Lines Matching +full:layer +full:- +full:base +full:- +full:offset
45 #include "pcap-dos.h"
48 #include "pcap-int.h"
64 #include "diag-control.h"
75 #define offsetof(s, e) ((size_t)&((s *)0)->e)
105 uint16_t sin6_port; /* Transport layer port # */
152 #include "os-proto.h"
158 * "Push" the current value of the link-layer header type and link-layer
159 * header offset onto a "stack", and set a new value. (It's not a
160 * full-blown stack; we keep only the top two items.)
164 (cs)->prevlinktype = (cs)->linktype; \
165 (cs)->off_prevlinkhdr = (cs)->off_linkhdr; \
166 (cs)->linktype = (new_linktype); \
167 (cs)->off_linkhdr.is_variable = (new_is_variable); \
168 (cs)->off_linkhdr.constant_part = (new_constant_part); \
169 (cs)->off_linkhdr.reg = (new_reg); \
170 (cs)->is_geneve = 0; \
174 * Offset "not set" value.
182 * case the offset is only the constant value, and the constant value
183 * may be zero, in which case the offset is only the variable value.
193 * and -1 otherwise.
202 * Value passed to gen_load_a() to indicate what the offset argument
207 OR_LINKHDR, /* link-layer header */
208 OR_PREVLINKHDR, /* previous link-layer header */
211 OR_LINKTYPE, /* link-layer type */
212 OR_LINKPL, /* link-layer payload */
213 OR_LINKPL_NOSNAP, /* link-layer payload, with no SNAP header at the link layer */
214 OR_TRAN_IPV4, /* transport-layer header, with IPv4 network layer */
215 OR_TRAN_IPV6 /* transport-layer header, with IPv6 network layer */
224 * XXX - this *is* in a library....
283 * Absolute offset of the beginning of the link-layer header.
288 * If we're checking a link-layer header for a packet encapsulated
289 * in another protocol layer, this is the equivalent information
290 * for the previous layers' link-layer header from the beginning
297 * link-layer header.
302 * Absolute offset of the beginning of the link-layer payload.
307 * "off_linktype" is the offset to information in the link-layer
308 * header giving the packet type. This is an absolute offset
311 * For Ethernet, it's the offset of the Ethernet type field; this
314 * For link-layer types that always use 802.2 headers, it's the
315 * offset of the LLC header; this means that it must have a value
318 * For PPP, it's the offset of the PPP type field.
320 * For Cisco HDLC, it's the offset of the CHDLC type field.
322 * For BSD loopback, it's the offset of the AF_ value.
324 * For Linux cooked sockets, it's the offset of the type field.
332 * TRUE if the link layer includes an ATM pseudo-header.
344 * TRUE if we need variable length part of VLAN offset
349 * These are offsets for the ATM pseudo-header.
370 * This is the offset of the first byte after the ATM pseudo_header,
371 * or -1 if there is no ATM pseudo-header.
376 * These are offsets to the beginning of the network-layer header.
377 * They are relative to the beginning of the link-layer payload
381 * If the link layer never uses 802.2 LLC:
385 * If the link layer always uses 802.2 LLC:
387 * "off_nl" is the offset if there's a SNAP header following
390 * "off_nl_nosnap" is the offset if there's no SNAP header.
392 * If the link layer is Ethernet:
394 * "off_nl" is the offset if the packet is an Ethernet II packet
397 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet
435 if (!cstate->error_set) {
437 (void)vsnprintf(cstate->bpf_pcap->errbuf, PCAP_ERRBUF_SIZE,
440 cstate->error_set = 1;
457 (void)vsnprintf(cstate->bpf_pcap->errbuf, PCAP_ERRBUF_SIZE,
460 longjmp(cstate->top_ctx, 1);
588 cstate->chunks[i].n_left = 0;
589 cstate->chunks[i].m = NULL;
591 cstate->cur_chunk = 0;
603 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
609 cp = &cstate->chunks[cstate->cur_chunk];
610 if (n > cp->n_left) {
612 k = ++cstate->cur_chunk;
618 cp->m = (void *)malloc(size);
619 if (cp->m == NULL) {
623 memset((char *)cp->m, 0, size);
624 cp->n_left = size;
630 cp->n_left -= n;
631 return (void *)((char *)cp->m + cp->n_left);
641 longjmp(cstate->top_ctx, 1);
653 if (cstate->chunks[i].m != NULL)
654 free(cstate->chunks[i].m);
681 p->s.code = code;
682 p->head = p;
693 p->s.code = code;
703 b->s.k = v;
729 * link-layer type, so we can't use it.
731 if (!p->activated) {
732 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
733 "not-yet-activated pcap_t passed to pcap_compile");
754 * XXX - the fact that we happen to be compiling a filter
761 if (p->save_current_filter_op != NULL)
762 (p->save_current_filter_op)(p, buf);
781 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
788 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
801 if (init_linktype(&cstate, p) == -1) {
828 if (bpf_optimize(&cstate.ic, p->errbuf) == -1) {
834 (cstate.ic.root->s.code == (BPF_RET|BPF_K) && cstate.ic.root->s.k == 0)) {
835 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
841 program->bf_insns = icode_to_fcode(&cstate.ic,
842 cstate.ic.root, &len, p->errbuf);
843 if (program->bf_insns == NULL) {
848 program->bf_len = len;
896 program->bf_len = 0;
897 if (program->bf_insns != NULL) {
898 free((char *)program->bf_insns);
899 program->bf_insns = NULL;
915 if (!list->sense) {
937 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
949 * Catch errors reported by us and routines below us, and return -1
952 if (setjmp(cstate->top_ctx))
953 return (-1);
957 * statements needed to load the lengths of any variable-length
960 * XXX - a fancier strategy would be to insert those before the
974 insert_compute_vloffsets(cstate, p->head);
977 * For DLT_PPI captures, generate a check of the per-packet
980 * XXX - TurboCap cards use DLT_PPI for Ethernet.
981 * Can we just define some DLT_ETHERNET_WITH_PHDR pseudo-header
984 * the link-layer header type until runtime, which, in the
993 backpatch(p, gen_retblk(cstate, cstate->snaplen));
994 p->sense = !p->sense;
996 cstate->ic.root = p->head;
1003 backpatch(b0, b1->head);
1004 b0->sense = !b0->sense;
1005 b1->sense = !b1->sense;
1007 b1->sense = !b1->sense;
1008 b1->head = b0->head;
1014 b0->sense = !b0->sense;
1015 backpatch(b0, b1->head);
1016 b0->sense = !b0->sense;
1018 b1->head = b0->head;
1024 b->sense = !b->sense;
1028 gen_cmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1031 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JEQ, 0, v);
1035 gen_cmp_gt(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1038 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGT, 0, v);
1042 gen_cmp_ge(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1045 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGE, 0, v);
1049 gen_cmp_lt(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1052 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGE, 1, v);
1056 gen_cmp_le(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1059 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGT, 1, v);
1063 gen_mcmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1066 return gen_ncmp(cstate, offrel, offset, size, mask, BPF_JEQ, 0, v);
1070 gen_bcmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1077 register const u_char *p = &v[size - 4];
1079 tmp = gen_cmp(cstate, offrel, offset + size - 4, BPF_W,
1084 size -= 4;
1087 register const u_char *p = &v[size - 2];
1089 tmp = gen_cmp(cstate, offrel, offset + size - 2, BPF_H,
1094 size -= 2;
1097 tmp = gen_cmp(cstate, offrel, offset, BPF_B, v[0]);
1106 * AND the field of size "size" at offset "offset" relative to the header
1112 gen_ncmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1119 s = gen_load_a(cstate, offrel, offset, size);
1123 s2->s.k = mask;
1128 b->stmts = s;
1129 b->s.k = v;
1138 cstate->pcap_fddipad = p->fddipad;
1141 * We start out with only one link-layer header.
1143 cstate->outermostlinktype = pcap_datalink(p);
1144 cstate->off_outermostlinkhdr.constant_part = 0;
1145 cstate->off_outermostlinkhdr.is_variable = 0;
1146 cstate->off_outermostlinkhdr.reg = -1;
1148 cstate->prevlinktype = cstate->outermostlinktype;
1149 cstate->off_prevlinkhdr.constant_part = 0;
1150 cstate->off_prevlinkhdr.is_variable = 0;
1151 cstate->off_prevlinkhdr.reg = -1;
1153 cstate->linktype = cstate->outermostlinktype;
1154 cstate->off_linkhdr.constant_part = 0;
1155 cstate->off_linkhdr.is_variable = 0;
1156 cstate->off_linkhdr.reg = -1;
1161 cstate->off_linkpl.constant_part = 0;
1162 cstate->off_linkpl.is_variable = 0;
1163 cstate->off_linkpl.reg = -1;
1165 cstate->off_linktype.constant_part = 0;
1166 cstate->off_linktype.is_variable = 0;
1167 cstate->off_linktype.reg = -1;
1170 * Assume it's not raw ATM with a pseudo-header, for now.
1172 cstate->is_atm = 0;
1173 cstate->off_vpi = OFFSET_NOT_SET;
1174 cstate->off_vci = OFFSET_NOT_SET;
1175 cstate->off_proto = OFFSET_NOT_SET;
1176 cstate->off_payload = OFFSET_NOT_SET;
1181 cstate->is_geneve = 0;
1184 * No variable length VLAN offset by default
1186 cstate->is_vlan_vloffset = 0;
1191 cstate->off_li = OFFSET_NOT_SET;
1192 cstate->off_li_hsl = OFFSET_NOT_SET;
1193 cstate->off_sio = OFFSET_NOT_SET;
1194 cstate->off_opc = OFFSET_NOT_SET;
1195 cstate->off_dpc = OFFSET_NOT_SET;
1196 cstate->off_sls = OFFSET_NOT_SET;
1198 cstate->label_stack_depth = 0;
1199 cstate->vlan_stack_depth = 0;
1201 switch (cstate->linktype) {
1204 cstate->off_linktype.constant_part = 2;
1205 cstate->off_linkpl.constant_part = 6;
1206 cstate->off_nl = 0; /* XXX in reality, variable! */
1207 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1211 cstate->off_linktype.constant_part = 4;
1212 cstate->off_linkpl.constant_part = 8;
1213 cstate->off_nl = 0; /* XXX in reality, variable! */
1214 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1218 cstate->off_linktype.constant_part = 12;
1219 cstate->off_linkpl.constant_part = 14; /* Ethernet header length */
1220 cstate->off_nl = 0; /* Ethernet II */
1221 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */
1229 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1230 cstate->off_linkpl.constant_part = 16;
1231 cstate->off_nl = 0;
1232 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1237 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1239 cstate->off_linkpl.constant_part = 24;
1240 cstate->off_nl = 0;
1241 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1246 cstate->off_linktype.constant_part = 0;
1247 cstate->off_linkpl.constant_part = 4;
1248 cstate->off_nl = 0;
1249 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1253 cstate->off_linktype.constant_part = 0;
1254 cstate->off_linkpl.constant_part = 12;
1255 cstate->off_nl = 0;
1256 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1264 cstate->off_linktype.constant_part = 2; /* skip HDLC-like framing */
1265 cstate->off_linkpl.constant_part = 4; /* skip HDLC-like framing and protocol field */
1266 cstate->off_nl = 0;
1267 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1275 cstate->off_linktype.constant_part = 6;
1276 cstate->off_linkpl.constant_part = 8;
1277 cstate->off_nl = 0;
1278 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1282 cstate->off_linktype.constant_part = 5;
1283 cstate->off_linkpl.constant_part = 24;
1284 cstate->off_nl = 0;
1285 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1290 * FDDI doesn't really have a link-level type field.
1291 * We set "off_linktype" to the offset of the LLC header.
1295 * XXX - should we generate code to check for SNAP?
1297 cstate->off_linktype.constant_part = 13;
1298 cstate->off_linktype.constant_part += cstate->pcap_fddipad;
1299 cstate->off_linkpl.constant_part = 13; /* FDDI MAC header length */
1300 cstate->off_linkpl.constant_part += cstate->pcap_fddipad;
1301 cstate->off_nl = 8; /* 802.2+SNAP */
1302 cstate->off_nl_nosnap = 3; /* 802.2 */
1307 * Token Ring doesn't really have a link-level type field.
1308 * We set "off_linktype" to the offset of the LLC header.
1312 * XXX - should we generate code to check for SNAP?
1314 * XXX - the header is actually variable-length.
1318 * information, i.e. is not source-routed, the correct
1321 * A packet is source-routed iff the uppermost bit
1323 * offset of 8, has the uppermost bit set. If the
1324 * packet is source-routed, the total number of bytes
1326 * the 16-bit value at an offset of 14 (shifted right
1327 * 8 - figure out which byte that is).
1329 cstate->off_linktype.constant_part = 14;
1330 cstate->off_linkpl.constant_part = 14; /* Token Ring MAC header length */
1331 cstate->off_nl = 8; /* 802.2+SNAP */
1332 cstate->off_nl_nosnap = 3; /* 802.2 */
1338 cstate->off_linkhdr.is_variable = 1;
1345 * 802.11 doesn't really have a link-level type field.
1346 * We set "off_linktype.constant_part" to the offset of
1351 * XXX - should we generate code to check for SNAP?
1353 * We also handle variable-length radio headers here.
1354 * The Prism header is in theory variable-length, but in
1360 * variable-length.
1362 cstate->off_linktype.constant_part = 24;
1363 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */
1364 cstate->off_linkpl.is_variable = 1;
1365 cstate->off_nl = 8; /* 802.2+SNAP */
1366 cstate->off_nl_nosnap = 3; /* 802.2 */
1379 cstate->off_linktype.constant_part = 24;
1380 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */
1381 cstate->off_linkpl.is_variable = 1;
1382 cstate->off_linkhdr.is_variable = 1;
1383 cstate->off_nl = 8; /* 802.2+SNAP */
1384 cstate->off_nl_nosnap = 3; /* 802.2 */
1390 * assume routed, non-ISO PDUs
1391 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
1393 * XXX - what about ISO PDUs, e.g. CLNP, ISIS, ESIS,
1400 cstate->off_linktype.constant_part = 0;
1401 cstate->off_linkpl.constant_part = 0; /* packet begins with LLC header */
1402 cstate->off_nl = 8; /* 802.2+SNAP */
1403 cstate->off_nl_nosnap = 3; /* 802.2 */
1409 * pseudo-header.
1411 cstate->is_atm = 1;
1412 cstate->off_vpi = SUNATM_VPI_POS;
1413 cstate->off_vci = SUNATM_VCI_POS;
1414 cstate->off_proto = PROTO_POS;
1415 cstate->off_payload = SUNATM_PKT_BEGIN_POS;
1416 cstate->off_linktype.constant_part = cstate->off_payload;
1417 cstate->off_linkpl.constant_part = cstate->off_payload; /* if LLC-encapsulated */
1418 cstate->off_nl = 8; /* 802.2+SNAP */
1419 cstate->off_nl_nosnap = 3; /* 802.2 */
1425 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1426 cstate->off_linkpl.constant_part = 0;
1427 cstate->off_nl = 0;
1428 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1432 cstate->off_linktype.constant_part = 14;
1433 cstate->off_linkpl.constant_part = 16;
1434 cstate->off_nl = 0;
1435 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1439 cstate->off_linktype.constant_part = 0;
1440 cstate->off_linkpl.constant_part = 20;
1441 cstate->off_nl = 0;
1442 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1447 * LocalTalk does have a 1-byte type field in the LLAP header,
1451 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1452 cstate->off_linkpl.constant_part = 0;
1453 cstate->off_nl = 0;
1454 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1459 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
1460 * link-level type field. We set "off_linktype" to the
1461 * offset of the LLC header.
1465 * XXX - should we generate code to check for SNAP? RFC
1468 cstate->off_linktype.constant_part = 16;
1469 cstate->off_linkpl.constant_part = 16;
1470 cstate->off_nl = 8; /* 802.2+SNAP */
1471 cstate->off_nl_nosnap = 3; /* 802.2 */
1476 * XXX - we should set this to handle SNAP-encapsulated
1479 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1480 cstate->off_linkpl.constant_part = 0;
1481 cstate->off_nl = 0;
1482 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1486 * the only BPF-interesting FRF.16 frames are non-control frames;
1487 * Frame Relay has a variable length link-layer
1488 * so lets start with offset 4 for now and increments later on (FIXME);
1491 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1492 cstate->off_linkpl.constant_part = 0;
1493 cstate->off_nl = 4;
1494 cstate->off_nl_nosnap = 0; /* XXX - for now -> no 802.2 LLC */
1498 cstate->off_linktype.constant_part = 16;
1499 cstate->off_linkpl.constant_part = 18;
1500 cstate->off_nl = 0;
1501 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1505 cstate->off_linktype.constant_part = 6;
1506 cstate->off_linkpl.constant_part = 44;
1507 cstate->off_nl = 0; /* Ethernet II */
1508 cstate->off_nl_nosnap = 0; /* XXX - what does it do with 802.3 packets? */
1512 cstate->off_linktype.constant_part = 0;
1513 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */
1514 cstate->off_linkpl.is_variable = 1;
1515 cstate->off_nl = 0;
1516 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
1525 cstate->off_linktype.constant_part = 4;
1526 cstate->off_linkpl.constant_part = 4;
1527 cstate->off_nl = 0;
1528 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1532 cstate->off_linktype.constant_part = 4; /* in reality variable between 4-8 */
1533 cstate->off_linkpl.constant_part = 4; /* in reality variable between 4-8 */
1534 cstate->off_nl = 0;
1535 cstate->off_nl_nosnap = 10;
1539 cstate->off_linktype.constant_part = 8; /* in reality variable between 8-12 */
1540 cstate->off_linkpl.constant_part = 8; /* in reality variable between 8-12 */
1541 cstate->off_nl = 0;
1542 cstate->off_nl_nosnap = 10;
1549 cstate->off_linkpl.constant_part = 14;
1550 cstate->off_linktype.constant_part = 16;
1551 cstate->off_nl = 18; /* Ethernet II */
1552 cstate->off_nl_nosnap = 21; /* 802.3+802.2 */
1556 cstate->off_linktype.constant_part = 4;
1557 cstate->off_linkpl.constant_part = 6;
1558 cstate->off_nl = 0;
1559 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1563 cstate->off_linktype.constant_part = 6;
1564 cstate->off_linkpl.constant_part = 12;
1565 cstate->off_nl = 0;
1566 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1570 cstate->off_linktype.constant_part = 6;
1571 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; /* not really a network layer but raw IP addresses */
1572 cstate->off_nl = OFFSET_NOT_SET; /* not really a network layer but raw IP addresses */
1573 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1577 cstate->off_linktype.constant_part = 12;
1578 cstate->off_linkpl.constant_part = 12;
1579 cstate->off_nl = 0; /* raw IP/IP6 header */
1580 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1584 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1585 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1586 cstate->off_nl = OFFSET_NOT_SET;
1587 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1591 cstate->off_linktype.constant_part = 12;
1592 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; /* L3 proto location dep. on cookie type */
1593 cstate->off_nl = OFFSET_NOT_SET; /* L3 proto location dep. on cookie type */
1594 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1598 cstate->off_linktype.constant_part = 18;
1599 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1600 cstate->off_nl = OFFSET_NOT_SET;
1601 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1605 cstate->off_linktype.constant_part = 18;
1606 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1607 cstate->off_nl = OFFSET_NOT_SET;
1608 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1612 cstate->off_linktype.constant_part = 8;
1613 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1614 cstate->off_nl = OFFSET_NOT_SET;
1615 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1622 cstate->off_linktype.constant_part = 8;
1623 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1624 cstate->off_nl = OFFSET_NOT_SET;
1625 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1629 cstate->off_li = 2;
1630 cstate->off_li_hsl = 4;
1631 cstate->off_sio = 3;
1632 cstate->off_opc = 4;
1633 cstate->off_dpc = 4;
1634 cstate->off_sls = 7;
1635 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1636 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1637 cstate->off_nl = OFFSET_NOT_SET;
1638 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1642 cstate->off_li = 6;
1643 cstate->off_li_hsl = 8;
1644 cstate->off_sio = 7;
1645 cstate->off_opc = 8;
1646 cstate->off_dpc = 8;
1647 cstate->off_sls = 11;
1648 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1649 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1650 cstate->off_nl = OFFSET_NOT_SET;
1651 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1655 cstate->off_li = 22;
1656 cstate->off_li_hsl = 24;
1657 cstate->off_sio = 23;
1658 cstate->off_opc = 24;
1659 cstate->off_dpc = 24;
1660 cstate->off_sls = 27;
1661 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1662 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1663 cstate->off_nl = OFFSET_NOT_SET;
1664 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1668 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1669 cstate->off_linkpl.constant_part = 4;
1670 cstate->off_nl = 0;
1671 cstate->off_nl_nosnap = 0;
1678 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */
1679 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1680 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */
1681 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */
1685 cstate->off_linktype.constant_part = 1;
1686 cstate->off_linkpl.constant_part = 24; /* ipnet header length */
1687 cstate->off_nl = 0;
1688 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1692 cstate->off_linkhdr.constant_part = 4; /* Ethernet header is past 4-byte pseudo-header */
1693 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12;
1694 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* pseudo-header+Ethernet header length */
1695 cstate->off_nl = 0; /* Ethernet II */
1696 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */
1700 cstate->off_linkhdr.constant_part = 12; /* MAC header is past 4-byte pseudo-header, preamble, and SFD */
1701 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12;
1702 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* pseudo-header+preamble+SFD+Ethernet header length */
1703 cstate->off_nl = 0; /* Ethernet II */
1704 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */
1712 if (cstate->linktype >= DLT_HIGH_MATCHING_MIN &&
1713 cstate->linktype <= DLT_HIGH_MATCHING_MAX) {
1714 cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1715 cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1716 cstate->off_nl = OFFSET_NOT_SET;
1717 cstate->off_nl_nosnap = OFFSET_NOT_SET;
1720 cstate->linktype, DLT_HIGH_MATCHING_MIN, DLT_HIGH_MATCHING_MAX);
1721 return (-1);
1726 cstate->off_outermostlinkhdr = cstate->off_prevlinkhdr = cstate->off_linkhdr;
1731 * Load a value relative to the specified absolute offset.
1735 u_int offset, u_int size)
1742 * If "s" is non-null, it has code to arrange that the X register
1743 * contains the variable part of the absolute offset, so we
1744 * generate a load relative to that, with an offset of
1745 * abs_offset->constant_part + offset.
1747 * Otherwise, we can do an absolute load with an offset of
1748 * abs_offset->constant_part + offset.
1753 * variable part of the absolute offset into the X register.
1754 * Do an indirect load, to use the X register as an offset.
1757 s2->s.k = abs_offset->constant_part + offset;
1761 * There is no variable part of the absolute offset, so
1765 s->s.k = abs_offset->constant_part + offset;
1774 gen_load_a(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1796 s->s.k = offset;
1800 s = gen_load_absoffsetrel(cstate, &cstate->off_linkhdr, offset, size);
1804 s = gen_load_absoffsetrel(cstate, &cstate->off_prevlinkhdr, offset, size);
1808 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, offset, size);
1812 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl - 4 + offset, size);
1816 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl + offset, size);
1820 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl_nosnap + offset, size);
1824 s = gen_load_absoffsetrel(cstate, &cstate->off_linktype, offset, size);
1830 * (plus the offset of the link-layer header, if it's
1831 * preceded by a variable-length header such as a radio
1837 * Load the item at {offset of the link-layer payload} +
1838 * {offset, relative to the start of the link-layer
1840 * {specified offset}.
1842 * If the offset of the link-layer payload is variable,
1843 * the variable part of that offset is included in the
1845 * part in the offset of the load.
1848 s2->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + offset;
1853 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl + 40 + offset, size);
1861 * the IPv4 header and the variable part of the offset of the link-layer
1869 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
1872 * The offset of the link-layer payload has a variable
1874 * the variable part of that offset into the X register.
1877 * don't have a constant offset, so we have to load the
1882 s2->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
1885 s2->s.k = 0xf;
1888 s2->s.k = 2;
1893 * We need to add to it the variable part of the offset of
1894 * the link-layer payload, which is still in the X
1901 * The offset of the link-layer payload is a constant,
1903 * variable part of that offset.
1907 * is at an offset of cstate->off_nl from the beginning of
1908 * the link-layer payload, and thus at an offset of
1909 * cstate->off_linkpl.constant_part + cstate->off_nl from the beginning
1913 s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
1926 s->s.k = !rsense;
1928 b->stmts = s;
1946 * Byte-swap a 32-bit number.
1947 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1948 * big-endian platforms.)
1976 * LLCSAP_IP checks for IP-over-802.2, rather
1977 * than IP-over-Ethernet or IP-over-SNAP.
1979 * XXX - should we check both the DSAP and the
2015 * XXX - should we generate the same code both
2062 * layer) may use 802.2 encapsulation.
2074 * 802.2-encapsulated ETHERTYPE_ATALK packets are
2079 * 802.2-encapsulated ETHERTYPE_AARP packets are
2134 * For DLT_NULL, the link-layer header is a 32-bit word
2136 * DLT_ENC, the link-layer header begins with a 32-bit
2143 * For DLT_LOOP, the link-layer header is a 32-bit
2146 if (cstate->linktype == DLT_NULL || cstate->linktype == DLT_ENC) {
2152 * with the opposite byte order to ours, we byte-swap
2158 if (cstate->bpf_pcap->rfile != NULL && cstate->bpf_pcap->swapped)
2211 * LLCSAP_IP checks for IP-over-802.2, rather
2212 * than IP-over-Ethernet or IP-over-SNAP.
2214 * XXX - should we check both the DSAP and the
2276 * layer) may use 802.2 encapsulation.
2287 * 802.2-encapsulated ETHERTYPE_ATALK packets are
2292 * 802.2-encapsulated ETHERTYPE_AARP packets are
2323 b1 = gen_cmp(cstate, OR_LINKHDR, cstate->off_linkpl.constant_part, BPF_B,
2343 * Load a value relative to the beginning of the link-layer header after the
2358 if (cstate->off_linkpl.reg != -1) {
2363 s1->s.k = 0;
2370 s2->s.k = 3;
2373 s2->s.k = 0xfffffffc;
2381 s2->s.k = cstate->off_linkpl.reg;
2407 cstate->no_optimize = 1;
2418 * We load a 4-byte big-endian value at the beginning of the
2421 * an AVS header (the masked-out bits are the version number).
2424 * XXX - the Prism header is also, in theory, variable-length,
2428 if (cstate->off_linkhdr.reg != -1) {
2433 s1->s.k = 0;
2439 s2->s.k = 0xFFFFF000;
2446 sjeq_avs_cookie->s.k = 0x80211000;
2452 * The 4 bytes at an offset of 4 from the beginning of
2454 * That field is big-endian.
2457 s2->s.k = 4;
2459 sjeq_avs_cookie->s.jt = s2;
2470 sjcommon->s.k = 1;
2480 s2->s.k = 144;
2482 sjeq_avs_cookie->s.jf = s2;
2490 s2->s.k = cstate->off_linkhdr.reg;
2492 sjcommon->s.jf = s2;
2517 if (cstate->off_linkhdr.reg != -1) {
2519 * The 4 bytes at an offset of 4 from the beginning of
2521 * That field is big-endian.
2524 s1->s.k = 4;
2531 s2->s.k = cstate->off_linkhdr.reg;
2557 if (cstate->off_linkhdr.reg != -1) {
2561 * header; unfortunately, it's little-endian, so we have
2566 * Load the high-order byte, at an offset of 3, shift it
2570 s1->s.k = 3;
2573 s2->s.k = 8;
2578 * Load the next byte, at an offset of 2, and OR the
2583 s2->s.k = 2;
2592 s2->s.k = cstate->off_linkhdr.reg;
2625 if (cstate->off_linkhdr.reg != -1) {
2629 * header; unfortunately, it's little-endian, so we have
2634 * Load the high-order byte, at an offset of 3, shift it
2638 s1->s.k = 3;
2641 s2->s.k = 8;
2646 * Load the next byte, at an offset of 2, and OR the
2651 s2->s.k = 2;
2660 s2->s.k = cstate->off_linkhdr.reg;
2675 * Load a value relative to the beginning of the link-layer header after the 802.11
2677 * The link-layer header doesn't necessarily begin at the beginning
2678 * of the packet data; there might be a variable-length prefix containing
2694 if (cstate->off_linkpl.reg == -1) {
2696 * No register has been assigned to the offset of
2697 * the link-layer payload, which means nobody needs
2698 * it; don't bother computing it - just return
2709 cstate->no_optimize = 1;
2712 * If "s" is non-null, it has code to arrange that the X register
2713 * contains the length of the prefix preceding the link-layer
2716 * Otherwise, the length of the prefix preceding the link-layer
2721 * There is no variable-length header preceding the
2722 * link-layer header.
2724 * Load the length of the fixed-length prefix preceding
2725 * the link-layer header (if any) into the X register,
2726 * and store it in the cstate->off_linkpl.reg register.
2730 s->s.k = cstate->off_outermostlinkhdr.constant_part;
2734 * The X register contains the offset of the beginning of the
2735 * link-layer header; add 24, which is the minimum length
2737 * in cstate->off_linkpl.reg, and then load the Frame Control field,
2738 * which is at the offset in the X register, with an indexed load.
2743 s2->s.k = 24;
2746 s2->s.k = cstate->off_linkpl.reg;
2750 s2->s.k = 0;
2759 sjset_data_frame_1->s.k = 0x08;
2766 sjset_data_frame_1->s.jt = sjset_data_frame_2 = new_stmt(cstate, JMP(BPF_JSET));
2767 sjset_data_frame_2->s.k = 0x04;
2769 sjset_data_frame_1->s.jf = snext;
2776 sjset_data_frame_2->s.jt = snext;
2777 sjset_data_frame_2->s.jf = sjset_qos = new_stmt(cstate, JMP(BPF_JSET));
2778 sjset_qos->s.k = 0x80; /* QoS bit */
2782 * If it's set, add 2 to cstate->off_linkpl.reg, to skip the QoS
2787 sjset_qos->s.jt = s2 = new_stmt(cstate, BPF_LD|BPF_MEM);
2788 s2->s.k = cstate->off_linkpl.reg;
2791 s2->s.k = 2;
2794 s2->s.k = cstate->off_linkpl.reg;
2799 * there's Atheros padding between the MAC-layer header
2803 * little-endian, so we byte-swap all of the values
2804 * we test against, as they will be loaded as big-endian
2807 * XXX - in the general case, we would have to scan through
2816 if (cstate->linktype == DLT_IEEE802_11_RADIO) {
2821 sjset_qos->s.jf = s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_W);
2822 s2->s.k = 4;
2826 sjset_radiotap_flags_present->s.k = SWAPLONG(0x00000002);
2832 sjset_radiotap_flags_present->s.jf = snext;
2838 sjset_radiotap_ext_present->s.k = SWAPLONG(0x80000000);
2840 sjset_radiotap_flags_present->s.jt = sjset_radiotap_ext_present;
2845 sjset_radiotap_ext_present->s.jt = snext;
2851 sjset_radiotap_tsft_present->s.k = SWAPLONG(0x00000001);
2853 sjset_radiotap_ext_present->s.jf = sjset_radiotap_tsft_present;
2857 * at an offset of 16 from the beginning of the raw packet
2865 s2->s.k = 16;
2867 sjset_radiotap_tsft_present->s.jt = s2;
2870 sjset_tsft_datapad->s.k = 0x20;
2875 * at an offset of 8 from the beginning of the raw packet
2882 s2->s.k = 8;
2884 sjset_radiotap_tsft_present->s.jf = s2;
2887 sjset_notsft_datapad->s.k = 0x20;
2898 s_roundup->s.k = cstate->off_linkpl.reg;
2901 s2->s.k = 3;
2904 s2->s.k = (bpf_u_int32)~3;
2907 s2->s.k = cstate->off_linkpl.reg;
2910 sjset_tsft_datapad->s.jt = s_roundup;
2911 sjset_tsft_datapad->s.jf = snext;
2912 sjset_notsft_datapad->s.jt = s_roundup;
2913 sjset_notsft_datapad->s.jf = snext;
2915 sjset_qos->s.jf = snext;
2930 if (cstate->off_linkpl.reg != -1 && cstate->off_linkhdr.is_variable &&
2931 cstate->off_linkhdr.reg == -1)
2932 cstate->off_linkhdr.reg = alloc_reg(cstate);
2935 * For link-layer types that have a variable-length header
2936 * preceding the link-layer header, generate code to load
2937 * the offset of the link-layer header into the register
2938 * assigned to that offset, if any.
2940 * XXX - this, and the next switch statement, won't handle
2945 switch (cstate->outermostlinktype) {
2969 * For link-layer types that have a variable-length link-layer
2970 * header, generate code to load the offset of the link-layer
2971 * payload into the register assigned to that offset, if any.
2973 switch (cstate->outermostlinktype) {
2980 s = gen_load_802_11_header_len(cstate, s, b->stmts);
2992 if (s == NULL && cstate->is_vlan_vloffset) {
2995 if (cstate->off_linkpl.reg == -1)
2996 cstate->off_linkpl.reg = alloc_reg(cstate);
2997 if (cstate->off_linktype.reg == -1)
2998 cstate->off_linktype.reg = alloc_reg(cstate);
3001 s->s.k = 0;
3003 s2->s.k = cstate->off_linkpl.reg;
3006 s2->s.k = cstate->off_linktype.reg;
3011 * If we have any offset-loading code, append all the
3017 sappend(s, b->stmts);
3018 b->stmts = s;
3028 if (cstate->linktype == DLT_PPI)
3033 s_load_dlt->s.k = 4;
3037 b->stmts = s_load_dlt;
3038 b->s.k = SWAPLONG(DLT_IEEE802_11);
3049 * Take an absolute offset, and:
3055 * a pointer to that code - if no register for that offset has
3066 if (off->is_variable) {
3067 if (off->reg == -1) {
3070 * variable part of the offset of the link-layer
3073 off->reg = alloc_reg(cstate);
3078 * offset of the link-layer header into the X register.
3081 s->s.k = off->reg;
3085 * That offset isn't variable, there's no variable part,
3141 * Generate any tests that, for encapsulation of a link-layer packet
3143 * link-layer packets (and that haven't already been done by a check
3151 if (cstate->is_geneve)
3154 switch (cstate->prevlinktype) {
3158 * This is LANE-encapsulated Ethernet; check that the LANE
3183 #define BSD_AFNUM_INET6_DARWIN 30 /* macOS, iOS, other Darwin-based OSes */
3187 * link-layer type field or fields in the 802.2 LLC header.
3198 /* are we checking MPLS-encapsulated packets? */
3199 if (cstate->label_stack_depth > 0)
3202 switch (cstate->linktype) {
3209 if (!cstate->is_geneve)
3244 * Now check for the specified link-layer type.
3253 * XXX - check for LLC frames.
3260 * XXX - check for LLC PDUs, as per IEEE 802.5.
3273 * Check for an LLC-encapsulated version of this protocol;
3296 * XXX - for IPv4, check for a version number of 4, and,
3357 * Also check for Van Jacobson-compressed IP.
3358 * XXX - do this for other forms of PPP?
3383 * AF_ values may, unfortunately, be platform-
3404 if (cstate->bpf_pcap->rfile != NULL) {
3406 * Savefile - check for all three
3445 * XXX - support those that have AF_ values
3518 * XXX - assumes a 2-byte Frame Relay header with
3560 bpf_error(cstate, "Multi-link Frame Relay link-layer type filtering not implemented");
3585 /* just lets verify the magic number for now -
3601 bpf_error(cstate, "IrDA link-layer type filtering not implemented");
3604 bpf_error(cstate, "DOCSIS link-layer type filtering not implemented");
3608 bpf_error(cstate, "MTP2 link-layer type filtering not implemented");
3611 bpf_error(cstate, "ERF link-layer type filtering not implemented");
3614 bpf_error(cstate, "PFSYNC link-layer type filtering not implemented");
3617 bpf_error(cstate, "LAPD link-layer type filtering not implemented");
3623 bpf_error(cstate, "USB link-layer type filtering not implemented");
3627 bpf_error(cstate, "Bluetooth link-layer type filtering not implemented");
3631 bpf_error(cstate, "CAN link-layer type filtering not implemented");
3638 bpf_error(cstate, "IEEE 802.15.4 link-layer type filtering not implemented");
3641 bpf_error(cstate, "IEEE 802.16 link-layer type filtering not implemented");
3644 bpf_error(cstate, "SITA link-layer type filtering not implemented");
3647 bpf_error(cstate, "RAIF1 link-layer type filtering not implemented");
3651 bpf_error(cstate, "IPMB link-layer type filtering not implemented");
3654 bpf_error(cstate, "AX.25 link-layer type filtering not implemented");
3657 /* Using the fixed-size NFLOG header it is possible to tell only
3661 bpf_error(cstate, "NFLOG link-layer type filtering not implemented");
3665 * Does this link-layer header type have a field
3667 * so, off_linktype.constant_part will be the offset of that
3670 if (cstate->off_linktype.constant_part != OFFSET_NOT_SET) {
3682 description = pcap_datalink_val_to_description_or_dlt(cstate->linktype);
3683 bpf_error(cstate, "%s link-layer type filtering not implemented",
3721 switch (cstate->linktype) {
3733 * 0xFF, to rule out NetWare-over-802.3.
3749 * XXX - check for LLC frames.
3755 * XXX - check for LLC frames.
3783 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
3795 if (setjmp(cstate->top_ctx))
3811 if (setjmp(cstate->top_ctx))
3820 * Load the control byte and test the low-order bit; it must
3825 b1->s.k = 0x01;
3826 b1->stmts = s;
3841 if (setjmp(cstate->top_ctx))
3850 * Now compare the low-order 2 bit of the control byte against
3867 if (setjmp(cstate->top_ctx))
3876 * Now compare the low-order 2 bit of the control byte against
3893 if (setjmp(cstate->top_ctx))
3918 if (setjmp(cstate->top_ctx))
3935 * Generate code to match a particular packet type, for link-layer types
3939 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues.
3950 * XXX - handle token-ring variable-length header.
3958 * XXX - should we check both the DSAP and the
3967 * XXX - are there ever SNAP frames for IPX on
3968 * non-Ethernet 802.x networks?
3974 * 802.2-encapsulated ETHERTYPE_ATALK packets are
3979 * XXX - check for an organization code of
3986 * XXX - we don't have to check for IPX 802.3
4004 * XXX - if we were to check for the SNAP DSAP and
4025 u_int offset;
4030 offset = src_off;
4034 offset = dst_off;
4079 b1 = gen_mcmp(cstate, OR_LINKPL, offset, BPF_W, addr, mask);
4091 u_int offset;
4093 * Code below needs to access four separate 32-bit parts of the 128-bit
4095 * s6_addr32 pseudo-member of struct in6_addr, which contains a union of
4096 * 8-, 16- and 32-bit arrays. In other OSes this is not the case, as
4106 offset = src_off;
4110 offset = dst_off;
4157 b1 = gen_mcmp(cstate, OR_LINKPL, offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
4158 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
4160 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
4162 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
4233 return gen_bcmp(cstate, OR_LINKHDR, 6 + 1 + cstate->pcap_fddipad, 6, eaddr);
4236 return gen_bcmp(cstate, OR_LINKHDR, 0 + 1 + cstate->pcap_fddipad, 6, eaddr);
4352 cstate->no_optimize = 1;
4363 * offset of 10 from the beginning of
4366 * For data frames, SA is at an offset
4368 * if From DS is clear, at an offset of
4371 * and an offset of 24 from the beginning
4384 b1->s.k = 0x01; /* To DS */
4385 b1->stmts = s;
4399 b2->s.k = 0x01; /* To DS */
4400 b2->stmts = s;
4418 * the ORed-together checks.
4422 b1->s.k = 0x02; /* From DS */
4423 b1->stmts = s;
4431 b2->s.k = 0x02; /* From DS */
4432 b2->stmts = s;
4454 b1->s.k = 0x08;
4455 b1->stmts = s;
4463 * If the high-order bit of the type value is 0, this
4469 b2->s.k = 0x08;
4470 b2->stmts = s;
4487 * If the low-order bit of the type value is 1,
4496 b1->s.k = 0x04;
4497 b1->stmts = s;
4514 * offset of 4 from the beginning of
4517 * For data frames, DA is at an offset
4519 * if To DS is clear and at an offset of
4531 b1->s.k = 0x01; /* To DS */
4532 b1->stmts = s;
4546 b2->s.k = 0x01; /* To DS */
4547 b2->stmts = s;
4568 b1->s.k = 0x08;
4569 b1->stmts = s;
4577 * If the high-order bit of the type value is 0, this
4583 b2->s.k = 0x08;
4584 b2->stmts = s;
4601 * If the low-order bit of the type value is 1,
4610 b1->s.k = 0x04;
4611 b1->stmts = s;
4635 * XXX - add BSSID keyword?
4690 * If the high-order bit of the type value is 0, this
4696 b1->s.k = 0x08;
4697 b1->stmts = s;
4732 * If the high-order bit of the type value is 0, this
4738 b1->s.k = 0x08;
4739 b1->stmts = s;
4759 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
4760 * (We assume that the addresses are IEEE 48-bit MAC addresses,
4838 u_int offset_lh; /* offset if long header is received */
4839 u_int offset_sh; /* offset if short header is received */
4925 /* Combine with test for cstate->linktype */
4931 * Generate a check for IPv4 or IPv6 for MPLS-encapsulated packets;
4932 * test the bottom-of-stack bit, and then check the version number
4943 /* match the bottom-of-stack bit */
4944 b0 = gen_mcmp(cstate, OR_LINKPL, (u_int)-2, BPF_B, 0x01, 0x01);
4951 /* match the bottom-of-stack bit */
4952 b0 = gen_mcmp(cstate, OR_LINKPL, (u_int)-2, BPF_B, 0x01, 0x01);
4982 * Only check for non-IPv4 addresses if we're not
4983 * checking MPLS-encapsulated packets.
4985 if (cstate->label_stack_depth == 0) {
4994 bpf_error(cstate, "link-layer modifier applied to %s", typestr);
5134 bpf_error(cstate, "link-layer modifier applied to ip6 %s", typestr);
5274 switch (cstate->linktype) {
5298 * This is LLC-multiplexed traffic; if it were
5299 * LANE, cstate->linktype would have been set to
5312 for (ai = alist; ai != NULL; ai = ai->ai_next) {
5316 if (ai->ai_addr != NULL) {
5320 if (ai->ai_addr->sa_family == AF_INET) {
5324 sin = (struct sockaddr_in *)ai->ai_addr;
5326 ntohl(sin->sin_addr.s_addr),
5439 bpf_error(cstate, "link layer applied in wrong context");
5506 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
5508 b1 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
5518 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
5520 b1 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
5530 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
5598 if (setjmp(cstate->top_ctx))
5613 b->s.k = 0x1fff;
5614 b->stmts = s;
5621 * Generate a comparison to a port value in the transport-layer header
5622 * at the specified offset from the beginning of that header.
5624 * XXX - this handles a variable-length prefix preceding the link-layer
5626 * variable-length link-layer headers (such as Token Ring or 802.11
5717 * For IEEE 802 networks - which includes 802.5 token ring
5718 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
5722 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
5758 /* XXX - catch the first fragment of a fragmented packet? */
5977 /* XXX - catch the first fragment of a fragmented packet? */
6058 /* XXX should look up h/w protocol type based on cstate->linktype */
6114 * We don't handle variable-length prefixes before the link-layer
6115 * header, or variable-length link-layer headers, here yet.
6124 if (cstate->off_linkpl.is_variable)
6138 cstate->no_optimize = 1;
6153 /* A = ip->ip_p */
6155 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 9;
6157 /* X = ip->ip_hl << 2 */
6159 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6166 /* A = ip6->ip_nxt */
6168 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 6;
6172 s[i]->s.k = 40;
6184 s[i]->s.k = v;
6185 s[i]->s.jt = NULL; /*later*/
6186 s[i]->s.jf = NULL; /*update in next stmt*/
6195 s[i]->s.jt = NULL; /*later*/
6196 s[i]->s.jf = NULL; /*update in next stmt*/
6197 s[i]->s.k = IPPROTO_NONE;
6198 s[fix5]->s.jf = s[i];
6208 s[i]->s.jt = NULL; /*later*/
6209 s[i]->s.jf = NULL; /*update in next stmt*/
6210 s[i]->s.k = IPPROTO_HOPOPTS;
6211 s[fix2]->s.jf = s[i];
6214 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6215 s[i]->s.jt = NULL; /*later*/
6216 s[i]->s.jf = NULL; /*update in next stmt*/
6217 s[i]->s.k = IPPROTO_DSTOPTS;
6220 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6221 s[i]->s.jt = NULL; /*later*/
6222 s[i]->s.jf = NULL; /*update in next stmt*/
6223 s[i]->s.k = IPPROTO_ROUTING;
6226 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6227 s[i]->s.jt = NULL; /*later*/
6228 s[i]->s.jf = NULL; /*later*/
6229 s[i]->s.k = IPPROTO_FRAGMENT;
6244 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6248 s[i]->s.k = reg2;
6252 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 1;
6256 s[i]->s.k = 1;
6260 s[i]->s.k = 8;
6264 s[i]->s.k = 0;
6271 s[i]->s.k = reg2;
6276 s[i]->s.k = again - i - 1;
6277 s[i - 1]->s.jf = s[i];
6282 s[j]->s.jt = s[v6advance];
6286 s[i]->s.k = 0;
6287 s[fix2]->s.jf = s[i];
6295 s[i]->s.jt = NULL; /*later*/
6296 s[i]->s.jf = NULL; /*later*/
6297 s[i]->s.k = IPPROTO_AH;
6299 s[fix3]->s.jf = s[ahcheck];
6309 s[i - 1]->s.jt = s[i] = new_stmt(cstate, BPF_MISC|BPF_TXA);
6313 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6317 s[i]->s.k = reg2;
6320 s[i - 1]->s.jt = s[i] = new_stmt(cstate, BPF_MISC|BPF_TXA);
6324 s[i]->s.k = 1;
6331 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6335 s[i]->s.k = 2;
6339 s[i]->s.k = 4;
6346 s[i]->s.k = reg2;
6351 s[i]->s.k = again - i - 1;
6357 s[i]->s.k = 0;
6358 s[fix2]->s.jt = s[end];
6359 s[fix4]->s.jf = s[end];
6360 s[fix5]->s.jt = s[end];
6367 for (i = 0; i < max - 1; i++)
6368 s[i]->next = s[i + 1];
6369 s[max - 1]->next = NULL;
6375 b->stmts = s[1]; /*remember, s[0] is dummy*/
6376 b->s.k = v;
6397 b0->s.k = 0x08;
6398 b0->stmts = s;
6402 b1->s.k = 0x04;
6403 b1->stmts = s;
6444 * For IEEE 802 networks - which includes 802.5 token ring
6445 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
6449 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
6555 switch (cstate->linktype) {
6571 * XXX - assumes a 2-byte Frame Relay header with
6574 * XXX - what about SNAP-encapsulated frames?
6582 * Cisco uses an Ethertype lookalike - for OSI,
6586 /* OSI in C-HDLC is stuffed with a fudge byte */
6605 * 4 is the offset of the PDU type relative to the IS-IS
6672 * Convert a non-numeric name to a port number.
6683 int port = -1;
6700 * No such port. Just return -1.
6708 * guaranteed to be thread-safe on all platforms
6709 * (probably because it might use a non-thread-local
6717 port = -2; /* a real error */
6727 * guaranteed to be thread-safe on all platforms
6728 * (probably because it might use a non-thread-local
6736 port = -2; /* a real error */
6743 for (ai = res; ai != NULL; ai = ai->ai_next) {
6747 if (ai->ai_addr != NULL) {
6751 if (ai->ai_addr->sa_family == AF_INET) {
6752 in4 = (struct sockaddr_in *)ai->ai_addr;
6753 port = ntohs(in4->sin_port);
6757 if (ai->ai_addr->sa_family == AF_INET6) {
6758 in6 = (struct sockaddr_in6 *)ai->ai_addr;
6759 port = ntohs(in6->sin6_port);
6780 int tcp_port = -1;
6781 int udp_port = -1;
6790 /* Unknown port type - it's just a number. */
6804 if (tcp_port == -2) {
6810 longjmp(cstate->top_ctx, 1);
6814 if (udp_port == -2) {
6820 longjmp(cstate->top_ctx, 1);
6864 longjmp(cstate->top_ctx, 1);
6869 longjmp(cstate->top_ctx, 1);
6874 bpf_set_error(cstate, "stoulen returned %d - this should not happen", ret);
6875 longjmp(cstate->top_ctx, 1);
6882 * Convert a string in the form PPP-PPP, which correspond to ports, to
6894 if ((hyphen_off = strchr(string, '-')) == NULL)
6900 * XXX - we support named ports, but there are some port names
6904 if (strchr(hyphen_off + 1, '-') != NULL)
6912 first_size = hyphen_off - string;
6914 /* Range of "-port", which we don't support. */
6930 /* Range of "port-", which we don't support. */
6965 if (setjmp(cstate->top_ctx))
6985 switch (cstate->linktype) {
7042 bpf_error(cstate, "only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
7066 cstate->ai = res;
7072 if (cstate->off_linktype.constant_part == OFFSET_NOT_SET &&
7079 for (res = res0; res; res = res->ai_next) {
7080 switch (res->ai_family) {
7088 res->ai_addr;
7089 tmp = gen_host(cstate, ntohl(sin4->sin_addr.s_addr),
7098 res->ai_addr;
7099 tmp = gen_host6(cstate, &sin6->sin6_addr,
7110 cstate->ai = NULL;
7212 cstate->ai = res;
7216 cstate->ai = NULL;
7260 if (setjmp(cstate->top_ctx))
7267 n <<= 32 - nlen;
7274 m <<= 32 - mlen;
7276 bpf_error(cstate, "non-network bits set in \"%s mask %s\"",
7289 m = 0xffffffff << (32 - masklen);
7291 bpf_error(cstate, "non-network bits set in \"%s/%d\"",
7319 if (setjmp(cstate->top_ctx))
7344 bpf_error(cstate, "illegal link layer address");
7355 v <<= 32 - vlen;
7356 mask <<= 32 - vlen ;
7443 if (setjmp(cstate->top_ctx))
7449 cstate->ai = res;
7450 if (res->ai_next)
7452 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
7460 (0xff << (8 - masklen % 8)) & 0xff;
7467 bpf_error(cstate, "non-network bits set in \"%s/%d\"", s, masklen);
7480 cstate->ai = NULL;
7500 if (setjmp(cstate->top_ctx))
7504 cstate->e = pcap_ether_aton(s);
7505 if (cstate->e == NULL)
7507 switch (cstate->linktype) {
7512 b = gen_ehostop(cstate, cstate->e, (int)q.dir);
7517 b = gen_fhostop(cstate, cstate->e, (int)q.dir);
7520 b = gen_thostop(cstate, cstate->e, (int)q.dir);
7527 b = gen_wlanhostop(cstate, cstate->e, (int)q.dir);
7530 b = gen_ipfchostop(cstate, cstate->e, (int)q.dir);
7533 free(cstate->e);
7534 cstate->e = NULL;
7538 free(cstate->e);
7539 cstate->e = NULL;
7542 bpf_error(cstate, "ethernet address used in non-ether expression");
7553 while (s0->next)
7554 s0 = s0->next;
7555 s0->next = s1;
7564 s->s.k = a->regno;
7574 s->s.k = a->regno;
7580 * offset relative to the beginning of the header for the protocol
7582 * (1, 2, or 4) at that offset into that register, making it the register
7594 free_reg(cstate, inst->regno);
7619 * The offset is relative to the beginning of the packet
7623 if (cstate->linktype != DLT_IEEE802_11_RADIO_AVS &&
7624 cstate->linktype != DLT_IEEE802_11_RADIO &&
7625 cstate->linktype != DLT_PRISM_HEADER)
7629 * Load into the X register the offset computed into the
7635 * Load the item at that offset.
7639 sappend(inst->s, s);
7644 * The offset is relative to the beginning of
7645 * the link-layer header.
7647 * XXX - what about ATM LANE? Should the index be
7654 s = gen_abs_offset_varpart(cstate, &cstate->off_linkhdr);
7657 * If "s" is non-null, it has code to arrange that the
7659 * the link-layer header. Add to it the offset computed
7662 * register the offset computed into the register specified
7673 * Load the item at the sum of the offset we've put in the
7674 * X register and the offset of the start of the link
7675 * layer header (which is 0 if the radio header is
7676 * variable-length; that header length is what we put
7680 tmp->s.k = cstate->off_linkhdr.constant_part;
7682 sappend(inst->s, s);
7696 * The offset is relative to the beginning of
7697 * the network-layer header.
7698 * XXX - are there any cases where we want
7699 * cstate->off_nl_nosnap?
7701 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
7704 * If "s" is non-null, it has code to arrange that the
7705 * X register contains the variable part of the offset
7706 * of the link-layer payload. Add to it the offset
7709 * load into the X register the offset computed into
7720 * Load the item at the sum of the offset we've put in the
7721 * X register, the offset of the start of the network
7722 * layer header from the beginning of the link-layer
7723 * payload, and the constant part of the offset of the
7724 * start of the link-layer payload.
7727 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
7729 sappend(inst->s, s);
7736 if (inst->b)
7737 gen_and(inst->b, b);
7738 inst->b = b;
7751 * The offset is relative to the beginning of
7752 * the transport-layer header.
7755 * (plus the offset of the link-layer header, if it's
7756 * a variable-length header), in bytes.
7758 * XXX - are there any cases where we want
7759 * cstate->off_nl_nosnap?
7760 * XXX - we should, if we're built with
7768 * part of the offset of the link-layer payload and the
7769 * length of the network-layer header.
7771 * Load into the A register the offset relative to
7772 * the beginning of the transport layer header,
7774 * X register, and load with an offset from the
7776 * the offset of the link-layer payload and the offset,
7777 * relative to the beginning of the link-layer payload,
7778 * of the network-layer header.
7784 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
7785 sappend(inst->s, s);
7789 * the protocol in question - which is true only
7794 if (inst->b)
7795 gen_and(inst->b, b);
7797 inst->b = b;
7805 if (inst->b)
7806 gen_and(inst->b, b);
7807 inst->b = b;
7813 if (inst->b)
7814 gen_and(inst->b, b);
7815 inst->b = b;
7817 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
7819 * If "s" is non-null, it has code to arrange that the
7820 * X register contains the variable part of the offset
7821 * of the link-layer payload. Add to it the offset
7824 * load into the X register the offset computed into
7835 * Load the item at the sum of the offset we've put in the
7836 * X register, the offset of the start of the network
7837 * layer header from the beginning of the link-layer
7838 * payload, and the constant part of the offset of the
7839 * start of the link-layer payload.
7842 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 40;
7845 sappend(inst->s, s);
7849 inst->regno = regno;
7851 s->s.k = regno;
7852 sappend(inst->s, s);
7865 if (setjmp(cstate->top_ctx))
7891 sappend(a1->s, s0);
7892 sappend(a0->s, a1->s);
7894 b->stmts = a0->s;
7896 free_reg(cstate, a0->regno);
7897 free_reg(cstate, a1->regno);
7900 if (a0->b) {
7901 if (a1->b) {
7902 gen_and(a0->b, tmp = a1->b);
7905 tmp = a0->b;
7907 tmp = a1->b;
7923 if (setjmp(cstate->top_ctx))
7940 if (setjmp(cstate->top_ctx))
7946 s->next = new_stmt(cstate, BPF_ST);
7947 s->next->s.k = regno;
7948 a->s = s;
7949 a->regno = regno;
7966 s->s.k = val;
7967 s->next = new_stmt(cstate, BPF_ST);
7968 s->next->s.k = reg;
7969 a->s = s;
7970 a->regno = reg;
7982 if (setjmp(cstate->top_ctx))
7990 * a might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
8003 if (setjmp(cstate->top_ctx))
8007 sappend(a->s, s);
8009 s->s.k = 0;
8010 sappend(a->s, s);
8012 s->s.k = a->regno;
8013 sappend(a->s, s);
8020 * a0 might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
8034 if (setjmp(cstate->top_ctx))
8045 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k == 0)
8048 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k == 0)
8051 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k > 31)
8060 sappend(a1->s, s0);
8061 sappend(a0->s, a1->s);
8063 free_reg(cstate, a0->regno);
8064 free_reg(cstate, a1->regno);
8067 a0->regno = s0->s.k = alloc_reg(cstate);
8068 sappend(a0->s, s0);
8079 cstate->curreg = 0;
8080 memset(cstate->regused, 0, sizeof cstate->regused);
8091 while (--n >= 0) {
8092 if (cstate->regused[cstate->curreg])
8093 cstate->curreg = (cstate->curreg + 1) % BPF_MEMWORDS;
8095 cstate->regused[cstate->curreg] = 1;
8096 return cstate->curreg;
8110 cstate->regused[n] = 0;
8121 b->stmts = s;
8122 b->s.k = n;
8134 if (setjmp(cstate->top_ctx))
8152 if (setjmp(cstate->top_ctx))
8163 * the beginning of the link-layer header.
8164 * XXX - that means you can't test values in the radiotap header, but
8181 if (setjmp(cstate->top_ctx))
8207 s->s.k = val;
8209 b->stmts = s;
8228 if (setjmp(cstate->top_ctx))
8235 switch (cstate->linktype) {
8270 if (cstate->netmask == PCAP_NETMASK_UNKNOWN)
8273 hostmask = ~cstate->netmask;
8281 bpf_error(cstate, "only link-layer/IP broadcast filters supported");
8286 * Generate code to test the low-order bit of a MAC address (that's
8290 gen_mac_multicast(compiler_state_t *cstate, int offset)
8295 /* link[offset] & 1 != 0 */
8296 s = gen_load_a(cstate, OR_LINKHDR, offset, BPF_B);
8298 b0->s.k = 1;
8299 b0->stmts = s;
8313 if (setjmp(cstate->top_ctx))
8320 switch (cstate->linktype) {
8338 * XXX - was that referring to bit-order issues?
8356 * offset of 4 from the beginning of
8359 * For data frames, DA is at an offset
8361 * if To DS is clear and at an offset of
8373 b1->s.k = 0x01; /* To DS */
8374 b1->stmts = s;
8388 b2->s.k = 0x01; /* To DS */
8389 b2->stmts = s;
8410 b1->s.k = 0x08;
8411 b1->stmts = s;
8419 * If the high-order bit of the type value is 0, this
8425 b2->s.k = 0x08;
8426 b2->stmts = s;
8443 * If the low-order bit of the type value is 1,
8452 b1->s.k = 0x04;
8453 b1->stmts = s;
8483 bpf_error(cstate, "link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
8496 if (setjmp(cstate->top_ctx))
8502 switch (cstate->linktype) {
8512 * special meta-data in the filter expression;
8515 if (cstate->bpf_pcap->rfile != NULL) {
8518 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
8526 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
8537 * unicast or multicast link-layer address we are not subscribing to).
8540 * better accomplished using a higher-layer filter.
8551 if (setjmp(cstate->top_ctx))
8557 switch (cstate->linktype) {
8632 * the byte after the 3-byte magic number */
8644 * If we have packet meta-data indicating a direction,
8646 * it. Otherwise, give up, as this link-layer type has
8650 * check that metadata is Linux with the in-kernel
8662 * special meta-data in the filter expression;
8665 if (cstate->bpf_pcap->rfile != NULL) {
8668 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
8680 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
8698 if (setjmp(cstate->top_ctx))
8701 if (cstate->linktype != DLT_PFLOG) {
8705 len = sizeof(((struct pfloghdr *)0)->ifname);
8709 len-1);
8727 if (setjmp(cstate->top_ctx))
8730 if (cstate->linktype != DLT_PFLOG) {
8735 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
8737 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
8756 if (setjmp(cstate->top_ctx))
8759 if (cstate->linktype != DLT_PFLOG) {
8769 /* PF firewall log sub-rule number */
8779 if (setjmp(cstate->top_ctx))
8782 if (cstate->linktype != DLT_PFLOG) {
8802 if (setjmp(cstate->top_ctx))
8805 if (cstate->linktype != DLT_PFLOG) {
8825 if (setjmp(cstate->top_ctx))
8828 if (cstate->linktype != DLT_PFLOG) {
8848 if (setjmp(cstate->top_ctx))
8851 switch (cstate->linktype) {
8861 bpf_error(cstate, "802.11 link-layer types supported only on 802.11");
8877 if (setjmp(cstate->top_ctx))
8880 switch (cstate->linktype) {
8908 if (setjmp(cstate->top_ctx))
8911 switch (cstate->linktype) {
8917 cstate->e = pcap_ether_aton(s);
8918 if (cstate->e == NULL)
8920 b = gen_ahostop(cstate, cstate->e, (int)q.dir);
8921 free(cstate->e);
8922 cstate->e = NULL;
8925 bpf_error(cstate, "ARCnet address used in non-arc expression");
9032 cstate->off_linkpl.constant_part += 4;
9033 cstate->off_linktype.constant_part += 4;
9046 if (!off->is_variable)
9047 off->is_variable = 1;
9048 if (off->reg == -1)
9049 off->reg = alloc_reg(cstate);
9052 s2->s.k = off->reg;
9055 s2->s.k = v;
9058 s2->s.k = off->reg;
9071 /* offset determined at run time, shift variable part */
9073 cstate->is_vlan_vloffset = 1;
9074 gen_vlan_vloffset_add(cstate, &cstate->off_linkpl, 4, &s);
9075 gen_vlan_vloffset_add(cstate, &cstate->off_linktype, 4, &s);
9077 /* we get a pointer to a chain of or-ed blocks, patch first of them */
9078 sappend(s.next, b_tpid->head->stmts);
9079 b_tpid->head->stmts = s.next;
9093 s->s.k = SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT;
9095 /* true -> next instructions, false -> beginning of b_vid */
9097 sjeq->s.k = 1;
9098 sjeq->s.jf = b_vid->stmts;
9102 s2->s.k = SKF_AD_OFF + SKF_AD_VLAN_TAG;
9104 sjeq->s.jt = s2;
9111 for (s2 = b_vid->stmts; s2; s2 = s2->next)
9114 s2->s.k = cnt - 1;
9118 sappend(s, b_vid->stmts);
9119 b_vid->stmts = s;
9140 s->s.k = SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT;
9143 b0->stmts = s;
9144 b0->s.k = 1;
9186 if (setjmp(cstate->top_ctx))
9189 /* can't check for VLAN-encapsulated packets inside MPLS */
9190 if (cstate->label_stack_depth > 0)
9200 * XXX - this is a bit of a kludge. If we were to split the
9214 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than
9215 * checking only for VLAN-encapsulated IP, so that could still
9224 switch (cstate->linktype) {
9232 if (cstate->vlan_stack_depth == 0 && !cstate->off_linkhdr.is_variable &&
9233 cstate->off_linkhdr.constant_part ==
9234 cstate->off_outermostlinkhdr.constant_part) {
9238 if (cstate->bpf_pcap->bpf_codegen_flags & BPF_SPECIAL_VLAN_HANDLING)
9259 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
9263 cstate->vlan_stack_depth++;
9272 * label_num might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
9286 if (setjmp(cstate->top_ctx))
9289 if (cstate->label_stack_depth > 0) {
9290 /* just match the bottom-of-stack bit clear */
9294 * We're not in an MPLS stack yet, so check the link-layer
9297 switch (cstate->linktype) {
9312 * for Frame-Relay/and ATM this may get messy due to SNAP headers
9317 pcap_datalink_val_to_description_or_dlt(cstate->linktype));
9343 * we're checking MPLS-encapsulated headers, to make sure higher
9344 * level code generators don't try to match against IP-related
9347 * XXX - this is a bit of a kludge. See comments in gen_vlan().
9349 cstate->off_nl_nosnap += 4;
9350 cstate->off_nl += 4;
9351 cstate->label_stack_depth++;
9365 if (setjmp(cstate->top_ctx))
9381 if (setjmp(cstate->top_ctx))
9385 * Test against the PPPoE session link-layer type.
9405 * XXX - this is a bit of a kludge. See the comments in
9408 * The "network-layer" protocol is PPPoE, which has a 6-byte
9412 * encapsulated in PPPoES instead), so the link-layer type
9414 * that offset is relative to the beginning of the total
9415 * link-layer payload, including any 802.2 LLC header, so
9416 * it's 6 bytes past cstate->off_nl.
9418 PUSH_LINKHDR(cstate, DLT_PPP, cstate->off_linkpl.is_variable,
9419 cstate->off_linkpl.constant_part + cstate->off_nl + 6, /* 6 bytes past the PPPoE header */
9420 cstate->off_linkpl.reg);
9422 cstate->off_linktype = cstate->off_linkhdr;
9423 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 2;
9425 cstate->off_nl = 0;
9426 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */
9464 * - Verify that this actually is Geneve with the right VNI.
9465 * - Place the IP header length (plus variable link prefix if
9486 b1->stmts = s;
9487 b1->s.k = 0;
9504 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
9507 s1->s.k = 40;
9511 s1->s.k = 0;
9515 s->s.k = 40;
9525 b1->stmts = s;
9526 b1->s.k = 0;
9534 * - The offset of the linktype.
9535 * - The offset of the end of the Geneve header.
9536 * - The offset of the end of the encapsulated MAC header. */
9542 /* First we need to calculate the offset of the Geneve header
9548 s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 8;
9557 s1->s.k = 2;
9560 cstate->off_linktype.reg = alloc_reg(cstate);
9561 cstate->off_linktype.is_variable = 1;
9562 cstate->off_linktype.constant_part = 0;
9565 s1->s.k = cstate->off_linktype.reg;
9572 s1->s.k = 0;
9576 s1->s.k = 0x3f;
9580 s1->s.k = 4;
9583 /* Add in the rest of the Geneve base header. */
9585 s1->s.k = 8;
9588 /* Add the Geneve header length to its offset and store. */
9590 s1->s.k = 0;
9596 * - The linktype field is always in EtherType format regardless
9598 * - The only link layer that we have specific support for is
9604 s1->s.k = cstate->off_linkhdr.reg;
9608 * MPLS/etc. If we have Ethernet, advance the end of the MAC offset
9613 cstate->no_optimize = 1;
9617 s1->s.k = 2;
9622 s1->s.k = cstate->off_linkhdr.reg;
9627 * the non-Ethernet case, it's already there. */
9629 s_proto->s.k = ETHERTYPE_TEB;
9634 s_proto->s.jt = s1;
9639 s1->s.k = 12;
9643 s1->s.k = cstate->off_linktype.reg;
9649 s1->s.k = 2;
9657 cstate->off_linkpl.reg = alloc_reg(cstate);
9658 cstate->off_linkpl.is_variable = 1;
9659 cstate->off_linkpl.constant_part = 0;
9662 s1->s.k = cstate->off_linkpl.reg;
9664 s_proto->s.jf = s1;
9666 cstate->off_nl = 0;
9682 if (setjmp(cstate->top_ctx))
9697 sappend(s, b1->stmts);
9698 b1->stmts = s;
9702 cstate->is_geneve = 1;
9707 /* Check that the encapsulated frame has a link layer header
9715 /* The easiest way to see if there is a link layer present
9716 * is to check if the link layer header and payload are not
9722 s->s.k = cstate->off_linkhdr.reg;
9725 s1->s.k = cstate->off_linkpl.reg;
9729 b0->stmts = s;
9730 b0->s.k = 0;
9745 if (!cstate->is_atm)
9747 if (cstate->off_vpi == OFFSET_NOT_SET)
9749 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_vpi, BPF_B,
9754 if (!cstate->is_atm)
9756 if (cstate->off_vci == OFFSET_NOT_SET)
9758 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_vci, BPF_H,
9763 if (cstate->off_proto == OFFSET_NOT_SET)
9764 abort(); /* XXX - this isn't on FreeBSD */
9765 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_proto, BPF_B,
9770 if (cstate->off_payload == OFFSET_NOT_SET)
9772 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_payload + MSG_TYPE_POS, BPF_B,
9777 if (!cstate->is_atm)
9779 if (cstate->off_proto == OFFSET_NOT_SET)
9781 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_proto, BPF_B,
9819 cstate->linktype = cstate->prevlinktype;
9831 if (setjmp(cstate->top_ctx))
9847 if (setjmp(cstate->top_ctx))
9854 if (!cstate->is_atm)
9861 if (!cstate->is_atm)
9870 if (!cstate->is_atm)
9878 /* Get all cells in End-to-End OAM F4 Circuit*/
9879 if (!cstate->is_atm)
9888 if (!cstate->is_atm)
9895 if (!cstate->is_atm)
9904 if (!cstate->is_atm)
9910 * rather than LLC-encapsulated packets, and set
9911 * the offsets appropriately for LANE-encapsulated
9917 cstate->off_payload + 2, /* Ethernet header */
9918 -1);
9919 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12;
9920 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* Ethernet */
9921 cstate->off_nl = 0; /* Ethernet II */
9922 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */
9926 /* Get all LLC-encapsulated packets */
9927 if (!cstate->is_atm)
9954 if (setjmp(cstate->top_ctx))
9960 if ( (cstate->linktype != DLT_MTP2) &&
9961 (cstate->linktype != DLT_ERF) &&
9962 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
9964 /* gen_ncmp(cstate, offrel, offset, size, mask, jtype, reverse, value) */
9965 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
9970 if ( (cstate->linktype != DLT_MTP2) &&
9971 (cstate->linktype != DLT_ERF) &&
9972 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
9974 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
9976 b1 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
9982 if ( (cstate->linktype != DLT_MTP2) &&
9983 (cstate->linktype != DLT_ERF) &&
9984 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
9986 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
9991 if ( (cstate->linktype != DLT_MTP2) &&
9992 (cstate->linktype != DLT_ERF) &&
9993 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
9995 /* gen_ncmp(cstate, offrel, offset, size, mask, jtype, reverse, value) */
9996 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
10001 if ( (cstate->linktype != DLT_MTP2) &&
10002 (cstate->linktype != DLT_ERF) &&
10003 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
10005 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
10007 b1 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
10013 if ( (cstate->linktype != DLT_MTP2) &&
10014 (cstate->linktype != DLT_ERF) &&
10015 (cstate->linktype != DLT_MTP2_WITH_PHDR) )
10017 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
10029 * jvalue might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
10048 if (setjmp(cstate->top_ctx))
10051 newoff_sio = cstate->off_sio;
10052 newoff_opc = cstate->off_opc;
10053 newoff_dpc = cstate->off_dpc;
10054 newoff_sls = cstate->off_sls;
10058 newoff_sio += 3; /* offset for MTP2_HSL */
10062 if (cstate->off_sio == OFFSET_NOT_SET)
10077 if (cstate->off_opc == OFFSET_NOT_SET)
10101 if (cstate->off_dpc == OFFSET_NOT_SET)
10123 if (cstate->off_sls == OFFSET_NOT_SET)
10192 if (setjmp(cstate->top_ctx))
10198 if (!cstate->is_atm)
10209 if (!cstate->is_atm)
10224 if (!cstate->is_atm)
10242 if (!cstate->is_atm)