b1); 02238 gen_and(b0, b1); 02239 return b1; 02240 } 02241 bpf_error("illegal modifier of 'gateway'"); 02242 /* NOTREACHED */ 02243 } 02244 #endif 02245 02246 struct block * 02247 gen_proto_abbrev(proto) 02248 int proto; 02249 { 02250 #ifdef INET6 02251 struct block *b0; 02252 #endif 02253 struct block *b1; 02254 02255 switch (proto) { 02256 02257 case Q_SCTP: 02258 b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); 02259 #ifdef INET6 02260 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); 02261 gen_or(b0, b1); 02262 #endif 02263 break; 02264 02265 case Q_TCP: 02266 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 02267 #ifdef INET6 02268 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 02269 gen_or(b0, b1); 02270 #endif 02271 break; 02272 02273 case Q_UDP: 02274 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 02275 #ifdef INET6 02276 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 02277 gen_or(b0, b1); 02278 #endif 02279 break; 02280 02281 case Q_ICMP: 02282 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 02283 break; 02284 02285 #ifndef IPPROTO_IGMP 02286 #define IPPROTO_IGMP 2 02287 #endif 02288 02289 case Q_IGMP: 02290 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 02291 break; 02292 02293 #ifndef IPPROTO_IGRP 02294 #define IPPROTO_IGRP 9 02295 #endif 02296 case Q_IGRP: 02297 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 02298 break; 02299 02300 #ifndef IPPROTO_PIM 02301 #define IPPROTO_PIM 103 02302 #endif 02303 02304 case Q_PIM: 02305 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 02306 #ifdef INET6 02307 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 02308 gen_or(b0, b1); 02309 #endif 02310 break; 02311 02312 #ifndef IPPROTO_VRRP 02313 #define IPPROTO_VRRP 112 02314 #endif 02315 02316 case Q_VRRP: 02317 b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT); 02318 break; 02319 02320 case Q_IP: 02321 b1 = gen_linktype(ETHERTYPE_IP); 02322 break; 02323 02324 case Q_ARP: 02325 b1 = gen_linktype(ETHERTYPE_ARP); 02326 break; 02327 02328 case Q_RARP: 02329 b1 = gen_linktype(ETHERTYPE_REVARP); 02330 break; 02331 02332 case Q_LINK: 02333 bpf_error("link layer applied in wrong context"); 02334 02335 case Q_ATALK: 02336 b1 = gen_linktype(ETHERTYPE_ATALK); 02337 break; 02338 02339 case Q_AARP: 02340 b1 = gen_linktype(ETHERTYPE_AARP); 02341 break; 02342 02343 case Q_DECNET: 02344 b1 = gen_linktype(ETHERTYPE_DN); 02345 break; 02346 02347 case Q_SCA: 02348 b1 = gen_linktype(ETHERTYPE_SCA); 02349 break; 02350 02351 case Q_LAT: 02352 b1 = gen_linktype(ETHERTYPE_LAT); 02353 break; 02354 02355 case Q_MOPDL: 02356 b1 = gen_linktype(ETHERTYPE_MOPDL); 02357 break; 02358 02359 case Q_MOPRC: 02360 b1 = gen_linktype(ETHERTYPE_MOPRC); 02361 break; 02362 02363 #ifdef INET6 02364 case Q_IPV6: 02365 b1 = gen_linktype(ETHERTYPE_IPV6); 02366 break; 02367 02368 #ifndef IPPROTO_ICMPV6 02369 #define IPPROTO_ICMPV6 58 02370 #endif 02371 case Q_ICMPV6: 02372 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 02373 break; 02374 #endif /* INET6 */ 02375 02376 #ifndef IPPROTO_AH 02377 #define IPPROTO_AH 51 02378 #endif 02379 case Q_AH: 02380 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 02381 #ifdef INET6 02382 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 02383 gen_or(b0, b1); 02384 #endif 02385 break; 02386 02387 #ifndef IPPROTO_ESP 02388 #define IPPROTO_ESP 50 02389 #endif 02390 case Q_ESP: 02391 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 02392 #ifdef INET6 02393 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 02394 gen_or(b0, b1); 02395 #endif 02396 break; 02397 02398 case Q_ISO: 02399 b1 = gen_linktype(LLCSAP_ISONS); 02400 break; 02401 02402 case Q_ESIS: 02403 b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT); 02404 break; 02405 02406 case Q_ISIS: 02407 b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT); 02408 break; 02409 02410 case Q_CLNP: 02411 b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT); 02412 break; 02413 02414 case Q_STP: 02415 b1 = gen_linktype(LLCSAP_8021D); 02416 break; 02417 02418 case Q_IPX: 02419 b1 = gen_linktype(LLCSAP_IPX); 02420 break; 02421 02422 case Q_NETBEUI: 02423 b1 = gen_linktype(LLCSAP_NETBEUI); 02424 break; 02425 02426 default: 02427 abort(); 02428 } 02429 return b1; 02430 } 02431 02432 static struct block * 02433 gen_ipfrag() 02434 { 02435 struct slist *s; 02436 struct block *b; 02437 02438 /* not ip frag */ 02439 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 02440 s->s.k = off_nl + 6; 02441 b = new_block(JMP(BPF_JSET)); 02442 b->s.k = 0x1fff; 02443 b->stmts = s; 02444 gen_not(b); 02445 02446 return b; 02447 } 02448 02449 static struct block * 02450 gen_portatom(off, v) 02451 int off; 02452 bpf_int32 v; 02453 { 02454 struct slist *s; 02455 struct block *b; 02456 02457 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 02458 s->s.k = off_nl; 02459 02460 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 02461 s->next->s.k = off_nl + off; 02462 02463 b = new_block(JMP(BPF_JEQ)); 02464 b->stmts = s; 02465 b->s.k = v; 02466 02467 return b; 02468 } 02469 02470 #ifdef INET6 02471 static struct block * 02472 gen_portatom6(off, v) 02473 int off; 02474 bpf_int32 v; 02475 { 02476 return gen_cmp(off_nl + 40 + off, BPF_H, v); 02477 } 02478 #endif/*INET6*/ 02479 02480 struct block * 02481 gen_portop(port, proto, dir) 02482 int port, proto, dir; 02483 { 02484 struct block *b0, *b1, *tmp; 02485 02486 /* ip proto 'proto' */ 02487 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 02488 b0 = gen_ipfrag(); 02489 gen_and(tmp, b0); 02490 02491 switch (dir) { 02492 case Q_SRC: 02493 b1 = gen_portatom(0, (bpf_int32)port); 02494 break; 02495 02496 case Q_DST: 02497 b1 = gen_portatom(2, (bpf_int32)port); 02498 break; 02499 02500 case Q_OR: 02501 case Q_DEFAULT: 02502 tmp = gen_portatom(0, (bpf_int32)port); 02503 b1 = gen_portatom(2, (bpf_int32)port); 02504 gen_or(tmp, b1); 02505 break; 02506 02507 case Q_AND: 02508 tmp = gen_portatom(0, (bpf_int32)port); 02509 b1 = gen_portatom(2, (bpf_int32)port); 02510 gen_and(tmp, b1); 02511 break; 02512 02513 default: 02514 abort(); 02515 } 02516 gen_and(b0, b1); 02517 02518 return b1; 02519 } 02520 02521 static struct block * 02522 gen_port(port, ip_proto, dir) 02523 int port; 02524 int ip_proto; 02525 int dir; 02526 { 02527 struct block *b0, *b1, *tmp; 02528 02529 /* ether proto ip */ 02530 b0 = gen_linktype(ETHERTYPE_IP); 02531 02532 switch (ip_proto) { 02533 case IPPROTO_UDP: 02534 case IPPROTO_TCP: 02535 case IPPROTO_SCTP: 02536 b1 = gen_portop(port, ip_proto, dir); 02537 break; 02538 02539 case PROTO_UNDEF: 02540 tmp = gen_portop(port, IPPROTO_TCP, dir); 02541 b1 = gen_portop(port, IPPROTO_UDP, dir); 02542 gen_or(tmp, b1); 02543 tmp = gen_portop(port, IPPROTO_SCTP, dir); 02544 gen_or(tmp, b1); 02545 break; 02546 02547 default: 02548 abort(); 02549 } 02550 gen_and(b0, b1); 02551 return b1; 02552 } 02553 02554 #ifdef INET6 02555 struct block * 02556 gen_portop6(port, proto, dir) 02557 int port, proto, dir; 02558 { 02559 struct block *b0, *b1, *tmp; 02560 02561 /* ip proto 'proto' */ 02562 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 02563 02564 switch (dir) { 02565 case Q_SRC: 02566 b1 = gen_portatom6(0, (bpf_int32)port); 02567 break; 02568 02569 case Q_DST: 02570 b1 = gen_portatom6(2, (bpf_int32)port); 02571 break; 02572 02573 case Q_OR: 02574 case Q_DEFAULT: 02575 tmp = gen_portatom6(0, (bpf_int32)port); 02576 b1 = gen_portatom6(2, (bpf_int32)port); 02577 gen_or(tmp, b1); 02578 break; 02579 02580 case Q_AND: 02581 tmp = gen_portatom6(0, (bpf_int32)port); 02582 b1 = gen_portatom6(2, (bpf_int32)port); 02583 gen_and(tmp, b1); 02584 break; 02585 02586 default: 02587 abort(); 02588 } 02589 gen_and(b0, b1); 02590 02591 return b1; 02592 } 02593 02594 static struct block * 02595 gen_port6(port, ip_proto, dir) 02596 int port; 02597 int ip_proto; 02598 int dir; 02599 { 02600 struct block *b0, *b1, *tmp; 02601 02602 /* ether proto ip */ 02603 b0 = gen_linktype(ETHERTYPE_IPV6); 02604 02605 switch (ip_proto) { 02606 case IPPROTO_UDP: 02607 case IPPROTO_TCP: 02608 case IPPROTO_SCTP: 02609 b1 = gen_portop6(port, ip_proto, dir); 02610 break; 02611 02612 case PROTO_UNDEF: 02613 tmp = gen_portop6(port, IPPROTO_TCP, dir); 02614 b1 = gen_portop6(port, IPPROTO_UDP, dir); 02615 gen_or(tmp, b1); 02616 tmp = gen_portop6(port, IPPROTO_SCTP, dir); 02617 gen_or(tmp, b1); 02618 break; 02619 02620 default: 02621 abort(); 02622 } 02623 gen_and(b0, b1); 02624 return b1; 02625 } 02626 #endif /* INET6 */ 02627 02628 static int 02629 lookup_proto(name, proto) 02630 register const char *name; 02631 register int proto; 02632 { 02633 register int v; 02634 02635 switch (proto) { 02636 02637 case Q_DEFAULT: 02638 case Q_IP: 02639 case Q_IPV6: 02640 v = pcap_nametoproto(name); 02641 if (v == PROTO_UNDEF) 02642 bpf_error("unknown ip proto '%s'", name); 02643 break; 02644 02645 case Q_LINK: 02646 /* XXX should look up h/w protocol type based on linktype */ 02647 v = pcap_nametoeproto(name); 02648 if (v == PROTO_UNDEF) 02649 bpf_error("unknown ether proto '%s'", name); 02650 break; 02651 02652 case Q_ISO: 02653 if (strcmp(name, "esis") == 0) 02654 v = ISO9542_ESIS; 02655 else if (strcmp(name, "isis") == 0) 02656 v = ISO10589_ISIS; 02657 else if (strcmp(name, "clnp") == 0) 02658 v = ISO8473_CLNP; 02659 else 02660 bpf_error("unknown osi proto '%s'", name); 02661 break; 02662 02663 default: 02664 v = PROTO_UNDEF; 02665 break; 02666 } 02667 return v; 02668 } 02669 02670 #if 0 02671 struct stmt * 02672 gen_joinsp(s, n) 02673 struct stmt **s; 02674 int n; 02675 { 02676 return NULL; 02677 } 02678 #endif 02679 02680 static struct block * 02681 gen_protochain(v, proto, dir) 02682 int v; 02683 int proto; 02684 int dir; 02685 { 02686 #ifdef NO_PROTOCHAIN 02687 return gen_proto(v, proto, dir); 02688 #else 02689 struct block *b0, *b; 02690 struct slist *s[100]; 02691 int fix2, fix3, fix4, fix5; 02692 int ahcheck, again, end; 02693 int i, max; 02694 int reg2 = alloc_reg(); 02695 02696 memset(s, 0, sizeof(s)); 02697 fix2 = fix3 = fix4 = fix5 = 0; 02698 02699 switch (proto) { 02700 case Q_IP: 02701 case Q_IPV6: 02702 break; 02703 case Q_DEFAULT: 02704 b0 = gen_protochain(v, Q_IP, dir); 02705 b = gen_protochain(v, Q_IPV6, dir); 02706 gen_or(b0, b); 02707 return b; 02708 default: 02709 bpf_error("bad protocol applied for 'protochain'"); 02710 /*NOTREACHED*/ 02711 } 02712 02713 no_optimize = 1; /*this code is not compatible with optimzer yet */ 02714 02715 /* 02716 * s[0] is a dummy entry to protect other BPF insn from damaged 02717 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 02718 * hard to find interdependency made by jump table fixup. 02719 */ 02720 i = 0; 02721 s[i] = new_stmt(0); /*dummy*/ 02722 i++; 02723 02724 switch (proto) { 02725 case Q_IP: 02726 b0 = gen_linktype(ETHERTYPE_IP); 02727 02728 /* A = ip->ip_p */ 02729 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 02730 s[i]->s.k = off_nl + 9; 02731 i++; 02732 /* X = ip->ip_hl << 2 */ 02733 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 02734 s[i]->s.k = off_nl; 02735 i++; 02736 break; 02737 #ifdef INET6 02738 case Q_IPV6: 02739 b0 = gen_linktype(ETHERTYPE_IPV6); 02740 02741 /* A = ip6->ip_nxt */ 02742 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 02743 s[i]->s.k = off_nl + 6; 02744 i++; 02745 /* X = sizeof(struct ip6_hdr) */ 02746 s[i] = new_stmt(BPF_LDX|BPF_IMM); 02747 s[i]->s.k = 40; 02748 i++; 02749 break; 02750 #endif 02751 default: 02752 bpf_error("unsupported proto to gen_protochain"); 02753 /*NOTREACHED*/ 02754 } 02755 02756 /* again: if (A == v) goto end; else fall through; */ 02757 again = i; 02758 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 02759 s[i]->s.k = v; 02760 s[i]->s.jt = NULL; /*later*/ 02761 s[i]->s.jf = NULL; /*update in next stmt*/ 02762 fix5 = i; 02763 i++; 02764 02765 #ifndef IPPROTO_NONE 02766 #define IPPROTO_NONE 59 02767 #endif 02768 /* if (A == IPPROTO_NONE) goto end */ 02769 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 02770 s[i]->s.jt = NULL; /*later*/ 02771 s[i]->s.jf = NULL; /*update in next stmt*/ 02772 s[i]->s.k = IPPROTO_NONE; 02773 s[fix5]->s.jf = s[i]; 02774 fix2 = i; 02775 i++; 02776 02777 #ifdef INET6 02778 if (proto == Q_IPV6) { 02779 int v6start, v6end, v6advance, j; 02780 02781 v6start = i; 02782 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 02783 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 02784 s[i]->s.jt = NULL; /*later*/ 02785 s[i]->s.jf = NULL; /*update in next stmt*/ 02786 s[i]->s.k = IPPROTO_HOPOPTS; 02787 s[fix2]->s.jf = s[i]; 02788 i++; 02789 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 02790 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 02791 s[i]->s.jt = NULL; /*later*/ 02792 s[i]->s.jf = NULL; /*update in next stmt*/ 02793 s[i]->s.k = IPPROTO_DSTOPTS; 02794 i++; 02795 /* if (A == IPPROTO_ROUTING) goto v6advance */ 02796 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 02797 s[i]->s.jt = NULL; /*later*/ 02798 s[i]->s.jf = NULL; /*update in next stmt*/ 02799 s[i]->s.k = IPPROTO_ROUTING; 02800 i++; 02801 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 02802 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 02803 s[i]->s.jt = NULL; /*later*/ 02804 s[i]->s.jf = NULL; /*later*/ 02805 s[i]->s.k = IPPROTO_FRAGMENT; 02806 fix3 = i; 02807 v6end = i; 02808 i++; 02809 02810 /* v6advance: */ 02811 v6advance = i; 02812 02813 /* 02814 * in short, 02815 * A = P[X]; 02816 * X = X + (P[X + 1] + 1) * 8; 02817 */ 02818 /* A = X */ 02819 s[i] = new_stmt(BPF_MISC|BPF_TXA); 02820 i++; 02821 /* A = P[X + packet head] */ 02822 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 02823 s[i]->s.k = off_nl; 02824 i++; 02825 /* MEM[reg2] = A */ 02826 s[i] = new_stmt(BPF_ST); 02827 s[i]->s.k = reg2; 02828 i++; 02829 /* A = X */ 02830 s[i] = new_stmt(BPF_MISC|BPF_TXA); 02831 i++; 02832 /* A += 1 */ 02833 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 02834 s[i]->s.k = 1; 02835 i++; 02836 /* X = A */ 02837 s[i] = new_stmt(BPF_MISC|BPF_TAX); 02838 i++; 02839 /* A = P[X + packet head]; */ 02840 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 02841 s[i]->s.k = off_nl; 02842 i++; 02843 /* A += 1 */ 02844 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 02845 s[i]->s.k = 1; 02846 i++; 02847 /* A *= 8 */ 02848 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 02849 s[i]->s.k = 8; 02850 i++; 02851 /* X = A; */ 02852 s[i] = new_stmt(BPF_MISC|BPF_TAX); 02853 i++; 02854 /* A = MEM[reg2] */ 02855 s[i] = new_stmt(BPF_LD|BPF_MEM); 02856 s[i]->s.k = reg2; 02857 i++; 02858 02859 /* goto again; (must use BPF_JA for backward jump) */ 02860 s[i] = new_stmt(BPF_JMP|BPF_JA); 02861 s[i]->s.k = again - i - 1; 02862 s[i - 1]->s.jf = s[i]; 02863 i++; 02864 02865 /* fixup */ 02866 for (j = v6start; j <= v6end; j++) 02867 s[j]->s.jt = s[v6advance]; 02868 } else 02869 #endif 02870 { 02871 /* nop */ 02872 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 02873 s[i]->s.k = 0; 02874 s[fix2]->s.jf = s[i]; 02875 i++; 02876 } 02877 02878 /* ahcheck: */ 02879 ahcheck = i; 02880 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 02881 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 02882 s[i]->s.jt = NULL; /*later*/ 02883 s[i]->s.jf = NULL; /*later*/ 02884 s[i]->s.k = IPPROTO_AH; 02885 if (fix3) 02886 s[fix3]->s.jf = s[ahcheck]; 02887 fix4 = i; 02888 i++; 02889 02890 /* 02891 * in short, 02892 * A = P[X]; 02893 * X = X + (P[X + 1] + 2) * 4; 02894 */ 02895 /* A = X */ 02896 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 02897 i++; 02898 /* A = P[X + packet head]; */ 02899 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 02900 s[i]->s.k = off_nl; 02901 i++; 02902 /* MEM[reg2] = A */ 02903 s[i] = new_stmt(BPF_ST); 02904 s[i]->s.k = reg2; 02905 i++; 02906 /* A = X */ 02907 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 02908 i++; 02909 /* A += 1 */ 02910 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 02911 s[i]->s.k = 1; 02912 i++; 02913 /* X = A */ 02914 s[i] = new_stmt(BPF_MISC|BPF_TAX); 02915 i++; 02916 /* A = P[X + packet head] */ 02917 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 02918 s[i]->s.k = off_nl; 02919 i++; 02920 /* A += 2 */ 02921 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 02922 s[i]->s.k = 2; 02923 i++; 02924 /* A *= 4 */ 02925 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 02926 s[i]->s.k = 4; 02927 i++; 02928 /* X = A; */ 02929 s[i] = new_stmt(BPF_MISC|BPF_TAX); 02930 i++; 02931 /* A = MEM[reg2] */ 02932 s[i] = new_stmt(BPF_LD|BPF_MEM); 02933 s[i]->s.k = reg2; 02934 i++; 02935 02936 /* goto again; (must use BPF_JA for backward jump) */ 02937 s[i] = new_stmt(BPF_JMP|BPF_JA); 02938 s[i]->s.k = again - i - 1; 02939 i++; 02940 02941 /* end: nop */ 02942 end = i; 02943 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 02944 s[i]->s.k = 0; 02945 s[fix2]->s.jt = s[end]; 02946 s[fix4]->s.jf = s[end]; 02947 s[fix5]->s.jt = s[end]; 02948 i++; 02949 02950 /* 02951 * make slist chain 02952 */ 02953 max = i; 02954 for (i = 0; i < max - 1; i++) 02955 s[i]->next = s[i + 1]; 02956 s[max - 1]->next = NULL; 02957 02958 /* 02959 * emit final check 02960 */ 02961 b = new_block(JMP(BPF_JEQ)); 02962 b->stmts = s[1]; /*remember, s[0] is dummy*/ 02963 b->s.k = v; 02964 02965 free_reg(reg2); 02966 02967 gen_and(b0, b); 02968 return b; 02969 #endif 02970 } 02971 02972 static struct block * 02973 gen_proto(v, proto, dir) 02974 int v; 02975 int proto; 02976 int dir; 02977 { 02978 struct block *b0, *b1; 02979 02980 if (dir != Q_DEFAULT) 02981 bpf_error("direction applied to 'proto'"); 02982 02983 switch (proto) { 02984 case Q_DEFAULT: 02985 #ifdef INET6 02986 b0 = gen_proto(v, Q_IP, dir); 02987 b1 = gen_proto(v, Q_IPV6, dir); 02988 gen_or(b0, b1); 02989 return b1; 02990 #else 02991 /*FALLTHROUGH*/ 02992 #endif 02993 case Q_IP: 02994 b0 = gen_linktype(ETHERTYPE_IP); 02995 #ifndef CHASE_CHAIN 02996 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 02997 #else 02998 b1 = gen_protochain(v, Q_IP); 02999 #endif 03000 gen_and(b0, b1); 03001 return b1; 03002 03003 case Q_ISO: 03004 switch (linktype) { 03005 03006 case DLT_FRELAY: 03007 /* 03008 * Frame Relay packets typically have an OSI 03009 * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)" 03010 * generates code to check for all the OSI 03011 * NLPIDs, so calling it and then adding a check 03012 * for the particular NLPID for which we're 03013 * looking is bogus, as we can just check for 03014 * the NLPID. 03015 * 03016 * What we check for is the NLPID and a frame 03017 * control field value of UI, i.e. 0x03 followed 03018 * by the NLPID. 03019 * 03020 * XXX - assumes a 2-byte Frame Relay header with 03021 * DLCI and flags. What if the address is longer? 03022 * 03023 * XXX - what about SNAP-encapsulated frames? 03024 */ 03025 return gen_cmp(2, BPF_H, (0x03<<8) | v); 03026 break; 03027 03028 default: 03029 b0 = gen_linktype(LLCSAP_ISONS); 03030 b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v); 03031 gen_and(b0, b1); 03032 return b1; 03033 } 03034 03035 case Q_ARP: 03036 bpf_error("arp does not encapsulate another protocol"); 03037 /* NOTREACHED */ 03038 03039 case Q_RARP: 03040 bpf_error("rarp does not encapsulate another protocol"); 03041 /* NOTREACHED */ 03042 03043 case Q_ATALK: 03044 bpf_error("atalk encapsulation is not specifiable"); 03045 /* NOTREACHED */ 03046 03047 case Q_DECNET: 03048 bpf_error("decnet encapsulation is not specifiable"); 03049 /* NOTREACHED */ 03050 03051 case Q_SCA: 03052 bpf_error("sca does not encapsulate another protocol"); 03053 /* NOTREACHED */ 03054 03055 case Q_LAT: 03056 bpf_error("lat does not encapsulate another protocol"); 03057 /* NOTREACHED */ 03058 03059 case Q_MOPRC: 03060 bpf_error("moprc does not encapsulate another protocol"); 03061 /* NOTREACHED */ 03062 03063 case Q_MOPDL: 03064 bpf_error("mopdl does not encapsulate another protocol"); 03065 /* NOTREACHED */ 03066 03067 case Q_LINK: 03068 return gen_linktype(v); 03069 03070 case Q_UDP: 03071 bpf_error("'udp proto' is bogus"); 03072 /* NOTREACHED */ 03073 03074 case Q_TCP: 03075 bpf_error("'tcp proto' is bogus"); 03076 /* NOTREACHED */ 03077 03078 case Q_SCTP: 03079 bpf_error("'sctp proto' is bogus"); 03080 /* NOTREACHED */ 03081 03082 case Q_ICMP: 03083 bpf_error("'icmp proto' is bogus"); 03084 /* NOTREACHED */ 03085 03086 case Q_IGMP: 03087 bpf_error("'igmp proto' is bogus"); 03088 /* NOTREACHED */ 03089 03090 case Q_IGRP: 03091 bpf_error("'igrp proto' is bogus"); 03092 /* NOTREACHED */ 03093 03094 case Q_PIM: 03095 bpf_error("'pim proto' is bogus"); 03096 /* NOTREACHED */ 03097 03098 case Q_VRRP: 03099 bpf_error("'vrrp proto' is bogus"); 03100 /* NOTREACHED */ 03101 03102 #ifdef INET6 03103 case Q_IPV6: 03104 b0 = gen_linktype(ETHERTYPE_IPV6); 03105 #ifndef CHASE_CHAIN 03106 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 03107 #else 03108 b1 = gen_protochain(v, Q_IPV6); 03109 #endif 03110 gen_and(b0, b1); 03111 return b1; 03112 03113 case Q_ICMPV6: 03114 bpf_error("'icmp6 proto' is bogus"); 03115 #endif /* INET6 */ 03116 03117 case Q_AH: 03118 bpf_error("'ah proto' is bogus"); 03119 03120 case Q_ESP: 03121 bpf_error("'ah proto' is bogus"); 03122 03123 case Q_STP: 03124 bpf_error("'stp proto' is bogus"); 03125 03126 case Q_IPX: 03127 bpf_error("'ipx proto' is bogus"); 03128 03129 case Q_NETBEUI: 03130 bpf_error("'netbeui proto' is bogus"); 03131 03132 default: 03133 abort(); 03134 /* NOTREACHED */ 03135 } 03136 /* NOTREACHED */ 03137 } 03138 03139 struct block * 03140 gen_scode(name, q) 03141 register const char *name; 03142 struct qual q; 03143 { 03144 int proto = q.proto; 03145 int dir = q.dir; 03146 int tproto; 03147 u_char *eaddr; 03148 bpf_u_int32 mask, addr; 03149 #ifndef INET6 03150 bpf_u_int32 **alist; 03151 #else 03152 int tproto6; 03153 struct sockaddr_in *sin; 03154 struct sockaddr_in6 *sin6; 03155 struct addrinfo *res, *res0; 03156 struct in6_addr mask128; 03157 #endif /*INET6*/ 03158 struct block *b, *tmp; 03159 int port, real_proto; 03160 03161 switch (q.addr) { 03162 03163 case Q_NET: 03164 addr = pcap_nametonetaddr(name); 03165 if (addr == 0) 03166 bpf_error("unknown network '%s'", name); 03167 /* Left justify network addr and calculate its network mask */ 03168 mask = 0xffffffff; 03169 while (addr && (addr & 0xff000000) == 0) { 03170 addr <<= 8; 03171 mask <<= 8; 03172 } 03173 return gen_host(addr, mask, proto, dir); 03174 03175 case Q_DEFAULT: 03176 case Q_HOST: 03177 if (proto == Q_LINK) { 03178 switch (linktype) { 03179 03180 case DLT_EN10MB: 03181 eaddr = pcap_ether_hostton(name); 03182 if (eaddr == NULL) 03183 bpf_error( 03184 "unknown ether host '%s'", name); 03185 b = gen_ehostop(eaddr, dir); 03186 free(eaddr); 03187 return b; 03188 03189 case DLT_FDDI: 03190 eaddr = pcap_ether_hostton(name); 03191 if (eaddr == NULL) 03192 bpf_error( 03193 "unknown FDDI host '%s'", name); 03194 b = gen_fhostop(eaddr, dir); 03195 free(eaddr); 03196 return b; 03197 03198 case DLT_IEEE802: 03199 eaddr = pcap_ether_hostton(name); 03200 if (eaddr == NULL) 03201 bpf_error( 03202 "unknown token ring host '%s'", name); 03203 b = gen_thostop(eaddr, dir); 03204 free(eaddr); 03205 return b; 03206 03207 default: 03208 bpf_error( 03209 "only ethernet/FDDI/token ring supports link-level host name"); 03210 break; 03211 } 03212 } else if (proto == Q_DECNET) { 03213 unsigned short dn_addr = __pcap_nametodnaddr(name); 03214 /* 03215 * I don't think DECNET hosts can be multihomed, so 03216 * there is no need to build up a list of addresses 03217 */ 03218 return (gen_host(dn_addr, 0, proto, dir)); 03219 } else { 03220 #ifndef INET6 03221 alist = pcap_nametoaddr(name); 03222 if (alist == NULL || *alist == NULL) 03223 bpf_error("unknown host '%s'", name); 03224 tproto = proto; 03225 if (off_linktype == -1 && tproto == Q_DEFAULT) 03226 tproto = Q_IP; 03227 b = gen_host(**alist++, 0xffffffff, tproto, dir); 03228 while (*alist) { 03229 tmp = gen_host(**alist++, 0xffffffff, 03230 tproto, dir); 03231 gen_or(b, tmp); 03232 b = tmp; 03233 } 03234 return b; 03235 #else 03236 memset(&mask128, 0xff, sizeof(mask128)); 03237 res0 = res = pcap_nametoaddrinfo(name); 03238 if (res == NULL) 03239 bpf_error("unknown host '%s'", name); 03240 b = tmp = NULL; 03241 tproto = tproto6 = proto; 03242 if (off_linktype == -1 && tproto == Q_DEFAULT) { 03243 tproto = Q_IP; 03244 tproto6 = Q_IPV6; 03245 } 03246 for (res = res0; res; res = res->ai_next) { 03247 switch (res->ai_family) { 03248 case AF_INET: 03249 if (tproto == Q_IPV6) 03250 continue; 03251 03252 sin = (struct sockaddr_in *) 03253 res->ai_addr; 03254 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 03255 0xffffffff, tproto, dir); 03256 break; 03257 case AF_INET6: 03258 if (tproto6 == Q_IP) 03259 continue; 03260 03261 sin6 = (struct sockaddr_in6 *) 03262 res->ai_addr; 03263 tmp = gen_host6(&sin6->sin6_addr, 03264 &mask128, tproto6, dir); 03265 break; 03266 default: 03267 continue; 03268 } 03269 if (b) 03270 gen_or(b, tmp); 03271 b = tmp; 03272 } 03273 freeaddrinfo(res0); 03274 if (b == NULL) { 03275 bpf_error("unknown host '%s'%s", name, 03276 (proto == Q_DEFAULT) 03277 ? "" 03278 : " for specified address family"); 03279 } 03280 return b; 03281 #endif /*INET6*/ 03282 } 03283 03284 case Q_PORT: 03285 if (proto != Q_DEFAULT && 03286 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 03287 bpf_error("illegal qualifier of 'port'"); 03288 if (pcap_nametoport(name, &port, &real_proto) == 0) 03289 bpf_error("unknown port '%s'", name); 03290 if (proto == Q_UDP) { 03291 if (real_proto == IPPROTO_TCP) 03292 bpf_error("port '%s' is tcp", name); 03293 else if (real_proto == IPPROTO_SCTP) 03294 bpf_error("port '%s' is sctp", name); 03295 else 03296 /* override PROTO_UNDEF */ 03297 real_proto = IPPROTO_UDP; 03298 } 03299 if (proto == Q_TCP) { 03300 if (real_proto == IPPROTO_UDP) 03301 bpf_error("port '%s' is udp", name); 03302 03303 else if (real_proto == IPPROTO_SCTP) 03304 bpf_error("port '%s' is sctp", name); 03305 else 03306 /* override PROTO_UNDEF */ 03307 real_proto = IPPROTO_TCP; 03308 } 03309 if (proto == Q_SCTP) { 03310 if (real_proto == IPPROTO_UDP) 03311 bpf_error("port '%s' is udp", name); 03312 03313 else if (real_proto == IPPROTO_TCP) 03314 bpf_error("port '%s' is tcp", name); 03315 else 03316 /* override PROTO_UNDEF */ 03317 real_proto = IPPROTO_SCTP; 03318 } 03319 #ifndef INET6 03320 return gen_port(port, real_proto, dir); 03321 #else 03322 { 03323 struct block *b; 03324 b = gen_port(port, real_proto, dir); 03325 gen_or(gen_port6(port, real_proto, dir), b); 03326 return b; 03327 } 03328 #endif /* INET6 */ 03329 03330 case Q_GATEWAY: 03331 #ifndef INET6 03332 eaddr = pcap_ether_hostton(name); 03333 if (eaddr == NULL) 03334 bpf_error("unknown ether host: %s", name); 03335 03336 alist = pcap_nametoaddr(name); 03337 if (alist == NULL || *alist == NULL) 03338 bpf_error("unknown host '%s'", name); 03339 b = gen_gateway(eaddr, alist, proto, dir); 03340 free(eaddr); 03341 return b; 03342 #else 03343 bpf_error("'gateway' not supported in this configuration"); 03344 #endif /*INET6*/ 03345 03346 case Q_PROTO: 03347 real_proto = lookup_proto(name, proto); 03348 if (real_proto >= 0) 03349 return gen_proto(real_proto, proto, dir); 03350 else 03351 bpf_error("unknown protocol: %s", name); 03352 03353 case Q_PROTOCHAIN: 03354 real_proto = lookup_proto(name, proto); 03355 if (real_proto >= 0) 03356 return gen_protochain(real_proto, proto, dir); 03357 else 03358 bpf_error("unknown protocol: %s", name); 03359 03360 03361 case Q_UNDEF: 03362 syntax(); 03363 /* NOTREACHED */ 03364 } 03365 abort(); 03366 /* NOTREACHED */ 03367 } 03368 03369 struct block * 03370 gen_mcode(s1, s2, masklen, q) 03371 register const char *s1, *s2; 03372 register int masklen; 03373 struct qual q; 03374 { 03375 register int nlen, mlen; 03376 bpf_u_int32 n, m; 03377 03378 nlen = __pcap_atoin(s1, &n); 03379 /* Promote short ipaddr */ 03380 n <<= 32 - nlen; 03381 03382 if (s2 != NULL) { 03383 mlen = __pcap_atoin(s2, &m); 03384 /* Promote short ipaddr */ 03385 m <<= 32 - mlen; 03386 if ((n & ~m) != 0) 03387 bpf_error("non-network bits set in \"%s mask %s\"", 03388 s1, s2); 03389 } else { 03390 /* Convert mask len to mask */ 03391 if (masklen > 32) 03392 bpf_error("mask length must be <= 32"); 03393 m = 0xffffffff << (32 - masklen); 03394 if ((n & ~m) != 0) 03395 bpf_error("non-network bits set in \"%s/%d\"", 03396 s1, masklen); 03397 } 03398 03399 switch (q.addr) { 03400 03401 case Q_NET: 03402 return gen_host(n, m, q.proto, q.dir); 03403 03404 default: 03405 bpf_error("Mask syntax for networks only"); 03406 /* NOTREACHED */ 03407 } 03408 } 03409 03410 struct block * 03411 gen_ncode(s, v, q) 03412 register const char *s; 03413 bpf_u_int32 v; 03414 struct qual q; 03415 { 03416 bpf_u_int32 mask; 03417 int proto = q.proto; 03418 int dir = q.dir; 03419 register int vlen; 03420 03421 if (s == NULL) 03422 vlen = 32; 03423 else if (q.proto == Q_DECNET) 03424 vlen = __pcap_atodn(s, &v); 03425 else 03426 vlen = __pcap_atoin(s, &v); 03427 03428 switch (q.addr) { 03429 03430 case Q_DEFAULT: 03431 case Q_HOST: 03432 case Q_NET: 03433 if (proto == Q_DECNET) 03434 return gen_host(v, 0, proto, dir); 03435 else if (proto == Q_LINK) { 03436 bpf_error("illegal link layer address"); 03437 } else { 03438 mask = 0xffffffff; 03439 if (s == NULL && q.addr == Q_NET) { 03440 /* Promote short net number */ 03441 while (v && (v & 0xff000000) == 0) { 03442 v <<= 8; 03443 mask <<= 8; 03444 } 03445 } else { 03446 /* Promote short ipaddr */ 03447 v <<= 32 - vlen; 03448 mask <<= 32 - vlen; 03449 } 03450 return gen_host(v, mask, proto, dir); 03451 } 03452 03453 case Q_PORT: 03454 if (proto == Q_UDP) 03455 proto = IPPROTO_UDP; 03456 else if (proto == Q_TCP) 03457 proto = IPPROTO_TCP; 03458 else if (proto == Q_SCTP) 03459 proto = IPPROTO_SCTP; 03460 else if (proto == Q_DEFAULT) 03461 proto = PROTO_UNDEF; 03462 else 03463 bpf_error("illegal qualifier of 'port'"); 03464 03465 #ifndef INET6 03466 return gen_port((int)v, proto, dir); 03467 #else 03468 { 03469 struct block *b; 03470 b = gen_port((int)v, proto, dir); 03471 gen_or(gen_port6((int)v, proto, dir), b); 03472 return b; 03473 } 03474 #endif /* INET6 */ 03475 03476 case Q_GATEWAY: 03477 bpf_error("'gateway' requires a name"); 03478 /* NOTREACHED */ 03479 03480 case Q_PROTO: 03481 return gen_proto((int)v, proto, dir); 03482 03483 case Q_PROTOCHAIN: 03484 return gen_protochain((int)v, proto, dir); 03485 03486 case Q_UNDEF: 03487 syntax(); 03488 /* NOTREACHED */ 03489 03490 default: 03491 abort(); 03492 /* NOTREACHED */ 03493 } 03494 /* NOTREACHED */ 03495 } 03496 03497 #ifdef INET6 03498 struct block * 03499 gen_mcode6(s1, s2, masklen, q) 03500 register const char *s1, *s2; 03501 register int masklen; 03502 struct qual q; 03503 { 03504 struct addrinfo *res; 03505 struct in6_addr *addr; 03506 struct in6_addr mask; 03507 struct block *b; 03508 u_int32_t *a, *m; 03509 03510 if (s2) 03511 bpf_error("no mask %s supported", s2); 03512 03513 res = pcap_nametoaddrinfo(s1); 03514 if (!res) 03515 bpf_error("invalid ip6 address %s", s1); 03516 if (res->ai_next) 03517 bpf_error("%s resolved to multiple address", s1); 03518 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 03519 03520 if (sizeof(mask) * 8 < masklen) 03521 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 03522 memset(&mask, 0, sizeof(mask)); 03523 memset(&mask, 0xff, masklen / 8); 03524 if (masklen % 8) { 03525 mask.s6_addr[masklen / 8] = 03526 (0xff << (8 - masklen % 8)) & 0xff; 03527 } 03528 03529 a = (u_int32_t *)addr; 03530 m = (u_int32_t *)&mask; 03531 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 03532 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 03533 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 03534 } 03535 03536 switch (q.addr) { 03537 03538 case Q_DEFAULT: 03539 case Q_HOST: 03540 if (masklen != 128) 03541 bpf_error("Mask syntax for networks only"); 03542 /* FALLTHROUGH */ 03543 03544 case Q_NET: 03545 b = gen_host6(addr, &mask, q.proto, q.dir); 03546 freeaddrinfo(res); 03547 return b; 03548 03549 default: 03550 bpf_error("invalid qualifier against IPv6 address"); 03551 /* NOTREACHED */ 03552 } 03553 } 03554 #endif /*INET6*/ 03555 03556 struct block * 03557 gen_ecode(eaddr, q) 03558 register const u_char *eaddr; 03559 struct qual q; 03560 { 03561 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 03562 if (linktype == DLT_EN10MB) 03563 return gen_ehostop(eaddr, (int)q.dir); 03564 if (linktype == DLT_FDDI) 03565 return gen_fhostop(eaddr, (int)q.dir); 03566 if (linktype == DLT_IEEE802) 03567 return gen_thostop(eaddr, (int)q.dir); 03568 bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring"); 03569 } 03570 bpf_error("ethernet address used in non-ether expression"); 03571 /* NOTREACHED */ 03572 } 03573 03574 void 03575 sappend(s0, s1) 03576 struct slist *s0, *s1; 03577 { 03578 /* 03579 * This is definitely not the best way to do this, but the 03580 * lists will rarely get long. 03581 */ 03582 while (s0->next) 03583 s0 = s0->next; 03584 s0->next = s1; 03585 } 03586 03587 static struct slist * 03588 xfer_to_x(a) 03589 struct arth *a; 03590 { 03591 struct slist *s; 03592 03593 s = new_stmt(BPF_LDX|BPF_MEM); 03594 s->s.k = a->regno; 03595 return s; 03596 } 03597 03598 static struct slist * 03599 xfer_to_a(a) 03600 struct arth *a; 03601 { 03602 struct slist *s; 03603 03604 s = new_stmt(BPF_LD|BPF_MEM); 03605 s->s.k = a->regno; 03606 return s; 03607 } 03608 03609 struct arth * 03610 gen_load(proto, index, size) 03611 int proto; 03612 struct arth *index; 03613 int size; 03614 { 03615 struct slist *s, *tmp; 03616 struct block *b; 03617 int regno = alloc_reg(); 03618 03619 free_reg(index->regno); 03620 switch (size) { 03621 03622 default: 03623 bpf_error("data size must be 1, 2, or 4"); 03624 03625 case 1: 03626 size = BPF_B; 03627 break; 03628 03629 case 2: 03630 size = BPF_H; 03631 break; 03632 03633 case 4: 03634 size = BPF_W; 03635 break; 03636 } 03637 switch (proto) { 03638 default: 03639 bpf_error("unsupported index operation"); 03640 03641 case Q_LINK: 03642 s = xfer_to_x(index); 03643 tmp = new_stmt(BPF_LD|BPF_IND|size); 03644 sappend(s, tmp); 03645 sappend(index->s, s); 03646 break; 03647 03648 case Q_IP: 03649 case Q_ARP: 03650 case Q_RARP: 03651 case Q_ATALK: 03652 case Q_DECNET: 03653 case Q_SCA: 03654 case Q_LAT: 03655 case Q_MOPRC: 03656 case Q_MOPDL: 03657 #ifdef INET6 03658 case Q_IPV6: 03659 #endif 03660 /* XXX Note that we assume a fixed link header here. */ 03661 s = xfer_to_x(index); 03662 tmp = new_stmt(BPF_LD|BPF_IND|size); 03663 tmp->s.k = off_nl; 03664 sappend(s, tmp); 03665 sappend(index->s, s); 03666 03667 b = gen_proto_abbrev(proto); 03668 if (index->b) 03669 gen_and(index->b, b); 03670 index->b = b; 03671 break; 03672 03673 case Q_SCTP: 03674 case Q_TCP: 03675 case Q_UDP: 03676 case Q_ICMP: 03677 case Q_IGMP: 03678 case Q_IGRP: 03679 case Q_PIM: 03680 case Q_VRRP: 03681 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 03682 s->s.k = off_nl; 03683 sappend(s, xfer_to_a(index)); 03684 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 03685 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 03686 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 03687 tmp->s.k = off_nl; 03688 sappend(index->s, s); 03689 03690 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 03691 if (index->b) 03692 gen_and(index->b, b); 03693 #ifdef INET6 03694 gen_and(gen_proto_abbrev(Q_IP), b); 03695 #endif 03696 index->b = b; 03697 break; 03698 #ifdef INET6 03699 case Q_ICMPV6: 03700 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 03701 /*NOTREACHED*/ 03702 #endif 03703 } 03704 index->regno = regno; 03705 s = new_stmt(BPF_ST); 03706 s->s.k = regno; 03707 sappend(index->s, s); 03708 03709 return index; 03710 } 03711 03712 struct block * 03713 gen_relation(code, a0, a1, reversed) 03714 int code; 03715 struct arth *a0, *a1; 03716 int reversed; 03717 { 03718 struct slist *s0, *s1, *s2; 03719 struct block *b, *tmp; 03720 03721 s0 = xfer_to_x(a1); 03722 s1 = xfer_to_a(a0); 03723 if (code == BPF_JEQ) { 03724 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 03725 b = new_block(JMP(code)); 03726 sappend(s1, s2); 03727 } 03728 else 03729 b = new_block(BPF_JMP|code|BPF_X); 03730 if (reversed) 03731 gen_not(b); 03732 03733 sappend(s0, s1); 03734 sappend(a1->s, s0); 03735 sappend(a0->s, a1->s); 03736 03737 b->stmts = a0->s; 03738 03739 free_reg(a0->regno); 03740 free_reg(a1->regno); 03741 03742 /* 'and' together protocol checks */ 03743 if (a0->b) { 03744 if (a1->b) { 03745 gen_and(a0->b, tmp = a1->b); 03746 } 03747 else 03748 tmp = a0->b; 03749 } else 03750 tmp = a1->b; 03751 03752 if (tmp) 03753 gen_and(tmp, b); 03754 03755 return b; 03756 } 03757 03758 struct arth * 03759 gen_loadlen() 03760 { 03761 int regno = alloc_reg(); 03762 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 03763 struct slist *s; 03764 03765 s = new_stmt(BPF_LD|BPF_LEN); 03766 s->next = new_stmt(BPF_ST); 03767 s->next->s.k = regno; 03768 a->s = s; 03769 a->regno = regno; 03770 03771 return a; 03772 } 03773 03774 struct arth * 03775 gen_loadi(val) 03776 int val; 03777 { 03778 struct arth *a; 03779 struct slist *s; 03780 int reg; 03781 03782 a = (struct arth *)newchunk(sizeof(*a)); 03783 03784 reg = alloc_reg(); 03785 03786 s = new_stmt(BPF_LD|BPF_IMM); 03787 s->s.k = val; 03788 s->next = new_stmt(BPF_ST); 03789 s->next->s.k = reg; 03790 a->s = s; 03791 a->regno = reg; 03792 03793 return a; 03794 } 03795 03796 struct arth * 03797 gen_neg(a) 03798 struct arth *a; 03799 { 03800 struct slist *s; 03801 03802 s = xfer_to_a(a); 03803 sappend(a->s, s); 03804 s = new_stmt(BPF_ALU|BPF_NEG); 03805 s->s.k = 0; 03806 sappend(a->s, s); 03807 s = new_stmt(BPF_ST); 03808 s->s.k = a->regno; 03809 sappend(a->s, s); 03810 03811 return a; 03812 } 03813 03814 struct arth * 03815 gen_arth(code, a0, a1) 03816 int code; 03817 struct arth *a0, *a1; 03818 { 03819 struct slist *s0, *s1, *s2; 03820 03821 s0 = xfer_to_x(a1); 03822 s1 = xfer_to_a(a0); 03823 s2 = new_stmt(BPF_ALU|BPF_X|code); 03824 03825 sappend(s1, s2); 03826 sappend(s0, s1); 03827 sappend(a1->s, s0); 03828 sappend(a0->s, a1->s); 03829 03830 free_reg(a0->regno); 03831 free_reg(a1->regno); 03832 03833 s0 = new_stmt(BPF_ST); 03834 a0->regno = s0->s.k = alloc_reg(); 03835 sappend(a0->s, s0); 03836 03837 return a0; 03838 } 03839 03840 /* 03841 * Here we handle simple allocation of the scratch registers. 03842 * If too many registers are alloc'd, the allocator punts. 03843 */ 03844 static int regused[BPF_MEMWORDS]; 03845 static int curreg; 03846 03847 /* 03848 * Return the next free register. 03849 */ 03850 static int 03851 alloc_reg() 03852 { 03853 int n = BPF_MEMWORDS; 03854 03855 while (--n >= 0) { 03856 if (regused[curreg]) 03857 curreg = (curreg + 1) % BPF_MEMWORDS; 03858 else { 03859 regused[curreg] = 1; 03860 return curreg; 03861 } 03862 } 03863 bpf_error("too many registers needed to evaluate expression"); 03864 /* NOTREACHED */ 03865 } 03866 03867 /* 03868 * Return a register to the table so it can 03869 * be used later. 03870 */ 03871 static void 03872 free_reg(n) 03873 int n; 03874 { 03875 regused[n] = 0; 03876 } 03877 03878 static struct block * 03879 gen_len(jmp, n) 03880 int jmp, n; 03881 { 03882 struct slist *s; 03883 struct block *b; 03884 03885 s = new_stmt(BPF_LD|BPF_LEN); 03886 b = new_block(JMP(jmp)); 03887 b->stmts = s; 03888 b->s.k = n; 03889 03890 return b; 03891 } 03892 03893 struct block * 03894 gen_greater(n) 03895 int n; 03896 { 03897 return gen_len(BPF_JGE, n); 03898 } 03899 03900 /* 03901 * Actually, this is less than or equal. 03902 */ 03903 struct block * 03904 gen_less(n) 03905 int n; 03906 { 03907 struct block *b; 03908 03909 b = gen_len(BPF_JGT, n); 03910 gen_not(b); 03911 03912 return b; 03913 } 03914 03915 struct block * 03916 gen_byteop(op, idx, val) 03917 int op, idx, val; 03918 { 03919 struct block *b; 03920 struct slist *s; 03921 03922 switch (op) { 03923 default: 03924 abort(); 03925 03926 case '=': 03927 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 03928 03929 case '<': 03930 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 03931 b->s.code = JMP(BPF_JGE); 03932 gen_not(b); 03933 return b; 03934 03935 case '>': 03936 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 03937 b->s.code = JMP(BPF_JGT); 03938 return b; 03939 03940 case '|': 03941 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 03942 break; 03943 03944 case '&': 03945 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 03946 break; 03947 } 03948 s->s.k = val; 03949 b = new_block(JMP(BPF_JEQ)); 03950 b->stmts = s; 03951 gen_not(b); 03952 03953 return b; 03954 } 03955 03956 static u_char abroadcast[] = { 0x0 }; 03957 03958 struct block * 03959 gen_broadcast(proto) 03960 int proto; 03961 { 03962 bpf_u_int32 hostmask; 03963 struct block *b0, *b1, *b2; 03964 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 03965 03966 switch (proto) { 03967 03968 case Q_DEFAULT: 03969 case Q_LINK: 03970 if (linktype == DLT_ARCNET) 03971 return gen_ahostop(abroadcast, Q_DST); 03972 if (linktype == DLT_EN10MB) 03973 return gen_ehostop(ebroadcast, Q_DST); 03974 if (linktype == DLT_FDDI) 03975 return gen_fhostop(ebroadcast, Q_DST); 03976 if (linktype == DLT_IEEE802) 03977 return gen_thostop(ebroadcast, Q_DST); 03978 bpf_error("not a broadcast link"); 03979 break; 03980 03981 case Q_IP: 03982 b0 = gen_linktype(ETHERTYPE_IP); 03983 hostmask = ~netmask; 03984 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 03985 b2 = gen_mcmp(off_nl + 16, BPF_W, 03986 (bpf_int32)(~0 & hostmask), hostmask); 03987 gen_or(b1, b2); 03988 gen_and(b0, b2); 03989 return b2; 03990 } 03991 bpf_error("only ether/ip broadcast filters supported"); 03992 } 03993 03994 struct block * 03995 gen_multicast(proto) 03996 int proto; 03997 { 03998 register struct block *b0, *b1; 03999 register struct slist *s; 04000 04001 switch (proto) { 04002 04003 case Q_DEFAULT: 04004 case Q_LINK: 04005 if (linktype == DLT_ARCNET) 04006 /* all ARCnet multicasts use the same address */ 04007 return gen_ahostop(abroadcast, Q_DST); 04008 04009 if (linktype == DLT_EN10MB) { 04010 /* ether[0] & 1 != 0 */ 04011 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04012 s->s.k = 0; 04013 b0 = new_block(JMP(BPF_JSET)); 04014 b0->s.k = 1; 04015 b0->stmts = s; 04016 return b0; 04017 } 04018 04019 if (linktype == DLT_FDDI) { 04020 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 04021 /* fddi[1] & 1 != 0 */ 04022 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 04023 s->s.k = 1; 04024 b0 = new_block(JMP(BPF_JSET)); 04025 b0->s.k = 1; 04026 b0->stmts = s; 04027 return b0; 04028 } 04029 04030 /* TODO - check how token ring handles multicast */ 04031 /* if (linktype == DLT_IEEE802) ... */ 04032 04033 /* Link not known to support multicasts */ 04034 break; 04035 04036 case Q_IP: 04037 b0 = gen_linktype(ETHERTYPE_IP); 04038 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 04039 b1->s.code = JMP(BPF_JGE); 04040 gen_and(b0, b1); 04041 return b1; 04042 04043 #ifdef INET6 04044 case Q_IPV6: 04045 b0 = gen_linktype(ETHERTYPE_IPV6); 04046 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 04047 gen_and(b0, b1); 04048 return b1; 04049 #endif /* INET6 */ 04050 } 04051 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 04052 } 04053 04054 /* 04055 * generate command for inbound/outbound. It's here so we can 04056 * make it link-type specific. 'dir' = 0 implies "inbound", 04057 * = 1 implies "outbound". 04058 */ 04059 struct block * 04060 gen_inbound(dir) 04061 int dir; 04062 { 04063 register struct block *b0; 04064 04065 /* 04066 * Only some data link types support inbound/outbound qualifiers. 04067 */ 04068 switch (linktype) { 04069 case DLT_SLIP: 04070 case DLT_PPP: 04071 b0 = gen_relation(BPF_JEQ, 04072 gen_load(Q_LINK, gen_loadi(0), 1), 04073 gen_loadi(0), 04074 dir); 04075 break; 04076 04077 case DLT_LINUX_SLL: 04078 if (dir) { 04079 /* 04080 * Match packets sent by this machine. 04081 */ 04082 b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING); 04083 } else { 04084 /* 04085 * Match packets sent to this machine. 04086 * (No broadcast or multicast packets, or 04087 * packets sent to some other machine and 04088 * received promiscuously.) 04089 * 04090 * XXX - packets sent to other machines probably 04091 * shouldn't be matched, but what about broadcast 04092 * or multicast packets we received? 04093 */ 04094 b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST); 04095 } 04096 break; 04097 04098 default: 04099 bpf_error("inbound/outbound not supported on linktype %d\n", 04100 linktype); 04101 b0 = NULL; 04102 /* NOTREACHED */ 04103 } 04104 return (b0); 04105 } 04106 04107 struct block * 04108 gen_acode(eaddr, q) 04109 register const u_char *eaddr; 04110 struct qual q; 04111 { 04112 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 04113 if (linktype == DLT_ARCNET) 04114 return gen_ahostop(eaddr, (int)q.dir); 04115 } 04116 bpf_error("ARCnet address used in non-arc expression"); 04117 /* NOTREACHED */ 04118 } 04119 04120 static struct block * 04121 gen_ahostop(eaddr, dir) 04122 register const u_char *eaddr; 04123 register int dir; 04124 { 04125 register struct block *b0, *b1; 04126 04127 switch (dir) { 04128 /* src comes first, different from Ethernet */ 04129 case Q_SRC: 04130 return gen_bcmp(0, 1, eaddr); 04131 04132 case Q_DST: 04133 return gen_bcmp(1, 1, eaddr); 04134 04135 case Q_AND: 04136 b0 = gen_ahostop(eaddr, Q_SRC); 04137 b1 = gen_ahostop(eaddr, Q_DST); 04138 gen_and(b0, b1); 04139 return b1; 04140 04141 case Q_DEFAULT: 04142 case Q_OR: 04143 b0 = gen_ahostop(eaddr, Q_SRC); 04144 b1 = gen_ahostop(eaddr, Q_DST); 04145 gen_or(b0, b1); 04146 return b1; 04147 } 04148 abort(); 04149 /* NOTREACHED */ 04150 } 04151 04152 /* 04153 * support IEEE 802.1Q VLAN trunk over ethernet 04154 */ 04155 struct block * 04156 gen_vlan(vlan_num) 04157 int vlan_num; 04158 { 04159 struct block *b0; 04160 04161 /* 04162 * Change the offsets to point to the type and data fields within 04163 * the VLAN packet. This is somewhat of a kludge. 04164 */ 04165 if (orig_nl == (u_int)-1) { 04166 orig_linktype = off_linktype; /* save original values */ 04167 orig_nl = off_nl; 04168 orig_nl_nosnap = off_nl_nosnap; 04169 04170 switch (linktype) { 04171 04172 case DLT_EN10MB: 04173 off_linktype = 16; 04174 off_nl_nosnap = 18; 04175 off_nl = 18; 04176 break; 04177 04178 default: 04179 bpf_error("no VLAN support for data link type %d", 04180 linktype); 04181 /*NOTREACHED*/ 04182 } 04183 } 04184 04185 /* check for VLAN */ 04186 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 04187 04188 /* If a specific VLAN is requested, check VLAN id */ 04189 if (vlan_num >= 0) { 04190 struct block *b1; 04191 04192 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 04193 gen_and(b0, b1); 04194 b0 = b1; 04195 } 04196 04197 return (b0); 04198 } 04199 04200 struct block * 04201 gen_atmfield_code(atmfield, jvalue, jtype, reverse) 04202 int atmfield; 04203 bpf_u_int32 jvalue; 04204 bpf_u_int32 jtype; 04205 int reverse; 04206 { 04207 struct block *b0; 04208 04209 switch (atmfield) { 04210 04211 case A_VPI: 04212 if (!is_atm) 04213 bpf_error("'vpi' supported only on raw ATM"); 04214 if (off_vpi == -1) 04215 abort(); 04216 b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype, 04217 (u_int)jvalue, reverse); 04218 break; 04219 04220 case A_VCI: 04221 if (!is_atm) 04222 bpf_error("'vci' supported only on raw ATM"); 04223 if (off_vci == -1) 04224 abort(); 04225 b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype, 04226 (u_int)jvalue, reverse); 04227 break; 04228 04229 case A_PROTOTYPE: 04230 if (off_proto == -1) 04231 abort(); /* XXX - this isn't on FreeBSD */ 04232 b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype, 04233 (u_int)jvalue, reverse); 04234 break; 04235 04236 case A_MSGTYPE: 04237 if (off_msg_type == -1) 04238 abort(); 04239 b0 = gen_ncmp(BPF_B, off_msg_type, 0xffffffff, 04240 (u_int)jtype, (u_int)jvalue, reverse); 04241 break; 04242 04243 case A_CALLREFTYPE: 04244 if (!is_atm) 04245 bpf_error("'callref' supported only on raw ATM"); 04246 if (off_proto == -1) 04247 abort(); 04248 b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype, 04249 (u_int)jvalue, reverse); 04250 break; 04251 04252 default: 04253 abort(); 04254 } 04255 return b0; 04256 } 04257 04258 struct block * 04259 gen_atmtype_abbrev(type) 04260 int type; 04261 { 04262 struct block *b0, *b1; 04263 04264 switch (type) { 04265 04266 case A_METAC: 04267 /* Get all packets in Meta signalling Circuit */ 04268 if (!is_atm) 04269 bpf_error("'metac' supported only on raw ATM"); 04270 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 04271 b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0); 04272 gen_and(b0, b1); 04273 break; 04274 04275 case A_BCC: 04276 /* Get all packets in Broadcast Circuit*/ 04277 if (!is_atm) 04278 bpf_error("'bcc' supported only on raw ATM"); 04279 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 04280 b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0); 04281 gen_and(b0, b1); 04282 break; 04283 04284 case A_OAMF4SC: 04285 /* Get all cells in Segment OAM F4 circuit*/ 04286 if (!is_atm) 04287 bpf_error("'oam4sc' supported only on raw ATM"); 04288 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 04289 b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 04290 gen_and(b0, b1); 04291 break; 04292 04293 case A_OAMF4EC: 04294 /* Get all cells in End-to-End OAM F4 Circuit*/ 04295 if (!is_atm) 04296 bpf_error("'oam4ec' supported only on raw ATM"); 04297 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 04298 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 04299 gen_and(b0, b1); 04300 break; 04301 04302 case A_SC: 04303 /* Get all packets in connection Signalling Circuit */ 04304 if (!is_atm) 04305 bpf_error("'sc' supported only on raw ATM"); 04306 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 04307 b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0); 04308 gen_and(b0, b1); 04309 break; 04310 04311 case A_ILMIC: 04312 /* Get all packets in ILMI Circuit */ 04313 if (!is_atm) 04314 bpf_error("'ilmic' supported only on raw ATM"); 04315 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 04316 b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0); 04317 gen_and(b0, b1); 04318 break; 04319 04320 case A_LANE: 04321 /* Get all LANE packets */ 04322 if (!is_atm) 04323 bpf_error("'lane' supported only on raw ATM"); 04324 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 04325 break; 04326 04327 case A_LLC: 04328 /* Get all LLC-encapsulated packets */ 04329 if (!is_atm) 04330 bpf_error("'llc' supported only on raw ATM"); 04331 b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 04332 break; 04333 04334 default: 04335 abort(); 04336 } 04337 return b1; 04338 } 04339 04340 04341 static struct block * 04342 gen_msg_abbrev(type) 04343 int type; 04344 { 04345 struct block *b1; 04346 04347 /* 04348 * Q.2931 signalling protocol messages for handling virtual circuits 04349 * establishment and teardown 04350 */ 04351 switch (type) { 04352 04353 case A_SETUP: 04354 b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0); 04355 break; 04356 04357 case A_CALLPROCEED: 04358 b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 04359 break; 04360 04361 case A_CONNECT: 04362 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0); 04363 break; 04364 04365 case A_CONNECTACK: 04366 b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 04367 break; 04368 04369 case A_RELEASE: 04370 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0); 04371 break; 04372 04373 case A_RELEASE_DONE: 04374 b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 04375 break; 04376 04377 default: 04378 abort(); 04379 } 04380 return b1; 04381 } 04382 04383 struct block * 04384 gen_atmmulti_abbrev(type) 04385 int type; 04386 { 04387 struct block *b0, *b1; 04388 04389 switch (type) { 04390 04391 case A_OAM: 04392 if (!is_atm) 04393 bpf_error("'oam' supported only on raw ATM"); 04394 b1 = gen_atmmulti_abbrev(A_OAMF4); 04395 break; 04396 04397 case A_OAMF4: 04398 if (!is_atm) 04399 bpf_error("'oamf4' supported only on raw ATM"); 04400 /* OAM F4 type */ 04401 b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 04402 b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0); 04403 gen_or(b0, b1); 04404 b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0); 04405 gen_and(b0, b1); 04406 break; 04407 04408 case A_CONNECTMSG: 04409 /* 04410 * Get Q.2931 signalling messages for switched 04411 * virtual connection 04412 */ 04413 if (!is_atm) 04414 bpf_error("'connectmsg' supported only on raw ATM"); 04415 b0 = gen_msg_abbrev(A_SETUP); 04416 b1 = gen_msg_abbrev(A_CALLPROCEED); 04417 gen_or(b0, b1); 04418 b0 = gen_msg_abbrev(A_CONNECT); 04419 gen_or(b0, b1); 04420 b0 = gen_msg_abbrev(A_CONNECTACK); 04421 gen_or(b0, b1); 04422 b0 = gen_msg_abbrev(A_RELEASE); 04423 gen_or(b0, b1); 04424 b0 = gen_msg_abbrev(A_RELEASE_DONE); 04425 gen_or(b0, b1); 04426 b0 = gen_atmtype_abbrev(A_SC); 04427 gen_and(b0, b1); 04428 break; 04429 04430 case A_METACONNECT: 04431 if (!is_atm) 04432 bpf_error("'metaconnect' supported only on raw ATM"); 04433 b0 = gen_msg_abbrev(A_SETUP); 04434 b1 = gen_msg_abbrev(A_CALLPROCEED); 04435 gen_or(b0, b1); 04436 b0 = gen_msg_abbrev(A_CONNECT); 04437 gen_or(b0, b1); 04438 b0 = gen_msg_abbrev(A_RELEASE); 04439 gen_or(b0, b1); 04440 b0 = gen_msg_abbrev(A_RELEASE_DONE); 04441 gen_or(b0, b1); 04442 b0 = gen_atmtype_abbrev(A_METAC); 04443 gen_and(b0, b1); 04444 break; 04445 04446 default: 04447 abort(); 04448 } 04449 return b1; 04450 }
documentation. Copyright (c) 2002 Politecnico di Torino. All rights reserved.