Main Page   Modules   Data Structures   File List   Data Fields   Globals  

gencode.c

Go to the documentation of this file.
00001 /*#define CHASE_CHAIN*/
00002 /*
00003  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
00004  *  The Regents of the University of California.  All rights reserved.
00005  *
00006  * Redistribution and use in source and binary forms, with or without
00007  * modification, are permitted provided that: (1) source code distributions
00008  * retain the above copyright notice and this paragraph in its entirety, (2)
00009  * distributions including binary code include the above copyright notice and
00010  * this paragraph in its entirety in the documentation or other materials
00011  * provided with the distribution, and (3) all advertising materials mentioning
00012  * features or use of this software display the following acknowledgement:
00013  * ``This product includes software developed by the University of California,
00014  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
00015  * the University nor the names of its contributors may be used to endorse
00016  * or promote products derived from this software without specific prior
00017  * written permission.
00018  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
00019  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
00020  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
00021  */
00022 #ifndef lint
00023 static const char rcsid[] =
00024     "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.175 2002/08/06 07:35:46 guy Exp $ (LBL)";
00025 #endif
00026 
00027 #ifdef HAVE_CONFIG_H
00028 #include "config.h"
00029 #endif
00030 
00031 #ifdef WIN32
00032 #include <pcap-stdinc.h>
00033 #else /* WIN32 */
00034 #include <sys/types.h>
00035 #include <sys/socket.h>
00036 #include <sys/time.h>
00037 #endif /* WIN32 */
00038 
00039 /*
00040  * XXX - why was this included even on UNIX?
00041  */
00042 #ifdef __MINGW32__
00043 #include "IP6_misc.h"
00044 #endif
00045 
00046 #ifndef WIN32
00047 
00048 #ifdef __NetBSD__
00049 #include <sys/param.h>
00050 #endif
00051 
00052 #include <netinet/in.h>
00053 
00054 #endif /* WIN32 */
00055 
00056 #include <stdlib.h>
00057 #include <string.h>
00058 #include <memory.h>
00059 #include <setjmp.h>
00060 #include <stdarg.h>
00061 
00062 #include "pcap-int.h"
00063 
00064 #include "ethertype.h"
00065 #include "nlpid.h"
00066 #include "llc.h"
00067 #include "gencode.h"
00068 #include "atmuni31.h"
00069 #include "sunatmpos.h"
00070 #include "ppp.h"
00071 #include "sll.h"
00072 #include "arcnet.h"
00073 #ifdef INET6
00074 #ifndef WIN32
00075 #include <netdb.h>  /* for "struct addrinfo" */
00076 #endif /* WIN32 */
00077 #endif /*INET6*/
00078 #include <pcap-namedb.h>
00079 
00080 #define ETHERMTU    1500
00081 
00082 #ifndef IPPROTO_SCTP
00083 #define IPPROTO_SCTP 132
00084 #endif
00085 
00086 #ifdef HAVE_OS_PROTO_H
00087 #include "os-proto.h"
00088 #endif
00089 
00090 #define JMP(c) ((c)|BPF_JMP|BPF_K)
00091 
00092 /* Locals */
00093 static jmp_buf top_ctx;
00094 static pcap_t *bpf_pcap;
00095 
00096 /* Hack for updating VLAN offsets. */
00097 static u_int    orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
00098 
00099 /* XXX */
00100 #ifdef PCAP_FDDIPAD
00101 int pcap_fddipad = PCAP_FDDIPAD;
00102 #else
00103 int pcap_fddipad;
00104 #endif
00105 
00106 /* VARARGS */
00107 void
00108 bpf_error(const char *fmt, ...)
00109 
00110 {
00111     va_list ap;
00112 
00113     va_start(ap, fmt);
00114     if (bpf_pcap != NULL)
00115         (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
00116             fmt, ap);
00117     va_end(ap);
00118     longjmp(top_ctx, 1);
00119     /* NOTREACHED */
00120 }
00121 
00122 static void init_linktype(int);
00123 
00124 static int alloc_reg(void);
00125 static void free_reg(int);
00126 
00127 static struct block *root;
00128 
00129 /*
00130  * We divy out chunks of memory rather than call malloc each time so
00131  * we don't have to worry about leaking memory.  It's probably
00132  * not a big deal if all this memory was wasted but it this ever
00133  * goes into a library that would probably not be a good idea.
00134  */
00135 #define NCHUNKS 16
00136 #define CHUNK0SIZE 1024
00137 struct chunk {
00138     u_int n_left;
00139     void *m;
00140 };
00141 
00142 static struct chunk chunks[NCHUNKS];
00143 static int cur_chunk;
00144 
00145 static void *newchunk(u_int);
00146 static void freechunks(void);
00147 static inline struct block *new_block(int);
00148 static inline struct slist *new_stmt(int);
00149 static struct block *gen_retblk(int);
00150 static inline void syntax(void);
00151 
00152 static void backpatch(struct block *, struct block *);
00153 static void merge(struct block *, struct block *);
00154 static struct block *gen_cmp(u_int, u_int, bpf_int32);
00155 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
00156 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
00157 static struct block *gen_bcmp(u_int, u_int, const u_char *);
00158 static struct block *gen_ncmp(bpf_u_int32, bpf_u_int32, bpf_u_int32,
00159     bpf_u_int32, bpf_u_int32, int);
00160 static struct block *gen_uncond(int);
00161 static inline struct block *gen_true(void);
00162 static inline struct block *gen_false(void);
00163 static struct block *gen_linktype(int);
00164 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
00165 static struct block *gen_llc(int);
00166 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
00167 #ifdef INET6
00168 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
00169 #endif
00170 static struct block *gen_ahostop(const u_char *, int);
00171 static struct block *gen_ehostop(const u_char *, int);
00172 static struct block *gen_fhostop(const u_char *, int);
00173 static struct block *gen_thostop(const u_char *, int);
00174 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
00175 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
00176 #ifdef INET6
00177 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
00178 #endif
00179 #ifndef INET6
00180 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
00181 #endif
00182 static struct block *gen_ipfrag(void);
00183 static struct block *gen_portatom(int, bpf_int32);
00184 #ifdef INET6
00185 static struct block *gen_portatom6(int, bpf_int32);
00186 #endif
00187 struct block *gen_portop(int, int, int);
00188 static struct block *gen_port(int, int, int);
00189 #ifdef INET6
00190 struct block *gen_portop6(int, int, int);
00191 static struct block *gen_port6(int, int, int);
00192 #endif
00193 static int lookup_proto(const char *, int);
00194 static struct block *gen_protochain(int, int, int);
00195 static struct block *gen_proto(int, int, int);
00196 static struct slist *xfer_to_x(struct arth *);
00197 static struct slist *xfer_to_a(struct arth *);
00198 static struct block *gen_len(int, int);
00199 
00200 static struct block *gen_msg_abbrev(int type);
00201 
00202 static void *
00203 newchunk(n)
00204     u_int n;
00205 {
00206     struct chunk *cp;
00207     int k, size;
00208 
00209 #ifndef __NetBSD__
00210     /* XXX Round up to nearest long. */
00211     n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
00212 #else
00213     /* XXX Round up to structure boundary. */
00214     n = ALIGN(n);
00215 #endif
00216 
00217     cp = &chunks[cur_chunk];
00218     if (n > cp->n_left) {
00219         ++cp, k = ++cur_chunk;
00220         if (k >= NCHUNKS)
00221             bpf_error("out of memory");
00222         size = CHUNK0SIZE << k;
00223         cp->m = (void *)malloc(size);
00224         memset((char *)cp->m, 0, size);
00225         cp->n_left = size;
00226         if (n > size)
00227             bpf_error("out of memory");
00228     }
00229     cp->n_left -= n;
00230     return (void *)((char *)cp->m + cp->n_left);
00231 }
00232 
00233 static void
00234 freechunks()
00235 {
00236     int i;
00237 
00238     cur_chunk = 0;
00239     for (i = 0; i < NCHUNKS; ++i)
00240         if (chunks[i].m != NULL) {
00241             free(chunks[i].m);
00242             chunks[i].m = NULL;
00243         }
00244 }
00245 
00246 /*
00247  * A strdup whose allocations are freed after code generation is over.
00248  */
00249 char *
00250 sdup(s)
00251     register const char *s;
00252 {
00253     int n = strlen(s) + 1;
00254     char *cp = newchunk(n);
00255 
00256     strlcpy(cp, s, n);
00257     return (cp);
00258 }
00259 
00260 static inline struct block *
00261 new_block(code)
00262     int code;
00263 {
00264     struct block *p;
00265 
00266     p = (struct block *)newchunk(sizeof(*p));
00267     p->s.code = code;
00268     p->head = p;
00269 
00270     return p;
00271 }
00272 
00273 static inline struct slist *
00274 new_stmt(code)
00275     int code;
00276 {
00277     struct slist *p;
00278 
00279     p = (struct slist *)newchunk(sizeof(*p));
00280     p->s.code = code;
00281 
00282     return p;
00283 }
00284 
00285 static struct block *
00286 gen_retblk(v)
00287     int v;
00288 {
00289     struct block *b = new_block(BPF_RET|BPF_K);
00290 
00291     b->s.k = v;
00292     return b;
00293 }
00294 
00295 static inline void
00296 syntax()
00297 {
00298     bpf_error("syntax error in filter expression");
00299 }
00300 
00301 static bpf_u_int32 netmask;
00302 static int snaplen;
00303 int no_optimize;
00304 
00305 int
00306 pcap_compile(pcap_t *p, struct bpf_program *program,
00307          char *buf, int optimize, bpf_u_int32 mask)
00308 {
00309     extern int n_errors;
00310     int len;
00311 
00312     no_optimize = 0;
00313     n_errors = 0;
00314     root = NULL;
00315     bpf_pcap = p;
00316     if (setjmp(top_ctx)) {
00317         lex_cleanup();
00318         freechunks();
00319         return (-1);
00320     }
00321 
00322     netmask = mask;
00323 
00324     snaplen = pcap_snapshot(p);
00325     if (snaplen == 0) {
00326         snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
00327              "snaplen of 0 rejects all packets");
00328         return -1;
00329     }
00330 
00331     lex_init(buf ? buf : "");
00332     init_linktype(pcap_datalink(p));
00333     (void)pcap_parse();
00334 
00335     if (n_errors)
00336         syntax();
00337 
00338     if (root == NULL)
00339         root = gen_retblk(snaplen);
00340 
00341     if (optimize && !no_optimize) {
00342         bpf_optimize(&root);
00343         if (root == NULL ||
00344             (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
00345             bpf_error("expression rejects all packets");
00346     }
00347     program->bf_insns = icode_to_fcode(root, &len);
00348     program->bf_len = len;
00349 
00350     lex_cleanup();
00351     freechunks();
00352     return (0);
00353 }
00354 
00355 /*
00356  * entry point for using the compiler with no pcap open
00357  * pass in all the stuff that is needed explicitly instead.
00358  */
00359 int
00360 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
00361             struct bpf_program *program,
00362          char *buf, int optimize, bpf_u_int32 mask)
00363 {
00364     pcap_t *p;
00365     int ret;
00366 
00367     p = pcap_open_dead(linktype_arg, snaplen_arg);
00368     if (p == NULL)
00369         return (-1);
00370     ret = pcap_compile(p, program, buf, optimize, mask);
00371     pcap_close(p);
00372     return (ret);
00373 }
00374 
00375 /*
00376  * Clean up a "struct bpf_program" by freeing all the memory allocated
00377  * in it.
00378  */
00379 void
00380 pcap_freecode(struct bpf_program *program)
00381 {
00382     program->bf_len = 0;
00383     if (program->bf_insns != NULL) {
00384         free((char *)program->bf_insns);
00385         program->bf_insns = NULL;
00386     }
00387 }
00388 
00389 /*
00390  * Backpatch the blocks in 'list' to 'target'.  The 'sense' field indicates
00391  * which of the jt and jf fields has been resolved and which is a pointer
00392  * back to another unresolved block (or nil).  At least one of the fields
00393  * in each block is already resolved.
00394  */
00395 static void
00396 backpatch(list, target)
00397     struct block *list, *target;
00398 {
00399     struct block *next;
00400 
00401     while (list) {
00402         if (!list->sense) {
00403             next = JT(list);
00404             JT(list) = target;
00405         } else {
00406             next = JF(list);
00407             JF(list) = target;
00408         }
00409         list = next;
00410     }
00411 }
00412 
00413 /*
00414  * Merge the lists in b0 and b1, using the 'sense' field to indicate
00415  * which of jt and jf is the link.
00416  */
00417 static void
00418 merge(b0, b1)
00419     struct block *b0, *b1;
00420 {
00421     register struct block **p = &b0;
00422 
00423     /* Find end of list. */
00424     while (*p)
00425         p = !((*p)->sense) ? &JT(*p) : &JF(*p);
00426 
00427     /* Concatenate the lists. */
00428     *p = b1;
00429 }
00430 
00431 void
00432 finish_parse(p)
00433     struct block *p;
00434 {
00435     backpatch(p, gen_retblk(snaplen));
00436     p->sense = !p->sense;
00437     backpatch(p, gen_retblk(0));
00438     root = p->head;
00439 }
00440 
00441 void
00442 gen_and(b0, b1)
00443     struct block *b0, *b1;
00444 {
00445     backpatch(b0, b1->head);
00446     b0->sense = !b0->sense;
00447     b1->sense = !b1->sense;
00448     merge(b1, b0);
00449     b1->sense = !b1->sense;
00450     b1->head = b0->head;
00451 }
00452 
00453 void
00454 gen_or(b0, b1)
00455     struct block *b0, *b1;
00456 {
00457     b0->sense = !b0->sense;
00458     backpatch(b0, b1->head);
00459     b0->sense = !b0->sense;
00460     merge(b1, b0);
00461     b1->head = b0->head;
00462 }
00463 
00464 void
00465 gen_not(b)
00466     struct block *b;
00467 {
00468     b->sense = !b->sense;
00469 }
00470 
00471 static struct block *
00472 gen_cmp(offset, size, v)
00473     u_int offset, size;
00474     bpf_int32 v;
00475 {
00476     struct slist *s;
00477     struct block *b;
00478 
00479     s = new_stmt(BPF_LD|BPF_ABS|size);
00480     s->s.k = offset;
00481 
00482     b = new_block(JMP(BPF_JEQ));
00483     b->stmts = s;
00484     b->s.k = v;
00485 
00486     return b;
00487 }
00488 
00489 static struct block *
00490 gen_cmp_gt(offset, size, v)
00491     u_int offset, size;
00492     bpf_int32 v;
00493 {
00494     struct slist *s;
00495     struct block *b;
00496 
00497     s = new_stmt(BPF_LD|BPF_ABS|size);
00498     s->s.k = offset;
00499 
00500     b = new_block(JMP(BPF_JGT));
00501     b->stmts = s;
00502     b->s.k = v;
00503 
00504     return b;
00505 }
00506 
00507 static struct block *
00508 gen_mcmp(offset, size, v, mask)
00509     u_int offset, size;
00510     bpf_int32 v;
00511     bpf_u_int32 mask;
00512 {
00513     struct block *b = gen_cmp(offset, size, v);
00514     struct slist *s;
00515 
00516     if (mask != 0xffffffff) {
00517         s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
00518         s->s.k = mask;
00519         b->stmts->next = s;
00520     }
00521     return b;
00522 }
00523 
00524 static struct block *
00525 gen_bcmp(offset, size, v)
00526     register u_int offset, size;
00527     register const u_char *v;
00528 {
00529     register struct block *b, *tmp;
00530 
00531     b = NULL;
00532     while (size >= 4) {
00533         register const u_char *p = &v[size - 4];
00534         bpf_int32 w = ((bpf_int32)p[0] << 24) |
00535             ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
00536 
00537         tmp = gen_cmp(offset + size - 4, BPF_W, w);
00538         if (b != NULL)
00539             gen_and(b, tmp);
00540         b = tmp;
00541         size -= 4;
00542     }
00543     while (size >= 2) {
00544         register const u_char *p = &v[size - 2];
00545         bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
00546 
00547         tmp = gen_cmp(offset + size - 2, BPF_H, w);
00548         if (b != NULL)
00549             gen_and(b, tmp);
00550         b = tmp;
00551         size -= 2;
00552     }
00553     if (size > 0) {
00554         tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
00555         if (b != NULL)
00556             gen_and(b, tmp);
00557         b = tmp;
00558     }
00559     return b;
00560 }
00561 
00562 static struct block *
00563 gen_ncmp(datasize, offset, mask, jtype, jvalue, reverse)
00564     bpf_u_int32 datasize, offset, mask, jtype, jvalue;
00565     int reverse;
00566 {
00567     struct slist *s;
00568     struct block *b;
00569  
00570     s = new_stmt(BPF_LD|datasize|BPF_ABS);
00571     s->s.k = offset;
00572  
00573     if (mask != 0xffffffff) {
00574         s->next = new_stmt(BPF_ALU|BPF_AND|BPF_K);
00575         s->next->s.k = mask;
00576     }
00577  
00578     b = new_block(JMP(jtype));
00579     b->stmts = s;
00580     b->s.k = jvalue;
00581     if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
00582         gen_not(b);
00583     return b;
00584 }
00585 
00586 /*
00587  * Various code constructs need to know the layout of the data link
00588  * layer.  These variables give the necessary offsets.
00589  */
00590 
00591 /*
00592  * "off_linktype" is the offset to information in the link-layer header
00593  * giving the packet type.
00594  *
00595  * For Ethernet, it's the offset of the Ethernet type field.
00596  *
00597  * For link-layer types that always use 802.2 headers, it's the
00598  * offset of the LLC header.
00599  *
00600  * For PPP, it's the offset of the PPP type field.
00601  *
00602  * For Cisco HDLC, it's the offset of the CHDLC type field.
00603  *
00604  * For BSD loopback, it's the offset of the AF_ value.
00605  *
00606  * For Linux cooked sockets, it's the offset of the type field.
00607  *
00608  * It's set to -1 for no encapsulation, in which case, IP is assumed.
00609  */
00610 static u_int off_linktype;
00611 
00612 /*
00613  * TRUE if the link layer includes an ATM pseudo-header.
00614  */
00615 static int is_atm = 0;
00616 
00617 /*
00618  * These are offsets for the ATM pseudo-header.
00619  */
00620 static u_int off_vpi;
00621 static u_int off_vci;
00622 static u_int off_proto;
00623 
00624 /*
00625  * This is the offset to the message type for Q.2931 messages.
00626  */
00627 static u_int off_msg_type;
00628 
00629 /*
00630  * These are offsets to the beginning of the network-layer header.
00631  *
00632  * If the link layer never uses 802.2 LLC:
00633  *
00634  *  "off_nl" and "off_nl_nosnap" are the same.
00635  *
00636  * If the link layer always uses 802.2 LLC:
00637  *
00638  *  "off_nl" is the offset if there's a SNAP header following
00639  *  the 802.2 header;
00640  *
00641  *  "off_nl_nosnap" is the offset if there's no SNAP header.
00642  *
00643  * If the link layer is Ethernet:
00644  *
00645  *  "off_nl" is the offset if the packet is an Ethernet II packet
00646  *  (we assume no 802.3+802.2+SNAP);
00647  *
00648  *  "off_nl_nosnap" is the offset if the packet is an 802.3 packet
00649  *  with an 802.2 header following it.
00650  */
00651 static u_int off_nl;
00652 static u_int off_nl_nosnap;
00653 
00654 static int linktype;
00655 
00656 static void
00657 init_linktype(type)
00658     int type;
00659 {
00660     linktype = type;
00661 
00662     /*
00663      * Assume it's not raw ATM with a pseudo-header, for now.
00664      */
00665     is_atm = 0;
00666     off_vpi = -1;
00667     off_vci = -1;
00668     off_proto = -1;
00669     off_msg_type = -1;
00670 
00671     orig_linktype = -1;
00672     orig_nl = -1;
00673     orig_nl_nosnap = -1;
00674 
00675     switch (type) {
00676 
00677     case DLT_ARCNET:
00678         off_linktype = 2;
00679         off_nl = 6; /* XXX in reality, variable! */
00680         off_nl_nosnap = 6;  /* no 802.2 LLC */
00681         return;
00682 
00683     case DLT_EN10MB:
00684         off_linktype = 12;
00685         off_nl = 14;        /* Ethernet II */
00686         off_nl_nosnap = 17; /* 802.3+802.2 */
00687         return;
00688 
00689     case DLT_SLIP:
00690         /*
00691          * SLIP doesn't have a link level type.  The 16 byte
00692          * header is hacked into our SLIP driver.
00693          */
00694         off_linktype = -1;
00695         off_nl = 16;
00696         off_nl_nosnap = 16; /* no 802.2 LLC */
00697         return;
00698 
00699     case DLT_SLIP_BSDOS:
00700         /* XXX this may be the same as the DLT_PPP_BSDOS case */
00701         off_linktype = -1;
00702         /* XXX end */
00703         off_nl = 24;
00704         off_nl_nosnap = 24; /* no 802.2 LLC */
00705         return;
00706 
00707     case DLT_NULL:
00708     case DLT_LOOP:
00709         off_linktype = 0;
00710         off_nl = 4;
00711         off_nl_nosnap = 4;  /* no 802.2 LLC */
00712         return;
00713 
00714     case DLT_PPP:
00715     case DLT_C_HDLC:        /* BSD/OS Cisco HDLC */
00716     case DLT_PPP_SERIAL:        /* NetBSD sync/async serial PPP */
00717         off_linktype = 2;
00718         off_nl = 4;
00719         off_nl_nosnap = 4;  /* no 802.2 LLC */
00720         return;
00721 
00722     case DLT_PPP_ETHER:
00723         /*
00724          * This does no include the Ethernet header, and
00725          * only covers session state.
00726          */
00727         off_linktype = 6;
00728         off_nl = 8;
00729         off_nl_nosnap = 8;  /* no 802.2 LLC */
00730         return;
00731 
00732     case DLT_PPP_BSDOS:
00733         off_linktype = 5;
00734         off_nl = 24;
00735         off_nl_nosnap = 24; /* no 802.2 LLC */
00736         return;
00737 
00738     case DLT_FDDI:
00739         /*
00740          * FDDI doesn't really have a link-level type field.
00741          * We set "off_linktype" to the offset of the LLC header.
00742          *
00743          * To check for Ethernet types, we assume that SSAP = SNAP
00744          * is being used and pick out the encapsulated Ethernet type.
00745          * XXX - should we generate code to check for SNAP?
00746          */
00747         off_linktype = 13;
00748 #ifdef PCAP_FDDIPAD
00749         off_linktype += pcap_fddipad;
00750 #endif
00751         off_nl = 21;        /* FDDI+802.2+SNAP */
00752         off_nl_nosnap = 16; /* FDDI+802.2 */
00753 #ifdef PCAP_FDDIPAD
00754         off_nl += pcap_fddipad;
00755         off_nl_nosnap += pcap_fddipad;
00756 #endif
00757         return;
00758 
00759     case DLT_IEEE802:
00760         /*
00761          * Token Ring doesn't really have a link-level type field.
00762          * We set "off_linktype" to the offset of the LLC header.
00763          *
00764          * To check for Ethernet types, we assume that SSAP = SNAP
00765          * is being used and pick out the encapsulated Ethernet type.
00766          * XXX - should we generate code to check for SNAP?
00767          *
00768          * XXX - the header is actually variable-length.
00769          * Some various Linux patched versions gave 38
00770          * as "off_linktype" and 40 as "off_nl"; however,
00771          * if a token ring packet has *no* routing
00772          * information, i.e. is not source-routed, the correct
00773          * values are 20 and 22, as they are in the vanilla code.
00774          *
00775          * A packet is source-routed iff the uppermost bit
00776          * of the first byte of the source address, at an
00777          * offset of 8, has the uppermost bit set.  If the
00778          * packet is source-routed, the total number of bytes
00779          * of routing information is 2 plus bits 0x1F00 of
00780          * the 16-bit value at an offset of 14 (shifted right
00781          * 8 - figure out which byte that is).
00782          */
00783         off_linktype = 14;
00784         off_nl = 22;        /* Token Ring+802.2+SNAP */
00785         off_nl_nosnap = 17; /* Token Ring+802.2 */
00786         return;
00787 
00788     case DLT_IEEE802_11:
00789         /*
00790          * 802.11 doesn't really have a link-level type field.
00791          * We set "off_linktype" to the offset of the LLC header.
00792          *
00793          * To check for Ethernet types, we assume that SSAP = SNAP
00794          * is being used and pick out the encapsulated Ethernet type.
00795          * XXX - should we generate code to check for SNAP?
00796          *
00797          * XXX - the header is actually variable-length.  We
00798          * assume a 24-byte link-layer header, as appears in
00799          * data frames in networks with no bridges.
00800          */
00801         off_linktype = 24;
00802         off_nl = 32;        /* 802.11+802.2+SNAP */
00803         off_nl_nosnap = 27; /* 802.11+802.2 */
00804         return;
00805 
00806     case DLT_PRISM_HEADER:
00807         /*
00808          * Same as 802.11, but with an additional header before
00809          * the 802.11 header, containing a bunch of additional
00810          * information including radio-level information.
00811          *
00812          * The header is 144 bytes long.
00813          *
00814          * XXX - same variable-length header problem; at least
00815          * the Prism header is fixed-length.
00816          */
00817         off_linktype = 144+24;
00818         off_nl = 144+32;    /* Prism+802.11+802.2+SNAP */
00819         off_nl_nosnap = 144+27; /* Prism+802.11+802.2 */
00820         return;
00821 
00822     case DLT_ATM_RFC1483:
00823     case DLT_ATM_CLIP:  /* Linux ATM defines this */
00824         /*
00825          * assume routed, non-ISO PDUs
00826          * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
00827          */
00828         off_linktype = 0;
00829         off_nl = 8;     /* 802.2+SNAP */
00830         off_nl_nosnap = 3;  /* 802.2 */
00831         return;
00832 
00833     case DLT_SUNATM:
00834         /*
00835          * Full Frontal ATM; you get AALn PDUs with an ATM
00836          * pseudo-header.
00837          */
00838         is_atm = 1;
00839         off_linktype = SUNATM_PKT_BEGIN_POS;
00840         off_vpi = SUNATM_VPI_POS;
00841         off_vci = SUNATM_VCI_POS;
00842         off_proto = PROTO_POS;
00843         off_msg_type = SUNATM_PKT_BEGIN_POS+MSG_TYPE_POS;
00844         off_nl = SUNATM_PKT_BEGIN_POS+8;    /* 802.2+SNAP */
00845         off_nl_nosnap = SUNATM_PKT_BEGIN_POS+3; /* 802.2 */
00846         return;
00847 
00848     case DLT_RAW:
00849         off_linktype = -1;
00850         off_nl = 0;
00851         off_nl_nosnap = 0;  /* no 802.2 LLC */
00852         return;
00853 
00854     case DLT_LINUX_SLL: /* fake header for Linux cooked socket */
00855         off_linktype = 14;
00856         off_nl = 16;
00857         off_nl_nosnap = 16; /* no 802.2 LLC */
00858         return;
00859 
00860     case DLT_LTALK:
00861         /*
00862          * LocalTalk does have a 1-byte type field in the LLAP header,
00863          * but really it just indicates whether there is a "short" or
00864          * "long" DDP packet following.
00865          */
00866         off_linktype = -1;
00867         off_nl = 0;
00868         off_nl_nosnap = 0;  /* no 802.2 LLC */
00869         return;
00870 
00871     case DLT_FRELAY:
00872         /*
00873          * XXX - we should set this to handle SNAP-encapsulated
00874          * frames (NLPID of 0x80).
00875          */
00876         off_linktype = -1;
00877         off_nl = 0;
00878         off_nl_nosnap = 0;  /* no 802.2 LLC */
00879         return;
00880     }
00881     bpf_error("unknown data link type %d", linktype);
00882     /* NOTREACHED */
00883 }
00884 
00885 static struct block *
00886 gen_uncond(rsense)
00887     int rsense;
00888 {
00889     struct block *b;
00890     struct slist *s;
00891 
00892     s = new_stmt(BPF_LD|BPF_IMM);
00893     s->s.k = !rsense;
00894     b = new_block(JMP(BPF_JEQ));
00895     b->stmts = s;
00896 
00897     return b;
00898 }
00899 
00900 static inline struct block *
00901 gen_true()
00902 {
00903     return gen_uncond(1);
00904 }
00905 
00906 static inline struct block *
00907 gen_false()
00908 {
00909     return gen_uncond(0);
00910 }
00911 
00912 /*
00913  * Byte-swap a 32-bit number.
00914  * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
00915  * big-endian platforms.)
00916  */
00917 #define SWAPLONG(y) \
00918 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
00919 
00920 static struct block *
00921 gen_linktype(proto)
00922     register int proto;
00923 {
00924     struct block *b0, *b1, *b2;
00925 
00926     switch (linktype) {
00927 
00928     case DLT_EN10MB:
00929         switch (proto) {
00930 
00931         case LLCSAP_ISONS:
00932             /*
00933              * OSI protocols always use 802.2 encapsulation.
00934              * XXX - should we check both the DSAP and the
00935              * SSAP, like this, or should we check just the
00936              * DSAP?
00937              */
00938             b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
00939             gen_not(b0);
00940             b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
00941                      ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
00942             gen_and(b0, b1);
00943             return b1;
00944 
00945         case LLCSAP_NETBEUI:
00946             /*
00947              * NetBEUI always uses 802.2 encapsulation.
00948              * XXX - should we check both the DSAP and the
00949              * SSAP, like this, or should we check just the
00950              * DSAP?
00951              */
00952             b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
00953             gen_not(b0);
00954             b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
00955                      ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
00956             gen_and(b0, b1);
00957             return b1;
00958 
00959         case LLCSAP_IPX:
00960             /*
00961              * Check for;
00962              *
00963              *  Ethernet_II frames, which are Ethernet
00964              *  frames with a frame type of ETHERTYPE_IPX;
00965              *
00966              *  Ethernet_802.3 frames, which are 802.3
00967              *  frames (i.e., the type/length field is
00968              *  a length field, <= ETHERMTU, rather than
00969              *  a type field) with the first two bytes
00970              *  after the Ethernet/802.3 header being
00971              *  0xFFFF;
00972              *
00973              *  Ethernet_802.2 frames, which are 802.3
00974              *  frames with an 802.2 LLC header and
00975              *  with the IPX LSAP as the DSAP in the LLC
00976              *  header;
00977              *
00978              *  Ethernet_SNAP frames, which are 802.3
00979              *  frames with an LLC header and a SNAP
00980              *  header and with an OUI of 0x000000
00981              *  (encapsulated Ethernet) and a protocol
00982              *  ID of ETHERTYPE_IPX in the SNAP header.
00983              *
00984              * XXX - should we generate the same code both
00985              * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
00986              */
00987 
00988             /*
00989              * This generates code to check both for the
00990              * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
00991              */
00992             b0 = gen_cmp(off_linktype + 2, BPF_B,
00993                 (bpf_int32)LLCSAP_IPX);
00994             b1 = gen_cmp(off_linktype + 2, BPF_H,
00995                 (bpf_int32)0xFFFF);
00996             gen_or(b0, b1);
00997 
00998             /*
00999              * Now we add code to check for SNAP frames with
01000              * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
01001              */
01002             b0 = gen_snap(0x000000, ETHERTYPE_IPX, 14);
01003             gen_or(b0, b1);
01004 
01005             /*
01006              * Now we generate code to check for 802.3
01007              * frames in general.
01008              */
01009             b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01010             gen_not(b0);
01011 
01012             /*
01013              * Now add the check for 802.3 frames before the
01014              * check for Ethernet_802.2 and Ethernet_802.3,
01015              * as those checks should only be done on 802.3
01016              * frames, not on Ethernet frames.
01017              */
01018             gen_and(b0, b1);
01019 
01020             /*
01021              * Now add the check for Ethernet_II frames, and
01022              * do that before checking for the other frame
01023              * types.
01024              */
01025             b0 = gen_cmp(off_linktype, BPF_H,
01026                 (bpf_int32)ETHERTYPE_IPX);
01027             gen_or(b0, b1);
01028             return b1;
01029 
01030         case ETHERTYPE_ATALK:
01031         case ETHERTYPE_AARP:
01032             /*
01033              * EtherTalk (AppleTalk protocols on Ethernet link
01034              * layer) may use 802.2 encapsulation.
01035              */
01036 
01037             /*
01038              * Check for 802.2 encapsulation (EtherTalk phase 2?);
01039              * we check for an Ethernet type field less than
01040              * 1500, which means it's an 802.3 length field.
01041              */
01042             b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01043             gen_not(b0);
01044 
01045             /*
01046              * 802.2-encapsulated ETHERTYPE_ATALK packets are
01047              * SNAP packets with an organization code of
01048              * 0x080007 (Apple, for Appletalk) and a protocol
01049              * type of ETHERTYPE_ATALK (Appletalk).
01050              *
01051              * 802.2-encapsulated ETHERTYPE_AARP packets are
01052              * SNAP packets with an organization code of
01053              * 0x000000 (encapsulated Ethernet) and a protocol
01054              * type of ETHERTYPE_AARP (Appletalk ARP).
01055              */
01056             if (proto == ETHERTYPE_ATALK)
01057                 b1 = gen_snap(0x080007, ETHERTYPE_ATALK, 14);
01058             else    /* proto == ETHERTYPE_AARP */
01059                 b1 = gen_snap(0x000000, ETHERTYPE_AARP, 14);
01060             gen_and(b0, b1);
01061 
01062             /*
01063              * Check for Ethernet encapsulation (Ethertalk
01064              * phase 1?); we just check for the Ethernet
01065              * protocol type.
01066              */
01067             b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01068 
01069             gen_or(b0, b1);
01070             return b1;
01071 
01072         default:
01073             if (proto <= ETHERMTU) {
01074                 /*
01075                  * This is an LLC SAP value, so the frames
01076                  * that match would be 802.2 frames.
01077                  * Check that the frame is an 802.2 frame
01078                  * (i.e., that the length/type field is
01079                  * a length field, <= ETHERMTU) and
01080                  * then check the DSAP.
01081                  */
01082                 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
01083                 gen_not(b0);
01084                 b1 = gen_cmp(off_linktype + 2, BPF_B,
01085                      (bpf_int32)proto);
01086                 gen_and(b0, b1);
01087                 return b1;
01088             } else {
01089                 /*
01090                  * This is an Ethernet type, so compare
01091                  * the length/type field with it (if
01092                  * the frame is an 802.2 frame, the length
01093                  * field will be <= ETHERMTU, and, as
01094                  * "proto" is > ETHERMTU, this test
01095                  * will fail and the frame won't match,
01096                  * which is what we want).
01097                  */
01098                 return gen_cmp(off_linktype, BPF_H,
01099                     (bpf_int32)proto);
01100             }
01101         }
01102         break;
01103 
01104     case DLT_IEEE802_11:
01105     case DLT_PRISM_HEADER:
01106     case DLT_FDDI:
01107     case DLT_IEEE802:
01108     case DLT_ATM_RFC1483:
01109     case DLT_ATM_CLIP:
01110         return gen_llc(proto);
01111         break;
01112 
01113     case DLT_SUNATM:
01114         /*
01115          * Check for LLC encapsulation and then check the protocol.
01116          * XXX - also check for LANE and then check for an Ethernet
01117          * type?
01118          */
01119         b0 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
01120         b1 = gen_llc(proto);
01121         gen_and(b0, b1);
01122         return b1;
01123 
01124     case DLT_LINUX_SLL:
01125         switch (proto) {
01126 
01127         case LLCSAP_ISONS:
01128             /*
01129              * OSI protocols always use 802.2 encapsulation.
01130              * XXX - should we check both the DSAP and the
01131              * LSAP, like this, or should we check just the
01132              * DSAP?
01133              */
01134             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01135             b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01136                      ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
01137             gen_and(b0, b1);
01138             return b1;
01139 
01140         case LLCSAP_NETBEUI:
01141             /*
01142              * NetBEUI always uses 802.2 encapsulation.
01143              * XXX - should we check both the DSAP and the
01144              * LSAP, like this, or should we check just the
01145              * DSAP?
01146              */
01147             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01148             b1 = gen_cmp(off_linktype + 2, BPF_H, (bpf_int32)
01149                      ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
01150             gen_and(b0, b1);
01151             return b1;
01152 
01153         case LLCSAP_IPX:
01154             /*
01155              *  Ethernet_II frames, which are Ethernet
01156              *  frames with a frame type of ETHERTYPE_IPX;
01157              *
01158              *  Ethernet_802.3 frames, which have a frame
01159              *  type of LINUX_SLL_P_802_3;
01160              *
01161              *  Ethernet_802.2 frames, which are 802.3
01162              *  frames with an 802.2 LLC header (i.e, have
01163              *  a frame type of LINUX_SLL_P_802_2) and
01164              *  with the IPX LSAP as the DSAP in the LLC
01165              *  header;
01166              *
01167              *  Ethernet_SNAP frames, which are 802.3
01168              *  frames with an LLC header and a SNAP
01169              *  header and with an OUI of 0x000000
01170              *  (encapsulated Ethernet) and a protocol
01171              *  ID of ETHERTYPE_IPX in the SNAP header.
01172              *
01173              * First, do the checks on LINUX_SLL_P_802_2
01174              * frames; generate the check for either
01175              * Ethernet_802.2 or Ethernet_SNAP frames, and
01176              * then put a check for LINUX_SLL_P_802_2 frames
01177              * before it.
01178              */
01179             b0 = gen_cmp(off_linktype + 2, BPF_B,
01180                 (bpf_int32)LLCSAP_IPX);
01181             b1 = gen_snap(0x000000, ETHERTYPE_IPX,
01182                 off_linktype + 2);
01183             gen_or(b0, b1);
01184             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01185             gen_and(b0, b1);
01186 
01187             /*
01188              * Now check for 802.3 frames and OR that with
01189              * the previous test.
01190              */
01191             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_3);
01192             gen_or(b0, b1);
01193 
01194             /*
01195              * Now add the check for Ethernet_II frames, and
01196              * do that before checking for the other frame
01197              * types.
01198              */
01199             b0 = gen_cmp(off_linktype, BPF_H,
01200                 (bpf_int32)ETHERTYPE_IPX);
01201             gen_or(b0, b1);
01202             return b1;
01203 
01204         case ETHERTYPE_ATALK:
01205         case ETHERTYPE_AARP:
01206             /*
01207              * EtherTalk (AppleTalk protocols on Ethernet link
01208              * layer) may use 802.2 encapsulation.
01209              */
01210 
01211             /*
01212              * Check for 802.2 encapsulation (EtherTalk phase 2?);
01213              * we check for the 802.2 protocol type in the
01214              * "Ethernet type" field.
01215              */
01216             b0 = gen_cmp(off_linktype, BPF_H, LINUX_SLL_P_802_2);
01217 
01218             /*
01219              * 802.2-encapsulated ETHERTYPE_ATALK packets are
01220              * SNAP packets with an organization code of
01221              * 0x080007 (Apple, for Appletalk) and a protocol
01222              * type of ETHERTYPE_ATALK (Appletalk).
01223              *
01224              * 802.2-encapsulated ETHERTYPE_AARP packets are
01225              * SNAP packets with an organization code of
01226              * 0x000000 (encapsulated Ethernet) and a protocol
01227              * type of ETHERTYPE_AARP (Appletalk ARP).
01228              */
01229             if (proto == ETHERTYPE_ATALK)
01230                 b1 = gen_snap(0x080007, ETHERTYPE_ATALK,
01231                     off_linktype + 2);
01232             else    /* proto == ETHERTYPE_AARP */
01233                 b1 = gen_snap(0x000000, ETHERTYPE_AARP,
01234                     off_linktype + 2);
01235             gen_and(b0, b1);
01236 
01237             /*
01238              * Check for Ethernet encapsulation (Ethertalk
01239              * phase 1?); we just check for the Ethernet
01240              * protocol type.
01241              */
01242             b0 = gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01243 
01244             gen_or(b0, b1);
01245             return b1;
01246 
01247         default:
01248             if (proto <= ETHERMTU) {
01249                 /*
01250                  * This is an LLC SAP value, so the frames
01251                  * that match would be 802.2 frames.
01252                  * Check for the 802.2 protocol type
01253                  * in the "Ethernet type" field, and
01254                  * then check the DSAP.
01255                  */
01256                 b0 = gen_cmp(off_linktype, BPF_H,
01257                     LINUX_SLL_P_802_2);
01258                 b1 = gen_cmp(off_linktype + 2, BPF_B,
01259                      (bpf_int32)proto);
01260                 gen_and(b0, b1);
01261                 return b1;
01262             } else {
01263                 /*
01264                  * This is an Ethernet type, so compare
01265                  * the length/type field with it (if
01266                  * the frame is an 802.2 frame, the length
01267                  * field will be <= ETHERMTU, and, as
01268                  * "proto" is > ETHERMTU, this test
01269                  * will fail and the frame won't match,
01270                  * which is what we want).
01271                  */
01272                 return gen_cmp(off_linktype, BPF_H,
01273                     (bpf_int32)proto);
01274             }
01275         }
01276         break;
01277 
01278     case DLT_SLIP:
01279     case DLT_SLIP_BSDOS:
01280     case DLT_RAW:
01281         /*
01282          * These types don't provide any type field; packets
01283          * are always IP.
01284          *
01285          * XXX - for IPv4, check for a version number of 4, and,
01286          * for IPv6, check for a version number of 6?
01287          */
01288         switch (proto) {
01289 
01290         case ETHERTYPE_IP:
01291 #ifdef INET6
01292         case ETHERTYPE_IPV6:
01293 #endif
01294             return gen_true();      /* always true */
01295 
01296         default:
01297             return gen_false();     /* always false */
01298         }
01299         break;
01300 
01301     case DLT_PPP:
01302     case DLT_PPP_SERIAL:
01303     case DLT_PPP_ETHER:
01304         /*
01305          * We use Ethernet protocol types inside libpcap;
01306          * map them to the corresponding PPP protocol types.
01307          */
01308         switch (proto) {
01309 
01310         case ETHERTYPE_IP:
01311             proto = PPP_IP;         /* XXX was 0x21 */
01312             break;
01313 
01314 #ifdef INET6
01315         case ETHERTYPE_IPV6:
01316             proto = PPP_IPV6;
01317             break;
01318 #endif
01319 
01320         case ETHERTYPE_DN:
01321             proto = PPP_DECNET;
01322             break;
01323 
01324         case ETHERTYPE_ATALK:
01325             proto = PPP_APPLE;
01326             break;
01327 
01328         case ETHERTYPE_NS:
01329             proto = PPP_NS;
01330             break;
01331 
01332         case LLCSAP_ISONS:
01333             proto = PPP_OSI;
01334             break;
01335 
01336         case LLCSAP_8021D:
01337             /*
01338              * I'm assuming the "Bridging PDU"s that go
01339              * over PPP are Spanning Tree Protocol
01340              * Bridging PDUs.
01341              */
01342             proto = PPP_BRPDU;
01343             break;
01344 
01345         case LLCSAP_IPX:
01346             proto = PPP_IPX;
01347             break;
01348         }
01349         break;
01350 
01351     case DLT_PPP_BSDOS:
01352         /*
01353          * We use Ethernet protocol types inside libpcap;
01354          * map them to the corresponding PPP protocol types.
01355          */
01356         switch (proto) {
01357 
01358         case ETHERTYPE_IP:
01359             b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
01360             b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
01361             gen_or(b0, b1);
01362             b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
01363             gen_or(b1, b0);
01364             return b0;
01365 
01366 #ifdef INET6
01367         case ETHERTYPE_IPV6:
01368             proto = PPP_IPV6;
01369             /* more to go? */
01370             break;
01371 #endif
01372 
01373         case ETHERTYPE_DN:
01374             proto = PPP_DECNET;
01375             break;
01376 
01377         case ETHERTYPE_ATALK:
01378             proto = PPP_APPLE;
01379             break;
01380 
01381         case ETHERTYPE_NS:
01382             proto = PPP_NS;
01383             break;
01384 
01385         case LLCSAP_ISONS:
01386             proto = PPP_OSI;
01387             break;
01388 
01389         case LLCSAP_8021D:
01390             /*
01391              * I'm assuming the "Bridging PDU"s that go
01392              * over PPP are Spanning Tree Protocol
01393              * Bridging PDUs.
01394              */
01395             proto = PPP_BRPDU;
01396             break;
01397 
01398         case LLCSAP_IPX:
01399             proto = PPP_IPX;
01400             break;
01401         }
01402         break;
01403 
01404     case DLT_NULL:
01405     case DLT_LOOP:
01406         /*
01407          * For DLT_NULL, the link-layer header is a 32-bit
01408          * word containing an AF_ value in *host* byte order.
01409          *
01410          * In addition, if we're reading a saved capture file,
01411          * the host byte order in the capture may not be the
01412          * same as the host byte order on this machine.
01413          *
01414          * For DLT_LOOP, the link-layer header is a 32-bit
01415          * word containing an AF_ value in *network* byte order.
01416          *
01417          * XXX - AF_ values may, unfortunately, be platform-
01418          * dependent; for example, FreeBSD's AF_INET6 is 24
01419          * whilst NetBSD's and OpenBSD's is 26.
01420          *
01421          * This means that, when reading a capture file, just
01422          * checking for our AF_INET6 value won't work if the
01423          * capture file came from another OS.
01424          */
01425         switch (proto) {
01426 
01427         case ETHERTYPE_IP:
01428             proto = AF_INET;
01429             break;
01430 
01431 #ifdef INET6
01432         case ETHERTYPE_IPV6:
01433             proto = AF_INET6;
01434             break;
01435 #endif
01436 
01437         default:
01438             /*
01439              * Not a type on which we support filtering.
01440              * XXX - support those that have AF_ values
01441              * #defined on this platform, at least?
01442              */
01443             return gen_false();
01444         }
01445 
01446         if (linktype == DLT_NULL) {
01447             /*
01448              * The AF_ value is in host byte order, but
01449              * the BPF interpreter will convert it to
01450              * network byte order.
01451              *
01452              * If this is a save file, and it's from a
01453              * machine with the opposite byte order to
01454              * ours, we byte-swap the AF_ value.
01455              *
01456              * Then we run it through "htonl()", and
01457              * generate code to compare against the result.
01458              */
01459             if (bpf_pcap->sf.rfile != NULL &&
01460                 bpf_pcap->sf.swapped)
01461                 proto = SWAPLONG(proto);
01462             proto = htonl(proto);
01463         }
01464         return (gen_cmp(0, BPF_W, (bpf_int32)proto));
01465 
01466     case DLT_ARCNET:
01467         /*
01468          * XXX should we check for first fragment if the protocol
01469          * uses PHDS?
01470          */
01471         switch(proto) {
01472         default:
01473             return gen_false();
01474 #ifdef INET6
01475         case ETHERTYPE_IPV6:
01476             return(gen_cmp(2, BPF_B,
01477                     (bpf_int32)htonl(ARCTYPE_INET6)));
01478 #endif /* INET6 */
01479         case ETHERTYPE_IP:
01480             b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP));
01481             b1 = gen_cmp(2, BPF_B,
01482                     (bpf_int32)htonl(ARCTYPE_IP_OLD));
01483             gen_or(b0, b1);
01484             return(b1);
01485         case ETHERTYPE_ARP:
01486             b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP));
01487             b1 = gen_cmp(2, BPF_B,
01488                     (bpf_int32)htonl(ARCTYPE_ARP_OLD));
01489             gen_or(b0, b1);
01490             return(b1);
01491         case ETHERTYPE_REVARP:
01492             return(gen_cmp(2, BPF_B,
01493                     (bpf_int32)htonl(ARCTYPE_REVARP)));
01494         case ETHERTYPE_ATALK:
01495             return(gen_cmp(2, BPF_B,
01496                     (bpf_int32)htonl(ARCTYPE_ATALK)));
01497         }
01498         break;
01499 
01500     case DLT_LTALK:
01501         switch (proto) {
01502         case ETHERTYPE_ATALK:
01503             return gen_true();
01504         default:
01505             return gen_false();
01506         }
01507         break;
01508 
01509     case DLT_FRELAY:
01510         /*
01511          * XXX - assumes a 2-byte Frame Relay header with
01512          * DLCI and flags.  What if the address is longer?
01513          */
01514         switch (proto) {
01515 
01516         case ETHERTYPE_IP:
01517             /*
01518              * Check for the special NLPID for IP.
01519              */
01520             return gen_cmp(2, BPF_H, (0x03<<8) | 0xcc);
01521 
01522 #ifdef INET6
01523         case ETHERTYPE_IPV6:
01524             /*
01525              * Check for the special NLPID for IPv6.
01526              */
01527             return gen_cmp(2, BPF_H, (0x03<<8) | 0x8e);
01528 #endif
01529 
01530         case LLCSAP_ISONS:
01531             /*
01532              * Check for several OSI protocols.
01533              *
01534              * Frame Relay packets typically have an OSI
01535              * NLPID at the beginning; we check for each
01536              * of them.
01537              *
01538              * What we check for is the NLPID and a frame
01539              * control field of UI, i.e. 0x03 followed
01540              * by the NLPID.
01541              */
01542             b0 = gen_cmp(2, BPF_H, (0x03<<8) | ISO8473_CLNP);
01543             b1 = gen_cmp(2, BPF_H, (0x03<<8) | ISO9542_ESIS);
01544             b2 = gen_cmp(2, BPF_H, (0x03<<8) | ISO10589_ISIS);
01545             gen_or(b1, b2);
01546             gen_or(b0, b2);
01547             return b2;
01548 
01549         default:
01550             return gen_false();
01551         }
01552         break;
01553     }
01554 
01555     /*
01556      * All the types that have no encapsulation should either be
01557      * handled as DLT_SLIP, DLT_SLIP_BSDOS, and DLT_RAW are, if
01558      * all packets are IP packets, or should be handled in some
01559      * special case, if none of them are (if some are and some
01560      * aren't, the lack of encapsulation is a problem, as we'd
01561      * have to find some other way of determining the packet type).
01562      *
01563      * Therefore, if "off_linktype" is -1, there's an error.
01564      */
01565     if (off_linktype == -1)
01566         abort();
01567 
01568     /*
01569      * Any type not handled above should always have an Ethernet
01570      * type at an offset of "off_linktype".  (PPP is partially
01571      * handled above - the protocol type is mapped from the
01572      * Ethernet and LLC types we use internally to the corresponding
01573      * PPP type - but the PPP type is always specified by a value
01574      * at "off_linktype", so we don't have to do the code generation
01575      * above.)
01576      */
01577     return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
01578 }
01579 
01580 /*
01581  * Check for an LLC SNAP packet with a given organization code and
01582  * protocol type; we check the entire contents of the 802.2 LLC and
01583  * snap headers, checking for DSAP and SSAP of SNAP and a control
01584  * field of 0x03 in the LLC header, and for the specified organization
01585  * code and protocol type in the SNAP header.
01586  */
01587 static struct block *
01588 gen_snap(orgcode, ptype, offset)
01589     bpf_u_int32 orgcode;
01590     bpf_u_int32 ptype;
01591     u_int offset;
01592 {
01593     u_char snapblock[8];
01594 
01595     snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */
01596     snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */
01597     snapblock[2] = 0x03;    /* control = UI */
01598     snapblock[3] = (orgcode >> 16); /* upper 8 bits of organization code */
01599     snapblock[4] = (orgcode >> 8);  /* middle 8 bits of organization code */
01600     snapblock[5] = (orgcode >> 0);  /* lower 8 bits of organization code */
01601     snapblock[6] = (ptype >> 8);    /* upper 8 bits of protocol type */
01602     snapblock[7] = (ptype >> 0);    /* lower 8 bits of protocol type */
01603     return gen_bcmp(offset, 8, snapblock);
01604 }
01605 
01606 /*
01607  * Check for a given protocol value assuming an 802.2 LLC header.
01608  */
01609 static struct block *
01610 gen_llc(proto)
01611     int proto;
01612 {
01613     /*
01614      * XXX - handle token-ring variable-length header.
01615      */
01616     switch (proto) {
01617 
01618     case LLCSAP_ISONS:
01619         return gen_cmp(off_linktype, BPF_H, (long)
01620                  ((LLCSAP_ISONS << 8) | LLCSAP_ISONS));
01621 
01622     case LLCSAP_NETBEUI:
01623         return gen_cmp(off_linktype, BPF_H, (long)
01624                  ((LLCSAP_NETBEUI << 8) | LLCSAP_NETBEUI));
01625 
01626     case LLCSAP_IPX:
01627         /*
01628          * XXX - are there ever SNAP frames for IPX on
01629          * non-Ethernet 802.x networks?
01630          */
01631         return gen_cmp(off_linktype, BPF_B, (bpf_int32)LLCSAP_IPX);
01632 
01633     case ETHERTYPE_ATALK:
01634         /*
01635          * 802.2-encapsulated ETHERTYPE_ATALK packets are
01636          * SNAP packets with an organization code of
01637          * 0x080007 (Apple, for Appletalk) and a protocol
01638          * type of ETHERTYPE_ATALK (Appletalk).
01639          *
01640          * XXX - check for an organization code of
01641          * encapsulated Ethernet as well?
01642          */
01643         return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
01644 
01645     default:
01646         /*
01647          * XXX - we don't have to check for IPX 802.3
01648          * here, but should we check for the IPX Ethertype?
01649          */
01650         if (proto <= ETHERMTU) {
01651             /*
01652              * This is an LLC SAP value, so check
01653              * the DSAP.
01654              */
01655             return gen_cmp(off_linktype, BPF_B, (bpf_int32)proto);
01656         } else {
01657             /*
01658              * This is an Ethernet type; we assume that it's
01659              * unlikely that it'll appear in the right place
01660              * at random, and therefore check only the
01661              * location that would hold the Ethernet type
01662              * in a SNAP frame with an organization code of
01663              * 0x000000 (encapsulated Ethernet).
01664              *
01665              * XXX - if we were to check for the SNAP DSAP and
01666              * LSAP, as per XXX, and were also to check for an
01667              * organization code of 0x000000 (encapsulated
01668              * Ethernet), we'd do
01669              *
01670              *  return gen_snap(0x000000, proto,
01671              *      off_linktype);
01672              *
01673              * here; for now, we don't, as per the above.
01674              * I don't know whether it's worth the extra CPU
01675              * time to do the right check or not.
01676              */
01677             return gen_cmp(off_linktype+6, BPF_H, (bpf_int32)proto);
01678         }
01679     }
01680 }
01681 
01682 static struct block *
01683 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
01684     bpf_u_int32 addr;
01685     bpf_u_int32 mask;
01686     int dir, proto;
01687     u_int src_off, dst_off;
01688 {
01689     struct block *b0, *b1;
01690     u_int offset;
01691 
01692     switch (dir) {
01693 
01694     case Q_SRC:
01695         offset = src_off;
01696         break;
01697 
01698     case Q_DST:
01699         offset = dst_off;
01700         break;
01701 
01702     case Q_AND:
01703         b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
01704         b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
01705         gen_and(b0, b1);
01706         return b1;
01707 
01708     case Q_OR:
01709     case Q_DEFAULT:
01710         b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
01711         b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
01712         gen_or(b0, b1);
01713         return b1;
01714 
01715     default:
01716         abort();
01717     }
01718     b0 = gen_linktype(proto);
01719     b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask);
01720     gen_and(b0, b1);
01721     return b1;
01722 }
01723 
01724 #ifdef INET6
01725 static struct block *
01726 gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
01727     struct in6_addr *addr;
01728     struct in6_addr *mask;
01729     int dir, proto;
01730     u_int src_off, dst_off;
01731 {
01732     struct block *b0, *b1;
01733     u_int offset;
01734     u_int32_t *a, *m;
01735 
01736     switch (dir) {
01737 
01738     case Q_SRC:
01739         offset = src_off;
01740         break;
01741 
01742     case Q_DST:
01743         offset = dst_off;
01744         break;
01745 
01746     case Q_AND:
01747         b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
01748         b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
01749         gen_and(b0, b1);
01750         return b1;
01751 
01752     case Q_OR:
01753     case Q_DEFAULT:
01754         b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
01755         b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
01756         gen_or(b0, b1);
01757         return b1;
01758 
01759     default:
01760         abort();
01761     }
01762     /* this order is important */
01763     a = (u_int32_t *)addr;
01764     m = (u_int32_t *)mask;
01765     b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
01766     b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
01767     gen_and(b0, b1);
01768     b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
01769     gen_and(b0, b1);
01770     b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
01771     gen_and(b0, b1);
01772     b0 = gen_linktype(proto);
01773     gen_and(b0, b1);
01774     return b1;
01775 }
01776 #endif /*INET6*/
01777 
01778 static struct block *
01779 gen_ehostop(eaddr, dir)
01780     register const u_char *eaddr;
01781     register int dir;
01782 {
01783     register struct block *b0, *b1;
01784 
01785     switch (dir) {
01786     case Q_SRC:
01787         return gen_bcmp(6, 6, eaddr);
01788 
01789     case Q_DST:
01790         return gen_bcmp(0, 6, eaddr);
01791 
01792     case Q_AND:
01793         b0 = gen_ehostop(eaddr, Q_SRC);
01794         b1 = gen_ehostop(eaddr, Q_DST);
01795         gen_and(b0, b1);
01796         return b1;
01797 
01798     case Q_DEFAULT:
01799     case Q_OR:
01800         b0 = gen_ehostop(eaddr, Q_SRC);
01801         b1 = gen_ehostop(eaddr, Q_DST);
01802         gen_or(b0, b1);
01803         return b1;
01804     }
01805     abort();
01806     /* NOTREACHED */
01807 }
01808 
01809 /*
01810  * Like gen_ehostop, but for DLT_FDDI
01811  */
01812 static struct block *
01813 gen_fhostop(eaddr, dir)
01814     register const u_char *eaddr;
01815     register int dir;
01816 {
01817     struct block *b0, *b1;
01818 
01819     switch (dir) {
01820     case Q_SRC:
01821 #ifdef PCAP_FDDIPAD
01822         return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
01823 #else
01824         return gen_bcmp(6 + 1, 6, eaddr);
01825 #endif
01826 
01827     case Q_DST:
01828 #ifdef PCAP_FDDIPAD
01829         return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
01830 #else
01831         return gen_bcmp(0 + 1, 6, eaddr);
01832 #endif
01833 
01834     case Q_AND:
01835         b0 = gen_fhostop(eaddr, Q_SRC);
01836         b1 = gen_fhostop(eaddr, Q_DST);
01837         gen_and(b0, b1);
01838         return b1;
01839 
01840     case Q_DEFAULT:
01841     case Q_OR:
01842         b0 = gen_fhostop(eaddr, Q_SRC);
01843         b1 = gen_fhostop(eaddr, Q_DST);
01844         gen_or(b0, b1);
01845         return b1;
01846     }
01847     abort();
01848     /* NOTREACHED */
01849 }
01850 
01851 /*
01852  * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
01853  */
01854 static struct block *
01855 gen_thostop(eaddr, dir)
01856     register const u_char *eaddr;
01857     register int dir;
01858 {
01859     register struct block *b0, *b1;
01860 
01861     switch (dir) {
01862     case Q_SRC:
01863         return gen_bcmp(8, 6, eaddr);
01864 
01865     case Q_DST:
01866         return gen_bcmp(2, 6, eaddr);
01867 
01868     case Q_AND:
01869         b0 = gen_thostop(eaddr, Q_SRC);
01870         b1 = gen_thostop(eaddr, Q_DST);
01871         gen_and(b0, b1);
01872         return b1;
01873 
01874     case Q_DEFAULT:
01875     case Q_OR:
01876         b0 = gen_thostop(eaddr, Q_SRC);
01877         b1 = gen_thostop(eaddr, Q_DST);
01878         gen_or(b0, b1);
01879         return b1;
01880     }
01881     abort();
01882     /* NOTREACHED */
01883 }
01884 
01885 /*
01886  * This is quite tricky because there may be pad bytes in front of the
01887  * DECNET header, and then there are two possible data packet formats that
01888  * carry both src and dst addresses, plus 5 packet types in a format that
01889  * carries only the src node, plus 2 types that use a different format and
01890  * also carry just the src node.
01891  *
01892  * Yuck.
01893  *
01894  * Instead of doing those all right, we just look for data packets with
01895  * 0 or 1 bytes of padding.  If you want to look at other packets, that
01896  * will require a lot more hacking.
01897  *
01898  * To add support for filtering on DECNET "areas" (network numbers)
01899  * one would want to add a "mask" argument to this routine.  That would
01900  * make the filter even more inefficient, although one could be clever
01901  * and not generate masking instructions if the mask is 0xFFFF.
01902  */
01903 static struct block *
01904 gen_dnhostop(addr, dir, base_off)
01905     bpf_u_int32 addr;
01906     int dir;
01907     u_int base_off;
01908 {
01909     struct block *b0, *b1, *b2, *tmp;
01910     u_int offset_lh;    /* offset if long header is received */
01911     u_int offset_sh;    /* offset if short header is received */
01912 
01913     switch (dir) {
01914 
01915     case Q_DST:
01916         offset_sh = 1;  /* follows flags */
01917         offset_lh = 7;  /* flgs,darea,dsubarea,HIORD */
01918         break;
01919 
01920     case Q_SRC:
01921         offset_sh = 3;  /* follows flags, dstnode */
01922         offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
01923         break;
01924 
01925     case Q_AND:
01926         /* Inefficient because we do our Calvinball dance twice */
01927         b0 = gen_dnhostop(addr, Q_SRC, base_off);
01928         b1 = gen_dnhostop(addr, Q_DST, base_off);
01929         gen_and(b0, b1);
01930         return b1;
01931 
01932     case Q_OR:
01933     case Q_DEFAULT:
01934         /* Inefficient because we do our Calvinball dance twice */
01935         b0 = gen_dnhostop(addr, Q_SRC, base_off);
01936         b1 = gen_dnhostop(addr, Q_DST, base_off);
01937         gen_or(b0, b1);
01938         return b1;
01939 
01940     case Q_ISO:
01941             bpf_error("ISO host filtering not implemented");
01942 
01943     default:
01944         abort();
01945     }
01946     b0 = gen_linktype(ETHERTYPE_DN);
01947     /* Check for pad = 1, long header case */
01948     tmp = gen_mcmp(base_off + 2, BPF_H,
01949         (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
01950     b1 = gen_cmp(base_off + 2 + 1 + offset_lh,
01951         BPF_H, (bpf_int32)ntohs(addr));
01952     gen_and(tmp, b1);
01953     /* Check for pad = 0, long header case */
01954     tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
01955     b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
01956     gen_and(tmp, b2);
01957     gen_or(b2, b1);
01958     /* Check for pad = 1, short header case */
01959     tmp = gen_mcmp(base_off + 2, BPF_H,
01960         (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
01961     b2 = gen_cmp(base_off + 2 + 1 + offset_sh,
01962         BPF_H, (bpf_int32)ntohs(addr));
01963     gen_and(tmp, b2);
01964     gen_or(b2, b1);
01965     /* Check for pad = 0, short header case */
01966     tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
01967     b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
01968     gen_and(tmp, b2);
01969     gen_or(b2, b1);
01970 
01971     /* Combine with test for linktype */
01972     gen_and(b0, b1);
01973     return b1;
01974 }
01975 
01976 static struct block *
01977 gen_host(addr, mask, proto, dir)
01978     bpf_u_int32 addr;
01979     bpf_u_int32 mask;
01980     int proto;
01981     int dir;
01982 {
01983     struct block *b0, *b1;
01984 
01985     switch (proto) {
01986 
01987     case Q_DEFAULT:
01988         b0 = gen_host(addr, mask, Q_IP, dir);
01989         if (off_linktype != -1) {
01990             b1 = gen_host(addr, mask, Q_ARP, dir);
01991             gen_or(b0, b1);
01992             b0 = gen_host(addr, mask, Q_RARP, dir);
01993             gen_or(b1, b0);
01994         }
01995         return b0;
01996 
01997     case Q_IP:
01998         return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
01999                   off_nl + 12, off_nl + 16);
02000 
02001     case Q_RARP:
02002         return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
02003                   off_nl + 14, off_nl + 24);
02004 
02005     case Q_ARP:
02006         return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
02007                   off_nl + 14, off_nl + 24);
02008 
02009     case Q_TCP:
02010         bpf_error("'tcp' modifier applied to host");
02011 
02012     case Q_SCTP:
02013         bpf_error("'sctp' modifier applied to host");
02014 
02015     case Q_UDP:
02016         bpf_error("'udp' modifier applied to host");
02017 
02018     case Q_ICMP:
02019         bpf_error("'icmp' modifier applied to host");
02020 
02021     case Q_IGMP:
02022         bpf_error("'igmp' modifier applied to host");
02023 
02024     case Q_IGRP:
02025         bpf_error("'igrp' modifier applied to host");
02026 
02027     case Q_PIM:
02028         bpf_error("'pim' modifier applied to host");
02029 
02030     case Q_VRRP:
02031         bpf_error("'vrrp' modifier applied to host");
02032 
02033     case Q_ATALK:
02034         bpf_error("ATALK host filtering not implemented");
02035 
02036     case Q_AARP:
02037         bpf_error("AARP host filtering not implemented");
02038 
02039     case Q_DECNET:
02040         return gen_dnhostop(addr, dir, off_nl);
02041 
02042     case Q_SCA:
02043         bpf_error("SCA host filtering not implemented");
02044 
02045     case Q_LAT:
02046         bpf_error("LAT host filtering not implemented");
02047 
02048     case Q_MOPDL:
02049         bpf_error("MOPDL host filtering not implemented");
02050 
02051     case Q_MOPRC:
02052         bpf_error("MOPRC host filtering not implemented");
02053 
02054 #ifdef INET6
02055     case Q_IPV6:
02056         bpf_error("'ip6' modifier applied to ip host");
02057 
02058     case Q_ICMPV6:
02059         bpf_error("'icmp6' modifier applied to host");
02060 #endif /* INET6 */
02061 
02062     case Q_AH:
02063         bpf_error("'ah' modifier applied to host");
02064 
02065     case Q_ESP:
02066         bpf_error("'esp' modifier applied to host");
02067 
02068     case Q_ISO:
02069         bpf_error("ISO host filtering not implemented");
02070 
02071     case Q_ESIS:
02072         bpf_error("'esis' modifier applied to host");
02073 
02074     case Q_ISIS:
02075         bpf_error("'isis' modifier applied to host");
02076 
02077     case Q_CLNP:
02078         bpf_error("'clnp' modifier applied to host");
02079 
02080     case Q_STP:
02081         bpf_error("'stp' modifier applied to host");
02082 
02083     case Q_IPX:
02084         bpf_error("IPX host filtering not implemented");
02085 
02086     case Q_NETBEUI:
02087         bpf_error("'netbeui' modifier applied to host");
02088 
02089     default:
02090         abort();
02091     }
02092     /* NOTREACHED */
02093 }
02094 
02095 #ifdef INET6
02096 static struct block *
02097 gen_host6(addr, mask, proto, dir)
02098     struct in6_addr *addr;
02099     struct in6_addr *mask;
02100     int proto;
02101     int dir;
02102 {
02103     switch (proto) {
02104 
02105     case Q_DEFAULT:
02106         return gen_host6(addr, mask, Q_IPV6, dir);
02107 
02108     case Q_IP:
02109         bpf_error("'ip' modifier applied to ip6 host");
02110 
02111     case Q_RARP:
02112         bpf_error("'rarp' modifier applied to ip6 host");
02113 
02114     case Q_ARP:
02115         bpf_error("'arp' modifier applied to ip6 host");
02116 
02117     case Q_SCTP:
02118         bpf_error("'sctp' modifier applied to host");
02119 
02120     case Q_TCP:
02121         bpf_error("'tcp' modifier applied to host");
02122 
02123     case Q_UDP:
02124         bpf_error("'udp' modifier applied to host");
02125 
02126     case Q_ICMP:
02127         bpf_error("'icmp' modifier applied to host");
02128 
02129     case Q_IGMP:
02130         bpf_error("'igmp' modifier applied to host");
02131 
02132     case Q_IGRP:
02133         bpf_error("'igrp' modifier applied to host");
02134 
02135     case Q_PIM:
02136         bpf_error("'pim' modifier applied to host");
02137 
02138     case Q_VRRP:
02139         bpf_error("'vrrp' modifier applied to host");
02140 
02141     case Q_ATALK:
02142         bpf_error("ATALK host filtering not implemented");
02143 
02144     case Q_AARP:
02145         bpf_error("AARP host filtering not implemented");
02146 
02147     case Q_DECNET:
02148         bpf_error("'decnet' modifier applied to ip6 host");
02149 
02150     case Q_SCA:
02151         bpf_error("SCA host filtering not implemented");
02152 
02153     case Q_LAT:
02154         bpf_error("LAT host filtering not implemented");
02155 
02156     case Q_MOPDL:
02157         bpf_error("MOPDL host filtering not implemented");
02158 
02159     case Q_MOPRC:
02160         bpf_error("MOPRC host filtering not implemented");
02161 
02162     case Q_IPV6:
02163         return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
02164                   off_nl + 8, off_nl + 24);
02165 
02166     case Q_ICMPV6:
02167         bpf_error("'icmp6' modifier applied to host");
02168 
02169     case Q_AH:
02170         bpf_error("'ah' modifier applied to host");
02171 
02172     case Q_ESP:
02173         bpf_error("'esp' modifier applied to host");
02174 
02175     case Q_ISO:
02176         bpf_error("ISO host filtering not implemented");
02177 
02178     case Q_ESIS:
02179         bpf_error("'esis' modifier applied to host");
02180 
02181     case Q_ISIS:
02182         bpf_error("'isis' modifier applied to host");
02183 
02184     case Q_CLNP:
02185         bpf_error("'clnp' modifier applied to host");
02186 
02187     case Q_STP:
02188         bpf_error("'stp' modifier applied to host");
02189 
02190     case Q_IPX:
02191         bpf_error("IPX host filtering not implemented");
02192 
02193     case Q_NETBEUI:
02194         bpf_error("'netbeui' modifier applied to host");
02195 
02196     default:
02197         abort();
02198     }
02199     /* NOTREACHED */
02200 }
02201 #endif /*INET6*/
02202 
02203 #ifndef INET6
02204 static struct block *
02205 gen_gateway(eaddr, alist, proto, dir)
02206     const u_char *eaddr;
02207     bpf_u_int32 **alist;
02208     int proto;
02209     int dir;
02210 {
02211     struct block *b0, *b1, *tmp;
02212 
02213     if (dir != 0)
02214         bpf_error("direction applied to 'gateway'");
02215 
02216     switch (proto) {
02217     case Q_DEFAULT:
02218     case Q_IP:
02219     case Q_ARP:
02220     case Q_RARP:
02221         if (linktype == DLT_EN10MB)
02222             b0 = gen_ehostop(eaddr, Q_OR);
02223         else if (linktype == DLT_FDDI)
02224             b0 = gen_fhostop(eaddr, Q_OR);
02225         else if (linktype == DLT_IEEE802)
02226             b0 = gen_thostop(eaddr, Q_OR);
02227         else
02228             bpf_error(
02229                 "'gateway' supported only on ethernet, FDDI or token ring");
02230 
02231         b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
02232         while (*alist) {
02233             tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
02234             gen_or(b1, tmp);
02235             b1 = tmp;
02236         }
02237         gen_not(b1);
02238         gen_and(b0, b1);
02239         return b1;
02240     }
02241     bpf_error("illegal modifier of 'gateway'");
02242     /* NOTREACHED */
02243 }
02244 #endif
02245 
02246 struct block *
02247 gen_proto_abbrev(proto)
02248     int proto;
02249 {
02250 #ifdef INET6
02251     struct block *b0;
02252 #endif
02253     struct block *b1;
02254 
02255     switch (proto) {
02256 
02257     case Q_SCTP:
02258         b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
02259 #ifdef INET6
02260         b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
02261         gen_or(b0, b1);
02262 #endif
02263         break;
02264 
02265     case Q_TCP:
02266         b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
02267 #ifdef INET6
02268         b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
02269         gen_or(b0, b1);
02270 #endif
02271         break;
02272 
02273     case Q_UDP:
02274         b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
02275 #ifdef INET6
02276         b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
02277         gen_or(b0, b1);
02278 #endif
02279         break;
02280 
02281     case Q_ICMP:
02282         b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
02283         break;
02284 
02285 #ifndef IPPROTO_IGMP
02286 #define IPPROTO_IGMP    2
02287 #endif
02288 
02289     case Q_IGMP:
02290         b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
02291         break;
02292 
02293 #ifndef IPPROTO_IGRP
02294 #define IPPROTO_IGRP    9
02295 #endif
02296     case Q_IGRP:
02297         b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
02298         break;
02299 
02300 #ifndef IPPROTO_PIM
02301 #define IPPROTO_PIM 103
02302 #endif
02303 
02304     case Q_PIM:
02305         b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
02306 #ifdef INET6
02307         b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
02308         gen_or(b0, b1);
02309 #endif
02310         break;
02311 
02312 #ifndef IPPROTO_VRRP
02313 #define IPPROTO_VRRP    112
02314 #endif
02315 
02316     case Q_VRRP:
02317         b1 = gen_proto(IPPROTO_VRRP, Q_IP, Q_DEFAULT);
02318         break;
02319 
02320     case Q_IP:
02321         b1 =  gen_linktype(ETHERTYPE_IP);
02322         break;
02323 
02324     case Q_ARP:
02325         b1 =  gen_linktype(ETHERTYPE_ARP);
02326         break;
02327 
02328     case Q_RARP:
02329         b1 =  gen_linktype(ETHERTYPE_REVARP);
02330         break;
02331 
02332     case Q_LINK:
02333         bpf_error("link layer applied in wrong context");
02334 
02335     case Q_ATALK:
02336         b1 =  gen_linktype(ETHERTYPE_ATALK);
02337         break;
02338 
02339     case Q_AARP:
02340         b1 =  gen_linktype(ETHERTYPE_AARP);
02341         break;
02342 
02343     case Q_DECNET:
02344         b1 =  gen_linktype(ETHERTYPE_DN);
02345         break;
02346 
02347     case Q_SCA:
02348         b1 =  gen_linktype(ETHERTYPE_SCA);
02349         break;
02350 
02351     case Q_LAT:
02352         b1 =  gen_linktype(ETHERTYPE_LAT);
02353         break;
02354 
02355     case Q_MOPDL:
02356         b1 =  gen_linktype(ETHERTYPE_MOPDL);
02357         break;
02358 
02359     case Q_MOPRC:
02360         b1 =  gen_linktype(ETHERTYPE_MOPRC);
02361         break;
02362 
02363 #ifdef INET6
02364     case Q_IPV6:
02365         b1 = gen_linktype(ETHERTYPE_IPV6);
02366         break;
02367 
02368 #ifndef IPPROTO_ICMPV6
02369 #define IPPROTO_ICMPV6  58
02370 #endif
02371     case Q_ICMPV6:
02372         b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
02373         break;
02374 #endif /* INET6 */
02375 
02376 #ifndef IPPROTO_AH
02377 #define IPPROTO_AH  51
02378 #endif
02379     case Q_AH:
02380         b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
02381 #ifdef INET6
02382         b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
02383         gen_or(b0, b1);
02384 #endif
02385         break;
02386 
02387 #ifndef IPPROTO_ESP
02388 #define IPPROTO_ESP 50
02389 #endif
02390     case Q_ESP:
02391         b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
02392 #ifdef INET6
02393         b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
02394         gen_or(b0, b1);
02395 #endif
02396         break;
02397 
02398     case Q_ISO:
02399             b1 = gen_linktype(LLCSAP_ISONS);
02400         break;
02401 
02402     case Q_ESIS:
02403             b1 = gen_proto(ISO9542_ESIS, Q_ISO, Q_DEFAULT);
02404         break;
02405 
02406     case Q_ISIS:
02407             b1 = gen_proto(ISO10589_ISIS, Q_ISO, Q_DEFAULT);
02408         break;
02409 
02410     case Q_CLNP:
02411             b1 = gen_proto(ISO8473_CLNP, Q_ISO, Q_DEFAULT);
02412         break;
02413 
02414     case Q_STP:
02415             b1 = gen_linktype(LLCSAP_8021D);
02416         break;
02417 
02418     case Q_IPX:
02419             b1 = gen_linktype(LLCSAP_IPX);
02420         break;
02421 
02422     case Q_NETBEUI:
02423             b1 = gen_linktype(LLCSAP_NETBEUI);
02424         break;
02425 
02426     default:
02427         abort();
02428     }
02429     return b1;
02430 }
02431 
02432 static struct block *
02433 gen_ipfrag()
02434 {
02435     struct slist *s;
02436     struct block *b;
02437 
02438     /* not ip frag */
02439     s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
02440     s->s.k = off_nl + 6;
02441     b = new_block(JMP(BPF_JSET));
02442     b->s.k = 0x1fff;
02443     b->stmts = s;
02444     gen_not(b);
02445 
02446     return b;
02447 }
02448 
02449 static struct block *
02450 gen_portatom(off, v)
02451     int off;
02452     bpf_int32 v;
02453 {
02454     struct slist *s;
02455     struct block *b;
02456 
02457     s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
02458     s->s.k = off_nl;
02459 
02460     s->next = new_stmt(BPF_LD|BPF_IND|BPF_H);
02461     s->next->s.k = off_nl + off;
02462 
02463     b = new_block(JMP(BPF_JEQ));
02464     b->stmts = s;
02465     b->s.k = v;
02466 
02467     return b;
02468 }
02469 
02470 #ifdef INET6
02471 static struct block *
02472 gen_portatom6(off, v)
02473     int off;
02474     bpf_int32 v;
02475 {
02476     return gen_cmp(off_nl + 40 + off, BPF_H, v);
02477 }
02478 #endif/*INET6*/
02479 
02480 struct block *
02481 gen_portop(port, proto, dir)
02482     int port, proto, dir;
02483 {
02484     struct block *b0, *b1, *tmp;
02485 
02486     /* ip proto 'proto' */
02487     tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto);
02488     b0 = gen_ipfrag();
02489     gen_and(tmp, b0);
02490 
02491     switch (dir) {
02492     case Q_SRC:
02493         b1 = gen_portatom(0, (bpf_int32)port);
02494         break;
02495 
02496     case Q_DST:
02497         b1 = gen_portatom(2, (bpf_int32)port);
02498         break;
02499 
02500     case Q_OR:
02501     case Q_DEFAULT:
02502         tmp = gen_portatom(0, (bpf_int32)port);
02503         b1 = gen_portatom(2, (bpf_int32)port);
02504         gen_or(tmp, b1);
02505         break;
02506 
02507     case Q_AND:
02508         tmp = gen_portatom(0, (bpf_int32)port);
02509         b1 = gen_portatom(2, (bpf_int32)port);
02510         gen_and(tmp, b1);
02511         break;
02512 
02513     default:
02514         abort();
02515     }
02516     gen_and(b0, b1);
02517 
02518     return b1;
02519 }
02520 
02521 static struct block *
02522 gen_port(port, ip_proto, dir)
02523     int port;
02524     int ip_proto;
02525     int dir;
02526 {
02527     struct block *b0, *b1, *tmp;
02528 
02529     /* ether proto ip */
02530     b0 =  gen_linktype(ETHERTYPE_IP);
02531 
02532     switch (ip_proto) {
02533     case IPPROTO_UDP:
02534     case IPPROTO_TCP:
02535     case IPPROTO_SCTP:
02536         b1 = gen_portop(port, ip_proto, dir);
02537         break;
02538 
02539     case PROTO_UNDEF:
02540         tmp = gen_portop(port, IPPROTO_TCP, dir);
02541         b1 = gen_portop(port, IPPROTO_UDP, dir);
02542         gen_or(tmp, b1);
02543         tmp = gen_portop(port, IPPROTO_SCTP, dir);
02544         gen_or(tmp, b1);
02545         break;
02546 
02547     default:
02548         abort();
02549     }
02550     gen_and(b0, b1);
02551     return b1;
02552 }
02553 
02554 #ifdef INET6
02555 struct block *
02556 gen_portop6(port, proto, dir)
02557     int port, proto, dir;
02558 {
02559     struct block *b0, *b1, *tmp;
02560 
02561     /* ip proto 'proto' */
02562     b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto);
02563 
02564     switch (dir) {
02565     case Q_SRC:
02566         b1 = gen_portatom6(0, (bpf_int32)port);
02567         break;
02568 
02569     case Q_DST:
02570         b1 = gen_portatom6(2, (bpf_int32)port);
02571         break;
02572 
02573     case Q_OR:
02574     case Q_DEFAULT:
02575         tmp = gen_portatom6(0, (bpf_int32)port);
02576         b1 = gen_portatom6(2, (bpf_int32)port);
02577         gen_or(tmp, b1);
02578         break;
02579 
02580     case Q_AND:
02581         tmp = gen_portatom6(0, (bpf_int32)port);
02582         b1 = gen_portatom6(2, (bpf_int32)port);
02583         gen_and(tmp, b1);
02584         break;
02585 
02586     default:
02587         abort();
02588     }
02589     gen_and(b0, b1);
02590 
02591     return b1;
02592 }
02593 
02594 static struct block *
02595 gen_port6(port, ip_proto, dir)
02596     int port;
02597     int ip_proto;
02598     int dir;
02599 {
02600     struct block *b0, *b1, *tmp;
02601 
02602     /* ether proto ip */
02603     b0 =  gen_linktype(ETHERTYPE_IPV6);
02604 
02605     switch (ip_proto) {
02606     case IPPROTO_UDP:
02607     case IPPROTO_TCP:
02608     case IPPROTO_SCTP:
02609         b1 = gen_portop6(port, ip_proto, dir);
02610         break;
02611 
02612     case PROTO_UNDEF:
02613         tmp = gen_portop6(port, IPPROTO_TCP, dir);
02614         b1 = gen_portop6(port, IPPROTO_UDP, dir);
02615         gen_or(tmp, b1);
02616         tmp = gen_portop6(port, IPPROTO_SCTP, dir);
02617         gen_or(tmp, b1);
02618         break;
02619 
02620     default:
02621         abort();
02622     }
02623     gen_and(b0, b1);
02624     return b1;
02625 }
02626 #endif /* INET6 */
02627 
02628 static int
02629 lookup_proto(name, proto)
02630     register const char *name;
02631     register int proto;
02632 {
02633     register int v;
02634 
02635     switch (proto) {
02636 
02637     case Q_DEFAULT:
02638     case Q_IP:
02639     case Q_IPV6:
02640         v = pcap_nametoproto(name);
02641         if (v == PROTO_UNDEF)
02642             bpf_error("unknown ip proto '%s'", name);
02643         break;
02644 
02645     case Q_LINK:
02646         /* XXX should look up h/w protocol type based on linktype */
02647         v = pcap_nametoeproto(name);
02648         if (v == PROTO_UNDEF)
02649             bpf_error("unknown ether proto '%s'", name);
02650         break;
02651 
02652     case Q_ISO:
02653         if (strcmp(name, "esis") == 0)
02654             v = ISO9542_ESIS;
02655         else if (strcmp(name, "isis") == 0)
02656             v = ISO10589_ISIS;
02657         else if (strcmp(name, "clnp") == 0)
02658             v = ISO8473_CLNP;
02659         else
02660             bpf_error("unknown osi proto '%s'", name);
02661         break;
02662 
02663     default:
02664         v = PROTO_UNDEF;
02665         break;
02666     }
02667     return v;
02668 }
02669 
02670 #if 0
02671 struct stmt *
02672 gen_joinsp(s, n)
02673     struct stmt **s;
02674     int n;
02675 {
02676     return NULL;
02677 }
02678 #endif
02679 
02680 static struct block *
02681 gen_protochain(v, proto, dir)
02682     int v;
02683     int proto;
02684     int dir;
02685 {
02686 #ifdef NO_PROTOCHAIN
02687     return gen_proto(v, proto, dir);
02688 #else
02689     struct block *b0, *b;
02690     struct slist *s[100];
02691     int fix2, fix3, fix4, fix5;
02692     int ahcheck, again, end;
02693     int i, max;
02694     int reg2 = alloc_reg();
02695 
02696     memset(s, 0, sizeof(s));
02697     fix2 = fix3 = fix4 = fix5 = 0;
02698 
02699     switch (proto) {
02700     case Q_IP:
02701     case Q_IPV6:
02702         break;
02703     case Q_DEFAULT:
02704         b0 = gen_protochain(v, Q_IP, dir);
02705         b = gen_protochain(v, Q_IPV6, dir);
02706         gen_or(b0, b);
02707         return b;
02708     default:
02709         bpf_error("bad protocol applied for 'protochain'");
02710         /*NOTREACHED*/
02711     }
02712 
02713     no_optimize = 1; /*this code is not compatible with optimzer yet */
02714 
02715     /*
02716      * s[0] is a dummy entry to protect other BPF insn from damaged
02717      * by s[fix] = foo with uninitialized variable "fix".  It is somewhat
02718      * hard to find interdependency made by jump table fixup.
02719      */
02720     i = 0;
02721     s[i] = new_stmt(0); /*dummy*/
02722     i++;
02723 
02724     switch (proto) {
02725     case Q_IP:
02726         b0 = gen_linktype(ETHERTYPE_IP);
02727 
02728         /* A = ip->ip_p */
02729         s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
02730         s[i]->s.k = off_nl + 9;
02731         i++;
02732         /* X = ip->ip_hl << 2 */
02733         s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
02734         s[i]->s.k = off_nl;
02735         i++;
02736         break;
02737 #ifdef INET6
02738     case Q_IPV6:
02739         b0 = gen_linktype(ETHERTYPE_IPV6);
02740 
02741         /* A = ip6->ip_nxt */
02742         s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
02743         s[i]->s.k = off_nl + 6;
02744         i++;
02745         /* X = sizeof(struct ip6_hdr) */
02746         s[i] = new_stmt(BPF_LDX|BPF_IMM);
02747         s[i]->s.k = 40;
02748         i++;
02749         break;
02750 #endif
02751     default:
02752         bpf_error("unsupported proto to gen_protochain");
02753         /*NOTREACHED*/
02754     }
02755 
02756     /* again: if (A == v) goto end; else fall through; */
02757     again = i;
02758     s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
02759     s[i]->s.k = v;
02760     s[i]->s.jt = NULL;      /*later*/
02761     s[i]->s.jf = NULL;      /*update in next stmt*/
02762     fix5 = i;
02763     i++;
02764 
02765 #ifndef IPPROTO_NONE
02766 #define IPPROTO_NONE    59
02767 #endif
02768     /* if (A == IPPROTO_NONE) goto end */
02769     s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
02770     s[i]->s.jt = NULL;  /*later*/
02771     s[i]->s.jf = NULL;  /*update in next stmt*/
02772     s[i]->s.k = IPPROTO_NONE;
02773     s[fix5]->s.jf = s[i];
02774     fix2 = i;
02775     i++;
02776 
02777 #ifdef INET6
02778     if (proto == Q_IPV6) {
02779         int v6start, v6end, v6advance, j;
02780 
02781         v6start = i;
02782         /* if (A == IPPROTO_HOPOPTS) goto v6advance */
02783         s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
02784         s[i]->s.jt = NULL;  /*later*/
02785         s[i]->s.jf = NULL;  /*update in next stmt*/
02786         s[i]->s.k = IPPROTO_HOPOPTS;
02787         s[fix2]->s.jf = s[i];
02788         i++;
02789         /* if (A == IPPROTO_DSTOPTS) goto v6advance */
02790         s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
02791         s[i]->s.jt = NULL;  /*later*/
02792         s[i]->s.jf = NULL;  /*update in next stmt*/
02793         s[i]->s.k = IPPROTO_DSTOPTS;
02794         i++;
02795         /* if (A == IPPROTO_ROUTING) goto v6advance */
02796         s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
02797         s[i]->s.jt = NULL;  /*later*/
02798         s[i]->s.jf = NULL;  /*update in next stmt*/
02799         s[i]->s.k = IPPROTO_ROUTING;
02800         i++;
02801         /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
02802         s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
02803         s[i]->s.jt = NULL;  /*later*/
02804         s[i]->s.jf = NULL;  /*later*/
02805         s[i]->s.k = IPPROTO_FRAGMENT;
02806         fix3 = i;
02807         v6end = i;
02808         i++;
02809 
02810         /* v6advance: */
02811         v6advance = i;
02812 
02813         /*
02814          * in short,
02815          * A = P[X];
02816          * X = X + (P[X + 1] + 1) * 8;
02817          */
02818         /* A = X */
02819         s[i] = new_stmt(BPF_MISC|BPF_TXA);
02820         i++;
02821         /* A = P[X + packet head] */
02822         s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
02823         s[i]->s.k = off_nl;
02824         i++;
02825         /* MEM[reg2] = A */
02826         s[i] = new_stmt(BPF_ST);
02827         s[i]->s.k = reg2;
02828         i++;
02829         /* A = X */
02830         s[i] = new_stmt(BPF_MISC|BPF_TXA);
02831         i++;
02832         /* A += 1 */
02833         s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
02834         s[i]->s.k = 1;
02835         i++;
02836         /* X = A */
02837         s[i] = new_stmt(BPF_MISC|BPF_TAX);
02838         i++;
02839         /* A = P[X + packet head]; */
02840         s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
02841         s[i]->s.k = off_nl;
02842         i++;
02843         /* A += 1 */
02844         s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
02845         s[i]->s.k = 1;
02846         i++;
02847         /* A *= 8 */
02848         s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
02849         s[i]->s.k = 8;
02850         i++;
02851         /* X = A; */
02852         s[i] = new_stmt(BPF_MISC|BPF_TAX);
02853         i++;
02854         /* A = MEM[reg2] */
02855         s[i] = new_stmt(BPF_LD|BPF_MEM);
02856         s[i]->s.k = reg2;
02857         i++;
02858 
02859         /* goto again; (must use BPF_JA for backward jump) */
02860         s[i] = new_stmt(BPF_JMP|BPF_JA);
02861         s[i]->s.k = again - i - 1;
02862         s[i - 1]->s.jf = s[i];
02863         i++;
02864 
02865         /* fixup */
02866         for (j = v6start; j <= v6end; j++)
02867             s[j]->s.jt = s[v6advance];
02868     } else
02869 #endif
02870     {
02871         /* nop */
02872         s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
02873         s[i]->s.k = 0;
02874         s[fix2]->s.jf = s[i];
02875         i++;
02876     }
02877 
02878     /* ahcheck: */
02879     ahcheck = i;
02880     /* if (A == IPPROTO_AH) then fall through; else goto end; */
02881     s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
02882     s[i]->s.jt = NULL;  /*later*/
02883     s[i]->s.jf = NULL;  /*later*/
02884     s[i]->s.k = IPPROTO_AH;
02885     if (fix3)
02886         s[fix3]->s.jf = s[ahcheck];
02887     fix4 = i;
02888     i++;
02889 
02890     /*
02891      * in short,
02892      * A = P[X];
02893      * X = X + (P[X + 1] + 2) * 4;
02894      */
02895     /* A = X */
02896     s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
02897     i++;
02898     /* A = P[X + packet head]; */
02899     s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
02900     s[i]->s.k = off_nl;
02901     i++;
02902     /* MEM[reg2] = A */
02903     s[i] = new_stmt(BPF_ST);
02904     s[i]->s.k = reg2;
02905     i++;
02906     /* A = X */
02907     s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
02908     i++;
02909     /* A += 1 */
02910     s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
02911     s[i]->s.k = 1;
02912     i++;
02913     /* X = A */
02914     s[i] = new_stmt(BPF_MISC|BPF_TAX);
02915     i++;
02916     /* A = P[X + packet head] */
02917     s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
02918     s[i]->s.k = off_nl;
02919     i++;
02920     /* A += 2 */
02921     s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
02922     s[i]->s.k = 2;
02923     i++;
02924     /* A *= 4 */
02925     s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
02926     s[i]->s.k = 4;
02927     i++;
02928     /* X = A; */
02929     s[i] = new_stmt(BPF_MISC|BPF_TAX);
02930     i++;
02931     /* A = MEM[reg2] */
02932     s[i] = new_stmt(BPF_LD|BPF_MEM);
02933     s[i]->s.k = reg2;
02934     i++;
02935 
02936     /* goto again; (must use BPF_JA for backward jump) */
02937     s[i] = new_stmt(BPF_JMP|BPF_JA);
02938     s[i]->s.k = again - i - 1;
02939     i++;
02940 
02941     /* end: nop */
02942     end = i;
02943     s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
02944     s[i]->s.k = 0;
02945     s[fix2]->s.jt = s[end];
02946     s[fix4]->s.jf = s[end];
02947     s[fix5]->s.jt = s[end];
02948     i++;
02949 
02950     /*
02951      * make slist chain
02952      */
02953     max = i;
02954     for (i = 0; i < max - 1; i++)
02955         s[i]->next = s[i + 1];
02956     s[max - 1]->next = NULL;
02957 
02958     /*
02959      * emit final check
02960      */
02961     b = new_block(JMP(BPF_JEQ));
02962     b->stmts = s[1];    /*remember, s[0] is dummy*/
02963     b->s.k = v;
02964 
02965     free_reg(reg2);
02966 
02967     gen_and(b0, b);
02968     return b;
02969 #endif
02970 }
02971 
02972 static struct block *
02973 gen_proto(v, proto, dir)
02974     int v;
02975     int proto;
02976     int dir;
02977 {
02978     struct block *b0, *b1;
02979 
02980     if (dir != Q_DEFAULT)
02981         bpf_error("direction applied to 'proto'");
02982 
02983     switch (proto) {
02984     case Q_DEFAULT:
02985 #ifdef INET6
02986         b0 = gen_proto(v, Q_IP, dir);
02987         b1 = gen_proto(v, Q_IPV6, dir);
02988         gen_or(b0, b1);
02989         return b1;
02990 #else
02991         /*FALLTHROUGH*/
02992 #endif
02993     case Q_IP:
02994         b0 = gen_linktype(ETHERTYPE_IP);
02995 #ifndef CHASE_CHAIN
02996         b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v);
02997 #else
02998         b1 = gen_protochain(v, Q_IP);
02999 #endif
03000         gen_and(b0, b1);
03001         return b1;
03002 
03003     case Q_ISO:
03004         switch (linktype) {
03005 
03006         case DLT_FRELAY:
03007             /*
03008              * Frame Relay packets typically have an OSI
03009              * NLPID at the beginning; "gen_linktype(LLCSAP_ISONS)"
03010              * generates code to check for all the OSI
03011              * NLPIDs, so calling it and then adding a check
03012              * for the particular NLPID for which we're
03013              * looking is bogus, as we can just check for
03014              * the NLPID.
03015              *
03016              * What we check for is the NLPID and a frame
03017              * control field value of UI, i.e. 0x03 followed
03018              * by the NLPID.
03019              *
03020              * XXX - assumes a 2-byte Frame Relay header with
03021              * DLCI and flags.  What if the address is longer?
03022              *
03023              * XXX - what about SNAP-encapsulated frames?
03024              */
03025             return gen_cmp(2, BPF_H, (0x03<<8) | v);
03026             break;
03027 
03028         default:
03029             b0 = gen_linktype(LLCSAP_ISONS);
03030             b1 = gen_cmp(off_nl_nosnap, BPF_B, (long)v);
03031             gen_and(b0, b1);
03032             return b1;
03033         }
03034 
03035     case Q_ARP:
03036         bpf_error("arp does not encapsulate another protocol");
03037         /* NOTREACHED */
03038 
03039     case Q_RARP:
03040         bpf_error("rarp does not encapsulate another protocol");
03041         /* NOTREACHED */
03042 
03043     case Q_ATALK:
03044         bpf_error("atalk encapsulation is not specifiable");
03045         /* NOTREACHED */
03046 
03047     case Q_DECNET:
03048         bpf_error("decnet encapsulation is not specifiable");
03049         /* NOTREACHED */
03050 
03051     case Q_SCA:
03052         bpf_error("sca does not encapsulate another protocol");
03053         /* NOTREACHED */
03054 
03055     case Q_LAT:
03056         bpf_error("lat does not encapsulate another protocol");
03057         /* NOTREACHED */
03058 
03059     case Q_MOPRC:
03060         bpf_error("moprc does not encapsulate another protocol");
03061         /* NOTREACHED */
03062 
03063     case Q_MOPDL:
03064         bpf_error("mopdl does not encapsulate another protocol");
03065         /* NOTREACHED */
03066 
03067     case Q_LINK:
03068         return gen_linktype(v);
03069 
03070     case Q_UDP:
03071         bpf_error("'udp proto' is bogus");
03072         /* NOTREACHED */
03073 
03074     case Q_TCP:
03075         bpf_error("'tcp proto' is bogus");
03076         /* NOTREACHED */
03077 
03078     case Q_SCTP:
03079         bpf_error("'sctp proto' is bogus");
03080         /* NOTREACHED */
03081 
03082     case Q_ICMP:
03083         bpf_error("'icmp proto' is bogus");
03084         /* NOTREACHED */
03085 
03086     case Q_IGMP:
03087         bpf_error("'igmp proto' is bogus");
03088         /* NOTREACHED */
03089 
03090     case Q_IGRP:
03091         bpf_error("'igrp proto' is bogus");
03092         /* NOTREACHED */
03093 
03094     case Q_PIM:
03095         bpf_error("'pim proto' is bogus");
03096         /* NOTREACHED */
03097 
03098     case Q_VRRP:
03099         bpf_error("'vrrp proto' is bogus");
03100         /* NOTREACHED */
03101 
03102 #ifdef INET6
03103     case Q_IPV6:
03104         b0 = gen_linktype(ETHERTYPE_IPV6);
03105 #ifndef CHASE_CHAIN
03106         b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v);
03107 #else
03108         b1 = gen_protochain(v, Q_IPV6);
03109 #endif
03110         gen_and(b0, b1);
03111         return b1;
03112 
03113     case Q_ICMPV6:
03114         bpf_error("'icmp6 proto' is bogus");
03115 #endif /* INET6 */
03116 
03117     case Q_AH:
03118         bpf_error("'ah proto' is bogus");
03119 
03120     case Q_ESP:
03121         bpf_error("'ah proto' is bogus");
03122 
03123     case Q_STP:
03124         bpf_error("'stp proto' is bogus");
03125 
03126     case Q_IPX:
03127         bpf_error("'ipx proto' is bogus");
03128 
03129     case Q_NETBEUI:
03130         bpf_error("'netbeui proto' is bogus");
03131 
03132     default:
03133         abort();
03134         /* NOTREACHED */
03135     }
03136     /* NOTREACHED */
03137 }
03138 
03139 struct block *
03140 gen_scode(name, q)
03141     register const char *name;
03142     struct qual q;
03143 {
03144     int proto = q.proto;
03145     int dir = q.dir;
03146     int tproto;
03147     u_char *eaddr;
03148     bpf_u_int32 mask, addr;
03149 #ifndef INET6
03150     bpf_u_int32 **alist;
03151 #else
03152     int tproto6;
03153     struct sockaddr_in *sin;
03154     struct sockaddr_in6 *sin6;
03155     struct addrinfo *res, *res0;
03156     struct in6_addr mask128;
03157 #endif /*INET6*/
03158     struct block *b, *tmp;
03159     int port, real_proto;
03160 
03161     switch (q.addr) {
03162 
03163     case Q_NET:
03164         addr = pcap_nametonetaddr(name);
03165         if (addr == 0)
03166             bpf_error("unknown network '%s'", name);
03167         /* Left justify network addr and calculate its network mask */
03168         mask = 0xffffffff;
03169         while (addr && (addr & 0xff000000) == 0) {
03170             addr <<= 8;
03171             mask <<= 8;
03172         }
03173         return gen_host(addr, mask, proto, dir);
03174 
03175     case Q_DEFAULT:
03176     case Q_HOST:
03177         if (proto == Q_LINK) {
03178             switch (linktype) {
03179 
03180             case DLT_EN10MB:
03181                 eaddr = pcap_ether_hostton(name);
03182                 if (eaddr == NULL)
03183                     bpf_error(
03184                         "unknown ether host '%s'", name);
03185                 b = gen_ehostop(eaddr, dir);
03186                 free(eaddr);
03187                 return b;
03188 
03189             case DLT_FDDI:
03190                 eaddr = pcap_ether_hostton(name);
03191                 if (eaddr == NULL)
03192                     bpf_error(
03193                         "unknown FDDI host '%s'", name);
03194                 b = gen_fhostop(eaddr, dir);
03195                 free(eaddr);
03196                 return b;
03197 
03198             case DLT_IEEE802:
03199                 eaddr = pcap_ether_hostton(name);
03200                 if (eaddr == NULL)
03201                     bpf_error(
03202                         "unknown token ring host '%s'", name);
03203                 b = gen_thostop(eaddr, dir);
03204                 free(eaddr);
03205                 return b;
03206 
03207             default:
03208                 bpf_error(
03209             "only ethernet/FDDI/token ring supports link-level host name");
03210                 break;
03211             }
03212         } else if (proto == Q_DECNET) {
03213             unsigned short dn_addr = __pcap_nametodnaddr(name);
03214             /*
03215              * I don't think DECNET hosts can be multihomed, so
03216              * there is no need to build up a list of addresses
03217              */
03218             return (gen_host(dn_addr, 0, proto, dir));
03219         } else {
03220 #ifndef INET6
03221             alist = pcap_nametoaddr(name);
03222             if (alist == NULL || *alist == NULL)
03223                 bpf_error("unknown host '%s'", name);
03224             tproto = proto;
03225             if (off_linktype == -1 && tproto == Q_DEFAULT)
03226                 tproto = Q_IP;
03227             b = gen_host(**alist++, 0xffffffff, tproto, dir);
03228             while (*alist) {
03229                 tmp = gen_host(**alist++, 0xffffffff,
03230                            tproto, dir);
03231                 gen_or(b, tmp);
03232                 b = tmp;
03233             }
03234             return b;
03235 #else
03236             memset(&mask128, 0xff, sizeof(mask128));
03237             res0 = res = pcap_nametoaddrinfo(name);
03238             if (res == NULL)
03239                 bpf_error("unknown host '%s'", name);
03240             b = tmp = NULL;
03241             tproto = tproto6 = proto;
03242             if (off_linktype == -1 && tproto == Q_DEFAULT) {
03243                 tproto = Q_IP;
03244                 tproto6 = Q_IPV6;
03245             }
03246             for (res = res0; res; res = res->ai_next) {
03247                 switch (res->ai_family) {
03248                 case AF_INET:
03249                     if (tproto == Q_IPV6)
03250                         continue;
03251 
03252                     sin = (struct sockaddr_in *)
03253                         res->ai_addr;
03254                     tmp = gen_host(ntohl(sin->sin_addr.s_addr),
03255                         0xffffffff, tproto, dir);
03256                     break;
03257                 case AF_INET6:
03258                     if (tproto6 == Q_IP)
03259                         continue;
03260 
03261                     sin6 = (struct sockaddr_in6 *)
03262                         res->ai_addr;
03263                     tmp = gen_host6(&sin6->sin6_addr,
03264                         &mask128, tproto6, dir);
03265                     break;
03266                 default:
03267                     continue;
03268                 }
03269                 if (b)
03270                     gen_or(b, tmp);
03271                 b = tmp;
03272             }
03273             freeaddrinfo(res0);
03274             if (b == NULL) {
03275                 bpf_error("unknown host '%s'%s", name,
03276                     (proto == Q_DEFAULT)
03277                     ? ""
03278                     : " for specified address family");
03279             }
03280             return b;
03281 #endif /*INET6*/
03282         }
03283 
03284     case Q_PORT:
03285         if (proto != Q_DEFAULT &&
03286             proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
03287             bpf_error("illegal qualifier of 'port'");
03288         if (pcap_nametoport(name, &port, &real_proto) == 0)
03289             bpf_error("unknown port '%s'", name);
03290         if (proto == Q_UDP) {
03291             if (real_proto == IPPROTO_TCP)
03292                 bpf_error("port '%s' is tcp", name);
03293             else if (real_proto == IPPROTO_SCTP)
03294                 bpf_error("port '%s' is sctp", name);
03295             else
03296                 /* override PROTO_UNDEF */
03297                 real_proto = IPPROTO_UDP;
03298         }
03299         if (proto == Q_TCP) {
03300             if (real_proto == IPPROTO_UDP)
03301                 bpf_error("port '%s' is udp", name);
03302 
03303             else if (real_proto == IPPROTO_SCTP)
03304                 bpf_error("port '%s' is sctp", name);
03305             else
03306                 /* override PROTO_UNDEF */
03307                 real_proto = IPPROTO_TCP;
03308         }
03309         if (proto == Q_SCTP) {
03310             if (real_proto == IPPROTO_UDP)
03311                 bpf_error("port '%s' is udp", name);
03312 
03313             else if (real_proto == IPPROTO_TCP)
03314                 bpf_error("port '%s' is tcp", name);
03315             else
03316                 /* override PROTO_UNDEF */
03317                 real_proto = IPPROTO_SCTP;
03318         }
03319 #ifndef INET6
03320         return gen_port(port, real_proto, dir);
03321 #else
03322         {
03323         struct block *b;
03324         b = gen_port(port, real_proto, dir);
03325         gen_or(gen_port6(port, real_proto, dir), b);
03326         return b;
03327         }
03328 #endif /* INET6 */
03329 
03330     case Q_GATEWAY:
03331 #ifndef INET6
03332         eaddr = pcap_ether_hostton(name);
03333         if (eaddr == NULL)
03334             bpf_error("unknown ether host: %s", name);
03335 
03336         alist = pcap_nametoaddr(name);
03337         if (alist == NULL || *alist == NULL)
03338             bpf_error("unknown host '%s'", name);
03339         b = gen_gateway(eaddr, alist, proto, dir);
03340         free(eaddr);
03341         return b;
03342 #else
03343         bpf_error("'gateway' not supported in this configuration");
03344 #endif /*INET6*/
03345 
03346     case Q_PROTO:
03347         real_proto = lookup_proto(name, proto);
03348         if (real_proto >= 0)
03349             return gen_proto(real_proto, proto, dir);
03350         else
03351             bpf_error("unknown protocol: %s", name);
03352 
03353     case Q_PROTOCHAIN:
03354         real_proto = lookup_proto(name, proto);
03355         if (real_proto >= 0)
03356             return gen_protochain(real_proto, proto, dir);
03357         else
03358             bpf_error("unknown protocol: %s", name);
03359 
03360 
03361     case Q_UNDEF:
03362         syntax();
03363         /* NOTREACHED */
03364     }
03365     abort();
03366     /* NOTREACHED */
03367 }
03368 
03369 struct block *
03370 gen_mcode(s1, s2, masklen, q)
03371     register const char *s1, *s2;
03372     register int masklen;
03373     struct qual q;
03374 {
03375     register int nlen, mlen;
03376     bpf_u_int32 n, m;
03377 
03378     nlen = __pcap_atoin(s1, &n);
03379     /* Promote short ipaddr */
03380     n <<= 32 - nlen;
03381 
03382     if (s2 != NULL) {
03383         mlen = __pcap_atoin(s2, &m);
03384         /* Promote short ipaddr */
03385         m <<= 32 - mlen;
03386         if ((n & ~m) != 0)
03387             bpf_error("non-network bits set in \"%s mask %s\"",
03388                 s1, s2);
03389     } else {
03390         /* Convert mask len to mask */
03391         if (masklen > 32)
03392             bpf_error("mask length must be <= 32");
03393         m = 0xffffffff << (32 - masklen);
03394         if ((n & ~m) != 0)
03395             bpf_error("non-network bits set in \"%s/%d\"",
03396                 s1, masklen);
03397     }
03398 
03399     switch (q.addr) {
03400 
03401     case Q_NET:
03402         return gen_host(n, m, q.proto, q.dir);
03403 
03404     default:
03405         bpf_error("Mask syntax for networks only");
03406         /* NOTREACHED */
03407     }
03408 }
03409 
03410 struct block *
03411 gen_ncode(s, v, q)
03412     register const char *s;
03413     bpf_u_int32 v;
03414     struct qual q;
03415 {
03416     bpf_u_int32 mask;
03417     int proto = q.proto;
03418     int dir = q.dir;
03419     register int vlen;
03420 
03421     if (s == NULL)
03422         vlen = 32;
03423     else if (q.proto == Q_DECNET)
03424         vlen = __pcap_atodn(s, &v);
03425     else
03426         vlen = __pcap_atoin(s, &v);
03427 
03428     switch (q.addr) {
03429 
03430     case Q_DEFAULT:
03431     case Q_HOST:
03432     case Q_NET:
03433         if (proto == Q_DECNET)
03434             return gen_host(v, 0, proto, dir);
03435         else if (proto == Q_LINK) {
03436             bpf_error("illegal link layer address");
03437         } else {
03438             mask = 0xffffffff;
03439             if (s == NULL && q.addr == Q_NET) {
03440                 /* Promote short net number */
03441                 while (v && (v & 0xff000000) == 0) {
03442                     v <<= 8;
03443                     mask <<= 8;
03444                 }
03445             } else {
03446                 /* Promote short ipaddr */
03447                 v <<= 32 - vlen;
03448                 mask <<= 32 - vlen;
03449             }
03450             return gen_host(v, mask, proto, dir);
03451         }
03452 
03453     case Q_PORT:
03454         if (proto == Q_UDP)
03455             proto = IPPROTO_UDP;
03456         else if (proto == Q_TCP)
03457             proto = IPPROTO_TCP;
03458         else if (proto == Q_SCTP)
03459             proto = IPPROTO_SCTP;
03460         else if (proto == Q_DEFAULT)
03461             proto = PROTO_UNDEF;
03462         else
03463             bpf_error("illegal qualifier of 'port'");
03464 
03465 #ifndef INET6
03466         return gen_port((int)v, proto, dir);
03467 #else
03468         {
03469         struct block *b;
03470         b = gen_port((int)v, proto, dir);
03471         gen_or(gen_port6((int)v, proto, dir), b);
03472         return b;
03473         }
03474 #endif /* INET6 */
03475 
03476     case Q_GATEWAY:
03477         bpf_error("'gateway' requires a name");
03478         /* NOTREACHED */
03479 
03480     case Q_PROTO:
03481         return gen_proto((int)v, proto, dir);
03482 
03483     case Q_PROTOCHAIN:
03484         return gen_protochain((int)v, proto, dir);
03485 
03486     case Q_UNDEF:
03487         syntax();
03488         /* NOTREACHED */
03489 
03490     default:
03491         abort();
03492         /* NOTREACHED */
03493     }
03494     /* NOTREACHED */
03495 }
03496 
03497 #ifdef INET6
03498 struct block *
03499 gen_mcode6(s1, s2, masklen, q)
03500     register const char *s1, *s2;
03501     register int masklen;
03502     struct qual q;
03503 {
03504     struct addrinfo *res;
03505     struct in6_addr *addr;
03506     struct in6_addr mask;
03507     struct block *b;
03508     u_int32_t *a, *m;
03509 
03510     if (s2)
03511         bpf_error("no mask %s supported", s2);
03512 
03513     res = pcap_nametoaddrinfo(s1);
03514     if (!res)
03515         bpf_error("invalid ip6 address %s", s1);
03516     if (res->ai_next)
03517         bpf_error("%s resolved to multiple address", s1);
03518     addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
03519 
03520     if (sizeof(mask) * 8 < masklen)
03521         bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
03522     memset(&mask, 0, sizeof(mask));
03523     memset(&mask, 0xff, masklen / 8);
03524     if (masklen % 8) {
03525         mask.s6_addr[masklen / 8] =
03526             (0xff << (8 - masklen % 8)) & 0xff;
03527     }
03528 
03529     a = (u_int32_t *)addr;
03530     m = (u_int32_t *)&mask;
03531     if ((a[0] & ~m[0]) || (a[1] & ~m[1])
03532      || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
03533         bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
03534     }
03535 
03536     switch (q.addr) {
03537 
03538     case Q_DEFAULT:
03539     case Q_HOST:
03540         if (masklen != 128)
03541             bpf_error("Mask syntax for networks only");
03542         /* FALLTHROUGH */
03543 
03544     case Q_NET:
03545         b = gen_host6(addr, &mask, q.proto, q.dir);
03546         freeaddrinfo(res);
03547         return b;
03548 
03549     default:
03550         bpf_error("invalid qualifier against IPv6 address");
03551         /* NOTREACHED */
03552     }
03553 }
03554 #endif /*INET6*/
03555 
03556 struct block *
03557 gen_ecode(eaddr, q)
03558     register const u_char *eaddr;
03559     struct qual q;
03560 {
03561     if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
03562         if (linktype == DLT_EN10MB)
03563             return gen_ehostop(eaddr, (int)q.dir);
03564         if (linktype == DLT_FDDI)
03565             return gen_fhostop(eaddr, (int)q.dir);
03566         if (linktype == DLT_IEEE802)
03567             return gen_thostop(eaddr, (int)q.dir);
03568         bpf_error("ethernet addresses supported only on ethernet, FDDI or token ring");
03569     }
03570     bpf_error("ethernet address used in non-ether expression");
03571     /* NOTREACHED */
03572 }
03573 
03574 void
03575 sappend(s0, s1)
03576     struct slist *s0, *s1;
03577 {
03578     /*
03579      * This is definitely not the best way to do this, but the
03580      * lists will rarely get long.
03581      */
03582     while (s0->next)
03583         s0 = s0->next;
03584     s0->next = s1;
03585 }
03586 
03587 static struct slist *
03588 xfer_to_x(a)
03589     struct arth *a;
03590 {
03591     struct slist *s;
03592 
03593     s = new_stmt(BPF_LDX|BPF_MEM);
03594     s->s.k = a->regno;
03595     return s;
03596 }
03597 
03598 static struct slist *
03599 xfer_to_a(a)
03600     struct arth *a;
03601 {
03602     struct slist *s;
03603 
03604     s = new_stmt(BPF_LD|BPF_MEM);
03605     s->s.k = a->regno;
03606     return s;
03607 }
03608 
03609 struct arth *
03610 gen_load(proto, index, size)
03611     int proto;
03612     struct arth *index;
03613     int size;
03614 {
03615     struct slist *s, *tmp;
03616     struct block *b;
03617     int regno = alloc_reg();
03618 
03619     free_reg(index->regno);
03620     switch (size) {
03621 
03622     default:
03623         bpf_error("data size must be 1, 2, or 4");
03624 
03625     case 1:
03626         size = BPF_B;
03627         break;
03628 
03629     case 2:
03630         size = BPF_H;
03631         break;
03632 
03633     case 4:
03634         size = BPF_W;
03635         break;
03636     }
03637     switch (proto) {
03638     default:
03639         bpf_error("unsupported index operation");
03640 
03641     case Q_LINK:
03642         s = xfer_to_x(index);
03643         tmp = new_stmt(BPF_LD|BPF_IND|size);
03644         sappend(s, tmp);
03645         sappend(index->s, s);
03646         break;
03647 
03648     case Q_IP:
03649     case Q_ARP:
03650     case Q_RARP:
03651     case Q_ATALK:
03652     case Q_DECNET:
03653     case Q_SCA:
03654     case Q_LAT:
03655     case Q_MOPRC:
03656     case Q_MOPDL:
03657 #ifdef INET6
03658     case Q_IPV6:
03659 #endif
03660         /* XXX Note that we assume a fixed link header here. */
03661         s = xfer_to_x(index);
03662         tmp = new_stmt(BPF_LD|BPF_IND|size);
03663         tmp->s.k = off_nl;
03664         sappend(s, tmp);
03665         sappend(index->s, s);
03666 
03667         b = gen_proto_abbrev(proto);
03668         if (index->b)
03669             gen_and(index->b, b);
03670         index->b = b;
03671         break;
03672 
03673     case Q_SCTP:
03674     case Q_TCP:
03675     case Q_UDP:
03676     case Q_ICMP:
03677     case Q_IGMP:
03678     case Q_IGRP:
03679     case Q_PIM:
03680     case Q_VRRP:
03681         s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
03682         s->s.k = off_nl;
03683         sappend(s, xfer_to_a(index));
03684         sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
03685         sappend(s, new_stmt(BPF_MISC|BPF_TAX));
03686         sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
03687         tmp->s.k = off_nl;
03688         sappend(index->s, s);
03689 
03690         gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
03691         if (index->b)
03692             gen_and(index->b, b);
03693 #ifdef INET6
03694         gen_and(gen_proto_abbrev(Q_IP), b);
03695 #endif
03696         index->b = b;
03697         break;
03698 #ifdef INET6
03699     case Q_ICMPV6:
03700         bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
03701         /*NOTREACHED*/
03702 #endif
03703     }
03704     index->regno = regno;
03705     s = new_stmt(BPF_ST);
03706     s->s.k = regno;
03707     sappend(index->s, s);
03708 
03709     return index;
03710 }
03711 
03712 struct block *
03713 gen_relation(code, a0, a1, reversed)
03714     int code;
03715     struct arth *a0, *a1;
03716     int reversed;
03717 {
03718     struct slist *s0, *s1, *s2;
03719     struct block *b, *tmp;
03720 
03721     s0 = xfer_to_x(a1);
03722     s1 = xfer_to_a(a0);
03723     if (code == BPF_JEQ) {
03724         s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
03725         b = new_block(JMP(code));
03726         sappend(s1, s2);
03727     }
03728     else
03729         b = new_block(BPF_JMP|code|BPF_X);
03730     if (reversed)
03731         gen_not(b);
03732 
03733     sappend(s0, s1);
03734     sappend(a1->s, s0);
03735     sappend(a0->s, a1->s);
03736 
03737     b->stmts = a0->s;
03738 
03739     free_reg(a0->regno);
03740     free_reg(a1->regno);
03741 
03742     /* 'and' together protocol checks */
03743     if (a0->b) {
03744         if (a1->b) {
03745             gen_and(a0->b, tmp = a1->b);
03746         }
03747         else
03748             tmp = a0->b;
03749     } else
03750         tmp = a1->b;
03751 
03752     if (tmp)
03753         gen_and(tmp, b);
03754 
03755     return b;
03756 }
03757 
03758 struct arth *
03759 gen_loadlen()
03760 {
03761     int regno = alloc_reg();
03762     struct arth *a = (struct arth *)newchunk(sizeof(*a));
03763     struct slist *s;
03764 
03765     s = new_stmt(BPF_LD|BPF_LEN);
03766     s->next = new_stmt(BPF_ST);
03767     s->next->s.k = regno;
03768     a->s = s;
03769     a->regno = regno;
03770 
03771     return a;
03772 }
03773 
03774 struct arth *
03775 gen_loadi(val)
03776     int val;
03777 {
03778     struct arth *a;
03779     struct slist *s;
03780     int reg;
03781 
03782     a = (struct arth *)newchunk(sizeof(*a));
03783 
03784     reg = alloc_reg();
03785 
03786     s = new_stmt(BPF_LD|BPF_IMM);
03787     s->s.k = val;
03788     s->next = new_stmt(BPF_ST);
03789     s->next->s.k = reg;
03790     a->s = s;
03791     a->regno = reg;
03792 
03793     return a;
03794 }
03795 
03796 struct arth *
03797 gen_neg(a)
03798     struct arth *a;
03799 {
03800     struct slist *s;
03801 
03802     s = xfer_to_a(a);
03803     sappend(a->s, s);
03804     s = new_stmt(BPF_ALU|BPF_NEG);
03805     s->s.k = 0;
03806     sappend(a->s, s);
03807     s = new_stmt(BPF_ST);
03808     s->s.k = a->regno;
03809     sappend(a->s, s);
03810 
03811     return a;
03812 }
03813 
03814 struct arth *
03815 gen_arth(code, a0, a1)
03816     int code;
03817     struct arth *a0, *a1;
03818 {
03819     struct slist *s0, *s1, *s2;
03820 
03821     s0 = xfer_to_x(a1);
03822     s1 = xfer_to_a(a0);
03823     s2 = new_stmt(BPF_ALU|BPF_X|code);
03824 
03825     sappend(s1, s2);
03826     sappend(s0, s1);
03827     sappend(a1->s, s0);
03828     sappend(a0->s, a1->s);
03829 
03830     free_reg(a0->regno);
03831     free_reg(a1->regno);
03832 
03833     s0 = new_stmt(BPF_ST);
03834     a0->regno = s0->s.k = alloc_reg();
03835     sappend(a0->s, s0);
03836 
03837     return a0;
03838 }
03839 
03840 /*
03841  * Here we handle simple allocation of the scratch registers.
03842  * If too many registers are alloc'd, the allocator punts.
03843  */
03844 static int regused[BPF_MEMWORDS];
03845 static int curreg;
03846 
03847 /*
03848  * Return the next free register.
03849  */
03850 static int
03851 alloc_reg()
03852 {
03853     int n = BPF_MEMWORDS;
03854 
03855     while (--n >= 0) {
03856         if (regused[curreg])
03857             curreg = (curreg + 1) % BPF_MEMWORDS;
03858         else {
03859             regused[curreg] = 1;
03860             return curreg;
03861         }
03862     }
03863     bpf_error("too many registers needed to evaluate expression");
03864     /* NOTREACHED */
03865 }
03866 
03867 /*
03868  * Return a register to the table so it can
03869  * be used later.
03870  */
03871 static void
03872 free_reg(n)
03873     int n;
03874 {
03875     regused[n] = 0;
03876 }
03877 
03878 static struct block *
03879 gen_len(jmp, n)
03880     int jmp, n;
03881 {
03882     struct slist *s;
03883     struct block *b;
03884 
03885     s = new_stmt(BPF_LD|BPF_LEN);
03886     b = new_block(JMP(jmp));
03887     b->stmts = s;
03888     b->s.k = n;
03889 
03890     return b;
03891 }
03892 
03893 struct block *
03894 gen_greater(n)
03895     int n;
03896 {
03897     return gen_len(BPF_JGE, n);
03898 }
03899 
03900 /*
03901  * Actually, this is less than or equal.
03902  */
03903 struct block *
03904 gen_less(n)
03905     int n;
03906 {
03907     struct block *b;
03908 
03909     b = gen_len(BPF_JGT, n);
03910     gen_not(b);
03911 
03912     return b;
03913 }
03914 
03915 struct block *
03916 gen_byteop(op, idx, val)
03917     int op, idx, val;
03918 {
03919     struct block *b;
03920     struct slist *s;
03921 
03922     switch (op) {
03923     default:
03924         abort();
03925 
03926     case '=':
03927         return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
03928 
03929     case '<':
03930         b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
03931         b->s.code = JMP(BPF_JGE);
03932         gen_not(b);
03933         return b;
03934 
03935     case '>':
03936         b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
03937         b->s.code = JMP(BPF_JGT);
03938         return b;
03939 
03940     case '|':
03941         s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
03942         break;
03943 
03944     case '&':
03945         s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
03946         break;
03947     }
03948     s->s.k = val;
03949     b = new_block(JMP(BPF_JEQ));
03950     b->stmts = s;
03951     gen_not(b);
03952 
03953     return b;
03954 }
03955 
03956 static u_char abroadcast[] = { 0x0 };
03957 
03958 struct block *
03959 gen_broadcast(proto)
03960     int proto;
03961 {
03962     bpf_u_int32 hostmask;
03963     struct block *b0, *b1, *b2;
03964     static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
03965 
03966     switch (proto) {
03967 
03968     case Q_DEFAULT:
03969     case Q_LINK:
03970         if (linktype == DLT_ARCNET)
03971             return gen_ahostop(abroadcast, Q_DST);
03972         if (linktype == DLT_EN10MB)
03973             return gen_ehostop(ebroadcast, Q_DST);
03974         if (linktype == DLT_FDDI)
03975             return gen_fhostop(ebroadcast, Q_DST);
03976         if (linktype == DLT_IEEE802)
03977             return gen_thostop(ebroadcast, Q_DST);
03978         bpf_error("not a broadcast link");
03979         break;
03980 
03981     case Q_IP:
03982         b0 = gen_linktype(ETHERTYPE_IP);
03983         hostmask = ~netmask;
03984         b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask);
03985         b2 = gen_mcmp(off_nl + 16, BPF_W,
03986                   (bpf_int32)(~0 & hostmask), hostmask);
03987         gen_or(b1, b2);
03988         gen_and(b0, b2);
03989         return b2;
03990     }
03991     bpf_error("only ether/ip broadcast filters supported");
03992 }
03993 
03994 struct block *
03995 gen_multicast(proto)
03996     int proto;
03997 {
03998     register struct block *b0, *b1;
03999     register struct slist *s;
04000 
04001     switch (proto) {
04002 
04003     case Q_DEFAULT:
04004     case Q_LINK:
04005         if (linktype == DLT_ARCNET)
04006             /* all ARCnet multicasts use the same address */
04007             return gen_ahostop(abroadcast, Q_DST);
04008 
04009         if (linktype == DLT_EN10MB) {
04010             /* ether[0] & 1 != 0 */
04011             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04012             s->s.k = 0;
04013             b0 = new_block(JMP(BPF_JSET));
04014             b0->s.k = 1;
04015             b0->stmts = s;
04016             return b0;
04017         }
04018 
04019         if (linktype == DLT_FDDI) {
04020             /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
04021             /* fddi[1] & 1 != 0 */
04022             s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
04023             s->s.k = 1;
04024             b0 = new_block(JMP(BPF_JSET));
04025             b0->s.k = 1;
04026             b0->stmts = s;
04027             return b0;
04028         }
04029 
04030         /* TODO - check how token ring handles multicast */
04031         /* if (linktype == DLT_IEEE802) ... */
04032 
04033         /* Link not known to support multicasts */
04034         break;
04035 
04036     case Q_IP:
04037         b0 = gen_linktype(ETHERTYPE_IP);
04038         b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224);
04039         b1->s.code = JMP(BPF_JGE);
04040         gen_and(b0, b1);
04041         return b1;
04042 
04043 #ifdef INET6
04044     case Q_IPV6:
04045         b0 = gen_linktype(ETHERTYPE_IPV6);
04046         b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255);
04047         gen_and(b0, b1);
04048         return b1;
04049 #endif /* INET6 */
04050     }
04051     bpf_error("only IP multicast filters supported on ethernet/FDDI");
04052 }
04053 
04054 /*
04055  * generate command for inbound/outbound.  It's here so we can
04056  * make it link-type specific.  'dir' = 0 implies "inbound",
04057  * = 1 implies "outbound".
04058  */
04059 struct block *
04060 gen_inbound(dir)
04061     int dir;
04062 {
04063     register struct block *b0;
04064 
04065     /*
04066      * Only some data link types support inbound/outbound qualifiers.
04067      */
04068     switch (linktype) {
04069     case DLT_SLIP:
04070     case DLT_PPP:
04071         b0 = gen_relation(BPF_JEQ,
04072               gen_load(Q_LINK, gen_loadi(0), 1),
04073               gen_loadi(0),
04074               dir);
04075         break;
04076 
04077     case DLT_LINUX_SLL:
04078         if (dir) {
04079             /*
04080              * Match packets sent by this machine.
04081              */
04082             b0 = gen_cmp(0, BPF_H, LINUX_SLL_OUTGOING);
04083         } else {
04084             /*
04085              * Match packets sent to this machine.
04086              * (No broadcast or multicast packets, or
04087              * packets sent to some other machine and
04088              * received promiscuously.)
04089              *
04090              * XXX - packets sent to other machines probably
04091              * shouldn't be matched, but what about broadcast
04092              * or multicast packets we received?
04093              */
04094             b0 = gen_cmp(0, BPF_H, LINUX_SLL_HOST);
04095         }
04096         break;
04097 
04098     default:
04099         bpf_error("inbound/outbound not supported on linktype %d\n",
04100             linktype);
04101         b0 = NULL;
04102         /* NOTREACHED */
04103     }
04104     return (b0);
04105 }
04106 
04107 struct block *
04108 gen_acode(eaddr, q)
04109     register const u_char *eaddr;
04110     struct qual q;
04111 {
04112     if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
04113         if (linktype == DLT_ARCNET)
04114             return gen_ahostop(eaddr, (int)q.dir);
04115     }
04116     bpf_error("ARCnet address used in non-arc expression");
04117     /* NOTREACHED */
04118 }
04119 
04120 static struct block *
04121 gen_ahostop(eaddr, dir)
04122     register const u_char *eaddr;
04123     register int dir;
04124 {
04125     register struct block *b0, *b1;
04126 
04127     switch (dir) {
04128     /* src comes first, different from Ethernet */
04129     case Q_SRC:
04130         return gen_bcmp(0, 1, eaddr);
04131 
04132     case Q_DST:
04133         return gen_bcmp(1, 1, eaddr);
04134 
04135     case Q_AND:
04136         b0 = gen_ahostop(eaddr, Q_SRC);
04137         b1 = gen_ahostop(eaddr, Q_DST);
04138         gen_and(b0, b1);
04139         return b1;
04140 
04141     case Q_DEFAULT:
04142     case Q_OR:
04143         b0 = gen_ahostop(eaddr, Q_SRC);
04144         b1 = gen_ahostop(eaddr, Q_DST);
04145         gen_or(b0, b1);
04146         return b1;
04147     }
04148     abort();
04149     /* NOTREACHED */
04150 }
04151 
04152 /*
04153  * support IEEE 802.1Q VLAN trunk over ethernet
04154  */
04155 struct block *
04156 gen_vlan(vlan_num)
04157     int vlan_num;
04158 {
04159     struct  block   *b0;
04160 
04161     /*
04162      * Change the offsets to point to the type and data fields within
04163      * the VLAN packet.  This is somewhat of a kludge.
04164      */
04165     if (orig_nl == (u_int)-1) {
04166         orig_linktype = off_linktype;   /* save original values */
04167         orig_nl = off_nl;
04168         orig_nl_nosnap = off_nl_nosnap;
04169 
04170         switch (linktype) {
04171 
04172         case DLT_EN10MB:
04173             off_linktype = 16;
04174             off_nl_nosnap = 18;
04175             off_nl = 18;
04176             break;
04177 
04178         default:
04179             bpf_error("no VLAN support for data link type %d",
04180                   linktype);
04181             /*NOTREACHED*/
04182         }
04183     }
04184 
04185     /* check for VLAN */
04186     b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
04187 
04188     /* If a specific VLAN is requested, check VLAN id */
04189     if (vlan_num >= 0) {
04190         struct block *b1;
04191 
04192         b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num);
04193         gen_and(b0, b1);
04194         b0 = b1;
04195     }
04196 
04197     return (b0);
04198 }
04199 
04200 struct block *
04201 gen_atmfield_code(atmfield, jvalue, jtype, reverse)
04202     int atmfield;
04203     bpf_u_int32 jvalue;
04204     bpf_u_int32 jtype;
04205     int reverse;
04206 {
04207     struct block *b0;
04208 
04209     switch (atmfield) {
04210 
04211     case A_VPI:
04212         if (!is_atm)
04213             bpf_error("'vpi' supported only on raw ATM");
04214         if (off_vpi == -1)
04215             abort();
04216         b0 = gen_ncmp(BPF_B, off_vpi, 0xffffffff, (u_int)jtype,
04217             (u_int)jvalue, reverse);
04218         break;
04219 
04220     case A_VCI:
04221         if (!is_atm)
04222             bpf_error("'vci' supported only on raw ATM");
04223         if (off_vci == -1)
04224             abort();
04225         b0 = gen_ncmp(BPF_H, off_vci, 0xffffffff, (u_int)jtype,
04226             (u_int)jvalue, reverse);
04227         break;
04228 
04229     case A_PROTOTYPE:
04230         if (off_proto == -1)
04231             abort();    /* XXX - this isn't on FreeBSD */
04232         b0 = gen_ncmp(BPF_B, off_proto, 0x0f, (u_int)jtype,
04233             (u_int)jvalue, reverse);
04234         break;
04235 
04236     case A_MSGTYPE:
04237         if (off_msg_type == -1)
04238             abort();
04239         b0 = gen_ncmp(BPF_B, off_msg_type, 0xffffffff,
04240             (u_int)jtype, (u_int)jvalue, reverse);
04241         break;
04242 
04243     case A_CALLREFTYPE:
04244         if (!is_atm)
04245             bpf_error("'callref' supported only on raw ATM");
04246         if (off_proto == -1)
04247             abort();
04248         b0 = gen_ncmp(BPF_B, off_proto, 0xffffffff, (u_int)jtype,
04249             (u_int)jvalue, reverse);
04250         break;
04251 
04252     default:
04253         abort();
04254     }
04255     return b0;
04256 }
04257 
04258 struct block *
04259 gen_atmtype_abbrev(type)
04260     int type;
04261 {
04262     struct block *b0, *b1;
04263 
04264     switch (type) {
04265 
04266     case A_METAC:
04267         /* Get all packets in Meta signalling Circuit */
04268         if (!is_atm)
04269             bpf_error("'metac' supported only on raw ATM");
04270         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
04271         b1 = gen_atmfield_code(A_VCI, 1, BPF_JEQ, 0);
04272         gen_and(b0, b1);
04273         break;
04274 
04275     case A_BCC:
04276         /* Get all packets in Broadcast Circuit*/
04277         if (!is_atm)
04278             bpf_error("'bcc' supported only on raw ATM");
04279         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
04280         b1 = gen_atmfield_code(A_VCI, 2, BPF_JEQ, 0);
04281         gen_and(b0, b1);
04282         break;
04283 
04284     case A_OAMF4SC:
04285         /* Get all cells in Segment OAM F4 circuit*/
04286         if (!is_atm)
04287             bpf_error("'oam4sc' supported only on raw ATM");
04288         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
04289         b1 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0);
04290         gen_and(b0, b1);
04291         break;
04292 
04293     case A_OAMF4EC:
04294         /* Get all cells in End-to-End OAM F4 Circuit*/
04295         if (!is_atm)
04296             bpf_error("'oam4ec' supported only on raw ATM");
04297         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
04298         b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
04299         gen_and(b0, b1);
04300         break;
04301 
04302     case A_SC:
04303         /*  Get all packets in connection Signalling Circuit */
04304         if (!is_atm)
04305             bpf_error("'sc' supported only on raw ATM");
04306         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
04307         b1 = gen_atmfield_code(A_VCI, 5, BPF_JEQ, 0);
04308         gen_and(b0, b1);
04309         break;
04310 
04311     case A_ILMIC:
04312         /* Get all packets in ILMI Circuit */
04313         if (!is_atm)
04314             bpf_error("'ilmic' supported only on raw ATM");
04315         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
04316         b1 = gen_atmfield_code(A_VCI, 16, BPF_JEQ, 0);
04317         gen_and(b0, b1);
04318         break;
04319 
04320     case A_LANE:
04321         /* Get all LANE packets */
04322         if (!is_atm)
04323             bpf_error("'lane' supported only on raw ATM");
04324         b1 = gen_atmfield_code(A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
04325         break;
04326 
04327     case A_LLC:
04328         /* Get all LLC-encapsulated packets */
04329         if (!is_atm)
04330             bpf_error("'llc' supported only on raw ATM");
04331         b1 = gen_atmfield_code(A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
04332         break;
04333 
04334     default:
04335         abort();
04336     }
04337     return b1;
04338 }
04339 
04340 
04341 static struct block *
04342 gen_msg_abbrev(type)
04343     int type;
04344 {
04345     struct block *b1;
04346 
04347     /*
04348      * Q.2931 signalling protocol messages for handling virtual circuits
04349      * establishment and teardown
04350      */
04351     switch (type) {
04352 
04353     case A_SETUP:
04354         b1 = gen_atmfield_code(A_MSGTYPE, SETUP, BPF_JEQ, 0);
04355         break;
04356 
04357     case A_CALLPROCEED:
04358         b1 = gen_atmfield_code(A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 
04359         break;
04360 
04361     case A_CONNECT:
04362         b1 = gen_atmfield_code(A_MSGTYPE, CONNECT, BPF_JEQ, 0);
04363         break;             
04364 
04365     case A_CONNECTACK:
04366         b1 = gen_atmfield_code(A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);  
04367         break;
04368 
04369     case A_RELEASE:
04370         b1 = gen_atmfield_code(A_MSGTYPE, RELEASE, BPF_JEQ, 0);
04371         break;
04372 
04373     case A_RELEASE_DONE:
04374         b1 = gen_atmfield_code(A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);  
04375         break;
04376 
04377     default:
04378         abort();
04379     }
04380     return b1;
04381 }
04382 
04383 struct block *
04384 gen_atmmulti_abbrev(type)
04385     int type;
04386 {
04387     struct block *b0, *b1;
04388 
04389     switch (type) {
04390 
04391     case A_OAM:
04392         if (!is_atm)
04393             bpf_error("'oam' supported only on raw ATM");
04394         b1 = gen_atmmulti_abbrev(A_OAMF4);
04395         break;
04396 
04397     case A_OAMF4:
04398         if (!is_atm)
04399             bpf_error("'oamf4' supported only on raw ATM");
04400         /* OAM F4 type */
04401         b0 = gen_atmfield_code(A_VCI, 3, BPF_JEQ, 0); 
04402         b1 = gen_atmfield_code(A_VCI, 4, BPF_JEQ, 0);
04403         gen_or(b0, b1); 
04404         b0 = gen_atmfield_code(A_VPI, 0, BPF_JEQ, 0);
04405         gen_and(b0, b1);
04406         break;
04407 
04408     case A_CONNECTMSG:
04409         /*
04410          * Get Q.2931 signalling messages for switched
04411          * virtual connection
04412          */
04413         if (!is_atm)
04414             bpf_error("'connectmsg' supported only on raw ATM");
04415         b0 = gen_msg_abbrev(A_SETUP);
04416         b1 = gen_msg_abbrev(A_CALLPROCEED);
04417         gen_or(b0, b1);
04418         b0 = gen_msg_abbrev(A_CONNECT);
04419         gen_or(b0, b1);
04420         b0 = gen_msg_abbrev(A_CONNECTACK);
04421         gen_or(b0, b1);
04422         b0 = gen_msg_abbrev(A_RELEASE);
04423         gen_or(b0, b1);
04424         b0 = gen_msg_abbrev(A_RELEASE_DONE);
04425         gen_or(b0, b1);
04426         b0 = gen_atmtype_abbrev(A_SC);
04427         gen_and(b0, b1);
04428         break;
04429 
04430     case A_METACONNECT:
04431         if (!is_atm)
04432             bpf_error("'metaconnect' supported only on raw ATM");
04433         b0 = gen_msg_abbrev(A_SETUP);
04434         b1 = gen_msg_abbrev(A_CALLPROCEED);
04435         gen_or(b0, b1);
04436         b0 = gen_msg_abbrev(A_CONNECT);
04437         gen_or(b0, b1);
04438         b0 = gen_msg_abbrev(A_RELEASE);
04439         gen_or(b0, b1);
04440         b0 = gen_msg_abbrev(A_RELEASE_DONE);
04441         gen_or(b0, b1);
04442         b0 = gen_atmtype_abbrev(A_METAC);
04443         gen_and(b0, b1);
04444         break;
04445 
04446     default:
04447         abort();
04448     }
04449     return b1;
04450 }

documentation. Copyright (c) 2002 Politecnico di Torino. All rights reserved.