1 /* $OpenBSD: gencode.c,v 1.56 2020/09/12 09:27:22 kn Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/param.h> /* ALIGN */ 25 #include <sys/types.h> 26 #include <sys/socket.h> 27 #include <sys/time.h> 28 29 struct mbuf; 30 struct rtentry; 31 32 #include <net/if.h> 33 34 #include <netinet/in.h> 35 #include <netinet/if_ether.h> 36 37 #include <net/if_pflog.h> 38 #include <net/pfvar.h> 39 40 #include <netmpls/mpls.h> 41 42 #include <net80211/ieee80211.h> 43 #include <net80211/ieee80211_radiotap.h> 44 45 #include <stdlib.h> 46 #include <stddef.h> 47 #include <setjmp.h> 48 #include <stdarg.h> 49 #include <string.h> 50 51 #include "pcap-int.h" 52 53 #include "ethertype.h" 54 #include "llc.h" 55 #include "gencode.h" 56 #include "ppp.h" 57 #include <pcap-namedb.h> 58 #ifdef INET6 59 #include <netdb.h> 60 #endif /*INET6*/ 61 62 #ifdef HAVE_OS_PROTO_H 63 #include "os-proto.h" 64 #endif 65 66 #define JMP(c) ((c)|BPF_JMP|BPF_K) 67 68 /* Locals */ 69 static jmp_buf top_ctx; 70 static pcap_t *bpf_pcap; 71 72 /* Hack for updating VLAN offsets. */ 73 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 74 static u_int mpls_stack = 0; 75 76 /* XXX */ 77 #ifdef PCAP_FDDIPAD 78 int pcap_fddipad = PCAP_FDDIPAD; 79 #else 80 int pcap_fddipad; 81 #endif 82 83 __dead void 84 bpf_error(const char *fmt, ...) 85 { 86 va_list ap; 87 88 va_start(ap, fmt); 89 if (bpf_pcap != NULL) 90 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 91 fmt, ap); 92 va_end(ap); 93 longjmp(top_ctx, 1); 94 /* NOTREACHED */ 95 } 96 97 static void init_linktype(int); 98 99 static int alloc_reg(void); 100 static void free_reg(int); 101 102 static struct block *root; 103 104 /* initialization code used for variable link header */ 105 static struct slist *init_code = NULL; 106 107 /* Flags and registers for variable link type handling */ 108 static int variable_nl; 109 static int nl_reg, iphl_reg; 110 111 /* 112 * We divy out chunks of memory rather than call malloc each time so 113 * we don't have to worry about leaking memory. It's probably 114 * not a big deal if all this memory was wasted but it this ever 115 * goes into a library that would probably not be a good idea. 116 */ 117 #define NCHUNKS 16 118 #define CHUNK0SIZE 1024 119 struct chunk { 120 u_int n_left; 121 void *m; 122 }; 123 124 static struct chunk chunks[NCHUNKS]; 125 static int cur_chunk; 126 127 static void *newchunk(u_int); 128 static void freechunks(void); 129 static __inline struct block *new_block(int); 130 static __inline struct slist *new_stmt(int); 131 static struct block *gen_retblk(int); 132 static __inline void syntax(void); 133 134 static void backpatch(struct block *, struct block *); 135 static void merge(struct block *, struct block *); 136 static struct block *gen_cmp(u_int, u_int, bpf_int32); 137 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 138 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 139 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 140 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 141 static struct block *gen_bcmp(u_int, u_int, const u_char *); 142 static struct block *gen_uncond(int); 143 static __inline struct block *gen_true(void); 144 static __inline struct block *gen_false(void); 145 static struct block *gen_linktype(int); 146 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 147 #ifdef INET6 148 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 149 #endif 150 static struct block *gen_ehostop(const u_char *, int); 151 static struct block *gen_fhostop(const u_char *, int); 152 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 153 static struct block *gen_p80211_hostop(const u_char *, int); 154 static struct block *gen_p80211_addr(int, u_int, const u_char *); 155 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 156 #ifdef INET6 157 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 158 #endif 159 #ifndef INET6 160 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 161 #endif 162 static struct block *gen_ipfrag(void); 163 static struct block *gen_portatom(int, bpf_int32); 164 #ifdef INET6 165 static struct block *gen_portatom6(int, bpf_int32); 166 #endif 167 struct block *gen_portop(int, int, int); 168 static struct block *gen_port(int, int, int); 169 #ifdef INET6 170 struct block *gen_portop6(int, int, int); 171 static struct block *gen_port6(int, int, int); 172 #endif 173 static int lookup_proto(const char *, int); 174 static struct block *gen_protochain(int, int, int); 175 static struct block *gen_proto(int, int, int); 176 static struct slist *xfer_to_x(struct arth *); 177 static struct slist *xfer_to_a(struct arth *); 178 static struct block *gen_len(int, int); 179 180 static void * 181 newchunk(n) 182 u_int n; 183 { 184 struct chunk *cp; 185 int k, size; 186 187 /* XXX Round to structure boundary. */ 188 n = ALIGN(n); 189 190 cp = &chunks[cur_chunk]; 191 if (n > cp->n_left) { 192 ++cp, k = ++cur_chunk; 193 if (k >= NCHUNKS) 194 bpf_error("out of memory"); 195 size = CHUNK0SIZE << k; 196 cp->m = calloc(1, size); 197 if (cp->m == NULL) 198 bpf_error("out of memory"); 199 200 cp->n_left = size; 201 if (n > size) 202 bpf_error("out of memory"); 203 } 204 cp->n_left -= n; 205 return (void *)((char *)cp->m + cp->n_left); 206 } 207 208 static void 209 freechunks() 210 { 211 int i; 212 213 cur_chunk = 0; 214 for (i = 0; i < NCHUNKS; ++i) { 215 free(chunks[i].m); 216 chunks[i].m = NULL; 217 } 218 } 219 220 /* 221 * A strdup whose allocations are freed after code generation is over. 222 */ 223 char * 224 sdup(s) 225 const char *s; 226 { 227 int n = strlen(s) + 1; 228 char *cp = newchunk(n); 229 230 strlcpy(cp, s, n); 231 return (cp); 232 } 233 234 static __inline struct block * 235 new_block(code) 236 int code; 237 { 238 struct block *p; 239 240 p = (struct block *)newchunk(sizeof(*p)); 241 p->s.code = code; 242 p->head = p; 243 244 return p; 245 } 246 247 static __inline struct slist * 248 new_stmt(code) 249 int code; 250 { 251 struct slist *p; 252 253 p = (struct slist *)newchunk(sizeof(*p)); 254 p->s.code = code; 255 256 return p; 257 } 258 259 static struct block * 260 gen_retblk(v) 261 int v; 262 { 263 struct block *b = new_block(BPF_RET|BPF_K); 264 265 b->s.k = v; 266 return b; 267 } 268 269 static __inline void 270 syntax() 271 { 272 bpf_error("syntax error in filter expression"); 273 } 274 275 static bpf_u_int32 netmask; 276 static int snaplen; 277 int no_optimize; 278 279 int 280 pcap_compile(pcap_t *p, struct bpf_program *program, 281 const char *buf, int optimize, bpf_u_int32 mask) 282 { 283 extern int n_errors; 284 int len; 285 286 no_optimize = 0; 287 n_errors = 0; 288 root = NULL; 289 bpf_pcap = p; 290 if (setjmp(top_ctx)) { 291 freechunks(); 292 return (-1); 293 } 294 295 netmask = mask; 296 snaplen = pcap_snapshot(p); 297 298 lex_init(buf ? buf : ""); 299 init_linktype(pcap_datalink(p)); 300 (void)pcap_parse(); 301 302 if (n_errors) 303 syntax(); 304 305 if (root == NULL) 306 root = gen_retblk(snaplen); 307 308 if (optimize && !no_optimize) { 309 bpf_optimize(&root); 310 if (root == NULL || 311 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 312 bpf_error("expression rejects all packets"); 313 } 314 program->bf_insns = icode_to_fcode(root, &len); 315 program->bf_len = len; 316 317 freechunks(); 318 return (0); 319 } 320 321 /* 322 * entry point for using the compiler with no pcap open 323 * pass in all the stuff that is needed explicitly instead. 324 */ 325 int 326 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 327 struct bpf_program *program, 328 const char *buf, int optimize, bpf_u_int32 mask) 329 { 330 extern int n_errors; 331 int len; 332 333 n_errors = 0; 334 root = NULL; 335 bpf_pcap = NULL; 336 if (setjmp(top_ctx)) { 337 freechunks(); 338 return (-1); 339 } 340 341 netmask = mask; 342 343 /* XXX needed? I don't grok the use of globals here. */ 344 snaplen = snaplen_arg; 345 346 lex_init(buf ? buf : ""); 347 init_linktype(linktype_arg); 348 (void)pcap_parse(); 349 350 if (n_errors) 351 syntax(); 352 353 if (root == NULL) 354 root = gen_retblk(snaplen_arg); 355 356 if (optimize) { 357 bpf_optimize(&root); 358 if (root == NULL || 359 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 360 bpf_error("expression rejects all packets"); 361 } 362 program->bf_insns = icode_to_fcode(root, &len); 363 program->bf_len = len; 364 365 freechunks(); 366 return (0); 367 } 368 369 /* 370 * Clean up a "struct bpf_program" by freeing all the memory allocated 371 * in it. 372 */ 373 void 374 pcap_freecode(struct bpf_program *program) 375 { 376 program->bf_len = 0; 377 if (program->bf_insns != NULL) { 378 free((char *)program->bf_insns); 379 program->bf_insns = NULL; 380 } 381 } 382 383 /* 384 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 385 * which of the jt and jf fields has been resolved and which is a pointer 386 * back to another unresolved block (or nil). At least one of the fields 387 * in each block is already resolved. 388 */ 389 static void 390 backpatch(list, target) 391 struct block *list, *target; 392 { 393 struct block *next; 394 395 while (list) { 396 if (!list->sense) { 397 next = JT(list); 398 JT(list) = target; 399 } else { 400 next = JF(list); 401 JF(list) = target; 402 } 403 list = next; 404 } 405 } 406 407 /* 408 * Merge the lists in b0 and b1, using the 'sense' field to indicate 409 * which of jt and jf is the link. 410 */ 411 static void 412 merge(b0, b1) 413 struct block *b0, *b1; 414 { 415 struct block **p = &b0; 416 417 /* Find end of list. */ 418 while (*p) 419 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 420 421 /* Concatenate the lists. */ 422 *p = b1; 423 } 424 425 void 426 finish_parse(p) 427 struct block *p; 428 { 429 backpatch(p, gen_retblk(snaplen)); 430 p->sense = !p->sense; 431 backpatch(p, gen_retblk(0)); 432 root = p->head; 433 434 /* prepend initialization code to root */ 435 if (init_code != NULL && root != NULL) { 436 sappend(init_code, root->stmts); 437 root->stmts = init_code; 438 init_code = NULL; 439 } 440 441 if (iphl_reg != -1) { 442 free_reg(iphl_reg); 443 iphl_reg = -1; 444 } 445 if (nl_reg != -1) { 446 free_reg(nl_reg); 447 nl_reg = -1; 448 } 449 } 450 451 void 452 gen_and(b0, b1) 453 struct block *b0, *b1; 454 { 455 backpatch(b0, b1->head); 456 b0->sense = !b0->sense; 457 b1->sense = !b1->sense; 458 merge(b1, b0); 459 b1->sense = !b1->sense; 460 b1->head = b0->head; 461 } 462 463 void 464 gen_or(b0, b1) 465 struct block *b0, *b1; 466 { 467 b0->sense = !b0->sense; 468 backpatch(b0, b1->head); 469 b0->sense = !b0->sense; 470 merge(b1, b0); 471 b1->head = b0->head; 472 } 473 474 void 475 gen_not(b) 476 struct block *b; 477 { 478 b->sense = !b->sense; 479 } 480 481 static struct block * 482 gen_cmp(offset, size, v) 483 u_int offset, size; 484 bpf_int32 v; 485 { 486 struct slist *s; 487 struct block *b; 488 489 s = new_stmt(BPF_LD|BPF_ABS|size); 490 s->s.k = offset; 491 492 b = new_block(JMP(BPF_JEQ)); 493 b->stmts = s; 494 b->s.k = v; 495 496 return b; 497 } 498 499 static struct block * 500 gen_cmp_gt(offset, size, v) 501 u_int offset, size; 502 bpf_int32 v; 503 { 504 struct slist *s; 505 struct block *b; 506 507 s = new_stmt(BPF_LD|BPF_ABS|size); 508 s->s.k = offset; 509 510 b = new_block(JMP(BPF_JGT)); 511 b->stmts = s; 512 b->s.k = v; 513 514 return b; 515 } 516 517 static struct block * 518 gen_mcmp(offset, size, v, mask) 519 u_int offset, size; 520 bpf_int32 v; 521 bpf_u_int32 mask; 522 { 523 struct block *b = gen_cmp(offset, size, v); 524 struct slist *s; 525 526 if (mask != 0xffffffff) { 527 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 528 s->s.k = mask; 529 sappend(b->stmts, s); 530 } 531 return b; 532 } 533 534 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 535 static struct block * 536 gen_mcmp_nl(offset, size, v, mask) 537 u_int offset, size; 538 bpf_int32 v; 539 bpf_u_int32 mask; 540 { 541 struct block *b = gen_cmp_nl(offset, size, v); 542 struct slist *s; 543 544 if (mask != 0xffffffff) { 545 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 546 s->s.k = mask; 547 sappend(b->stmts, s); 548 } 549 return b; 550 } 551 552 static struct block * 553 gen_bcmp(offset, size, v) 554 u_int offset, size; 555 const u_char *v; 556 { 557 struct block *b, *tmp; 558 559 b = NULL; 560 while (size >= 4) { 561 const u_char *p = &v[size - 4]; 562 bpf_int32 w = ((bpf_int32)p[0] << 24) | 563 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 564 565 tmp = gen_cmp(offset + size - 4, BPF_W, w); 566 if (b != NULL) 567 gen_and(b, tmp); 568 b = tmp; 569 size -= 4; 570 } 571 while (size >= 2) { 572 const u_char *p = &v[size - 2]; 573 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 574 575 tmp = gen_cmp(offset + size - 2, BPF_H, w); 576 if (b != NULL) 577 gen_and(b, tmp); 578 b = tmp; 579 size -= 2; 580 } 581 if (size > 0) { 582 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 583 if (b != NULL) 584 gen_and(b, tmp); 585 b = tmp; 586 } 587 return b; 588 } 589 590 /* 591 * Various code constructs need to know the layout of the data link 592 * layer. These variables give the necessary offsets. off_linktype 593 * is set to -1 for no encapsulation, in which case, IP is assumed. 594 */ 595 static u_int off_linktype; 596 static u_int off_nl; 597 static u_int off_nl_nosnap; 598 599 static int linktype; 600 601 /* Generate code to load the dynamic 'off_nl' to the X register */ 602 static struct slist * 603 nl2X_stmt(void) 604 { 605 struct slist *s, *tmp; 606 607 if (nl_reg == -1) { 608 switch (linktype) { 609 case DLT_PFLOG: 610 /* The pflog header contains PFLOG_REAL_HDRLEN 611 which does NOT include the padding. Round 612 up to the nearest dword boundary */ 613 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 614 s->s.k = 0; 615 616 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 617 tmp->s.k = 3; 618 sappend(s, tmp); 619 620 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 621 tmp->s.k = 0xfc; 622 sappend(s, tmp); 623 624 nl_reg = alloc_reg(); 625 tmp = new_stmt(BPF_ST); 626 tmp->s.k = nl_reg; 627 sappend(s, tmp); 628 629 break; 630 default: 631 bpf_error("Unknown header size for link type 0x%x", 632 linktype); 633 } 634 635 if (init_code == NULL) 636 init_code = s; 637 else 638 sappend(init_code, s); 639 } 640 641 s = new_stmt(BPF_LDX|BPF_MEM); 642 s->s.k = nl_reg; 643 644 return s; 645 } 646 647 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 648 static struct block * 649 gen_cmp_nl(offset, size, v) 650 u_int offset, size; 651 bpf_int32 v; 652 { 653 struct slist *s, *tmp; 654 struct block *b; 655 656 if (variable_nl) { 657 s = nl2X_stmt(); 658 tmp = new_stmt(BPF_LD|BPF_IND|size); 659 tmp->s.k = offset; 660 sappend(s, tmp); 661 } else { 662 s = new_stmt(BPF_LD|BPF_ABS|size); 663 s->s.k = offset + off_nl; 664 } 665 b = new_block(JMP(BPF_JEQ)); 666 b->stmts = s; 667 b->s.k = v; 668 669 return b; 670 } 671 672 static void 673 init_linktype(type) 674 int type; 675 { 676 linktype = type; 677 init_code = NULL; 678 nl_reg = iphl_reg = -1; 679 680 switch (type) { 681 682 case DLT_EN10MB: 683 off_linktype = 12; 684 off_nl = 14; 685 return; 686 687 case DLT_SLIP: 688 /* 689 * SLIP doesn't have a link level type. The 16 byte 690 * header is hacked into our SLIP driver. 691 */ 692 off_linktype = -1; 693 off_nl = 16; 694 return; 695 696 case DLT_SLIP_BSDOS: 697 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 698 off_linktype = -1; 699 /* XXX end */ 700 off_nl = 24; 701 return; 702 703 case DLT_NULL: 704 off_linktype = 0; 705 off_nl = 4; 706 return; 707 708 case DLT_PPP: 709 off_linktype = 2; 710 off_nl = 4; 711 return; 712 713 case DLT_PPP_SERIAL: 714 off_linktype = -1; 715 off_nl = 2; 716 return; 717 718 case DLT_PPP_ETHER: 719 /* 720 * This does not include the Ethernet header, and 721 * only covers session state. 722 */ 723 off_linktype = 6; 724 off_nl = 8; 725 return; 726 727 case DLT_PPP_BSDOS: 728 off_linktype = 5; 729 off_nl = 24; 730 return; 731 732 case DLT_FDDI: 733 /* 734 * FDDI doesn't really have a link-level type field. 735 * We assume that SSAP = SNAP is being used and pick 736 * out the encapsulated Ethernet type. 737 */ 738 off_linktype = 19; 739 #ifdef PCAP_FDDIPAD 740 off_linktype += pcap_fddipad; 741 #endif 742 off_nl = 21; 743 #ifdef PCAP_FDDIPAD 744 off_nl += pcap_fddipad; 745 #endif 746 return; 747 748 case DLT_IEEE802: 749 off_linktype = 20; 750 off_nl = 22; 751 return; 752 753 case DLT_IEEE802_11: 754 off_linktype = 30; /* XXX variable */ 755 off_nl = 32; 756 return; 757 758 case DLT_IEEE802_11_RADIO: /* XXX variable */ 759 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 760 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 761 return; 762 763 case DLT_ATM_RFC1483: 764 /* 765 * assume routed, non-ISO PDUs 766 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 767 */ 768 off_linktype = 6; 769 off_nl = 8; 770 return; 771 772 case DLT_LOOP: 773 off_linktype = 0; 774 off_nl = 4; 775 return; 776 777 case DLT_ENC: 778 off_linktype = -1; 779 off_nl = 12; 780 return; 781 782 case DLT_PFLOG: 783 off_linktype = 0; 784 variable_nl = 1; 785 off_nl = 0; 786 return; 787 788 case DLT_PFSYNC: 789 off_linktype = -1; 790 off_nl = 4; 791 return; 792 793 case DLT_OPENFLOW: 794 off_linktype = -1; 795 off_nl = 12; 796 return; 797 798 case DLT_USBPCAP: 799 /* FALLTHROUGH */ 800 case DLT_RAW: 801 off_linktype = -1; 802 off_nl = 0; 803 return; 804 } 805 bpf_error("unknown data link type 0x%x", linktype); 806 /* NOTREACHED */ 807 } 808 809 static struct block * 810 gen_uncond(rsense) 811 int rsense; 812 { 813 struct block *b; 814 struct slist *s; 815 816 s = new_stmt(BPF_LD|BPF_IMM); 817 s->s.k = !rsense; 818 b = new_block(JMP(BPF_JEQ)); 819 b->stmts = s; 820 821 return b; 822 } 823 824 static __inline struct block * 825 gen_true() 826 { 827 return gen_uncond(1); 828 } 829 830 static __inline struct block * 831 gen_false() 832 { 833 return gen_uncond(0); 834 } 835 836 static struct block * 837 gen_linktype(proto) 838 int proto; 839 { 840 struct block *b0, *b1; 841 842 /* If we're not using encapsulation and checking for IP, we're done */ 843 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP) 844 return gen_true(); 845 #ifdef INET6 846 /* this isn't the right thing to do, but sometimes necessary */ 847 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6) 848 return gen_true(); 849 #endif 850 851 switch (linktype) { 852 853 case DLT_EN10MB: 854 if (proto <= ETHERMTU) { 855 /* This is an LLC SAP value */ 856 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 857 gen_not(b0); 858 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 859 gen_and(b0, b1); 860 return b1; 861 } else { 862 /* This is an Ethernet type */ 863 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 864 } 865 break; 866 867 case DLT_SLIP: 868 return gen_false(); 869 870 case DLT_PPP: 871 case DLT_PPP_ETHER: 872 if (proto == ETHERTYPE_IP) 873 proto = PPP_IP; /* XXX was 0x21 */ 874 #ifdef INET6 875 else if (proto == ETHERTYPE_IPV6) 876 proto = PPP_IPV6; 877 #endif 878 break; 879 880 case DLT_PPP_BSDOS: 881 switch (proto) { 882 883 case ETHERTYPE_IP: 884 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 885 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 886 gen_or(b0, b1); 887 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 888 gen_or(b1, b0); 889 return b0; 890 891 #ifdef INET6 892 case ETHERTYPE_IPV6: 893 proto = PPP_IPV6; 894 /* more to go? */ 895 break; 896 #endif /* INET6 */ 897 898 case ETHERTYPE_DN: 899 proto = PPP_DECNET; 900 break; 901 902 case ETHERTYPE_ATALK: 903 proto = PPP_APPLE; 904 break; 905 906 case ETHERTYPE_NS: 907 proto = PPP_NS; 908 break; 909 } 910 break; 911 912 case DLT_LOOP: 913 case DLT_ENC: 914 case DLT_NULL: 915 { 916 int v; 917 918 if (proto == ETHERTYPE_IP) 919 v = AF_INET; 920 #ifdef INET6 921 else if (proto == ETHERTYPE_IPV6) 922 v = AF_INET6; 923 #endif /* INET6 */ 924 else 925 return gen_false(); 926 927 /* 928 * For DLT_NULL, the link-layer header is a 32-bit word 929 * containing an AF_ value in *host* byte order, and for 930 * DLT_ENC, the link-layer header begins with a 32-bit 931 * word containing an AF_ value in host byte order. 932 * 933 * For DLT_LOOP, the link-layer header is a 32-bit 934 * word containing an AF_ value in *network* byte order. 935 */ 936 if (linktype != DLT_LOOP) 937 v = htonl(v); 938 939 return (gen_cmp(0, BPF_W, (bpf_int32)v)); 940 break; 941 } 942 case DLT_PFLOG: 943 if (proto == ETHERTYPE_IP) 944 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 945 (bpf_int32)AF_INET)); 946 #ifdef INET6 947 else if (proto == ETHERTYPE_IPV6) 948 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 949 (bpf_int32)AF_INET6)); 950 #endif /* INET6 */ 951 else 952 return gen_false(); 953 break; 954 955 } 956 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 957 } 958 959 static struct block * 960 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 961 bpf_u_int32 addr; 962 bpf_u_int32 mask; 963 int dir, proto; 964 u_int src_off, dst_off; 965 { 966 struct block *b0, *b1; 967 u_int offset; 968 969 switch (dir) { 970 971 case Q_SRC: 972 offset = src_off; 973 break; 974 975 case Q_DST: 976 offset = dst_off; 977 break; 978 979 case Q_AND: 980 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 981 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 982 gen_and(b0, b1); 983 return b1; 984 985 case Q_OR: 986 case Q_DEFAULT: 987 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 988 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 989 gen_or(b0, b1); 990 return b1; 991 992 default: 993 bpf_error("direction not supported on linktype 0x%x", 994 linktype); 995 } 996 b0 = gen_linktype(proto); 997 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 998 gen_and(b0, b1); 999 return b1; 1000 } 1001 1002 #ifdef INET6 1003 static struct block * 1004 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 1005 struct in6_addr *addr; 1006 struct in6_addr *mask; 1007 int dir, proto; 1008 u_int src_off, dst_off; 1009 { 1010 struct block *b0, *b1; 1011 u_int offset; 1012 u_int32_t *a, *m; 1013 1014 switch (dir) { 1015 1016 case Q_SRC: 1017 offset = src_off; 1018 break; 1019 1020 case Q_DST: 1021 offset = dst_off; 1022 break; 1023 1024 case Q_AND: 1025 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1026 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1027 gen_and(b0, b1); 1028 return b1; 1029 1030 case Q_OR: 1031 case Q_DEFAULT: 1032 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1033 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1034 gen_or(b0, b1); 1035 return b1; 1036 1037 default: 1038 bpf_error("direction not supported on linktype 0x%x", 1039 linktype); 1040 } 1041 /* this order is important */ 1042 a = (u_int32_t *)addr; 1043 m = (u_int32_t *)mask; 1044 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1045 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1046 gen_and(b0, b1); 1047 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1048 gen_and(b0, b1); 1049 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1050 gen_and(b0, b1); 1051 b0 = gen_linktype(proto); 1052 gen_and(b0, b1); 1053 return b1; 1054 } 1055 #endif /*INET6*/ 1056 1057 static struct block * 1058 gen_ehostop(eaddr, dir) 1059 const u_char *eaddr; 1060 int dir; 1061 { 1062 struct block *b0, *b1; 1063 1064 switch (dir) { 1065 case Q_SRC: 1066 return gen_bcmp(6, 6, eaddr); 1067 1068 case Q_DST: 1069 return gen_bcmp(0, 6, eaddr); 1070 1071 case Q_AND: 1072 b0 = gen_ehostop(eaddr, Q_SRC); 1073 b1 = gen_ehostop(eaddr, Q_DST); 1074 gen_and(b0, b1); 1075 return b1; 1076 1077 case Q_DEFAULT: 1078 case Q_OR: 1079 b0 = gen_ehostop(eaddr, Q_SRC); 1080 b1 = gen_ehostop(eaddr, Q_DST); 1081 gen_or(b0, b1); 1082 return b1; 1083 default: 1084 bpf_error("direction not supported on linktype 0x%x", 1085 linktype); 1086 } 1087 /* NOTREACHED */ 1088 } 1089 1090 /* 1091 * Like gen_ehostop, but for DLT_FDDI 1092 */ 1093 static struct block * 1094 gen_fhostop(eaddr, dir) 1095 const u_char *eaddr; 1096 int dir; 1097 { 1098 struct block *b0, *b1; 1099 1100 switch (dir) { 1101 case Q_SRC: 1102 #ifdef PCAP_FDDIPAD 1103 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1104 #else 1105 return gen_bcmp(6 + 1, 6, eaddr); 1106 #endif 1107 1108 case Q_DST: 1109 #ifdef PCAP_FDDIPAD 1110 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1111 #else 1112 return gen_bcmp(0 + 1, 6, eaddr); 1113 #endif 1114 1115 case Q_AND: 1116 b0 = gen_fhostop(eaddr, Q_SRC); 1117 b1 = gen_fhostop(eaddr, Q_DST); 1118 gen_and(b0, b1); 1119 return b1; 1120 1121 case Q_DEFAULT: 1122 case Q_OR: 1123 b0 = gen_fhostop(eaddr, Q_SRC); 1124 b1 = gen_fhostop(eaddr, Q_DST); 1125 gen_or(b0, b1); 1126 return b1; 1127 default: 1128 bpf_error("direction not supported on linktype 0x%x", 1129 linktype); 1130 } 1131 /* NOTREACHED */ 1132 } 1133 1134 /* 1135 * This is quite tricky because there may be pad bytes in front of the 1136 * DECNET header, and then there are two possible data packet formats that 1137 * carry both src and dst addresses, plus 5 packet types in a format that 1138 * carries only the src node, plus 2 types that use a different format and 1139 * also carry just the src node. 1140 * 1141 * Yuck. 1142 * 1143 * Instead of doing those all right, we just look for data packets with 1144 * 0 or 1 bytes of padding. If you want to look at other packets, that 1145 * will require a lot more hacking. 1146 * 1147 * To add support for filtering on DECNET "areas" (network numbers) 1148 * one would want to add a "mask" argument to this routine. That would 1149 * make the filter even more inefficient, although one could be clever 1150 * and not generate masking instructions if the mask is 0xFFFF. 1151 */ 1152 static struct block * 1153 gen_dnhostop(addr, dir, base_off) 1154 bpf_u_int32 addr; 1155 int dir; 1156 u_int base_off; 1157 { 1158 struct block *b0, *b1, *b2, *tmp; 1159 u_int offset_lh; /* offset if long header is received */ 1160 u_int offset_sh; /* offset if short header is received */ 1161 1162 switch (dir) { 1163 1164 case Q_DST: 1165 offset_sh = 1; /* follows flags */ 1166 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1167 break; 1168 1169 case Q_SRC: 1170 offset_sh = 3; /* follows flags, dstnode */ 1171 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1172 break; 1173 1174 case Q_AND: 1175 /* Inefficient because we do our Calvinball dance twice */ 1176 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1177 b1 = gen_dnhostop(addr, Q_DST, base_off); 1178 gen_and(b0, b1); 1179 return b1; 1180 1181 case Q_OR: 1182 case Q_DEFAULT: 1183 /* Inefficient because we do our Calvinball dance twice */ 1184 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1185 b1 = gen_dnhostop(addr, Q_DST, base_off); 1186 gen_or(b0, b1); 1187 return b1; 1188 1189 default: 1190 bpf_error("direction not supported on linktype 0x%x", 1191 linktype); 1192 } 1193 b0 = gen_linktype(ETHERTYPE_DN); 1194 /* Check for pad = 1, long header case */ 1195 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1196 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1197 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1198 BPF_H, (bpf_int32)ntohs(addr)); 1199 gen_and(tmp, b1); 1200 /* Check for pad = 0, long header case */ 1201 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1202 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1203 gen_and(tmp, b2); 1204 gen_or(b2, b1); 1205 /* Check for pad = 1, short header case */ 1206 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1207 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1208 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1209 BPF_H, (bpf_int32)ntohs(addr)); 1210 gen_and(tmp, b2); 1211 gen_or(b2, b1); 1212 /* Check for pad = 0, short header case */ 1213 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1214 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1215 gen_and(tmp, b2); 1216 gen_or(b2, b1); 1217 1218 /* Combine with test for linktype */ 1219 gen_and(b0, b1); 1220 return b1; 1221 } 1222 1223 static struct block * 1224 gen_host(addr, mask, proto, dir) 1225 bpf_u_int32 addr; 1226 bpf_u_int32 mask; 1227 int proto; 1228 int dir; 1229 { 1230 struct block *b0, *b1; 1231 1232 switch (proto) { 1233 1234 case Q_DEFAULT: 1235 b0 = gen_host(addr, mask, Q_IP, dir); 1236 b1 = gen_host(addr, mask, Q_ARP, dir); 1237 gen_or(b0, b1); 1238 b0 = gen_host(addr, mask, Q_RARP, dir); 1239 gen_or(b1, b0); 1240 return b0; 1241 1242 case Q_IP: 1243 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1244 12, 16); 1245 1246 case Q_RARP: 1247 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1248 14, 24); 1249 1250 case Q_ARP: 1251 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1252 14, 24); 1253 1254 case Q_TCP: 1255 bpf_error("'tcp' modifier applied to host"); 1256 1257 case Q_UDP: 1258 bpf_error("'udp' modifier applied to host"); 1259 1260 case Q_ICMP: 1261 bpf_error("'icmp' modifier applied to host"); 1262 1263 case Q_IGMP: 1264 bpf_error("'igmp' modifier applied to host"); 1265 1266 case Q_IGRP: 1267 bpf_error("'igrp' modifier applied to host"); 1268 1269 case Q_PIM: 1270 bpf_error("'pim' modifier applied to host"); 1271 1272 case Q_STP: 1273 bpf_error("'stp' modifier applied to host"); 1274 1275 case Q_ATALK: 1276 bpf_error("ATALK host filtering not implemented"); 1277 1278 case Q_DECNET: 1279 return gen_dnhostop(addr, dir, 0); 1280 1281 case Q_SCA: 1282 bpf_error("SCA host filtering not implemented"); 1283 1284 case Q_LAT: 1285 bpf_error("LAT host filtering not implemented"); 1286 1287 case Q_MOPDL: 1288 bpf_error("MOPDL host filtering not implemented"); 1289 1290 case Q_MOPRC: 1291 bpf_error("MOPRC host filtering not implemented"); 1292 1293 #ifdef INET6 1294 case Q_IPV6: 1295 bpf_error("'ip6' modifier applied to ip host"); 1296 1297 case Q_ICMPV6: 1298 bpf_error("'icmp6' modifier applied to host"); 1299 #endif /* INET6 */ 1300 1301 case Q_AH: 1302 bpf_error("'ah' modifier applied to host"); 1303 1304 case Q_ESP: 1305 bpf_error("'esp' modifier applied to host"); 1306 1307 default: 1308 bpf_error("direction not supported on linktype 0x%x", 1309 linktype); 1310 } 1311 /* NOTREACHED */ 1312 } 1313 1314 #ifdef INET6 1315 static struct block * 1316 gen_host6(addr, mask, proto, dir) 1317 struct in6_addr *addr; 1318 struct in6_addr *mask; 1319 int proto; 1320 int dir; 1321 { 1322 switch (proto) { 1323 1324 case Q_DEFAULT: 1325 return gen_host6(addr, mask, Q_IPV6, dir); 1326 1327 case Q_IP: 1328 bpf_error("'ip' modifier applied to ip6 host"); 1329 1330 case Q_RARP: 1331 bpf_error("'rarp' modifier applied to ip6 host"); 1332 1333 case Q_ARP: 1334 bpf_error("'arp' modifier applied to ip6 host"); 1335 1336 case Q_TCP: 1337 bpf_error("'tcp' modifier applied to host"); 1338 1339 case Q_UDP: 1340 bpf_error("'udp' modifier applied to host"); 1341 1342 case Q_ICMP: 1343 bpf_error("'icmp' modifier applied to host"); 1344 1345 case Q_IGMP: 1346 bpf_error("'igmp' modifier applied to host"); 1347 1348 case Q_IGRP: 1349 bpf_error("'igrp' modifier applied to host"); 1350 1351 case Q_PIM: 1352 bpf_error("'pim' modifier applied to host"); 1353 1354 case Q_STP: 1355 bpf_error("'stp' modifier applied to host"); 1356 1357 case Q_ATALK: 1358 bpf_error("ATALK host filtering not implemented"); 1359 1360 case Q_DECNET: 1361 bpf_error("'decnet' modifier applied to ip6 host"); 1362 1363 case Q_SCA: 1364 bpf_error("SCA host filtering not implemented"); 1365 1366 case Q_LAT: 1367 bpf_error("LAT host filtering not implemented"); 1368 1369 case Q_MOPDL: 1370 bpf_error("MOPDL host filtering not implemented"); 1371 1372 case Q_MOPRC: 1373 bpf_error("MOPRC host filtering not implemented"); 1374 1375 case Q_IPV6: 1376 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1377 8, 24); 1378 1379 case Q_ICMPV6: 1380 bpf_error("'icmp6' modifier applied to host"); 1381 1382 case Q_AH: 1383 bpf_error("'ah' modifier applied to host"); 1384 1385 case Q_ESP: 1386 bpf_error("'esp' modifier applied to host"); 1387 1388 default: 1389 abort(); 1390 } 1391 /* NOTREACHED */ 1392 } 1393 #endif /*INET6*/ 1394 1395 #ifndef INET6 1396 static struct block * 1397 gen_gateway(eaddr, alist, proto, dir) 1398 const u_char *eaddr; 1399 bpf_u_int32 **alist; 1400 int proto; 1401 int dir; 1402 { 1403 struct block *b0, *b1, *tmp; 1404 1405 if (dir != 0) 1406 bpf_error("direction applied to 'gateway'"); 1407 1408 switch (proto) { 1409 case Q_DEFAULT: 1410 case Q_IP: 1411 case Q_ARP: 1412 case Q_RARP: 1413 if (linktype == DLT_EN10MB) 1414 b0 = gen_ehostop(eaddr, Q_OR); 1415 else if (linktype == DLT_FDDI) 1416 b0 = gen_fhostop(eaddr, Q_OR); 1417 else 1418 bpf_error( 1419 "'gateway' supported only on ethernet or FDDI"); 1420 1421 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1422 while (*alist) { 1423 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1424 gen_or(b1, tmp); 1425 b1 = tmp; 1426 } 1427 gen_not(b1); 1428 gen_and(b0, b1); 1429 return b1; 1430 } 1431 bpf_error("illegal modifier of 'gateway'"); 1432 /* NOTREACHED */ 1433 } 1434 #endif /*INET6*/ 1435 1436 struct block * 1437 gen_proto_abbrev(proto) 1438 int proto; 1439 { 1440 struct block *b0 = NULL, *b1; 1441 1442 switch (proto) { 1443 1444 case Q_TCP: 1445 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1446 #ifdef INET6 1447 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1448 gen_or(b0, b1); 1449 #endif 1450 break; 1451 1452 case Q_UDP: 1453 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1454 #ifdef INET6 1455 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1456 gen_or(b0, b1); 1457 #endif 1458 break; 1459 1460 case Q_ICMP: 1461 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1462 break; 1463 1464 #ifndef IPPROTO_IGMP 1465 #define IPPROTO_IGMP 2 1466 #endif 1467 1468 case Q_IGMP: 1469 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1470 break; 1471 1472 #ifndef IPPROTO_IGRP 1473 #define IPPROTO_IGRP 9 1474 #endif 1475 case Q_IGRP: 1476 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1477 break; 1478 1479 #ifndef IPPROTO_PIM 1480 #define IPPROTO_PIM 103 1481 #endif 1482 1483 case Q_PIM: 1484 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1485 #ifdef INET6 1486 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1487 gen_or(b0, b1); 1488 #endif 1489 break; 1490 1491 case Q_IP: 1492 b1 = gen_linktype(ETHERTYPE_IP); 1493 break; 1494 1495 case Q_ARP: 1496 b1 = gen_linktype(ETHERTYPE_ARP); 1497 break; 1498 1499 case Q_RARP: 1500 b1 = gen_linktype(ETHERTYPE_REVARP); 1501 break; 1502 1503 case Q_LINK: 1504 bpf_error("link layer applied in wrong context"); 1505 1506 case Q_ATALK: 1507 b1 = gen_linktype(ETHERTYPE_ATALK); 1508 break; 1509 1510 case Q_DECNET: 1511 b1 = gen_linktype(ETHERTYPE_DN); 1512 break; 1513 1514 case Q_SCA: 1515 b1 = gen_linktype(ETHERTYPE_SCA); 1516 break; 1517 1518 case Q_LAT: 1519 b1 = gen_linktype(ETHERTYPE_LAT); 1520 break; 1521 1522 case Q_MOPDL: 1523 b1 = gen_linktype(ETHERTYPE_MOPDL); 1524 break; 1525 1526 case Q_MOPRC: 1527 b1 = gen_linktype(ETHERTYPE_MOPRC); 1528 break; 1529 1530 case Q_STP: 1531 b1 = gen_linktype(LLCSAP_8021D); 1532 break; 1533 1534 #ifdef INET6 1535 case Q_IPV6: 1536 b1 = gen_linktype(ETHERTYPE_IPV6); 1537 break; 1538 1539 #ifndef IPPROTO_ICMPV6 1540 #define IPPROTO_ICMPV6 58 1541 #endif 1542 case Q_ICMPV6: 1543 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1544 break; 1545 #endif /* INET6 */ 1546 1547 #ifndef IPPROTO_AH 1548 #define IPPROTO_AH 51 1549 #endif 1550 case Q_AH: 1551 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1552 #ifdef INET6 1553 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1554 gen_or(b0, b1); 1555 #endif 1556 break; 1557 1558 #ifndef IPPROTO_ESP 1559 #define IPPROTO_ESP 50 1560 #endif 1561 case Q_ESP: 1562 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1563 #ifdef INET6 1564 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1565 gen_or(b0, b1); 1566 #endif 1567 break; 1568 1569 default: 1570 abort(); 1571 } 1572 return b1; 1573 } 1574 1575 static struct block * 1576 gen_ipfrag() 1577 { 1578 struct slist *s, *tmp; 1579 struct block *b; 1580 1581 /* not ip frag */ 1582 if (variable_nl) { 1583 s = nl2X_stmt(); 1584 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1585 tmp->s.k = 6; 1586 sappend(s, tmp); 1587 } else { 1588 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1589 s->s.k = off_nl + 6; 1590 } 1591 b = new_block(JMP(BPF_JSET)); 1592 b->s.k = 0x1fff; 1593 b->stmts = s; 1594 gen_not(b); 1595 1596 return b; 1597 } 1598 1599 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1600 This function generates code to set X to the start of the IP payload 1601 X = off_nl + IP header_len. 1602 */ 1603 static struct slist * 1604 iphl_to_x(void) 1605 { 1606 struct slist *s, *tmp; 1607 1608 /* XXX clobbers A if variable_nl*/ 1609 if (variable_nl) { 1610 if (iphl_reg == -1) { 1611 /* X <- off_nl */ 1612 s = nl2X_stmt(); 1613 1614 /* A = p[X+0] */ 1615 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1616 tmp->s.k = 0; 1617 sappend(s, tmp); 1618 1619 /* A = A & 0x0f */ 1620 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1621 tmp->s.k = 0x0f; 1622 sappend(s, tmp); 1623 1624 /* A = A << 2 */ 1625 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1626 tmp->s.k = 2; 1627 sappend(s, tmp); 1628 1629 /* A = A + X (add off_nl again to compansate) */ 1630 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1631 1632 /* MEM[iphl_reg] = A */ 1633 iphl_reg = alloc_reg(); 1634 tmp = new_stmt(BPF_ST); 1635 tmp->s.k = iphl_reg; 1636 sappend(s, tmp); 1637 1638 sappend(init_code, s); 1639 } 1640 s = new_stmt(BPF_LDX|BPF_MEM); 1641 s->s.k = iphl_reg; 1642 1643 } else { 1644 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1645 s->s.k = off_nl; 1646 } 1647 1648 return s; 1649 } 1650 1651 static struct block * 1652 gen_portatom(off, v) 1653 int off; 1654 bpf_int32 v; 1655 { 1656 struct slist *s, *tmp; 1657 struct block *b; 1658 1659 s = iphl_to_x(); 1660 1661 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1662 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1663 sappend(s, tmp); 1664 1665 b = new_block(JMP(BPF_JEQ)); 1666 b->stmts = s; 1667 b->s.k = v; 1668 1669 return b; 1670 } 1671 1672 #ifdef INET6 1673 static struct block * 1674 gen_portatom6(off, v) 1675 int off; 1676 bpf_int32 v; 1677 { 1678 return gen_cmp_nl(40 + off, BPF_H, v); 1679 } 1680 #endif/*INET6*/ 1681 1682 struct block * 1683 gen_portop(port, proto, dir) 1684 int port, proto, dir; 1685 { 1686 struct block *b0, *b1, *tmp; 1687 1688 /* ip proto 'proto' */ 1689 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1690 b0 = gen_ipfrag(); 1691 gen_and(tmp, b0); 1692 1693 switch (dir) { 1694 case Q_SRC: 1695 b1 = gen_portatom(0, (bpf_int32)port); 1696 break; 1697 1698 case Q_DST: 1699 b1 = gen_portatom(2, (bpf_int32)port); 1700 break; 1701 1702 case Q_OR: 1703 case Q_DEFAULT: 1704 tmp = gen_portatom(0, (bpf_int32)port); 1705 b1 = gen_portatom(2, (bpf_int32)port); 1706 gen_or(tmp, b1); 1707 break; 1708 1709 case Q_AND: 1710 tmp = gen_portatom(0, (bpf_int32)port); 1711 b1 = gen_portatom(2, (bpf_int32)port); 1712 gen_and(tmp, b1); 1713 break; 1714 1715 default: 1716 abort(); 1717 } 1718 gen_and(b0, b1); 1719 1720 return b1; 1721 } 1722 1723 static struct block * 1724 gen_port(port, ip_proto, dir) 1725 int port; 1726 int ip_proto; 1727 int dir; 1728 { 1729 struct block *b0, *b1, *tmp; 1730 1731 /* ether proto ip */ 1732 b0 = gen_linktype(ETHERTYPE_IP); 1733 1734 switch (ip_proto) { 1735 case IPPROTO_UDP: 1736 case IPPROTO_TCP: 1737 b1 = gen_portop(port, ip_proto, dir); 1738 break; 1739 1740 case PROTO_UNDEF: 1741 tmp = gen_portop(port, IPPROTO_TCP, dir); 1742 b1 = gen_portop(port, IPPROTO_UDP, dir); 1743 gen_or(tmp, b1); 1744 break; 1745 1746 default: 1747 abort(); 1748 } 1749 gen_and(b0, b1); 1750 return b1; 1751 } 1752 1753 #ifdef INET6 1754 struct block * 1755 gen_portop6(port, proto, dir) 1756 int port, proto, dir; 1757 { 1758 struct block *b0, *b1, *tmp; 1759 1760 /* ip proto 'proto' */ 1761 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1762 1763 switch (dir) { 1764 case Q_SRC: 1765 b1 = gen_portatom6(0, (bpf_int32)port); 1766 break; 1767 1768 case Q_DST: 1769 b1 = gen_portatom6(2, (bpf_int32)port); 1770 break; 1771 1772 case Q_OR: 1773 case Q_DEFAULT: 1774 tmp = gen_portatom6(0, (bpf_int32)port); 1775 b1 = gen_portatom6(2, (bpf_int32)port); 1776 gen_or(tmp, b1); 1777 break; 1778 1779 case Q_AND: 1780 tmp = gen_portatom6(0, (bpf_int32)port); 1781 b1 = gen_portatom6(2, (bpf_int32)port); 1782 gen_and(tmp, b1); 1783 break; 1784 1785 default: 1786 abort(); 1787 } 1788 gen_and(b0, b1); 1789 1790 return b1; 1791 } 1792 1793 static struct block * 1794 gen_port6(port, ip_proto, dir) 1795 int port; 1796 int ip_proto; 1797 int dir; 1798 { 1799 struct block *b0, *b1, *tmp; 1800 1801 /* ether proto ip */ 1802 b0 = gen_linktype(ETHERTYPE_IPV6); 1803 1804 switch (ip_proto) { 1805 case IPPROTO_UDP: 1806 case IPPROTO_TCP: 1807 b1 = gen_portop6(port, ip_proto, dir); 1808 break; 1809 1810 case PROTO_UNDEF: 1811 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1812 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1813 gen_or(tmp, b1); 1814 break; 1815 1816 default: 1817 abort(); 1818 } 1819 gen_and(b0, b1); 1820 return b1; 1821 } 1822 #endif /* INET6 */ 1823 1824 static int 1825 lookup_proto(name, proto) 1826 const char *name; 1827 int proto; 1828 { 1829 int v; 1830 1831 switch (proto) { 1832 1833 case Q_DEFAULT: 1834 case Q_IP: 1835 v = pcap_nametoproto(name); 1836 if (v == PROTO_UNDEF) 1837 bpf_error("unknown ip proto '%s'", name); 1838 break; 1839 1840 case Q_LINK: 1841 /* XXX should look up h/w protocol type based on linktype */ 1842 v = pcap_nametoeproto(name); 1843 if (v == PROTO_UNDEF) { 1844 v = pcap_nametollc(name); 1845 if (v == PROTO_UNDEF) 1846 bpf_error("unknown ether proto '%s'", name); 1847 } 1848 break; 1849 1850 default: 1851 v = PROTO_UNDEF; 1852 break; 1853 } 1854 return v; 1855 } 1856 1857 static struct block * 1858 gen_protochain(v, proto, dir) 1859 int v; 1860 int proto; 1861 int dir; 1862 { 1863 struct block *b0, *b; 1864 struct slist *s[100]; 1865 int fix2, fix3, fix4, fix5; 1866 int ahcheck, again, end; 1867 int i, max; 1868 int reg1 = alloc_reg(); 1869 int reg2 = alloc_reg(); 1870 1871 memset(s, 0, sizeof(s)); 1872 fix2 = fix3 = fix4 = fix5 = 0; 1873 1874 if (variable_nl) { 1875 bpf_error("'gen_protochain' not supported for variable DLTs"); 1876 /*NOTREACHED*/ 1877 } 1878 1879 switch (proto) { 1880 case Q_IP: 1881 case Q_IPV6: 1882 break; 1883 case Q_DEFAULT: 1884 b0 = gen_protochain(v, Q_IP, dir); 1885 b = gen_protochain(v, Q_IPV6, dir); 1886 gen_or(b0, b); 1887 return b; 1888 default: 1889 bpf_error("bad protocol applied for 'protochain'"); 1890 /*NOTREACHED*/ 1891 } 1892 1893 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1894 1895 /* 1896 * s[0] is a dummy entry to protect other BPF insn from damaged 1897 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1898 * hard to find interdependency made by jump table fixup. 1899 */ 1900 i = 0; 1901 s[i] = new_stmt(0); /*dummy*/ 1902 i++; 1903 1904 switch (proto) { 1905 case Q_IP: 1906 b0 = gen_linktype(ETHERTYPE_IP); 1907 1908 /* A = ip->ip_p */ 1909 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1910 s[i]->s.k = off_nl + 9; 1911 i++; 1912 /* X = ip->ip_hl << 2 */ 1913 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1914 s[i]->s.k = off_nl; 1915 i++; 1916 break; 1917 case Q_IPV6: 1918 b0 = gen_linktype(ETHERTYPE_IPV6); 1919 1920 /* A = ip6->ip_nxt */ 1921 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1922 s[i]->s.k = off_nl + 6; 1923 i++; 1924 /* X = sizeof(struct ip6_hdr) */ 1925 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1926 s[i]->s.k = 40; 1927 i++; 1928 break; 1929 default: 1930 bpf_error("unsupported proto to gen_protochain"); 1931 /*NOTREACHED*/ 1932 } 1933 1934 /* again: if (A == v) goto end; else fall through; */ 1935 again = i; 1936 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1937 s[i]->s.k = v; 1938 s[i]->s.jt = NULL; /*later*/ 1939 s[i]->s.jf = NULL; /*update in next stmt*/ 1940 fix5 = i; 1941 i++; 1942 1943 /* if (A == IPPROTO_NONE) goto end */ 1944 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1945 s[i]->s.jt = NULL; /*later*/ 1946 s[i]->s.jf = NULL; /*update in next stmt*/ 1947 s[i]->s.k = IPPROTO_NONE; 1948 s[fix5]->s.jf = s[i]; 1949 fix2 = i; 1950 i++; 1951 1952 if (proto == Q_IPV6) { 1953 int v6start, v6end, v6advance, j; 1954 1955 v6start = i; 1956 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1957 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1958 s[i]->s.jt = NULL; /*later*/ 1959 s[i]->s.jf = NULL; /*update in next stmt*/ 1960 s[i]->s.k = IPPROTO_HOPOPTS; 1961 s[fix2]->s.jf = s[i]; 1962 i++; 1963 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1964 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1965 s[i]->s.jt = NULL; /*later*/ 1966 s[i]->s.jf = NULL; /*update in next stmt*/ 1967 s[i]->s.k = IPPROTO_DSTOPTS; 1968 i++; 1969 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1970 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1971 s[i]->s.jt = NULL; /*later*/ 1972 s[i]->s.jf = NULL; /*update in next stmt*/ 1973 s[i]->s.k = IPPROTO_ROUTING; 1974 i++; 1975 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1976 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1977 s[i]->s.jt = NULL; /*later*/ 1978 s[i]->s.jf = NULL; /*later*/ 1979 s[i]->s.k = IPPROTO_FRAGMENT; 1980 fix3 = i; 1981 v6end = i; 1982 i++; 1983 1984 /* v6advance: */ 1985 v6advance = i; 1986 1987 /* 1988 * in short, 1989 * A = P[X + 1]; 1990 * X = X + (P[X] + 1) * 8; 1991 */ 1992 /* A = X */ 1993 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1994 i++; 1995 /* MEM[reg1] = A */ 1996 s[i] = new_stmt(BPF_ST); 1997 s[i]->s.k = reg1; 1998 i++; 1999 /* A += 1 */ 2000 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2001 s[i]->s.k = 1; 2002 i++; 2003 /* X = A */ 2004 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2005 i++; 2006 /* A = P[X + packet head]; */ 2007 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2008 s[i]->s.k = off_nl; 2009 i++; 2010 /* MEM[reg2] = A */ 2011 s[i] = new_stmt(BPF_ST); 2012 s[i]->s.k = reg2; 2013 i++; 2014 /* X = MEM[reg1] */ 2015 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2016 s[i]->s.k = reg1; 2017 i++; 2018 /* A = P[X + packet head] */ 2019 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2020 s[i]->s.k = off_nl; 2021 i++; 2022 /* A += 1 */ 2023 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2024 s[i]->s.k = 1; 2025 i++; 2026 /* A *= 8 */ 2027 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2028 s[i]->s.k = 8; 2029 i++; 2030 /* X = A; */ 2031 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2032 i++; 2033 /* A = MEM[reg2] */ 2034 s[i] = new_stmt(BPF_LD|BPF_MEM); 2035 s[i]->s.k = reg2; 2036 i++; 2037 2038 /* goto again; (must use BPF_JA for backward jump) */ 2039 s[i] = new_stmt(BPF_JMP|BPF_JA); 2040 s[i]->s.k = again - i - 1; 2041 s[i - 1]->s.jf = s[i]; 2042 i++; 2043 2044 /* fixup */ 2045 for (j = v6start; j <= v6end; j++) 2046 s[j]->s.jt = s[v6advance]; 2047 } else { 2048 /* nop */ 2049 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2050 s[i]->s.k = 0; 2051 s[fix2]->s.jf = s[i]; 2052 i++; 2053 } 2054 2055 /* ahcheck: */ 2056 ahcheck = i; 2057 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2058 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2059 s[i]->s.jt = NULL; /*later*/ 2060 s[i]->s.jf = NULL; /*later*/ 2061 s[i]->s.k = IPPROTO_AH; 2062 if (fix3) 2063 s[fix3]->s.jf = s[ahcheck]; 2064 fix4 = i; 2065 i++; 2066 2067 /* 2068 * in short, 2069 * A = P[X + 1]; 2070 * X = X + (P[X] + 2) * 4; 2071 */ 2072 /* A = X */ 2073 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2074 i++; 2075 /* MEM[reg1] = A */ 2076 s[i] = new_stmt(BPF_ST); 2077 s[i]->s.k = reg1; 2078 i++; 2079 /* A += 1 */ 2080 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2081 s[i]->s.k = 1; 2082 i++; 2083 /* X = A */ 2084 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2085 i++; 2086 /* A = P[X + packet head]; */ 2087 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2088 s[i]->s.k = off_nl; 2089 i++; 2090 /* MEM[reg2] = A */ 2091 s[i] = new_stmt(BPF_ST); 2092 s[i]->s.k = reg2; 2093 i++; 2094 /* X = MEM[reg1] */ 2095 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2096 s[i]->s.k = reg1; 2097 i++; 2098 /* A = P[X + packet head] */ 2099 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2100 s[i]->s.k = off_nl; 2101 i++; 2102 /* A += 2 */ 2103 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2104 s[i]->s.k = 2; 2105 i++; 2106 /* A *= 4 */ 2107 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2108 s[i]->s.k = 4; 2109 i++; 2110 /* X = A; */ 2111 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2112 i++; 2113 /* A = MEM[reg2] */ 2114 s[i] = new_stmt(BPF_LD|BPF_MEM); 2115 s[i]->s.k = reg2; 2116 i++; 2117 2118 /* goto again; (must use BPF_JA for backward jump) */ 2119 s[i] = new_stmt(BPF_JMP|BPF_JA); 2120 s[i]->s.k = again - i - 1; 2121 i++; 2122 2123 /* end: nop */ 2124 end = i; 2125 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2126 s[i]->s.k = 0; 2127 s[fix2]->s.jt = s[end]; 2128 s[fix4]->s.jf = s[end]; 2129 s[fix5]->s.jt = s[end]; 2130 i++; 2131 2132 /* 2133 * make slist chain 2134 */ 2135 max = i; 2136 for (i = 0; i < max - 1; i++) 2137 s[i]->next = s[i + 1]; 2138 s[max - 1]->next = NULL; 2139 2140 /* 2141 * emit final check 2142 */ 2143 b = new_block(JMP(BPF_JEQ)); 2144 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2145 b->s.k = v; 2146 2147 free_reg(reg1); 2148 free_reg(reg2); 2149 2150 gen_and(b0, b); 2151 return b; 2152 } 2153 2154 static struct block * 2155 gen_proto(v, proto, dir) 2156 int v; 2157 int proto; 2158 int dir; 2159 { 2160 struct block *b0, *b1; 2161 2162 if (dir != Q_DEFAULT) 2163 bpf_error("direction applied to 'proto'"); 2164 2165 switch (proto) { 2166 case Q_DEFAULT: 2167 #ifdef INET6 2168 b0 = gen_proto(v, Q_IP, dir); 2169 b1 = gen_proto(v, Q_IPV6, dir); 2170 gen_or(b0, b1); 2171 return b1; 2172 #else 2173 /*FALLTHROUGH*/ 2174 #endif 2175 case Q_IP: 2176 b0 = gen_linktype(ETHERTYPE_IP); 2177 #ifndef CHASE_CHAIN 2178 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2179 #else 2180 b1 = gen_protochain(v, Q_IP); 2181 #endif 2182 gen_and(b0, b1); 2183 return b1; 2184 2185 case Q_ARP: 2186 bpf_error("arp does not encapsulate another protocol"); 2187 /* NOTREACHED */ 2188 2189 case Q_RARP: 2190 bpf_error("rarp does not encapsulate another protocol"); 2191 /* NOTREACHED */ 2192 2193 case Q_ATALK: 2194 bpf_error("atalk encapsulation is not specifiable"); 2195 /* NOTREACHED */ 2196 2197 case Q_DECNET: 2198 bpf_error("decnet encapsulation is not specifiable"); 2199 /* NOTREACHED */ 2200 2201 case Q_SCA: 2202 bpf_error("sca does not encapsulate another protocol"); 2203 /* NOTREACHED */ 2204 2205 case Q_LAT: 2206 bpf_error("lat does not encapsulate another protocol"); 2207 /* NOTREACHED */ 2208 2209 case Q_MOPRC: 2210 bpf_error("moprc does not encapsulate another protocol"); 2211 /* NOTREACHED */ 2212 2213 case Q_MOPDL: 2214 bpf_error("mopdl does not encapsulate another protocol"); 2215 /* NOTREACHED */ 2216 2217 case Q_LINK: 2218 return gen_linktype(v); 2219 2220 case Q_UDP: 2221 bpf_error("'udp proto' is bogus"); 2222 /* NOTREACHED */ 2223 2224 case Q_TCP: 2225 bpf_error("'tcp proto' is bogus"); 2226 /* NOTREACHED */ 2227 2228 case Q_ICMP: 2229 bpf_error("'icmp proto' is bogus"); 2230 /* NOTREACHED */ 2231 2232 case Q_IGMP: 2233 bpf_error("'igmp proto' is bogus"); 2234 /* NOTREACHED */ 2235 2236 case Q_IGRP: 2237 bpf_error("'igrp proto' is bogus"); 2238 /* NOTREACHED */ 2239 2240 case Q_PIM: 2241 bpf_error("'pim proto' is bogus"); 2242 /* NOTREACHED */ 2243 2244 case Q_STP: 2245 bpf_error("'stp proto' is bogus"); 2246 /* NOTREACHED */ 2247 2248 #ifdef INET6 2249 case Q_IPV6: 2250 b0 = gen_linktype(ETHERTYPE_IPV6); 2251 #ifndef CHASE_CHAIN 2252 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2253 #else 2254 b1 = gen_protochain(v, Q_IPV6); 2255 #endif 2256 gen_and(b0, b1); 2257 return b1; 2258 2259 case Q_ICMPV6: 2260 bpf_error("'icmp6 proto' is bogus"); 2261 #endif /* INET6 */ 2262 2263 case Q_AH: 2264 bpf_error("'ah proto' is bogus"); 2265 2266 case Q_ESP: 2267 bpf_error("'esp proto' is bogus"); 2268 2269 default: 2270 abort(); 2271 /* NOTREACHED */ 2272 } 2273 /* NOTREACHED */ 2274 } 2275 2276 struct block * 2277 gen_scode(name, q) 2278 const char *name; 2279 struct qual q; 2280 { 2281 int proto = q.proto; 2282 int dir = q.dir; 2283 int tproto; 2284 u_char *eaddr; 2285 bpf_u_int32 mask, addr; 2286 #ifndef INET6 2287 bpf_u_int32 **alist; 2288 #else 2289 int tproto6; 2290 struct sockaddr_in *sin; 2291 struct sockaddr_in6 *sin6; 2292 struct addrinfo *res, *res0; 2293 struct in6_addr mask128; 2294 #endif /*INET6*/ 2295 struct block *b, *tmp; 2296 int port, real_proto; 2297 2298 switch (q.addr) { 2299 2300 case Q_NET: 2301 addr = pcap_nametonetaddr(name); 2302 if (addr == 0) 2303 bpf_error("unknown network '%s'", name); 2304 /* Left justify network addr and calculate its network mask */ 2305 mask = 0xffffffff; 2306 while (addr && (addr & 0xff000000) == 0) { 2307 addr <<= 8; 2308 mask <<= 8; 2309 } 2310 return gen_host(addr, mask, proto, dir); 2311 2312 case Q_DEFAULT: 2313 case Q_HOST: 2314 if (proto == Q_LINK) { 2315 switch (linktype) { 2316 2317 case DLT_EN10MB: 2318 eaddr = pcap_ether_hostton(name); 2319 if (eaddr == NULL) 2320 bpf_error( 2321 "unknown ether host '%s'", name); 2322 return gen_ehostop(eaddr, dir); 2323 2324 case DLT_FDDI: 2325 eaddr = pcap_ether_hostton(name); 2326 if (eaddr == NULL) 2327 bpf_error( 2328 "unknown FDDI host '%s'", name); 2329 return gen_fhostop(eaddr, dir); 2330 2331 case DLT_IEEE802_11: 2332 case DLT_IEEE802_11_RADIO: 2333 eaddr = pcap_ether_hostton(name); 2334 if (eaddr == NULL) 2335 bpf_error( 2336 "unknown 802.11 host '%s'", name); 2337 2338 return gen_p80211_hostop(eaddr, dir); 2339 2340 default: 2341 bpf_error( 2342 "only ethernet/FDDI supports link-level host name"); 2343 break; 2344 } 2345 } else if (proto == Q_DECNET) { 2346 unsigned short dn_addr = __pcap_nametodnaddr(name); 2347 /* 2348 * I don't think DECNET hosts can be multihomed, so 2349 * there is no need to build up a list of addresses 2350 */ 2351 return (gen_host(dn_addr, 0, proto, dir)); 2352 } else { 2353 #ifndef INET6 2354 alist = pcap_nametoaddr(name); 2355 if (alist == NULL || *alist == NULL) 2356 bpf_error("unknown host '%s'", name); 2357 tproto = proto; 2358 if (off_linktype == -1 && tproto == Q_DEFAULT) 2359 tproto = Q_IP; 2360 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2361 while (*alist) { 2362 tmp = gen_host(**alist++, 0xffffffff, 2363 tproto, dir); 2364 gen_or(b, tmp); 2365 b = tmp; 2366 } 2367 return b; 2368 #else 2369 memset(&mask128, 0xff, sizeof(mask128)); 2370 res0 = res = pcap_nametoaddrinfo(name); 2371 if (res == NULL) 2372 bpf_error("unknown host '%s'", name); 2373 b = tmp = NULL; 2374 tproto = tproto6 = proto; 2375 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2376 tproto = Q_IP; 2377 tproto6 = Q_IPV6; 2378 } 2379 for (res = res0; res; res = res->ai_next) { 2380 switch (res->ai_family) { 2381 case AF_INET: 2382 if (tproto == Q_IPV6) 2383 continue; 2384 2385 sin = (struct sockaddr_in *) 2386 res->ai_addr; 2387 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2388 0xffffffff, tproto, dir); 2389 break; 2390 case AF_INET6: 2391 if (tproto6 == Q_IP) 2392 continue; 2393 2394 sin6 = (struct sockaddr_in6 *) 2395 res->ai_addr; 2396 tmp = gen_host6(&sin6->sin6_addr, 2397 &mask128, tproto6, dir); 2398 break; 2399 } 2400 if (b) 2401 gen_or(b, tmp); 2402 b = tmp; 2403 } 2404 freeaddrinfo(res0); 2405 if (b == NULL) { 2406 bpf_error("unknown host '%s'%s", name, 2407 (proto == Q_DEFAULT) 2408 ? "" 2409 : " for specified address family"); 2410 } 2411 return b; 2412 #endif /*INET6*/ 2413 } 2414 2415 case Q_PORT: 2416 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2417 bpf_error("illegal qualifier of 'port'"); 2418 if (pcap_nametoport(name, &port, &real_proto) == 0) 2419 bpf_error("unknown port '%s'", name); 2420 if (proto == Q_UDP) { 2421 if (real_proto == IPPROTO_TCP) 2422 bpf_error("port '%s' is tcp", name); 2423 else 2424 /* override PROTO_UNDEF */ 2425 real_proto = IPPROTO_UDP; 2426 } 2427 if (proto == Q_TCP) { 2428 if (real_proto == IPPROTO_UDP) 2429 bpf_error("port '%s' is udp", name); 2430 else 2431 /* override PROTO_UNDEF */ 2432 real_proto = IPPROTO_TCP; 2433 } 2434 #ifndef INET6 2435 return gen_port(port, real_proto, dir); 2436 #else 2437 { 2438 struct block *b; 2439 b = gen_port(port, real_proto, dir); 2440 gen_or(gen_port6(port, real_proto, dir), b); 2441 return b; 2442 } 2443 #endif /* INET6 */ 2444 2445 case Q_GATEWAY: 2446 #ifndef INET6 2447 eaddr = pcap_ether_hostton(name); 2448 if (eaddr == NULL) 2449 bpf_error("unknown ether host: %s", name); 2450 2451 alist = pcap_nametoaddr(name); 2452 if (alist == NULL || *alist == NULL) 2453 bpf_error("unknown host '%s'", name); 2454 return gen_gateway(eaddr, alist, proto, dir); 2455 #else 2456 bpf_error("'gateway' not supported in this configuration"); 2457 #endif /*INET6*/ 2458 2459 case Q_PROTO: 2460 real_proto = lookup_proto(name, proto); 2461 if (real_proto >= 0) 2462 return gen_proto(real_proto, proto, dir); 2463 else 2464 bpf_error("unknown protocol: %s", name); 2465 2466 case Q_PROTOCHAIN: 2467 real_proto = lookup_proto(name, proto); 2468 if (real_proto >= 0) 2469 return gen_protochain(real_proto, proto, dir); 2470 else 2471 bpf_error("unknown protocol: %s", name); 2472 2473 2474 case Q_UNDEF: 2475 syntax(); 2476 /* NOTREACHED */ 2477 } 2478 abort(); 2479 /* NOTREACHED */ 2480 } 2481 2482 struct block * 2483 gen_mcode(s1, s2, masklen, q) 2484 const char *s1, *s2; 2485 int masklen; 2486 struct qual q; 2487 { 2488 int nlen, mlen; 2489 bpf_u_int32 n, m; 2490 2491 nlen = __pcap_atoin(s1, &n); 2492 /* Promote short ipaddr */ 2493 n <<= 32 - nlen; 2494 2495 if (s2 != NULL) { 2496 mlen = __pcap_atoin(s2, &m); 2497 /* Promote short ipaddr */ 2498 m <<= 32 - mlen; 2499 if ((n & ~m) != 0) 2500 bpf_error("non-network bits set in \"%s mask %s\"", 2501 s1, s2); 2502 } else { 2503 /* Convert mask len to mask */ 2504 if (masklen > 32) 2505 bpf_error("mask length must be <= 32"); 2506 m = 0xffffffff << (32 - masklen); 2507 if ((n & ~m) != 0) 2508 bpf_error("non-network bits set in \"%s/%d\"", 2509 s1, masklen); 2510 } 2511 2512 switch (q.addr) { 2513 2514 case Q_NET: 2515 return gen_host(n, m, q.proto, q.dir); 2516 2517 default: 2518 bpf_error("Mask syntax for networks only"); 2519 /* NOTREACHED */ 2520 } 2521 } 2522 2523 struct block * 2524 gen_ncode(s, v, q) 2525 const char *s; 2526 bpf_u_int32 v; 2527 struct qual q; 2528 { 2529 bpf_u_int32 mask; 2530 int proto = q.proto; 2531 int dir = q.dir; 2532 int vlen; 2533 2534 if (s == NULL) 2535 vlen = 32; 2536 else if (q.proto == Q_DECNET) 2537 vlen = __pcap_atodn(s, &v); 2538 else 2539 vlen = __pcap_atoin(s, &v); 2540 2541 switch (q.addr) { 2542 2543 case Q_DEFAULT: 2544 case Q_HOST: 2545 case Q_NET: 2546 if (proto == Q_DECNET) 2547 return gen_host(v, 0, proto, dir); 2548 else if (proto == Q_LINK) { 2549 bpf_error("illegal link layer address"); 2550 } else { 2551 mask = 0xffffffff; 2552 if (s == NULL && q.addr == Q_NET) { 2553 /* Promote short net number */ 2554 while (v && (v & 0xff000000) == 0) { 2555 v <<= 8; 2556 mask <<= 8; 2557 } 2558 } else { 2559 /* Promote short ipaddr */ 2560 v <<= 32 - vlen; 2561 mask <<= 32 - vlen; 2562 } 2563 return gen_host(v, mask, proto, dir); 2564 } 2565 2566 case Q_PORT: 2567 if (proto == Q_UDP) 2568 proto = IPPROTO_UDP; 2569 else if (proto == Q_TCP) 2570 proto = IPPROTO_TCP; 2571 else if (proto == Q_DEFAULT) 2572 proto = PROTO_UNDEF; 2573 else 2574 bpf_error("illegal qualifier of 'port'"); 2575 2576 #ifndef INET6 2577 return gen_port((int)v, proto, dir); 2578 #else 2579 { 2580 struct block *b; 2581 b = gen_port((int)v, proto, dir); 2582 gen_or(gen_port6((int)v, proto, dir), b); 2583 return b; 2584 } 2585 #endif /* INET6 */ 2586 2587 case Q_GATEWAY: 2588 bpf_error("'gateway' requires a name"); 2589 /* NOTREACHED */ 2590 2591 case Q_PROTO: 2592 return gen_proto((int)v, proto, dir); 2593 2594 case Q_PROTOCHAIN: 2595 return gen_protochain((int)v, proto, dir); 2596 2597 case Q_UNDEF: 2598 syntax(); 2599 /* NOTREACHED */ 2600 2601 default: 2602 abort(); 2603 /* NOTREACHED */ 2604 } 2605 /* NOTREACHED */ 2606 } 2607 2608 #ifdef INET6 2609 struct block * 2610 gen_mcode6(s1, s2, masklen, q) 2611 const char *s1, *s2; 2612 int masklen; 2613 struct qual q; 2614 { 2615 struct addrinfo *res; 2616 struct in6_addr *addr; 2617 struct in6_addr mask; 2618 struct block *b; 2619 u_int32_t *a, *m; 2620 2621 if (s2) 2622 bpf_error("no mask %s supported", s2); 2623 2624 res = pcap_nametoaddrinfo(s1); 2625 if (!res) 2626 bpf_error("invalid ip6 address %s", s1); 2627 if (res->ai_next) 2628 bpf_error("%s resolved to multiple address", s1); 2629 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2630 2631 if (sizeof(mask) * 8 < masklen) 2632 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2633 memset(&mask, 0, sizeof(mask)); 2634 memset(&mask, 0xff, masklen / 8); 2635 if (masklen % 8) { 2636 mask.s6_addr[masklen / 8] = 2637 (0xff << (8 - masklen % 8)) & 0xff; 2638 } 2639 2640 a = (u_int32_t *)addr; 2641 m = (u_int32_t *)&mask; 2642 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2643 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2644 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2645 } 2646 2647 switch (q.addr) { 2648 2649 case Q_DEFAULT: 2650 case Q_HOST: 2651 if (masklen != 128) 2652 bpf_error("Mask syntax for networks only"); 2653 /* FALLTHROUGH */ 2654 2655 case Q_NET: 2656 b = gen_host6(addr, &mask, q.proto, q.dir); 2657 freeaddrinfo(res); 2658 return b; 2659 2660 default: 2661 bpf_error("invalid qualifier against IPv6 address"); 2662 /* NOTREACHED */ 2663 } 2664 } 2665 #endif /*INET6*/ 2666 2667 struct block * 2668 gen_ecode(eaddr, q) 2669 const u_char *eaddr; 2670 struct qual q; 2671 { 2672 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2673 if (linktype == DLT_EN10MB) 2674 return gen_ehostop(eaddr, (int)q.dir); 2675 if (linktype == DLT_FDDI) 2676 return gen_fhostop(eaddr, (int)q.dir); 2677 if (linktype == DLT_IEEE802_11 || 2678 linktype == DLT_IEEE802_11_RADIO) 2679 return gen_p80211_hostop(eaddr, (int)q.dir); 2680 } 2681 bpf_error("ethernet address used in non-ether expression"); 2682 /* NOTREACHED */ 2683 } 2684 2685 void 2686 sappend(s0, s1) 2687 struct slist *s0, *s1; 2688 { 2689 /* 2690 * This is definitely not the best way to do this, but the 2691 * lists will rarely get long. 2692 */ 2693 while (s0->next) 2694 s0 = s0->next; 2695 s0->next = s1; 2696 } 2697 2698 static struct slist * 2699 xfer_to_x(a) 2700 struct arth *a; 2701 { 2702 struct slist *s; 2703 2704 s = new_stmt(BPF_LDX|BPF_MEM); 2705 s->s.k = a->regno; 2706 return s; 2707 } 2708 2709 static struct slist * 2710 xfer_to_a(a) 2711 struct arth *a; 2712 { 2713 struct slist *s; 2714 2715 s = new_stmt(BPF_LD|BPF_MEM); 2716 s->s.k = a->regno; 2717 return s; 2718 } 2719 2720 struct arth * 2721 gen_load(proto, index, size) 2722 int proto; 2723 struct arth *index; 2724 int size; 2725 { 2726 struct slist *s, *tmp; 2727 struct block *b; 2728 int regno = alloc_reg(); 2729 2730 free_reg(index->regno); 2731 switch (size) { 2732 2733 default: 2734 bpf_error("data size must be 1, 2, or 4"); 2735 2736 case 1: 2737 size = BPF_B; 2738 break; 2739 2740 case 2: 2741 size = BPF_H; 2742 break; 2743 2744 case 4: 2745 size = BPF_W; 2746 break; 2747 } 2748 switch (proto) { 2749 default: 2750 bpf_error("unsupported index operation"); 2751 2752 case Q_LINK: 2753 s = xfer_to_x(index); 2754 tmp = new_stmt(BPF_LD|BPF_IND|size); 2755 sappend(s, tmp); 2756 sappend(index->s, s); 2757 break; 2758 2759 case Q_IP: 2760 case Q_ARP: 2761 case Q_RARP: 2762 case Q_ATALK: 2763 case Q_DECNET: 2764 case Q_SCA: 2765 case Q_LAT: 2766 case Q_MOPRC: 2767 case Q_MOPDL: 2768 #ifdef INET6 2769 case Q_IPV6: 2770 #endif 2771 /* XXX Note that we assume a fixed link header here. */ 2772 if (variable_nl) { 2773 s = nl2X_stmt(); 2774 sappend(s, xfer_to_a(index)); 2775 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2776 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2777 } else { 2778 s = xfer_to_x(index); 2779 } 2780 tmp = new_stmt(BPF_LD|BPF_IND|size); 2781 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2782 sappend(s, tmp); 2783 sappend(index->s, s); 2784 2785 b = gen_proto_abbrev(proto); 2786 if (index->b) 2787 gen_and(index->b, b); 2788 index->b = b; 2789 break; 2790 2791 case Q_TCP: 2792 case Q_UDP: 2793 case Q_ICMP: 2794 case Q_IGMP: 2795 case Q_IGRP: 2796 case Q_PIM: 2797 s = iphl_to_x(); 2798 sappend(s, xfer_to_a(index)); 2799 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2800 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2801 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2802 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2803 sappend(index->s, s); 2804 2805 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2806 if (index->b) 2807 gen_and(index->b, b); 2808 #ifdef INET6 2809 gen_and(gen_proto_abbrev(Q_IP), b); 2810 #endif 2811 index->b = b; 2812 break; 2813 #ifdef INET6 2814 case Q_ICMPV6: 2815 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2816 /*NOTREACHED*/ 2817 #endif 2818 } 2819 index->regno = regno; 2820 s = new_stmt(BPF_ST); 2821 s->s.k = regno; 2822 sappend(index->s, s); 2823 2824 return index; 2825 } 2826 2827 struct block * 2828 gen_relation(code, a0, a1, reversed) 2829 int code; 2830 struct arth *a0, *a1; 2831 int reversed; 2832 { 2833 struct slist *s0, *s1, *s2; 2834 struct block *b, *tmp; 2835 2836 s0 = xfer_to_x(a1); 2837 s1 = xfer_to_a(a0); 2838 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2839 b = new_block(JMP(code)); 2840 if (code == BPF_JGT || code == BPF_JGE) { 2841 reversed = !reversed; 2842 b->s.k = 0x80000000; 2843 } 2844 if (reversed) 2845 gen_not(b); 2846 2847 sappend(s1, s2); 2848 sappend(s0, s1); 2849 sappend(a1->s, s0); 2850 sappend(a0->s, a1->s); 2851 2852 b->stmts = a0->s; 2853 2854 free_reg(a0->regno); 2855 free_reg(a1->regno); 2856 2857 /* 'and' together protocol checks */ 2858 if (a0->b) { 2859 if (a1->b) { 2860 gen_and(a0->b, tmp = a1->b); 2861 } 2862 else 2863 tmp = a0->b; 2864 } else 2865 tmp = a1->b; 2866 2867 if (tmp) 2868 gen_and(tmp, b); 2869 2870 return b; 2871 } 2872 2873 struct arth * 2874 gen_loadlen() 2875 { 2876 int regno = alloc_reg(); 2877 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2878 struct slist *s; 2879 2880 s = new_stmt(BPF_LD|BPF_LEN); 2881 s->next = new_stmt(BPF_ST); 2882 s->next->s.k = regno; 2883 a->s = s; 2884 a->regno = regno; 2885 2886 return a; 2887 } 2888 2889 struct arth * 2890 gen_loadrnd() 2891 { 2892 int regno = alloc_reg(); 2893 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2894 struct slist *s; 2895 2896 s = new_stmt(BPF_LD|BPF_RND); 2897 s->next = new_stmt(BPF_ST); 2898 s->next->s.k = regno; 2899 a->s = s; 2900 a->regno = regno; 2901 2902 return a; 2903 } 2904 2905 struct arth * 2906 gen_loadi(val) 2907 int val; 2908 { 2909 struct arth *a; 2910 struct slist *s; 2911 int reg; 2912 2913 a = (struct arth *)newchunk(sizeof(*a)); 2914 2915 reg = alloc_reg(); 2916 2917 s = new_stmt(BPF_LD|BPF_IMM); 2918 s->s.k = val; 2919 s->next = new_stmt(BPF_ST); 2920 s->next->s.k = reg; 2921 a->s = s; 2922 a->regno = reg; 2923 2924 return a; 2925 } 2926 2927 struct arth * 2928 gen_neg(a) 2929 struct arth *a; 2930 { 2931 struct slist *s; 2932 2933 s = xfer_to_a(a); 2934 sappend(a->s, s); 2935 s = new_stmt(BPF_ALU|BPF_NEG); 2936 s->s.k = 0; 2937 sappend(a->s, s); 2938 s = new_stmt(BPF_ST); 2939 s->s.k = a->regno; 2940 sappend(a->s, s); 2941 2942 return a; 2943 } 2944 2945 struct arth * 2946 gen_arth(code, a0, a1) 2947 int code; 2948 struct arth *a0, *a1; 2949 { 2950 struct slist *s0, *s1, *s2; 2951 2952 s0 = xfer_to_x(a1); 2953 s1 = xfer_to_a(a0); 2954 s2 = new_stmt(BPF_ALU|BPF_X|code); 2955 2956 sappend(s1, s2); 2957 sappend(s0, s1); 2958 sappend(a1->s, s0); 2959 sappend(a0->s, a1->s); 2960 2961 free_reg(a1->regno); 2962 2963 s0 = new_stmt(BPF_ST); 2964 a0->regno = s0->s.k = alloc_reg(); 2965 sappend(a0->s, s0); 2966 2967 return a0; 2968 } 2969 2970 /* 2971 * Here we handle simple allocation of the scratch registers. 2972 * If too many registers are alloc'd, the allocator punts. 2973 */ 2974 static int regused[BPF_MEMWORDS]; 2975 static int curreg; 2976 2977 /* 2978 * Return the next free register. 2979 */ 2980 static int 2981 alloc_reg() 2982 { 2983 int n = BPF_MEMWORDS; 2984 2985 while (--n >= 0) { 2986 if (regused[curreg]) 2987 curreg = (curreg + 1) % BPF_MEMWORDS; 2988 else { 2989 regused[curreg] = 1; 2990 return curreg; 2991 } 2992 } 2993 bpf_error("too many registers needed to evaluate expression"); 2994 /* NOTREACHED */ 2995 } 2996 2997 /* 2998 * Return a register to the table so it can 2999 * be used later. 3000 */ 3001 static void 3002 free_reg(n) 3003 int n; 3004 { 3005 regused[n] = 0; 3006 } 3007 3008 static struct block * 3009 gen_len(jmp, n) 3010 int jmp, n; 3011 { 3012 struct slist *s; 3013 struct block *b; 3014 3015 s = new_stmt(BPF_LD|BPF_LEN); 3016 b = new_block(JMP(jmp)); 3017 b->stmts = s; 3018 b->s.k = n; 3019 3020 return b; 3021 } 3022 3023 struct block * 3024 gen_greater(n) 3025 int n; 3026 { 3027 return gen_len(BPF_JGE, n); 3028 } 3029 3030 struct block * 3031 gen_less(n) 3032 int n; 3033 { 3034 struct block *b; 3035 3036 b = gen_len(BPF_JGT, n); 3037 gen_not(b); 3038 3039 return b; 3040 } 3041 3042 struct block * 3043 gen_byteop(op, idx, val) 3044 int op, idx, val; 3045 { 3046 struct block *b; 3047 struct slist *s; 3048 3049 switch (op) { 3050 default: 3051 abort(); 3052 3053 case '=': 3054 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3055 3056 case '<': 3057 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3058 b->s.code = JMP(BPF_JGE); 3059 gen_not(b); 3060 return b; 3061 3062 case '>': 3063 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3064 b->s.code = JMP(BPF_JGT); 3065 return b; 3066 3067 case '|': 3068 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3069 break; 3070 3071 case '&': 3072 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3073 break; 3074 } 3075 s->s.k = val; 3076 b = new_block(JMP(BPF_JEQ)); 3077 b->stmts = s; 3078 gen_not(b); 3079 3080 return b; 3081 } 3082 3083 struct block * 3084 gen_broadcast(proto) 3085 int proto; 3086 { 3087 bpf_u_int32 hostmask; 3088 struct block *b0, *b1, *b2; 3089 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3090 3091 switch (proto) { 3092 3093 case Q_DEFAULT: 3094 case Q_LINK: 3095 if (linktype == DLT_EN10MB) 3096 return gen_ehostop(ebroadcast, Q_DST); 3097 if (linktype == DLT_FDDI) 3098 return gen_fhostop(ebroadcast, Q_DST); 3099 if (linktype == DLT_IEEE802_11 || 3100 linktype == DLT_IEEE802_11_RADIO) 3101 return gen_p80211_hostop(ebroadcast, Q_DST); 3102 bpf_error("not a broadcast link"); 3103 break; 3104 3105 case Q_IP: 3106 b0 = gen_linktype(ETHERTYPE_IP); 3107 hostmask = ~netmask; 3108 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3109 b2 = gen_mcmp_nl(16, BPF_W, 3110 (bpf_int32)(~0 & hostmask), hostmask); 3111 gen_or(b1, b2); 3112 gen_and(b0, b2); 3113 return b2; 3114 } 3115 bpf_error("only ether/ip broadcast filters supported"); 3116 } 3117 3118 struct block * 3119 gen_multicast(proto) 3120 int proto; 3121 { 3122 struct block *b0, *b1; 3123 struct slist *s; 3124 3125 switch (proto) { 3126 3127 case Q_DEFAULT: 3128 case Q_LINK: 3129 if (linktype == DLT_EN10MB) { 3130 /* ether[0] & 1 != 0 */ 3131 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3132 s->s.k = 0; 3133 b0 = new_block(JMP(BPF_JSET)); 3134 b0->s.k = 1; 3135 b0->stmts = s; 3136 return b0; 3137 } 3138 3139 if (linktype == DLT_FDDI) { 3140 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3141 /* fddi[1] & 1 != 0 */ 3142 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3143 s->s.k = 1; 3144 b0 = new_block(JMP(BPF_JSET)); 3145 b0->s.k = 1; 3146 b0->stmts = s; 3147 return b0; 3148 } 3149 /* Link not known to support multicasts */ 3150 break; 3151 3152 case Q_IP: 3153 b0 = gen_linktype(ETHERTYPE_IP); 3154 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3155 b1->s.code = JMP(BPF_JGE); 3156 gen_and(b0, b1); 3157 return b1; 3158 3159 #ifdef INET6 3160 case Q_IPV6: 3161 b0 = gen_linktype(ETHERTYPE_IPV6); 3162 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3163 gen_and(b0, b1); 3164 return b1; 3165 #endif /* INET6 */ 3166 } 3167 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3168 } 3169 3170 /* 3171 * generate command for inbound/outbound. It's here so we can 3172 * make it link-type specific. 'dir' = 0 implies "inbound", 3173 * = 1 implies "outbound". 3174 */ 3175 struct block * 3176 gen_inbound(dir) 3177 int dir; 3178 { 3179 struct block *b0; 3180 3181 /* 3182 * Only SLIP and old-style PPP data link types support 3183 * inbound/outbound qualifiers. 3184 */ 3185 switch (linktype) { 3186 case DLT_SLIP: 3187 case DLT_PPP: 3188 b0 = gen_relation(BPF_JEQ, 3189 gen_load(Q_LINK, gen_loadi(0), 1), 3190 gen_loadi(0), 3191 dir); 3192 break; 3193 3194 case DLT_PFLOG: 3195 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3196 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3197 break; 3198 3199 default: 3200 bpf_error("inbound/outbound not supported on linktype 0x%x", 3201 linktype); 3202 /* NOTREACHED */ 3203 } 3204 3205 return (b0); 3206 } 3207 3208 3209 /* PF firewall log matched interface */ 3210 struct block * 3211 gen_pf_ifname(char *ifname) 3212 { 3213 struct block *b0; 3214 u_int len, off; 3215 3216 if (linktype == DLT_PFLOG) { 3217 len = sizeof(((struct pfloghdr *)0)->ifname); 3218 off = offsetof(struct pfloghdr, ifname); 3219 } else { 3220 bpf_error("ifname not supported on linktype 0x%x", linktype); 3221 /* NOTREACHED */ 3222 } 3223 if (strlen(ifname) >= len) { 3224 bpf_error("ifname interface names can only be %d characters", 3225 len - 1); 3226 /* NOTREACHED */ 3227 } 3228 b0 = gen_bcmp(off, strlen(ifname), ifname); 3229 return (b0); 3230 } 3231 3232 3233 /* PF firewall log ruleset name */ 3234 struct block * 3235 gen_pf_ruleset(char *ruleset) 3236 { 3237 struct block *b0; 3238 3239 if (linktype != DLT_PFLOG) { 3240 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3241 /* NOTREACHED */ 3242 } 3243 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3244 bpf_error("ruleset names can only be %zu characters", 3245 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3246 /* NOTREACHED */ 3247 } 3248 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3249 strlen(ruleset), ruleset); 3250 return (b0); 3251 } 3252 3253 3254 /* PF firewall log rule number */ 3255 struct block * 3256 gen_pf_rnr(int rnr) 3257 { 3258 struct block *b0; 3259 3260 if (linktype == DLT_PFLOG) { 3261 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3262 (bpf_int32)rnr); 3263 } else { 3264 bpf_error("rnr not supported on linktype 0x%x", linktype); 3265 /* NOTREACHED */ 3266 } 3267 3268 return (b0); 3269 } 3270 3271 3272 /* PF firewall log sub-rule number */ 3273 struct block * 3274 gen_pf_srnr(int srnr) 3275 { 3276 struct block *b0; 3277 3278 if (linktype != DLT_PFLOG) { 3279 bpf_error("srnr not supported on linktype 0x%x", linktype); 3280 /* NOTREACHED */ 3281 } 3282 3283 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3284 (bpf_int32)srnr); 3285 return (b0); 3286 } 3287 3288 /* PF firewall log reason code */ 3289 struct block * 3290 gen_pf_reason(int reason) 3291 { 3292 struct block *b0; 3293 3294 if (linktype == DLT_PFLOG) { 3295 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3296 (bpf_int32)reason); 3297 } else { 3298 bpf_error("reason not supported on linktype 0x%x", linktype); 3299 /* NOTREACHED */ 3300 } 3301 3302 return (b0); 3303 } 3304 3305 /* PF firewall log action */ 3306 struct block * 3307 gen_pf_action(int action) 3308 { 3309 struct block *b0; 3310 3311 if (linktype == DLT_PFLOG) { 3312 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3313 (bpf_int32)action); 3314 } else { 3315 bpf_error("action not supported on linktype 0x%x", linktype); 3316 /* NOTREACHED */ 3317 } 3318 3319 return (b0); 3320 } 3321 3322 /* IEEE 802.11 wireless header */ 3323 struct block * 3324 gen_p80211_type(int type, int mask) 3325 { 3326 struct block *b0; 3327 u_int offset; 3328 3329 if (!(linktype == DLT_IEEE802_11 || 3330 linktype == DLT_IEEE802_11_RADIO)) { 3331 bpf_error("type not supported on linktype 0x%x", 3332 linktype); 3333 /* NOTREACHED */ 3334 } 3335 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3336 if (linktype == DLT_IEEE802_11_RADIO) 3337 offset += IEEE80211_RADIOTAP_HDRLEN; 3338 3339 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3340 3341 return (b0); 3342 } 3343 3344 static struct block * 3345 gen_ahostop(eaddr, dir) 3346 const u_char *eaddr; 3347 int dir; 3348 { 3349 struct block *b0, *b1; 3350 3351 switch (dir) { 3352 /* src comes first, different from Ethernet */ 3353 case Q_SRC: 3354 return gen_bcmp(0, 1, eaddr); 3355 3356 case Q_DST: 3357 return gen_bcmp(1, 1, eaddr); 3358 3359 case Q_AND: 3360 b0 = gen_ahostop(eaddr, Q_SRC); 3361 b1 = gen_ahostop(eaddr, Q_DST); 3362 gen_and(b0, b1); 3363 return b1; 3364 3365 case Q_DEFAULT: 3366 case Q_OR: 3367 b0 = gen_ahostop(eaddr, Q_SRC); 3368 b1 = gen_ahostop(eaddr, Q_DST); 3369 gen_or(b0, b1); 3370 return b1; 3371 } 3372 abort(); 3373 /* NOTREACHED */ 3374 } 3375 3376 struct block * 3377 gen_acode(eaddr, q) 3378 const u_char *eaddr; 3379 struct qual q; 3380 { 3381 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3382 if (linktype == DLT_ARCNET) 3383 return gen_ahostop(eaddr, (int)q.dir); 3384 } 3385 bpf_error("ARCnet address used in non-arc expression"); 3386 /* NOTREACHED */ 3387 } 3388 3389 struct block * 3390 gen_mpls(label) 3391 int label; 3392 { 3393 struct block *b0; 3394 3395 if (label > MPLS_LABEL_MAX) 3396 bpf_error("invalid MPLS label : %d", label); 3397 3398 if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */ 3399 b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1); 3400 else 3401 b0 = gen_linktype(ETHERTYPE_MPLS); 3402 3403 if (label >= 0) { 3404 struct block *b1; 3405 3406 b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12), 3407 MPLS_LABEL_MASK); 3408 gen_and(b0, b1); 3409 b0 = b1; 3410 } 3411 off_nl += 4; 3412 off_linktype += 4; 3413 mpls_stack++; 3414 return (b0); 3415 } 3416 3417 /* 3418 * support IEEE 802.1Q VLAN trunk over ethernet 3419 */ 3420 struct block * 3421 gen_vlan(vlan_num) 3422 int vlan_num; 3423 { 3424 struct block *b0; 3425 3426 if (variable_nl) { 3427 bpf_error("'vlan' not supported for variable DLTs"); 3428 /*NOTREACHED*/ 3429 } 3430 3431 if (vlan_num > 4095) { 3432 bpf_error("invalid VLAN number : %d", vlan_num); 3433 /*NOTREACHED*/ 3434 } 3435 3436 /* 3437 * Change the offsets to point to the type and data fields within 3438 * the VLAN packet. This is somewhat of a kludge. 3439 */ 3440 if (orig_nl == (u_int)-1) { 3441 orig_linktype = off_linktype; /* save original values */ 3442 orig_nl = off_nl; 3443 orig_nl_nosnap = off_nl_nosnap; 3444 3445 switch (linktype) { 3446 3447 case DLT_EN10MB: 3448 off_linktype = 16; 3449 off_nl_nosnap = 18; 3450 off_nl = 18; 3451 break; 3452 3453 default: 3454 bpf_error("no VLAN support for data link type %d", 3455 linktype); 3456 /*NOTREACHED*/ 3457 } 3458 } 3459 3460 /* check for VLAN */ 3461 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3462 3463 /* If a specific VLAN is requested, check VLAN id */ 3464 if (vlan_num >= 0) { 3465 struct block *b1; 3466 3467 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF); 3468 gen_and(b0, b1); 3469 b0 = b1; 3470 } 3471 3472 return (b0); 3473 } 3474 3475 struct block * 3476 gen_sample(int rate) 3477 { 3478 struct block *b0; 3479 long long threshold = 0x100000000LL; /* 0xffffffff + 1 */ 3480 3481 if (rate < 2) { 3482 bpf_error("sample %d is too low", rate); 3483 /*NOTREACHED*/ 3484 } 3485 if (rate > (1 << 20)) { 3486 bpf_error("sample %d is too high", rate); 3487 /*NOTREACHED*/ 3488 } 3489 3490 threshold /= rate; 3491 b0 = gen_relation(BPF_JGT, gen_loadrnd(), gen_loadi(threshold), 1); 3492 3493 return (b0); 3494 } 3495 3496 struct block * 3497 gen_p80211_fcdir(int fcdir) 3498 { 3499 struct block *b0; 3500 u_int offset; 3501 3502 if (!(linktype == DLT_IEEE802_11 || 3503 linktype == DLT_IEEE802_11_RADIO)) { 3504 bpf_error("frame direction not supported on linktype 0x%x", 3505 linktype); 3506 /* NOTREACHED */ 3507 } 3508 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3509 if (linktype == DLT_IEEE802_11_RADIO) 3510 offset += IEEE80211_RADIOTAP_HDRLEN; 3511 3512 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3513 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3514 3515 return (b0); 3516 } 3517 3518 static struct block * 3519 gen_p80211_hostop(const u_char *lladdr, int dir) 3520 { 3521 struct block *b0, *b1, *b2, *b3, *b4; 3522 u_int offset = 0; 3523 3524 if (linktype == DLT_IEEE802_11_RADIO) 3525 offset = IEEE80211_RADIOTAP_HDRLEN; 3526 3527 switch (dir) { 3528 case Q_SRC: 3529 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3530 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3531 lladdr); 3532 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3533 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3534 lladdr); 3535 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3536 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3537 lladdr); 3538 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3539 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3540 lladdr); 3541 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3542 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3543 lladdr); 3544 3545 gen_or(b0, b1); 3546 gen_or(b1, b2); 3547 gen_or(b2, b3); 3548 gen_or(b3, b4); 3549 return (b4); 3550 3551 case Q_DST: 3552 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3553 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3554 lladdr); 3555 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3556 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3557 lladdr); 3558 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3559 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3560 lladdr); 3561 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3562 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3563 lladdr); 3564 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3565 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3566 lladdr); 3567 3568 gen_or(b0, b1); 3569 gen_or(b1, b2); 3570 gen_or(b2, b3); 3571 gen_or(b3, b4); 3572 return (b4); 3573 3574 case Q_ADDR1: 3575 return (gen_bcmp(offset + 3576 (u_int)offsetof(struct ieee80211_frame, 3577 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3578 3579 case Q_ADDR2: 3580 return (gen_bcmp(offset + 3581 (u_int)offsetof(struct ieee80211_frame, 3582 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3583 3584 case Q_ADDR3: 3585 return (gen_bcmp(offset + 3586 (u_int)offsetof(struct ieee80211_frame, 3587 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3588 3589 case Q_ADDR4: 3590 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3591 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3592 lladdr)); 3593 3594 case Q_AND: 3595 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3596 b1 = gen_p80211_hostop(lladdr, Q_DST); 3597 gen_and(b0, b1); 3598 return (b1); 3599 3600 case Q_DEFAULT: 3601 case Q_OR: 3602 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3603 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3604 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3605 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3606 gen_or(b0, b1); 3607 gen_or(b1, b2); 3608 gen_or(b2, b3); 3609 return (b3); 3610 3611 default: 3612 bpf_error("direction not supported on linktype 0x%x", 3613 linktype); 3614 } 3615 /* NOTREACHED */ 3616 } 3617 3618 static struct block * 3619 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3620 { 3621 struct block *b0, *b1; 3622 3623 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3624 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3625 gen_and(b0, b1); 3626 3627 return (b1); 3628 } 3629