1 /* $OpenBSD: gencode.c,v 1.67 2024/09/15 07:14:58 jsg Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/time.h> 27 28 #include <net/if.h> 29 30 #include <netinet/in.h> 31 #include <netinet/if_ether.h> 32 33 #include <net/if_pflog.h> 34 #include <net/pfvar.h> 35 36 #include <netmpls/mpls.h> 37 38 #include <net80211/ieee80211.h> 39 #include <net80211/ieee80211_radiotap.h> 40 41 #include <stdlib.h> 42 #include <stddef.h> 43 #include <setjmp.h> 44 #include <stdarg.h> 45 #include <string.h> 46 47 #include "pcap-int.h" 48 49 #include "ethertype.h" 50 #include "llc.h" 51 #include "gencode.h" 52 #include "ppp.h" 53 #include <pcap-namedb.h> 54 #ifdef INET6 55 #include <netdb.h> 56 #endif /*INET6*/ 57 58 #ifdef HAVE_OS_PROTO_H 59 #include "os-proto.h" 60 #endif 61 62 #define JMP(c) ((c)|BPF_JMP|BPF_K) 63 64 /* Locals */ 65 static jmp_buf top_ctx; 66 static pcap_t *bpf_pcap; 67 68 /* Hack for updating VLAN offsets. */ 69 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 70 static u_int mpls_stack = 0; 71 72 /* XXX */ 73 #ifdef PCAP_FDDIPAD 74 int pcap_fddipad = PCAP_FDDIPAD; 75 #else 76 int pcap_fddipad; 77 #endif 78 79 __dead void 80 bpf_error(const char *fmt, ...) 81 { 82 va_list ap; 83 84 va_start(ap, fmt); 85 if (bpf_pcap != NULL) 86 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 87 fmt, ap); 88 va_end(ap); 89 longjmp(top_ctx, 1); 90 /* NOTREACHED */ 91 } 92 93 static void init_linktype(int); 94 95 static int alloc_reg(void); 96 static void free_reg(int); 97 98 static struct block *root; 99 100 /* initialization code used for variable link header */ 101 static struct slist *init_code = NULL; 102 103 /* Flags and registers for variable link type handling */ 104 static int variable_nl; 105 static int nl_reg, iphl_reg; 106 107 /* 108 * Track memory allocations, for bulk freeing at the end 109 */ 110 #define NMEMBAG 16 111 #define MEMBAG0SIZE (4096 / sizeof (void *)) 112 struct membag { 113 u_int total; 114 u_int slot; 115 void **ptrs; /* allocated array[total] to each malloc */ 116 }; 117 118 static struct membag membag[NMEMBAG]; 119 static int cur_membag; 120 121 static void *newchunk(size_t); 122 static void freechunks(void); 123 static __inline struct block *new_block(int); 124 static __inline struct slist *new_stmt(int); 125 static struct block *gen_retblk(int); 126 static __inline void syntax(void); 127 128 static void backpatch(struct block *, struct block *); 129 static void merge(struct block *, struct block *); 130 static struct block *gen_cmp(u_int, u_int, bpf_int32); 131 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 132 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 134 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 135 static struct block *gen_bcmp(u_int, u_int, const u_char *); 136 static struct block *gen_uncond(int); 137 static __inline struct block *gen_true(void); 138 static __inline struct block *gen_false(void); 139 static struct block *gen_linktype(int); 140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 141 #ifdef INET6 142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 143 #endif 144 static struct block *gen_ehostop(const u_char *, int); 145 static struct block *gen_fhostop(const u_char *, int); 146 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 147 static struct block *gen_p80211_hostop(const u_char *, int); 148 static struct block *gen_p80211_addr(int, u_int, const u_char *); 149 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 150 #ifdef INET6 151 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 152 #endif 153 #ifndef INET6 154 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 155 #endif 156 static struct block *gen_ipfrag(void); 157 static struct block *gen_portatom(int, bpf_int32); 158 #ifdef INET6 159 static struct block *gen_portatom6(int, bpf_int32); 160 #endif 161 struct block *gen_portop(int, int, int); 162 static struct block *gen_port(int, int, int); 163 #ifdef INET6 164 struct block *gen_portop6(int, int, int); 165 static struct block *gen_port6(int, int, int); 166 #endif 167 static int lookup_proto(const char *, int); 168 static struct block *gen_protochain(int, int, int); 169 static struct block *gen_proto(int, int, int); 170 static struct slist *xfer_to_x(struct arth *); 171 static struct slist *xfer_to_a(struct arth *); 172 static struct block *gen_len(int, int); 173 174 static void * 175 newchunk(size_t n) 176 { 177 struct membag *m; 178 void *p; 179 180 m = &membag[cur_membag]; 181 if (m->total != 0 && m->total - m->slot == 0) { 182 if (++cur_membag == NMEMBAG) 183 bpf_error("out of memory"); 184 m = &membag[cur_membag]; 185 } 186 if (m->total - m->slot == 0) { 187 m->ptrs = calloc(sizeof (char *), MEMBAG0SIZE << cur_membag); 188 if (m->ptrs == NULL) 189 bpf_error("out of memory"); 190 m->total = MEMBAG0SIZE << cur_membag; 191 m->slot = 0; 192 } 193 194 p = calloc(1, n); 195 if (p == NULL) 196 bpf_error("out of memory"); 197 m->ptrs[m->slot++] = p; 198 return (p); 199 } 200 201 static void 202 freechunks(void) 203 { 204 int i, j; 205 206 for (i = 0; i <= cur_membag; i++) { 207 if (membag[i].ptrs == NULL) 208 continue; 209 for (j = 0; j < membag[i].slot; j++) 210 free(membag[i].ptrs[j]); 211 free(membag[i].ptrs); 212 membag[i].ptrs = NULL; 213 membag[i].slot = membag[i].total = 0; 214 } 215 cur_membag = 0; 216 } 217 218 /* 219 * A strdup whose allocations are freed after code generation is over. 220 */ 221 char * 222 sdup(const char *s) 223 { 224 int n = strlen(s) + 1; 225 char *cp = newchunk(n); 226 227 strlcpy(cp, s, n); 228 return (cp); 229 } 230 231 static __inline struct block * 232 new_block(int code) 233 { 234 struct block *p; 235 236 p = (struct block *)newchunk(sizeof(*p)); 237 p->s.code = code; 238 p->head = p; 239 240 return p; 241 } 242 243 static __inline struct slist * 244 new_stmt(int code) 245 { 246 struct slist *p; 247 248 p = (struct slist *)newchunk(sizeof(*p)); 249 p->s.code = code; 250 251 return p; 252 } 253 254 static struct block * 255 gen_retblk(int v) 256 { 257 struct block *b = new_block(BPF_RET|BPF_K); 258 259 b->s.k = v; 260 return b; 261 } 262 263 static __inline void 264 syntax(void) 265 { 266 bpf_error("syntax error in filter expression"); 267 } 268 269 static bpf_u_int32 netmask; 270 static int snaplen; 271 int no_optimize; 272 273 int 274 pcap_compile(pcap_t *p, struct bpf_program *program, 275 const char *buf, int optimize, bpf_u_int32 mask) 276 { 277 extern int n_errors; 278 int len; 279 280 no_optimize = 0; 281 n_errors = 0; 282 root = NULL; 283 bpf_pcap = p; 284 if (setjmp(top_ctx)) { 285 freechunks(); 286 return (-1); 287 } 288 289 netmask = mask; 290 snaplen = pcap_snapshot(p); 291 292 lex_init(buf ? buf : ""); 293 init_linktype(pcap_datalink(p)); 294 (void)pcap_parse(); 295 296 if (n_errors) 297 syntax(); 298 299 if (root == NULL) 300 root = gen_retblk(snaplen); 301 302 if (optimize && !no_optimize) { 303 bpf_optimize(&root); 304 if (root == NULL || 305 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 306 bpf_error("expression rejects all packets"); 307 } 308 program->bf_insns = icode_to_fcode(root, &len); 309 program->bf_len = len; 310 311 freechunks(); 312 return (0); 313 } 314 315 /* 316 * entry point for using the compiler with no pcap open 317 * pass in all the stuff that is needed explicitly instead. 318 */ 319 int 320 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 321 struct bpf_program *program, 322 const char *buf, int optimize, bpf_u_int32 mask) 323 { 324 extern int n_errors; 325 int len; 326 327 n_errors = 0; 328 root = NULL; 329 bpf_pcap = NULL; 330 if (setjmp(top_ctx)) { 331 freechunks(); 332 return (-1); 333 } 334 335 netmask = mask; 336 337 /* XXX needed? I don't grok the use of globals here. */ 338 snaplen = snaplen_arg; 339 340 lex_init(buf ? buf : ""); 341 init_linktype(linktype_arg); 342 (void)pcap_parse(); 343 344 if (n_errors) 345 syntax(); 346 347 if (root == NULL) 348 root = gen_retblk(snaplen_arg); 349 350 if (optimize) { 351 bpf_optimize(&root); 352 if (root == NULL || 353 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 354 bpf_error("expression rejects all packets"); 355 } 356 program->bf_insns = icode_to_fcode(root, &len); 357 program->bf_len = len; 358 359 freechunks(); 360 return (0); 361 } 362 363 /* 364 * Clean up a "struct bpf_program" by freeing all the memory allocated 365 * in it. 366 */ 367 void 368 pcap_freecode(struct bpf_program *program) 369 { 370 program->bf_len = 0; 371 if (program->bf_insns != NULL) { 372 free((char *)program->bf_insns); 373 program->bf_insns = NULL; 374 } 375 } 376 377 /* 378 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 379 * which of the jt and jf fields has been resolved and which is a pointer 380 * back to another unresolved block (or nil). At least one of the fields 381 * in each block is already resolved. 382 */ 383 static void 384 backpatch(struct block *list, struct block *target) 385 { 386 struct block *next; 387 388 while (list) { 389 if (!list->sense) { 390 next = JT(list); 391 JT(list) = target; 392 } else { 393 next = JF(list); 394 JF(list) = target; 395 } 396 list = next; 397 } 398 } 399 400 /* 401 * Merge the lists in b0 and b1, using the 'sense' field to indicate 402 * which of jt and jf is the link. 403 */ 404 static void 405 merge(struct block *b0, struct block *b1) 406 { 407 struct block **p = &b0; 408 409 /* Find end of list. */ 410 while (*p) 411 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 412 413 /* Concatenate the lists. */ 414 *p = b1; 415 } 416 417 void 418 finish_parse(struct block *p) 419 { 420 backpatch(p, gen_retblk(snaplen)); 421 p->sense = !p->sense; 422 backpatch(p, gen_retblk(0)); 423 root = p->head; 424 425 /* prepend initialization code to root */ 426 if (init_code != NULL && root != NULL) { 427 sappend(init_code, root->stmts); 428 root->stmts = init_code; 429 init_code = NULL; 430 } 431 432 if (iphl_reg != -1) { 433 free_reg(iphl_reg); 434 iphl_reg = -1; 435 } 436 if (nl_reg != -1) { 437 free_reg(nl_reg); 438 nl_reg = -1; 439 } 440 } 441 442 void 443 gen_and(struct block *b0, struct block *b1) 444 { 445 backpatch(b0, b1->head); 446 b0->sense = !b0->sense; 447 b1->sense = !b1->sense; 448 merge(b1, b0); 449 b1->sense = !b1->sense; 450 b1->head = b0->head; 451 } 452 453 void 454 gen_or(struct block *b0, struct block *b1) 455 { 456 b0->sense = !b0->sense; 457 backpatch(b0, b1->head); 458 b0->sense = !b0->sense; 459 merge(b1, b0); 460 b1->head = b0->head; 461 } 462 463 void 464 gen_not(struct block *b) 465 { 466 b->sense = !b->sense; 467 } 468 469 static struct block * 470 gen_cmp(u_int offset, u_int size, bpf_int32 v) 471 { 472 struct slist *s; 473 struct block *b; 474 475 s = new_stmt(BPF_LD|BPF_ABS|size); 476 s->s.k = offset; 477 478 b = new_block(JMP(BPF_JEQ)); 479 b->stmts = s; 480 b->s.k = v; 481 482 return b; 483 } 484 485 static struct block * 486 gen_cmp_gt(u_int offset, u_int size, bpf_int32 v) 487 { 488 struct slist *s; 489 struct block *b; 490 491 s = new_stmt(BPF_LD|BPF_ABS|size); 492 s->s.k = offset; 493 494 b = new_block(JMP(BPF_JGT)); 495 b->stmts = s; 496 b->s.k = v; 497 498 return b; 499 } 500 501 static struct block * 502 gen_mcmp(u_int offset, u_int size, bpf_int32 v, bpf_u_int32 mask) 503 { 504 struct block *b = gen_cmp(offset, size, v); 505 struct slist *s; 506 507 if (mask != 0xffffffff) { 508 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 509 s->s.k = mask; 510 sappend(b->stmts, s); 511 } 512 return b; 513 } 514 515 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 516 static struct block * 517 gen_mcmp_nl(u_int offset, u_int size, bpf_int32 v, bpf_u_int32 mask) 518 { 519 struct block *b = gen_cmp_nl(offset, size, v); 520 struct slist *s; 521 522 if (mask != 0xffffffff) { 523 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 524 s->s.k = mask; 525 sappend(b->stmts, s); 526 } 527 return b; 528 } 529 530 static struct block * 531 gen_bcmp(u_int offset, u_int size, const u_char *v) 532 { 533 struct block *b, *tmp; 534 535 b = NULL; 536 while (size >= 4) { 537 const u_char *p = &v[size - 4]; 538 bpf_int32 w = ((bpf_int32)p[0] << 24) | 539 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 540 541 tmp = gen_cmp(offset + size - 4, BPF_W, w); 542 if (b != NULL) 543 gen_and(b, tmp); 544 b = tmp; 545 size -= 4; 546 } 547 while (size >= 2) { 548 const u_char *p = &v[size - 2]; 549 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 550 551 tmp = gen_cmp(offset + size - 2, BPF_H, w); 552 if (b != NULL) 553 gen_and(b, tmp); 554 b = tmp; 555 size -= 2; 556 } 557 if (size > 0) { 558 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 559 if (b != NULL) 560 gen_and(b, tmp); 561 b = tmp; 562 } 563 return b; 564 } 565 566 /* 567 * Various code constructs need to know the layout of the data link 568 * layer. These variables give the necessary offsets. off_linktype 569 * is set to -1 for no encapsulation, in which case, IP is assumed. 570 */ 571 static u_int off_linktype; 572 static u_int off_nl; 573 static u_int off_nl_nosnap; 574 575 static int linktype; 576 577 /* Generate code to load the dynamic 'off_nl' to the X register */ 578 static struct slist * 579 nl2X_stmt(void) 580 { 581 struct slist *s, *tmp; 582 583 if (nl_reg == -1) { 584 switch (linktype) { 585 case DLT_PFLOG: 586 /* The pflog header contains PFLOG_REAL_HDRLEN 587 which does NOT include the padding. Round 588 up to the nearest dword boundary */ 589 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 590 s->s.k = 0; 591 592 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 593 tmp->s.k = 3; 594 sappend(s, tmp); 595 596 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 597 tmp->s.k = 0xfc; 598 sappend(s, tmp); 599 600 nl_reg = alloc_reg(); 601 tmp = new_stmt(BPF_ST); 602 tmp->s.k = nl_reg; 603 sappend(s, tmp); 604 605 break; 606 default: 607 bpf_error("Unknown header size for link type 0x%x", 608 linktype); 609 } 610 611 if (init_code == NULL) 612 init_code = s; 613 else 614 sappend(init_code, s); 615 } 616 617 s = new_stmt(BPF_LDX|BPF_MEM); 618 s->s.k = nl_reg; 619 620 return s; 621 } 622 623 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 624 static struct block * 625 gen_cmp_nl(u_int offset, u_int size, bpf_int32 v) 626 { 627 struct slist *s, *tmp; 628 struct block *b; 629 630 if (variable_nl) { 631 s = nl2X_stmt(); 632 tmp = new_stmt(BPF_LD|BPF_IND|size); 633 tmp->s.k = offset; 634 sappend(s, tmp); 635 } else { 636 s = new_stmt(BPF_LD|BPF_ABS|size); 637 s->s.k = offset + off_nl; 638 } 639 b = new_block(JMP(BPF_JEQ)); 640 b->stmts = s; 641 b->s.k = v; 642 643 return b; 644 } 645 646 static void 647 init_linktype(int type) 648 { 649 linktype = type; 650 init_code = NULL; 651 nl_reg = iphl_reg = -1; 652 653 switch (type) { 654 655 case DLT_EN10MB: 656 off_linktype = 12; 657 off_nl = 14; 658 return; 659 660 case DLT_SLIP: 661 /* 662 * SLIP doesn't have a link level type. The 16 byte 663 * header is hacked into our SLIP driver. 664 */ 665 off_linktype = -1; 666 off_nl = 16; 667 return; 668 669 case DLT_SLIP_BSDOS: 670 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 671 off_linktype = -1; 672 /* XXX end */ 673 off_nl = 24; 674 return; 675 676 case DLT_NULL: 677 off_linktype = 0; 678 off_nl = 4; 679 return; 680 681 case DLT_PPP: 682 off_linktype = 2; 683 off_nl = 4; 684 return; 685 686 case DLT_PPP_SERIAL: 687 off_linktype = -1; 688 off_nl = 2; 689 return; 690 691 case DLT_PPP_ETHER: 692 /* 693 * This does not include the Ethernet header, and 694 * only covers session state. 695 */ 696 off_linktype = 6; 697 off_nl = 8; 698 return; 699 700 case DLT_PPP_BSDOS: 701 off_linktype = 5; 702 off_nl = 24; 703 return; 704 705 case DLT_FDDI: 706 /* 707 * FDDI doesn't really have a link-level type field. 708 * We assume that SSAP = SNAP is being used and pick 709 * out the encapsulated Ethernet type. 710 */ 711 off_linktype = 19; 712 #ifdef PCAP_FDDIPAD 713 off_linktype += pcap_fddipad; 714 #endif 715 off_nl = 21; 716 #ifdef PCAP_FDDIPAD 717 off_nl += pcap_fddipad; 718 #endif 719 return; 720 721 case DLT_IEEE802: 722 off_linktype = 20; 723 off_nl = 22; 724 return; 725 726 case DLT_IEEE802_11: 727 off_linktype = 30; /* XXX variable */ 728 off_nl = 32; 729 return; 730 731 case DLT_IEEE802_11_RADIO: /* XXX variable */ 732 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 733 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 734 return; 735 736 case DLT_ATM_RFC1483: 737 /* 738 * assume routed, non-ISO PDUs 739 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 740 */ 741 off_linktype = 6; 742 off_nl = 8; 743 return; 744 745 case DLT_LOOP: 746 off_linktype = 0; 747 off_nl = 4; 748 return; 749 750 case DLT_ENC: 751 off_linktype = -1; 752 off_nl = 12; 753 return; 754 755 case DLT_PFLOG: 756 off_linktype = 0; 757 variable_nl = 1; 758 off_nl = 0; 759 return; 760 761 case DLT_PFSYNC: 762 off_linktype = -1; 763 off_nl = 4; 764 return; 765 766 case DLT_OPENFLOW: 767 off_linktype = -1; 768 off_nl = 12; 769 return; 770 771 case DLT_USBPCAP: 772 /* FALLTHROUGH */ 773 case DLT_RAW: 774 off_linktype = -1; 775 off_nl = 0; 776 return; 777 } 778 bpf_error("unknown data link type 0x%x", linktype); 779 /* NOTREACHED */ 780 } 781 782 static struct block * 783 gen_uncond(int rsense) 784 { 785 struct block *b; 786 struct slist *s; 787 788 s = new_stmt(BPF_LD|BPF_IMM); 789 s->s.k = !rsense; 790 b = new_block(JMP(BPF_JEQ)); 791 b->stmts = s; 792 793 return b; 794 } 795 796 static __inline struct block * 797 gen_true(void) 798 { 799 return gen_uncond(1); 800 } 801 802 static __inline struct block * 803 gen_false(void) 804 { 805 return gen_uncond(0); 806 } 807 808 static struct block * 809 gen_linktype(int proto) 810 { 811 struct block *b0, *b1; 812 813 /* If we're not using encapsulation and checking for IP, we're done */ 814 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP) 815 return gen_true(); 816 #ifdef INET6 817 /* this isn't the right thing to do, but sometimes necessary */ 818 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6) 819 return gen_true(); 820 #endif 821 822 switch (linktype) { 823 824 case DLT_EN10MB: 825 if (proto <= ETHERMTU) { 826 /* This is an LLC SAP value */ 827 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 828 gen_not(b0); 829 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 830 gen_and(b0, b1); 831 return b1; 832 } else { 833 /* This is an Ethernet type */ 834 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 835 } 836 break; 837 838 case DLT_SLIP: 839 return gen_false(); 840 841 case DLT_PPP: 842 case DLT_PPP_ETHER: 843 if (proto == ETHERTYPE_IP) 844 proto = PPP_IP; /* XXX was 0x21 */ 845 #ifdef INET6 846 else if (proto == ETHERTYPE_IPV6) 847 proto = PPP_IPV6; 848 #endif 849 break; 850 851 case DLT_PPP_BSDOS: 852 switch (proto) { 853 854 case ETHERTYPE_IP: 855 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 856 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 857 gen_or(b0, b1); 858 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 859 gen_or(b1, b0); 860 return b0; 861 862 #ifdef INET6 863 case ETHERTYPE_IPV6: 864 proto = PPP_IPV6; 865 /* more to go? */ 866 break; 867 #endif /* INET6 */ 868 869 case ETHERTYPE_DN: 870 proto = PPP_DECNET; 871 break; 872 873 case ETHERTYPE_ATALK: 874 proto = PPP_APPLE; 875 break; 876 877 case ETHERTYPE_NS: 878 proto = PPP_NS; 879 break; 880 } 881 break; 882 883 case DLT_LOOP: 884 case DLT_ENC: 885 case DLT_NULL: 886 { 887 int v; 888 889 if (proto == ETHERTYPE_IP) 890 v = AF_INET; 891 #ifdef INET6 892 else if (proto == ETHERTYPE_IPV6) 893 v = AF_INET6; 894 #endif /* INET6 */ 895 else 896 return gen_false(); 897 898 /* 899 * For DLT_NULL, the link-layer header is a 32-bit word 900 * containing an AF_ value in *host* byte order, and for 901 * DLT_ENC, the link-layer header begins with a 32-bit 902 * word containing an AF_ value in host byte order. 903 * 904 * For DLT_LOOP, the link-layer header is a 32-bit 905 * word containing an AF_ value in *network* byte order. 906 */ 907 if (linktype != DLT_LOOP) 908 v = htonl(v); 909 910 return (gen_cmp(0, BPF_W, (bpf_int32)v)); 911 break; 912 } 913 case DLT_PFLOG: 914 if (proto == ETHERTYPE_IP) 915 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 916 (bpf_int32)AF_INET)); 917 #ifdef INET6 918 else if (proto == ETHERTYPE_IPV6) 919 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 920 (bpf_int32)AF_INET6)); 921 #endif /* INET6 */ 922 else 923 return gen_false(); 924 break; 925 926 } 927 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 928 } 929 930 static struct block * 931 gen_hostop(bpf_u_int32 addr, bpf_u_int32 mask, int dir, int proto, 932 u_int src_off, u_int dst_off) 933 { 934 struct block *b0, *b1; 935 u_int offset; 936 937 switch (dir) { 938 939 case Q_SRC: 940 offset = src_off; 941 break; 942 943 case Q_DST: 944 offset = dst_off; 945 break; 946 947 case Q_AND: 948 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 949 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 950 gen_and(b0, b1); 951 return b1; 952 953 case Q_OR: 954 case Q_DEFAULT: 955 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 956 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 957 gen_or(b0, b1); 958 return b1; 959 960 default: 961 bpf_error("direction not supported on linktype 0x%x", 962 linktype); 963 } 964 b0 = gen_linktype(proto); 965 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 966 gen_and(b0, b1); 967 return b1; 968 } 969 970 #ifdef INET6 971 static struct block * 972 gen_hostop6(struct in6_addr *addr, struct in6_addr *mask, int dir, int proto, 973 u_int src_off, u_int dst_off) 974 { 975 struct block *b0, *b1; 976 u_int offset; 977 u_int32_t *a, *m; 978 979 switch (dir) { 980 981 case Q_SRC: 982 offset = src_off; 983 break; 984 985 case Q_DST: 986 offset = dst_off; 987 break; 988 989 case Q_AND: 990 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 991 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 992 gen_and(b0, b1); 993 return b1; 994 995 case Q_OR: 996 case Q_DEFAULT: 997 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 998 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 999 gen_or(b0, b1); 1000 return b1; 1001 1002 default: 1003 bpf_error("direction not supported on linktype 0x%x", 1004 linktype); 1005 } 1006 /* this order is important */ 1007 a = (u_int32_t *)addr; 1008 m = (u_int32_t *)mask; 1009 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1010 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1011 gen_and(b0, b1); 1012 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1013 gen_and(b0, b1); 1014 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1015 gen_and(b0, b1); 1016 b0 = gen_linktype(proto); 1017 gen_and(b0, b1); 1018 return b1; 1019 } 1020 #endif /*INET6*/ 1021 1022 static struct block * 1023 gen_ehostop(const u_char *eaddr, int dir) 1024 { 1025 struct block *b0, *b1; 1026 1027 switch (dir) { 1028 case Q_SRC: 1029 return gen_bcmp(6, 6, eaddr); 1030 1031 case Q_DST: 1032 return gen_bcmp(0, 6, eaddr); 1033 1034 case Q_AND: 1035 b0 = gen_ehostop(eaddr, Q_SRC); 1036 b1 = gen_ehostop(eaddr, Q_DST); 1037 gen_and(b0, b1); 1038 return b1; 1039 1040 case Q_DEFAULT: 1041 case Q_OR: 1042 b0 = gen_ehostop(eaddr, Q_SRC); 1043 b1 = gen_ehostop(eaddr, Q_DST); 1044 gen_or(b0, b1); 1045 return b1; 1046 default: 1047 bpf_error("direction not supported on linktype 0x%x", 1048 linktype); 1049 } 1050 /* NOTREACHED */ 1051 } 1052 1053 /* 1054 * Like gen_ehostop, but for DLT_FDDI 1055 */ 1056 static struct block * 1057 gen_fhostop(const u_char *eaddr, int dir) 1058 { 1059 struct block *b0, *b1; 1060 1061 switch (dir) { 1062 case Q_SRC: 1063 #ifdef PCAP_FDDIPAD 1064 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1065 #else 1066 return gen_bcmp(6 + 1, 6, eaddr); 1067 #endif 1068 1069 case Q_DST: 1070 #ifdef PCAP_FDDIPAD 1071 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1072 #else 1073 return gen_bcmp(0 + 1, 6, eaddr); 1074 #endif 1075 1076 case Q_AND: 1077 b0 = gen_fhostop(eaddr, Q_SRC); 1078 b1 = gen_fhostop(eaddr, Q_DST); 1079 gen_and(b0, b1); 1080 return b1; 1081 1082 case Q_DEFAULT: 1083 case Q_OR: 1084 b0 = gen_fhostop(eaddr, Q_SRC); 1085 b1 = gen_fhostop(eaddr, Q_DST); 1086 gen_or(b0, b1); 1087 return b1; 1088 default: 1089 bpf_error("direction not supported on linktype 0x%x", 1090 linktype); 1091 } 1092 /* NOTREACHED */ 1093 } 1094 1095 /* 1096 * This is quite tricky because there may be pad bytes in front of the 1097 * DECNET header, and then there are two possible data packet formats that 1098 * carry both src and dst addresses, plus 5 packet types in a format that 1099 * carries only the src node, plus 2 types that use a different format and 1100 * also carry just the src node. 1101 * 1102 * Yuck. 1103 * 1104 * Instead of doing those all right, we just look for data packets with 1105 * 0 or 1 bytes of padding. If you want to look at other packets, that 1106 * will require a lot more hacking. 1107 * 1108 * To add support for filtering on DECNET "areas" (network numbers) 1109 * one would want to add a "mask" argument to this routine. That would 1110 * make the filter even more inefficient, although one could be clever 1111 * and not generate masking instructions if the mask is 0xFFFF. 1112 */ 1113 static struct block * 1114 gen_dnhostop(bpf_u_int32 addr, int dir, u_int base_off) 1115 { 1116 struct block *b0, *b1, *b2, *tmp; 1117 u_int offset_lh; /* offset if long header is received */ 1118 u_int offset_sh; /* offset if short header is received */ 1119 1120 switch (dir) { 1121 1122 case Q_DST: 1123 offset_sh = 1; /* follows flags */ 1124 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1125 break; 1126 1127 case Q_SRC: 1128 offset_sh = 3; /* follows flags, dstnode */ 1129 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1130 break; 1131 1132 case Q_AND: 1133 /* Inefficient because we do our Calvinball dance twice */ 1134 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1135 b1 = gen_dnhostop(addr, Q_DST, base_off); 1136 gen_and(b0, b1); 1137 return b1; 1138 1139 case Q_OR: 1140 case Q_DEFAULT: 1141 /* Inefficient because we do our Calvinball dance twice */ 1142 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1143 b1 = gen_dnhostop(addr, Q_DST, base_off); 1144 gen_or(b0, b1); 1145 return b1; 1146 1147 default: 1148 bpf_error("direction not supported on linktype 0x%x", 1149 linktype); 1150 } 1151 b0 = gen_linktype(ETHERTYPE_DN); 1152 /* Check for pad = 1, long header case */ 1153 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1154 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1155 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1156 BPF_H, (bpf_int32)ntohs(addr)); 1157 gen_and(tmp, b1); 1158 /* Check for pad = 0, long header case */ 1159 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1160 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1161 gen_and(tmp, b2); 1162 gen_or(b2, b1); 1163 /* Check for pad = 1, short header case */ 1164 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1165 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1166 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1167 BPF_H, (bpf_int32)ntohs(addr)); 1168 gen_and(tmp, b2); 1169 gen_or(b2, b1); 1170 /* Check for pad = 0, short header case */ 1171 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1172 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1173 gen_and(tmp, b2); 1174 gen_or(b2, b1); 1175 1176 /* Combine with test for linktype */ 1177 gen_and(b0, b1); 1178 return b1; 1179 } 1180 1181 static struct block * 1182 gen_host(bpf_u_int32 addr, bpf_u_int32 mask, int proto, int dir) 1183 { 1184 struct block *b0, *b1; 1185 1186 switch (proto) { 1187 1188 case Q_DEFAULT: 1189 b0 = gen_host(addr, mask, Q_IP, dir); 1190 b1 = gen_host(addr, mask, Q_ARP, dir); 1191 gen_or(b0, b1); 1192 b0 = gen_host(addr, mask, Q_RARP, dir); 1193 gen_or(b1, b0); 1194 return b0; 1195 1196 case Q_IP: 1197 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1198 12, 16); 1199 1200 case Q_RARP: 1201 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1202 14, 24); 1203 1204 case Q_ARP: 1205 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1206 14, 24); 1207 1208 case Q_TCP: 1209 bpf_error("'tcp' modifier applied to host"); 1210 1211 case Q_UDP: 1212 bpf_error("'udp' modifier applied to host"); 1213 1214 case Q_ICMP: 1215 bpf_error("'icmp' modifier applied to host"); 1216 1217 case Q_IGMP: 1218 bpf_error("'igmp' modifier applied to host"); 1219 1220 case Q_IGRP: 1221 bpf_error("'igrp' modifier applied to host"); 1222 1223 case Q_PIM: 1224 bpf_error("'pim' modifier applied to host"); 1225 1226 case Q_STP: 1227 bpf_error("'stp' modifier applied to host"); 1228 1229 case Q_ATALK: 1230 bpf_error("ATALK host filtering not implemented"); 1231 1232 case Q_DECNET: 1233 return gen_dnhostop(addr, dir, 0); 1234 1235 case Q_SCA: 1236 bpf_error("SCA host filtering not implemented"); 1237 1238 case Q_LAT: 1239 bpf_error("LAT host filtering not implemented"); 1240 1241 case Q_MOPDL: 1242 bpf_error("MOPDL host filtering not implemented"); 1243 1244 case Q_MOPRC: 1245 bpf_error("MOPRC host filtering not implemented"); 1246 1247 #ifdef INET6 1248 case Q_IPV6: 1249 bpf_error("'ip6' modifier applied to ip host"); 1250 1251 case Q_ICMPV6: 1252 bpf_error("'icmp6' modifier applied to host"); 1253 #endif /* INET6 */ 1254 1255 case Q_AH: 1256 bpf_error("'ah' modifier applied to host"); 1257 1258 case Q_ESP: 1259 bpf_error("'esp' modifier applied to host"); 1260 1261 default: 1262 bpf_error("direction not supported on linktype 0x%x", 1263 linktype); 1264 } 1265 /* NOTREACHED */ 1266 } 1267 1268 #ifdef INET6 1269 static struct block * 1270 gen_host6(struct in6_addr *addr, struct in6_addr *mask, int proto, int dir) 1271 { 1272 switch (proto) { 1273 1274 case Q_DEFAULT: 1275 return gen_host6(addr, mask, Q_IPV6, dir); 1276 1277 case Q_IP: 1278 bpf_error("'ip' modifier applied to ip6 host"); 1279 1280 case Q_RARP: 1281 bpf_error("'rarp' modifier applied to ip6 host"); 1282 1283 case Q_ARP: 1284 bpf_error("'arp' modifier applied to ip6 host"); 1285 1286 case Q_TCP: 1287 bpf_error("'tcp' modifier applied to host"); 1288 1289 case Q_UDP: 1290 bpf_error("'udp' modifier applied to host"); 1291 1292 case Q_ICMP: 1293 bpf_error("'icmp' modifier applied to host"); 1294 1295 case Q_IGMP: 1296 bpf_error("'igmp' modifier applied to host"); 1297 1298 case Q_IGRP: 1299 bpf_error("'igrp' modifier applied to host"); 1300 1301 case Q_PIM: 1302 bpf_error("'pim' modifier applied to host"); 1303 1304 case Q_STP: 1305 bpf_error("'stp' modifier applied to host"); 1306 1307 case Q_ATALK: 1308 bpf_error("ATALK host filtering not implemented"); 1309 1310 case Q_DECNET: 1311 bpf_error("'decnet' modifier applied to ip6 host"); 1312 1313 case Q_SCA: 1314 bpf_error("SCA host filtering not implemented"); 1315 1316 case Q_LAT: 1317 bpf_error("LAT host filtering not implemented"); 1318 1319 case Q_MOPDL: 1320 bpf_error("MOPDL host filtering not implemented"); 1321 1322 case Q_MOPRC: 1323 bpf_error("MOPRC host filtering not implemented"); 1324 1325 case Q_IPV6: 1326 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1327 8, 24); 1328 1329 case Q_ICMPV6: 1330 bpf_error("'icmp6' modifier applied to host"); 1331 1332 case Q_AH: 1333 bpf_error("'ah' modifier applied to host"); 1334 1335 case Q_ESP: 1336 bpf_error("'esp' modifier applied to host"); 1337 1338 default: 1339 abort(); 1340 } 1341 /* NOTREACHED */ 1342 } 1343 #endif /*INET6*/ 1344 1345 #ifndef INET6 1346 static struct block * 1347 gen_gateway(const u_char *eaddr, bpf_u_int32 **alist, int proto, int dir) 1348 { 1349 struct block *b0, *b1, *tmp; 1350 1351 if (dir != 0) 1352 bpf_error("direction applied to 'gateway'"); 1353 1354 switch (proto) { 1355 case Q_DEFAULT: 1356 case Q_IP: 1357 case Q_ARP: 1358 case Q_RARP: 1359 if (linktype == DLT_EN10MB) 1360 b0 = gen_ehostop(eaddr, Q_OR); 1361 else if (linktype == DLT_FDDI) 1362 b0 = gen_fhostop(eaddr, Q_OR); 1363 else 1364 bpf_error( 1365 "'gateway' supported only on ethernet or FDDI"); 1366 1367 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1368 while (*alist) { 1369 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1370 gen_or(b1, tmp); 1371 b1 = tmp; 1372 } 1373 gen_not(b1); 1374 gen_and(b0, b1); 1375 return b1; 1376 } 1377 bpf_error("illegal modifier of 'gateway'"); 1378 /* NOTREACHED */ 1379 } 1380 #endif /*INET6*/ 1381 1382 struct block * 1383 gen_proto_abbrev(int proto) 1384 { 1385 struct block *b0 = NULL, *b1; 1386 1387 switch (proto) { 1388 1389 case Q_TCP: 1390 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1391 #ifdef INET6 1392 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1393 gen_or(b0, b1); 1394 #endif 1395 break; 1396 1397 case Q_UDP: 1398 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1399 #ifdef INET6 1400 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1401 gen_or(b0, b1); 1402 #endif 1403 break; 1404 1405 case Q_ICMP: 1406 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1407 break; 1408 1409 #ifndef IPPROTO_IGMP 1410 #define IPPROTO_IGMP 2 1411 #endif 1412 1413 case Q_IGMP: 1414 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1415 break; 1416 1417 #ifndef IPPROTO_IGRP 1418 #define IPPROTO_IGRP 9 1419 #endif 1420 case Q_IGRP: 1421 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1422 break; 1423 1424 #ifndef IPPROTO_PIM 1425 #define IPPROTO_PIM 103 1426 #endif 1427 1428 case Q_PIM: 1429 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1430 #ifdef INET6 1431 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1432 gen_or(b0, b1); 1433 #endif 1434 break; 1435 1436 case Q_IP: 1437 b1 = gen_linktype(ETHERTYPE_IP); 1438 break; 1439 1440 case Q_ARP: 1441 b1 = gen_linktype(ETHERTYPE_ARP); 1442 break; 1443 1444 case Q_RARP: 1445 b1 = gen_linktype(ETHERTYPE_REVARP); 1446 break; 1447 1448 case Q_LINK: 1449 bpf_error("link layer applied in wrong context"); 1450 1451 case Q_ATALK: 1452 b1 = gen_linktype(ETHERTYPE_ATALK); 1453 break; 1454 1455 case Q_DECNET: 1456 b1 = gen_linktype(ETHERTYPE_DN); 1457 break; 1458 1459 case Q_SCA: 1460 b1 = gen_linktype(ETHERTYPE_SCA); 1461 break; 1462 1463 case Q_LAT: 1464 b1 = gen_linktype(ETHERTYPE_LAT); 1465 break; 1466 1467 case Q_MOPDL: 1468 b1 = gen_linktype(ETHERTYPE_MOPDL); 1469 break; 1470 1471 case Q_MOPRC: 1472 b1 = gen_linktype(ETHERTYPE_MOPRC); 1473 break; 1474 1475 case Q_STP: 1476 b1 = gen_linktype(LLCSAP_8021D); 1477 break; 1478 1479 #ifdef INET6 1480 case Q_IPV6: 1481 b1 = gen_linktype(ETHERTYPE_IPV6); 1482 break; 1483 1484 #ifndef IPPROTO_ICMPV6 1485 #define IPPROTO_ICMPV6 58 1486 #endif 1487 case Q_ICMPV6: 1488 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1489 break; 1490 #endif /* INET6 */ 1491 1492 #ifndef IPPROTO_AH 1493 #define IPPROTO_AH 51 1494 #endif 1495 case Q_AH: 1496 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1497 #ifdef INET6 1498 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1499 gen_or(b0, b1); 1500 #endif 1501 break; 1502 1503 #ifndef IPPROTO_ESP 1504 #define IPPROTO_ESP 50 1505 #endif 1506 case Q_ESP: 1507 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1508 #ifdef INET6 1509 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1510 gen_or(b0, b1); 1511 #endif 1512 break; 1513 1514 default: 1515 abort(); 1516 } 1517 return b1; 1518 } 1519 1520 static struct block * 1521 gen_ipfrag(void) 1522 { 1523 struct slist *s, *tmp; 1524 struct block *b; 1525 1526 /* not ip frag */ 1527 if (variable_nl) { 1528 s = nl2X_stmt(); 1529 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1530 tmp->s.k = 6; 1531 sappend(s, tmp); 1532 } else { 1533 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1534 s->s.k = off_nl + 6; 1535 } 1536 b = new_block(JMP(BPF_JSET)); 1537 b->s.k = 0x1fff; 1538 b->stmts = s; 1539 gen_not(b); 1540 1541 return b; 1542 } 1543 1544 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1545 This function generates code to set X to the start of the IP payload 1546 X = off_nl + IP header_len. 1547 */ 1548 static struct slist * 1549 iphl_to_x(void) 1550 { 1551 struct slist *s, *tmp; 1552 1553 /* XXX clobbers A if variable_nl*/ 1554 if (variable_nl) { 1555 if (iphl_reg == -1) { 1556 /* X <- off_nl */ 1557 s = nl2X_stmt(); 1558 1559 /* A = p[X+0] */ 1560 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1561 tmp->s.k = 0; 1562 sappend(s, tmp); 1563 1564 /* A = A & 0x0f */ 1565 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1566 tmp->s.k = 0x0f; 1567 sappend(s, tmp); 1568 1569 /* A = A << 2 */ 1570 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1571 tmp->s.k = 2; 1572 sappend(s, tmp); 1573 1574 /* A = A + X (add off_nl again to compensate) */ 1575 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1576 1577 /* MEM[iphl_reg] = A */ 1578 iphl_reg = alloc_reg(); 1579 tmp = new_stmt(BPF_ST); 1580 tmp->s.k = iphl_reg; 1581 sappend(s, tmp); 1582 1583 sappend(init_code, s); 1584 } 1585 s = new_stmt(BPF_LDX|BPF_MEM); 1586 s->s.k = iphl_reg; 1587 1588 } else { 1589 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1590 s->s.k = off_nl; 1591 } 1592 1593 return s; 1594 } 1595 1596 static struct block * 1597 gen_portatom(int off, bpf_int32 v) 1598 { 1599 struct slist *s, *tmp; 1600 struct block *b; 1601 1602 s = iphl_to_x(); 1603 1604 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1605 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1606 sappend(s, tmp); 1607 1608 b = new_block(JMP(BPF_JEQ)); 1609 b->stmts = s; 1610 b->s.k = v; 1611 1612 return b; 1613 } 1614 1615 #ifdef INET6 1616 static struct block * 1617 gen_portatom6(int off, bpf_int32 v) 1618 { 1619 return gen_cmp_nl(40 + off, BPF_H, v); 1620 } 1621 #endif/*INET6*/ 1622 1623 struct block * 1624 gen_portop(int port, int proto, int dir) 1625 { 1626 struct block *b0, *b1, *tmp; 1627 1628 /* ip proto 'proto' */ 1629 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1630 b0 = gen_ipfrag(); 1631 gen_and(tmp, b0); 1632 1633 switch (dir) { 1634 case Q_SRC: 1635 b1 = gen_portatom(0, (bpf_int32)port); 1636 break; 1637 1638 case Q_DST: 1639 b1 = gen_portatom(2, (bpf_int32)port); 1640 break; 1641 1642 case Q_OR: 1643 case Q_DEFAULT: 1644 tmp = gen_portatom(0, (bpf_int32)port); 1645 b1 = gen_portatom(2, (bpf_int32)port); 1646 gen_or(tmp, b1); 1647 break; 1648 1649 case Q_AND: 1650 tmp = gen_portatom(0, (bpf_int32)port); 1651 b1 = gen_portatom(2, (bpf_int32)port); 1652 gen_and(tmp, b1); 1653 break; 1654 1655 default: 1656 abort(); 1657 } 1658 gen_and(b0, b1); 1659 1660 return b1; 1661 } 1662 1663 static struct block * 1664 gen_port(int port, int ip_proto, int dir) 1665 { 1666 struct block *b0, *b1, *tmp; 1667 1668 /* ether proto ip */ 1669 b0 = gen_linktype(ETHERTYPE_IP); 1670 1671 switch (ip_proto) { 1672 case IPPROTO_UDP: 1673 case IPPROTO_TCP: 1674 b1 = gen_portop(port, ip_proto, dir); 1675 break; 1676 1677 case PROTO_UNDEF: 1678 tmp = gen_portop(port, IPPROTO_TCP, dir); 1679 b1 = gen_portop(port, IPPROTO_UDP, dir); 1680 gen_or(tmp, b1); 1681 break; 1682 1683 default: 1684 abort(); 1685 } 1686 gen_and(b0, b1); 1687 return b1; 1688 } 1689 1690 #ifdef INET6 1691 struct block * 1692 gen_portop6(int port, int proto, int dir) 1693 { 1694 struct block *b0, *b1, *tmp; 1695 1696 /* ip proto 'proto' */ 1697 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1698 1699 switch (dir) { 1700 case Q_SRC: 1701 b1 = gen_portatom6(0, (bpf_int32)port); 1702 break; 1703 1704 case Q_DST: 1705 b1 = gen_portatom6(2, (bpf_int32)port); 1706 break; 1707 1708 case Q_OR: 1709 case Q_DEFAULT: 1710 tmp = gen_portatom6(0, (bpf_int32)port); 1711 b1 = gen_portatom6(2, (bpf_int32)port); 1712 gen_or(tmp, b1); 1713 break; 1714 1715 case Q_AND: 1716 tmp = gen_portatom6(0, (bpf_int32)port); 1717 b1 = gen_portatom6(2, (bpf_int32)port); 1718 gen_and(tmp, b1); 1719 break; 1720 1721 default: 1722 abort(); 1723 } 1724 gen_and(b0, b1); 1725 1726 return b1; 1727 } 1728 1729 static struct block * 1730 gen_port6(int port, int ip_proto, int dir) 1731 { 1732 struct block *b0, *b1, *tmp; 1733 1734 /* ether proto ip */ 1735 b0 = gen_linktype(ETHERTYPE_IPV6); 1736 1737 switch (ip_proto) { 1738 case IPPROTO_UDP: 1739 case IPPROTO_TCP: 1740 b1 = gen_portop6(port, ip_proto, dir); 1741 break; 1742 1743 case PROTO_UNDEF: 1744 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1745 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1746 gen_or(tmp, b1); 1747 break; 1748 1749 default: 1750 abort(); 1751 } 1752 gen_and(b0, b1); 1753 return b1; 1754 } 1755 #endif /* INET6 */ 1756 1757 static int 1758 lookup_proto(const char *name, int proto) 1759 { 1760 int v; 1761 1762 switch (proto) { 1763 1764 case Q_DEFAULT: 1765 case Q_IP: 1766 v = pcap_nametoproto(name); 1767 if (v == PROTO_UNDEF) 1768 bpf_error("unknown ip proto '%s'", name); 1769 break; 1770 1771 case Q_LINK: 1772 /* XXX should look up h/w protocol type based on linktype */ 1773 v = pcap_nametoeproto(name); 1774 if (v == PROTO_UNDEF) { 1775 v = pcap_nametollc(name); 1776 if (v == PROTO_UNDEF) 1777 bpf_error("unknown ether proto '%s'", name); 1778 } 1779 break; 1780 1781 default: 1782 v = PROTO_UNDEF; 1783 break; 1784 } 1785 return v; 1786 } 1787 1788 static struct block * 1789 gen_protochain(int v, int proto, int dir) 1790 { 1791 struct block *b0, *b; 1792 struct slist *s[100]; 1793 int fix2, fix3, fix4, fix5; 1794 int ahcheck, again, end; 1795 int i, max; 1796 int reg1 = alloc_reg(); 1797 int reg2 = alloc_reg(); 1798 1799 memset(s, 0, sizeof(s)); 1800 fix2 = fix3 = fix4 = fix5 = 0; 1801 1802 if (variable_nl) { 1803 bpf_error("'gen_protochain' not supported for variable DLTs"); 1804 /*NOTREACHED*/ 1805 } 1806 1807 switch (proto) { 1808 case Q_IP: 1809 case Q_IPV6: 1810 break; 1811 case Q_DEFAULT: 1812 b0 = gen_protochain(v, Q_IP, dir); 1813 b = gen_protochain(v, Q_IPV6, dir); 1814 gen_or(b0, b); 1815 return b; 1816 default: 1817 bpf_error("bad protocol applied for 'protochain'"); 1818 /*NOTREACHED*/ 1819 } 1820 1821 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1822 1823 /* 1824 * s[0] is a dummy entry to protect other BPF insn from damaged 1825 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1826 * hard to find interdependency made by jump table fixup. 1827 */ 1828 i = 0; 1829 s[i] = new_stmt(0); /*dummy*/ 1830 i++; 1831 1832 switch (proto) { 1833 case Q_IP: 1834 b0 = gen_linktype(ETHERTYPE_IP); 1835 1836 /* A = ip->ip_p */ 1837 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1838 s[i]->s.k = off_nl + 9; 1839 i++; 1840 /* X = ip->ip_hl << 2 */ 1841 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1842 s[i]->s.k = off_nl; 1843 i++; 1844 break; 1845 case Q_IPV6: 1846 b0 = gen_linktype(ETHERTYPE_IPV6); 1847 1848 /* A = ip6->ip_nxt */ 1849 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1850 s[i]->s.k = off_nl + 6; 1851 i++; 1852 /* X = sizeof(struct ip6_hdr) */ 1853 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1854 s[i]->s.k = 40; 1855 i++; 1856 break; 1857 default: 1858 bpf_error("unsupported proto to gen_protochain"); 1859 /*NOTREACHED*/ 1860 } 1861 1862 /* again: if (A == v) goto end; else fall through; */ 1863 again = i; 1864 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1865 s[i]->s.k = v; 1866 s[i]->s.jt = NULL; /*later*/ 1867 s[i]->s.jf = NULL; /*update in next stmt*/ 1868 fix5 = i; 1869 i++; 1870 1871 /* if (A == IPPROTO_NONE) goto end */ 1872 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1873 s[i]->s.jt = NULL; /*later*/ 1874 s[i]->s.jf = NULL; /*update in next stmt*/ 1875 s[i]->s.k = IPPROTO_NONE; 1876 s[fix5]->s.jf = s[i]; 1877 fix2 = i; 1878 i++; 1879 1880 if (proto == Q_IPV6) { 1881 int v6start, v6end, v6advance, j; 1882 1883 v6start = i; 1884 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1885 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1886 s[i]->s.jt = NULL; /*later*/ 1887 s[i]->s.jf = NULL; /*update in next stmt*/ 1888 s[i]->s.k = IPPROTO_HOPOPTS; 1889 s[fix2]->s.jf = s[i]; 1890 i++; 1891 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1892 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1893 s[i]->s.jt = NULL; /*later*/ 1894 s[i]->s.jf = NULL; /*update in next stmt*/ 1895 s[i]->s.k = IPPROTO_DSTOPTS; 1896 i++; 1897 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1898 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1899 s[i]->s.jt = NULL; /*later*/ 1900 s[i]->s.jf = NULL; /*update in next stmt*/ 1901 s[i]->s.k = IPPROTO_ROUTING; 1902 i++; 1903 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1904 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1905 s[i]->s.jt = NULL; /*later*/ 1906 s[i]->s.jf = NULL; /*later*/ 1907 s[i]->s.k = IPPROTO_FRAGMENT; 1908 fix3 = i; 1909 v6end = i; 1910 i++; 1911 1912 /* v6advance: */ 1913 v6advance = i; 1914 1915 /* 1916 * in short, 1917 * A = P[X + 1]; 1918 * X = X + (P[X] + 1) * 8; 1919 */ 1920 /* A = X */ 1921 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1922 i++; 1923 /* MEM[reg1] = A */ 1924 s[i] = new_stmt(BPF_ST); 1925 s[i]->s.k = reg1; 1926 i++; 1927 /* A += 1 */ 1928 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1929 s[i]->s.k = 1; 1930 i++; 1931 /* X = A */ 1932 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1933 i++; 1934 /* A = P[X + packet head]; */ 1935 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1936 s[i]->s.k = off_nl; 1937 i++; 1938 /* MEM[reg2] = A */ 1939 s[i] = new_stmt(BPF_ST); 1940 s[i]->s.k = reg2; 1941 i++; 1942 /* X = MEM[reg1] */ 1943 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1944 s[i]->s.k = reg1; 1945 i++; 1946 /* A = P[X + packet head] */ 1947 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1948 s[i]->s.k = off_nl; 1949 i++; 1950 /* A += 1 */ 1951 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1952 s[i]->s.k = 1; 1953 i++; 1954 /* A *= 8 */ 1955 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1956 s[i]->s.k = 8; 1957 i++; 1958 /* X = A; */ 1959 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1960 i++; 1961 /* A = MEM[reg2] */ 1962 s[i] = new_stmt(BPF_LD|BPF_MEM); 1963 s[i]->s.k = reg2; 1964 i++; 1965 1966 /* goto again; (must use BPF_JA for backward jump) */ 1967 s[i] = new_stmt(BPF_JMP|BPF_JA); 1968 s[i]->s.k = again - i - 1; 1969 s[i - 1]->s.jf = s[i]; 1970 i++; 1971 1972 /* fixup */ 1973 for (j = v6start; j <= v6end; j++) 1974 s[j]->s.jt = s[v6advance]; 1975 } else { 1976 /* nop */ 1977 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1978 s[i]->s.k = 0; 1979 s[fix2]->s.jf = s[i]; 1980 i++; 1981 } 1982 1983 /* ahcheck: */ 1984 ahcheck = i; 1985 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 1986 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1987 s[i]->s.jt = NULL; /*later*/ 1988 s[i]->s.jf = NULL; /*later*/ 1989 s[i]->s.k = IPPROTO_AH; 1990 if (fix3) 1991 s[fix3]->s.jf = s[ahcheck]; 1992 fix4 = i; 1993 i++; 1994 1995 /* 1996 * in short, 1997 * A = P[X + 1]; 1998 * X = X + (P[X] + 2) * 4; 1999 */ 2000 /* A = X */ 2001 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2002 i++; 2003 /* MEM[reg1] = A */ 2004 s[i] = new_stmt(BPF_ST); 2005 s[i]->s.k = reg1; 2006 i++; 2007 /* A += 1 */ 2008 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2009 s[i]->s.k = 1; 2010 i++; 2011 /* X = A */ 2012 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2013 i++; 2014 /* A = P[X + packet head]; */ 2015 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2016 s[i]->s.k = off_nl; 2017 i++; 2018 /* MEM[reg2] = A */ 2019 s[i] = new_stmt(BPF_ST); 2020 s[i]->s.k = reg2; 2021 i++; 2022 /* X = MEM[reg1] */ 2023 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2024 s[i]->s.k = reg1; 2025 i++; 2026 /* A = P[X + packet head] */ 2027 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2028 s[i]->s.k = off_nl; 2029 i++; 2030 /* A += 2 */ 2031 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2032 s[i]->s.k = 2; 2033 i++; 2034 /* A *= 4 */ 2035 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2036 s[i]->s.k = 4; 2037 i++; 2038 /* X = A; */ 2039 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2040 i++; 2041 /* A = MEM[reg2] */ 2042 s[i] = new_stmt(BPF_LD|BPF_MEM); 2043 s[i]->s.k = reg2; 2044 i++; 2045 2046 /* goto again; (must use BPF_JA for backward jump) */ 2047 s[i] = new_stmt(BPF_JMP|BPF_JA); 2048 s[i]->s.k = again - i - 1; 2049 i++; 2050 2051 /* end: nop */ 2052 end = i; 2053 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2054 s[i]->s.k = 0; 2055 s[fix2]->s.jt = s[end]; 2056 s[fix4]->s.jf = s[end]; 2057 s[fix5]->s.jt = s[end]; 2058 i++; 2059 2060 /* 2061 * make slist chain 2062 */ 2063 max = i; 2064 for (i = 0; i < max - 1; i++) 2065 s[i]->next = s[i + 1]; 2066 s[max - 1]->next = NULL; 2067 2068 /* 2069 * emit final check 2070 */ 2071 b = new_block(JMP(BPF_JEQ)); 2072 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2073 b->s.k = v; 2074 2075 free_reg(reg1); 2076 free_reg(reg2); 2077 2078 gen_and(b0, b); 2079 return b; 2080 } 2081 2082 static struct block * 2083 gen_proto(int v, int proto, int dir) 2084 { 2085 struct block *b0, *b1; 2086 2087 if (dir != Q_DEFAULT) 2088 bpf_error("direction applied to 'proto'"); 2089 2090 switch (proto) { 2091 case Q_DEFAULT: 2092 #ifdef INET6 2093 b0 = gen_proto(v, Q_IP, dir); 2094 b1 = gen_proto(v, Q_IPV6, dir); 2095 gen_or(b0, b1); 2096 return b1; 2097 #else 2098 /*FALLTHROUGH*/ 2099 #endif 2100 case Q_IP: 2101 b0 = gen_linktype(ETHERTYPE_IP); 2102 #ifndef CHASE_CHAIN 2103 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2104 #else 2105 b1 = gen_protochain(v, Q_IP); 2106 #endif 2107 gen_and(b0, b1); 2108 return b1; 2109 2110 case Q_ARP: 2111 bpf_error("arp does not encapsulate another protocol"); 2112 /* NOTREACHED */ 2113 2114 case Q_RARP: 2115 bpf_error("rarp does not encapsulate another protocol"); 2116 /* NOTREACHED */ 2117 2118 case Q_ATALK: 2119 bpf_error("atalk encapsulation is not specifiable"); 2120 /* NOTREACHED */ 2121 2122 case Q_DECNET: 2123 bpf_error("decnet encapsulation is not specifiable"); 2124 /* NOTREACHED */ 2125 2126 case Q_SCA: 2127 bpf_error("sca does not encapsulate another protocol"); 2128 /* NOTREACHED */ 2129 2130 case Q_LAT: 2131 bpf_error("lat does not encapsulate another protocol"); 2132 /* NOTREACHED */ 2133 2134 case Q_MOPRC: 2135 bpf_error("moprc does not encapsulate another protocol"); 2136 /* NOTREACHED */ 2137 2138 case Q_MOPDL: 2139 bpf_error("mopdl does not encapsulate another protocol"); 2140 /* NOTREACHED */ 2141 2142 case Q_LINK: 2143 return gen_linktype(v); 2144 2145 case Q_UDP: 2146 bpf_error("'udp proto' is bogus"); 2147 /* NOTREACHED */ 2148 2149 case Q_TCP: 2150 bpf_error("'tcp proto' is bogus"); 2151 /* NOTREACHED */ 2152 2153 case Q_ICMP: 2154 bpf_error("'icmp proto' is bogus"); 2155 /* NOTREACHED */ 2156 2157 case Q_IGMP: 2158 bpf_error("'igmp proto' is bogus"); 2159 /* NOTREACHED */ 2160 2161 case Q_IGRP: 2162 bpf_error("'igrp proto' is bogus"); 2163 /* NOTREACHED */ 2164 2165 case Q_PIM: 2166 bpf_error("'pim proto' is bogus"); 2167 /* NOTREACHED */ 2168 2169 case Q_STP: 2170 bpf_error("'stp proto' is bogus"); 2171 /* NOTREACHED */ 2172 2173 #ifdef INET6 2174 case Q_IPV6: 2175 b0 = gen_linktype(ETHERTYPE_IPV6); 2176 #ifndef CHASE_CHAIN 2177 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2178 #else 2179 b1 = gen_protochain(v, Q_IPV6); 2180 #endif 2181 gen_and(b0, b1); 2182 return b1; 2183 2184 case Q_ICMPV6: 2185 bpf_error("'icmp6 proto' is bogus"); 2186 #endif /* INET6 */ 2187 2188 case Q_AH: 2189 bpf_error("'ah proto' is bogus"); 2190 2191 case Q_ESP: 2192 bpf_error("'esp proto' is bogus"); 2193 2194 default: 2195 abort(); 2196 /* NOTREACHED */ 2197 } 2198 /* NOTREACHED */ 2199 } 2200 2201 struct block * 2202 gen_scode(const char *name, struct qual q) 2203 { 2204 int proto = q.proto; 2205 int dir = q.dir; 2206 int tproto; 2207 u_char *eaddr; 2208 bpf_u_int32 mask, addr; 2209 #ifndef INET6 2210 bpf_u_int32 **alist; 2211 #else 2212 int tproto6; 2213 struct sockaddr_in *sin; 2214 struct sockaddr_in6 *sin6; 2215 struct addrinfo *res, *res0; 2216 struct in6_addr mask128; 2217 #endif /*INET6*/ 2218 struct block *b, *tmp; 2219 int port, real_proto; 2220 2221 switch (q.addr) { 2222 2223 case Q_NET: 2224 addr = pcap_nametonetaddr(name); 2225 if (addr == 0) 2226 bpf_error("unknown network '%s'", name); 2227 /* Left justify network addr and calculate its network mask */ 2228 mask = 0xffffffff; 2229 while (addr && (addr & 0xff000000) == 0) { 2230 addr <<= 8; 2231 mask <<= 8; 2232 } 2233 return gen_host(addr, mask, proto, dir); 2234 2235 case Q_DEFAULT: 2236 case Q_HOST: 2237 if (proto == Q_LINK) { 2238 switch (linktype) { 2239 2240 case DLT_EN10MB: 2241 eaddr = pcap_ether_hostton(name); 2242 if (eaddr == NULL) 2243 bpf_error( 2244 "unknown ether host '%s'", name); 2245 return gen_ehostop(eaddr, dir); 2246 2247 case DLT_FDDI: 2248 eaddr = pcap_ether_hostton(name); 2249 if (eaddr == NULL) 2250 bpf_error( 2251 "unknown FDDI host '%s'", name); 2252 return gen_fhostop(eaddr, dir); 2253 2254 case DLT_IEEE802_11: 2255 case DLT_IEEE802_11_RADIO: 2256 eaddr = pcap_ether_hostton(name); 2257 if (eaddr == NULL) 2258 bpf_error( 2259 "unknown 802.11 host '%s'", name); 2260 2261 return gen_p80211_hostop(eaddr, dir); 2262 2263 default: 2264 bpf_error( 2265 "only ethernet/FDDI supports link-level host name"); 2266 break; 2267 } 2268 } else if (proto == Q_DECNET) { 2269 unsigned short dn_addr = __pcap_nametodnaddr(name); 2270 /* 2271 * I don't think DECNET hosts can be multihomed, so 2272 * there is no need to build up a list of addresses 2273 */ 2274 return (gen_host(dn_addr, 0, proto, dir)); 2275 } else { 2276 #ifndef INET6 2277 alist = pcap_nametoaddr(name); 2278 if (alist == NULL || *alist == NULL) 2279 bpf_error("unknown host '%s'", name); 2280 tproto = proto; 2281 if (off_linktype == -1 && tproto == Q_DEFAULT) 2282 tproto = Q_IP; 2283 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2284 while (*alist) { 2285 tmp = gen_host(**alist++, 0xffffffff, 2286 tproto, dir); 2287 gen_or(b, tmp); 2288 b = tmp; 2289 } 2290 return b; 2291 #else 2292 memset(&mask128, 0xff, sizeof(mask128)); 2293 res0 = res = pcap_nametoaddrinfo(name); 2294 if (res == NULL) 2295 bpf_error("unknown host '%s'", name); 2296 b = tmp = NULL; 2297 tproto = tproto6 = proto; 2298 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2299 tproto = Q_IP; 2300 tproto6 = Q_IPV6; 2301 } 2302 for (res = res0; res; res = res->ai_next) { 2303 switch (res->ai_family) { 2304 case AF_INET: 2305 if (tproto == Q_IPV6) 2306 continue; 2307 2308 sin = (struct sockaddr_in *) 2309 res->ai_addr; 2310 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2311 0xffffffff, tproto, dir); 2312 break; 2313 case AF_INET6: 2314 if (tproto6 == Q_IP) 2315 continue; 2316 2317 sin6 = (struct sockaddr_in6 *) 2318 res->ai_addr; 2319 tmp = gen_host6(&sin6->sin6_addr, 2320 &mask128, tproto6, dir); 2321 break; 2322 } 2323 if (b) 2324 gen_or(b, tmp); 2325 b = tmp; 2326 } 2327 freeaddrinfo(res0); 2328 if (b == NULL) { 2329 bpf_error("unknown host '%s'%s", name, 2330 (proto == Q_DEFAULT) 2331 ? "" 2332 : " for specified address family"); 2333 } 2334 return b; 2335 #endif /*INET6*/ 2336 } 2337 2338 case Q_PORT: 2339 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2340 bpf_error("illegal qualifier of 'port'"); 2341 if (pcap_nametoport(name, &port, &real_proto) == 0) 2342 bpf_error("unknown port '%s'", name); 2343 if (proto == Q_UDP) { 2344 if (real_proto == IPPROTO_TCP) 2345 bpf_error("port '%s' is tcp", name); 2346 else 2347 /* override PROTO_UNDEF */ 2348 real_proto = IPPROTO_UDP; 2349 } 2350 if (proto == Q_TCP) { 2351 if (real_proto == IPPROTO_UDP) 2352 bpf_error("port '%s' is udp", name); 2353 else 2354 /* override PROTO_UNDEF */ 2355 real_proto = IPPROTO_TCP; 2356 } 2357 #ifndef INET6 2358 return gen_port(port, real_proto, dir); 2359 #else 2360 { 2361 struct block *b; 2362 b = gen_port(port, real_proto, dir); 2363 gen_or(gen_port6(port, real_proto, dir), b); 2364 return b; 2365 } 2366 #endif /* INET6 */ 2367 2368 case Q_GATEWAY: 2369 #ifndef INET6 2370 eaddr = pcap_ether_hostton(name); 2371 if (eaddr == NULL) 2372 bpf_error("unknown ether host: %s", name); 2373 2374 alist = pcap_nametoaddr(name); 2375 if (alist == NULL || *alist == NULL) 2376 bpf_error("unknown host '%s'", name); 2377 return gen_gateway(eaddr, alist, proto, dir); 2378 #else 2379 bpf_error("'gateway' not supported in this configuration"); 2380 #endif /*INET6*/ 2381 2382 case Q_PROTO: 2383 real_proto = lookup_proto(name, proto); 2384 if (real_proto >= 0) 2385 return gen_proto(real_proto, proto, dir); 2386 else 2387 bpf_error("unknown protocol: %s", name); 2388 2389 case Q_PROTOCHAIN: 2390 real_proto = lookup_proto(name, proto); 2391 if (real_proto >= 0) 2392 return gen_protochain(real_proto, proto, dir); 2393 else 2394 bpf_error("unknown protocol: %s", name); 2395 2396 2397 case Q_UNDEF: 2398 syntax(); 2399 /* NOTREACHED */ 2400 } 2401 abort(); 2402 /* NOTREACHED */ 2403 } 2404 2405 struct block * 2406 gen_mcode(const char *s1, const char *s2, int masklen, struct qual q) 2407 { 2408 int nlen, mlen; 2409 bpf_u_int32 n, m; 2410 2411 nlen = __pcap_atoin(s1, &n); 2412 /* Promote short ipaddr */ 2413 n <<= 32 - nlen; 2414 2415 if (s2 != NULL) { 2416 mlen = __pcap_atoin(s2, &m); 2417 /* Promote short ipaddr */ 2418 m <<= 32 - mlen; 2419 if ((n & ~m) != 0) 2420 bpf_error("non-network bits set in \"%s mask %s\"", 2421 s1, s2); 2422 } else { 2423 /* Convert mask len to mask */ 2424 if (masklen > 32) 2425 bpf_error("mask length must be <= 32"); 2426 m = 0xffffffff << (32 - masklen); 2427 if ((n & ~m) != 0) 2428 bpf_error("non-network bits set in \"%s/%d\"", 2429 s1, masklen); 2430 } 2431 2432 switch (q.addr) { 2433 2434 case Q_NET: 2435 return gen_host(n, m, q.proto, q.dir); 2436 2437 default: 2438 bpf_error("Mask syntax for networks only"); 2439 /* NOTREACHED */ 2440 } 2441 } 2442 2443 struct block * 2444 gen_ncode(const char *s, bpf_u_int32 v, struct qual q) 2445 { 2446 bpf_u_int32 mask; 2447 int proto = q.proto; 2448 int dir = q.dir; 2449 int vlen; 2450 2451 if (s == NULL) 2452 vlen = 32; 2453 else if (q.proto == Q_DECNET) 2454 vlen = __pcap_atodn(s, &v); 2455 else 2456 vlen = __pcap_atoin(s, &v); 2457 2458 switch (q.addr) { 2459 2460 case Q_DEFAULT: 2461 case Q_HOST: 2462 case Q_NET: 2463 if (proto == Q_DECNET) 2464 return gen_host(v, 0, proto, dir); 2465 else if (proto == Q_LINK) { 2466 bpf_error("illegal link layer address"); 2467 } else { 2468 mask = 0xffffffff; 2469 if (s == NULL && q.addr == Q_NET) { 2470 /* Promote short net number */ 2471 while (v && (v & 0xff000000) == 0) { 2472 v <<= 8; 2473 mask <<= 8; 2474 } 2475 } else { 2476 /* Promote short ipaddr */ 2477 v <<= 32 - vlen; 2478 mask <<= 32 - vlen; 2479 } 2480 return gen_host(v, mask, proto, dir); 2481 } 2482 2483 case Q_PORT: 2484 if (proto == Q_UDP) 2485 proto = IPPROTO_UDP; 2486 else if (proto == Q_TCP) 2487 proto = IPPROTO_TCP; 2488 else if (proto == Q_DEFAULT) 2489 proto = PROTO_UNDEF; 2490 else 2491 bpf_error("illegal qualifier of 'port'"); 2492 2493 #ifndef INET6 2494 return gen_port((int)v, proto, dir); 2495 #else 2496 { 2497 struct block *b; 2498 b = gen_port((int)v, proto, dir); 2499 gen_or(gen_port6((int)v, proto, dir), b); 2500 return b; 2501 } 2502 #endif /* INET6 */ 2503 2504 case Q_GATEWAY: 2505 bpf_error("'gateway' requires a name"); 2506 /* NOTREACHED */ 2507 2508 case Q_PROTO: 2509 return gen_proto((int)v, proto, dir); 2510 2511 case Q_PROTOCHAIN: 2512 return gen_protochain((int)v, proto, dir); 2513 2514 case Q_UNDEF: 2515 syntax(); 2516 /* NOTREACHED */ 2517 2518 default: 2519 abort(); 2520 /* NOTREACHED */ 2521 } 2522 /* NOTREACHED */ 2523 } 2524 2525 #ifdef INET6 2526 struct block * 2527 gen_mcode6(const char *s1, const char *s2, int masklen, struct qual q) 2528 { 2529 struct addrinfo *res; 2530 struct in6_addr *addr; 2531 struct in6_addr mask; 2532 struct block *b; 2533 u_int32_t *a, *m; 2534 2535 if (s2) 2536 bpf_error("no mask %s supported", s2); 2537 2538 res = pcap_nametoaddrinfo(s1); 2539 if (!res) 2540 bpf_error("invalid ip6 address %s", s1); 2541 if (res->ai_next) 2542 bpf_error("%s resolved to multiple address", s1); 2543 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2544 2545 if (sizeof(mask) * 8 < masklen) 2546 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2547 memset(&mask, 0, sizeof(mask)); 2548 memset(&mask, 0xff, masklen / 8); 2549 if (masklen % 8) { 2550 mask.s6_addr[masklen / 8] = 2551 (0xff << (8 - masklen % 8)) & 0xff; 2552 } 2553 2554 a = (u_int32_t *)addr; 2555 m = (u_int32_t *)&mask; 2556 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2557 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2558 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2559 } 2560 2561 switch (q.addr) { 2562 2563 case Q_DEFAULT: 2564 case Q_HOST: 2565 if (masklen != 128) 2566 bpf_error("Mask syntax for networks only"); 2567 /* FALLTHROUGH */ 2568 2569 case Q_NET: 2570 b = gen_host6(addr, &mask, q.proto, q.dir); 2571 freeaddrinfo(res); 2572 return b; 2573 2574 default: 2575 bpf_error("invalid qualifier against IPv6 address"); 2576 /* NOTREACHED */ 2577 } 2578 } 2579 #endif /*INET6*/ 2580 2581 struct block * 2582 gen_ecode(const u_char *eaddr, struct qual q) 2583 { 2584 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2585 if (linktype == DLT_EN10MB) 2586 return gen_ehostop(eaddr, (int)q.dir); 2587 if (linktype == DLT_FDDI) 2588 return gen_fhostop(eaddr, (int)q.dir); 2589 if (linktype == DLT_IEEE802_11 || 2590 linktype == DLT_IEEE802_11_RADIO) 2591 return gen_p80211_hostop(eaddr, (int)q.dir); 2592 } 2593 bpf_error("ethernet address used in non-ether expression"); 2594 /* NOTREACHED */ 2595 } 2596 2597 void 2598 sappend(struct slist *s0, struct slist *s1) 2599 { 2600 /* 2601 * This is definitely not the best way to do this, but the 2602 * lists will rarely get long. 2603 */ 2604 while (s0->next) 2605 s0 = s0->next; 2606 s0->next = s1; 2607 } 2608 2609 static struct slist * 2610 xfer_to_x(struct arth *a) 2611 { 2612 struct slist *s; 2613 2614 s = new_stmt(BPF_LDX|BPF_MEM); 2615 s->s.k = a->regno; 2616 return s; 2617 } 2618 2619 static struct slist * 2620 xfer_to_a(struct arth *a) 2621 { 2622 struct slist *s; 2623 2624 s = new_stmt(BPF_LD|BPF_MEM); 2625 s->s.k = a->regno; 2626 return s; 2627 } 2628 2629 struct arth * 2630 gen_load(int proto, struct arth *index, int size) 2631 { 2632 struct slist *s, *tmp; 2633 struct block *b; 2634 int regno = alloc_reg(); 2635 2636 free_reg(index->regno); 2637 switch (size) { 2638 2639 default: 2640 bpf_error("data size must be 1, 2, or 4"); 2641 2642 case 1: 2643 size = BPF_B; 2644 break; 2645 2646 case 2: 2647 size = BPF_H; 2648 break; 2649 2650 case 4: 2651 size = BPF_W; 2652 break; 2653 } 2654 switch (proto) { 2655 default: 2656 bpf_error("unsupported index operation"); 2657 2658 case Q_LINK: 2659 s = xfer_to_x(index); 2660 tmp = new_stmt(BPF_LD|BPF_IND|size); 2661 sappend(s, tmp); 2662 sappend(index->s, s); 2663 break; 2664 2665 case Q_IP: 2666 case Q_ARP: 2667 case Q_RARP: 2668 case Q_ATALK: 2669 case Q_DECNET: 2670 case Q_SCA: 2671 case Q_LAT: 2672 case Q_MOPRC: 2673 case Q_MOPDL: 2674 #ifdef INET6 2675 case Q_IPV6: 2676 #endif 2677 /* XXX Note that we assume a fixed link header here. */ 2678 if (variable_nl) { 2679 s = nl2X_stmt(); 2680 sappend(s, xfer_to_a(index)); 2681 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2682 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2683 } else { 2684 s = xfer_to_x(index); 2685 } 2686 tmp = new_stmt(BPF_LD|BPF_IND|size); 2687 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2688 sappend(s, tmp); 2689 sappend(index->s, s); 2690 2691 b = gen_proto_abbrev(proto); 2692 if (index->b) 2693 gen_and(index->b, b); 2694 index->b = b; 2695 break; 2696 2697 case Q_TCP: 2698 case Q_UDP: 2699 case Q_ICMP: 2700 case Q_IGMP: 2701 case Q_IGRP: 2702 case Q_PIM: 2703 s = iphl_to_x(); 2704 sappend(s, xfer_to_a(index)); 2705 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2706 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2707 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2708 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2709 sappend(index->s, s); 2710 2711 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2712 if (index->b) 2713 gen_and(index->b, b); 2714 #ifdef INET6 2715 gen_and(gen_proto_abbrev(Q_IP), b); 2716 #endif 2717 index->b = b; 2718 break; 2719 #ifdef INET6 2720 case Q_ICMPV6: 2721 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2722 /*NOTREACHED*/ 2723 #endif 2724 } 2725 index->regno = regno; 2726 s = new_stmt(BPF_ST); 2727 s->s.k = regno; 2728 sappend(index->s, s); 2729 2730 return index; 2731 } 2732 2733 struct block * 2734 gen_relation(int code, struct arth *a0, struct arth *a1, int reversed) 2735 { 2736 struct slist *s0, *s1, *s2; 2737 struct block *b, *tmp; 2738 2739 s0 = xfer_to_x(a1); 2740 s1 = xfer_to_a(a0); 2741 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2742 b = new_block(JMP(code)); 2743 if (code == BPF_JGT || code == BPF_JGE) { 2744 reversed = !reversed; 2745 b->s.k = 0x80000000; 2746 } 2747 if (reversed) 2748 gen_not(b); 2749 2750 sappend(s1, s2); 2751 sappend(s0, s1); 2752 sappend(a1->s, s0); 2753 sappend(a0->s, a1->s); 2754 2755 b->stmts = a0->s; 2756 2757 free_reg(a0->regno); 2758 free_reg(a1->regno); 2759 2760 /* 'and' together protocol checks */ 2761 if (a0->b) { 2762 if (a1->b) { 2763 gen_and(a0->b, tmp = a1->b); 2764 } 2765 else 2766 tmp = a0->b; 2767 } else 2768 tmp = a1->b; 2769 2770 if (tmp) 2771 gen_and(tmp, b); 2772 2773 return b; 2774 } 2775 2776 struct arth * 2777 gen_loadlen(void) 2778 { 2779 int regno = alloc_reg(); 2780 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2781 struct slist *s; 2782 2783 s = new_stmt(BPF_LD|BPF_LEN); 2784 s->next = new_stmt(BPF_ST); 2785 s->next->s.k = regno; 2786 a->s = s; 2787 a->regno = regno; 2788 2789 return a; 2790 } 2791 2792 struct arth * 2793 gen_loadrnd(void) 2794 { 2795 int regno = alloc_reg(); 2796 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2797 struct slist *s; 2798 2799 s = new_stmt(BPF_LD|BPF_RND); 2800 s->next = new_stmt(BPF_ST); 2801 s->next->s.k = regno; 2802 a->s = s; 2803 a->regno = regno; 2804 2805 return a; 2806 } 2807 2808 struct arth * 2809 gen_loadi(int val) 2810 { 2811 struct arth *a; 2812 struct slist *s; 2813 int reg; 2814 2815 a = (struct arth *)newchunk(sizeof(*a)); 2816 2817 reg = alloc_reg(); 2818 2819 s = new_stmt(BPF_LD|BPF_IMM); 2820 s->s.k = val; 2821 s->next = new_stmt(BPF_ST); 2822 s->next->s.k = reg; 2823 a->s = s; 2824 a->regno = reg; 2825 2826 return a; 2827 } 2828 2829 struct arth * 2830 gen_neg(struct arth *a) 2831 { 2832 struct slist *s; 2833 2834 s = xfer_to_a(a); 2835 sappend(a->s, s); 2836 s = new_stmt(BPF_ALU|BPF_NEG); 2837 s->s.k = 0; 2838 sappend(a->s, s); 2839 s = new_stmt(BPF_ST); 2840 s->s.k = a->regno; 2841 sappend(a->s, s); 2842 2843 return a; 2844 } 2845 2846 struct arth * 2847 gen_arth(int code, struct arth *a0, struct arth *a1) 2848 { 2849 struct slist *s0, *s1, *s2; 2850 2851 s0 = xfer_to_x(a1); 2852 s1 = xfer_to_a(a0); 2853 s2 = new_stmt(BPF_ALU|BPF_X|code); 2854 2855 sappend(s1, s2); 2856 sappend(s0, s1); 2857 sappend(a1->s, s0); 2858 sappend(a0->s, a1->s); 2859 2860 free_reg(a1->regno); 2861 2862 s0 = new_stmt(BPF_ST); 2863 a0->regno = s0->s.k = alloc_reg(); 2864 sappend(a0->s, s0); 2865 2866 return a0; 2867 } 2868 2869 /* 2870 * Here we handle simple allocation of the scratch registers. 2871 * If too many registers are alloc'd, the allocator punts. 2872 */ 2873 static int regused[BPF_MEMWORDS]; 2874 static int curreg; 2875 2876 /* 2877 * Return the next free register. 2878 */ 2879 static int 2880 alloc_reg(void) 2881 { 2882 int n = BPF_MEMWORDS; 2883 2884 while (--n >= 0) { 2885 if (regused[curreg]) 2886 curreg = (curreg + 1) % BPF_MEMWORDS; 2887 else { 2888 regused[curreg] = 1; 2889 return curreg; 2890 } 2891 } 2892 bpf_error("too many registers needed to evaluate expression"); 2893 /* NOTREACHED */ 2894 } 2895 2896 /* 2897 * Return a register to the table so it can 2898 * be used later. 2899 */ 2900 static void 2901 free_reg(int n) 2902 { 2903 regused[n] = 0; 2904 } 2905 2906 static struct block * 2907 gen_len(int jmp, int n) 2908 { 2909 struct slist *s; 2910 struct block *b; 2911 2912 s = new_stmt(BPF_LD|BPF_LEN); 2913 b = new_block(JMP(jmp)); 2914 b->stmts = s; 2915 b->s.k = n; 2916 2917 return b; 2918 } 2919 2920 struct block * 2921 gen_greater(int n) 2922 { 2923 return gen_len(BPF_JGE, n); 2924 } 2925 2926 struct block * 2927 gen_less(int n) 2928 { 2929 struct block *b; 2930 2931 b = gen_len(BPF_JGT, n); 2932 gen_not(b); 2933 2934 return b; 2935 } 2936 2937 struct block * 2938 gen_byteop(int op, int idx, int val) 2939 { 2940 struct block *b; 2941 struct slist *s; 2942 2943 switch (op) { 2944 default: 2945 abort(); 2946 2947 case '=': 2948 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2949 2950 case '<': 2951 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2952 b->s.code = JMP(BPF_JGE); 2953 gen_not(b); 2954 return b; 2955 2956 case '>': 2957 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2958 b->s.code = JMP(BPF_JGT); 2959 return b; 2960 2961 case '|': 2962 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 2963 break; 2964 2965 case '&': 2966 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 2967 break; 2968 } 2969 s->s.k = val; 2970 b = new_block(JMP(BPF_JEQ)); 2971 b->stmts = s; 2972 gen_not(b); 2973 2974 return b; 2975 } 2976 2977 struct block * 2978 gen_broadcast(int proto) 2979 { 2980 bpf_u_int32 hostmask; 2981 struct block *b0, *b1, *b2; 2982 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 2983 2984 switch (proto) { 2985 2986 case Q_DEFAULT: 2987 case Q_LINK: 2988 if (linktype == DLT_EN10MB) 2989 return gen_ehostop(ebroadcast, Q_DST); 2990 if (linktype == DLT_FDDI) 2991 return gen_fhostop(ebroadcast, Q_DST); 2992 if (linktype == DLT_IEEE802_11 || 2993 linktype == DLT_IEEE802_11_RADIO) 2994 return gen_p80211_hostop(ebroadcast, Q_DST); 2995 bpf_error("not a broadcast link"); 2996 break; 2997 2998 case Q_IP: 2999 /* 3000 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff) 3001 * as an indication that we don't know the netmask, and fail 3002 * in that case. 3003 */ 3004 if (netmask == PCAP_NETMASK_UNKNOWN) 3005 bpf_error("netmask not known, so 'ip broadcast' not supported"); 3006 b0 = gen_linktype(ETHERTYPE_IP); 3007 hostmask = ~netmask; 3008 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3009 b2 = gen_mcmp_nl(16, BPF_W, 3010 (bpf_int32)(~0 & hostmask), hostmask); 3011 gen_or(b1, b2); 3012 gen_and(b0, b2); 3013 return b2; 3014 } 3015 bpf_error("only ether/ip broadcast filters supported"); 3016 } 3017 3018 struct block * 3019 gen_multicast(int proto) 3020 { 3021 struct block *b0, *b1; 3022 struct slist *s; 3023 3024 switch (proto) { 3025 3026 case Q_DEFAULT: 3027 case Q_LINK: 3028 if (linktype == DLT_EN10MB) { 3029 /* ether[0] & 1 != 0 */ 3030 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3031 s->s.k = 0; 3032 b0 = new_block(JMP(BPF_JSET)); 3033 b0->s.k = 1; 3034 b0->stmts = s; 3035 return b0; 3036 } 3037 3038 if (linktype == DLT_FDDI) { 3039 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3040 /* fddi[1] & 1 != 0 */ 3041 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3042 s->s.k = 1; 3043 b0 = new_block(JMP(BPF_JSET)); 3044 b0->s.k = 1; 3045 b0->stmts = s; 3046 return b0; 3047 } 3048 /* Link not known to support multicasts */ 3049 break; 3050 3051 case Q_IP: 3052 b0 = gen_linktype(ETHERTYPE_IP); 3053 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3054 b1->s.code = JMP(BPF_JGE); 3055 gen_and(b0, b1); 3056 return b1; 3057 3058 #ifdef INET6 3059 case Q_IPV6: 3060 b0 = gen_linktype(ETHERTYPE_IPV6); 3061 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3062 gen_and(b0, b1); 3063 return b1; 3064 #endif /* INET6 */ 3065 } 3066 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3067 } 3068 3069 /* 3070 * generate command for inbound/outbound. It's here so we can 3071 * make it link-type specific. 'dir' = 0 implies "inbound", 3072 * = 1 implies "outbound". 3073 */ 3074 struct block * 3075 gen_inbound(int dir) 3076 { 3077 struct block *b0; 3078 3079 /* 3080 * Only SLIP and old-style PPP data link types support 3081 * inbound/outbound qualifiers. 3082 */ 3083 switch (linktype) { 3084 case DLT_SLIP: 3085 case DLT_PPP: 3086 b0 = gen_relation(BPF_JEQ, 3087 gen_load(Q_LINK, gen_loadi(0), 1), 3088 gen_loadi(0), 3089 dir); 3090 break; 3091 3092 case DLT_PFLOG: 3093 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3094 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3095 break; 3096 3097 default: 3098 bpf_error("inbound/outbound not supported on linktype 0x%x", 3099 linktype); 3100 /* NOTREACHED */ 3101 } 3102 3103 return (b0); 3104 } 3105 3106 3107 /* PF firewall log matched interface */ 3108 struct block * 3109 gen_pf_ifname(char *ifname) 3110 { 3111 struct block *b0; 3112 u_int len, off; 3113 3114 if (linktype == DLT_PFLOG) { 3115 len = sizeof(((struct pfloghdr *)0)->ifname); 3116 off = offsetof(struct pfloghdr, ifname); 3117 } else { 3118 bpf_error("ifname not supported on linktype 0x%x", linktype); 3119 /* NOTREACHED */ 3120 } 3121 if (strlen(ifname) >= len) { 3122 bpf_error("ifname interface names can only be %d characters", 3123 len - 1); 3124 /* NOTREACHED */ 3125 } 3126 b0 = gen_bcmp(off, strlen(ifname) + 1, ifname); 3127 return (b0); 3128 } 3129 3130 3131 /* PF firewall log ruleset name */ 3132 struct block * 3133 gen_pf_ruleset(char *ruleset) 3134 { 3135 struct block *b0; 3136 3137 if (linktype != DLT_PFLOG) { 3138 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3139 /* NOTREACHED */ 3140 } 3141 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3142 bpf_error("ruleset names can only be %zu characters", 3143 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3144 /* NOTREACHED */ 3145 } 3146 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3147 strlen(ruleset), ruleset); 3148 return (b0); 3149 } 3150 3151 3152 /* PF firewall log rule number */ 3153 struct block * 3154 gen_pf_rnr(int rnr) 3155 { 3156 struct block *b0; 3157 3158 if (linktype == DLT_PFLOG) { 3159 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3160 (bpf_int32)rnr); 3161 } else { 3162 bpf_error("rnr not supported on linktype 0x%x", linktype); 3163 /* NOTREACHED */ 3164 } 3165 3166 return (b0); 3167 } 3168 3169 3170 /* PF firewall log sub-rule number */ 3171 struct block * 3172 gen_pf_srnr(int srnr) 3173 { 3174 struct block *b0; 3175 3176 if (linktype != DLT_PFLOG) { 3177 bpf_error("srnr not supported on linktype 0x%x", linktype); 3178 /* NOTREACHED */ 3179 } 3180 3181 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3182 (bpf_int32)srnr); 3183 return (b0); 3184 } 3185 3186 /* PF firewall log reason code */ 3187 struct block * 3188 gen_pf_reason(int reason) 3189 { 3190 struct block *b0; 3191 3192 if (linktype == DLT_PFLOG) { 3193 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3194 (bpf_int32)reason); 3195 } else { 3196 bpf_error("reason not supported on linktype 0x%x", linktype); 3197 /* NOTREACHED */ 3198 } 3199 3200 return (b0); 3201 } 3202 3203 /* PF firewall log action */ 3204 struct block * 3205 gen_pf_action(int action) 3206 { 3207 struct block *b0; 3208 3209 if (linktype == DLT_PFLOG) { 3210 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3211 (bpf_int32)action); 3212 } else { 3213 bpf_error("action not supported on linktype 0x%x", linktype); 3214 /* NOTREACHED */ 3215 } 3216 3217 return (b0); 3218 } 3219 3220 /* IEEE 802.11 wireless header */ 3221 struct block * 3222 gen_p80211_type(int type, int mask) 3223 { 3224 struct block *b0; 3225 u_int offset; 3226 3227 if (!(linktype == DLT_IEEE802_11 || 3228 linktype == DLT_IEEE802_11_RADIO)) { 3229 bpf_error("type not supported on linktype 0x%x", 3230 linktype); 3231 /* NOTREACHED */ 3232 } 3233 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3234 if (linktype == DLT_IEEE802_11_RADIO) 3235 offset += IEEE80211_RADIOTAP_HDRLEN; 3236 3237 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3238 3239 return (b0); 3240 } 3241 3242 static struct block * 3243 gen_ahostop(const u_char *eaddr, int dir) 3244 { 3245 struct block *b0, *b1; 3246 3247 switch (dir) { 3248 /* src comes first, different from Ethernet */ 3249 case Q_SRC: 3250 return gen_bcmp(0, 1, eaddr); 3251 3252 case Q_DST: 3253 return gen_bcmp(1, 1, eaddr); 3254 3255 case Q_AND: 3256 b0 = gen_ahostop(eaddr, Q_SRC); 3257 b1 = gen_ahostop(eaddr, Q_DST); 3258 gen_and(b0, b1); 3259 return b1; 3260 3261 case Q_DEFAULT: 3262 case Q_OR: 3263 b0 = gen_ahostop(eaddr, Q_SRC); 3264 b1 = gen_ahostop(eaddr, Q_DST); 3265 gen_or(b0, b1); 3266 return b1; 3267 } 3268 abort(); 3269 /* NOTREACHED */ 3270 } 3271 3272 struct block * 3273 gen_acode(const u_char *eaddr, struct qual q) 3274 { 3275 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3276 if (linktype == DLT_ARCNET) 3277 return gen_ahostop(eaddr, (int)q.dir); 3278 } 3279 bpf_error("ARCnet address used in non-arc expression"); 3280 /* NOTREACHED */ 3281 } 3282 3283 struct block * 3284 gen_mpls(int label) 3285 { 3286 struct block *b0; 3287 3288 if (label > MPLS_LABEL_MAX) 3289 bpf_error("invalid MPLS label : %d", label); 3290 3291 if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */ 3292 b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1); 3293 else 3294 b0 = gen_linktype(ETHERTYPE_MPLS); 3295 3296 if (label >= 0) { 3297 struct block *b1; 3298 3299 b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12), 3300 MPLS_LABEL_MASK); 3301 gen_and(b0, b1); 3302 b0 = b1; 3303 } 3304 off_nl += 4; 3305 off_linktype += 4; 3306 mpls_stack++; 3307 return (b0); 3308 } 3309 3310 /* 3311 * support IEEE 802.1Q VLAN trunk over ethernet 3312 */ 3313 struct block * 3314 gen_vlan(int vlan_num) 3315 { 3316 struct block *b0; 3317 3318 if (variable_nl) { 3319 bpf_error("'vlan' not supported for variable DLTs"); 3320 /*NOTREACHED*/ 3321 } 3322 3323 if (vlan_num > 4095) { 3324 bpf_error("invalid VLAN number : %d", vlan_num); 3325 /*NOTREACHED*/ 3326 } 3327 3328 /* 3329 * Change the offsets to point to the type and data fields within 3330 * the VLAN packet. This is somewhat of a kludge. 3331 */ 3332 if (orig_nl == (u_int)-1) { 3333 orig_linktype = off_linktype; /* save original values */ 3334 orig_nl = off_nl; 3335 orig_nl_nosnap = off_nl_nosnap; 3336 3337 switch (linktype) { 3338 3339 case DLT_EN10MB: 3340 off_linktype = 16; 3341 off_nl_nosnap = 18; 3342 off_nl = 18; 3343 break; 3344 3345 default: 3346 bpf_error("no VLAN support for data link type %d", 3347 linktype); 3348 /*NOTREACHED*/ 3349 } 3350 } 3351 3352 /* check for VLAN */ 3353 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3354 3355 /* If a specific VLAN is requested, check VLAN id */ 3356 if (vlan_num >= 0) { 3357 struct block *b1; 3358 3359 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF); 3360 gen_and(b0, b1); 3361 b0 = b1; 3362 } 3363 3364 return (b0); 3365 } 3366 3367 struct block * 3368 gen_sample(int rate) 3369 { 3370 struct block *b0; 3371 long long threshold = 0x100000000LL; /* 0xffffffff + 1 */ 3372 3373 if (rate < 2) { 3374 bpf_error("sample %d is too low", rate); 3375 /*NOTREACHED*/ 3376 } 3377 if (rate > (1 << 20)) { 3378 bpf_error("sample %d is too high", rate); 3379 /*NOTREACHED*/ 3380 } 3381 3382 threshold /= rate; 3383 b0 = gen_relation(BPF_JGT, gen_loadrnd(), gen_loadi(threshold), 1); 3384 3385 return (b0); 3386 } 3387 3388 struct block * 3389 gen_p80211_fcdir(int fcdir) 3390 { 3391 struct block *b0; 3392 u_int offset; 3393 3394 if (!(linktype == DLT_IEEE802_11 || 3395 linktype == DLT_IEEE802_11_RADIO)) { 3396 bpf_error("frame direction not supported on linktype 0x%x", 3397 linktype); 3398 /* NOTREACHED */ 3399 } 3400 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3401 if (linktype == DLT_IEEE802_11_RADIO) 3402 offset += IEEE80211_RADIOTAP_HDRLEN; 3403 3404 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3405 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3406 3407 return (b0); 3408 } 3409 3410 static struct block * 3411 gen_p80211_hostop(const u_char *lladdr, int dir) 3412 { 3413 struct block *b0, *b1, *b2, *b3, *b4; 3414 u_int offset = 0; 3415 3416 if (linktype == DLT_IEEE802_11_RADIO) 3417 offset = IEEE80211_RADIOTAP_HDRLEN; 3418 3419 switch (dir) { 3420 case Q_SRC: 3421 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3422 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3423 lladdr); 3424 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3425 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3426 lladdr); 3427 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3428 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3429 lladdr); 3430 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3431 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3432 lladdr); 3433 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3434 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3435 lladdr); 3436 3437 gen_or(b0, b1); 3438 gen_or(b1, b2); 3439 gen_or(b2, b3); 3440 gen_or(b3, b4); 3441 return (b4); 3442 3443 case Q_DST: 3444 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3445 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3446 lladdr); 3447 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3448 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3449 lladdr); 3450 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3451 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3452 lladdr); 3453 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3454 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3455 lladdr); 3456 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3457 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3458 lladdr); 3459 3460 gen_or(b0, b1); 3461 gen_or(b1, b2); 3462 gen_or(b2, b3); 3463 gen_or(b3, b4); 3464 return (b4); 3465 3466 case Q_ADDR1: 3467 return (gen_bcmp(offset + 3468 (u_int)offsetof(struct ieee80211_frame, 3469 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3470 3471 case Q_ADDR2: 3472 return (gen_bcmp(offset + 3473 (u_int)offsetof(struct ieee80211_frame, 3474 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3475 3476 case Q_ADDR3: 3477 return (gen_bcmp(offset + 3478 (u_int)offsetof(struct ieee80211_frame, 3479 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3480 3481 case Q_ADDR4: 3482 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3483 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3484 lladdr)); 3485 3486 case Q_AND: 3487 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3488 b1 = gen_p80211_hostop(lladdr, Q_DST); 3489 gen_and(b0, b1); 3490 return (b1); 3491 3492 case Q_DEFAULT: 3493 case Q_OR: 3494 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3495 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3496 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3497 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3498 gen_or(b0, b1); 3499 gen_or(b1, b2); 3500 gen_or(b2, b3); 3501 return (b3); 3502 3503 default: 3504 bpf_error("direction not supported on linktype 0x%x", 3505 linktype); 3506 } 3507 /* NOTREACHED */ 3508 } 3509 3510 static struct block * 3511 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3512 { 3513 struct block *b0, *b1; 3514 3515 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3516 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3517 gen_and(b0, b1); 3518 3519 return (b1); 3520 } 3521