1 /* $NetBSD: gencode.c,v 1.14 2024/09/02 15:33:36 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/cdefs.h> 25 __RCSID("$NetBSD: gencode.c,v 1.14 2024/09/02 15:33:36 christos Exp $"); 26 27 #include <config.h> 28 29 #ifdef _WIN32 30 #include <ws2tcpip.h> 31 #else 32 #include <sys/socket.h> 33 34 #ifdef __NetBSD__ 35 #include <sys/param.h> 36 #endif 37 38 #include <netinet/in.h> 39 #include <arpa/inet.h> 40 #endif /* _WIN32 */ 41 42 #include <stdlib.h> 43 #include <string.h> 44 #include <memory.h> 45 #include <setjmp.h> 46 #include <stdarg.h> 47 #include <stdio.h> 48 49 #ifdef MSDOS 50 #include "pcap-dos.h" 51 #endif 52 53 #include "pcap-int.h" 54 55 #include "extract.h" 56 57 #include "ethertype.h" 58 #include "nlpid.h" 59 #include "llc.h" 60 #include "gencode.h" 61 #include "ieee80211.h" 62 #include "atmuni31.h" 63 #include "sunatmpos.h" 64 #include "pflog.h" 65 #include "ppp.h" 66 #include "pcap/sll.h" 67 #include "pcap/ipnet.h" 68 #include "arcnet.h" 69 #include "diag-control.h" 70 71 #include "scanner.h" 72 73 #if defined(__linux__) 74 #include <linux/types.h> 75 #include <linux/if_packet.h> 76 #include <linux/filter.h> 77 #endif 78 79 #ifndef offsetof 80 #define offsetof(s, e) ((size_t)&((s *)0)->e) 81 #endif 82 83 #ifdef _WIN32 84 #ifdef INET6 85 #if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) 86 /* IPv6 address */ 87 struct in6_addr 88 { 89 union 90 { 91 uint8_t u6_addr8[16]; 92 uint16_t u6_addr16[8]; 93 uint32_t u6_addr32[4]; 94 } in6_u; 95 #define s6_addr in6_u.u6_addr8 96 #define s6_addr16 in6_u.u6_addr16 97 #define s6_addr32 in6_u.u6_addr32 98 #define s6_addr64 in6_u.u6_addr64 99 }; 100 101 typedef unsigned short sa_family_t; 102 103 #define __SOCKADDR_COMMON(sa_prefix) \ 104 sa_family_t sa_prefix##family 105 106 /* Ditto, for IPv6. */ 107 struct sockaddr_in6 108 { 109 __SOCKADDR_COMMON (sin6_); 110 uint16_t sin6_port; /* Transport layer port # */ 111 uint32_t sin6_flowinfo; /* IPv6 flow information */ 112 struct in6_addr sin6_addr; /* IPv6 address */ 113 }; 114 115 #ifndef EAI_ADDRFAMILY 116 struct addrinfo { 117 int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ 118 int ai_family; /* PF_xxx */ 119 int ai_socktype; /* SOCK_xxx */ 120 int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ 121 size_t ai_addrlen; /* length of ai_addr */ 122 char *ai_canonname; /* canonical name for hostname */ 123 struct sockaddr *ai_addr; /* binary address */ 124 struct addrinfo *ai_next; /* next structure in linked list */ 125 }; 126 #endif /* EAI_ADDRFAMILY */ 127 #endif /* defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) */ 128 #endif /* INET6 */ 129 #else /* _WIN32 */ 130 #include <netdb.h> /* for "struct addrinfo" */ 131 #endif /* _WIN32 */ 132 #include <pcap/namedb.h> 133 134 #include "nametoaddr.h" 135 136 #define ETHERMTU 1500 137 138 #ifndef IPPROTO_HOPOPTS 139 #define IPPROTO_HOPOPTS 0 140 #endif 141 #ifndef IPPROTO_ROUTING 142 #define IPPROTO_ROUTING 43 143 #endif 144 #ifndef IPPROTO_FRAGMENT 145 #define IPPROTO_FRAGMENT 44 146 #endif 147 #ifndef IPPROTO_DSTOPTS 148 #define IPPROTO_DSTOPTS 60 149 #endif 150 #ifndef IPPROTO_SCTP 151 #define IPPROTO_SCTP 132 152 #endif 153 154 #define GENEVE_PORT 6081 155 156 #ifdef HAVE_OS_PROTO_H 157 #include "os-proto.h" 158 #endif 159 160 #define JMP(c) ((c)|BPF_JMP|BPF_K) 161 162 /* 163 * "Push" the current value of the link-layer header type and link-layer 164 * header offset onto a "stack", and set a new value. (It's not a 165 * full-blown stack; we keep only the top two items.) 166 */ 167 #define PUSH_LINKHDR(cs, new_linktype, new_is_variable, new_constant_part, new_reg) \ 168 { \ 169 (cs)->prevlinktype = (cs)->linktype; \ 170 (cs)->off_prevlinkhdr = (cs)->off_linkhdr; \ 171 (cs)->linktype = (new_linktype); \ 172 (cs)->off_linkhdr.is_variable = (new_is_variable); \ 173 (cs)->off_linkhdr.constant_part = (new_constant_part); \ 174 (cs)->off_linkhdr.reg = (new_reg); \ 175 (cs)->is_geneve = 0; \ 176 } 177 178 /* 179 * Offset "not set" value. 180 */ 181 #define OFFSET_NOT_SET 0xffffffffU 182 183 /* 184 * Absolute offsets, which are offsets from the beginning of the raw 185 * packet data, are, in the general case, the sum of a variable value 186 * and a constant value; the variable value may be absent, in which 187 * case the offset is only the constant value, and the constant value 188 * may be zero, in which case the offset is only the variable value. 189 * 190 * bpf_abs_offset is a structure containing all that information: 191 * 192 * is_variable is 1 if there's a variable part. 193 * 194 * constant_part is the constant part of the value, possibly zero; 195 * 196 * if is_variable is 1, reg is the register number for a register 197 * containing the variable value if the register has been assigned, 198 * and -1 otherwise. 199 */ 200 typedef struct { 201 int is_variable; 202 u_int constant_part; 203 int reg; 204 } bpf_abs_offset; 205 206 /* 207 * Value passed to gen_load_a() to indicate what the offset argument 208 * is relative to the beginning of. 209 */ 210 enum e_offrel { 211 OR_PACKET, /* full packet data */ 212 OR_LINKHDR, /* link-layer header */ 213 OR_PREVLINKHDR, /* previous link-layer header */ 214 OR_LLC, /* 802.2 LLC header */ 215 OR_PREVMPLSHDR, /* previous MPLS header */ 216 OR_LINKTYPE, /* link-layer type */ 217 OR_LINKPL, /* link-layer payload */ 218 OR_LINKPL_NOSNAP, /* link-layer payload, with no SNAP header at the link layer */ 219 OR_TRAN_IPV4, /* transport-layer header, with IPv4 network layer */ 220 OR_TRAN_IPV6 /* transport-layer header, with IPv6 network layer */ 221 }; 222 223 /* 224 * We divvy out chunks of memory rather than call malloc each time so 225 * we don't have to worry about leaking memory. It's probably 226 * not a big deal if all this memory was wasted but if this ever 227 * goes into a library that would probably not be a good idea. 228 * 229 * XXX - this *is* in a library.... 230 */ 231 #define NCHUNKS 16 232 #define CHUNK0SIZE 1024 233 struct chunk { 234 size_t n_left; 235 void *m; 236 }; 237 238 /* Code generator state */ 239 240 struct _compiler_state { 241 jmp_buf top_ctx; 242 pcap_t *bpf_pcap; 243 int error_set; 244 245 struct icode ic; 246 247 int snaplen; 248 249 int linktype; 250 int prevlinktype; 251 int outermostlinktype; 252 253 bpf_u_int32 netmask; 254 int no_optimize; 255 256 /* Hack for handling VLAN and MPLS stacks. */ 257 u_int label_stack_depth; 258 u_int vlan_stack_depth; 259 260 /* XXX */ 261 u_int pcap_fddipad; 262 263 /* 264 * As errors are handled by a longjmp, anything allocated must 265 * be freed in the longjmp handler, so it must be reachable 266 * from that handler. 267 * 268 * One thing that's allocated is the result of pcap_nametoaddrinfo(); 269 * it must be freed with freeaddrinfo(). This variable points to 270 * any addrinfo structure that would need to be freed. 271 */ 272 struct addrinfo *ai; 273 274 /* 275 * Another thing that's allocated is the result of pcap_ether_aton(); 276 * it must be freed with free(). This variable points to any 277 * address that would need to be freed. 278 */ 279 u_char *e; 280 281 /* 282 * Various code constructs need to know the layout of the packet. 283 * These values give the necessary offsets from the beginning 284 * of the packet data. 285 */ 286 287 /* 288 * Absolute offset of the beginning of the link-layer header. 289 */ 290 bpf_abs_offset off_linkhdr; 291 292 /* 293 * If we're checking a link-layer header for a packet encapsulated 294 * in another protocol layer, this is the equivalent information 295 * for the previous layers' link-layer header from the beginning 296 * of the raw packet data. 297 */ 298 bpf_abs_offset off_prevlinkhdr; 299 300 /* 301 * This is the equivalent information for the outermost layers' 302 * link-layer header. 303 */ 304 bpf_abs_offset off_outermostlinkhdr; 305 306 /* 307 * Absolute offset of the beginning of the link-layer payload. 308 */ 309 bpf_abs_offset off_linkpl; 310 311 /* 312 * "off_linktype" is the offset to information in the link-layer 313 * header giving the packet type. This is an absolute offset 314 * from the beginning of the packet. 315 * 316 * For Ethernet, it's the offset of the Ethernet type field; this 317 * means that it must have a value that skips VLAN tags. 318 * 319 * For link-layer types that always use 802.2 headers, it's the 320 * offset of the LLC header; this means that it must have a value 321 * that skips VLAN tags. 322 * 323 * For PPP, it's the offset of the PPP type field. 324 * 325 * For Cisco HDLC, it's the offset of the CHDLC type field. 326 * 327 * For BSD loopback, it's the offset of the AF_ value. 328 * 329 * For Linux cooked sockets, it's the offset of the type field. 330 * 331 * off_linktype.constant_part is set to OFFSET_NOT_SET for no 332 * encapsulation, in which case, IP is assumed. 333 */ 334 bpf_abs_offset off_linktype; 335 336 /* 337 * TRUE if the link layer includes an ATM pseudo-header. 338 */ 339 int is_atm; 340 341 /* 342 * TRUE if "geneve" appeared in the filter; it causes us to 343 * generate code that checks for a Geneve header and assume 344 * that later filters apply to the encapsulated payload. 345 */ 346 int is_geneve; 347 348 /* 349 * TRUE if we need variable length part of VLAN offset 350 */ 351 int is_vlan_vloffset; 352 353 /* 354 * These are offsets for the ATM pseudo-header. 355 */ 356 u_int off_vpi; 357 u_int off_vci; 358 u_int off_proto; 359 360 /* 361 * These are offsets for the MTP2 fields. 362 */ 363 u_int off_li; 364 u_int off_li_hsl; 365 366 /* 367 * These are offsets for the MTP3 fields. 368 */ 369 u_int off_sio; 370 u_int off_opc; 371 u_int off_dpc; 372 u_int off_sls; 373 374 /* 375 * This is the offset of the first byte after the ATM pseudo_header, 376 * or -1 if there is no ATM pseudo-header. 377 */ 378 u_int off_payload; 379 380 /* 381 * These are offsets to the beginning of the network-layer header. 382 * They are relative to the beginning of the link-layer payload 383 * (i.e., they don't include off_linkhdr.constant_part or 384 * off_linkpl.constant_part). 385 * 386 * If the link layer never uses 802.2 LLC: 387 * 388 * "off_nl" and "off_nl_nosnap" are the same. 389 * 390 * If the link layer always uses 802.2 LLC: 391 * 392 * "off_nl" is the offset if there's a SNAP header following 393 * the 802.2 header; 394 * 395 * "off_nl_nosnap" is the offset if there's no SNAP header. 396 * 397 * If the link layer is Ethernet: 398 * 399 * "off_nl" is the offset if the packet is an Ethernet II packet 400 * (we assume no 802.3+802.2+SNAP); 401 * 402 * "off_nl_nosnap" is the offset if the packet is an 802.3 packet 403 * with an 802.2 header following it. 404 */ 405 u_int off_nl; 406 u_int off_nl_nosnap; 407 408 /* 409 * Here we handle simple allocation of the scratch registers. 410 * If too many registers are alloc'd, the allocator punts. 411 */ 412 int regused[BPF_MEMWORDS]; 413 int curreg; 414 415 /* 416 * Memory chunks. 417 */ 418 struct chunk chunks[NCHUNKS]; 419 int cur_chunk; 420 }; 421 422 /* 423 * For use by routines outside this file. 424 */ 425 /* VARARGS */ 426 void 427 bpf_set_error(compiler_state_t *cstate, const char *fmt, ...) 428 { 429 va_list ap; 430 431 /* 432 * If we've already set an error, don't override it. 433 * The lexical analyzer reports some errors by setting 434 * the error and then returning a LEX_ERROR token, which 435 * is not recognized by any grammar rule, and thus forces 436 * the parse to stop. We don't want the error reported 437 * by the lexical analyzer to be overwritten by the syntax 438 * error. 439 */ 440 if (!cstate->error_set) { 441 va_start(ap, fmt); 442 (void)vsnprintf(cstate->bpf_pcap->errbuf, PCAP_ERRBUF_SIZE, 443 fmt, ap); 444 va_end(ap); 445 cstate->error_set = 1; 446 } 447 } 448 449 /* 450 * For use *ONLY* in routines in this file. 451 */ 452 static void PCAP_NORETURN bpf_error(compiler_state_t *, const char *, ...) 453 PCAP_PRINTFLIKE(2, 3); 454 455 /* VARARGS */ 456 static void PCAP_NORETURN 457 bpf_error(compiler_state_t *cstate, const char *fmt, ...) 458 { 459 va_list ap; 460 461 va_start(ap, fmt); 462 (void)vsnprintf(cstate->bpf_pcap->errbuf, PCAP_ERRBUF_SIZE, 463 fmt, ap); 464 va_end(ap); 465 longjmp(cstate->top_ctx, 1); 466 /*NOTREACHED*/ 467 #ifdef _AIX 468 PCAP_UNREACHABLE 469 #endif /* _AIX */ 470 } 471 472 static int init_linktype(compiler_state_t *, pcap_t *); 473 474 static void init_regs(compiler_state_t *); 475 static int alloc_reg(compiler_state_t *); 476 static void free_reg(compiler_state_t *, int); 477 478 static void initchunks(compiler_state_t *cstate); 479 static void *newchunk_nolongjmp(compiler_state_t *cstate, size_t); 480 static void *newchunk(compiler_state_t *cstate, size_t); 481 static void freechunks(compiler_state_t *cstate); 482 static inline struct block *new_block(compiler_state_t *cstate, int); 483 static inline struct slist *new_stmt(compiler_state_t *cstate, int); 484 static struct block *gen_retblk(compiler_state_t *cstate, int); 485 static inline void syntax(compiler_state_t *cstate); 486 487 static void backpatch(struct block *, struct block *); 488 static void merge(struct block *, struct block *); 489 static struct block *gen_cmp(compiler_state_t *, enum e_offrel, u_int, 490 u_int, bpf_u_int32); 491 static struct block *gen_cmp_gt(compiler_state_t *, enum e_offrel, u_int, 492 u_int, bpf_u_int32); 493 static struct block *gen_cmp_ge(compiler_state_t *, enum e_offrel, u_int, 494 u_int, bpf_u_int32); 495 static struct block *gen_cmp_lt(compiler_state_t *, enum e_offrel, u_int, 496 u_int, bpf_u_int32); 497 static struct block *gen_cmp_le(compiler_state_t *, enum e_offrel, u_int, 498 u_int, bpf_u_int32); 499 static struct block *gen_mcmp(compiler_state_t *, enum e_offrel, u_int, 500 u_int, bpf_u_int32, bpf_u_int32); 501 static struct block *gen_bcmp(compiler_state_t *, enum e_offrel, u_int, 502 u_int, const u_char *); 503 static struct block *gen_ncmp(compiler_state_t *, enum e_offrel, u_int, 504 u_int, bpf_u_int32, int, int, bpf_u_int32); 505 static struct slist *gen_load_absoffsetrel(compiler_state_t *, bpf_abs_offset *, 506 u_int, u_int); 507 static struct slist *gen_load_a(compiler_state_t *, enum e_offrel, u_int, 508 u_int); 509 static struct slist *gen_loadx_iphdrlen(compiler_state_t *); 510 static struct block *gen_uncond(compiler_state_t *, int); 511 static inline struct block *gen_true(compiler_state_t *); 512 static inline struct block *gen_false(compiler_state_t *); 513 static struct block *gen_ether_linktype(compiler_state_t *, bpf_u_int32); 514 static struct block *gen_ipnet_linktype(compiler_state_t *, bpf_u_int32); 515 static struct block *gen_linux_sll_linktype(compiler_state_t *, bpf_u_int32); 516 static struct slist *gen_load_pflog_llprefixlen(compiler_state_t *); 517 static struct slist *gen_load_prism_llprefixlen(compiler_state_t *); 518 static struct slist *gen_load_avs_llprefixlen(compiler_state_t *); 519 static struct slist *gen_load_radiotap_llprefixlen(compiler_state_t *); 520 static struct slist *gen_load_ppi_llprefixlen(compiler_state_t *); 521 static void insert_compute_vloffsets(compiler_state_t *, struct block *); 522 static struct slist *gen_abs_offset_varpart(compiler_state_t *, 523 bpf_abs_offset *); 524 static bpf_u_int32 ethertype_to_ppptype(bpf_u_int32); 525 static struct block *gen_linktype(compiler_state_t *, bpf_u_int32); 526 static struct block *gen_snap(compiler_state_t *, bpf_u_int32, bpf_u_int32); 527 static struct block *gen_llc_linktype(compiler_state_t *, bpf_u_int32); 528 static struct block *gen_hostop(compiler_state_t *, bpf_u_int32, bpf_u_int32, 529 int, bpf_u_int32, u_int, u_int); 530 #ifdef INET6 531 static struct block *gen_hostop6(compiler_state_t *, struct in6_addr *, 532 struct in6_addr *, int, bpf_u_int32, u_int, u_int); 533 #endif 534 static struct block *gen_ahostop(compiler_state_t *, const u_char *, int); 535 static struct block *gen_ehostop(compiler_state_t *, const u_char *, int); 536 static struct block *gen_fhostop(compiler_state_t *, const u_char *, int); 537 static struct block *gen_thostop(compiler_state_t *, const u_char *, int); 538 static struct block *gen_wlanhostop(compiler_state_t *, const u_char *, int); 539 static struct block *gen_ipfchostop(compiler_state_t *, const u_char *, int); 540 static struct block *gen_dnhostop(compiler_state_t *, bpf_u_int32, int); 541 static struct block *gen_mpls_linktype(compiler_state_t *, bpf_u_int32); 542 static struct block *gen_host(compiler_state_t *, bpf_u_int32, bpf_u_int32, 543 int, int, int); 544 #ifdef INET6 545 static struct block *gen_host6(compiler_state_t *, struct in6_addr *, 546 struct in6_addr *, int, int, int); 547 #endif 548 #ifndef INET6 549 static struct block *gen_gateway(compiler_state_t *, const u_char *, 550 struct addrinfo *, int, int); 551 #endif 552 static struct block *gen_ipfrag(compiler_state_t *); 553 static struct block *gen_portatom(compiler_state_t *, int, bpf_u_int32); 554 static struct block *gen_portrangeatom(compiler_state_t *, u_int, bpf_u_int32, 555 bpf_u_int32); 556 static struct block *gen_portatom6(compiler_state_t *, int, bpf_u_int32); 557 static struct block *gen_portrangeatom6(compiler_state_t *, u_int, bpf_u_int32, 558 bpf_u_int32); 559 static struct block *gen_portop(compiler_state_t *, u_int, u_int, int); 560 static struct block *gen_port(compiler_state_t *, u_int, int, int); 561 static struct block *gen_portrangeop(compiler_state_t *, u_int, u_int, 562 bpf_u_int32, int); 563 static struct block *gen_portrange(compiler_state_t *, u_int, u_int, int, int); 564 struct block *gen_portop6(compiler_state_t *, u_int, u_int, int); 565 static struct block *gen_port6(compiler_state_t *, u_int, int, int); 566 static struct block *gen_portrangeop6(compiler_state_t *, u_int, u_int, 567 bpf_u_int32, int); 568 static struct block *gen_portrange6(compiler_state_t *, u_int, u_int, int, int); 569 static int lookup_proto(compiler_state_t *, const char *, int); 570 #if !defined(NO_PROTOCHAIN) 571 static struct block *gen_protochain(compiler_state_t *, bpf_u_int32, int); 572 #endif /* !defined(NO_PROTOCHAIN) */ 573 static struct block *gen_proto(compiler_state_t *, bpf_u_int32, int, int); 574 static struct slist *xfer_to_x(compiler_state_t *, struct arth *); 575 static struct slist *xfer_to_a(compiler_state_t *, struct arth *); 576 static struct block *gen_mac_multicast(compiler_state_t *, int); 577 static struct block *gen_len(compiler_state_t *, int, int); 578 static struct block *gen_check_802_11_data_frame(compiler_state_t *); 579 static struct block *gen_geneve_ll_check(compiler_state_t *cstate); 580 581 static struct block *gen_ppi_dlt_check(compiler_state_t *); 582 static struct block *gen_atmfield_code_internal(compiler_state_t *, int, 583 bpf_u_int32, int, int); 584 static struct block *gen_atmtype_llc(compiler_state_t *); 585 static struct block *gen_msg_abbrev(compiler_state_t *, int type); 586 587 static void 588 initchunks(compiler_state_t *cstate) 589 { 590 int i; 591 592 for (i = 0; i < NCHUNKS; i++) { 593 cstate->chunks[i].n_left = 0; 594 cstate->chunks[i].m = NULL; 595 } 596 cstate->cur_chunk = 0; 597 } 598 599 static void * 600 newchunk_nolongjmp(compiler_state_t *cstate, size_t n) 601 { 602 struct chunk *cp; 603 int k; 604 size_t size; 605 606 #ifndef __NetBSD__ 607 /* XXX Round up to nearest long. */ 608 n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1); 609 #else 610 /* XXX Round up to structure boundary. */ 611 n = ALIGN(n); 612 #endif 613 614 cp = &cstate->chunks[cstate->cur_chunk]; 615 if (n > cp->n_left) { 616 ++cp; 617 k = ++cstate->cur_chunk; 618 if (k >= NCHUNKS) { 619 bpf_set_error(cstate, "out of memory"); 620 return (NULL); 621 } 622 size = CHUNK0SIZE << k; 623 cp->m = (void *)malloc(size); 624 if (cp->m == NULL) { 625 bpf_set_error(cstate, "out of memory"); 626 return (NULL); 627 } 628 memset((char *)cp->m, 0, size); 629 cp->n_left = size; 630 if (n > size) { 631 bpf_set_error(cstate, "out of memory"); 632 return (NULL); 633 } 634 } 635 cp->n_left -= n; 636 return (void *)((char *)cp->m + cp->n_left); 637 } 638 639 static void * 640 newchunk(compiler_state_t *cstate, size_t n) 641 { 642 void *p; 643 644 p = newchunk_nolongjmp(cstate, n); 645 if (p == NULL) { 646 longjmp(cstate->top_ctx, 1); 647 /*NOTREACHED*/ 648 } 649 return (p); 650 } 651 652 static void 653 freechunks(compiler_state_t *cstate) 654 { 655 int i; 656 657 for (i = 0; i < NCHUNKS; ++i) 658 if (cstate->chunks[i].m != NULL) 659 free(cstate->chunks[i].m); 660 } 661 662 /* 663 * A strdup whose allocations are freed after code generation is over. 664 * This is used by the lexical analyzer, so it can't longjmp; it just 665 * returns NULL on an allocation error, and the callers must check 666 * for it. 667 */ 668 char * 669 sdup(compiler_state_t *cstate, const char *s) 670 { 671 size_t n = strlen(s) + 1; 672 char *cp = newchunk_nolongjmp(cstate, n); 673 674 if (cp == NULL) 675 return (NULL); 676 pcapint_strlcpy(cp, s, n); 677 return (cp); 678 } 679 680 static inline struct block * 681 new_block(compiler_state_t *cstate, int code) 682 { 683 struct block *p; 684 685 p = (struct block *)newchunk(cstate, sizeof(*p)); 686 p->s.code = code; 687 p->head = p; 688 689 return p; 690 } 691 692 static inline struct slist * 693 new_stmt(compiler_state_t *cstate, int code) 694 { 695 struct slist *p; 696 697 p = (struct slist *)newchunk(cstate, sizeof(*p)); 698 p->s.code = code; 699 700 return p; 701 } 702 703 static struct block * 704 gen_retblk(compiler_state_t *cstate, int v) 705 { 706 struct block *b = new_block(cstate, BPF_RET|BPF_K); 707 708 b->s.k = v; 709 return b; 710 } 711 712 static inline PCAP_NORETURN_DEF void 713 syntax(compiler_state_t *cstate) 714 { 715 bpf_error(cstate, "syntax error in filter expression"); 716 } 717 718 int 719 pcap_compile(pcap_t *p, struct bpf_program *program, 720 const char *buf, int optimize, bpf_u_int32 mask) 721 { 722 #ifdef _WIN32 723 static int done = 0; 724 #endif 725 compiler_state_t cstate; 726 const char * volatile xbuf = buf; 727 yyscan_t scanner = NULL; 728 volatile YY_BUFFER_STATE in_buffer = NULL; 729 u_int len; 730 int rc; 731 732 /* 733 * If this pcap_t hasn't been activated, it doesn't have a 734 * link-layer type, so we can't use it. 735 */ 736 if (!p->activated) { 737 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 738 "not-yet-activated pcap_t passed to pcap_compile"); 739 return (PCAP_ERROR); 740 } 741 742 #ifdef _WIN32 743 if (!done) { 744 pcap_wsockinit(); 745 done = 1; 746 } 747 #endif 748 749 #ifdef ENABLE_REMOTE 750 /* 751 * If the device on which we're capturing need to be notified 752 * that a new filter is being compiled, do so. 753 * 754 * This allows them to save a copy of it, in case, for example, 755 * they're implementing a form of remote packet capture, and 756 * want the remote machine to filter out the packets in which 757 * it's sending the packets it's captured. 758 * 759 * XXX - the fact that we happen to be compiling a filter 760 * doesn't necessarily mean we'll be installing it as the 761 * filter for this pcap_t; we might be running it from userland 762 * on captured packets to do packet classification. We really 763 * need a better way of handling this, but this is all that 764 * the WinPcap remote capture code did. 765 */ 766 if (p->save_current_filter_op != NULL) 767 (p->save_current_filter_op)(p, buf); 768 #endif 769 770 initchunks(&cstate); 771 cstate.no_optimize = 0; 772 #ifdef INET6 773 cstate.ai = NULL; 774 #endif 775 cstate.e = NULL; 776 cstate.ic.root = NULL; 777 cstate.ic.cur_mark = 0; 778 cstate.bpf_pcap = p; 779 cstate.error_set = 0; 780 init_regs(&cstate); 781 782 cstate.netmask = mask; 783 784 cstate.snaplen = pcap_snapshot(p); 785 if (cstate.snaplen == 0) { 786 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 787 "snaplen of 0 rejects all packets"); 788 rc = PCAP_ERROR; 789 goto quit; 790 } 791 792 if (pcap_lex_init(&scanner) != 0) { 793 pcapint_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE, 794 errno, "can't initialize scanner"); 795 rc = PCAP_ERROR; 796 goto quit; 797 } 798 in_buffer = pcap__scan_string(xbuf ? xbuf : "", scanner); 799 800 /* 801 * Associate the compiler state with the lexical analyzer 802 * state. 803 */ 804 pcap_set_extra(&cstate, scanner); 805 806 if (init_linktype(&cstate, p) == -1) { 807 rc = PCAP_ERROR; 808 goto quit; 809 } 810 if (pcap_parse(scanner, &cstate) != 0) { 811 #ifdef INET6 812 if (cstate.ai != NULL) 813 freeaddrinfo(cstate.ai); 814 #endif 815 if (cstate.e != NULL) 816 free(cstate.e); 817 rc = PCAP_ERROR; 818 goto quit; 819 } 820 821 if (cstate.ic.root == NULL) { 822 /* 823 * Catch errors reported by gen_retblk(). 824 */ 825 if (setjmp(cstate.top_ctx)) { 826 rc = PCAP_ERROR; 827 goto quit; 828 } 829 cstate.ic.root = gen_retblk(&cstate, cstate.snaplen); 830 } 831 832 if (optimize && !cstate.no_optimize) { 833 if (bpf_optimize(&cstate.ic, p->errbuf) == -1) { 834 /* Failure */ 835 rc = PCAP_ERROR; 836 goto quit; 837 } 838 if (cstate.ic.root == NULL || 839 (cstate.ic.root->s.code == (BPF_RET|BPF_K) && cstate.ic.root->s.k == 0)) { 840 (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, 841 "expression rejects all packets"); 842 rc = PCAP_ERROR; 843 goto quit; 844 } 845 } 846 program->bf_insns = icode_to_fcode(&cstate.ic, 847 cstate.ic.root, &len, p->errbuf); 848 if (program->bf_insns == NULL) { 849 /* Failure */ 850 rc = PCAP_ERROR; 851 goto quit; 852 } 853 program->bf_len = len; 854 855 rc = 0; /* We're all okay */ 856 857 quit: 858 /* 859 * Clean up everything for the lexical analyzer. 860 */ 861 if (in_buffer != NULL) 862 pcap__delete_buffer(in_buffer, scanner); 863 if (scanner != NULL) 864 pcap_lex_destroy(scanner); 865 866 /* 867 * Clean up our own allocated memory. 868 */ 869 freechunks(&cstate); 870 871 return (rc); 872 } 873 874 /* 875 * entry point for using the compiler with no pcap open 876 * pass in all the stuff that is needed explicitly instead. 877 */ 878 int 879 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 880 struct bpf_program *program, 881 const char *buf, int optimize, bpf_u_int32 mask) 882 { 883 pcap_t *p; 884 int ret; 885 886 p = pcap_open_dead(linktype_arg, snaplen_arg); 887 if (p == NULL) 888 return (PCAP_ERROR); 889 ret = pcap_compile(p, program, buf, optimize, mask); 890 pcap_close(p); 891 return (ret); 892 } 893 894 /* 895 * Clean up a "struct bpf_program" by freeing all the memory allocated 896 * in it. 897 */ 898 void 899 pcap_freecode(struct bpf_program *program) 900 { 901 program->bf_len = 0; 902 if (program->bf_insns != NULL) { 903 free((char *)program->bf_insns); 904 program->bf_insns = NULL; 905 } 906 } 907 908 /* 909 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 910 * which of the jt and jf fields has been resolved and which is a pointer 911 * back to another unresolved block (or nil). At least one of the fields 912 * in each block is already resolved. 913 */ 914 static void 915 backpatch(struct block *list, struct block *target) 916 { 917 struct block *next; 918 919 while (list) { 920 if (!list->sense) { 921 next = JT(list); 922 JT(list) = target; 923 } else { 924 next = JF(list); 925 JF(list) = target; 926 } 927 list = next; 928 } 929 } 930 931 /* 932 * Merge the lists in b0 and b1, using the 'sense' field to indicate 933 * which of jt and jf is the link. 934 */ 935 static void 936 merge(struct block *b0, struct block *b1) 937 { 938 register struct block **p = &b0; 939 940 /* Find end of list. */ 941 while (*p) 942 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 943 944 /* Concatenate the lists. */ 945 *p = b1; 946 } 947 948 int 949 finish_parse(compiler_state_t *cstate, struct block *p) 950 { 951 struct block *ppi_dlt_check; 952 953 /* 954 * Catch errors reported by us and routines below us, and return -1 955 * on an error. 956 */ 957 if (setjmp(cstate->top_ctx)) 958 return (-1); 959 960 /* 961 * Insert before the statements of the first (root) block any 962 * statements needed to load the lengths of any variable-length 963 * headers into registers. 964 * 965 * XXX - a fancier strategy would be to insert those before the 966 * statements of all blocks that use those lengths and that 967 * have no predecessors that use them, so that we only compute 968 * the lengths if we need them. There might be even better 969 * approaches than that. 970 * 971 * However, those strategies would be more complicated, and 972 * as we don't generate code to compute a length if the 973 * program has no tests that use the length, and as most 974 * tests will probably use those lengths, we would just 975 * postpone computing the lengths so that it's not done 976 * for tests that fail early, and it's not clear that's 977 * worth the effort. 978 */ 979 insert_compute_vloffsets(cstate, p->head); 980 981 /* 982 * For DLT_PPI captures, generate a check of the per-packet 983 * DLT value to make sure it's DLT_IEEE802_11. 984 * 985 * XXX - TurboCap cards use DLT_PPI for Ethernet. 986 * Can we just define some DLT_ETHERNET_WITH_PHDR pseudo-header 987 * with appropriate Ethernet information and use that rather 988 * than using something such as DLT_PPI where you don't know 989 * the link-layer header type until runtime, which, in the 990 * general case, would force us to generate both Ethernet *and* 991 * 802.11 code (*and* anything else for which PPI is used) 992 * and choose between them early in the BPF program? 993 */ 994 ppi_dlt_check = gen_ppi_dlt_check(cstate); 995 if (ppi_dlt_check != NULL) 996 gen_and(ppi_dlt_check, p); 997 998 backpatch(p, gen_retblk(cstate, cstate->snaplen)); 999 p->sense = !p->sense; 1000 backpatch(p, gen_retblk(cstate, 0)); 1001 cstate->ic.root = p->head; 1002 return (0); 1003 } 1004 1005 void 1006 gen_and(struct block *b0, struct block *b1) 1007 { 1008 backpatch(b0, b1->head); 1009 b0->sense = !b0->sense; 1010 b1->sense = !b1->sense; 1011 merge(b1, b0); 1012 b1->sense = !b1->sense; 1013 b1->head = b0->head; 1014 } 1015 1016 void 1017 gen_or(struct block *b0, struct block *b1) 1018 { 1019 b0->sense = !b0->sense; 1020 backpatch(b0, b1->head); 1021 b0->sense = !b0->sense; 1022 merge(b1, b0); 1023 b1->head = b0->head; 1024 } 1025 1026 void 1027 gen_not(struct block *b) 1028 { 1029 b->sense = !b->sense; 1030 } 1031 1032 static struct block * 1033 gen_cmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1034 u_int size, bpf_u_int32 v) 1035 { 1036 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JEQ, 0, v); 1037 } 1038 1039 static struct block * 1040 gen_cmp_gt(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1041 u_int size, bpf_u_int32 v) 1042 { 1043 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGT, 0, v); 1044 } 1045 1046 static struct block * 1047 gen_cmp_ge(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1048 u_int size, bpf_u_int32 v) 1049 { 1050 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGE, 0, v); 1051 } 1052 1053 static struct block * 1054 gen_cmp_lt(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1055 u_int size, bpf_u_int32 v) 1056 { 1057 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGE, 1, v); 1058 } 1059 1060 static struct block * 1061 gen_cmp_le(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1062 u_int size, bpf_u_int32 v) 1063 { 1064 return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGT, 1, v); 1065 } 1066 1067 static struct block * 1068 gen_mcmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1069 u_int size, bpf_u_int32 v, bpf_u_int32 mask) 1070 { 1071 return gen_ncmp(cstate, offrel, offset, size, mask, BPF_JEQ, 0, v); 1072 } 1073 1074 static struct block * 1075 gen_bcmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1076 u_int size, const u_char *v) 1077 { 1078 register struct block *b, *tmp; 1079 1080 b = NULL; 1081 while (size >= 4) { 1082 register const u_char *p = &v[size - 4]; 1083 1084 tmp = gen_cmp(cstate, offrel, offset + size - 4, BPF_W, 1085 EXTRACT_BE_U_4(p)); 1086 if (b != NULL) 1087 gen_and(b, tmp); 1088 b = tmp; 1089 size -= 4; 1090 } 1091 while (size >= 2) { 1092 register const u_char *p = &v[size - 2]; 1093 1094 tmp = gen_cmp(cstate, offrel, offset + size - 2, BPF_H, 1095 EXTRACT_BE_U_2(p)); 1096 if (b != NULL) 1097 gen_and(b, tmp); 1098 b = tmp; 1099 size -= 2; 1100 } 1101 if (size > 0) { 1102 tmp = gen_cmp(cstate, offrel, offset, BPF_B, v[0]); 1103 if (b != NULL) 1104 gen_and(b, tmp); 1105 b = tmp; 1106 } 1107 return b; 1108 } 1109 1110 /* 1111 * AND the field of size "size" at offset "offset" relative to the header 1112 * specified by "offrel" with "mask", and compare it with the value "v" 1113 * with the test specified by "jtype"; if "reverse" is true, the test 1114 * should test the opposite of "jtype". 1115 */ 1116 static struct block * 1117 gen_ncmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1118 u_int size, bpf_u_int32 mask, int jtype, int reverse, 1119 bpf_u_int32 v) 1120 { 1121 struct slist *s, *s2; 1122 struct block *b; 1123 1124 s = gen_load_a(cstate, offrel, offset, size); 1125 1126 if (mask != 0xffffffff) { 1127 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 1128 s2->s.k = mask; 1129 sappend(s, s2); 1130 } 1131 1132 b = new_block(cstate, JMP(jtype)); 1133 b->stmts = s; 1134 b->s.k = v; 1135 if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE)) 1136 gen_not(b); 1137 return b; 1138 } 1139 1140 static int 1141 init_linktype(compiler_state_t *cstate, pcap_t *p) 1142 { 1143 cstate->pcap_fddipad = p->fddipad; 1144 1145 /* 1146 * We start out with only one link-layer header. 1147 */ 1148 cstate->outermostlinktype = pcap_datalink(p); 1149 cstate->off_outermostlinkhdr.constant_part = 0; 1150 cstate->off_outermostlinkhdr.is_variable = 0; 1151 cstate->off_outermostlinkhdr.reg = -1; 1152 1153 cstate->prevlinktype = cstate->outermostlinktype; 1154 cstate->off_prevlinkhdr.constant_part = 0; 1155 cstate->off_prevlinkhdr.is_variable = 0; 1156 cstate->off_prevlinkhdr.reg = -1; 1157 1158 cstate->linktype = cstate->outermostlinktype; 1159 cstate->off_linkhdr.constant_part = 0; 1160 cstate->off_linkhdr.is_variable = 0; 1161 cstate->off_linkhdr.reg = -1; 1162 1163 /* 1164 * XXX 1165 */ 1166 cstate->off_linkpl.constant_part = 0; 1167 cstate->off_linkpl.is_variable = 0; 1168 cstate->off_linkpl.reg = -1; 1169 1170 cstate->off_linktype.constant_part = 0; 1171 cstate->off_linktype.is_variable = 0; 1172 cstate->off_linktype.reg = -1; 1173 1174 /* 1175 * Assume it's not raw ATM with a pseudo-header, for now. 1176 */ 1177 cstate->is_atm = 0; 1178 cstate->off_vpi = OFFSET_NOT_SET; 1179 cstate->off_vci = OFFSET_NOT_SET; 1180 cstate->off_proto = OFFSET_NOT_SET; 1181 cstate->off_payload = OFFSET_NOT_SET; 1182 1183 /* 1184 * And not Geneve. 1185 */ 1186 cstate->is_geneve = 0; 1187 1188 /* 1189 * No variable length VLAN offset by default 1190 */ 1191 cstate->is_vlan_vloffset = 0; 1192 1193 /* 1194 * And assume we're not doing SS7. 1195 */ 1196 cstate->off_li = OFFSET_NOT_SET; 1197 cstate->off_li_hsl = OFFSET_NOT_SET; 1198 cstate->off_sio = OFFSET_NOT_SET; 1199 cstate->off_opc = OFFSET_NOT_SET; 1200 cstate->off_dpc = OFFSET_NOT_SET; 1201 cstate->off_sls = OFFSET_NOT_SET; 1202 1203 cstate->label_stack_depth = 0; 1204 cstate->vlan_stack_depth = 0; 1205 1206 switch (cstate->linktype) { 1207 1208 case DLT_ARCNET: 1209 cstate->off_linktype.constant_part = 2; 1210 cstate->off_linkpl.constant_part = 6; 1211 cstate->off_nl = 0; /* XXX in reality, variable! */ 1212 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1213 break; 1214 1215 case DLT_ARCNET_LINUX: 1216 cstate->off_linktype.constant_part = 4; 1217 cstate->off_linkpl.constant_part = 8; 1218 cstate->off_nl = 0; /* XXX in reality, variable! */ 1219 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1220 break; 1221 1222 case DLT_EN10MB: 1223 cstate->off_linktype.constant_part = 12; 1224 cstate->off_linkpl.constant_part = 14; /* Ethernet header length */ 1225 cstate->off_nl = 0; /* Ethernet II */ 1226 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */ 1227 break; 1228 1229 case DLT_SLIP: 1230 /* 1231 * SLIP doesn't have a link level type. The 16 byte 1232 * header is hacked into our SLIP driver. 1233 */ 1234 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1235 cstate->off_linkpl.constant_part = 16; 1236 cstate->off_nl = 0; 1237 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1238 break; 1239 1240 case DLT_SLIP_BSDOS: 1241 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 1242 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1243 /* XXX end */ 1244 cstate->off_linkpl.constant_part = 24; 1245 cstate->off_nl = 0; 1246 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1247 break; 1248 1249 case DLT_NULL: 1250 case DLT_LOOP: 1251 cstate->off_linktype.constant_part = 0; 1252 cstate->off_linkpl.constant_part = 4; 1253 cstate->off_nl = 0; 1254 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1255 break; 1256 1257 case DLT_ENC: 1258 cstate->off_linktype.constant_part = 0; 1259 cstate->off_linkpl.constant_part = 12; 1260 cstate->off_nl = 0; 1261 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1262 break; 1263 1264 case DLT_PPP: 1265 case DLT_PPP_PPPD: 1266 case DLT_C_HDLC: /* BSD/OS Cisco HDLC */ 1267 case DLT_HDLC: /* NetBSD (Cisco) HDLC */ 1268 case DLT_PPP_SERIAL: /* NetBSD sync/async serial PPP */ 1269 cstate->off_linktype.constant_part = 2; /* skip HDLC-like framing */ 1270 cstate->off_linkpl.constant_part = 4; /* skip HDLC-like framing and protocol field */ 1271 cstate->off_nl = 0; 1272 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1273 break; 1274 1275 case DLT_PPP_ETHER: 1276 /* 1277 * This does no include the Ethernet header, and 1278 * only covers session state. 1279 */ 1280 cstate->off_linktype.constant_part = 6; 1281 cstate->off_linkpl.constant_part = 8; 1282 cstate->off_nl = 0; 1283 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1284 break; 1285 1286 case DLT_PPP_BSDOS: 1287 cstate->off_linktype.constant_part = 5; 1288 cstate->off_linkpl.constant_part = 24; 1289 cstate->off_nl = 0; 1290 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1291 break; 1292 1293 case DLT_FDDI: 1294 /* 1295 * FDDI doesn't really have a link-level type field. 1296 * We set "off_linktype" to the offset of the LLC header. 1297 * 1298 * To check for Ethernet types, we assume that SSAP = SNAP 1299 * is being used and pick out the encapsulated Ethernet type. 1300 * XXX - should we generate code to check for SNAP? 1301 */ 1302 cstate->off_linktype.constant_part = 13; 1303 cstate->off_linktype.constant_part += cstate->pcap_fddipad; 1304 cstate->off_linkpl.constant_part = 13; /* FDDI MAC header length */ 1305 cstate->off_linkpl.constant_part += cstate->pcap_fddipad; 1306 cstate->off_nl = 8; /* 802.2+SNAP */ 1307 cstate->off_nl_nosnap = 3; /* 802.2 */ 1308 break; 1309 1310 case DLT_IEEE802: 1311 /* 1312 * Token Ring doesn't really have a link-level type field. 1313 * We set "off_linktype" to the offset of the LLC header. 1314 * 1315 * To check for Ethernet types, we assume that SSAP = SNAP 1316 * is being used and pick out the encapsulated Ethernet type. 1317 * XXX - should we generate code to check for SNAP? 1318 * 1319 * XXX - the header is actually variable-length. 1320 * Some various Linux patched versions gave 38 1321 * as "off_linktype" and 40 as "off_nl"; however, 1322 * if a token ring packet has *no* routing 1323 * information, i.e. is not source-routed, the correct 1324 * values are 20 and 22, as they are in the vanilla code. 1325 * 1326 * A packet is source-routed iff the uppermost bit 1327 * of the first byte of the source address, at an 1328 * offset of 8, has the uppermost bit set. If the 1329 * packet is source-routed, the total number of bytes 1330 * of routing information is 2 plus bits 0x1F00 of 1331 * the 16-bit value at an offset of 14 (shifted right 1332 * 8 - figure out which byte that is). 1333 */ 1334 cstate->off_linktype.constant_part = 14; 1335 cstate->off_linkpl.constant_part = 14; /* Token Ring MAC header length */ 1336 cstate->off_nl = 8; /* 802.2+SNAP */ 1337 cstate->off_nl_nosnap = 3; /* 802.2 */ 1338 break; 1339 1340 case DLT_PRISM_HEADER: 1341 case DLT_IEEE802_11_RADIO_AVS: 1342 case DLT_IEEE802_11_RADIO: 1343 cstate->off_linkhdr.is_variable = 1; 1344 /* Fall through, 802.11 doesn't have a variable link 1345 * prefix but is otherwise the same. */ 1346 /* FALLTHROUGH */ 1347 1348 case DLT_IEEE802_11: 1349 /* 1350 * 802.11 doesn't really have a link-level type field. 1351 * We set "off_linktype.constant_part" to the offset of 1352 * the LLC header. 1353 * 1354 * To check for Ethernet types, we assume that SSAP = SNAP 1355 * is being used and pick out the encapsulated Ethernet type. 1356 * XXX - should we generate code to check for SNAP? 1357 * 1358 * We also handle variable-length radio headers here. 1359 * The Prism header is in theory variable-length, but in 1360 * practice it's always 144 bytes long. However, some 1361 * drivers on Linux use ARPHRD_IEEE80211_PRISM, but 1362 * sometimes or always supply an AVS header, so we 1363 * have to check whether the radio header is a Prism 1364 * header or an AVS header, so, in practice, it's 1365 * variable-length. 1366 */ 1367 cstate->off_linktype.constant_part = 24; 1368 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */ 1369 cstate->off_linkpl.is_variable = 1; 1370 cstate->off_nl = 8; /* 802.2+SNAP */ 1371 cstate->off_nl_nosnap = 3; /* 802.2 */ 1372 break; 1373 1374 case DLT_PPI: 1375 /* 1376 * At the moment we treat PPI the same way that we treat 1377 * normal Radiotap encoded packets. The difference is in 1378 * the function that generates the code at the beginning 1379 * to compute the header length. Since this code generator 1380 * of PPI supports bare 802.11 encapsulation only (i.e. 1381 * the encapsulated DLT should be DLT_IEEE802_11) we 1382 * generate code to check for this too. 1383 */ 1384 cstate->off_linktype.constant_part = 24; 1385 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */ 1386 cstate->off_linkpl.is_variable = 1; 1387 cstate->off_linkhdr.is_variable = 1; 1388 cstate->off_nl = 8; /* 802.2+SNAP */ 1389 cstate->off_nl_nosnap = 3; /* 802.2 */ 1390 break; 1391 1392 case DLT_ATM_RFC1483: 1393 case DLT_ATM_CLIP: /* Linux ATM defines this */ 1394 /* 1395 * assume routed, non-ISO PDUs 1396 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 1397 * 1398 * XXX - what about ISO PDUs, e.g. CLNP, ISIS, ESIS, 1399 * or PPP with the PPP NLPID (e.g., PPPoA)? The 1400 * latter would presumably be treated the way PPPoE 1401 * should be, so you can do "pppoe and udp port 2049" 1402 * or "pppoa and tcp port 80" and have it check for 1403 * PPPo{A,E} and a PPP protocol of IP and.... 1404 */ 1405 cstate->off_linktype.constant_part = 0; 1406 cstate->off_linkpl.constant_part = 0; /* packet begins with LLC header */ 1407 cstate->off_nl = 8; /* 802.2+SNAP */ 1408 cstate->off_nl_nosnap = 3; /* 802.2 */ 1409 break; 1410 1411 case DLT_SUNATM: 1412 /* 1413 * Full Frontal ATM; you get AALn PDUs with an ATM 1414 * pseudo-header. 1415 */ 1416 cstate->is_atm = 1; 1417 cstate->off_vpi = SUNATM_VPI_POS; 1418 cstate->off_vci = SUNATM_VCI_POS; 1419 cstate->off_proto = PROTO_POS; 1420 cstate->off_payload = SUNATM_PKT_BEGIN_POS; 1421 cstate->off_linktype.constant_part = cstate->off_payload; 1422 cstate->off_linkpl.constant_part = cstate->off_payload; /* if LLC-encapsulated */ 1423 cstate->off_nl = 8; /* 802.2+SNAP */ 1424 cstate->off_nl_nosnap = 3; /* 802.2 */ 1425 break; 1426 1427 case DLT_RAW: 1428 case DLT_IPV4: 1429 case DLT_IPV6: 1430 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1431 cstate->off_linkpl.constant_part = 0; 1432 cstate->off_nl = 0; 1433 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1434 break; 1435 1436 case DLT_LINUX_SLL: /* fake header for Linux cooked socket v1 */ 1437 cstate->off_linktype.constant_part = 14; 1438 cstate->off_linkpl.constant_part = 16; 1439 cstate->off_nl = 0; 1440 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1441 break; 1442 1443 case DLT_LINUX_SLL2: /* fake header for Linux cooked socket v2 */ 1444 cstate->off_linktype.constant_part = 0; 1445 cstate->off_linkpl.constant_part = 20; 1446 cstate->off_nl = 0; 1447 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1448 break; 1449 1450 case DLT_LTALK: 1451 /* 1452 * LocalTalk does have a 1-byte type field in the LLAP header, 1453 * but really it just indicates whether there is a "short" or 1454 * "long" DDP packet following. 1455 */ 1456 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1457 cstate->off_linkpl.constant_part = 0; 1458 cstate->off_nl = 0; 1459 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1460 break; 1461 1462 case DLT_IP_OVER_FC: 1463 /* 1464 * RFC 2625 IP-over-Fibre-Channel doesn't really have a 1465 * link-level type field. We set "off_linktype" to the 1466 * offset of the LLC header. 1467 * 1468 * To check for Ethernet types, we assume that SSAP = SNAP 1469 * is being used and pick out the encapsulated Ethernet type. 1470 * XXX - should we generate code to check for SNAP? RFC 1471 * 2625 says SNAP should be used. 1472 */ 1473 cstate->off_linktype.constant_part = 16; 1474 cstate->off_linkpl.constant_part = 16; 1475 cstate->off_nl = 8; /* 802.2+SNAP */ 1476 cstate->off_nl_nosnap = 3; /* 802.2 */ 1477 break; 1478 1479 case DLT_FRELAY: 1480 /* 1481 * XXX - we should set this to handle SNAP-encapsulated 1482 * frames (NLPID of 0x80). 1483 */ 1484 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1485 cstate->off_linkpl.constant_part = 0; 1486 cstate->off_nl = 0; 1487 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1488 break; 1489 1490 /* 1491 * the only BPF-interesting FRF.16 frames are non-control frames; 1492 * Frame Relay has a variable length link-layer 1493 * so lets start with offset 4 for now and increments later on (FIXME); 1494 */ 1495 case DLT_MFR: 1496 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1497 cstate->off_linkpl.constant_part = 0; 1498 cstate->off_nl = 4; 1499 cstate->off_nl_nosnap = 0; /* XXX - for now -> no 802.2 LLC */ 1500 break; 1501 1502 case DLT_APPLE_IP_OVER_IEEE1394: 1503 cstate->off_linktype.constant_part = 16; 1504 cstate->off_linkpl.constant_part = 18; 1505 cstate->off_nl = 0; 1506 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1507 break; 1508 1509 case DLT_SYMANTEC_FIREWALL: 1510 cstate->off_linktype.constant_part = 6; 1511 cstate->off_linkpl.constant_part = 44; 1512 cstate->off_nl = 0; /* Ethernet II */ 1513 cstate->off_nl_nosnap = 0; /* XXX - what does it do with 802.3 packets? */ 1514 break; 1515 1516 case DLT_PFLOG: 1517 cstate->off_linktype.constant_part = 0; 1518 cstate->off_linkpl.constant_part = 0; /* link-layer header is variable-length */ 1519 cstate->off_linkpl.is_variable = 1; 1520 cstate->off_nl = 0; 1521 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 1522 break; 1523 1524 case DLT_JUNIPER_MFR: 1525 case DLT_JUNIPER_MLFR: 1526 case DLT_JUNIPER_MLPPP: 1527 case DLT_JUNIPER_PPP: 1528 case DLT_JUNIPER_CHDLC: 1529 case DLT_JUNIPER_FRELAY: 1530 cstate->off_linktype.constant_part = 4; 1531 cstate->off_linkpl.constant_part = 4; 1532 cstate->off_nl = 0; 1533 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1534 break; 1535 1536 case DLT_JUNIPER_ATM1: 1537 cstate->off_linktype.constant_part = 4; /* in reality variable between 4-8 */ 1538 cstate->off_linkpl.constant_part = 4; /* in reality variable between 4-8 */ 1539 cstate->off_nl = 0; 1540 cstate->off_nl_nosnap = 10; 1541 break; 1542 1543 case DLT_JUNIPER_ATM2: 1544 cstate->off_linktype.constant_part = 8; /* in reality variable between 8-12 */ 1545 cstate->off_linkpl.constant_part = 8; /* in reality variable between 8-12 */ 1546 cstate->off_nl = 0; 1547 cstate->off_nl_nosnap = 10; 1548 break; 1549 1550 /* frames captured on a Juniper PPPoE service PIC 1551 * contain raw ethernet frames */ 1552 case DLT_JUNIPER_PPPOE: 1553 case DLT_JUNIPER_ETHER: 1554 cstate->off_linkpl.constant_part = 14; 1555 cstate->off_linktype.constant_part = 16; 1556 cstate->off_nl = 18; /* Ethernet II */ 1557 cstate->off_nl_nosnap = 21; /* 802.3+802.2 */ 1558 break; 1559 1560 case DLT_JUNIPER_PPPOE_ATM: 1561 cstate->off_linktype.constant_part = 4; 1562 cstate->off_linkpl.constant_part = 6; 1563 cstate->off_nl = 0; 1564 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1565 break; 1566 1567 case DLT_JUNIPER_GGSN: 1568 cstate->off_linktype.constant_part = 6; 1569 cstate->off_linkpl.constant_part = 12; 1570 cstate->off_nl = 0; 1571 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1572 break; 1573 1574 case DLT_JUNIPER_ES: 1575 cstate->off_linktype.constant_part = 6; 1576 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; /* not really a network layer but raw IP addresses */ 1577 cstate->off_nl = OFFSET_NOT_SET; /* not really a network layer but raw IP addresses */ 1578 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1579 break; 1580 1581 case DLT_JUNIPER_MONITOR: 1582 cstate->off_linktype.constant_part = 12; 1583 cstate->off_linkpl.constant_part = 12; 1584 cstate->off_nl = 0; /* raw IP/IP6 header */ 1585 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1586 break; 1587 1588 case DLT_BACNET_MS_TP: 1589 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1590 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1591 cstate->off_nl = OFFSET_NOT_SET; 1592 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1593 break; 1594 1595 case DLT_JUNIPER_SERVICES: 1596 cstate->off_linktype.constant_part = 12; 1597 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; /* L3 proto location dep. on cookie type */ 1598 cstate->off_nl = OFFSET_NOT_SET; /* L3 proto location dep. on cookie type */ 1599 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1600 break; 1601 1602 case DLT_JUNIPER_VP: 1603 cstate->off_linktype.constant_part = 18; 1604 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1605 cstate->off_nl = OFFSET_NOT_SET; 1606 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1607 break; 1608 1609 case DLT_JUNIPER_ST: 1610 cstate->off_linktype.constant_part = 18; 1611 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1612 cstate->off_nl = OFFSET_NOT_SET; 1613 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1614 break; 1615 1616 case DLT_JUNIPER_ISM: 1617 cstate->off_linktype.constant_part = 8; 1618 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1619 cstate->off_nl = OFFSET_NOT_SET; 1620 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1621 break; 1622 1623 case DLT_JUNIPER_VS: 1624 case DLT_JUNIPER_SRX_E2E: 1625 case DLT_JUNIPER_FIBRECHANNEL: 1626 case DLT_JUNIPER_ATM_CEMIC: 1627 cstate->off_linktype.constant_part = 8; 1628 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1629 cstate->off_nl = OFFSET_NOT_SET; 1630 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1631 break; 1632 1633 case DLT_MTP2: 1634 cstate->off_li = 2; 1635 cstate->off_li_hsl = 4; 1636 cstate->off_sio = 3; 1637 cstate->off_opc = 4; 1638 cstate->off_dpc = 4; 1639 cstate->off_sls = 7; 1640 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1641 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1642 cstate->off_nl = OFFSET_NOT_SET; 1643 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1644 break; 1645 1646 case DLT_MTP2_WITH_PHDR: 1647 cstate->off_li = 6; 1648 cstate->off_li_hsl = 8; 1649 cstate->off_sio = 7; 1650 cstate->off_opc = 8; 1651 cstate->off_dpc = 8; 1652 cstate->off_sls = 11; 1653 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1654 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1655 cstate->off_nl = OFFSET_NOT_SET; 1656 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1657 break; 1658 1659 case DLT_ERF: 1660 cstate->off_li = 22; 1661 cstate->off_li_hsl = 24; 1662 cstate->off_sio = 23; 1663 cstate->off_opc = 24; 1664 cstate->off_dpc = 24; 1665 cstate->off_sls = 27; 1666 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1667 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1668 cstate->off_nl = OFFSET_NOT_SET; 1669 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1670 break; 1671 1672 case DLT_PFSYNC: 1673 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1674 cstate->off_linkpl.constant_part = 4; 1675 cstate->off_nl = 0; 1676 cstate->off_nl_nosnap = 0; 1677 break; 1678 1679 case DLT_AX25_KISS: 1680 /* 1681 * Currently, only raw "link[N:M]" filtering is supported. 1682 */ 1683 cstate->off_linktype.constant_part = OFFSET_NOT_SET; /* variable, min 15, max 71 steps of 7 */ 1684 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1685 cstate->off_nl = OFFSET_NOT_SET; /* variable, min 16, max 71 steps of 7 */ 1686 cstate->off_nl_nosnap = OFFSET_NOT_SET; /* no 802.2 LLC */ 1687 break; 1688 1689 case DLT_IPNET: 1690 cstate->off_linktype.constant_part = 1; 1691 cstate->off_linkpl.constant_part = 24; /* ipnet header length */ 1692 cstate->off_nl = 0; 1693 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1694 break; 1695 1696 case DLT_NETANALYZER: 1697 cstate->off_linkhdr.constant_part = 4; /* Ethernet header is past 4-byte pseudo-header */ 1698 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12; 1699 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* pseudo-header+Ethernet header length */ 1700 cstate->off_nl = 0; /* Ethernet II */ 1701 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */ 1702 break; 1703 1704 case DLT_NETANALYZER_TRANSPARENT: 1705 cstate->off_linkhdr.constant_part = 12; /* MAC header is past 4-byte pseudo-header, preamble, and SFD */ 1706 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12; 1707 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* pseudo-header+preamble+SFD+Ethernet header length */ 1708 cstate->off_nl = 0; /* Ethernet II */ 1709 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */ 1710 break; 1711 1712 default: 1713 /* 1714 * For values in the range in which we've assigned new 1715 * DLT_ values, only raw "link[N:M]" filtering is supported. 1716 */ 1717 if (cstate->linktype >= DLT_HIGH_MATCHING_MIN && 1718 cstate->linktype <= DLT_HIGH_MATCHING_MAX) { 1719 cstate->off_linktype.constant_part = OFFSET_NOT_SET; 1720 cstate->off_linkpl.constant_part = OFFSET_NOT_SET; 1721 cstate->off_nl = OFFSET_NOT_SET; 1722 cstate->off_nl_nosnap = OFFSET_NOT_SET; 1723 } else { 1724 bpf_set_error(cstate, "unknown data link type %d (min %d, max %d)", 1725 cstate->linktype, DLT_HIGH_MATCHING_MIN, DLT_HIGH_MATCHING_MAX); 1726 return (-1); 1727 } 1728 break; 1729 } 1730 1731 cstate->off_outermostlinkhdr = cstate->off_prevlinkhdr = cstate->off_linkhdr; 1732 return (0); 1733 } 1734 1735 /* 1736 * Load a value relative to the specified absolute offset. 1737 */ 1738 static struct slist * 1739 gen_load_absoffsetrel(compiler_state_t *cstate, bpf_abs_offset *abs_offset, 1740 u_int offset, u_int size) 1741 { 1742 struct slist *s, *s2; 1743 1744 s = gen_abs_offset_varpart(cstate, abs_offset); 1745 1746 /* 1747 * If "s" is non-null, it has code to arrange that the X register 1748 * contains the variable part of the absolute offset, so we 1749 * generate a load relative to that, with an offset of 1750 * abs_offset->constant_part + offset. 1751 * 1752 * Otherwise, we can do an absolute load with an offset of 1753 * abs_offset->constant_part + offset. 1754 */ 1755 if (s != NULL) { 1756 /* 1757 * "s" points to a list of statements that puts the 1758 * variable part of the absolute offset into the X register. 1759 * Do an indirect load, to use the X register as an offset. 1760 */ 1761 s2 = new_stmt(cstate, BPF_LD|BPF_IND|size); 1762 s2->s.k = abs_offset->constant_part + offset; 1763 sappend(s, s2); 1764 } else { 1765 /* 1766 * There is no variable part of the absolute offset, so 1767 * just do an absolute load. 1768 */ 1769 s = new_stmt(cstate, BPF_LD|BPF_ABS|size); 1770 s->s.k = abs_offset->constant_part + offset; 1771 } 1772 return s; 1773 } 1774 1775 /* 1776 * Load a value relative to the beginning of the specified header. 1777 */ 1778 static struct slist * 1779 gen_load_a(compiler_state_t *cstate, enum e_offrel offrel, u_int offset, 1780 u_int size) 1781 { 1782 struct slist *s, *s2; 1783 1784 /* 1785 * Squelch warnings from compilers that *don't* assume that 1786 * offrel always has a valid enum value and therefore don't 1787 * assume that we'll always go through one of the case arms. 1788 * 1789 * If we have a default case, compilers that *do* assume that 1790 * will then complain about the default case code being 1791 * unreachable. 1792 * 1793 * Damned if you do, damned if you don't. 1794 */ 1795 s = NULL; 1796 1797 switch (offrel) { 1798 1799 case OR_PACKET: 1800 s = new_stmt(cstate, BPF_LD|BPF_ABS|size); 1801 s->s.k = offset; 1802 break; 1803 1804 case OR_LINKHDR: 1805 s = gen_load_absoffsetrel(cstate, &cstate->off_linkhdr, offset, size); 1806 break; 1807 1808 case OR_PREVLINKHDR: 1809 s = gen_load_absoffsetrel(cstate, &cstate->off_prevlinkhdr, offset, size); 1810 break; 1811 1812 case OR_LLC: 1813 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, offset, size); 1814 break; 1815 1816 case OR_PREVMPLSHDR: 1817 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl - 4 + offset, size); 1818 break; 1819 1820 case OR_LINKPL: 1821 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl + offset, size); 1822 break; 1823 1824 case OR_LINKPL_NOSNAP: 1825 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl_nosnap + offset, size); 1826 break; 1827 1828 case OR_LINKTYPE: 1829 s = gen_load_absoffsetrel(cstate, &cstate->off_linktype, offset, size); 1830 break; 1831 1832 case OR_TRAN_IPV4: 1833 /* 1834 * Load the X register with the length of the IPv4 header 1835 * (plus the offset of the link-layer header, if it's 1836 * preceded by a variable-length header such as a radio 1837 * header), in bytes. 1838 */ 1839 s = gen_loadx_iphdrlen(cstate); 1840 1841 /* 1842 * Load the item at {offset of the link-layer payload} + 1843 * {offset, relative to the start of the link-layer 1844 * payload, of the IPv4 header} + {length of the IPv4 header} + 1845 * {specified offset}. 1846 * 1847 * If the offset of the link-layer payload is variable, 1848 * the variable part of that offset is included in the 1849 * value in the X register, and we include the constant 1850 * part in the offset of the load. 1851 */ 1852 s2 = new_stmt(cstate, BPF_LD|BPF_IND|size); 1853 s2->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + offset; 1854 sappend(s, s2); 1855 break; 1856 1857 case OR_TRAN_IPV6: 1858 s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl + 40 + offset, size); 1859 break; 1860 } 1861 return s; 1862 } 1863 1864 /* 1865 * Generate code to load into the X register the sum of the length of 1866 * the IPv4 header and the variable part of the offset of the link-layer 1867 * payload. 1868 */ 1869 static struct slist * 1870 gen_loadx_iphdrlen(compiler_state_t *cstate) 1871 { 1872 struct slist *s, *s2; 1873 1874 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl); 1875 if (s != NULL) { 1876 /* 1877 * The offset of the link-layer payload has a variable 1878 * part. "s" points to a list of statements that put 1879 * the variable part of that offset into the X register. 1880 * 1881 * The 4*([k]&0xf) addressing mode can't be used, as we 1882 * don't have a constant offset, so we have to load the 1883 * value in question into the A register and add to it 1884 * the value from the X register. 1885 */ 1886 s2 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 1887 s2->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 1888 sappend(s, s2); 1889 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 1890 s2->s.k = 0xf; 1891 sappend(s, s2); 1892 s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K); 1893 s2->s.k = 2; 1894 sappend(s, s2); 1895 1896 /* 1897 * The A register now contains the length of the IP header. 1898 * We need to add to it the variable part of the offset of 1899 * the link-layer payload, which is still in the X 1900 * register, and move the result into the X register. 1901 */ 1902 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X)); 1903 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX)); 1904 } else { 1905 /* 1906 * The offset of the link-layer payload is a constant, 1907 * so no code was generated to load the (nonexistent) 1908 * variable part of that offset. 1909 * 1910 * This means we can use the 4*([k]&0xf) addressing 1911 * mode. Load the length of the IPv4 header, which 1912 * is at an offset of cstate->off_nl from the beginning of 1913 * the link-layer payload, and thus at an offset of 1914 * cstate->off_linkpl.constant_part + cstate->off_nl from the beginning 1915 * of the raw packet data, using that addressing mode. 1916 */ 1917 s = new_stmt(cstate, BPF_LDX|BPF_MSH|BPF_B); 1918 s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 1919 } 1920 return s; 1921 } 1922 1923 1924 static struct block * 1925 gen_uncond(compiler_state_t *cstate, int rsense) 1926 { 1927 struct block *b; 1928 struct slist *s; 1929 1930 s = new_stmt(cstate, BPF_LD|BPF_IMM); 1931 s->s.k = !rsense; 1932 b = new_block(cstate, JMP(BPF_JEQ)); 1933 b->stmts = s; 1934 1935 return b; 1936 } 1937 1938 static inline struct block * 1939 gen_true(compiler_state_t *cstate) 1940 { 1941 return gen_uncond(cstate, 1); 1942 } 1943 1944 static inline struct block * 1945 gen_false(compiler_state_t *cstate) 1946 { 1947 return gen_uncond(cstate, 0); 1948 } 1949 1950 /* 1951 * Byte-swap a 32-bit number. 1952 * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on 1953 * big-endian platforms.) 1954 */ 1955 #define SWAPLONG(y) \ 1956 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff)) 1957 1958 /* 1959 * Generate code to match a particular packet type. 1960 * 1961 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 1962 * value, if <= ETHERMTU. We use that to determine whether to 1963 * match the type/length field or to check the type/length field for 1964 * a value <= ETHERMTU to see whether it's a type field and then do 1965 * the appropriate test. 1966 */ 1967 static struct block * 1968 gen_ether_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 1969 { 1970 struct block *b0, *b1; 1971 1972 switch (ll_proto) { 1973 1974 case LLCSAP_ISONS: 1975 case LLCSAP_IP: 1976 case LLCSAP_NETBEUI: 1977 /* 1978 * OSI protocols and NetBEUI always use 802.2 encapsulation, 1979 * so we check the DSAP and SSAP. 1980 * 1981 * LLCSAP_IP checks for IP-over-802.2, rather 1982 * than IP-over-Ethernet or IP-over-SNAP. 1983 * 1984 * XXX - should we check both the DSAP and the 1985 * SSAP, like this, or should we check just the 1986 * DSAP, as we do for other types <= ETHERMTU 1987 * (i.e., other SAP values)? 1988 */ 1989 b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU); 1990 gen_not(b0); 1991 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, (ll_proto << 8) | ll_proto); 1992 gen_and(b0, b1); 1993 return b1; 1994 1995 case LLCSAP_IPX: 1996 /* 1997 * Check for; 1998 * 1999 * Ethernet_II frames, which are Ethernet 2000 * frames with a frame type of ETHERTYPE_IPX; 2001 * 2002 * Ethernet_802.3 frames, which are 802.3 2003 * frames (i.e., the type/length field is 2004 * a length field, <= ETHERMTU, rather than 2005 * a type field) with the first two bytes 2006 * after the Ethernet/802.3 header being 2007 * 0xFFFF; 2008 * 2009 * Ethernet_802.2 frames, which are 802.3 2010 * frames with an 802.2 LLC header and 2011 * with the IPX LSAP as the DSAP in the LLC 2012 * header; 2013 * 2014 * Ethernet_SNAP frames, which are 802.3 2015 * frames with an LLC header and a SNAP 2016 * header and with an OUI of 0x000000 2017 * (encapsulated Ethernet) and a protocol 2018 * ID of ETHERTYPE_IPX in the SNAP header. 2019 * 2020 * XXX - should we generate the same code both 2021 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX? 2022 */ 2023 2024 /* 2025 * This generates code to check both for the 2026 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3. 2027 */ 2028 b0 = gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX); 2029 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, 0xFFFF); 2030 gen_or(b0, b1); 2031 2032 /* 2033 * Now we add code to check for SNAP frames with 2034 * ETHERTYPE_IPX, i.e. Ethernet_SNAP. 2035 */ 2036 b0 = gen_snap(cstate, 0x000000, ETHERTYPE_IPX); 2037 gen_or(b0, b1); 2038 2039 /* 2040 * Now we generate code to check for 802.3 2041 * frames in general. 2042 */ 2043 b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU); 2044 gen_not(b0); 2045 2046 /* 2047 * Now add the check for 802.3 frames before the 2048 * check for Ethernet_802.2 and Ethernet_802.3, 2049 * as those checks should only be done on 802.3 2050 * frames, not on Ethernet frames. 2051 */ 2052 gen_and(b0, b1); 2053 2054 /* 2055 * Now add the check for Ethernet_II frames, and 2056 * do that before checking for the other frame 2057 * types. 2058 */ 2059 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ETHERTYPE_IPX); 2060 gen_or(b0, b1); 2061 return b1; 2062 2063 case ETHERTYPE_ATALK: 2064 case ETHERTYPE_AARP: 2065 /* 2066 * EtherTalk (AppleTalk protocols on Ethernet link 2067 * layer) may use 802.2 encapsulation. 2068 */ 2069 2070 /* 2071 * Check for 802.2 encapsulation (EtherTalk phase 2?); 2072 * we check for an Ethernet type field less than 2073 * 1500, which means it's an 802.3 length field. 2074 */ 2075 b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU); 2076 gen_not(b0); 2077 2078 /* 2079 * 802.2-encapsulated ETHERTYPE_ATALK packets are 2080 * SNAP packets with an organization code of 2081 * 0x080007 (Apple, for Appletalk) and a protocol 2082 * type of ETHERTYPE_ATALK (Appletalk). 2083 * 2084 * 802.2-encapsulated ETHERTYPE_AARP packets are 2085 * SNAP packets with an organization code of 2086 * 0x000000 (encapsulated Ethernet) and a protocol 2087 * type of ETHERTYPE_AARP (Appletalk ARP). 2088 */ 2089 if (ll_proto == ETHERTYPE_ATALK) 2090 b1 = gen_snap(cstate, 0x080007, ETHERTYPE_ATALK); 2091 else /* ll_proto == ETHERTYPE_AARP */ 2092 b1 = gen_snap(cstate, 0x000000, ETHERTYPE_AARP); 2093 gen_and(b0, b1); 2094 2095 /* 2096 * Check for Ethernet encapsulation (Ethertalk 2097 * phase 1?); we just check for the Ethernet 2098 * protocol type. 2099 */ 2100 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 2101 2102 gen_or(b0, b1); 2103 return b1; 2104 2105 default: 2106 if (ll_proto <= ETHERMTU) { 2107 /* 2108 * This is an LLC SAP value, so the frames 2109 * that match would be 802.2 frames. 2110 * Check that the frame is an 802.2 frame 2111 * (i.e., that the length/type field is 2112 * a length field, <= ETHERMTU) and 2113 * then check the DSAP. 2114 */ 2115 b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU); 2116 gen_not(b0); 2117 b1 = gen_cmp(cstate, OR_LINKTYPE, 2, BPF_B, ll_proto); 2118 gen_and(b0, b1); 2119 return b1; 2120 } else { 2121 /* 2122 * This is an Ethernet type, so compare 2123 * the length/type field with it (if 2124 * the frame is an 802.2 frame, the length 2125 * field will be <= ETHERMTU, and, as 2126 * "ll_proto" is > ETHERMTU, this test 2127 * will fail and the frame won't match, 2128 * which is what we want). 2129 */ 2130 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 2131 } 2132 } 2133 } 2134 2135 static struct block * 2136 gen_loopback_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 2137 { 2138 /* 2139 * For DLT_NULL, the link-layer header is a 32-bit word 2140 * containing an AF_ value in *host* byte order, and for 2141 * DLT_ENC, the link-layer header begins with a 32-bit 2142 * word containing an AF_ value in host byte order. 2143 * 2144 * In addition, if we're reading a saved capture file, 2145 * the host byte order in the capture may not be the 2146 * same as the host byte order on this machine. 2147 * 2148 * For DLT_LOOP, the link-layer header is a 32-bit 2149 * word containing an AF_ value in *network* byte order. 2150 */ 2151 if (cstate->linktype == DLT_NULL || cstate->linktype == DLT_ENC) { 2152 /* 2153 * The AF_ value is in host byte order, but the BPF 2154 * interpreter will convert it to network byte order. 2155 * 2156 * If this is a save file, and it's from a machine 2157 * with the opposite byte order to ours, we byte-swap 2158 * the AF_ value. 2159 * 2160 * Then we run it through "htonl()", and generate 2161 * code to compare against the result. 2162 */ 2163 if (cstate->bpf_pcap->rfile != NULL && cstate->bpf_pcap->swapped) 2164 ll_proto = SWAPLONG(ll_proto); 2165 ll_proto = htonl(ll_proto); 2166 } 2167 return (gen_cmp(cstate, OR_LINKHDR, 0, BPF_W, ll_proto)); 2168 } 2169 2170 /* 2171 * "proto" is an Ethernet type value and for IPNET, if it is not IPv4 2172 * or IPv6 then we have an error. 2173 */ 2174 static struct block * 2175 gen_ipnet_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 2176 { 2177 switch (ll_proto) { 2178 2179 case ETHERTYPE_IP: 2180 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, IPH_AF_INET); 2181 /*NOTREACHED*/ 2182 2183 case ETHERTYPE_IPV6: 2184 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, IPH_AF_INET6); 2185 /*NOTREACHED*/ 2186 2187 default: 2188 break; 2189 } 2190 2191 return gen_false(cstate); 2192 } 2193 2194 /* 2195 * Generate code to match a particular packet type. 2196 * 2197 * "ll_proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 2198 * value, if <= ETHERMTU. We use that to determine whether to 2199 * match the type field or to check the type field for the special 2200 * LINUX_SLL_P_802_2 value and then do the appropriate test. 2201 */ 2202 static struct block * 2203 gen_linux_sll_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 2204 { 2205 struct block *b0, *b1; 2206 2207 switch (ll_proto) { 2208 2209 case LLCSAP_ISONS: 2210 case LLCSAP_IP: 2211 case LLCSAP_NETBEUI: 2212 /* 2213 * OSI protocols and NetBEUI always use 802.2 encapsulation, 2214 * so we check the DSAP and SSAP. 2215 * 2216 * LLCSAP_IP checks for IP-over-802.2, rather 2217 * than IP-over-Ethernet or IP-over-SNAP. 2218 * 2219 * XXX - should we check both the DSAP and the 2220 * SSAP, like this, or should we check just the 2221 * DSAP, as we do for other types <= ETHERMTU 2222 * (i.e., other SAP values)? 2223 */ 2224 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2); 2225 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, (ll_proto << 8) | ll_proto); 2226 gen_and(b0, b1); 2227 return b1; 2228 2229 case LLCSAP_IPX: 2230 /* 2231 * Ethernet_II frames, which are Ethernet 2232 * frames with a frame type of ETHERTYPE_IPX; 2233 * 2234 * Ethernet_802.3 frames, which have a frame 2235 * type of LINUX_SLL_P_802_3; 2236 * 2237 * Ethernet_802.2 frames, which are 802.3 2238 * frames with an 802.2 LLC header (i.e, have 2239 * a frame type of LINUX_SLL_P_802_2) and 2240 * with the IPX LSAP as the DSAP in the LLC 2241 * header; 2242 * 2243 * Ethernet_SNAP frames, which are 802.3 2244 * frames with an LLC header and a SNAP 2245 * header and with an OUI of 0x000000 2246 * (encapsulated Ethernet) and a protocol 2247 * ID of ETHERTYPE_IPX in the SNAP header. 2248 * 2249 * First, do the checks on LINUX_SLL_P_802_2 2250 * frames; generate the check for either 2251 * Ethernet_802.2 or Ethernet_SNAP frames, and 2252 * then put a check for LINUX_SLL_P_802_2 frames 2253 * before it. 2254 */ 2255 b0 = gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX); 2256 b1 = gen_snap(cstate, 0x000000, ETHERTYPE_IPX); 2257 gen_or(b0, b1); 2258 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2); 2259 gen_and(b0, b1); 2260 2261 /* 2262 * Now check for 802.3 frames and OR that with 2263 * the previous test. 2264 */ 2265 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_3); 2266 gen_or(b0, b1); 2267 2268 /* 2269 * Now add the check for Ethernet_II frames, and 2270 * do that before checking for the other frame 2271 * types. 2272 */ 2273 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ETHERTYPE_IPX); 2274 gen_or(b0, b1); 2275 return b1; 2276 2277 case ETHERTYPE_ATALK: 2278 case ETHERTYPE_AARP: 2279 /* 2280 * EtherTalk (AppleTalk protocols on Ethernet link 2281 * layer) may use 802.2 encapsulation. 2282 */ 2283 2284 /* 2285 * Check for 802.2 encapsulation (EtherTalk phase 2?); 2286 * we check for the 802.2 protocol type in the 2287 * "Ethernet type" field. 2288 */ 2289 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2); 2290 2291 /* 2292 * 802.2-encapsulated ETHERTYPE_ATALK packets are 2293 * SNAP packets with an organization code of 2294 * 0x080007 (Apple, for Appletalk) and a protocol 2295 * type of ETHERTYPE_ATALK (Appletalk). 2296 * 2297 * 802.2-encapsulated ETHERTYPE_AARP packets are 2298 * SNAP packets with an organization code of 2299 * 0x000000 (encapsulated Ethernet) and a protocol 2300 * type of ETHERTYPE_AARP (Appletalk ARP). 2301 */ 2302 if (ll_proto == ETHERTYPE_ATALK) 2303 b1 = gen_snap(cstate, 0x080007, ETHERTYPE_ATALK); 2304 else /* ll_proto == ETHERTYPE_AARP */ 2305 b1 = gen_snap(cstate, 0x000000, ETHERTYPE_AARP); 2306 gen_and(b0, b1); 2307 2308 /* 2309 * Check for Ethernet encapsulation (Ethertalk 2310 * phase 1?); we just check for the Ethernet 2311 * protocol type. 2312 */ 2313 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 2314 2315 gen_or(b0, b1); 2316 return b1; 2317 2318 default: 2319 if (ll_proto <= ETHERMTU) { 2320 /* 2321 * This is an LLC SAP value, so the frames 2322 * that match would be 802.2 frames. 2323 * Check for the 802.2 protocol type 2324 * in the "Ethernet type" field, and 2325 * then check the DSAP. 2326 */ 2327 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2); 2328 b1 = gen_cmp(cstate, OR_LINKHDR, cstate->off_linkpl.constant_part, BPF_B, 2329 ll_proto); 2330 gen_and(b0, b1); 2331 return b1; 2332 } else { 2333 /* 2334 * This is an Ethernet type, so compare 2335 * the length/type field with it (if 2336 * the frame is an 802.2 frame, the length 2337 * field will be <= ETHERMTU, and, as 2338 * "ll_proto" is > ETHERMTU, this test 2339 * will fail and the frame won't match, 2340 * which is what we want). 2341 */ 2342 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 2343 } 2344 } 2345 } 2346 2347 /* 2348 * Load a value relative to the beginning of the link-layer header after the 2349 * pflog header. 2350 */ 2351 static struct slist * 2352 gen_load_pflog_llprefixlen(compiler_state_t *cstate) 2353 { 2354 struct slist *s1, *s2; 2355 2356 /* 2357 * Generate code to load the length of the pflog header into 2358 * the register assigned to hold that length, if one has been 2359 * assigned. (If one hasn't been assigned, no code we've 2360 * generated uses that prefix, so we don't need to generate any 2361 * code to load it.) 2362 */ 2363 if (cstate->off_linkpl.reg != -1) { 2364 /* 2365 * The length is in the first byte of the header. 2366 */ 2367 s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 2368 s1->s.k = 0; 2369 2370 /* 2371 * Round it up to a multiple of 4. 2372 * Add 3, and clear the lower 2 bits. 2373 */ 2374 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 2375 s2->s.k = 3; 2376 sappend(s1, s2); 2377 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 2378 s2->s.k = 0xfffffffc; 2379 sappend(s1, s2); 2380 2381 /* 2382 * Now allocate a register to hold that value and store 2383 * it. 2384 */ 2385 s2 = new_stmt(cstate, BPF_ST); 2386 s2->s.k = cstate->off_linkpl.reg; 2387 sappend(s1, s2); 2388 2389 /* 2390 * Now move it into the X register. 2391 */ 2392 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2393 sappend(s1, s2); 2394 2395 return (s1); 2396 } else 2397 return (NULL); 2398 } 2399 2400 static struct slist * 2401 gen_load_prism_llprefixlen(compiler_state_t *cstate) 2402 { 2403 struct slist *s1, *s2; 2404 struct slist *sjeq_avs_cookie; 2405 struct slist *sjcommon; 2406 2407 /* 2408 * This code is not compatible with the optimizer, as 2409 * we are generating jmp instructions within a normal 2410 * slist of instructions 2411 */ 2412 cstate->no_optimize = 1; 2413 2414 /* 2415 * Generate code to load the length of the radio header into 2416 * the register assigned to hold that length, if one has been 2417 * assigned. (If one hasn't been assigned, no code we've 2418 * generated uses that prefix, so we don't need to generate any 2419 * code to load it.) 2420 * 2421 * Some Linux drivers use ARPHRD_IEEE80211_PRISM but sometimes 2422 * or always use the AVS header rather than the Prism header. 2423 * We load a 4-byte big-endian value at the beginning of the 2424 * raw packet data, and see whether, when masked with 0xFFFFF000, 2425 * it's equal to 0x80211000. If so, that indicates that it's 2426 * an AVS header (the masked-out bits are the version number). 2427 * Otherwise, it's a Prism header. 2428 * 2429 * XXX - the Prism header is also, in theory, variable-length, 2430 * but no known software generates headers that aren't 144 2431 * bytes long. 2432 */ 2433 if (cstate->off_linkhdr.reg != -1) { 2434 /* 2435 * Load the cookie. 2436 */ 2437 s1 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS); 2438 s1->s.k = 0; 2439 2440 /* 2441 * AND it with 0xFFFFF000. 2442 */ 2443 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 2444 s2->s.k = 0xFFFFF000; 2445 sappend(s1, s2); 2446 2447 /* 2448 * Compare with 0x80211000. 2449 */ 2450 sjeq_avs_cookie = new_stmt(cstate, JMP(BPF_JEQ)); 2451 sjeq_avs_cookie->s.k = 0x80211000; 2452 sappend(s1, sjeq_avs_cookie); 2453 2454 /* 2455 * If it's AVS: 2456 * 2457 * The 4 bytes at an offset of 4 from the beginning of 2458 * the AVS header are the length of the AVS header. 2459 * That field is big-endian. 2460 */ 2461 s2 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS); 2462 s2->s.k = 4; 2463 sappend(s1, s2); 2464 sjeq_avs_cookie->s.jt = s2; 2465 2466 /* 2467 * Now jump to the code to allocate a register 2468 * into which to save the header length and 2469 * store the length there. (The "jump always" 2470 * instruction needs to have the k field set; 2471 * it's added to the PC, so, as we're jumping 2472 * over a single instruction, it should be 1.) 2473 */ 2474 sjcommon = new_stmt(cstate, JMP(BPF_JA)); 2475 sjcommon->s.k = 1; 2476 sappend(s1, sjcommon); 2477 2478 /* 2479 * Now for the code that handles the Prism header. 2480 * Just load the length of the Prism header (144) 2481 * into the A register. Have the test for an AVS 2482 * header branch here if we don't have an AVS header. 2483 */ 2484 s2 = new_stmt(cstate, BPF_LD|BPF_W|BPF_IMM); 2485 s2->s.k = 144; 2486 sappend(s1, s2); 2487 sjeq_avs_cookie->s.jf = s2; 2488 2489 /* 2490 * Now allocate a register to hold that value and store 2491 * it. The code for the AVS header will jump here after 2492 * loading the length of the AVS header. 2493 */ 2494 s2 = new_stmt(cstate, BPF_ST); 2495 s2->s.k = cstate->off_linkhdr.reg; 2496 sappend(s1, s2); 2497 sjcommon->s.jf = s2; 2498 2499 /* 2500 * Now move it into the X register. 2501 */ 2502 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2503 sappend(s1, s2); 2504 2505 return (s1); 2506 } else 2507 return (NULL); 2508 } 2509 2510 static struct slist * 2511 gen_load_avs_llprefixlen(compiler_state_t *cstate) 2512 { 2513 struct slist *s1, *s2; 2514 2515 /* 2516 * Generate code to load the length of the AVS header into 2517 * the register assigned to hold that length, if one has been 2518 * assigned. (If one hasn't been assigned, no code we've 2519 * generated uses that prefix, so we don't need to generate any 2520 * code to load it.) 2521 */ 2522 if (cstate->off_linkhdr.reg != -1) { 2523 /* 2524 * The 4 bytes at an offset of 4 from the beginning of 2525 * the AVS header are the length of the AVS header. 2526 * That field is big-endian. 2527 */ 2528 s1 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS); 2529 s1->s.k = 4; 2530 2531 /* 2532 * Now allocate a register to hold that value and store 2533 * it. 2534 */ 2535 s2 = new_stmt(cstate, BPF_ST); 2536 s2->s.k = cstate->off_linkhdr.reg; 2537 sappend(s1, s2); 2538 2539 /* 2540 * Now move it into the X register. 2541 */ 2542 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2543 sappend(s1, s2); 2544 2545 return (s1); 2546 } else 2547 return (NULL); 2548 } 2549 2550 static struct slist * 2551 gen_load_radiotap_llprefixlen(compiler_state_t *cstate) 2552 { 2553 struct slist *s1, *s2; 2554 2555 /* 2556 * Generate code to load the length of the radiotap header into 2557 * the register assigned to hold that length, if one has been 2558 * assigned. (If one hasn't been assigned, no code we've 2559 * generated uses that prefix, so we don't need to generate any 2560 * code to load it.) 2561 */ 2562 if (cstate->off_linkhdr.reg != -1) { 2563 /* 2564 * The 2 bytes at offsets of 2 and 3 from the beginning 2565 * of the radiotap header are the length of the radiotap 2566 * header; unfortunately, it's little-endian, so we have 2567 * to load it a byte at a time and construct the value. 2568 */ 2569 2570 /* 2571 * Load the high-order byte, at an offset of 3, shift it 2572 * left a byte, and put the result in the X register. 2573 */ 2574 s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 2575 s1->s.k = 3; 2576 s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K); 2577 sappend(s1, s2); 2578 s2->s.k = 8; 2579 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2580 sappend(s1, s2); 2581 2582 /* 2583 * Load the next byte, at an offset of 2, and OR the 2584 * value from the X register into it. 2585 */ 2586 s2 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 2587 sappend(s1, s2); 2588 s2->s.k = 2; 2589 s2 = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_X); 2590 sappend(s1, s2); 2591 2592 /* 2593 * Now allocate a register to hold that value and store 2594 * it. 2595 */ 2596 s2 = new_stmt(cstate, BPF_ST); 2597 s2->s.k = cstate->off_linkhdr.reg; 2598 sappend(s1, s2); 2599 2600 /* 2601 * Now move it into the X register. 2602 */ 2603 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2604 sappend(s1, s2); 2605 2606 return (s1); 2607 } else 2608 return (NULL); 2609 } 2610 2611 /* 2612 * At the moment we treat PPI as normal Radiotap encoded 2613 * packets. The difference is in the function that generates 2614 * the code at the beginning to compute the header length. 2615 * Since this code generator of PPI supports bare 802.11 2616 * encapsulation only (i.e. the encapsulated DLT should be 2617 * DLT_IEEE802_11) we generate code to check for this too; 2618 * that's done in finish_parse(). 2619 */ 2620 static struct slist * 2621 gen_load_ppi_llprefixlen(compiler_state_t *cstate) 2622 { 2623 struct slist *s1, *s2; 2624 2625 /* 2626 * Generate code to load the length of the radiotap header 2627 * into the register assigned to hold that length, if one has 2628 * been assigned. 2629 */ 2630 if (cstate->off_linkhdr.reg != -1) { 2631 /* 2632 * The 2 bytes at offsets of 2 and 3 from the beginning 2633 * of the radiotap header are the length of the radiotap 2634 * header; unfortunately, it's little-endian, so we have 2635 * to load it a byte at a time and construct the value. 2636 */ 2637 2638 /* 2639 * Load the high-order byte, at an offset of 3, shift it 2640 * left a byte, and put the result in the X register. 2641 */ 2642 s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 2643 s1->s.k = 3; 2644 s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K); 2645 sappend(s1, s2); 2646 s2->s.k = 8; 2647 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2648 sappend(s1, s2); 2649 2650 /* 2651 * Load the next byte, at an offset of 2, and OR the 2652 * value from the X register into it. 2653 */ 2654 s2 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 2655 sappend(s1, s2); 2656 s2->s.k = 2; 2657 s2 = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_X); 2658 sappend(s1, s2); 2659 2660 /* 2661 * Now allocate a register to hold that value and store 2662 * it. 2663 */ 2664 s2 = new_stmt(cstate, BPF_ST); 2665 s2->s.k = cstate->off_linkhdr.reg; 2666 sappend(s1, s2); 2667 2668 /* 2669 * Now move it into the X register. 2670 */ 2671 s2 = new_stmt(cstate, BPF_MISC|BPF_TAX); 2672 sappend(s1, s2); 2673 2674 return (s1); 2675 } else 2676 return (NULL); 2677 } 2678 2679 /* 2680 * Load a value relative to the beginning of the link-layer header after the 802.11 2681 * header, i.e. LLC_SNAP. 2682 * The link-layer header doesn't necessarily begin at the beginning 2683 * of the packet data; there might be a variable-length prefix containing 2684 * radio information. 2685 */ 2686 static struct slist * 2687 gen_load_802_11_header_len(compiler_state_t *cstate, struct slist *s, struct slist *snext) 2688 { 2689 struct slist *s2; 2690 struct slist *sjset_data_frame_1; 2691 struct slist *sjset_data_frame_2; 2692 struct slist *sjset_qos; 2693 struct slist *sjset_radiotap_flags_present; 2694 struct slist *sjset_radiotap_ext_present; 2695 struct slist *sjset_radiotap_tsft_present; 2696 struct slist *sjset_tsft_datapad, *sjset_notsft_datapad; 2697 struct slist *s_roundup; 2698 2699 if (cstate->off_linkpl.reg == -1) { 2700 /* 2701 * No register has been assigned to the offset of 2702 * the link-layer payload, which means nobody needs 2703 * it; don't bother computing it - just return 2704 * what we already have. 2705 */ 2706 return (s); 2707 } 2708 2709 /* 2710 * This code is not compatible with the optimizer, as 2711 * we are generating jmp instructions within a normal 2712 * slist of instructions 2713 */ 2714 cstate->no_optimize = 1; 2715 2716 /* 2717 * If "s" is non-null, it has code to arrange that the X register 2718 * contains the length of the prefix preceding the link-layer 2719 * header. 2720 * 2721 * Otherwise, the length of the prefix preceding the link-layer 2722 * header is "off_outermostlinkhdr.constant_part". 2723 */ 2724 if (s == NULL) { 2725 /* 2726 * There is no variable-length header preceding the 2727 * link-layer header. 2728 * 2729 * Load the length of the fixed-length prefix preceding 2730 * the link-layer header (if any) into the X register, 2731 * and store it in the cstate->off_linkpl.reg register. 2732 * That length is off_outermostlinkhdr.constant_part. 2733 */ 2734 s = new_stmt(cstate, BPF_LDX|BPF_IMM); 2735 s->s.k = cstate->off_outermostlinkhdr.constant_part; 2736 } 2737 2738 /* 2739 * The X register contains the offset of the beginning of the 2740 * link-layer header; add 24, which is the minimum length 2741 * of the MAC header for a data frame, to that, and store it 2742 * in cstate->off_linkpl.reg, and then load the Frame Control field, 2743 * which is at the offset in the X register, with an indexed load. 2744 */ 2745 s2 = new_stmt(cstate, BPF_MISC|BPF_TXA); 2746 sappend(s, s2); 2747 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 2748 s2->s.k = 24; 2749 sappend(s, s2); 2750 s2 = new_stmt(cstate, BPF_ST); 2751 s2->s.k = cstate->off_linkpl.reg; 2752 sappend(s, s2); 2753 2754 s2 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 2755 s2->s.k = 0; 2756 sappend(s, s2); 2757 2758 /* 2759 * Check the Frame Control field to see if this is a data frame; 2760 * a data frame has the 0x08 bit (b3) in that field set and the 2761 * 0x04 bit (b2) clear. 2762 */ 2763 sjset_data_frame_1 = new_stmt(cstate, JMP(BPF_JSET)); 2764 sjset_data_frame_1->s.k = 0x08; 2765 sappend(s, sjset_data_frame_1); 2766 2767 /* 2768 * If b3 is set, test b2, otherwise go to the first statement of 2769 * the rest of the program. 2770 */ 2771 sjset_data_frame_1->s.jt = sjset_data_frame_2 = new_stmt(cstate, JMP(BPF_JSET)); 2772 sjset_data_frame_2->s.k = 0x04; 2773 sappend(s, sjset_data_frame_2); 2774 sjset_data_frame_1->s.jf = snext; 2775 2776 /* 2777 * If b2 is not set, this is a data frame; test the QoS bit. 2778 * Otherwise, go to the first statement of the rest of the 2779 * program. 2780 */ 2781 sjset_data_frame_2->s.jt = snext; 2782 sjset_data_frame_2->s.jf = sjset_qos = new_stmt(cstate, JMP(BPF_JSET)); 2783 sjset_qos->s.k = 0x80; /* QoS bit */ 2784 sappend(s, sjset_qos); 2785 2786 /* 2787 * If it's set, add 2 to cstate->off_linkpl.reg, to skip the QoS 2788 * field. 2789 * Otherwise, go to the first statement of the rest of the 2790 * program. 2791 */ 2792 sjset_qos->s.jt = s2 = new_stmt(cstate, BPF_LD|BPF_MEM); 2793 s2->s.k = cstate->off_linkpl.reg; 2794 sappend(s, s2); 2795 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM); 2796 s2->s.k = 2; 2797 sappend(s, s2); 2798 s2 = new_stmt(cstate, BPF_ST); 2799 s2->s.k = cstate->off_linkpl.reg; 2800 sappend(s, s2); 2801 2802 /* 2803 * If we have a radiotap header, look at it to see whether 2804 * there's Atheros padding between the MAC-layer header 2805 * and the payload. 2806 * 2807 * Note: all of the fields in the radiotap header are 2808 * little-endian, so we byte-swap all of the values 2809 * we test against, as they will be loaded as big-endian 2810 * values. 2811 * 2812 * XXX - in the general case, we would have to scan through 2813 * *all* the presence bits, if there's more than one word of 2814 * presence bits. That would require a loop, meaning that 2815 * we wouldn't be able to run the filter in the kernel. 2816 * 2817 * We assume here that the Atheros adapters that insert the 2818 * annoying padding don't have multiple antennae and therefore 2819 * do not generate radiotap headers with multiple presence words. 2820 */ 2821 if (cstate->linktype == DLT_IEEE802_11_RADIO) { 2822 /* 2823 * Is the IEEE80211_RADIOTAP_FLAGS bit (0x0000002) set 2824 * in the first presence flag word? 2825 */ 2826 sjset_qos->s.jf = s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_W); 2827 s2->s.k = 4; 2828 sappend(s, s2); 2829 2830 sjset_radiotap_flags_present = new_stmt(cstate, JMP(BPF_JSET)); 2831 sjset_radiotap_flags_present->s.k = SWAPLONG(0x00000002); 2832 sappend(s, sjset_radiotap_flags_present); 2833 2834 /* 2835 * If not, skip all of this. 2836 */ 2837 sjset_radiotap_flags_present->s.jf = snext; 2838 2839 /* 2840 * Otherwise, is the "extension" bit set in that word? 2841 */ 2842 sjset_radiotap_ext_present = new_stmt(cstate, JMP(BPF_JSET)); 2843 sjset_radiotap_ext_present->s.k = SWAPLONG(0x80000000); 2844 sappend(s, sjset_radiotap_ext_present); 2845 sjset_radiotap_flags_present->s.jt = sjset_radiotap_ext_present; 2846 2847 /* 2848 * If so, skip all of this. 2849 */ 2850 sjset_radiotap_ext_present->s.jt = snext; 2851 2852 /* 2853 * Otherwise, is the IEEE80211_RADIOTAP_TSFT bit set? 2854 */ 2855 sjset_radiotap_tsft_present = new_stmt(cstate, JMP(BPF_JSET)); 2856 sjset_radiotap_tsft_present->s.k = SWAPLONG(0x00000001); 2857 sappend(s, sjset_radiotap_tsft_present); 2858 sjset_radiotap_ext_present->s.jf = sjset_radiotap_tsft_present; 2859 2860 /* 2861 * If IEEE80211_RADIOTAP_TSFT is set, the flags field is 2862 * at an offset of 16 from the beginning of the raw packet 2863 * data (8 bytes for the radiotap header and 8 bytes for 2864 * the TSFT field). 2865 * 2866 * Test whether the IEEE80211_RADIOTAP_F_DATAPAD bit (0x20) 2867 * is set. 2868 */ 2869 s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B); 2870 s2->s.k = 16; 2871 sappend(s, s2); 2872 sjset_radiotap_tsft_present->s.jt = s2; 2873 2874 sjset_tsft_datapad = new_stmt(cstate, JMP(BPF_JSET)); 2875 sjset_tsft_datapad->s.k = 0x20; 2876 sappend(s, sjset_tsft_datapad); 2877 2878 /* 2879 * If IEEE80211_RADIOTAP_TSFT is not set, the flags field is 2880 * at an offset of 8 from the beginning of the raw packet 2881 * data (8 bytes for the radiotap header). 2882 * 2883 * Test whether the IEEE80211_RADIOTAP_F_DATAPAD bit (0x20) 2884 * is set. 2885 */ 2886 s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B); 2887 s2->s.k = 8; 2888 sappend(s, s2); 2889 sjset_radiotap_tsft_present->s.jf = s2; 2890 2891 sjset_notsft_datapad = new_stmt(cstate, JMP(BPF_JSET)); 2892 sjset_notsft_datapad->s.k = 0x20; 2893 sappend(s, sjset_notsft_datapad); 2894 2895 /* 2896 * In either case, if IEEE80211_RADIOTAP_F_DATAPAD is 2897 * set, round the length of the 802.11 header to 2898 * a multiple of 4. Do that by adding 3 and then 2899 * dividing by and multiplying by 4, which we do by 2900 * ANDing with ~3. 2901 */ 2902 s_roundup = new_stmt(cstate, BPF_LD|BPF_MEM); 2903 s_roundup->s.k = cstate->off_linkpl.reg; 2904 sappend(s, s_roundup); 2905 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM); 2906 s2->s.k = 3; 2907 sappend(s, s2); 2908 s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_IMM); 2909 s2->s.k = (bpf_u_int32)~3; 2910 sappend(s, s2); 2911 s2 = new_stmt(cstate, BPF_ST); 2912 s2->s.k = cstate->off_linkpl.reg; 2913 sappend(s, s2); 2914 2915 sjset_tsft_datapad->s.jt = s_roundup; 2916 sjset_tsft_datapad->s.jf = snext; 2917 sjset_notsft_datapad->s.jt = s_roundup; 2918 sjset_notsft_datapad->s.jf = snext; 2919 } else 2920 sjset_qos->s.jf = snext; 2921 2922 return s; 2923 } 2924 2925 static void 2926 insert_compute_vloffsets(compiler_state_t *cstate, struct block *b) 2927 { 2928 struct slist *s; 2929 2930 /* There is an implicit dependency between the link 2931 * payload and link header since the payload computation 2932 * includes the variable part of the header. Therefore, 2933 * if nobody else has allocated a register for the link 2934 * header and we need it, do it now. */ 2935 if (cstate->off_linkpl.reg != -1 && cstate->off_linkhdr.is_variable && 2936 cstate->off_linkhdr.reg == -1) 2937 cstate->off_linkhdr.reg = alloc_reg(cstate); 2938 2939 /* 2940 * For link-layer types that have a variable-length header 2941 * preceding the link-layer header, generate code to load 2942 * the offset of the link-layer header into the register 2943 * assigned to that offset, if any. 2944 * 2945 * XXX - this, and the next switch statement, won't handle 2946 * encapsulation of 802.11 or 802.11+radio information in 2947 * some other protocol stack. That's significantly more 2948 * complicated. 2949 */ 2950 switch (cstate->outermostlinktype) { 2951 2952 case DLT_PRISM_HEADER: 2953 s = gen_load_prism_llprefixlen(cstate); 2954 break; 2955 2956 case DLT_IEEE802_11_RADIO_AVS: 2957 s = gen_load_avs_llprefixlen(cstate); 2958 break; 2959 2960 case DLT_IEEE802_11_RADIO: 2961 s = gen_load_radiotap_llprefixlen(cstate); 2962 break; 2963 2964 case DLT_PPI: 2965 s = gen_load_ppi_llprefixlen(cstate); 2966 break; 2967 2968 default: 2969 s = NULL; 2970 break; 2971 } 2972 2973 /* 2974 * For link-layer types that have a variable-length link-layer 2975 * header, generate code to load the offset of the link-layer 2976 * payload into the register assigned to that offset, if any. 2977 */ 2978 switch (cstate->outermostlinktype) { 2979 2980 case DLT_IEEE802_11: 2981 case DLT_PRISM_HEADER: 2982 case DLT_IEEE802_11_RADIO_AVS: 2983 case DLT_IEEE802_11_RADIO: 2984 case DLT_PPI: 2985 s = gen_load_802_11_header_len(cstate, s, b->stmts); 2986 break; 2987 2988 case DLT_PFLOG: 2989 s = gen_load_pflog_llprefixlen(cstate); 2990 break; 2991 } 2992 2993 /* 2994 * If there is no initialization yet and we need variable 2995 * length offsets for VLAN, initialize them to zero 2996 */ 2997 if (s == NULL && cstate->is_vlan_vloffset) { 2998 struct slist *s2; 2999 3000 if (cstate->off_linkpl.reg == -1) 3001 cstate->off_linkpl.reg = alloc_reg(cstate); 3002 if (cstate->off_linktype.reg == -1) 3003 cstate->off_linktype.reg = alloc_reg(cstate); 3004 3005 s = new_stmt(cstate, BPF_LD|BPF_W|BPF_IMM); 3006 s->s.k = 0; 3007 s2 = new_stmt(cstate, BPF_ST); 3008 s2->s.k = cstate->off_linkpl.reg; 3009 sappend(s, s2); 3010 s2 = new_stmt(cstate, BPF_ST); 3011 s2->s.k = cstate->off_linktype.reg; 3012 sappend(s, s2); 3013 } 3014 3015 /* 3016 * If we have any offset-loading code, append all the 3017 * existing statements in the block to those statements, 3018 * and make the resulting list the list of statements 3019 * for the block. 3020 */ 3021 if (s != NULL) { 3022 sappend(s, b->stmts); 3023 b->stmts = s; 3024 } 3025 } 3026 3027 static struct block * 3028 gen_ppi_dlt_check(compiler_state_t *cstate) 3029 { 3030 struct slist *s_load_dlt; 3031 struct block *b; 3032 3033 if (cstate->linktype == DLT_PPI) 3034 { 3035 /* Create the statements that check for the DLT 3036 */ 3037 s_load_dlt = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS); 3038 s_load_dlt->s.k = 4; 3039 3040 b = new_block(cstate, JMP(BPF_JEQ)); 3041 3042 b->stmts = s_load_dlt; 3043 b->s.k = SWAPLONG(DLT_IEEE802_11); 3044 } 3045 else 3046 { 3047 b = NULL; 3048 } 3049 3050 return b; 3051 } 3052 3053 /* 3054 * Take an absolute offset, and: 3055 * 3056 * if it has no variable part, return NULL; 3057 * 3058 * if it has a variable part, generate code to load the register 3059 * containing that variable part into the X register, returning 3060 * a pointer to that code - if no register for that offset has 3061 * been allocated, allocate it first. 3062 * 3063 * (The code to set that register will be generated later, but will 3064 * be placed earlier in the code sequence.) 3065 */ 3066 static struct slist * 3067 gen_abs_offset_varpart(compiler_state_t *cstate, bpf_abs_offset *off) 3068 { 3069 struct slist *s; 3070 3071 if (off->is_variable) { 3072 if (off->reg == -1) { 3073 /* 3074 * We haven't yet assigned a register for the 3075 * variable part of the offset of the link-layer 3076 * header; allocate one. 3077 */ 3078 off->reg = alloc_reg(cstate); 3079 } 3080 3081 /* 3082 * Load the register containing the variable part of the 3083 * offset of the link-layer header into the X register. 3084 */ 3085 s = new_stmt(cstate, BPF_LDX|BPF_MEM); 3086 s->s.k = off->reg; 3087 return s; 3088 } else { 3089 /* 3090 * That offset isn't variable, there's no variable part, 3091 * so we don't need to generate any code. 3092 */ 3093 return NULL; 3094 } 3095 } 3096 3097 /* 3098 * Map an Ethernet type to the equivalent PPP type. 3099 */ 3100 static bpf_u_int32 3101 ethertype_to_ppptype(bpf_u_int32 ll_proto) 3102 { 3103 switch (ll_proto) { 3104 3105 case ETHERTYPE_IP: 3106 ll_proto = PPP_IP; 3107 break; 3108 3109 case ETHERTYPE_IPV6: 3110 ll_proto = PPP_IPV6; 3111 break; 3112 3113 case ETHERTYPE_DN: 3114 ll_proto = PPP_DECNET; 3115 break; 3116 3117 case ETHERTYPE_ATALK: 3118 ll_proto = PPP_APPLE; 3119 break; 3120 3121 case ETHERTYPE_NS: 3122 ll_proto = PPP_NS; 3123 break; 3124 3125 case LLCSAP_ISONS: 3126 ll_proto = PPP_OSI; 3127 break; 3128 3129 case LLCSAP_8021D: 3130 /* 3131 * I'm assuming the "Bridging PDU"s that go 3132 * over PPP are Spanning Tree Protocol 3133 * Bridging PDUs. 3134 */ 3135 ll_proto = PPP_BRPDU; 3136 break; 3137 3138 case LLCSAP_IPX: 3139 ll_proto = PPP_IPX; 3140 break; 3141 } 3142 return (ll_proto); 3143 } 3144 3145 /* 3146 * Generate any tests that, for encapsulation of a link-layer packet 3147 * inside another protocol stack, need to be done to check for those 3148 * link-layer packets (and that haven't already been done by a check 3149 * for that encapsulation). 3150 */ 3151 static struct block * 3152 gen_prevlinkhdr_check(compiler_state_t *cstate) 3153 { 3154 struct block *b0; 3155 3156 if (cstate->is_geneve) 3157 return gen_geneve_ll_check(cstate); 3158 3159 switch (cstate->prevlinktype) { 3160 3161 case DLT_SUNATM: 3162 /* 3163 * This is LANE-encapsulated Ethernet; check that the LANE 3164 * packet doesn't begin with an LE Control marker, i.e. 3165 * that it's data, not a control message. 3166 * 3167 * (We've already generated a test for LANE.) 3168 */ 3169 b0 = gen_cmp(cstate, OR_PREVLINKHDR, SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00); 3170 gen_not(b0); 3171 return b0; 3172 3173 default: 3174 /* 3175 * No such tests are necessary. 3176 */ 3177 return NULL; 3178 } 3179 /*NOTREACHED*/ 3180 } 3181 3182 /* 3183 * The three different values we should check for when checking for an 3184 * IPv6 packet with DLT_NULL. 3185 */ 3186 #define BSD_AFNUM_INET6_BSD 24 /* NetBSD, OpenBSD, BSD/OS, Npcap */ 3187 #define BSD_AFNUM_INET6_FREEBSD 28 /* FreeBSD */ 3188 #define BSD_AFNUM_INET6_DARWIN 30 /* macOS, iOS, other Darwin-based OSes */ 3189 3190 /* 3191 * Generate code to match a particular packet type by matching the 3192 * link-layer type field or fields in the 802.2 LLC header. 3193 * 3194 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 3195 * value, if <= ETHERMTU. 3196 */ 3197 static struct block * 3198 gen_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 3199 { 3200 struct block *b0, *b1, *b2; 3201 const char *description; 3202 3203 /* are we checking MPLS-encapsulated packets? */ 3204 if (cstate->label_stack_depth > 0) 3205 return gen_mpls_linktype(cstate, ll_proto); 3206 3207 switch (cstate->linktype) { 3208 3209 case DLT_EN10MB: 3210 case DLT_NETANALYZER: 3211 case DLT_NETANALYZER_TRANSPARENT: 3212 /* Geneve has an EtherType regardless of whether there is an 3213 * L2 header. */ 3214 if (!cstate->is_geneve) 3215 b0 = gen_prevlinkhdr_check(cstate); 3216 else 3217 b0 = NULL; 3218 3219 b1 = gen_ether_linktype(cstate, ll_proto); 3220 if (b0 != NULL) 3221 gen_and(b0, b1); 3222 return b1; 3223 /*NOTREACHED*/ 3224 3225 case DLT_C_HDLC: 3226 case DLT_HDLC: 3227 switch (ll_proto) { 3228 3229 case LLCSAP_ISONS: 3230 ll_proto = (ll_proto << 8 | LLCSAP_ISONS); 3231 /* fall through */ 3232 3233 default: 3234 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 3235 /*NOTREACHED*/ 3236 } 3237 3238 case DLT_IEEE802_11: 3239 case DLT_PRISM_HEADER: 3240 case DLT_IEEE802_11_RADIO_AVS: 3241 case DLT_IEEE802_11_RADIO: 3242 case DLT_PPI: 3243 /* 3244 * Check that we have a data frame. 3245 */ 3246 b0 = gen_check_802_11_data_frame(cstate); 3247 3248 /* 3249 * Now check for the specified link-layer type. 3250 */ 3251 b1 = gen_llc_linktype(cstate, ll_proto); 3252 gen_and(b0, b1); 3253 return b1; 3254 /*NOTREACHED*/ 3255 3256 case DLT_FDDI: 3257 /* 3258 * XXX - check for LLC frames. 3259 */ 3260 return gen_llc_linktype(cstate, ll_proto); 3261 /*NOTREACHED*/ 3262 3263 case DLT_IEEE802: 3264 /* 3265 * XXX - check for LLC PDUs, as per IEEE 802.5. 3266 */ 3267 return gen_llc_linktype(cstate, ll_proto); 3268 /*NOTREACHED*/ 3269 3270 case DLT_ATM_RFC1483: 3271 case DLT_ATM_CLIP: 3272 case DLT_IP_OVER_FC: 3273 return gen_llc_linktype(cstate, ll_proto); 3274 /*NOTREACHED*/ 3275 3276 case DLT_SUNATM: 3277 /* 3278 * Check for an LLC-encapsulated version of this protocol; 3279 * if we were checking for LANE, linktype would no longer 3280 * be DLT_SUNATM. 3281 * 3282 * Check for LLC encapsulation and then check the protocol. 3283 */ 3284 b0 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 3285 b1 = gen_llc_linktype(cstate, ll_proto); 3286 gen_and(b0, b1); 3287 return b1; 3288 /*NOTREACHED*/ 3289 3290 case DLT_LINUX_SLL: 3291 return gen_linux_sll_linktype(cstate, ll_proto); 3292 /*NOTREACHED*/ 3293 3294 case DLT_SLIP: 3295 case DLT_SLIP_BSDOS: 3296 case DLT_RAW: 3297 /* 3298 * These types don't provide any type field; packets 3299 * are always IPv4 or IPv6. 3300 * 3301 * XXX - for IPv4, check for a version number of 4, and, 3302 * for IPv6, check for a version number of 6? 3303 */ 3304 switch (ll_proto) { 3305 3306 case ETHERTYPE_IP: 3307 /* Check for a version number of 4. */ 3308 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, 0x40, 0xF0); 3309 3310 case ETHERTYPE_IPV6: 3311 /* Check for a version number of 6. */ 3312 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, 0x60, 0xF0); 3313 3314 default: 3315 return gen_false(cstate); /* always false */ 3316 } 3317 /*NOTREACHED*/ 3318 3319 case DLT_IPV4: 3320 /* 3321 * Raw IPv4, so no type field. 3322 */ 3323 if (ll_proto == ETHERTYPE_IP) 3324 return gen_true(cstate); /* always true */ 3325 3326 /* Checking for something other than IPv4; always false */ 3327 return gen_false(cstate); 3328 /*NOTREACHED*/ 3329 3330 case DLT_IPV6: 3331 /* 3332 * Raw IPv6, so no type field. 3333 */ 3334 if (ll_proto == ETHERTYPE_IPV6) 3335 return gen_true(cstate); /* always true */ 3336 3337 /* Checking for something other than IPv6; always false */ 3338 return gen_false(cstate); 3339 /*NOTREACHED*/ 3340 3341 case DLT_PPP: 3342 case DLT_PPP_PPPD: 3343 case DLT_PPP_SERIAL: 3344 case DLT_PPP_ETHER: 3345 /* 3346 * We use Ethernet protocol types inside libpcap; 3347 * map them to the corresponding PPP protocol types. 3348 */ 3349 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, 3350 ethertype_to_ppptype(ll_proto)); 3351 /*NOTREACHED*/ 3352 3353 case DLT_PPP_BSDOS: 3354 /* 3355 * We use Ethernet protocol types inside libpcap; 3356 * map them to the corresponding PPP protocol types. 3357 */ 3358 switch (ll_proto) { 3359 3360 case ETHERTYPE_IP: 3361 /* 3362 * Also check for Van Jacobson-compressed IP. 3363 * XXX - do this for other forms of PPP? 3364 */ 3365 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_IP); 3366 b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_VJC); 3367 gen_or(b0, b1); 3368 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_VJNC); 3369 gen_or(b1, b0); 3370 return b0; 3371 3372 default: 3373 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, 3374 ethertype_to_ppptype(ll_proto)); 3375 } 3376 /*NOTREACHED*/ 3377 3378 case DLT_NULL: 3379 case DLT_LOOP: 3380 case DLT_ENC: 3381 switch (ll_proto) { 3382 3383 case ETHERTYPE_IP: 3384 return (gen_loopback_linktype(cstate, AF_INET)); 3385 3386 case ETHERTYPE_IPV6: 3387 /* 3388 * AF_ values may, unfortunately, be platform- 3389 * dependent; AF_INET isn't, because everybody 3390 * used 4.2BSD's value, but AF_INET6 is, because 3391 * 4.2BSD didn't have a value for it (given that 3392 * IPv6 didn't exist back in the early 1980's), 3393 * and they all picked their own values. 3394 * 3395 * This means that, if we're reading from a 3396 * savefile, we need to check for all the 3397 * possible values. 3398 * 3399 * If we're doing a live capture, we only need 3400 * to check for this platform's value; however, 3401 * Npcap uses 24, which isn't Windows's AF_INET6 3402 * value. (Given the multiple different values, 3403 * programs that read pcap files shouldn't be 3404 * checking for their platform's AF_INET6 value 3405 * anyway, they should check for all of the 3406 * possible values. and they might as well do 3407 * that even for live captures.) 3408 */ 3409 if (cstate->bpf_pcap->rfile != NULL) { 3410 /* 3411 * Savefile - check for all three 3412 * possible IPv6 values. 3413 */ 3414 b0 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_BSD); 3415 b1 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_FREEBSD); 3416 gen_or(b0, b1); 3417 b0 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_DARWIN); 3418 gen_or(b0, b1); 3419 return (b1); 3420 } else { 3421 /* 3422 * Live capture, so we only need to 3423 * check for the value used on this 3424 * platform. 3425 */ 3426 #ifdef _WIN32 3427 /* 3428 * Npcap doesn't use Windows's AF_INET6, 3429 * as that collides with AF_IPX on 3430 * some BSDs (both have the value 23). 3431 * Instead, it uses 24. 3432 */ 3433 return (gen_loopback_linktype(cstate, 24)); 3434 #else /* _WIN32 */ 3435 #ifdef AF_INET6 3436 return (gen_loopback_linktype(cstate, AF_INET6)); 3437 #else /* AF_INET6 */ 3438 /* 3439 * I guess this platform doesn't support 3440 * IPv6, so we just reject all packets. 3441 */ 3442 return gen_false(cstate); 3443 #endif /* AF_INET6 */ 3444 #endif /* _WIN32 */ 3445 } 3446 3447 default: 3448 /* 3449 * Not a type on which we support filtering. 3450 * XXX - support those that have AF_ values 3451 * #defined on this platform, at least? 3452 */ 3453 return gen_false(cstate); 3454 } 3455 3456 case DLT_PFLOG: 3457 /* 3458 * af field is host byte order in contrast to the rest of 3459 * the packet. 3460 */ 3461 if (ll_proto == ETHERTYPE_IP) 3462 return (gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, af), 3463 BPF_B, AF_INET)); 3464 else if (ll_proto == ETHERTYPE_IPV6) 3465 return (gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, af), 3466 BPF_B, AF_INET6)); 3467 else 3468 return gen_false(cstate); 3469 /*NOTREACHED*/ 3470 3471 case DLT_ARCNET: 3472 case DLT_ARCNET_LINUX: 3473 /* 3474 * XXX should we check for first fragment if the protocol 3475 * uses PHDS? 3476 */ 3477 switch (ll_proto) { 3478 3479 default: 3480 return gen_false(cstate); 3481 3482 case ETHERTYPE_IPV6: 3483 return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3484 ARCTYPE_INET6)); 3485 3486 case ETHERTYPE_IP: 3487 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3488 ARCTYPE_IP); 3489 b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3490 ARCTYPE_IP_OLD); 3491 gen_or(b0, b1); 3492 return (b1); 3493 3494 case ETHERTYPE_ARP: 3495 b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3496 ARCTYPE_ARP); 3497 b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3498 ARCTYPE_ARP_OLD); 3499 gen_or(b0, b1); 3500 return (b1); 3501 3502 case ETHERTYPE_REVARP: 3503 return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3504 ARCTYPE_REVARP)); 3505 3506 case ETHERTYPE_ATALK: 3507 return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, 3508 ARCTYPE_ATALK)); 3509 } 3510 /*NOTREACHED*/ 3511 3512 case DLT_LTALK: 3513 switch (ll_proto) { 3514 case ETHERTYPE_ATALK: 3515 return gen_true(cstate); 3516 default: 3517 return gen_false(cstate); 3518 } 3519 /*NOTREACHED*/ 3520 3521 case DLT_FRELAY: 3522 /* 3523 * XXX - assumes a 2-byte Frame Relay header with 3524 * DLCI and flags. What if the address is longer? 3525 */ 3526 switch (ll_proto) { 3527 3528 case ETHERTYPE_IP: 3529 /* 3530 * Check for the special NLPID for IP. 3531 */ 3532 return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | 0xcc); 3533 3534 case ETHERTYPE_IPV6: 3535 /* 3536 * Check for the special NLPID for IPv6. 3537 */ 3538 return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | 0x8e); 3539 3540 case LLCSAP_ISONS: 3541 /* 3542 * Check for several OSI protocols. 3543 * 3544 * Frame Relay packets typically have an OSI 3545 * NLPID at the beginning; we check for each 3546 * of them. 3547 * 3548 * What we check for is the NLPID and a frame 3549 * control field of UI, i.e. 0x03 followed 3550 * by the NLPID. 3551 */ 3552 b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO8473_CLNP); 3553 b1 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO9542_ESIS); 3554 b2 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO10589_ISIS); 3555 gen_or(b1, b2); 3556 gen_or(b0, b2); 3557 return b2; 3558 3559 default: 3560 return gen_false(cstate); 3561 } 3562 /*NOTREACHED*/ 3563 3564 case DLT_MFR: 3565 bpf_error(cstate, "Multi-link Frame Relay link-layer type filtering not implemented"); 3566 3567 case DLT_JUNIPER_MFR: 3568 case DLT_JUNIPER_MLFR: 3569 case DLT_JUNIPER_MLPPP: 3570 case DLT_JUNIPER_ATM1: 3571 case DLT_JUNIPER_ATM2: 3572 case DLT_JUNIPER_PPPOE: 3573 case DLT_JUNIPER_PPPOE_ATM: 3574 case DLT_JUNIPER_GGSN: 3575 case DLT_JUNIPER_ES: 3576 case DLT_JUNIPER_MONITOR: 3577 case DLT_JUNIPER_SERVICES: 3578 case DLT_JUNIPER_ETHER: 3579 case DLT_JUNIPER_PPP: 3580 case DLT_JUNIPER_FRELAY: 3581 case DLT_JUNIPER_CHDLC: 3582 case DLT_JUNIPER_VP: 3583 case DLT_JUNIPER_ST: 3584 case DLT_JUNIPER_ISM: 3585 case DLT_JUNIPER_VS: 3586 case DLT_JUNIPER_SRX_E2E: 3587 case DLT_JUNIPER_FIBRECHANNEL: 3588 case DLT_JUNIPER_ATM_CEMIC: 3589 3590 /* just lets verify the magic number for now - 3591 * on ATM we may have up to 6 different encapsulations on the wire 3592 * and need a lot of heuristics to figure out that the payload 3593 * might be; 3594 * 3595 * FIXME encapsulation specific BPF_ filters 3596 */ 3597 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */ 3598 3599 case DLT_BACNET_MS_TP: 3600 return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_W, 0x55FF0000, 0xffff0000); 3601 3602 case DLT_IPNET: 3603 return gen_ipnet_linktype(cstate, ll_proto); 3604 3605 case DLT_LINUX_IRDA: 3606 bpf_error(cstate, "IrDA link-layer type filtering not implemented"); 3607 3608 case DLT_DOCSIS: 3609 bpf_error(cstate, "DOCSIS link-layer type filtering not implemented"); 3610 3611 case DLT_MTP2: 3612 case DLT_MTP2_WITH_PHDR: 3613 bpf_error(cstate, "MTP2 link-layer type filtering not implemented"); 3614 3615 case DLT_ERF: 3616 bpf_error(cstate, "ERF link-layer type filtering not implemented"); 3617 3618 case DLT_PFSYNC: 3619 bpf_error(cstate, "PFSYNC link-layer type filtering not implemented"); 3620 3621 case DLT_LINUX_LAPD: 3622 bpf_error(cstate, "LAPD link-layer type filtering not implemented"); 3623 3624 case DLT_USB_FREEBSD: 3625 case DLT_USB_LINUX: 3626 case DLT_USB_LINUX_MMAPPED: 3627 case DLT_USBPCAP: 3628 bpf_error(cstate, "USB link-layer type filtering not implemented"); 3629 3630 case DLT_BLUETOOTH_HCI_H4: 3631 case DLT_BLUETOOTH_HCI_H4_WITH_PHDR: 3632 bpf_error(cstate, "Bluetooth link-layer type filtering not implemented"); 3633 3634 case DLT_CAN20B: 3635 case DLT_CAN_SOCKETCAN: 3636 bpf_error(cstate, "CAN link-layer type filtering not implemented"); 3637 3638 case DLT_IEEE802_15_4: 3639 case DLT_IEEE802_15_4_LINUX: 3640 case DLT_IEEE802_15_4_NONASK_PHY: 3641 case DLT_IEEE802_15_4_NOFCS: 3642 case DLT_IEEE802_15_4_TAP: 3643 bpf_error(cstate, "IEEE 802.15.4 link-layer type filtering not implemented"); 3644 3645 case DLT_IEEE802_16_MAC_CPS_RADIO: 3646 bpf_error(cstate, "IEEE 802.16 link-layer type filtering not implemented"); 3647 3648 case DLT_SITA: 3649 bpf_error(cstate, "SITA link-layer type filtering not implemented"); 3650 3651 case DLT_RAIF1: 3652 bpf_error(cstate, "RAIF1 link-layer type filtering not implemented"); 3653 3654 case DLT_IPMB_KONTRON: 3655 case DLT_IPMB_LINUX: 3656 bpf_error(cstate, "IPMB link-layer type filtering not implemented"); 3657 3658 case DLT_AX25_KISS: 3659 bpf_error(cstate, "AX.25 link-layer type filtering not implemented"); 3660 3661 case DLT_NFLOG: 3662 /* Using the fixed-size NFLOG header it is possible to tell only 3663 * the address family of the packet, other meaningful data is 3664 * either missing or behind TLVs. 3665 */ 3666 bpf_error(cstate, "NFLOG link-layer type filtering not implemented"); 3667 3668 default: 3669 /* 3670 * Does this link-layer header type have a field 3671 * indicating the type of the next protocol? If 3672 * so, off_linktype.constant_part will be the offset of that 3673 * field in the packet; if not, it will be OFFSET_NOT_SET. 3674 */ 3675 if (cstate->off_linktype.constant_part != OFFSET_NOT_SET) { 3676 /* 3677 * Yes; assume it's an Ethernet type. (If 3678 * it's not, it needs to be handled specially 3679 * above.) 3680 */ 3681 return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto); 3682 /*NOTREACHED */ 3683 } else { 3684 /* 3685 * No; report an error. 3686 */ 3687 description = pcap_datalink_val_to_description_or_dlt(cstate->linktype); 3688 bpf_error(cstate, "%s link-layer type filtering not implemented", 3689 description); 3690 /*NOTREACHED */ 3691 } 3692 } 3693 } 3694 3695 /* 3696 * Check for an LLC SNAP packet with a given organization code and 3697 * protocol type; we check the entire contents of the 802.2 LLC and 3698 * snap headers, checking for DSAP and SSAP of SNAP and a control 3699 * field of 0x03 in the LLC header, and for the specified organization 3700 * code and protocol type in the SNAP header. 3701 */ 3702 static struct block * 3703 gen_snap(compiler_state_t *cstate, bpf_u_int32 orgcode, bpf_u_int32 ptype) 3704 { 3705 u_char snapblock[8]; 3706 3707 snapblock[0] = LLCSAP_SNAP; /* DSAP = SNAP */ 3708 snapblock[1] = LLCSAP_SNAP; /* SSAP = SNAP */ 3709 snapblock[2] = 0x03; /* control = UI */ 3710 snapblock[3] = (u_char)(orgcode >> 16); /* upper 8 bits of organization code */ 3711 snapblock[4] = (u_char)(orgcode >> 8); /* middle 8 bits of organization code */ 3712 snapblock[5] = (u_char)(orgcode >> 0); /* lower 8 bits of organization code */ 3713 snapblock[6] = (u_char)(ptype >> 8); /* upper 8 bits of protocol type */ 3714 snapblock[7] = (u_char)(ptype >> 0); /* lower 8 bits of protocol type */ 3715 return gen_bcmp(cstate, OR_LLC, 0, 8, snapblock); 3716 } 3717 3718 /* 3719 * Generate code to match frames with an LLC header. 3720 */ 3721 static struct block * 3722 gen_llc_internal(compiler_state_t *cstate) 3723 { 3724 struct block *b0, *b1; 3725 3726 switch (cstate->linktype) { 3727 3728 case DLT_EN10MB: 3729 /* 3730 * We check for an Ethernet type field less than 3731 * 1500, which means it's an 802.3 length field. 3732 */ 3733 b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU); 3734 gen_not(b0); 3735 3736 /* 3737 * Now check for the purported DSAP and SSAP not being 3738 * 0xFF, to rule out NetWare-over-802.3. 3739 */ 3740 b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, 0xFFFF); 3741 gen_not(b1); 3742 gen_and(b0, b1); 3743 return b1; 3744 3745 case DLT_SUNATM: 3746 /* 3747 * We check for LLC traffic. 3748 */ 3749 b0 = gen_atmtype_llc(cstate); 3750 return b0; 3751 3752 case DLT_IEEE802: /* Token Ring */ 3753 /* 3754 * XXX - check for LLC frames. 3755 */ 3756 return gen_true(cstate); 3757 3758 case DLT_FDDI: 3759 /* 3760 * XXX - check for LLC frames. 3761 */ 3762 return gen_true(cstate); 3763 3764 case DLT_ATM_RFC1483: 3765 /* 3766 * For LLC encapsulation, these are defined to have an 3767 * 802.2 LLC header. 3768 * 3769 * For VC encapsulation, they don't, but there's no 3770 * way to check for that; the protocol used on the VC 3771 * is negotiated out of band. 3772 */ 3773 return gen_true(cstate); 3774 3775 case DLT_IEEE802_11: 3776 case DLT_PRISM_HEADER: 3777 case DLT_IEEE802_11_RADIO: 3778 case DLT_IEEE802_11_RADIO_AVS: 3779 case DLT_PPI: 3780 /* 3781 * Check that we have a data frame. 3782 */ 3783 b0 = gen_check_802_11_data_frame(cstate); 3784 return b0; 3785 3786 default: 3787 bpf_error(cstate, "'llc' not supported for %s", 3788 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 3789 /*NOTREACHED*/ 3790 } 3791 } 3792 3793 struct block * 3794 gen_llc(compiler_state_t *cstate) 3795 { 3796 /* 3797 * Catch errors reported by us and routines below us, and return NULL 3798 * on an error. 3799 */ 3800 if (setjmp(cstate->top_ctx)) 3801 return (NULL); 3802 3803 return gen_llc_internal(cstate); 3804 } 3805 3806 struct block * 3807 gen_llc_i(compiler_state_t *cstate) 3808 { 3809 struct block *b0, *b1; 3810 struct slist *s; 3811 3812 /* 3813 * Catch errors reported by us and routines below us, and return NULL 3814 * on an error. 3815 */ 3816 if (setjmp(cstate->top_ctx)) 3817 return (NULL); 3818 3819 /* 3820 * Check whether this is an LLC frame. 3821 */ 3822 b0 = gen_llc_internal(cstate); 3823 3824 /* 3825 * Load the control byte and test the low-order bit; it must 3826 * be clear for I frames. 3827 */ 3828 s = gen_load_a(cstate, OR_LLC, 2, BPF_B); 3829 b1 = new_block(cstate, JMP(BPF_JSET)); 3830 b1->s.k = 0x01; 3831 b1->stmts = s; 3832 gen_not(b1); 3833 gen_and(b0, b1); 3834 return b1; 3835 } 3836 3837 struct block * 3838 gen_llc_s(compiler_state_t *cstate) 3839 { 3840 struct block *b0, *b1; 3841 3842 /* 3843 * Catch errors reported by us and routines below us, and return NULL 3844 * on an error. 3845 */ 3846 if (setjmp(cstate->top_ctx)) 3847 return (NULL); 3848 3849 /* 3850 * Check whether this is an LLC frame. 3851 */ 3852 b0 = gen_llc_internal(cstate); 3853 3854 /* 3855 * Now compare the low-order 2 bit of the control byte against 3856 * the appropriate value for S frames. 3857 */ 3858 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, LLC_S_FMT, 0x03); 3859 gen_and(b0, b1); 3860 return b1; 3861 } 3862 3863 struct block * 3864 gen_llc_u(compiler_state_t *cstate) 3865 { 3866 struct block *b0, *b1; 3867 3868 /* 3869 * Catch errors reported by us and routines below us, and return NULL 3870 * on an error. 3871 */ 3872 if (setjmp(cstate->top_ctx)) 3873 return (NULL); 3874 3875 /* 3876 * Check whether this is an LLC frame. 3877 */ 3878 b0 = gen_llc_internal(cstate); 3879 3880 /* 3881 * Now compare the low-order 2 bit of the control byte against 3882 * the appropriate value for U frames. 3883 */ 3884 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, LLC_U_FMT, 0x03); 3885 gen_and(b0, b1); 3886 return b1; 3887 } 3888 3889 struct block * 3890 gen_llc_s_subtype(compiler_state_t *cstate, bpf_u_int32 subtype) 3891 { 3892 struct block *b0, *b1; 3893 3894 /* 3895 * Catch errors reported by us and routines below us, and return NULL 3896 * on an error. 3897 */ 3898 if (setjmp(cstate->top_ctx)) 3899 return (NULL); 3900 3901 /* 3902 * Check whether this is an LLC frame. 3903 */ 3904 b0 = gen_llc_internal(cstate); 3905 3906 /* 3907 * Now check for an S frame with the appropriate type. 3908 */ 3909 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, subtype, LLC_S_CMD_MASK); 3910 gen_and(b0, b1); 3911 return b1; 3912 } 3913 3914 struct block * 3915 gen_llc_u_subtype(compiler_state_t *cstate, bpf_u_int32 subtype) 3916 { 3917 struct block *b0, *b1; 3918 3919 /* 3920 * Catch errors reported by us and routines below us, and return NULL 3921 * on an error. 3922 */ 3923 if (setjmp(cstate->top_ctx)) 3924 return (NULL); 3925 3926 /* 3927 * Check whether this is an LLC frame. 3928 */ 3929 b0 = gen_llc_internal(cstate); 3930 3931 /* 3932 * Now check for a U frame with the appropriate type. 3933 */ 3934 b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, subtype, LLC_U_CMD_MASK); 3935 gen_and(b0, b1); 3936 return b1; 3937 } 3938 3939 /* 3940 * Generate code to match a particular packet type, for link-layer types 3941 * using 802.2 LLC headers. 3942 * 3943 * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used 3944 * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues. 3945 * 3946 * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP 3947 * value, if <= ETHERMTU. We use that to determine whether to 3948 * match the DSAP or both DSAP and LSAP or to check the OUI and 3949 * protocol ID in a SNAP header. 3950 */ 3951 static struct block * 3952 gen_llc_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 3953 { 3954 /* 3955 * XXX - handle token-ring variable-length header. 3956 */ 3957 switch (ll_proto) { 3958 3959 case LLCSAP_IP: 3960 case LLCSAP_ISONS: 3961 case LLCSAP_NETBEUI: 3962 /* 3963 * XXX - should we check both the DSAP and the 3964 * SSAP, like this, or should we check just the 3965 * DSAP, as we do for other SAP values? 3966 */ 3967 return gen_cmp(cstate, OR_LLC, 0, BPF_H, (bpf_u_int32) 3968 ((ll_proto << 8) | ll_proto)); 3969 3970 case LLCSAP_IPX: 3971 /* 3972 * XXX - are there ever SNAP frames for IPX on 3973 * non-Ethernet 802.x networks? 3974 */ 3975 return gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX); 3976 3977 case ETHERTYPE_ATALK: 3978 /* 3979 * 802.2-encapsulated ETHERTYPE_ATALK packets are 3980 * SNAP packets with an organization code of 3981 * 0x080007 (Apple, for Appletalk) and a protocol 3982 * type of ETHERTYPE_ATALK (Appletalk). 3983 * 3984 * XXX - check for an organization code of 3985 * encapsulated Ethernet as well? 3986 */ 3987 return gen_snap(cstate, 0x080007, ETHERTYPE_ATALK); 3988 3989 default: 3990 /* 3991 * XXX - we don't have to check for IPX 802.3 3992 * here, but should we check for the IPX Ethertype? 3993 */ 3994 if (ll_proto <= ETHERMTU) { 3995 /* 3996 * This is an LLC SAP value, so check 3997 * the DSAP. 3998 */ 3999 return gen_cmp(cstate, OR_LLC, 0, BPF_B, ll_proto); 4000 } else { 4001 /* 4002 * This is an Ethernet type; we assume that it's 4003 * unlikely that it'll appear in the right place 4004 * at random, and therefore check only the 4005 * location that would hold the Ethernet type 4006 * in a SNAP frame with an organization code of 4007 * 0x000000 (encapsulated Ethernet). 4008 * 4009 * XXX - if we were to check for the SNAP DSAP and 4010 * LSAP, as per XXX, and were also to check for an 4011 * organization code of 0x000000 (encapsulated 4012 * Ethernet), we'd do 4013 * 4014 * return gen_snap(cstate, 0x000000, ll_proto); 4015 * 4016 * here; for now, we don't, as per the above. 4017 * I don't know whether it's worth the extra CPU 4018 * time to do the right check or not. 4019 */ 4020 return gen_cmp(cstate, OR_LLC, 6, BPF_H, ll_proto); 4021 } 4022 } 4023 } 4024 4025 static struct block * 4026 gen_hostop(compiler_state_t *cstate, bpf_u_int32 addr, bpf_u_int32 mask, 4027 int dir, bpf_u_int32 ll_proto, u_int src_off, u_int dst_off) 4028 { 4029 struct block *b0, *b1; 4030 u_int offset; 4031 4032 switch (dir) { 4033 4034 case Q_SRC: 4035 offset = src_off; 4036 break; 4037 4038 case Q_DST: 4039 offset = dst_off; 4040 break; 4041 4042 case Q_AND: 4043 b0 = gen_hostop(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off); 4044 b1 = gen_hostop(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off); 4045 gen_and(b0, b1); 4046 return b1; 4047 4048 case Q_DEFAULT: 4049 case Q_OR: 4050 b0 = gen_hostop(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off); 4051 b1 = gen_hostop(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off); 4052 gen_or(b0, b1); 4053 return b1; 4054 4055 case Q_ADDR1: 4056 bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4057 /*NOTREACHED*/ 4058 4059 case Q_ADDR2: 4060 bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4061 /*NOTREACHED*/ 4062 4063 case Q_ADDR3: 4064 bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4065 /*NOTREACHED*/ 4066 4067 case Q_ADDR4: 4068 bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4069 /*NOTREACHED*/ 4070 4071 case Q_RA: 4072 bpf_error(cstate, "'ra' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4073 /*NOTREACHED*/ 4074 4075 case Q_TA: 4076 bpf_error(cstate, "'ta' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4077 /*NOTREACHED*/ 4078 4079 default: 4080 abort(); 4081 /*NOTREACHED*/ 4082 } 4083 b0 = gen_linktype(cstate, ll_proto); 4084 b1 = gen_mcmp(cstate, OR_LINKPL, offset, BPF_W, addr, mask); 4085 gen_and(b0, b1); 4086 return b1; 4087 } 4088 4089 #ifdef INET6 4090 static struct block * 4091 gen_hostop6(compiler_state_t *cstate, struct in6_addr *addr, 4092 struct in6_addr *mask, int dir, bpf_u_int32 ll_proto, u_int src_off, 4093 u_int dst_off) 4094 { 4095 struct block *b0, *b1; 4096 u_int offset; 4097 /* 4098 * Code below needs to access four separate 32-bit parts of the 128-bit 4099 * IPv6 address and mask. In some OSes this is as simple as using the 4100 * s6_addr32 pseudo-member of struct in6_addr, which contains a union of 4101 * 8-, 16- and 32-bit arrays. In other OSes this is not the case, as 4102 * far as libpcap sees it. Hence copy the data before use to avoid 4103 * potential unaligned memory access and the associated compiler 4104 * warnings (whether genuine or not). 4105 */ 4106 bpf_u_int32 a[4], m[4]; 4107 4108 switch (dir) { 4109 4110 case Q_SRC: 4111 offset = src_off; 4112 break; 4113 4114 case Q_DST: 4115 offset = dst_off; 4116 break; 4117 4118 case Q_AND: 4119 b0 = gen_hostop6(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off); 4120 b1 = gen_hostop6(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off); 4121 gen_and(b0, b1); 4122 return b1; 4123 4124 case Q_DEFAULT: 4125 case Q_OR: 4126 b0 = gen_hostop6(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off); 4127 b1 = gen_hostop6(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off); 4128 gen_or(b0, b1); 4129 return b1; 4130 4131 case Q_ADDR1: 4132 bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4133 /*NOTREACHED*/ 4134 4135 case Q_ADDR2: 4136 bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4137 /*NOTREACHED*/ 4138 4139 case Q_ADDR3: 4140 bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4141 /*NOTREACHED*/ 4142 4143 case Q_ADDR4: 4144 bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4145 /*NOTREACHED*/ 4146 4147 case Q_RA: 4148 bpf_error(cstate, "'ra' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4149 /*NOTREACHED*/ 4150 4151 case Q_TA: 4152 bpf_error(cstate, "'ta' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4153 /*NOTREACHED*/ 4154 4155 default: 4156 abort(); 4157 /*NOTREACHED*/ 4158 } 4159 /* this order is important */ 4160 memcpy(a, addr, sizeof(a)); 4161 memcpy(m, mask, sizeof(m)); 4162 b1 = gen_mcmp(cstate, OR_LINKPL, offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 4163 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 4164 gen_and(b0, b1); 4165 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 4166 gen_and(b0, b1); 4167 b0 = gen_mcmp(cstate, OR_LINKPL, offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 4168 gen_and(b0, b1); 4169 b0 = gen_linktype(cstate, ll_proto); 4170 gen_and(b0, b1); 4171 return b1; 4172 } 4173 #endif 4174 4175 static struct block * 4176 gen_ehostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 4177 { 4178 register struct block *b0, *b1; 4179 4180 switch (dir) { 4181 case Q_SRC: 4182 return gen_bcmp(cstate, OR_LINKHDR, 6, 6, eaddr); 4183 4184 case Q_DST: 4185 return gen_bcmp(cstate, OR_LINKHDR, 0, 6, eaddr); 4186 4187 case Q_AND: 4188 b0 = gen_ehostop(cstate, eaddr, Q_SRC); 4189 b1 = gen_ehostop(cstate, eaddr, Q_DST); 4190 gen_and(b0, b1); 4191 return b1; 4192 4193 case Q_DEFAULT: 4194 case Q_OR: 4195 b0 = gen_ehostop(cstate, eaddr, Q_SRC); 4196 b1 = gen_ehostop(cstate, eaddr, Q_DST); 4197 gen_or(b0, b1); 4198 return b1; 4199 4200 case Q_ADDR1: 4201 bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11 with 802.11 headers"); 4202 /*NOTREACHED*/ 4203 4204 case Q_ADDR2: 4205 bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11 with 802.11 headers"); 4206 /*NOTREACHED*/ 4207 4208 case Q_ADDR3: 4209 bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11 with 802.11 headers"); 4210 /*NOTREACHED*/ 4211 4212 case Q_ADDR4: 4213 bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11 with 802.11 headers"); 4214 /*NOTREACHED*/ 4215 4216 case Q_RA: 4217 bpf_error(cstate, "'ra' is only supported on 802.11 with 802.11 headers"); 4218 /*NOTREACHED*/ 4219 4220 case Q_TA: 4221 bpf_error(cstate, "'ta' is only supported on 802.11 with 802.11 headers"); 4222 /*NOTREACHED*/ 4223 } 4224 abort(); 4225 /*NOTREACHED*/ 4226 } 4227 4228 /* 4229 * Like gen_ehostop, but for DLT_FDDI 4230 */ 4231 static struct block * 4232 gen_fhostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 4233 { 4234 struct block *b0, *b1; 4235 4236 switch (dir) { 4237 case Q_SRC: 4238 return gen_bcmp(cstate, OR_LINKHDR, 6 + 1 + cstate->pcap_fddipad, 6, eaddr); 4239 4240 case Q_DST: 4241 return gen_bcmp(cstate, OR_LINKHDR, 0 + 1 + cstate->pcap_fddipad, 6, eaddr); 4242 4243 case Q_AND: 4244 b0 = gen_fhostop(cstate, eaddr, Q_SRC); 4245 b1 = gen_fhostop(cstate, eaddr, Q_DST); 4246 gen_and(b0, b1); 4247 return b1; 4248 4249 case Q_DEFAULT: 4250 case Q_OR: 4251 b0 = gen_fhostop(cstate, eaddr, Q_SRC); 4252 b1 = gen_fhostop(cstate, eaddr, Q_DST); 4253 gen_or(b0, b1); 4254 return b1; 4255 4256 case Q_ADDR1: 4257 bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11"); 4258 /*NOTREACHED*/ 4259 4260 case Q_ADDR2: 4261 bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11"); 4262 /*NOTREACHED*/ 4263 4264 case Q_ADDR3: 4265 bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11"); 4266 /*NOTREACHED*/ 4267 4268 case Q_ADDR4: 4269 bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11"); 4270 /*NOTREACHED*/ 4271 4272 case Q_RA: 4273 bpf_error(cstate, "'ra' is only supported on 802.11"); 4274 /*NOTREACHED*/ 4275 4276 case Q_TA: 4277 bpf_error(cstate, "'ta' is only supported on 802.11"); 4278 /*NOTREACHED*/ 4279 } 4280 abort(); 4281 /*NOTREACHED*/ 4282 } 4283 4284 /* 4285 * Like gen_ehostop, but for DLT_IEEE802 (Token Ring) 4286 */ 4287 static struct block * 4288 gen_thostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 4289 { 4290 register struct block *b0, *b1; 4291 4292 switch (dir) { 4293 case Q_SRC: 4294 return gen_bcmp(cstate, OR_LINKHDR, 8, 6, eaddr); 4295 4296 case Q_DST: 4297 return gen_bcmp(cstate, OR_LINKHDR, 2, 6, eaddr); 4298 4299 case Q_AND: 4300 b0 = gen_thostop(cstate, eaddr, Q_SRC); 4301 b1 = gen_thostop(cstate, eaddr, Q_DST); 4302 gen_and(b0, b1); 4303 return b1; 4304 4305 case Q_DEFAULT: 4306 case Q_OR: 4307 b0 = gen_thostop(cstate, eaddr, Q_SRC); 4308 b1 = gen_thostop(cstate, eaddr, Q_DST); 4309 gen_or(b0, b1); 4310 return b1; 4311 4312 case Q_ADDR1: 4313 bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11"); 4314 /*NOTREACHED*/ 4315 4316 case Q_ADDR2: 4317 bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11"); 4318 /*NOTREACHED*/ 4319 4320 case Q_ADDR3: 4321 bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11"); 4322 /*NOTREACHED*/ 4323 4324 case Q_ADDR4: 4325 bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11"); 4326 /*NOTREACHED*/ 4327 4328 case Q_RA: 4329 bpf_error(cstate, "'ra' is only supported on 802.11"); 4330 /*NOTREACHED*/ 4331 4332 case Q_TA: 4333 bpf_error(cstate, "'ta' is only supported on 802.11"); 4334 /*NOTREACHED*/ 4335 } 4336 abort(); 4337 /*NOTREACHED*/ 4338 } 4339 4340 /* 4341 * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) and 4342 * various 802.11 + radio headers. 4343 */ 4344 static struct block * 4345 gen_wlanhostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 4346 { 4347 register struct block *b0, *b1, *b2; 4348 register struct slist *s; 4349 4350 #ifdef ENABLE_WLAN_FILTERING_PATCH 4351 /* 4352 * TODO GV 20070613 4353 * We need to disable the optimizer because the optimizer is buggy 4354 * and wipes out some LD instructions generated by the below 4355 * code to validate the Frame Control bits 4356 */ 4357 cstate->no_optimize = 1; 4358 #endif /* ENABLE_WLAN_FILTERING_PATCH */ 4359 4360 switch (dir) { 4361 case Q_SRC: 4362 /* 4363 * Oh, yuk. 4364 * 4365 * For control frames, there is no SA. 4366 * 4367 * For management frames, SA is at an 4368 * offset of 10 from the beginning of 4369 * the packet. 4370 * 4371 * For data frames, SA is at an offset 4372 * of 10 from the beginning of the packet 4373 * if From DS is clear, at an offset of 4374 * 16 from the beginning of the packet 4375 * if From DS is set and To DS is clear, 4376 * and an offset of 24 from the beginning 4377 * of the packet if From DS is set and To DS 4378 * is set. 4379 */ 4380 4381 /* 4382 * Generate the tests to be done for data frames 4383 * with From DS set. 4384 * 4385 * First, check for To DS set, i.e. check "link[1] & 0x01". 4386 */ 4387 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4388 b1 = new_block(cstate, JMP(BPF_JSET)); 4389 b1->s.k = 0x01; /* To DS */ 4390 b1->stmts = s; 4391 4392 /* 4393 * If To DS is set, the SA is at 24. 4394 */ 4395 b0 = gen_bcmp(cstate, OR_LINKHDR, 24, 6, eaddr); 4396 gen_and(b1, b0); 4397 4398 /* 4399 * Now, check for To DS not set, i.e. check 4400 * "!(link[1] & 0x01)". 4401 */ 4402 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4403 b2 = new_block(cstate, JMP(BPF_JSET)); 4404 b2->s.k = 0x01; /* To DS */ 4405 b2->stmts = s; 4406 gen_not(b2); 4407 4408 /* 4409 * If To DS is not set, the SA is at 16. 4410 */ 4411 b1 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr); 4412 gen_and(b2, b1); 4413 4414 /* 4415 * Now OR together the last two checks. That gives 4416 * the complete set of checks for data frames with 4417 * From DS set. 4418 */ 4419 gen_or(b1, b0); 4420 4421 /* 4422 * Now check for From DS being set, and AND that with 4423 * the ORed-together checks. 4424 */ 4425 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4426 b1 = new_block(cstate, JMP(BPF_JSET)); 4427 b1->s.k = 0x02; /* From DS */ 4428 b1->stmts = s; 4429 gen_and(b1, b0); 4430 4431 /* 4432 * Now check for data frames with From DS not set. 4433 */ 4434 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4435 b2 = new_block(cstate, JMP(BPF_JSET)); 4436 b2->s.k = 0x02; /* From DS */ 4437 b2->stmts = s; 4438 gen_not(b2); 4439 4440 /* 4441 * If From DS isn't set, the SA is at 10. 4442 */ 4443 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr); 4444 gen_and(b2, b1); 4445 4446 /* 4447 * Now OR together the checks for data frames with 4448 * From DS not set and for data frames with From DS 4449 * set; that gives the checks done for data frames. 4450 */ 4451 gen_or(b1, b0); 4452 4453 /* 4454 * Now check for a data frame. 4455 * I.e, check "link[0] & 0x08". 4456 */ 4457 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4458 b1 = new_block(cstate, JMP(BPF_JSET)); 4459 b1->s.k = 0x08; 4460 b1->stmts = s; 4461 4462 /* 4463 * AND that with the checks done for data frames. 4464 */ 4465 gen_and(b1, b0); 4466 4467 /* 4468 * If the high-order bit of the type value is 0, this 4469 * is a management frame. 4470 * I.e, check "!(link[0] & 0x08)". 4471 */ 4472 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4473 b2 = new_block(cstate, JMP(BPF_JSET)); 4474 b2->s.k = 0x08; 4475 b2->stmts = s; 4476 gen_not(b2); 4477 4478 /* 4479 * For management frames, the SA is at 10. 4480 */ 4481 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr); 4482 gen_and(b2, b1); 4483 4484 /* 4485 * OR that with the checks done for data frames. 4486 * That gives the checks done for management and 4487 * data frames. 4488 */ 4489 gen_or(b1, b0); 4490 4491 /* 4492 * If the low-order bit of the type value is 1, 4493 * this is either a control frame or a frame 4494 * with a reserved type, and thus not a 4495 * frame with an SA. 4496 * 4497 * I.e., check "!(link[0] & 0x04)". 4498 */ 4499 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4500 b1 = new_block(cstate, JMP(BPF_JSET)); 4501 b1->s.k = 0x04; 4502 b1->stmts = s; 4503 gen_not(b1); 4504 4505 /* 4506 * AND that with the checks for data and management 4507 * frames. 4508 */ 4509 gen_and(b1, b0); 4510 return b0; 4511 4512 case Q_DST: 4513 /* 4514 * Oh, yuk. 4515 * 4516 * For control frames, there is no DA. 4517 * 4518 * For management frames, DA is at an 4519 * offset of 4 from the beginning of 4520 * the packet. 4521 * 4522 * For data frames, DA is at an offset 4523 * of 4 from the beginning of the packet 4524 * if To DS is clear and at an offset of 4525 * 16 from the beginning of the packet 4526 * if To DS is set. 4527 */ 4528 4529 /* 4530 * Generate the tests to be done for data frames. 4531 * 4532 * First, check for To DS set, i.e. "link[1] & 0x01". 4533 */ 4534 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4535 b1 = new_block(cstate, JMP(BPF_JSET)); 4536 b1->s.k = 0x01; /* To DS */ 4537 b1->stmts = s; 4538 4539 /* 4540 * If To DS is set, the DA is at 16. 4541 */ 4542 b0 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr); 4543 gen_and(b1, b0); 4544 4545 /* 4546 * Now, check for To DS not set, i.e. check 4547 * "!(link[1] & 0x01)". 4548 */ 4549 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 4550 b2 = new_block(cstate, JMP(BPF_JSET)); 4551 b2->s.k = 0x01; /* To DS */ 4552 b2->stmts = s; 4553 gen_not(b2); 4554 4555 /* 4556 * If To DS is not set, the DA is at 4. 4557 */ 4558 b1 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr); 4559 gen_and(b2, b1); 4560 4561 /* 4562 * Now OR together the last two checks. That gives 4563 * the complete set of checks for data frames. 4564 */ 4565 gen_or(b1, b0); 4566 4567 /* 4568 * Now check for a data frame. 4569 * I.e, check "link[0] & 0x08". 4570 */ 4571 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4572 b1 = new_block(cstate, JMP(BPF_JSET)); 4573 b1->s.k = 0x08; 4574 b1->stmts = s; 4575 4576 /* 4577 * AND that with the checks done for data frames. 4578 */ 4579 gen_and(b1, b0); 4580 4581 /* 4582 * If the high-order bit of the type value is 0, this 4583 * is a management frame. 4584 * I.e, check "!(link[0] & 0x08)". 4585 */ 4586 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4587 b2 = new_block(cstate, JMP(BPF_JSET)); 4588 b2->s.k = 0x08; 4589 b2->stmts = s; 4590 gen_not(b2); 4591 4592 /* 4593 * For management frames, the DA is at 4. 4594 */ 4595 b1 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr); 4596 gen_and(b2, b1); 4597 4598 /* 4599 * OR that with the checks done for data frames. 4600 * That gives the checks done for management and 4601 * data frames. 4602 */ 4603 gen_or(b1, b0); 4604 4605 /* 4606 * If the low-order bit of the type value is 1, 4607 * this is either a control frame or a frame 4608 * with a reserved type, and thus not a 4609 * frame with an SA. 4610 * 4611 * I.e., check "!(link[0] & 0x04)". 4612 */ 4613 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4614 b1 = new_block(cstate, JMP(BPF_JSET)); 4615 b1->s.k = 0x04; 4616 b1->stmts = s; 4617 gen_not(b1); 4618 4619 /* 4620 * AND that with the checks for data and management 4621 * frames. 4622 */ 4623 gen_and(b1, b0); 4624 return b0; 4625 4626 case Q_AND: 4627 b0 = gen_wlanhostop(cstate, eaddr, Q_SRC); 4628 b1 = gen_wlanhostop(cstate, eaddr, Q_DST); 4629 gen_and(b0, b1); 4630 return b1; 4631 4632 case Q_DEFAULT: 4633 case Q_OR: 4634 b0 = gen_wlanhostop(cstate, eaddr, Q_SRC); 4635 b1 = gen_wlanhostop(cstate, eaddr, Q_DST); 4636 gen_or(b0, b1); 4637 return b1; 4638 4639 /* 4640 * XXX - add BSSID keyword? 4641 */ 4642 case Q_ADDR1: 4643 return (gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr)); 4644 4645 case Q_ADDR2: 4646 /* 4647 * Not present in CTS or ACK control frames. 4648 */ 4649 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL, 4650 IEEE80211_FC0_TYPE_MASK); 4651 gen_not(b0); 4652 b1 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_CTS, 4653 IEEE80211_FC0_SUBTYPE_MASK); 4654 gen_not(b1); 4655 b2 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_ACK, 4656 IEEE80211_FC0_SUBTYPE_MASK); 4657 gen_not(b2); 4658 gen_and(b1, b2); 4659 gen_or(b0, b2); 4660 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr); 4661 gen_and(b2, b1); 4662 return b1; 4663 4664 case Q_ADDR3: 4665 /* 4666 * Not present in control frames. 4667 */ 4668 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL, 4669 IEEE80211_FC0_TYPE_MASK); 4670 gen_not(b0); 4671 b1 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr); 4672 gen_and(b0, b1); 4673 return b1; 4674 4675 case Q_ADDR4: 4676 /* 4677 * Present only if the direction mask has both "From DS" 4678 * and "To DS" set. Neither control frames nor management 4679 * frames should have both of those set, so we don't 4680 * check the frame type. 4681 */ 4682 b0 = gen_mcmp(cstate, OR_LINKHDR, 1, BPF_B, 4683 IEEE80211_FC1_DIR_DSTODS, IEEE80211_FC1_DIR_MASK); 4684 b1 = gen_bcmp(cstate, OR_LINKHDR, 24, 6, eaddr); 4685 gen_and(b0, b1); 4686 return b1; 4687 4688 case Q_RA: 4689 /* 4690 * Not present in management frames; addr1 in other 4691 * frames. 4692 */ 4693 4694 /* 4695 * If the high-order bit of the type value is 0, this 4696 * is a management frame. 4697 * I.e, check "(link[0] & 0x08)". 4698 */ 4699 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4700 b1 = new_block(cstate, JMP(BPF_JSET)); 4701 b1->s.k = 0x08; 4702 b1->stmts = s; 4703 4704 /* 4705 * Check addr1. 4706 */ 4707 b0 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr); 4708 4709 /* 4710 * AND that with the check of addr1. 4711 */ 4712 gen_and(b1, b0); 4713 return (b0); 4714 4715 case Q_TA: 4716 /* 4717 * Not present in management frames; addr2, if present, 4718 * in other frames. 4719 */ 4720 4721 /* 4722 * Not present in CTS or ACK control frames. 4723 */ 4724 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL, 4725 IEEE80211_FC0_TYPE_MASK); 4726 gen_not(b0); 4727 b1 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_CTS, 4728 IEEE80211_FC0_SUBTYPE_MASK); 4729 gen_not(b1); 4730 b2 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_ACK, 4731 IEEE80211_FC0_SUBTYPE_MASK); 4732 gen_not(b2); 4733 gen_and(b1, b2); 4734 gen_or(b0, b2); 4735 4736 /* 4737 * If the high-order bit of the type value is 0, this 4738 * is a management frame. 4739 * I.e, check "(link[0] & 0x08)". 4740 */ 4741 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 4742 b1 = new_block(cstate, JMP(BPF_JSET)); 4743 b1->s.k = 0x08; 4744 b1->stmts = s; 4745 4746 /* 4747 * AND that with the check for frames other than 4748 * CTS and ACK frames. 4749 */ 4750 gen_and(b1, b2); 4751 4752 /* 4753 * Check addr2. 4754 */ 4755 b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr); 4756 gen_and(b2, b1); 4757 return b1; 4758 } 4759 abort(); 4760 /*NOTREACHED*/ 4761 } 4762 4763 /* 4764 * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel. 4765 * (We assume that the addresses are IEEE 48-bit MAC addresses, 4766 * as the RFC states.) 4767 */ 4768 static struct block * 4769 gen_ipfchostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 4770 { 4771 register struct block *b0, *b1; 4772 4773 switch (dir) { 4774 case Q_SRC: 4775 return gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr); 4776 4777 case Q_DST: 4778 return gen_bcmp(cstate, OR_LINKHDR, 2, 6, eaddr); 4779 4780 case Q_AND: 4781 b0 = gen_ipfchostop(cstate, eaddr, Q_SRC); 4782 b1 = gen_ipfchostop(cstate, eaddr, Q_DST); 4783 gen_and(b0, b1); 4784 return b1; 4785 4786 case Q_DEFAULT: 4787 case Q_OR: 4788 b0 = gen_ipfchostop(cstate, eaddr, Q_SRC); 4789 b1 = gen_ipfchostop(cstate, eaddr, Q_DST); 4790 gen_or(b0, b1); 4791 return b1; 4792 4793 case Q_ADDR1: 4794 bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11"); 4795 /*NOTREACHED*/ 4796 4797 case Q_ADDR2: 4798 bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11"); 4799 /*NOTREACHED*/ 4800 4801 case Q_ADDR3: 4802 bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11"); 4803 /*NOTREACHED*/ 4804 4805 case Q_ADDR4: 4806 bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11"); 4807 /*NOTREACHED*/ 4808 4809 case Q_RA: 4810 bpf_error(cstate, "'ra' is only supported on 802.11"); 4811 /*NOTREACHED*/ 4812 4813 case Q_TA: 4814 bpf_error(cstate, "'ta' is only supported on 802.11"); 4815 /*NOTREACHED*/ 4816 } 4817 abort(); 4818 /*NOTREACHED*/ 4819 } 4820 4821 /* 4822 * This is quite tricky because there may be pad bytes in front of the 4823 * DECNET header, and then there are two possible data packet formats that 4824 * carry both src and dst addresses, plus 5 packet types in a format that 4825 * carries only the src node, plus 2 types that use a different format and 4826 * also carry just the src node. 4827 * 4828 * Yuck. 4829 * 4830 * Instead of doing those all right, we just look for data packets with 4831 * 0 or 1 bytes of padding. If you want to look at other packets, that 4832 * will require a lot more hacking. 4833 * 4834 * To add support for filtering on DECNET "areas" (network numbers) 4835 * one would want to add a "mask" argument to this routine. That would 4836 * make the filter even more inefficient, although one could be clever 4837 * and not generate masking instructions if the mask is 0xFFFF. 4838 */ 4839 static struct block * 4840 gen_dnhostop(compiler_state_t *cstate, bpf_u_int32 addr, int dir) 4841 { 4842 struct block *b0, *b1, *b2, *tmp; 4843 u_int offset_lh; /* offset if long header is received */ 4844 u_int offset_sh; /* offset if short header is received */ 4845 4846 switch (dir) { 4847 4848 case Q_DST: 4849 offset_sh = 1; /* follows flags */ 4850 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 4851 break; 4852 4853 case Q_SRC: 4854 offset_sh = 3; /* follows flags, dstnode */ 4855 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 4856 break; 4857 4858 case Q_AND: 4859 /* Inefficient because we do our Calvinball dance twice */ 4860 b0 = gen_dnhostop(cstate, addr, Q_SRC); 4861 b1 = gen_dnhostop(cstate, addr, Q_DST); 4862 gen_and(b0, b1); 4863 return b1; 4864 4865 case Q_DEFAULT: 4866 case Q_OR: 4867 /* Inefficient because we do our Calvinball dance twice */ 4868 b0 = gen_dnhostop(cstate, addr, Q_SRC); 4869 b1 = gen_dnhostop(cstate, addr, Q_DST); 4870 gen_or(b0, b1); 4871 return b1; 4872 4873 case Q_ADDR1: 4874 bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4875 /*NOTREACHED*/ 4876 4877 case Q_ADDR2: 4878 bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4879 /*NOTREACHED*/ 4880 4881 case Q_ADDR3: 4882 bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4883 /*NOTREACHED*/ 4884 4885 case Q_ADDR4: 4886 bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for addresses other than 802.11 MAC addresses"); 4887 /*NOTREACHED*/ 4888 4889 case Q_RA: 4890 bpf_error(cstate, "'ra' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4891 /*NOTREACHED*/ 4892 4893 case Q_TA: 4894 bpf_error(cstate, "'ta' is not a valid qualifier for addresses other than 802.11 MAC addresses"); 4895 /*NOTREACHED*/ 4896 4897 default: 4898 abort(); 4899 /*NOTREACHED*/ 4900 } 4901 b0 = gen_linktype(cstate, ETHERTYPE_DN); 4902 /* Check for pad = 1, long header case */ 4903 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_H, 4904 (bpf_u_int32)ntohs(0x0681), (bpf_u_int32)ntohs(0x07FF)); 4905 b1 = gen_cmp(cstate, OR_LINKPL, 2 + 1 + offset_lh, 4906 BPF_H, (bpf_u_int32)ntohs((u_short)addr)); 4907 gen_and(tmp, b1); 4908 /* Check for pad = 0, long header case */ 4909 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_B, (bpf_u_int32)0x06, 4910 (bpf_u_int32)0x7); 4911 b2 = gen_cmp(cstate, OR_LINKPL, 2 + offset_lh, BPF_H, 4912 (bpf_u_int32)ntohs((u_short)addr)); 4913 gen_and(tmp, b2); 4914 gen_or(b2, b1); 4915 /* Check for pad = 1, short header case */ 4916 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_H, 4917 (bpf_u_int32)ntohs(0x0281), (bpf_u_int32)ntohs(0x07FF)); 4918 b2 = gen_cmp(cstate, OR_LINKPL, 2 + 1 + offset_sh, BPF_H, 4919 (bpf_u_int32)ntohs((u_short)addr)); 4920 gen_and(tmp, b2); 4921 gen_or(b2, b1); 4922 /* Check for pad = 0, short header case */ 4923 tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_B, (bpf_u_int32)0x02, 4924 (bpf_u_int32)0x7); 4925 b2 = gen_cmp(cstate, OR_LINKPL, 2 + offset_sh, BPF_H, 4926 (bpf_u_int32)ntohs((u_short)addr)); 4927 gen_and(tmp, b2); 4928 gen_or(b2, b1); 4929 4930 /* Combine with test for cstate->linktype */ 4931 gen_and(b0, b1); 4932 return b1; 4933 } 4934 4935 /* 4936 * Generate a check for IPv4 or IPv6 for MPLS-encapsulated packets; 4937 * test the bottom-of-stack bit, and then check the version number 4938 * field in the IP header. 4939 */ 4940 static struct block * 4941 gen_mpls_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto) 4942 { 4943 struct block *b0, *b1; 4944 4945 switch (ll_proto) { 4946 4947 case ETHERTYPE_IP: 4948 /* match the bottom-of-stack bit */ 4949 b0 = gen_mcmp(cstate, OR_LINKPL, (u_int)-2, BPF_B, 0x01, 0x01); 4950 /* match the IPv4 version number */ 4951 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_B, 0x40, 0xf0); 4952 gen_and(b0, b1); 4953 return b1; 4954 4955 case ETHERTYPE_IPV6: 4956 /* match the bottom-of-stack bit */ 4957 b0 = gen_mcmp(cstate, OR_LINKPL, (u_int)-2, BPF_B, 0x01, 0x01); 4958 /* match the IPv4 version number */ 4959 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_B, 0x60, 0xf0); 4960 gen_and(b0, b1); 4961 return b1; 4962 4963 default: 4964 /* FIXME add other L3 proto IDs */ 4965 bpf_error(cstate, "unsupported protocol over mpls"); 4966 /*NOTREACHED*/ 4967 } 4968 } 4969 4970 static struct block * 4971 gen_host(compiler_state_t *cstate, bpf_u_int32 addr, bpf_u_int32 mask, 4972 int proto, int dir, int type) 4973 { 4974 struct block *b0, *b1; 4975 const char *typestr; 4976 4977 if (type == Q_NET) 4978 typestr = "net"; 4979 else 4980 typestr = "host"; 4981 4982 switch (proto) { 4983 4984 case Q_DEFAULT: 4985 b0 = gen_host(cstate, addr, mask, Q_IP, dir, type); 4986 /* 4987 * Only check for non-IPv4 addresses if we're not 4988 * checking MPLS-encapsulated packets. 4989 */ 4990 if (cstate->label_stack_depth == 0) { 4991 b1 = gen_host(cstate, addr, mask, Q_ARP, dir, type); 4992 gen_or(b0, b1); 4993 b0 = gen_host(cstate, addr, mask, Q_RARP, dir, type); 4994 gen_or(b1, b0); 4995 } 4996 return b0; 4997 4998 case Q_LINK: 4999 bpf_error(cstate, "link-layer modifier applied to %s", typestr); 5000 5001 case Q_IP: 5002 return gen_hostop(cstate, addr, mask, dir, ETHERTYPE_IP, 12, 16); 5003 5004 case Q_RARP: 5005 return gen_hostop(cstate, addr, mask, dir, ETHERTYPE_REVARP, 14, 24); 5006 5007 case Q_ARP: 5008 return gen_hostop(cstate, addr, mask, dir, ETHERTYPE_ARP, 14, 24); 5009 5010 case Q_SCTP: 5011 bpf_error(cstate, "'sctp' modifier applied to %s", typestr); 5012 5013 case Q_TCP: 5014 bpf_error(cstate, "'tcp' modifier applied to %s", typestr); 5015 5016 case Q_UDP: 5017 bpf_error(cstate, "'udp' modifier applied to %s", typestr); 5018 5019 case Q_ICMP: 5020 bpf_error(cstate, "'icmp' modifier applied to %s", typestr); 5021 5022 case Q_IGMP: 5023 bpf_error(cstate, "'igmp' modifier applied to %s", typestr); 5024 5025 case Q_IGRP: 5026 bpf_error(cstate, "'igrp' modifier applied to %s", typestr); 5027 5028 case Q_ATALK: 5029 bpf_error(cstate, "AppleTalk host filtering not implemented"); 5030 5031 case Q_DECNET: 5032 return gen_dnhostop(cstate, addr, dir); 5033 5034 case Q_LAT: 5035 bpf_error(cstate, "LAT host filtering not implemented"); 5036 5037 case Q_SCA: 5038 bpf_error(cstate, "SCA host filtering not implemented"); 5039 5040 case Q_MOPRC: 5041 bpf_error(cstate, "MOPRC host filtering not implemented"); 5042 5043 case Q_MOPDL: 5044 bpf_error(cstate, "MOPDL host filtering not implemented"); 5045 5046 case Q_IPV6: 5047 bpf_error(cstate, "'ip6' modifier applied to ip host"); 5048 5049 case Q_ICMPV6: 5050 bpf_error(cstate, "'icmp6' modifier applied to %s", typestr); 5051 5052 case Q_AH: 5053 bpf_error(cstate, "'ah' modifier applied to %s", typestr); 5054 5055 case Q_ESP: 5056 bpf_error(cstate, "'esp' modifier applied to %s", typestr); 5057 5058 case Q_PIM: 5059 bpf_error(cstate, "'pim' modifier applied to %s", typestr); 5060 5061 case Q_VRRP: 5062 bpf_error(cstate, "'vrrp' modifier applied to %s", typestr); 5063 5064 case Q_AARP: 5065 bpf_error(cstate, "AARP host filtering not implemented"); 5066 5067 case Q_ISO: 5068 bpf_error(cstate, "ISO host filtering not implemented"); 5069 5070 case Q_ESIS: 5071 bpf_error(cstate, "'esis' modifier applied to %s", typestr); 5072 5073 case Q_ISIS: 5074 bpf_error(cstate, "'isis' modifier applied to %s", typestr); 5075 5076 case Q_CLNP: 5077 bpf_error(cstate, "'clnp' modifier applied to %s", typestr); 5078 5079 case Q_STP: 5080 bpf_error(cstate, "'stp' modifier applied to %s", typestr); 5081 5082 case Q_IPX: 5083 bpf_error(cstate, "IPX host filtering not implemented"); 5084 5085 case Q_NETBEUI: 5086 bpf_error(cstate, "'netbeui' modifier applied to %s", typestr); 5087 5088 case Q_ISIS_L1: 5089 bpf_error(cstate, "'l1' modifier applied to %s", typestr); 5090 5091 case Q_ISIS_L2: 5092 bpf_error(cstate, "'l2' modifier applied to %s", typestr); 5093 5094 case Q_ISIS_IIH: 5095 bpf_error(cstate, "'iih' modifier applied to %s", typestr); 5096 5097 case Q_ISIS_SNP: 5098 bpf_error(cstate, "'snp' modifier applied to %s", typestr); 5099 5100 case Q_ISIS_CSNP: 5101 bpf_error(cstate, "'csnp' modifier applied to %s", typestr); 5102 5103 case Q_ISIS_PSNP: 5104 bpf_error(cstate, "'psnp' modifier applied to %s", typestr); 5105 5106 case Q_ISIS_LSP: 5107 bpf_error(cstate, "'lsp' modifier applied to %s", typestr); 5108 5109 case Q_RADIO: 5110 bpf_error(cstate, "'radio' modifier applied to %s", typestr); 5111 5112 case Q_CARP: 5113 bpf_error(cstate, "'carp' modifier applied to %s", typestr); 5114 5115 default: 5116 abort(); 5117 } 5118 /*NOTREACHED*/ 5119 } 5120 5121 #ifdef INET6 5122 static struct block * 5123 gen_host6(compiler_state_t *cstate, struct in6_addr *addr, 5124 struct in6_addr *mask, int proto, int dir, int type) 5125 { 5126 const char *typestr; 5127 5128 if (type == Q_NET) 5129 typestr = "net"; 5130 else 5131 typestr = "host"; 5132 5133 switch (proto) { 5134 5135 case Q_DEFAULT: 5136 return gen_host6(cstate, addr, mask, Q_IPV6, dir, type); 5137 5138 case Q_LINK: 5139 bpf_error(cstate, "link-layer modifier applied to ip6 %s", typestr); 5140 5141 case Q_IP: 5142 bpf_error(cstate, "'ip' modifier applied to ip6 %s", typestr); 5143 5144 case Q_RARP: 5145 bpf_error(cstate, "'rarp' modifier applied to ip6 %s", typestr); 5146 5147 case Q_ARP: 5148 bpf_error(cstate, "'arp' modifier applied to ip6 %s", typestr); 5149 5150 case Q_SCTP: 5151 bpf_error(cstate, "'sctp' modifier applied to ip6 %s", typestr); 5152 5153 case Q_TCP: 5154 bpf_error(cstate, "'tcp' modifier applied to ip6 %s", typestr); 5155 5156 case Q_UDP: 5157 bpf_error(cstate, "'udp' modifier applied to ip6 %s", typestr); 5158 5159 case Q_ICMP: 5160 bpf_error(cstate, "'icmp' modifier applied to ip6 %s", typestr); 5161 5162 case Q_IGMP: 5163 bpf_error(cstate, "'igmp' modifier applied to ip6 %s", typestr); 5164 5165 case Q_IGRP: 5166 bpf_error(cstate, "'igrp' modifier applied to ip6 %s", typestr); 5167 5168 case Q_ATALK: 5169 bpf_error(cstate, "AppleTalk modifier applied to ip6 %s", typestr); 5170 5171 case Q_DECNET: 5172 bpf_error(cstate, "'decnet' modifier applied to ip6 %s", typestr); 5173 5174 case Q_LAT: 5175 bpf_error(cstate, "'lat' modifier applied to ip6 %s", typestr); 5176 5177 case Q_SCA: 5178 bpf_error(cstate, "'sca' modifier applied to ip6 %s", typestr); 5179 5180 case Q_MOPRC: 5181 bpf_error(cstate, "'moprc' modifier applied to ip6 %s", typestr); 5182 5183 case Q_MOPDL: 5184 bpf_error(cstate, "'mopdl' modifier applied to ip6 %s", typestr); 5185 5186 case Q_IPV6: 5187 return gen_hostop6(cstate, addr, mask, dir, ETHERTYPE_IPV6, 8, 24); 5188 5189 case Q_ICMPV6: 5190 bpf_error(cstate, "'icmp6' modifier applied to ip6 %s", typestr); 5191 5192 case Q_AH: 5193 bpf_error(cstate, "'ah' modifier applied to ip6 %s", typestr); 5194 5195 case Q_ESP: 5196 bpf_error(cstate, "'esp' modifier applied to ip6 %s", typestr); 5197 5198 case Q_PIM: 5199 bpf_error(cstate, "'pim' modifier applied to ip6 %s", typestr); 5200 5201 case Q_VRRP: 5202 bpf_error(cstate, "'vrrp' modifier applied to ip6 %s", typestr); 5203 5204 case Q_AARP: 5205 bpf_error(cstate, "'aarp' modifier applied to ip6 %s", typestr); 5206 5207 case Q_ISO: 5208 bpf_error(cstate, "'iso' modifier applied to ip6 %s", typestr); 5209 5210 case Q_ESIS: 5211 bpf_error(cstate, "'esis' modifier applied to ip6 %s", typestr); 5212 5213 case Q_ISIS: 5214 bpf_error(cstate, "'isis' modifier applied to ip6 %s", typestr); 5215 5216 case Q_CLNP: 5217 bpf_error(cstate, "'clnp' modifier applied to ip6 %s", typestr); 5218 5219 case Q_STP: 5220 bpf_error(cstate, "'stp' modifier applied to ip6 %s", typestr); 5221 5222 case Q_IPX: 5223 bpf_error(cstate, "'ipx' modifier applied to ip6 %s", typestr); 5224 5225 case Q_NETBEUI: 5226 bpf_error(cstate, "'netbeui' modifier applied to ip6 %s", typestr); 5227 5228 case Q_ISIS_L1: 5229 bpf_error(cstate, "'l1' modifier applied to ip6 %s", typestr); 5230 5231 case Q_ISIS_L2: 5232 bpf_error(cstate, "'l2' modifier applied to ip6 %s", typestr); 5233 5234 case Q_ISIS_IIH: 5235 bpf_error(cstate, "'iih' modifier applied to ip6 %s", typestr); 5236 5237 case Q_ISIS_SNP: 5238 bpf_error(cstate, "'snp' modifier applied to ip6 %s", typestr); 5239 5240 case Q_ISIS_CSNP: 5241 bpf_error(cstate, "'csnp' modifier applied to ip6 %s", typestr); 5242 5243 case Q_ISIS_PSNP: 5244 bpf_error(cstate, "'psnp' modifier applied to ip6 %s", typestr); 5245 5246 case Q_ISIS_LSP: 5247 bpf_error(cstate, "'lsp' modifier applied to ip6 %s", typestr); 5248 5249 case Q_RADIO: 5250 bpf_error(cstate, "'radio' modifier applied to ip6 %s", typestr); 5251 5252 case Q_CARP: 5253 bpf_error(cstate, "'carp' modifier applied to ip6 %s", typestr); 5254 5255 default: 5256 abort(); 5257 } 5258 /*NOTREACHED*/ 5259 } 5260 #endif 5261 5262 #ifndef INET6 5263 static struct block * 5264 gen_gateway(compiler_state_t *cstate, const u_char *eaddr, 5265 struct addrinfo *alist, int proto, int dir) 5266 { 5267 struct block *b0, *b1, *tmp; 5268 struct addrinfo *ai; 5269 struct sockaddr_in *sin; 5270 5271 if (dir != 0) 5272 bpf_error(cstate, "direction applied to 'gateway'"); 5273 5274 switch (proto) { 5275 case Q_DEFAULT: 5276 case Q_IP: 5277 case Q_ARP: 5278 case Q_RARP: 5279 switch (cstate->linktype) { 5280 case DLT_EN10MB: 5281 case DLT_NETANALYZER: 5282 case DLT_NETANALYZER_TRANSPARENT: 5283 b1 = gen_prevlinkhdr_check(cstate); 5284 b0 = gen_ehostop(cstate, eaddr, Q_OR); 5285 if (b1 != NULL) 5286 gen_and(b1, b0); 5287 break; 5288 case DLT_FDDI: 5289 b0 = gen_fhostop(cstate, eaddr, Q_OR); 5290 break; 5291 case DLT_IEEE802: 5292 b0 = gen_thostop(cstate, eaddr, Q_OR); 5293 break; 5294 case DLT_IEEE802_11: 5295 case DLT_PRISM_HEADER: 5296 case DLT_IEEE802_11_RADIO_AVS: 5297 case DLT_IEEE802_11_RADIO: 5298 case DLT_PPI: 5299 b0 = gen_wlanhostop(cstate, eaddr, Q_OR); 5300 break; 5301 case DLT_SUNATM: 5302 /* 5303 * This is LLC-multiplexed traffic; if it were 5304 * LANE, cstate->linktype would have been set to 5305 * DLT_EN10MB. 5306 */ 5307 bpf_error(cstate, 5308 "'gateway' supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 5309 case DLT_IP_OVER_FC: 5310 b0 = gen_ipfchostop(cstate, eaddr, Q_OR); 5311 break; 5312 default: 5313 bpf_error(cstate, 5314 "'gateway' supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 5315 } 5316 b1 = NULL; 5317 for (ai = alist; ai != NULL; ai = ai->ai_next) { 5318 /* 5319 * Does it have an address? 5320 */ 5321 if (ai->ai_addr != NULL) { 5322 /* 5323 * Yes. Is it an IPv4 address? 5324 */ 5325 if (ai->ai_addr->sa_family == AF_INET) { 5326 /* 5327 * Generate an entry for it. 5328 */ 5329 sin = (struct sockaddr_in *)ai->ai_addr; 5330 tmp = gen_host(cstate, 5331 ntohl(sin->sin_addr.s_addr), 5332 0xffffffff, proto, Q_OR, Q_HOST); 5333 /* 5334 * Is it the *first* IPv4 address? 5335 */ 5336 if (b1 == NULL) { 5337 /* 5338 * Yes, so start with it. 5339 */ 5340 b1 = tmp; 5341 } else { 5342 /* 5343 * No, so OR it into the 5344 * existing set of 5345 * addresses. 5346 */ 5347 gen_or(b1, tmp); 5348 b1 = tmp; 5349 } 5350 } 5351 } 5352 } 5353 if (b1 == NULL) { 5354 /* 5355 * No IPv4 addresses found. 5356 */ 5357 return (NULL); 5358 } 5359 gen_not(b1); 5360 gen_and(b0, b1); 5361 return b1; 5362 } 5363 bpf_error(cstate, "illegal modifier of 'gateway'"); 5364 /*NOTREACHED*/ 5365 } 5366 #endif 5367 5368 static struct block * 5369 gen_proto_abbrev_internal(compiler_state_t *cstate, int proto) 5370 { 5371 struct block *b0; 5372 struct block *b1; 5373 5374 switch (proto) { 5375 5376 case Q_SCTP: 5377 b1 = gen_proto(cstate, IPPROTO_SCTP, Q_DEFAULT, Q_DEFAULT); 5378 break; 5379 5380 case Q_TCP: 5381 b1 = gen_proto(cstate, IPPROTO_TCP, Q_DEFAULT, Q_DEFAULT); 5382 break; 5383 5384 case Q_UDP: 5385 b1 = gen_proto(cstate, IPPROTO_UDP, Q_DEFAULT, Q_DEFAULT); 5386 break; 5387 5388 case Q_ICMP: 5389 b1 = gen_proto(cstate, IPPROTO_ICMP, Q_IP, Q_DEFAULT); 5390 break; 5391 5392 #ifndef IPPROTO_IGMP 5393 #define IPPROTO_IGMP 2 5394 #endif 5395 5396 case Q_IGMP: 5397 b1 = gen_proto(cstate, IPPROTO_IGMP, Q_IP, Q_DEFAULT); 5398 break; 5399 5400 #ifndef IPPROTO_IGRP 5401 #define IPPROTO_IGRP 9 5402 #endif 5403 case Q_IGRP: 5404 b1 = gen_proto(cstate, IPPROTO_IGRP, Q_IP, Q_DEFAULT); 5405 break; 5406 5407 #ifndef IPPROTO_PIM 5408 #define IPPROTO_PIM 103 5409 #endif 5410 5411 case Q_PIM: 5412 b1 = gen_proto(cstate, IPPROTO_PIM, Q_DEFAULT, Q_DEFAULT); 5413 break; 5414 5415 #ifndef IPPROTO_VRRP 5416 #define IPPROTO_VRRP 112 5417 #endif 5418 5419 case Q_VRRP: 5420 b1 = gen_proto(cstate, IPPROTO_VRRP, Q_IP, Q_DEFAULT); 5421 break; 5422 5423 #ifndef IPPROTO_CARP 5424 #define IPPROTO_CARP 112 5425 #endif 5426 5427 case Q_CARP: 5428 b1 = gen_proto(cstate, IPPROTO_CARP, Q_IP, Q_DEFAULT); 5429 break; 5430 5431 case Q_IP: 5432 b1 = gen_linktype(cstate, ETHERTYPE_IP); 5433 break; 5434 5435 case Q_ARP: 5436 b1 = gen_linktype(cstate, ETHERTYPE_ARP); 5437 break; 5438 5439 case Q_RARP: 5440 b1 = gen_linktype(cstate, ETHERTYPE_REVARP); 5441 break; 5442 5443 case Q_LINK: 5444 bpf_error(cstate, "link layer applied in wrong context"); 5445 5446 case Q_ATALK: 5447 b1 = gen_linktype(cstate, ETHERTYPE_ATALK); 5448 break; 5449 5450 case Q_AARP: 5451 b1 = gen_linktype(cstate, ETHERTYPE_AARP); 5452 break; 5453 5454 case Q_DECNET: 5455 b1 = gen_linktype(cstate, ETHERTYPE_DN); 5456 break; 5457 5458 case Q_SCA: 5459 b1 = gen_linktype(cstate, ETHERTYPE_SCA); 5460 break; 5461 5462 case Q_LAT: 5463 b1 = gen_linktype(cstate, ETHERTYPE_LAT); 5464 break; 5465 5466 case Q_MOPDL: 5467 b1 = gen_linktype(cstate, ETHERTYPE_MOPDL); 5468 break; 5469 5470 case Q_MOPRC: 5471 b1 = gen_linktype(cstate, ETHERTYPE_MOPRC); 5472 break; 5473 5474 case Q_IPV6: 5475 b1 = gen_linktype(cstate, ETHERTYPE_IPV6); 5476 break; 5477 5478 #ifndef IPPROTO_ICMPV6 5479 #define IPPROTO_ICMPV6 58 5480 #endif 5481 case Q_ICMPV6: 5482 b1 = gen_proto(cstate, IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 5483 break; 5484 5485 #ifndef IPPROTO_AH 5486 #define IPPROTO_AH 51 5487 #endif 5488 case Q_AH: 5489 b1 = gen_proto(cstate, IPPROTO_AH, Q_DEFAULT, Q_DEFAULT); 5490 break; 5491 5492 #ifndef IPPROTO_ESP 5493 #define IPPROTO_ESP 50 5494 #endif 5495 case Q_ESP: 5496 b1 = gen_proto(cstate, IPPROTO_ESP, Q_DEFAULT, Q_DEFAULT); 5497 break; 5498 5499 case Q_ISO: 5500 b1 = gen_linktype(cstate, LLCSAP_ISONS); 5501 break; 5502 5503 case Q_ESIS: 5504 b1 = gen_proto(cstate, ISO9542_ESIS, Q_ISO, Q_DEFAULT); 5505 break; 5506 5507 case Q_ISIS: 5508 b1 = gen_proto(cstate, ISO10589_ISIS, Q_ISO, Q_DEFAULT); 5509 break; 5510 5511 case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */ 5512 b0 = gen_proto(cstate, ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 5513 b1 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 5514 gen_or(b0, b1); 5515 b0 = gen_proto(cstate, ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 5516 gen_or(b0, b1); 5517 b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 5518 gen_or(b0, b1); 5519 b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 5520 gen_or(b0, b1); 5521 break; 5522 5523 case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */ 5524 b0 = gen_proto(cstate, ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 5525 b1 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */ 5526 gen_or(b0, b1); 5527 b0 = gen_proto(cstate, ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 5528 gen_or(b0, b1); 5529 b0 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 5530 gen_or(b0, b1); 5531 b0 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 5532 gen_or(b0, b1); 5533 break; 5534 5535 case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */ 5536 b0 = gen_proto(cstate, ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT); 5537 b1 = gen_proto(cstate, ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT); 5538 gen_or(b0, b1); 5539 b0 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); 5540 gen_or(b0, b1); 5541 break; 5542 5543 case Q_ISIS_LSP: 5544 b0 = gen_proto(cstate, ISIS_L1_LSP, Q_ISIS, Q_DEFAULT); 5545 b1 = gen_proto(cstate, ISIS_L2_LSP, Q_ISIS, Q_DEFAULT); 5546 gen_or(b0, b1); 5547 break; 5548 5549 case Q_ISIS_SNP: 5550 b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 5551 b1 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 5552 gen_or(b0, b1); 5553 b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 5554 gen_or(b0, b1); 5555 b0 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 5556 gen_or(b0, b1); 5557 break; 5558 5559 case Q_ISIS_CSNP: 5560 b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT); 5561 b1 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT); 5562 gen_or(b0, b1); 5563 break; 5564 5565 case Q_ISIS_PSNP: 5566 b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT); 5567 b1 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT); 5568 gen_or(b0, b1); 5569 break; 5570 5571 case Q_CLNP: 5572 b1 = gen_proto(cstate, ISO8473_CLNP, Q_ISO, Q_DEFAULT); 5573 break; 5574 5575 case Q_STP: 5576 b1 = gen_linktype(cstate, LLCSAP_8021D); 5577 break; 5578 5579 case Q_IPX: 5580 b1 = gen_linktype(cstate, LLCSAP_IPX); 5581 break; 5582 5583 case Q_NETBEUI: 5584 b1 = gen_linktype(cstate, LLCSAP_NETBEUI); 5585 break; 5586 5587 case Q_RADIO: 5588 bpf_error(cstate, "'radio' is not a valid protocol type"); 5589 5590 default: 5591 abort(); 5592 } 5593 return b1; 5594 } 5595 5596 struct block * 5597 gen_proto_abbrev(compiler_state_t *cstate, int proto) 5598 { 5599 /* 5600 * Catch errors reported by us and routines below us, and return NULL 5601 * on an error. 5602 */ 5603 if (setjmp(cstate->top_ctx)) 5604 return (NULL); 5605 5606 return gen_proto_abbrev_internal(cstate, proto); 5607 } 5608 5609 static struct block * 5610 gen_ipfrag(compiler_state_t *cstate) 5611 { 5612 struct slist *s; 5613 struct block *b; 5614 5615 /* not IPv4 frag other than the first frag */ 5616 s = gen_load_a(cstate, OR_LINKPL, 6, BPF_H); 5617 b = new_block(cstate, JMP(BPF_JSET)); 5618 b->s.k = 0x1fff; 5619 b->stmts = s; 5620 gen_not(b); 5621 5622 return b; 5623 } 5624 5625 /* 5626 * Generate a comparison to a port value in the transport-layer header 5627 * at the specified offset from the beginning of that header. 5628 * 5629 * XXX - this handles a variable-length prefix preceding the link-layer 5630 * header, such as the radiotap or AVS radio prefix, but doesn't handle 5631 * variable-length link-layer headers (such as Token Ring or 802.11 5632 * headers). 5633 */ 5634 static struct block * 5635 gen_portatom(compiler_state_t *cstate, int off, bpf_u_int32 v) 5636 { 5637 return gen_cmp(cstate, OR_TRAN_IPV4, off, BPF_H, v); 5638 } 5639 5640 static struct block * 5641 gen_portatom6(compiler_state_t *cstate, int off, bpf_u_int32 v) 5642 { 5643 return gen_cmp(cstate, OR_TRAN_IPV6, off, BPF_H, v); 5644 } 5645 5646 static struct block * 5647 gen_portop(compiler_state_t *cstate, u_int port, u_int proto, int dir) 5648 { 5649 struct block *b0, *b1, *tmp; 5650 5651 /* ip proto 'proto' and not a fragment other than the first fragment */ 5652 tmp = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, proto); 5653 b0 = gen_ipfrag(cstate); 5654 gen_and(tmp, b0); 5655 5656 switch (dir) { 5657 case Q_SRC: 5658 b1 = gen_portatom(cstate, 0, port); 5659 break; 5660 5661 case Q_DST: 5662 b1 = gen_portatom(cstate, 2, port); 5663 break; 5664 5665 case Q_AND: 5666 tmp = gen_portatom(cstate, 0, port); 5667 b1 = gen_portatom(cstate, 2, port); 5668 gen_and(tmp, b1); 5669 break; 5670 5671 case Q_DEFAULT: 5672 case Q_OR: 5673 tmp = gen_portatom(cstate, 0, port); 5674 b1 = gen_portatom(cstate, 2, port); 5675 gen_or(tmp, b1); 5676 break; 5677 5678 case Q_ADDR1: 5679 bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for ports"); 5680 /*NOTREACHED*/ 5681 5682 case Q_ADDR2: 5683 bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for ports"); 5684 /*NOTREACHED*/ 5685 5686 case Q_ADDR3: 5687 bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for ports"); 5688 /*NOTREACHED*/ 5689 5690 case Q_ADDR4: 5691 bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for ports"); 5692 /*NOTREACHED*/ 5693 5694 case Q_RA: 5695 bpf_error(cstate, "'ra' is not a valid qualifier for ports"); 5696 /*NOTREACHED*/ 5697 5698 case Q_TA: 5699 bpf_error(cstate, "'ta' is not a valid qualifier for ports"); 5700 /*NOTREACHED*/ 5701 5702 default: 5703 abort(); 5704 /*NOTREACHED*/ 5705 } 5706 gen_and(b0, b1); 5707 5708 return b1; 5709 } 5710 5711 static struct block * 5712 gen_port(compiler_state_t *cstate, u_int port, int ip_proto, int dir) 5713 { 5714 struct block *b0, *b1, *tmp; 5715 5716 /* 5717 * ether proto ip 5718 * 5719 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 5720 * not LLC encapsulation with LLCSAP_IP. 5721 * 5722 * For IEEE 802 networks - which includes 802.5 token ring 5723 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 5724 * says that SNAP encapsulation is used, not LLC encapsulation 5725 * with LLCSAP_IP. 5726 * 5727 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 5728 * RFC 2225 say that SNAP encapsulation is used, not LLC 5729 * encapsulation with LLCSAP_IP. 5730 * 5731 * So we always check for ETHERTYPE_IP. 5732 */ 5733 b0 = gen_linktype(cstate, ETHERTYPE_IP); 5734 5735 switch (ip_proto) { 5736 case IPPROTO_UDP: 5737 case IPPROTO_TCP: 5738 case IPPROTO_SCTP: 5739 b1 = gen_portop(cstate, port, (u_int)ip_proto, dir); 5740 break; 5741 5742 case PROTO_UNDEF: 5743 tmp = gen_portop(cstate, port, IPPROTO_TCP, dir); 5744 b1 = gen_portop(cstate, port, IPPROTO_UDP, dir); 5745 gen_or(tmp, b1); 5746 tmp = gen_portop(cstate, port, IPPROTO_SCTP, dir); 5747 gen_or(tmp, b1); 5748 break; 5749 5750 default: 5751 abort(); 5752 } 5753 gen_and(b0, b1); 5754 return b1; 5755 } 5756 5757 struct block * 5758 gen_portop6(compiler_state_t *cstate, u_int port, u_int proto, int dir) 5759 { 5760 struct block *b0, *b1, *tmp; 5761 5762 /* ip6 proto 'proto' */ 5763 /* XXX - catch the first fragment of a fragmented packet? */ 5764 b0 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, proto); 5765 5766 switch (dir) { 5767 case Q_SRC: 5768 b1 = gen_portatom6(cstate, 0, port); 5769 break; 5770 5771 case Q_DST: 5772 b1 = gen_portatom6(cstate, 2, port); 5773 break; 5774 5775 case Q_AND: 5776 tmp = gen_portatom6(cstate, 0, port); 5777 b1 = gen_portatom6(cstate, 2, port); 5778 gen_and(tmp, b1); 5779 break; 5780 5781 case Q_DEFAULT: 5782 case Q_OR: 5783 tmp = gen_portatom6(cstate, 0, port); 5784 b1 = gen_portatom6(cstate, 2, port); 5785 gen_or(tmp, b1); 5786 break; 5787 5788 default: 5789 abort(); 5790 } 5791 gen_and(b0, b1); 5792 5793 return b1; 5794 } 5795 5796 static struct block * 5797 gen_port6(compiler_state_t *cstate, u_int port, int ip_proto, int dir) 5798 { 5799 struct block *b0, *b1, *tmp; 5800 5801 /* link proto ip6 */ 5802 b0 = gen_linktype(cstate, ETHERTYPE_IPV6); 5803 5804 switch (ip_proto) { 5805 case IPPROTO_UDP: 5806 case IPPROTO_TCP: 5807 case IPPROTO_SCTP: 5808 b1 = gen_portop6(cstate, port, (u_int)ip_proto, dir); 5809 break; 5810 5811 case PROTO_UNDEF: 5812 tmp = gen_portop6(cstate, port, IPPROTO_TCP, dir); 5813 b1 = gen_portop6(cstate, port, IPPROTO_UDP, dir); 5814 gen_or(tmp, b1); 5815 tmp = gen_portop6(cstate, port, IPPROTO_SCTP, dir); 5816 gen_or(tmp, b1); 5817 break; 5818 5819 default: 5820 abort(); 5821 } 5822 gen_and(b0, b1); 5823 return b1; 5824 } 5825 5826 /* gen_portrange code */ 5827 static struct block * 5828 gen_portrangeatom(compiler_state_t *cstate, u_int off, bpf_u_int32 v1, 5829 bpf_u_int32 v2) 5830 { 5831 struct block *b1, *b2; 5832 5833 if (v1 > v2) { 5834 /* 5835 * Reverse the order of the ports, so v1 is the lower one. 5836 */ 5837 bpf_u_int32 vtemp; 5838 5839 vtemp = v1; 5840 v1 = v2; 5841 v2 = vtemp; 5842 } 5843 5844 b1 = gen_cmp_ge(cstate, OR_TRAN_IPV4, off, BPF_H, v1); 5845 b2 = gen_cmp_le(cstate, OR_TRAN_IPV4, off, BPF_H, v2); 5846 5847 gen_and(b1, b2); 5848 5849 return b2; 5850 } 5851 5852 static struct block * 5853 gen_portrangeop(compiler_state_t *cstate, u_int port1, u_int port2, 5854 bpf_u_int32 proto, int dir) 5855 { 5856 struct block *b0, *b1, *tmp; 5857 5858 /* ip proto 'proto' and not a fragment other than the first fragment */ 5859 tmp = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, proto); 5860 b0 = gen_ipfrag(cstate); 5861 gen_and(tmp, b0); 5862 5863 switch (dir) { 5864 case Q_SRC: 5865 b1 = gen_portrangeatom(cstate, 0, port1, port2); 5866 break; 5867 5868 case Q_DST: 5869 b1 = gen_portrangeatom(cstate, 2, port1, port2); 5870 break; 5871 5872 case Q_AND: 5873 tmp = gen_portrangeatom(cstate, 0, port1, port2); 5874 b1 = gen_portrangeatom(cstate, 2, port1, port2); 5875 gen_and(tmp, b1); 5876 break; 5877 5878 case Q_DEFAULT: 5879 case Q_OR: 5880 tmp = gen_portrangeatom(cstate, 0, port1, port2); 5881 b1 = gen_portrangeatom(cstate, 2, port1, port2); 5882 gen_or(tmp, b1); 5883 break; 5884 5885 case Q_ADDR1: 5886 bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for port ranges"); 5887 /*NOTREACHED*/ 5888 5889 case Q_ADDR2: 5890 bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for port ranges"); 5891 /*NOTREACHED*/ 5892 5893 case Q_ADDR3: 5894 bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for port ranges"); 5895 /*NOTREACHED*/ 5896 5897 case Q_ADDR4: 5898 bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for port ranges"); 5899 /*NOTREACHED*/ 5900 5901 case Q_RA: 5902 bpf_error(cstate, "'ra' is not a valid qualifier for port ranges"); 5903 /*NOTREACHED*/ 5904 5905 case Q_TA: 5906 bpf_error(cstate, "'ta' is not a valid qualifier for port ranges"); 5907 /*NOTREACHED*/ 5908 5909 default: 5910 abort(); 5911 /*NOTREACHED*/ 5912 } 5913 gen_and(b0, b1); 5914 5915 return b1; 5916 } 5917 5918 static struct block * 5919 gen_portrange(compiler_state_t *cstate, u_int port1, u_int port2, int ip_proto, 5920 int dir) 5921 { 5922 struct block *b0, *b1, *tmp; 5923 5924 /* link proto ip */ 5925 b0 = gen_linktype(cstate, ETHERTYPE_IP); 5926 5927 switch (ip_proto) { 5928 case IPPROTO_UDP: 5929 case IPPROTO_TCP: 5930 case IPPROTO_SCTP: 5931 b1 = gen_portrangeop(cstate, port1, port2, (bpf_u_int32)ip_proto, 5932 dir); 5933 break; 5934 5935 case PROTO_UNDEF: 5936 tmp = gen_portrangeop(cstate, port1, port2, IPPROTO_TCP, dir); 5937 b1 = gen_portrangeop(cstate, port1, port2, IPPROTO_UDP, dir); 5938 gen_or(tmp, b1); 5939 tmp = gen_portrangeop(cstate, port1, port2, IPPROTO_SCTP, dir); 5940 gen_or(tmp, b1); 5941 break; 5942 5943 default: 5944 abort(); 5945 } 5946 gen_and(b0, b1); 5947 return b1; 5948 } 5949 5950 static struct block * 5951 gen_portrangeatom6(compiler_state_t *cstate, u_int off, bpf_u_int32 v1, 5952 bpf_u_int32 v2) 5953 { 5954 struct block *b1, *b2; 5955 5956 if (v1 > v2) { 5957 /* 5958 * Reverse the order of the ports, so v1 is the lower one. 5959 */ 5960 bpf_u_int32 vtemp; 5961 5962 vtemp = v1; 5963 v1 = v2; 5964 v2 = vtemp; 5965 } 5966 5967 b1 = gen_cmp_ge(cstate, OR_TRAN_IPV6, off, BPF_H, v1); 5968 b2 = gen_cmp_le(cstate, OR_TRAN_IPV6, off, BPF_H, v2); 5969 5970 gen_and(b1, b2); 5971 5972 return b2; 5973 } 5974 5975 static struct block * 5976 gen_portrangeop6(compiler_state_t *cstate, u_int port1, u_int port2, 5977 bpf_u_int32 proto, int dir) 5978 { 5979 struct block *b0, *b1, *tmp; 5980 5981 /* ip6 proto 'proto' */ 5982 /* XXX - catch the first fragment of a fragmented packet? */ 5983 b0 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, proto); 5984 5985 switch (dir) { 5986 case Q_SRC: 5987 b1 = gen_portrangeatom6(cstate, 0, port1, port2); 5988 break; 5989 5990 case Q_DST: 5991 b1 = gen_portrangeatom6(cstate, 2, port1, port2); 5992 break; 5993 5994 case Q_AND: 5995 tmp = gen_portrangeatom6(cstate, 0, port1, port2); 5996 b1 = gen_portrangeatom6(cstate, 2, port1, port2); 5997 gen_and(tmp, b1); 5998 break; 5999 6000 case Q_DEFAULT: 6001 case Q_OR: 6002 tmp = gen_portrangeatom6(cstate, 0, port1, port2); 6003 b1 = gen_portrangeatom6(cstate, 2, port1, port2); 6004 gen_or(tmp, b1); 6005 break; 6006 6007 default: 6008 abort(); 6009 } 6010 gen_and(b0, b1); 6011 6012 return b1; 6013 } 6014 6015 static struct block * 6016 gen_portrange6(compiler_state_t *cstate, u_int port1, u_int port2, int ip_proto, 6017 int dir) 6018 { 6019 struct block *b0, *b1, *tmp; 6020 6021 /* link proto ip6 */ 6022 b0 = gen_linktype(cstate, ETHERTYPE_IPV6); 6023 6024 switch (ip_proto) { 6025 case IPPROTO_UDP: 6026 case IPPROTO_TCP: 6027 case IPPROTO_SCTP: 6028 b1 = gen_portrangeop6(cstate, port1, port2, (bpf_u_int32)ip_proto, 6029 dir); 6030 break; 6031 6032 case PROTO_UNDEF: 6033 tmp = gen_portrangeop6(cstate, port1, port2, IPPROTO_TCP, dir); 6034 b1 = gen_portrangeop6(cstate, port1, port2, IPPROTO_UDP, dir); 6035 gen_or(tmp, b1); 6036 tmp = gen_portrangeop6(cstate, port1, port2, IPPROTO_SCTP, dir); 6037 gen_or(tmp, b1); 6038 break; 6039 6040 default: 6041 abort(); 6042 } 6043 gen_and(b0, b1); 6044 return b1; 6045 } 6046 6047 static int 6048 lookup_proto(compiler_state_t *cstate, const char *name, int proto) 6049 { 6050 register int v; 6051 6052 switch (proto) { 6053 6054 case Q_DEFAULT: 6055 case Q_IP: 6056 case Q_IPV6: 6057 v = pcap_nametoproto(name); 6058 if (v == PROTO_UNDEF) 6059 bpf_error(cstate, "unknown ip proto '%s'", name); 6060 break; 6061 6062 case Q_LINK: 6063 /* XXX should look up h/w protocol type based on cstate->linktype */ 6064 v = pcap_nametoeproto(name); 6065 if (v == PROTO_UNDEF) { 6066 v = pcap_nametollc(name); 6067 if (v == PROTO_UNDEF) 6068 bpf_error(cstate, "unknown ether proto '%s'", name); 6069 } 6070 break; 6071 6072 case Q_ISO: 6073 if (strcmp(name, "esis") == 0) 6074 v = ISO9542_ESIS; 6075 else if (strcmp(name, "isis") == 0) 6076 v = ISO10589_ISIS; 6077 else if (strcmp(name, "clnp") == 0) 6078 v = ISO8473_CLNP; 6079 else 6080 bpf_error(cstate, "unknown osi proto '%s'", name); 6081 break; 6082 6083 default: 6084 v = PROTO_UNDEF; 6085 break; 6086 } 6087 return v; 6088 } 6089 6090 #if !defined(NO_PROTOCHAIN) 6091 static struct block * 6092 gen_protochain(compiler_state_t *cstate, bpf_u_int32 v, int proto) 6093 { 6094 struct block *b0, *b; 6095 struct slist *s[100]; 6096 int fix2, fix3, fix4, fix5; 6097 int ahcheck, again, end; 6098 int i, max; 6099 int reg2 = alloc_reg(cstate); 6100 6101 memset(s, 0, sizeof(s)); 6102 fix3 = fix4 = fix5 = 0; 6103 6104 switch (proto) { 6105 case Q_IP: 6106 case Q_IPV6: 6107 break; 6108 case Q_DEFAULT: 6109 b0 = gen_protochain(cstate, v, Q_IP); 6110 b = gen_protochain(cstate, v, Q_IPV6); 6111 gen_or(b0, b); 6112 return b; 6113 default: 6114 bpf_error(cstate, "bad protocol applied for 'protochain'"); 6115 /*NOTREACHED*/ 6116 } 6117 6118 /* 6119 * We don't handle variable-length prefixes before the link-layer 6120 * header, or variable-length link-layer headers, here yet. 6121 * We might want to add BPF instructions to do the protochain 6122 * work, to simplify that and, on platforms that have a BPF 6123 * interpreter with the new instructions, let the filtering 6124 * be done in the kernel. (We already require a modified BPF 6125 * engine to do the protochain stuff, to support backward 6126 * branches, and backward branch support is unlikely to appear 6127 * in kernel BPF engines.) 6128 */ 6129 if (cstate->off_linkpl.is_variable) 6130 bpf_error(cstate, "'protochain' not supported with variable length headers"); 6131 6132 /* 6133 * To quote a comment in optimize.c: 6134 * 6135 * "These data structures are used in a Cocke and Schwartz style 6136 * value numbering scheme. Since the flowgraph is acyclic, 6137 * exit values can be propagated from a node's predecessors 6138 * provided it is uniquely defined." 6139 * 6140 * "Acyclic" means "no backward branches", which means "no 6141 * loops", so we have to turn the optimizer off. 6142 */ 6143 cstate->no_optimize = 1; 6144 6145 /* 6146 * s[0] is a dummy entry to protect other BPF insn from damage 6147 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 6148 * hard to find interdependency made by jump table fixup. 6149 */ 6150 i = 0; 6151 s[i] = new_stmt(cstate, 0); /*dummy*/ 6152 i++; 6153 6154 switch (proto) { 6155 case Q_IP: 6156 b0 = gen_linktype(cstate, ETHERTYPE_IP); 6157 6158 /* A = ip->ip_p */ 6159 s[i] = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B); 6160 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 9; 6161 i++; 6162 /* X = ip->ip_hl << 2 */ 6163 s[i] = new_stmt(cstate, BPF_LDX|BPF_MSH|BPF_B); 6164 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 6165 i++; 6166 break; 6167 6168 case Q_IPV6: 6169 b0 = gen_linktype(cstate, ETHERTYPE_IPV6); 6170 6171 /* A = ip6->ip_nxt */ 6172 s[i] = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B); 6173 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 6; 6174 i++; 6175 /* X = sizeof(struct ip6_hdr) */ 6176 s[i] = new_stmt(cstate, BPF_LDX|BPF_IMM); 6177 s[i]->s.k = 40; 6178 i++; 6179 break; 6180 6181 default: 6182 bpf_error(cstate, "unsupported proto to gen_protochain"); 6183 /*NOTREACHED*/ 6184 } 6185 6186 /* again: if (A == v) goto end; else fall through; */ 6187 again = i; 6188 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6189 s[i]->s.k = v; 6190 s[i]->s.jt = NULL; /*later*/ 6191 s[i]->s.jf = NULL; /*update in next stmt*/ 6192 fix5 = i; 6193 i++; 6194 6195 #ifndef IPPROTO_NONE 6196 #define IPPROTO_NONE 59 6197 #endif 6198 /* if (A == IPPROTO_NONE) goto end */ 6199 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6200 s[i]->s.jt = NULL; /*later*/ 6201 s[i]->s.jf = NULL; /*update in next stmt*/ 6202 s[i]->s.k = IPPROTO_NONE; 6203 s[fix5]->s.jf = s[i]; 6204 fix2 = i; 6205 i++; 6206 6207 if (proto == Q_IPV6) { 6208 int v6start, v6end, v6advance, j; 6209 6210 v6start = i; 6211 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 6212 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6213 s[i]->s.jt = NULL; /*later*/ 6214 s[i]->s.jf = NULL; /*update in next stmt*/ 6215 s[i]->s.k = IPPROTO_HOPOPTS; 6216 s[fix2]->s.jf = s[i]; 6217 i++; 6218 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 6219 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6220 s[i]->s.jt = NULL; /*later*/ 6221 s[i]->s.jf = NULL; /*update in next stmt*/ 6222 s[i]->s.k = IPPROTO_DSTOPTS; 6223 i++; 6224 /* if (A == IPPROTO_ROUTING) goto v6advance */ 6225 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6226 s[i]->s.jt = NULL; /*later*/ 6227 s[i]->s.jf = NULL; /*update in next stmt*/ 6228 s[i]->s.k = IPPROTO_ROUTING; 6229 i++; 6230 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 6231 s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6232 s[i]->s.jt = NULL; /*later*/ 6233 s[i]->s.jf = NULL; /*later*/ 6234 s[i]->s.k = IPPROTO_FRAGMENT; 6235 fix3 = i; 6236 v6end = i; 6237 i++; 6238 6239 /* v6advance: */ 6240 v6advance = i; 6241 6242 /* 6243 * in short, 6244 * A = P[X + packet head]; 6245 * X = X + (P[X + packet head + 1] + 1) * 8; 6246 */ 6247 /* A = P[X + packet head] */ 6248 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 6249 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 6250 i++; 6251 /* MEM[reg2] = A */ 6252 s[i] = new_stmt(cstate, BPF_ST); 6253 s[i]->s.k = reg2; 6254 i++; 6255 /* A = P[X + packet head + 1]; */ 6256 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 6257 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 1; 6258 i++; 6259 /* A += 1 */ 6260 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 6261 s[i]->s.k = 1; 6262 i++; 6263 /* A *= 8 */ 6264 s[i] = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K); 6265 s[i]->s.k = 8; 6266 i++; 6267 /* A += X */ 6268 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X); 6269 s[i]->s.k = 0; 6270 i++; 6271 /* X = A; */ 6272 s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX); 6273 i++; 6274 /* A = MEM[reg2] */ 6275 s[i] = new_stmt(cstate, BPF_LD|BPF_MEM); 6276 s[i]->s.k = reg2; 6277 i++; 6278 6279 /* goto again; (must use BPF_JA for backward jump) */ 6280 s[i] = new_stmt(cstate, BPF_JMP|BPF_JA); 6281 s[i]->s.k = again - i - 1; 6282 s[i - 1]->s.jf = s[i]; 6283 i++; 6284 6285 /* fixup */ 6286 for (j = v6start; j <= v6end; j++) 6287 s[j]->s.jt = s[v6advance]; 6288 } else { 6289 /* nop */ 6290 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 6291 s[i]->s.k = 0; 6292 s[fix2]->s.jf = s[i]; 6293 i++; 6294 } 6295 6296 /* ahcheck: */ 6297 ahcheck = i; 6298 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 6299 s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K); 6300 s[i]->s.jt = NULL; /*later*/ 6301 s[i]->s.jf = NULL; /*later*/ 6302 s[i]->s.k = IPPROTO_AH; 6303 if (fix3) 6304 s[fix3]->s.jf = s[ahcheck]; 6305 fix4 = i; 6306 i++; 6307 6308 /* 6309 * in short, 6310 * A = P[X]; 6311 * X = X + (P[X + 1] + 2) * 4; 6312 */ 6313 /* A = X */ 6314 s[i - 1]->s.jt = s[i] = new_stmt(cstate, BPF_MISC|BPF_TXA); 6315 i++; 6316 /* A = P[X + packet head]; */ 6317 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 6318 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 6319 i++; 6320 /* MEM[reg2] = A */ 6321 s[i] = new_stmt(cstate, BPF_ST); 6322 s[i]->s.k = reg2; 6323 i++; 6324 /* A = X */ 6325 s[i - 1]->s.jt = s[i] = new_stmt(cstate, BPF_MISC|BPF_TXA); 6326 i++; 6327 /* A += 1 */ 6328 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 6329 s[i]->s.k = 1; 6330 i++; 6331 /* X = A */ 6332 s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX); 6333 i++; 6334 /* A = P[X + packet head] */ 6335 s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 6336 s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 6337 i++; 6338 /* A += 2 */ 6339 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 6340 s[i]->s.k = 2; 6341 i++; 6342 /* A *= 4 */ 6343 s[i] = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K); 6344 s[i]->s.k = 4; 6345 i++; 6346 /* X = A; */ 6347 s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX); 6348 i++; 6349 /* A = MEM[reg2] */ 6350 s[i] = new_stmt(cstate, BPF_LD|BPF_MEM); 6351 s[i]->s.k = reg2; 6352 i++; 6353 6354 /* goto again; (must use BPF_JA for backward jump) */ 6355 s[i] = new_stmt(cstate, BPF_JMP|BPF_JA); 6356 s[i]->s.k = again - i - 1; 6357 i++; 6358 6359 /* end: nop */ 6360 end = i; 6361 s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 6362 s[i]->s.k = 0; 6363 s[fix2]->s.jt = s[end]; 6364 s[fix4]->s.jf = s[end]; 6365 s[fix5]->s.jt = s[end]; 6366 i++; 6367 6368 /* 6369 * make slist chain 6370 */ 6371 max = i; 6372 for (i = 0; i < max - 1; i++) 6373 s[i]->next = s[i + 1]; 6374 s[max - 1]->next = NULL; 6375 6376 /* 6377 * emit final check 6378 */ 6379 b = new_block(cstate, JMP(BPF_JEQ)); 6380 b->stmts = s[1]; /*remember, s[0] is dummy*/ 6381 b->s.k = v; 6382 6383 free_reg(cstate, reg2); 6384 6385 gen_and(b0, b); 6386 return b; 6387 } 6388 #endif /* !defined(NO_PROTOCHAIN) */ 6389 6390 static struct block * 6391 gen_check_802_11_data_frame(compiler_state_t *cstate) 6392 { 6393 struct slist *s; 6394 struct block *b0, *b1; 6395 6396 /* 6397 * A data frame has the 0x08 bit (b3) in the frame control field set 6398 * and the 0x04 bit (b2) clear. 6399 */ 6400 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 6401 b0 = new_block(cstate, JMP(BPF_JSET)); 6402 b0->s.k = 0x08; 6403 b0->stmts = s; 6404 6405 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 6406 b1 = new_block(cstate, JMP(BPF_JSET)); 6407 b1->s.k = 0x04; 6408 b1->stmts = s; 6409 gen_not(b1); 6410 6411 gen_and(b1, b0); 6412 6413 return b0; 6414 } 6415 6416 /* 6417 * Generate code that checks whether the packet is a packet for protocol 6418 * <proto> and whether the type field in that protocol's header has 6419 * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an 6420 * IP packet and checks the protocol number in the IP header against <v>. 6421 * 6422 * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks 6423 * against Q_IP and Q_IPV6. 6424 */ 6425 static struct block * 6426 gen_proto(compiler_state_t *cstate, bpf_u_int32 v, int proto, int dir) 6427 { 6428 struct block *b0, *b1; 6429 struct block *b2; 6430 6431 if (dir != Q_DEFAULT) 6432 bpf_error(cstate, "direction applied to 'proto'"); 6433 6434 switch (proto) { 6435 case Q_DEFAULT: 6436 b0 = gen_proto(cstate, v, Q_IP, dir); 6437 b1 = gen_proto(cstate, v, Q_IPV6, dir); 6438 gen_or(b0, b1); 6439 return b1; 6440 6441 case Q_LINK: 6442 return gen_linktype(cstate, v); 6443 6444 case Q_IP: 6445 /* 6446 * For FDDI, RFC 1188 says that SNAP encapsulation is used, 6447 * not LLC encapsulation with LLCSAP_IP. 6448 * 6449 * For IEEE 802 networks - which includes 802.5 token ring 6450 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042 6451 * says that SNAP encapsulation is used, not LLC encapsulation 6452 * with LLCSAP_IP. 6453 * 6454 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and 6455 * RFC 2225 say that SNAP encapsulation is used, not LLC 6456 * encapsulation with LLCSAP_IP. 6457 * 6458 * So we always check for ETHERTYPE_IP. 6459 */ 6460 b0 = gen_linktype(cstate, ETHERTYPE_IP); 6461 b1 = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, v); 6462 gen_and(b0, b1); 6463 return b1; 6464 6465 case Q_ARP: 6466 bpf_error(cstate, "arp does not encapsulate another protocol"); 6467 /*NOTREACHED*/ 6468 6469 case Q_RARP: 6470 bpf_error(cstate, "rarp does not encapsulate another protocol"); 6471 /*NOTREACHED*/ 6472 6473 case Q_SCTP: 6474 bpf_error(cstate, "'sctp proto' is bogus"); 6475 /*NOTREACHED*/ 6476 6477 case Q_TCP: 6478 bpf_error(cstate, "'tcp proto' is bogus"); 6479 /*NOTREACHED*/ 6480 6481 case Q_UDP: 6482 bpf_error(cstate, "'udp proto' is bogus"); 6483 /*NOTREACHED*/ 6484 6485 case Q_ICMP: 6486 bpf_error(cstate, "'icmp proto' is bogus"); 6487 /*NOTREACHED*/ 6488 6489 case Q_IGMP: 6490 bpf_error(cstate, "'igmp proto' is bogus"); 6491 /*NOTREACHED*/ 6492 6493 case Q_IGRP: 6494 bpf_error(cstate, "'igrp proto' is bogus"); 6495 /*NOTREACHED*/ 6496 6497 case Q_ATALK: 6498 bpf_error(cstate, "AppleTalk encapsulation is not specifiable"); 6499 /*NOTREACHED*/ 6500 6501 case Q_DECNET: 6502 bpf_error(cstate, "DECNET encapsulation is not specifiable"); 6503 /*NOTREACHED*/ 6504 6505 case Q_LAT: 6506 bpf_error(cstate, "LAT does not encapsulate another protocol"); 6507 /*NOTREACHED*/ 6508 6509 case Q_SCA: 6510 bpf_error(cstate, "SCA does not encapsulate another protocol"); 6511 /*NOTREACHED*/ 6512 6513 case Q_MOPRC: 6514 bpf_error(cstate, "MOPRC does not encapsulate another protocol"); 6515 /*NOTREACHED*/ 6516 6517 case Q_MOPDL: 6518 bpf_error(cstate, "MOPDL does not encapsulate another protocol"); 6519 /*NOTREACHED*/ 6520 6521 case Q_IPV6: 6522 b0 = gen_linktype(cstate, ETHERTYPE_IPV6); 6523 /* 6524 * Also check for a fragment header before the final 6525 * header. 6526 */ 6527 b2 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, IPPROTO_FRAGMENT); 6528 b1 = gen_cmp(cstate, OR_LINKPL, 40, BPF_B, v); 6529 gen_and(b2, b1); 6530 b2 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, v); 6531 gen_or(b2, b1); 6532 gen_and(b0, b1); 6533 return b1; 6534 6535 case Q_ICMPV6: 6536 bpf_error(cstate, "'icmp6 proto' is bogus"); 6537 /*NOTREACHED*/ 6538 6539 case Q_AH: 6540 bpf_error(cstate, "'ah proto' is bogus"); 6541 /*NOTREACHED*/ 6542 6543 case Q_ESP: 6544 bpf_error(cstate, "'esp proto' is bogus"); 6545 /*NOTREACHED*/ 6546 6547 case Q_PIM: 6548 bpf_error(cstate, "'pim proto' is bogus"); 6549 /*NOTREACHED*/ 6550 6551 case Q_VRRP: 6552 bpf_error(cstate, "'vrrp proto' is bogus"); 6553 /*NOTREACHED*/ 6554 6555 case Q_AARP: 6556 bpf_error(cstate, "'aarp proto' is bogus"); 6557 /*NOTREACHED*/ 6558 6559 case Q_ISO: 6560 switch (cstate->linktype) { 6561 6562 case DLT_FRELAY: 6563 /* 6564 * Frame Relay packets typically have an OSI 6565 * NLPID at the beginning; "gen_linktype(cstate, LLCSAP_ISONS)" 6566 * generates code to check for all the OSI 6567 * NLPIDs, so calling it and then adding a check 6568 * for the particular NLPID for which we're 6569 * looking is bogus, as we can just check for 6570 * the NLPID. 6571 * 6572 * What we check for is the NLPID and a frame 6573 * control field value of UI, i.e. 0x03 followed 6574 * by the NLPID. 6575 * 6576 * XXX - assumes a 2-byte Frame Relay header with 6577 * DLCI and flags. What if the address is longer? 6578 * 6579 * XXX - what about SNAP-encapsulated frames? 6580 */ 6581 return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | v); 6582 /*NOTREACHED*/ 6583 6584 case DLT_C_HDLC: 6585 case DLT_HDLC: 6586 /* 6587 * Cisco uses an Ethertype lookalike - for OSI, 6588 * it's 0xfefe. 6589 */ 6590 b0 = gen_linktype(cstate, LLCSAP_ISONS<<8 | LLCSAP_ISONS); 6591 /* OSI in C-HDLC is stuffed with a fudge byte */ 6592 b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 1, BPF_B, v); 6593 gen_and(b0, b1); 6594 return b1; 6595 6596 default: 6597 b0 = gen_linktype(cstate, LLCSAP_ISONS); 6598 b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 0, BPF_B, v); 6599 gen_and(b0, b1); 6600 return b1; 6601 } 6602 6603 case Q_ESIS: 6604 bpf_error(cstate, "'esis proto' is bogus"); 6605 /*NOTREACHED*/ 6606 6607 case Q_ISIS: 6608 b0 = gen_proto(cstate, ISO10589_ISIS, Q_ISO, Q_DEFAULT); 6609 /* 6610 * 4 is the offset of the PDU type relative to the IS-IS 6611 * header. 6612 */ 6613 b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 4, BPF_B, v); 6614 gen_and(b0, b1); 6615 return b1; 6616 6617 case Q_CLNP: 6618 bpf_error(cstate, "'clnp proto' is not supported"); 6619 /*NOTREACHED*/ 6620 6621 case Q_STP: 6622 bpf_error(cstate, "'stp proto' is bogus"); 6623 /*NOTREACHED*/ 6624 6625 case Q_IPX: 6626 bpf_error(cstate, "'ipx proto' is bogus"); 6627 /*NOTREACHED*/ 6628 6629 case Q_NETBEUI: 6630 bpf_error(cstate, "'netbeui proto' is bogus"); 6631 /*NOTREACHED*/ 6632 6633 case Q_ISIS_L1: 6634 bpf_error(cstate, "'l1 proto' is bogus"); 6635 /*NOTREACHED*/ 6636 6637 case Q_ISIS_L2: 6638 bpf_error(cstate, "'l2 proto' is bogus"); 6639 /*NOTREACHED*/ 6640 6641 case Q_ISIS_IIH: 6642 bpf_error(cstate, "'iih proto' is bogus"); 6643 /*NOTREACHED*/ 6644 6645 case Q_ISIS_SNP: 6646 bpf_error(cstate, "'snp proto' is bogus"); 6647 /*NOTREACHED*/ 6648 6649 case Q_ISIS_CSNP: 6650 bpf_error(cstate, "'csnp proto' is bogus"); 6651 /*NOTREACHED*/ 6652 6653 case Q_ISIS_PSNP: 6654 bpf_error(cstate, "'psnp proto' is bogus"); 6655 /*NOTREACHED*/ 6656 6657 case Q_ISIS_LSP: 6658 bpf_error(cstate, "'lsp proto' is bogus"); 6659 /*NOTREACHED*/ 6660 6661 case Q_RADIO: 6662 bpf_error(cstate, "'radio proto' is bogus"); 6663 /*NOTREACHED*/ 6664 6665 case Q_CARP: 6666 bpf_error(cstate, "'carp proto' is bogus"); 6667 /*NOTREACHED*/ 6668 6669 default: 6670 abort(); 6671 /*NOTREACHED*/ 6672 } 6673 /*NOTREACHED*/ 6674 } 6675 6676 /* 6677 * Convert a non-numeric name to a port number. 6678 */ 6679 static int 6680 nametoport(compiler_state_t *cstate, const char *name, int ipproto) 6681 { 6682 struct addrinfo hints, *res, *ai; 6683 int error; 6684 struct sockaddr_in *in4; 6685 #ifdef INET6 6686 struct sockaddr_in6 *in6; 6687 #endif 6688 int port = -1; 6689 6690 /* 6691 * We check for both TCP and UDP in case there are 6692 * ambiguous entries. 6693 */ 6694 memset(&hints, 0, sizeof(hints)); 6695 hints.ai_family = PF_UNSPEC; 6696 hints.ai_socktype = (ipproto == IPPROTO_TCP) ? SOCK_STREAM : SOCK_DGRAM; 6697 hints.ai_protocol = ipproto; 6698 error = getaddrinfo(NULL, name, &hints, &res); 6699 if (error != 0) { 6700 switch (error) { 6701 6702 case EAI_NONAME: 6703 case EAI_SERVICE: 6704 /* 6705 * No such port. Just return -1. 6706 */ 6707 break; 6708 6709 #ifdef EAI_SYSTEM 6710 case EAI_SYSTEM: 6711 /* 6712 * We don't use strerror() because it's not 6713 * guaranteed to be thread-safe on all platforms 6714 * (probably because it might use a non-thread-local 6715 * buffer into which to format an error message 6716 * if the error code isn't one for which it has 6717 * a canned string; three cheers for C string 6718 * handling). 6719 */ 6720 bpf_set_error(cstate, "getaddrinfo(\"%s\" fails with system error: %d", 6721 name, errno); 6722 port = -2; /* a real error */ 6723 break; 6724 #endif 6725 6726 default: 6727 /* 6728 * This is a real error, not just "there's 6729 * no such service name". 6730 * 6731 * We don't use gai_strerror() because it's not 6732 * guaranteed to be thread-safe on all platforms 6733 * (probably because it might use a non-thread-local 6734 * buffer into which to format an error message 6735 * if the error code isn't one for which it has 6736 * a canned string; three cheers for C string 6737 * handling). 6738 */ 6739 bpf_set_error(cstate, "getaddrinfo(\"%s\") fails with error: %d", 6740 name, error); 6741 port = -2; /* a real error */ 6742 break; 6743 } 6744 } else { 6745 /* 6746 * OK, we found it. Did it find anything? 6747 */ 6748 for (ai = res; ai != NULL; ai = ai->ai_next) { 6749 /* 6750 * Does it have an address? 6751 */ 6752 if (ai->ai_addr != NULL) { 6753 /* 6754 * Yes. Get a port number; we're done. 6755 */ 6756 if (ai->ai_addr->sa_family == AF_INET) { 6757 in4 = (struct sockaddr_in *)ai->ai_addr; 6758 port = ntohs(in4->sin_port); 6759 break; 6760 } 6761 #ifdef INET6 6762 if (ai->ai_addr->sa_family == AF_INET6) { 6763 in6 = (struct sockaddr_in6 *)ai->ai_addr; 6764 port = ntohs(in6->sin6_port); 6765 break; 6766 } 6767 #endif 6768 } 6769 } 6770 freeaddrinfo(res); 6771 } 6772 return port; 6773 } 6774 6775 /* 6776 * Convert a string to a port number. 6777 */ 6778 static bpf_u_int32 6779 stringtoport(compiler_state_t *cstate, const char *string, size_t string_size, 6780 int *proto) 6781 { 6782 stoulen_ret ret; 6783 char *cpy; 6784 bpf_u_int32 val; 6785 int tcp_port = -1; 6786 int udp_port = -1; 6787 6788 /* 6789 * See if it's a number. 6790 */ 6791 ret = stoulen(string, string_size, &val, cstate); 6792 switch (ret) { 6793 6794 case STOULEN_OK: 6795 /* Unknown port type - it's just a number. */ 6796 *proto = PROTO_UNDEF; 6797 break; 6798 6799 case STOULEN_NOT_OCTAL_NUMBER: 6800 case STOULEN_NOT_HEX_NUMBER: 6801 case STOULEN_NOT_DECIMAL_NUMBER: 6802 /* 6803 * Not a valid number; try looking it up as a port. 6804 */ 6805 cpy = malloc(string_size + 1); /* +1 for terminating '\0' */ 6806 memcpy(cpy, string, string_size); 6807 cpy[string_size] = '\0'; 6808 tcp_port = nametoport(cstate, cpy, IPPROTO_TCP); 6809 if (tcp_port == -2) { 6810 /* 6811 * We got a hard error; the error string has 6812 * already been set. 6813 */ 6814 free(cpy); 6815 longjmp(cstate->top_ctx, 1); 6816 /*NOTREACHED*/ 6817 } 6818 udp_port = nametoport(cstate, cpy, IPPROTO_UDP); 6819 if (udp_port == -2) { 6820 /* 6821 * We got a hard error; the error string has 6822 * already been set. 6823 */ 6824 free(cpy); 6825 longjmp(cstate->top_ctx, 1); 6826 /*NOTREACHED*/ 6827 } 6828 6829 /* 6830 * We need to check /etc/services for ambiguous entries. 6831 * If we find an ambiguous entry, and it has the 6832 * same port number, change the proto to PROTO_UNDEF 6833 * so both TCP and UDP will be checked. 6834 */ 6835 if (tcp_port >= 0) { 6836 val = (bpf_u_int32)tcp_port; 6837 *proto = IPPROTO_TCP; 6838 if (udp_port >= 0) { 6839 if (udp_port == tcp_port) 6840 *proto = PROTO_UNDEF; 6841 #ifdef notdef 6842 else 6843 /* Can't handle ambiguous names that refer 6844 to different port numbers. */ 6845 warning("ambiguous port %s in /etc/services", 6846 cpy); 6847 #endif 6848 } 6849 free(cpy); 6850 break; 6851 } 6852 if (udp_port >= 0) { 6853 val = (bpf_u_int32)udp_port; 6854 *proto = IPPROTO_UDP; 6855 free(cpy); 6856 break; 6857 } 6858 #if defined(ultrix) || defined(__osf__) 6859 /* Special hack in case NFS isn't in /etc/services */ 6860 if (strcmp(cpy, "nfs") == 0) { 6861 val = 2049; 6862 *proto = PROTO_UNDEF; 6863 free(cpy); 6864 break; 6865 } 6866 #endif 6867 bpf_set_error(cstate, "'%s' is not a valid port", cpy); 6868 free(cpy); 6869 longjmp(cstate->top_ctx, 1); 6870 /*NOTREACHED*/ 6871 6872 case STOULEN_ERROR: 6873 /* Error already set. */ 6874 longjmp(cstate->top_ctx, 1); 6875 /*NOTREACHED*/ 6876 6877 default: 6878 /* Should not happen */ 6879 bpf_set_error(cstate, "stoulen returned %d - this should not happen", ret); 6880 longjmp(cstate->top_ctx, 1); 6881 /*NOTREACHED*/ 6882 } 6883 return (val); 6884 } 6885 6886 /* 6887 * Convert a string in the form PPP-PPP, which correspond to ports, to 6888 * a starting and ending port in a port range. 6889 */ 6890 static void 6891 stringtoportrange(compiler_state_t *cstate, const char *string, 6892 bpf_u_int32 *port1, bpf_u_int32 *port2, int *proto) 6893 { 6894 char *hyphen_off; 6895 const char *first, *second; 6896 size_t first_size, second_size; 6897 int save_proto; 6898 6899 if ((hyphen_off = strchr(string, '-')) == NULL) 6900 bpf_error(cstate, "port range '%s' contains no hyphen", string); 6901 6902 /* 6903 * Make sure there are no other hyphens. 6904 * 6905 * XXX - we support named ports, but there are some port names 6906 * in /etc/services that include hyphens, so this would rule 6907 * that out. 6908 */ 6909 if (strchr(hyphen_off + 1, '-') != NULL) 6910 bpf_error(cstate, "port range '%s' contains more than one hyphen", 6911 string); 6912 6913 /* 6914 * Get the length of the first port. 6915 */ 6916 first = string; 6917 first_size = hyphen_off - string; 6918 if (first_size == 0) { 6919 /* Range of "-port", which we don't support. */ 6920 bpf_error(cstate, "port range '%s' has no starting port", string); 6921 } 6922 6923 /* 6924 * Try to convert it to a port. 6925 */ 6926 *port1 = stringtoport(cstate, first, first_size, proto); 6927 save_proto = *proto; 6928 6929 /* 6930 * Get the length of the second port. 6931 */ 6932 second = hyphen_off + 1; 6933 second_size = strlen(second); 6934 if (second_size == 0) { 6935 /* Range of "port-", which we don't support. */ 6936 bpf_error(cstate, "port range '%s' has no ending port", string); 6937 } 6938 6939 /* 6940 * Try to convert it to a port. 6941 */ 6942 *port2 = stringtoport(cstate, second, second_size, proto); 6943 if (*proto != save_proto) 6944 *proto = PROTO_UNDEF; 6945 } 6946 6947 struct block * 6948 gen_scode(compiler_state_t *cstate, const char *name, struct qual q) 6949 { 6950 int proto = q.proto; 6951 int dir = q.dir; 6952 int tproto; 6953 u_char *eaddr; 6954 bpf_u_int32 mask, addr; 6955 struct addrinfo *res, *res0; 6956 struct sockaddr_in *sin4; 6957 #ifdef INET6 6958 int tproto6; 6959 struct sockaddr_in6 *sin6; 6960 struct in6_addr mask128; 6961 #endif /*INET6*/ 6962 struct block *b, *tmp; 6963 int port, real_proto; 6964 bpf_u_int32 port1, port2; 6965 6966 /* 6967 * Catch errors reported by us and routines below us, and return NULL 6968 * on an error. 6969 */ 6970 if (setjmp(cstate->top_ctx)) 6971 return (NULL); 6972 6973 switch (q.addr) { 6974 6975 case Q_NET: 6976 addr = pcap_nametonetaddr(name); 6977 if (addr == 0) 6978 bpf_error(cstate, "unknown network '%s'", name); 6979 /* Left justify network addr and calculate its network mask */ 6980 mask = 0xffffffff; 6981 while (addr && (addr & 0xff000000) == 0) { 6982 addr <<= 8; 6983 mask <<= 8; 6984 } 6985 return gen_host(cstate, addr, mask, proto, dir, q.addr); 6986 6987 case Q_DEFAULT: 6988 case Q_HOST: 6989 if (proto == Q_LINK) { 6990 switch (cstate->linktype) { 6991 6992 case DLT_EN10MB: 6993 case DLT_NETANALYZER: 6994 case DLT_NETANALYZER_TRANSPARENT: 6995 eaddr = pcap_ether_hostton(name); 6996 if (eaddr == NULL) 6997 bpf_error(cstate, 6998 "unknown ether host '%s'", name); 6999 tmp = gen_prevlinkhdr_check(cstate); 7000 b = gen_ehostop(cstate, eaddr, dir); 7001 if (tmp != NULL) 7002 gen_and(tmp, b); 7003 free(eaddr); 7004 return b; 7005 7006 case DLT_FDDI: 7007 eaddr = pcap_ether_hostton(name); 7008 if (eaddr == NULL) 7009 bpf_error(cstate, 7010 "unknown FDDI host '%s'", name); 7011 b = gen_fhostop(cstate, eaddr, dir); 7012 free(eaddr); 7013 return b; 7014 7015 case DLT_IEEE802: 7016 eaddr = pcap_ether_hostton(name); 7017 if (eaddr == NULL) 7018 bpf_error(cstate, 7019 "unknown token ring host '%s'", name); 7020 b = gen_thostop(cstate, eaddr, dir); 7021 free(eaddr); 7022 return b; 7023 7024 case DLT_IEEE802_11: 7025 case DLT_PRISM_HEADER: 7026 case DLT_IEEE802_11_RADIO_AVS: 7027 case DLT_IEEE802_11_RADIO: 7028 case DLT_PPI: 7029 eaddr = pcap_ether_hostton(name); 7030 if (eaddr == NULL) 7031 bpf_error(cstate, 7032 "unknown 802.11 host '%s'", name); 7033 b = gen_wlanhostop(cstate, eaddr, dir); 7034 free(eaddr); 7035 return b; 7036 7037 case DLT_IP_OVER_FC: 7038 eaddr = pcap_ether_hostton(name); 7039 if (eaddr == NULL) 7040 bpf_error(cstate, 7041 "unknown Fibre Channel host '%s'", name); 7042 b = gen_ipfchostop(cstate, eaddr, dir); 7043 free(eaddr); 7044 return b; 7045 } 7046 7047 bpf_error(cstate, "only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name"); 7048 } else if (proto == Q_DECNET) { 7049 unsigned short dn_addr; 7050 7051 if (!__pcap_nametodnaddr(name, &dn_addr)) { 7052 #ifdef DECNETLIB 7053 bpf_error(cstate, "unknown decnet host name '%s'\n", name); 7054 #else 7055 bpf_error(cstate, "decnet name support not included, '%s' cannot be translated\n", 7056 name); 7057 #endif 7058 } 7059 /* 7060 * I don't think DECNET hosts can be multihomed, so 7061 * there is no need to build up a list of addresses 7062 */ 7063 return (gen_host(cstate, dn_addr, 0, proto, dir, q.addr)); 7064 } else { 7065 #ifdef INET6 7066 memset(&mask128, 0xff, sizeof(mask128)); 7067 #endif 7068 res0 = res = pcap_nametoaddrinfo(name); 7069 if (res == NULL) 7070 bpf_error(cstate, "unknown host '%s'", name); 7071 cstate->ai = res; 7072 b = tmp = NULL; 7073 tproto = proto; 7074 #ifdef INET6 7075 tproto6 = proto; 7076 #endif 7077 if (cstate->off_linktype.constant_part == OFFSET_NOT_SET && 7078 tproto == Q_DEFAULT) { 7079 tproto = Q_IP; 7080 #ifdef INET6 7081 tproto6 = Q_IPV6; 7082 #endif 7083 } 7084 for (res = res0; res; res = res->ai_next) { 7085 switch (res->ai_family) { 7086 case AF_INET: 7087 #ifdef INET6 7088 if (tproto == Q_IPV6) 7089 continue; 7090 #endif 7091 7092 sin4 = (struct sockaddr_in *) 7093 res->ai_addr; 7094 tmp = gen_host(cstate, ntohl(sin4->sin_addr.s_addr), 7095 0xffffffff, tproto, dir, q.addr); 7096 break; 7097 #ifdef INET6 7098 case AF_INET6: 7099 if (tproto6 == Q_IP) 7100 continue; 7101 7102 sin6 = (struct sockaddr_in6 *) 7103 res->ai_addr; 7104 tmp = gen_host6(cstate, &sin6->sin6_addr, 7105 &mask128, tproto6, dir, q.addr); 7106 break; 7107 #endif 7108 default: 7109 continue; 7110 } 7111 if (b) 7112 gen_or(b, tmp); 7113 b = tmp; 7114 } 7115 cstate->ai = NULL; 7116 freeaddrinfo(res0); 7117 if (b == NULL) { 7118 bpf_error(cstate, "unknown host '%s'%s", name, 7119 (proto == Q_DEFAULT) 7120 ? "" 7121 : " for specified address family"); 7122 } 7123 return b; 7124 } 7125 7126 case Q_PORT: 7127 if (proto != Q_DEFAULT && 7128 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 7129 bpf_error(cstate, "illegal qualifier of 'port'"); 7130 if (pcap_nametoport(name, &port, &real_proto) == 0) 7131 bpf_error(cstate, "unknown port '%s'", name); 7132 if (proto == Q_UDP) { 7133 if (real_proto == IPPROTO_TCP) 7134 bpf_error(cstate, "port '%s' is tcp", name); 7135 else if (real_proto == IPPROTO_SCTP) 7136 bpf_error(cstate, "port '%s' is sctp", name); 7137 else 7138 /* override PROTO_UNDEF */ 7139 real_proto = IPPROTO_UDP; 7140 } 7141 if (proto == Q_TCP) { 7142 if (real_proto == IPPROTO_UDP) 7143 bpf_error(cstate, "port '%s' is udp", name); 7144 7145 else if (real_proto == IPPROTO_SCTP) 7146 bpf_error(cstate, "port '%s' is sctp", name); 7147 else 7148 /* override PROTO_UNDEF */ 7149 real_proto = IPPROTO_TCP; 7150 } 7151 if (proto == Q_SCTP) { 7152 if (real_proto == IPPROTO_UDP) 7153 bpf_error(cstate, "port '%s' is udp", name); 7154 7155 else if (real_proto == IPPROTO_TCP) 7156 bpf_error(cstate, "port '%s' is tcp", name); 7157 else 7158 /* override PROTO_UNDEF */ 7159 real_proto = IPPROTO_SCTP; 7160 } 7161 if (port < 0) 7162 bpf_error(cstate, "illegal port number %d < 0", port); 7163 if (port > 65535) 7164 bpf_error(cstate, "illegal port number %d > 65535", port); 7165 b = gen_port(cstate, port, real_proto, dir); 7166 gen_or(gen_port6(cstate, port, real_proto, dir), b); 7167 return b; 7168 7169 case Q_PORTRANGE: 7170 if (proto != Q_DEFAULT && 7171 proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP) 7172 bpf_error(cstate, "illegal qualifier of 'portrange'"); 7173 stringtoportrange(cstate, name, &port1, &port2, &real_proto); 7174 if (proto == Q_UDP) { 7175 if (real_proto == IPPROTO_TCP) 7176 bpf_error(cstate, "port in range '%s' is tcp", name); 7177 else if (real_proto == IPPROTO_SCTP) 7178 bpf_error(cstate, "port in range '%s' is sctp", name); 7179 else 7180 /* override PROTO_UNDEF */ 7181 real_proto = IPPROTO_UDP; 7182 } 7183 if (proto == Q_TCP) { 7184 if (real_proto == IPPROTO_UDP) 7185 bpf_error(cstate, "port in range '%s' is udp", name); 7186 else if (real_proto == IPPROTO_SCTP) 7187 bpf_error(cstate, "port in range '%s' is sctp", name); 7188 else 7189 /* override PROTO_UNDEF */ 7190 real_proto = IPPROTO_TCP; 7191 } 7192 if (proto == Q_SCTP) { 7193 if (real_proto == IPPROTO_UDP) 7194 bpf_error(cstate, "port in range '%s' is udp", name); 7195 else if (real_proto == IPPROTO_TCP) 7196 bpf_error(cstate, "port in range '%s' is tcp", name); 7197 else 7198 /* override PROTO_UNDEF */ 7199 real_proto = IPPROTO_SCTP; 7200 } 7201 if (port1 > 65535) 7202 bpf_error(cstate, "illegal port number %d > 65535", port1); 7203 if (port2 > 65535) 7204 bpf_error(cstate, "illegal port number %d > 65535", port2); 7205 7206 b = gen_portrange(cstate, port1, port2, real_proto, dir); 7207 gen_or(gen_portrange6(cstate, port1, port2, real_proto, dir), b); 7208 return b; 7209 7210 case Q_GATEWAY: 7211 #ifndef INET6 7212 eaddr = pcap_ether_hostton(name); 7213 if (eaddr == NULL) 7214 bpf_error(cstate, "unknown ether host: %s", name); 7215 7216 res = pcap_nametoaddrinfo(name); 7217 cstate->ai = res; 7218 if (res == NULL) 7219 bpf_error(cstate, "unknown host '%s'", name); 7220 b = gen_gateway(cstate, eaddr, res, proto, dir); 7221 cstate->ai = NULL; 7222 freeaddrinfo(res); 7223 if (b == NULL) 7224 bpf_error(cstate, "unknown host '%s'", name); 7225 return b; 7226 #else 7227 bpf_error(cstate, "'gateway' not supported in this configuration"); 7228 #endif /*INET6*/ 7229 7230 case Q_PROTO: 7231 real_proto = lookup_proto(cstate, name, proto); 7232 if (real_proto >= 0) 7233 return gen_proto(cstate, real_proto, proto, dir); 7234 else 7235 bpf_error(cstate, "unknown protocol: %s", name); 7236 7237 #if !defined(NO_PROTOCHAIN) 7238 case Q_PROTOCHAIN: 7239 real_proto = lookup_proto(cstate, name, proto); 7240 if (real_proto >= 0) 7241 return gen_protochain(cstate, real_proto, proto); 7242 else 7243 bpf_error(cstate, "unknown protocol: %s", name); 7244 #endif /* !defined(NO_PROTOCHAIN) */ 7245 7246 case Q_UNDEF: 7247 syntax(cstate); 7248 /*NOTREACHED*/ 7249 } 7250 abort(); 7251 /*NOTREACHED*/ 7252 } 7253 7254 struct block * 7255 gen_mcode(compiler_state_t *cstate, const char *s1, const char *s2, 7256 bpf_u_int32 masklen, struct qual q) 7257 { 7258 register int nlen, mlen; 7259 bpf_u_int32 n, m; 7260 7261 /* 7262 * Catch errors reported by us and routines below us, and return NULL 7263 * on an error. 7264 */ 7265 if (setjmp(cstate->top_ctx)) 7266 return (NULL); 7267 7268 nlen = __pcap_atoin(s1, &n); 7269 if (nlen < 0) 7270 bpf_error(cstate, "invalid IPv4 address '%s'", s1); 7271 /* Promote short ipaddr */ 7272 n <<= 32 - nlen; 7273 7274 if (s2 != NULL) { 7275 mlen = __pcap_atoin(s2, &m); 7276 if (mlen < 0) 7277 bpf_error(cstate, "invalid IPv4 address '%s'", s2); 7278 /* Promote short ipaddr */ 7279 m <<= 32 - mlen; 7280 if ((n & ~m) != 0) 7281 bpf_error(cstate, "non-network bits set in \"%s mask %s\"", 7282 s1, s2); 7283 } else { 7284 /* Convert mask len to mask */ 7285 if (masklen > 32) 7286 bpf_error(cstate, "mask length must be <= 32"); 7287 if (masklen == 0) { 7288 /* 7289 * X << 32 is not guaranteed by C to be 0; it's 7290 * undefined. 7291 */ 7292 m = 0; 7293 } else 7294 m = 0xffffffff << (32 - masklen); 7295 if ((n & ~m) != 0) 7296 bpf_error(cstate, "non-network bits set in \"%s/%d\"", 7297 s1, masklen); 7298 } 7299 7300 switch (q.addr) { 7301 7302 case Q_NET: 7303 return gen_host(cstate, n, m, q.proto, q.dir, q.addr); 7304 7305 default: 7306 bpf_error(cstate, "Mask syntax for networks only"); 7307 /*NOTREACHED*/ 7308 } 7309 /*NOTREACHED*/ 7310 } 7311 7312 struct block * 7313 gen_ncode(compiler_state_t *cstate, const char *s, bpf_u_int32 v, struct qual q) 7314 { 7315 bpf_u_int32 mask; 7316 int proto; 7317 int dir; 7318 register int vlen; 7319 7320 /* 7321 * Catch errors reported by us and routines below us, and return NULL 7322 * on an error. 7323 */ 7324 if (setjmp(cstate->top_ctx)) 7325 return (NULL); 7326 7327 proto = q.proto; 7328 dir = q.dir; 7329 if (s == NULL) 7330 vlen = 32; 7331 else if (q.proto == Q_DECNET) { 7332 vlen = __pcap_atodn(s, &v); 7333 if (vlen == 0) 7334 bpf_error(cstate, "malformed decnet address '%s'", s); 7335 } else { 7336 vlen = __pcap_atoin(s, &v); 7337 if (vlen < 0) 7338 bpf_error(cstate, "invalid IPv4 address '%s'", s); 7339 } 7340 7341 switch (q.addr) { 7342 7343 case Q_DEFAULT: 7344 case Q_HOST: 7345 case Q_NET: 7346 if (proto == Q_DECNET) 7347 return gen_host(cstate, v, 0, proto, dir, q.addr); 7348 else if (proto == Q_LINK) { 7349 bpf_error(cstate, "illegal link layer address"); 7350 } else { 7351 mask = 0xffffffff; 7352 if (s == NULL && q.addr == Q_NET) { 7353 /* Promote short net number */ 7354 while (v && (v & 0xff000000) == 0) { 7355 v <<= 8; 7356 mask <<= 8; 7357 } 7358 } else { 7359 /* Promote short ipaddr */ 7360 v <<= 32 - vlen; 7361 mask <<= 32 - vlen ; 7362 } 7363 return gen_host(cstate, v, mask, proto, dir, q.addr); 7364 } 7365 7366 case Q_PORT: 7367 if (proto == Q_UDP) 7368 proto = IPPROTO_UDP; 7369 else if (proto == Q_TCP) 7370 proto = IPPROTO_TCP; 7371 else if (proto == Q_SCTP) 7372 proto = IPPROTO_SCTP; 7373 else if (proto == Q_DEFAULT) 7374 proto = PROTO_UNDEF; 7375 else 7376 bpf_error(cstate, "illegal qualifier of 'port'"); 7377 7378 if (v > 65535) 7379 bpf_error(cstate, "illegal port number %u > 65535", v); 7380 7381 { 7382 struct block *b; 7383 b = gen_port(cstate, v, proto, dir); 7384 gen_or(gen_port6(cstate, v, proto, dir), b); 7385 return b; 7386 } 7387 7388 case Q_PORTRANGE: 7389 if (proto == Q_UDP) 7390 proto = IPPROTO_UDP; 7391 else if (proto == Q_TCP) 7392 proto = IPPROTO_TCP; 7393 else if (proto == Q_SCTP) 7394 proto = IPPROTO_SCTP; 7395 else if (proto == Q_DEFAULT) 7396 proto = PROTO_UNDEF; 7397 else 7398 bpf_error(cstate, "illegal qualifier of 'portrange'"); 7399 7400 if (v > 65535) 7401 bpf_error(cstate, "illegal port number %u > 65535", v); 7402 7403 { 7404 struct block *b; 7405 b = gen_portrange(cstate, v, v, proto, dir); 7406 gen_or(gen_portrange6(cstate, v, v, proto, dir), b); 7407 return b; 7408 } 7409 7410 case Q_GATEWAY: 7411 bpf_error(cstate, "'gateway' requires a name"); 7412 /*NOTREACHED*/ 7413 7414 case Q_PROTO: 7415 return gen_proto(cstate, v, proto, dir); 7416 7417 #if !defined(NO_PROTOCHAIN) 7418 case Q_PROTOCHAIN: 7419 return gen_protochain(cstate, v, proto); 7420 #endif 7421 7422 case Q_UNDEF: 7423 syntax(cstate); 7424 /*NOTREACHED*/ 7425 7426 default: 7427 abort(); 7428 /*NOTREACHED*/ 7429 } 7430 /*NOTREACHED*/ 7431 } 7432 7433 #ifdef INET6 7434 struct block * 7435 gen_mcode6(compiler_state_t *cstate, const char *s, bpf_u_int32 masklen, 7436 struct qual q) 7437 { 7438 struct addrinfo *res; 7439 struct in6_addr *addr; 7440 struct in6_addr mask; 7441 struct block *b; 7442 bpf_u_int32 a[4], m[4]; /* Same as in gen_hostop6(). */ 7443 7444 /* 7445 * Catch errors reported by us and routines below us, and return NULL 7446 * on an error. 7447 */ 7448 if (setjmp(cstate->top_ctx)) 7449 return (NULL); 7450 7451 res = pcap_nametoaddrinfo(s); 7452 if (!res) 7453 bpf_error(cstate, "invalid ip6 address %s", s); 7454 cstate->ai = res; 7455 if (res->ai_next) 7456 bpf_error(cstate, "%s resolved to multiple address", s); 7457 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 7458 7459 if (masklen > sizeof(mask.s6_addr) * 8) 7460 bpf_error(cstate, "mask length must be <= %zu", sizeof(mask.s6_addr) * 8); 7461 memset(&mask, 0, sizeof(mask)); 7462 memset(&mask.s6_addr, 0xff, masklen / 8); 7463 if (masklen % 8) { 7464 mask.s6_addr[masklen / 8] = 7465 (0xff << (8 - masklen % 8)) & 0xff; 7466 } 7467 7468 memcpy(a, addr, sizeof(a)); 7469 memcpy(m, &mask, sizeof(m)); 7470 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 7471 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 7472 bpf_error(cstate, "non-network bits set in \"%s/%d\"", s, masklen); 7473 } 7474 7475 switch (q.addr) { 7476 7477 case Q_DEFAULT: 7478 case Q_HOST: 7479 if (masklen != 128) 7480 bpf_error(cstate, "Mask syntax for networks only"); 7481 /* FALLTHROUGH */ 7482 7483 case Q_NET: 7484 b = gen_host6(cstate, addr, &mask, q.proto, q.dir, q.addr); 7485 cstate->ai = NULL; 7486 freeaddrinfo(res); 7487 return b; 7488 7489 default: 7490 bpf_error(cstate, "invalid qualifier against IPv6 address"); 7491 /*NOTREACHED*/ 7492 } 7493 } 7494 #endif /*INET6*/ 7495 7496 struct block * 7497 gen_ecode(compiler_state_t *cstate, const char *s, struct qual q) 7498 { 7499 struct block *b, *tmp; 7500 7501 /* 7502 * Catch errors reported by us and routines below us, and return NULL 7503 * on an error. 7504 */ 7505 if (setjmp(cstate->top_ctx)) 7506 return (NULL); 7507 7508 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 7509 cstate->e = pcap_ether_aton(s); 7510 if (cstate->e == NULL) 7511 bpf_error(cstate, "malloc"); 7512 switch (cstate->linktype) { 7513 case DLT_EN10MB: 7514 case DLT_NETANALYZER: 7515 case DLT_NETANALYZER_TRANSPARENT: 7516 tmp = gen_prevlinkhdr_check(cstate); 7517 b = gen_ehostop(cstate, cstate->e, (int)q.dir); 7518 if (tmp != NULL) 7519 gen_and(tmp, b); 7520 break; 7521 case DLT_FDDI: 7522 b = gen_fhostop(cstate, cstate->e, (int)q.dir); 7523 break; 7524 case DLT_IEEE802: 7525 b = gen_thostop(cstate, cstate->e, (int)q.dir); 7526 break; 7527 case DLT_IEEE802_11: 7528 case DLT_PRISM_HEADER: 7529 case DLT_IEEE802_11_RADIO_AVS: 7530 case DLT_IEEE802_11_RADIO: 7531 case DLT_PPI: 7532 b = gen_wlanhostop(cstate, cstate->e, (int)q.dir); 7533 break; 7534 case DLT_IP_OVER_FC: 7535 b = gen_ipfchostop(cstate, cstate->e, (int)q.dir); 7536 break; 7537 default: 7538 free(cstate->e); 7539 cstate->e = NULL; 7540 bpf_error(cstate, "ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel"); 7541 /*NOTREACHED*/ 7542 } 7543 free(cstate->e); 7544 cstate->e = NULL; 7545 return (b); 7546 } 7547 bpf_error(cstate, "ethernet address used in non-ether expression"); 7548 /*NOTREACHED*/ 7549 } 7550 7551 void 7552 sappend(struct slist *s0, struct slist *s1) 7553 { 7554 /* 7555 * This is definitely not the best way to do this, but the 7556 * lists will rarely get long. 7557 */ 7558 while (s0->next) 7559 s0 = s0->next; 7560 s0->next = s1; 7561 } 7562 7563 static struct slist * 7564 xfer_to_x(compiler_state_t *cstate, struct arth *a) 7565 { 7566 struct slist *s; 7567 7568 s = new_stmt(cstate, BPF_LDX|BPF_MEM); 7569 s->s.k = a->regno; 7570 return s; 7571 } 7572 7573 static struct slist * 7574 xfer_to_a(compiler_state_t *cstate, struct arth *a) 7575 { 7576 struct slist *s; 7577 7578 s = new_stmt(cstate, BPF_LD|BPF_MEM); 7579 s->s.k = a->regno; 7580 return s; 7581 } 7582 7583 /* 7584 * Modify "index" to use the value stored into its register as an 7585 * offset relative to the beginning of the header for the protocol 7586 * "proto", and allocate a register and put an item "size" bytes long 7587 * (1, 2, or 4) at that offset into that register, making it the register 7588 * for "index". 7589 */ 7590 static struct arth * 7591 gen_load_internal(compiler_state_t *cstate, int proto, struct arth *inst, 7592 bpf_u_int32 size) 7593 { 7594 int size_code; 7595 struct slist *s, *tmp; 7596 struct block *b; 7597 int regno = alloc_reg(cstate); 7598 7599 free_reg(cstate, inst->regno); 7600 switch (size) { 7601 7602 default: 7603 bpf_error(cstate, "data size must be 1, 2, or 4"); 7604 /*NOTREACHED*/ 7605 7606 case 1: 7607 size_code = BPF_B; 7608 break; 7609 7610 case 2: 7611 size_code = BPF_H; 7612 break; 7613 7614 case 4: 7615 size_code = BPF_W; 7616 break; 7617 } 7618 switch (proto) { 7619 default: 7620 bpf_error(cstate, "unsupported index operation"); 7621 7622 case Q_RADIO: 7623 /* 7624 * The offset is relative to the beginning of the packet 7625 * data, if we have a radio header. (If we don't, this 7626 * is an error.) 7627 */ 7628 if (cstate->linktype != DLT_IEEE802_11_RADIO_AVS && 7629 cstate->linktype != DLT_IEEE802_11_RADIO && 7630 cstate->linktype != DLT_PRISM_HEADER) 7631 bpf_error(cstate, "radio information not present in capture"); 7632 7633 /* 7634 * Load into the X register the offset computed into the 7635 * register specified by "index". 7636 */ 7637 s = xfer_to_x(cstate, inst); 7638 7639 /* 7640 * Load the item at that offset. 7641 */ 7642 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code); 7643 sappend(s, tmp); 7644 sappend(inst->s, s); 7645 break; 7646 7647 case Q_LINK: 7648 /* 7649 * The offset is relative to the beginning of 7650 * the link-layer header. 7651 * 7652 * XXX - what about ATM LANE? Should the index be 7653 * relative to the beginning of the AAL5 frame, so 7654 * that 0 refers to the beginning of the LE Control 7655 * field, or relative to the beginning of the LAN 7656 * frame, so that 0 refers, for Ethernet LANE, to 7657 * the beginning of the destination address? 7658 */ 7659 s = gen_abs_offset_varpart(cstate, &cstate->off_linkhdr); 7660 7661 /* 7662 * If "s" is non-null, it has code to arrange that the 7663 * X register contains the length of the prefix preceding 7664 * the link-layer header. Add to it the offset computed 7665 * into the register specified by "index", and move that 7666 * into the X register. Otherwise, just load into the X 7667 * register the offset computed into the register specified 7668 * by "index". 7669 */ 7670 if (s != NULL) { 7671 sappend(s, xfer_to_a(cstate, inst)); 7672 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X)); 7673 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX)); 7674 } else 7675 s = xfer_to_x(cstate, inst); 7676 7677 /* 7678 * Load the item at the sum of the offset we've put in the 7679 * X register and the offset of the start of the link 7680 * layer header (which is 0 if the radio header is 7681 * variable-length; that header length is what we put 7682 * into the X register and then added to the index). 7683 */ 7684 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code); 7685 tmp->s.k = cstate->off_linkhdr.constant_part; 7686 sappend(s, tmp); 7687 sappend(inst->s, s); 7688 break; 7689 7690 case Q_IP: 7691 case Q_ARP: 7692 case Q_RARP: 7693 case Q_ATALK: 7694 case Q_DECNET: 7695 case Q_SCA: 7696 case Q_LAT: 7697 case Q_MOPRC: 7698 case Q_MOPDL: 7699 case Q_IPV6: 7700 /* 7701 * The offset is relative to the beginning of 7702 * the network-layer header. 7703 * XXX - are there any cases where we want 7704 * cstate->off_nl_nosnap? 7705 */ 7706 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl); 7707 7708 /* 7709 * If "s" is non-null, it has code to arrange that the 7710 * X register contains the variable part of the offset 7711 * of the link-layer payload. Add to it the offset 7712 * computed into the register specified by "index", 7713 * and move that into the X register. Otherwise, just 7714 * load into the X register the offset computed into 7715 * the register specified by "index". 7716 */ 7717 if (s != NULL) { 7718 sappend(s, xfer_to_a(cstate, inst)); 7719 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X)); 7720 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX)); 7721 } else 7722 s = xfer_to_x(cstate, inst); 7723 7724 /* 7725 * Load the item at the sum of the offset we've put in the 7726 * X register, the offset of the start of the network 7727 * layer header from the beginning of the link-layer 7728 * payload, and the constant part of the offset of the 7729 * start of the link-layer payload. 7730 */ 7731 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code); 7732 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 7733 sappend(s, tmp); 7734 sappend(inst->s, s); 7735 7736 /* 7737 * Do the computation only if the packet contains 7738 * the protocol in question. 7739 */ 7740 b = gen_proto_abbrev_internal(cstate, proto); 7741 if (inst->b) 7742 gen_and(inst->b, b); 7743 inst->b = b; 7744 break; 7745 7746 case Q_SCTP: 7747 case Q_TCP: 7748 case Q_UDP: 7749 case Q_ICMP: 7750 case Q_IGMP: 7751 case Q_IGRP: 7752 case Q_PIM: 7753 case Q_VRRP: 7754 case Q_CARP: 7755 /* 7756 * The offset is relative to the beginning of 7757 * the transport-layer header. 7758 * 7759 * Load the X register with the length of the IPv4 header 7760 * (plus the offset of the link-layer header, if it's 7761 * a variable-length header), in bytes. 7762 * 7763 * XXX - are there any cases where we want 7764 * cstate->off_nl_nosnap? 7765 * XXX - we should, if we're built with 7766 * IPv6 support, generate code to load either 7767 * IPv4, IPv6, or both, as appropriate. 7768 */ 7769 s = gen_loadx_iphdrlen(cstate); 7770 7771 /* 7772 * The X register now contains the sum of the variable 7773 * part of the offset of the link-layer payload and the 7774 * length of the network-layer header. 7775 * 7776 * Load into the A register the offset relative to 7777 * the beginning of the transport layer header, 7778 * add the X register to that, move that to the 7779 * X register, and load with an offset from the 7780 * X register equal to the sum of the constant part of 7781 * the offset of the link-layer payload and the offset, 7782 * relative to the beginning of the link-layer payload, 7783 * of the network-layer header. 7784 */ 7785 sappend(s, xfer_to_a(cstate, inst)); 7786 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X)); 7787 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX)); 7788 sappend(s, tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code)); 7789 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl; 7790 sappend(inst->s, s); 7791 7792 /* 7793 * Do the computation only if the packet contains 7794 * the protocol in question - which is true only 7795 * if this is an IP datagram and is the first or 7796 * only fragment of that datagram. 7797 */ 7798 gen_and(gen_proto_abbrev_internal(cstate, proto), b = gen_ipfrag(cstate)); 7799 if (inst->b) 7800 gen_and(inst->b, b); 7801 gen_and(gen_proto_abbrev_internal(cstate, Q_IP), b); 7802 inst->b = b; 7803 break; 7804 case Q_ICMPV6: 7805 /* 7806 * Do the computation only if the packet contains 7807 * the protocol in question. 7808 */ 7809 b = gen_proto_abbrev_internal(cstate, Q_IPV6); 7810 if (inst->b) 7811 gen_and(inst->b, b); 7812 inst->b = b; 7813 7814 /* 7815 * Check if we have an icmp6 next header 7816 */ 7817 b = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, 58); 7818 if (inst->b) 7819 gen_and(inst->b, b); 7820 inst->b = b; 7821 7822 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl); 7823 /* 7824 * If "s" is non-null, it has code to arrange that the 7825 * X register contains the variable part of the offset 7826 * of the link-layer payload. Add to it the offset 7827 * computed into the register specified by "index", 7828 * and move that into the X register. Otherwise, just 7829 * load into the X register the offset computed into 7830 * the register specified by "index". 7831 */ 7832 if (s != NULL) { 7833 sappend(s, xfer_to_a(cstate, inst)); 7834 sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X)); 7835 sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX)); 7836 } else 7837 s = xfer_to_x(cstate, inst); 7838 7839 /* 7840 * Load the item at the sum of the offset we've put in the 7841 * X register, the offset of the start of the network 7842 * layer header from the beginning of the link-layer 7843 * payload, and the constant part of the offset of the 7844 * start of the link-layer payload. 7845 */ 7846 tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code); 7847 tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 40; 7848 7849 sappend(s, tmp); 7850 sappend(inst->s, s); 7851 7852 break; 7853 } 7854 inst->regno = regno; 7855 s = new_stmt(cstate, BPF_ST); 7856 s->s.k = regno; 7857 sappend(inst->s, s); 7858 7859 return inst; 7860 } 7861 7862 struct arth * 7863 gen_load(compiler_state_t *cstate, int proto, struct arth *inst, 7864 bpf_u_int32 size) 7865 { 7866 /* 7867 * Catch errors reported by us and routines below us, and return NULL 7868 * on an error. 7869 */ 7870 if (setjmp(cstate->top_ctx)) 7871 return (NULL); 7872 7873 return gen_load_internal(cstate, proto, inst, size); 7874 } 7875 7876 static struct block * 7877 gen_relation_internal(compiler_state_t *cstate, int code, struct arth *a0, 7878 struct arth *a1, int reversed) 7879 { 7880 struct slist *s0, *s1, *s2; 7881 struct block *b, *tmp; 7882 7883 s0 = xfer_to_x(cstate, a1); 7884 s1 = xfer_to_a(cstate, a0); 7885 if (code == BPF_JEQ) { 7886 s2 = new_stmt(cstate, BPF_ALU|BPF_SUB|BPF_X); 7887 b = new_block(cstate, JMP(code)); 7888 sappend(s1, s2); 7889 } 7890 else 7891 b = new_block(cstate, BPF_JMP|code|BPF_X); 7892 if (reversed) 7893 gen_not(b); 7894 7895 sappend(s0, s1); 7896 sappend(a1->s, s0); 7897 sappend(a0->s, a1->s); 7898 7899 b->stmts = a0->s; 7900 7901 free_reg(cstate, a0->regno); 7902 free_reg(cstate, a1->regno); 7903 7904 /* 'and' together protocol checks */ 7905 if (a0->b) { 7906 if (a1->b) { 7907 gen_and(a0->b, tmp = a1->b); 7908 } 7909 else 7910 tmp = a0->b; 7911 } else 7912 tmp = a1->b; 7913 7914 if (tmp) 7915 gen_and(tmp, b); 7916 7917 return b; 7918 } 7919 7920 struct block * 7921 gen_relation(compiler_state_t *cstate, int code, struct arth *a0, 7922 struct arth *a1, int reversed) 7923 { 7924 /* 7925 * Catch errors reported by us and routines below us, and return NULL 7926 * on an error. 7927 */ 7928 if (setjmp(cstate->top_ctx)) 7929 return (NULL); 7930 7931 return gen_relation_internal(cstate, code, a0, a1, reversed); 7932 } 7933 7934 struct arth * 7935 gen_loadlen(compiler_state_t *cstate) 7936 { 7937 int regno; 7938 struct arth *a; 7939 struct slist *s; 7940 7941 /* 7942 * Catch errors reported by us and routines below us, and return NULL 7943 * on an error. 7944 */ 7945 if (setjmp(cstate->top_ctx)) 7946 return (NULL); 7947 7948 regno = alloc_reg(cstate); 7949 a = (struct arth *)newchunk(cstate, sizeof(*a)); 7950 s = new_stmt(cstate, BPF_LD|BPF_LEN); 7951 s->next = new_stmt(cstate, BPF_ST); 7952 s->next->s.k = regno; 7953 a->s = s; 7954 a->regno = regno; 7955 7956 return a; 7957 } 7958 7959 static struct arth * 7960 gen_loadi_internal(compiler_state_t *cstate, bpf_u_int32 val) 7961 { 7962 struct arth *a; 7963 struct slist *s; 7964 int reg; 7965 7966 a = (struct arth *)newchunk(cstate, sizeof(*a)); 7967 7968 reg = alloc_reg(cstate); 7969 7970 s = new_stmt(cstate, BPF_LD|BPF_IMM); 7971 s->s.k = val; 7972 s->next = new_stmt(cstate, BPF_ST); 7973 s->next->s.k = reg; 7974 a->s = s; 7975 a->regno = reg; 7976 7977 return a; 7978 } 7979 7980 struct arth * 7981 gen_loadi(compiler_state_t *cstate, bpf_u_int32 val) 7982 { 7983 /* 7984 * Catch errors reported by us and routines below us, and return NULL 7985 * on an error. 7986 */ 7987 if (setjmp(cstate->top_ctx)) 7988 return (NULL); 7989 7990 return gen_loadi_internal(cstate, val); 7991 } 7992 7993 /* 7994 * The a_arg dance is to avoid annoying whining by compilers that 7995 * a might be clobbered by longjmp - yeah, it might, but *WHO CARES*? 7996 * It's not *used* after setjmp returns. 7997 */ 7998 struct arth * 7999 gen_neg(compiler_state_t *cstate, struct arth *a_arg) 8000 { 8001 struct arth * volatile a = a_arg; 8002 struct slist *s; 8003 8004 /* 8005 * Catch errors reported by us and routines below us, and return NULL 8006 * on an error. 8007 */ 8008 if (setjmp(cstate->top_ctx)) 8009 return (NULL); 8010 8011 s = xfer_to_a(cstate, a); 8012 sappend(a->s, s); 8013 s = new_stmt(cstate, BPF_ALU|BPF_NEG); 8014 s->s.k = 0; 8015 sappend(a->s, s); 8016 s = new_stmt(cstate, BPF_ST); 8017 s->s.k = a->regno; 8018 sappend(a->s, s); 8019 8020 return a; 8021 } 8022 8023 /* 8024 * The a0_arg dance is to avoid annoying whining by compilers that 8025 * a0 might be clobbered by longjmp - yeah, it might, but *WHO CARES*? 8026 * It's not *used* after setjmp returns. 8027 */ 8028 struct arth * 8029 gen_arth(compiler_state_t *cstate, int code, struct arth *a0_arg, 8030 struct arth *a1) 8031 { 8032 struct arth * volatile a0 = a0_arg; 8033 struct slist *s0, *s1, *s2; 8034 8035 /* 8036 * Catch errors reported by us and routines below us, and return NULL 8037 * on an error. 8038 */ 8039 if (setjmp(cstate->top_ctx)) 8040 return (NULL); 8041 8042 /* 8043 * Disallow division by, or modulus by, zero; we do this here 8044 * so that it gets done even if the optimizer is disabled. 8045 * 8046 * Also disallow shifts by a value greater than 31; we do this 8047 * here, for the same reason. 8048 */ 8049 if (code == BPF_DIV) { 8050 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k == 0) 8051 bpf_error(cstate, "division by zero"); 8052 } else if (code == BPF_MOD) { 8053 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k == 0) 8054 bpf_error(cstate, "modulus by zero"); 8055 } else if (code == BPF_LSH || code == BPF_RSH) { 8056 if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k > 31) 8057 bpf_error(cstate, "shift by more than 31 bits"); 8058 } 8059 s0 = xfer_to_x(cstate, a1); 8060 s1 = xfer_to_a(cstate, a0); 8061 s2 = new_stmt(cstate, BPF_ALU|BPF_X|code); 8062 8063 sappend(s1, s2); 8064 sappend(s0, s1); 8065 sappend(a1->s, s0); 8066 sappend(a0->s, a1->s); 8067 8068 free_reg(cstate, a0->regno); 8069 free_reg(cstate, a1->regno); 8070 8071 s0 = new_stmt(cstate, BPF_ST); 8072 a0->regno = s0->s.k = alloc_reg(cstate); 8073 sappend(a0->s, s0); 8074 8075 return a0; 8076 } 8077 8078 /* 8079 * Initialize the table of used registers and the current register. 8080 */ 8081 static void 8082 init_regs(compiler_state_t *cstate) 8083 { 8084 cstate->curreg = 0; 8085 memset(cstate->regused, 0, sizeof cstate->regused); 8086 } 8087 8088 /* 8089 * Return the next free register. 8090 */ 8091 static int 8092 alloc_reg(compiler_state_t *cstate) 8093 { 8094 int n = BPF_MEMWORDS; 8095 8096 while (--n >= 0) { 8097 if (cstate->regused[cstate->curreg]) 8098 cstate->curreg = (cstate->curreg + 1) % BPF_MEMWORDS; 8099 else { 8100 cstate->regused[cstate->curreg] = 1; 8101 return cstate->curreg; 8102 } 8103 } 8104 bpf_error(cstate, "too many registers needed to evaluate expression"); 8105 /*NOTREACHED*/ 8106 } 8107 8108 /* 8109 * Return a register to the table so it can 8110 * be used later. 8111 */ 8112 static void 8113 free_reg(compiler_state_t *cstate, int n) 8114 { 8115 cstate->regused[n] = 0; 8116 } 8117 8118 static struct block * 8119 gen_len(compiler_state_t *cstate, int jmp, int n) 8120 { 8121 struct slist *s; 8122 struct block *b; 8123 8124 s = new_stmt(cstate, BPF_LD|BPF_LEN); 8125 b = new_block(cstate, JMP(jmp)); 8126 b->stmts = s; 8127 b->s.k = n; 8128 8129 return b; 8130 } 8131 8132 struct block * 8133 gen_greater(compiler_state_t *cstate, int n) 8134 { 8135 /* 8136 * Catch errors reported by us and routines below us, and return NULL 8137 * on an error. 8138 */ 8139 if (setjmp(cstate->top_ctx)) 8140 return (NULL); 8141 8142 return gen_len(cstate, BPF_JGE, n); 8143 } 8144 8145 /* 8146 * Actually, this is less than or equal. 8147 */ 8148 struct block * 8149 gen_less(compiler_state_t *cstate, int n) 8150 { 8151 struct block *b; 8152 8153 /* 8154 * Catch errors reported by us and routines below us, and return NULL 8155 * on an error. 8156 */ 8157 if (setjmp(cstate->top_ctx)) 8158 return (NULL); 8159 8160 b = gen_len(cstate, BPF_JGT, n); 8161 gen_not(b); 8162 8163 return b; 8164 } 8165 8166 /* 8167 * This is for "byte {idx} {op} {val}"; "idx" is treated as relative to 8168 * the beginning of the link-layer header. 8169 * XXX - that means you can't test values in the radiotap header, but 8170 * as that header is difficult if not impossible to parse generally 8171 * without a loop, that might not be a severe problem. A new keyword 8172 * "radio" could be added for that, although what you'd really want 8173 * would be a way of testing particular radio header values, which 8174 * would generate code appropriate to the radio header in question. 8175 */ 8176 struct block * 8177 gen_byteop(compiler_state_t *cstate, int op, int idx, bpf_u_int32 val) 8178 { 8179 struct block *b; 8180 struct slist *s; 8181 8182 /* 8183 * Catch errors reported by us and routines below us, and return NULL 8184 * on an error. 8185 */ 8186 if (setjmp(cstate->top_ctx)) 8187 return (NULL); 8188 8189 switch (op) { 8190 default: 8191 abort(); 8192 8193 case '=': 8194 return gen_cmp(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val); 8195 8196 case '<': 8197 b = gen_cmp_lt(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val); 8198 return b; 8199 8200 case '>': 8201 b = gen_cmp_gt(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val); 8202 return b; 8203 8204 case '|': 8205 s = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_K); 8206 break; 8207 8208 case '&': 8209 s = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 8210 break; 8211 } 8212 s->s.k = val; 8213 b = new_block(cstate, JMP(BPF_JEQ)); 8214 b->stmts = s; 8215 gen_not(b); 8216 8217 return b; 8218 } 8219 8220 static const u_char abroadcast[] = { 0x0 }; 8221 8222 struct block * 8223 gen_broadcast(compiler_state_t *cstate, int proto) 8224 { 8225 bpf_u_int32 hostmask; 8226 struct block *b0, *b1, *b2; 8227 static const u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 8228 8229 /* 8230 * Catch errors reported by us and routines below us, and return NULL 8231 * on an error. 8232 */ 8233 if (setjmp(cstate->top_ctx)) 8234 return (NULL); 8235 8236 switch (proto) { 8237 8238 case Q_DEFAULT: 8239 case Q_LINK: 8240 switch (cstate->linktype) { 8241 case DLT_ARCNET: 8242 case DLT_ARCNET_LINUX: 8243 return gen_ahostop(cstate, abroadcast, Q_DST); 8244 case DLT_EN10MB: 8245 case DLT_NETANALYZER: 8246 case DLT_NETANALYZER_TRANSPARENT: 8247 b1 = gen_prevlinkhdr_check(cstate); 8248 b0 = gen_ehostop(cstate, ebroadcast, Q_DST); 8249 if (b1 != NULL) 8250 gen_and(b1, b0); 8251 return b0; 8252 case DLT_FDDI: 8253 return gen_fhostop(cstate, ebroadcast, Q_DST); 8254 case DLT_IEEE802: 8255 return gen_thostop(cstate, ebroadcast, Q_DST); 8256 case DLT_IEEE802_11: 8257 case DLT_PRISM_HEADER: 8258 case DLT_IEEE802_11_RADIO_AVS: 8259 case DLT_IEEE802_11_RADIO: 8260 case DLT_PPI: 8261 return gen_wlanhostop(cstate, ebroadcast, Q_DST); 8262 case DLT_IP_OVER_FC: 8263 return gen_ipfchostop(cstate, ebroadcast, Q_DST); 8264 default: 8265 bpf_error(cstate, "not a broadcast link"); 8266 } 8267 /*NOTREACHED*/ 8268 8269 case Q_IP: 8270 /* 8271 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff) 8272 * as an indication that we don't know the netmask, and fail 8273 * in that case. 8274 */ 8275 if (cstate->netmask == PCAP_NETMASK_UNKNOWN) 8276 bpf_error(cstate, "netmask not known, so 'ip broadcast' not supported"); 8277 b0 = gen_linktype(cstate, ETHERTYPE_IP); 8278 hostmask = ~cstate->netmask; 8279 b1 = gen_mcmp(cstate, OR_LINKPL, 16, BPF_W, 0, hostmask); 8280 b2 = gen_mcmp(cstate, OR_LINKPL, 16, BPF_W, 8281 ~0 & hostmask, hostmask); 8282 gen_or(b1, b2); 8283 gen_and(b0, b2); 8284 return b2; 8285 } 8286 bpf_error(cstate, "only link-layer/IP broadcast filters supported"); 8287 /*NOTREACHED*/ 8288 } 8289 8290 /* 8291 * Generate code to test the low-order bit of a MAC address (that's 8292 * the bottom bit of the *first* byte). 8293 */ 8294 static struct block * 8295 gen_mac_multicast(compiler_state_t *cstate, int offset) 8296 { 8297 register struct block *b0; 8298 register struct slist *s; 8299 8300 /* link[offset] & 1 != 0 */ 8301 s = gen_load_a(cstate, OR_LINKHDR, offset, BPF_B); 8302 b0 = new_block(cstate, JMP(BPF_JSET)); 8303 b0->s.k = 1; 8304 b0->stmts = s; 8305 return b0; 8306 } 8307 8308 struct block * 8309 gen_multicast(compiler_state_t *cstate, int proto) 8310 { 8311 register struct block *b0, *b1, *b2; 8312 register struct slist *s; 8313 8314 /* 8315 * Catch errors reported by us and routines below us, and return NULL 8316 * on an error. 8317 */ 8318 if (setjmp(cstate->top_ctx)) 8319 return (NULL); 8320 8321 switch (proto) { 8322 8323 case Q_DEFAULT: 8324 case Q_LINK: 8325 switch (cstate->linktype) { 8326 case DLT_ARCNET: 8327 case DLT_ARCNET_LINUX: 8328 /* all ARCnet multicasts use the same address */ 8329 return gen_ahostop(cstate, abroadcast, Q_DST); 8330 case DLT_EN10MB: 8331 case DLT_NETANALYZER: 8332 case DLT_NETANALYZER_TRANSPARENT: 8333 b1 = gen_prevlinkhdr_check(cstate); 8334 /* ether[0] & 1 != 0 */ 8335 b0 = gen_mac_multicast(cstate, 0); 8336 if (b1 != NULL) 8337 gen_and(b1, b0); 8338 return b0; 8339 case DLT_FDDI: 8340 /* 8341 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX 8342 * 8343 * XXX - was that referring to bit-order issues? 8344 */ 8345 /* fddi[1] & 1 != 0 */ 8346 return gen_mac_multicast(cstate, 1); 8347 case DLT_IEEE802: 8348 /* tr[2] & 1 != 0 */ 8349 return gen_mac_multicast(cstate, 2); 8350 case DLT_IEEE802_11: 8351 case DLT_PRISM_HEADER: 8352 case DLT_IEEE802_11_RADIO_AVS: 8353 case DLT_IEEE802_11_RADIO: 8354 case DLT_PPI: 8355 /* 8356 * Oh, yuk. 8357 * 8358 * For control frames, there is no DA. 8359 * 8360 * For management frames, DA is at an 8361 * offset of 4 from the beginning of 8362 * the packet. 8363 * 8364 * For data frames, DA is at an offset 8365 * of 4 from the beginning of the packet 8366 * if To DS is clear and at an offset of 8367 * 16 from the beginning of the packet 8368 * if To DS is set. 8369 */ 8370 8371 /* 8372 * Generate the tests to be done for data frames. 8373 * 8374 * First, check for To DS set, i.e. "link[1] & 0x01". 8375 */ 8376 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 8377 b1 = new_block(cstate, JMP(BPF_JSET)); 8378 b1->s.k = 0x01; /* To DS */ 8379 b1->stmts = s; 8380 8381 /* 8382 * If To DS is set, the DA is at 16. 8383 */ 8384 b0 = gen_mac_multicast(cstate, 16); 8385 gen_and(b1, b0); 8386 8387 /* 8388 * Now, check for To DS not set, i.e. check 8389 * "!(link[1] & 0x01)". 8390 */ 8391 s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B); 8392 b2 = new_block(cstate, JMP(BPF_JSET)); 8393 b2->s.k = 0x01; /* To DS */ 8394 b2->stmts = s; 8395 gen_not(b2); 8396 8397 /* 8398 * If To DS is not set, the DA is at 4. 8399 */ 8400 b1 = gen_mac_multicast(cstate, 4); 8401 gen_and(b2, b1); 8402 8403 /* 8404 * Now OR together the last two checks. That gives 8405 * the complete set of checks for data frames. 8406 */ 8407 gen_or(b1, b0); 8408 8409 /* 8410 * Now check for a data frame. 8411 * I.e, check "link[0] & 0x08". 8412 */ 8413 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 8414 b1 = new_block(cstate, JMP(BPF_JSET)); 8415 b1->s.k = 0x08; 8416 b1->stmts = s; 8417 8418 /* 8419 * AND that with the checks done for data frames. 8420 */ 8421 gen_and(b1, b0); 8422 8423 /* 8424 * If the high-order bit of the type value is 0, this 8425 * is a management frame. 8426 * I.e, check "!(link[0] & 0x08)". 8427 */ 8428 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 8429 b2 = new_block(cstate, JMP(BPF_JSET)); 8430 b2->s.k = 0x08; 8431 b2->stmts = s; 8432 gen_not(b2); 8433 8434 /* 8435 * For management frames, the DA is at 4. 8436 */ 8437 b1 = gen_mac_multicast(cstate, 4); 8438 gen_and(b2, b1); 8439 8440 /* 8441 * OR that with the checks done for data frames. 8442 * That gives the checks done for management and 8443 * data frames. 8444 */ 8445 gen_or(b1, b0); 8446 8447 /* 8448 * If the low-order bit of the type value is 1, 8449 * this is either a control frame or a frame 8450 * with a reserved type, and thus not a 8451 * frame with an SA. 8452 * 8453 * I.e., check "!(link[0] & 0x04)". 8454 */ 8455 s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B); 8456 b1 = new_block(cstate, JMP(BPF_JSET)); 8457 b1->s.k = 0x04; 8458 b1->stmts = s; 8459 gen_not(b1); 8460 8461 /* 8462 * AND that with the checks for data and management 8463 * frames. 8464 */ 8465 gen_and(b1, b0); 8466 return b0; 8467 case DLT_IP_OVER_FC: 8468 b0 = gen_mac_multicast(cstate, 2); 8469 return b0; 8470 default: 8471 break; 8472 } 8473 /* Link not known to support multicasts */ 8474 break; 8475 8476 case Q_IP: 8477 b0 = gen_linktype(cstate, ETHERTYPE_IP); 8478 b1 = gen_cmp_ge(cstate, OR_LINKPL, 16, BPF_B, 224); 8479 gen_and(b0, b1); 8480 return b1; 8481 8482 case Q_IPV6: 8483 b0 = gen_linktype(cstate, ETHERTYPE_IPV6); 8484 b1 = gen_cmp(cstate, OR_LINKPL, 24, BPF_B, 255); 8485 gen_and(b0, b1); 8486 return b1; 8487 } 8488 bpf_error(cstate, "link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); 8489 /*NOTREACHED*/ 8490 } 8491 8492 struct block * 8493 gen_ifindex(compiler_state_t *cstate, int ifindex) 8494 { 8495 register struct block *b0; 8496 8497 /* 8498 * Catch errors reported by us and routines below us, and return NULL 8499 * on an error. 8500 */ 8501 if (setjmp(cstate->top_ctx)) 8502 return (NULL); 8503 8504 /* 8505 * Only some data link types support ifindex qualifiers. 8506 */ 8507 switch (cstate->linktype) { 8508 case DLT_LINUX_SLL2: 8509 /* match packets on this interface */ 8510 b0 = gen_cmp(cstate, OR_LINKHDR, 4, BPF_W, ifindex); 8511 break; 8512 default: 8513 #if defined(__linux__) 8514 /* 8515 * This is Linux; we require PF_PACKET support. 8516 * If this is a *live* capture, we can look at 8517 * special meta-data in the filter expression; 8518 * if it's a savefile, we can't. 8519 */ 8520 if (cstate->bpf_pcap->rfile != NULL) { 8521 /* We have a FILE *, so this is a savefile */ 8522 bpf_error(cstate, "ifindex not supported on %s when reading savefiles", 8523 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 8524 /*NOTREACHED*/ 8525 } 8526 /* match ifindex */ 8527 b0 = gen_cmp(cstate, OR_LINKHDR, SKF_AD_OFF + SKF_AD_IFINDEX, BPF_W, 8528 ifindex); 8529 #else /* defined(__linux__) */ 8530 bpf_error(cstate, "ifindex not supported on %s", 8531 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 8532 /*NOTREACHED*/ 8533 #endif /* defined(__linux__) */ 8534 } 8535 return (b0); 8536 } 8537 8538 /* 8539 * Filter on inbound (dir == 0) or outbound (dir == 1) traffic. 8540 * Outbound traffic is sent by this machine, while inbound traffic is 8541 * sent by a remote machine (and may include packets destined for a 8542 * unicast or multicast link-layer address we are not subscribing to). 8543 * These are the same definitions implemented by pcap_setdirection(). 8544 * Capturing only unicast traffic destined for this host is probably 8545 * better accomplished using a higher-layer filter. 8546 */ 8547 struct block * 8548 gen_inbound(compiler_state_t *cstate, int dir) 8549 { 8550 register struct block *b0; 8551 8552 /* 8553 * Catch errors reported by us and routines below us, and return NULL 8554 * on an error. 8555 */ 8556 if (setjmp(cstate->top_ctx)) 8557 return (NULL); 8558 8559 /* 8560 * Only some data link types support inbound/outbound qualifiers. 8561 */ 8562 switch (cstate->linktype) { 8563 case DLT_SLIP: 8564 b0 = gen_relation_internal(cstate, BPF_JEQ, 8565 gen_load_internal(cstate, Q_LINK, gen_loadi_internal(cstate, 0), 1), 8566 gen_loadi_internal(cstate, 0), 8567 dir); 8568 break; 8569 8570 case DLT_IPNET: 8571 if (dir) { 8572 /* match outgoing packets */ 8573 b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, IPNET_OUTBOUND); 8574 } else { 8575 /* match incoming packets */ 8576 b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, IPNET_INBOUND); 8577 } 8578 break; 8579 8580 case DLT_LINUX_SLL: 8581 /* match outgoing packets */ 8582 b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_H, LINUX_SLL_OUTGOING); 8583 if (!dir) { 8584 /* to filter on inbound traffic, invert the match */ 8585 gen_not(b0); 8586 } 8587 break; 8588 8589 case DLT_LINUX_SLL2: 8590 /* match outgoing packets */ 8591 b0 = gen_cmp(cstate, OR_LINKHDR, 10, BPF_B, LINUX_SLL_OUTGOING); 8592 if (!dir) { 8593 /* to filter on inbound traffic, invert the match */ 8594 gen_not(b0); 8595 } 8596 break; 8597 8598 case DLT_PFLOG: 8599 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, dir), BPF_B, 8600 ((dir == 0) ? PF_IN : PF_OUT)); 8601 break; 8602 8603 case DLT_PPP_PPPD: 8604 if (dir) { 8605 /* match outgoing packets */ 8606 b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_B, PPP_PPPD_OUT); 8607 } else { 8608 /* match incoming packets */ 8609 b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_B, PPP_PPPD_IN); 8610 } 8611 break; 8612 8613 case DLT_JUNIPER_MFR: 8614 case DLT_JUNIPER_MLFR: 8615 case DLT_JUNIPER_MLPPP: 8616 case DLT_JUNIPER_ATM1: 8617 case DLT_JUNIPER_ATM2: 8618 case DLT_JUNIPER_PPPOE: 8619 case DLT_JUNIPER_PPPOE_ATM: 8620 case DLT_JUNIPER_GGSN: 8621 case DLT_JUNIPER_ES: 8622 case DLT_JUNIPER_MONITOR: 8623 case DLT_JUNIPER_SERVICES: 8624 case DLT_JUNIPER_ETHER: 8625 case DLT_JUNIPER_PPP: 8626 case DLT_JUNIPER_FRELAY: 8627 case DLT_JUNIPER_CHDLC: 8628 case DLT_JUNIPER_VP: 8629 case DLT_JUNIPER_ST: 8630 case DLT_JUNIPER_ISM: 8631 case DLT_JUNIPER_VS: 8632 case DLT_JUNIPER_SRX_E2E: 8633 case DLT_JUNIPER_FIBRECHANNEL: 8634 case DLT_JUNIPER_ATM_CEMIC: 8635 8636 /* juniper flags (including direction) are stored 8637 * the byte after the 3-byte magic number */ 8638 if (dir) { 8639 /* match outgoing packets */ 8640 b0 = gen_mcmp(cstate, OR_LINKHDR, 3, BPF_B, 0, 0x01); 8641 } else { 8642 /* match incoming packets */ 8643 b0 = gen_mcmp(cstate, OR_LINKHDR, 3, BPF_B, 1, 0x01); 8644 } 8645 break; 8646 8647 default: 8648 /* 8649 * If we have packet meta-data indicating a direction, 8650 * and that metadata can be checked by BPF code, check 8651 * it. Otherwise, give up, as this link-layer type has 8652 * nothing in the packet data. 8653 * 8654 * Currently, the only platform where a BPF filter can 8655 * check that metadata is Linux with the in-kernel 8656 * BPF interpreter. If other packet capture mechanisms 8657 * and BPF filters also supported this, it would be 8658 * nice. It would be even better if they made that 8659 * metadata available so that we could provide it 8660 * with newer capture APIs, allowing it to be saved 8661 * in pcapng files. 8662 */ 8663 #if defined(__linux__) 8664 /* 8665 * This is Linux; we require PF_PACKET support. 8666 * If this is a *live* capture, we can look at 8667 * special meta-data in the filter expression; 8668 * if it's a savefile, we can't. 8669 */ 8670 if (cstate->bpf_pcap->rfile != NULL) { 8671 /* We have a FILE *, so this is a savefile */ 8672 bpf_error(cstate, "inbound/outbound not supported on %s when reading savefiles", 8673 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 8674 /*NOTREACHED*/ 8675 } 8676 /* match outgoing packets */ 8677 b0 = gen_cmp(cstate, OR_LINKHDR, SKF_AD_OFF + SKF_AD_PKTTYPE, BPF_H, 8678 PACKET_OUTGOING); 8679 if (!dir) { 8680 /* to filter on inbound traffic, invert the match */ 8681 gen_not(b0); 8682 } 8683 #else /* defined(__linux__) */ 8684 bpf_error(cstate, "inbound/outbound not supported on %s", 8685 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 8686 /*NOTREACHED*/ 8687 #endif /* defined(__linux__) */ 8688 } 8689 return (b0); 8690 } 8691 8692 /* PF firewall log matched interface */ 8693 struct block * 8694 gen_pf_ifname(compiler_state_t *cstate, const char *ifname) 8695 { 8696 struct block *b0; 8697 u_int len, off; 8698 8699 /* 8700 * Catch errors reported by us and routines below us, and return NULL 8701 * on an error. 8702 */ 8703 if (setjmp(cstate->top_ctx)) 8704 return (NULL); 8705 8706 if (cstate->linktype != DLT_PFLOG) { 8707 bpf_error(cstate, "ifname supported only on PF linktype"); 8708 /*NOTREACHED*/ 8709 } 8710 len = sizeof(((struct pfloghdr *)0)->ifname); 8711 off = offsetof(struct pfloghdr, ifname); 8712 if (strlen(ifname) >= len) { 8713 bpf_error(cstate, "ifname interface names can only be %d characters", 8714 len-1); 8715 /*NOTREACHED*/ 8716 } 8717 b0 = gen_bcmp(cstate, OR_LINKHDR, off, (u_int)strlen(ifname), 8718 (const u_char *)ifname); 8719 return (b0); 8720 } 8721 8722 /* PF firewall log ruleset name */ 8723 struct block * 8724 gen_pf_ruleset(compiler_state_t *cstate, char *ruleset) 8725 { 8726 struct block *b0; 8727 8728 /* 8729 * Catch errors reported by us and routines below us, and return NULL 8730 * on an error. 8731 */ 8732 if (setjmp(cstate->top_ctx)) 8733 return (NULL); 8734 8735 if (cstate->linktype != DLT_PFLOG) { 8736 bpf_error(cstate, "ruleset supported only on PF linktype"); 8737 /*NOTREACHED*/ 8738 } 8739 8740 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 8741 bpf_error(cstate, "ruleset names can only be %ld characters", 8742 (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1)); 8743 /*NOTREACHED*/ 8744 } 8745 8746 b0 = gen_bcmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, ruleset), 8747 (u_int)strlen(ruleset), (const u_char *)ruleset); 8748 return (b0); 8749 } 8750 8751 /* PF firewall log rule number */ 8752 struct block * 8753 gen_pf_rnr(compiler_state_t *cstate, int rnr) 8754 { 8755 struct block *b0; 8756 8757 /* 8758 * Catch errors reported by us and routines below us, and return NULL 8759 * on an error. 8760 */ 8761 if (setjmp(cstate->top_ctx)) 8762 return (NULL); 8763 8764 if (cstate->linktype != DLT_PFLOG) { 8765 bpf_error(cstate, "rnr supported only on PF linktype"); 8766 /*NOTREACHED*/ 8767 } 8768 8769 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, rulenr), BPF_W, 8770 (bpf_u_int32)rnr); 8771 return (b0); 8772 } 8773 8774 /* PF firewall log sub-rule number */ 8775 struct block * 8776 gen_pf_srnr(compiler_state_t *cstate, int srnr) 8777 { 8778 struct block *b0; 8779 8780 /* 8781 * Catch errors reported by us and routines below us, and return NULL 8782 * on an error. 8783 */ 8784 if (setjmp(cstate->top_ctx)) 8785 return (NULL); 8786 8787 if (cstate->linktype != DLT_PFLOG) { 8788 bpf_error(cstate, "srnr supported only on PF linktype"); 8789 /*NOTREACHED*/ 8790 } 8791 8792 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, subrulenr), BPF_W, 8793 (bpf_u_int32)srnr); 8794 return (b0); 8795 } 8796 8797 /* PF firewall log reason code */ 8798 struct block * 8799 gen_pf_reason(compiler_state_t *cstate, int reason) 8800 { 8801 struct block *b0; 8802 8803 /* 8804 * Catch errors reported by us and routines below us, and return NULL 8805 * on an error. 8806 */ 8807 if (setjmp(cstate->top_ctx)) 8808 return (NULL); 8809 8810 if (cstate->linktype != DLT_PFLOG) { 8811 bpf_error(cstate, "reason supported only on PF linktype"); 8812 /*NOTREACHED*/ 8813 } 8814 8815 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, reason), BPF_B, 8816 (bpf_u_int32)reason); 8817 return (b0); 8818 } 8819 8820 /* PF firewall log action */ 8821 struct block * 8822 gen_pf_action(compiler_state_t *cstate, int action) 8823 { 8824 struct block *b0; 8825 8826 /* 8827 * Catch errors reported by us and routines below us, and return NULL 8828 * on an error. 8829 */ 8830 if (setjmp(cstate->top_ctx)) 8831 return (NULL); 8832 8833 if (cstate->linktype != DLT_PFLOG) { 8834 bpf_error(cstate, "action supported only on PF linktype"); 8835 /*NOTREACHED*/ 8836 } 8837 8838 b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, action), BPF_B, 8839 (bpf_u_int32)action); 8840 return (b0); 8841 } 8842 8843 /* IEEE 802.11 wireless header */ 8844 struct block * 8845 gen_p80211_type(compiler_state_t *cstate, bpf_u_int32 type, bpf_u_int32 mask) 8846 { 8847 struct block *b0; 8848 8849 /* 8850 * Catch errors reported by us and routines below us, and return NULL 8851 * on an error. 8852 */ 8853 if (setjmp(cstate->top_ctx)) 8854 return (NULL); 8855 8856 switch (cstate->linktype) { 8857 8858 case DLT_IEEE802_11: 8859 case DLT_PRISM_HEADER: 8860 case DLT_IEEE802_11_RADIO_AVS: 8861 case DLT_IEEE802_11_RADIO: 8862 b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, type, mask); 8863 break; 8864 8865 default: 8866 bpf_error(cstate, "802.11 link-layer types supported only on 802.11"); 8867 /*NOTREACHED*/ 8868 } 8869 8870 return (b0); 8871 } 8872 8873 struct block * 8874 gen_p80211_fcdir(compiler_state_t *cstate, bpf_u_int32 fcdir) 8875 { 8876 struct block *b0; 8877 8878 /* 8879 * Catch errors reported by us and routines below us, and return NULL 8880 * on an error. 8881 */ 8882 if (setjmp(cstate->top_ctx)) 8883 return (NULL); 8884 8885 switch (cstate->linktype) { 8886 8887 case DLT_IEEE802_11: 8888 case DLT_PRISM_HEADER: 8889 case DLT_IEEE802_11_RADIO_AVS: 8890 case DLT_IEEE802_11_RADIO: 8891 break; 8892 8893 default: 8894 bpf_error(cstate, "frame direction supported only with 802.11 headers"); 8895 /*NOTREACHED*/ 8896 } 8897 8898 b0 = gen_mcmp(cstate, OR_LINKHDR, 1, BPF_B, fcdir, 8899 IEEE80211_FC1_DIR_MASK); 8900 8901 return (b0); 8902 } 8903 8904 struct block * 8905 gen_acode(compiler_state_t *cstate, const char *s, struct qual q) 8906 { 8907 struct block *b; 8908 8909 /* 8910 * Catch errors reported by us and routines below us, and return NULL 8911 * on an error. 8912 */ 8913 if (setjmp(cstate->top_ctx)) 8914 return (NULL); 8915 8916 switch (cstate->linktype) { 8917 8918 case DLT_ARCNET: 8919 case DLT_ARCNET_LINUX: 8920 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && 8921 q.proto == Q_LINK) { 8922 cstate->e = pcap_ether_aton(s); 8923 if (cstate->e == NULL) 8924 bpf_error(cstate, "malloc"); 8925 b = gen_ahostop(cstate, cstate->e, (int)q.dir); 8926 free(cstate->e); 8927 cstate->e = NULL; 8928 return (b); 8929 } else 8930 bpf_error(cstate, "ARCnet address used in non-arc expression"); 8931 /*NOTREACHED*/ 8932 8933 default: 8934 bpf_error(cstate, "aid supported only on ARCnet"); 8935 /*NOTREACHED*/ 8936 } 8937 } 8938 8939 static struct block * 8940 gen_ahostop(compiler_state_t *cstate, const u_char *eaddr, int dir) 8941 { 8942 register struct block *b0, *b1; 8943 8944 switch (dir) { 8945 /* src comes first, different from Ethernet */ 8946 case Q_SRC: 8947 return gen_bcmp(cstate, OR_LINKHDR, 0, 1, eaddr); 8948 8949 case Q_DST: 8950 return gen_bcmp(cstate, OR_LINKHDR, 1, 1, eaddr); 8951 8952 case Q_AND: 8953 b0 = gen_ahostop(cstate, eaddr, Q_SRC); 8954 b1 = gen_ahostop(cstate, eaddr, Q_DST); 8955 gen_and(b0, b1); 8956 return b1; 8957 8958 case Q_DEFAULT: 8959 case Q_OR: 8960 b0 = gen_ahostop(cstate, eaddr, Q_SRC); 8961 b1 = gen_ahostop(cstate, eaddr, Q_DST); 8962 gen_or(b0, b1); 8963 return b1; 8964 8965 case Q_ADDR1: 8966 bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11"); 8967 /*NOTREACHED*/ 8968 8969 case Q_ADDR2: 8970 bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11"); 8971 /*NOTREACHED*/ 8972 8973 case Q_ADDR3: 8974 bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11"); 8975 /*NOTREACHED*/ 8976 8977 case Q_ADDR4: 8978 bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11"); 8979 /*NOTREACHED*/ 8980 8981 case Q_RA: 8982 bpf_error(cstate, "'ra' is only supported on 802.11"); 8983 /*NOTREACHED*/ 8984 8985 case Q_TA: 8986 bpf_error(cstate, "'ta' is only supported on 802.11"); 8987 /*NOTREACHED*/ 8988 } 8989 abort(); 8990 /*NOTREACHED*/ 8991 } 8992 8993 static struct block * 8994 gen_vlan_tpid_test(compiler_state_t *cstate) 8995 { 8996 struct block *b0, *b1; 8997 8998 /* check for VLAN, including 802.1ad and QinQ */ 8999 b0 = gen_linktype(cstate, ETHERTYPE_8021Q); 9000 b1 = gen_linktype(cstate, ETHERTYPE_8021AD); 9001 gen_or(b0,b1); 9002 b0 = b1; 9003 b1 = gen_linktype(cstate, ETHERTYPE_8021QINQ); 9004 gen_or(b0,b1); 9005 9006 return b1; 9007 } 9008 9009 static struct block * 9010 gen_vlan_vid_test(compiler_state_t *cstate, bpf_u_int32 vlan_num) 9011 { 9012 if (vlan_num > 0x0fff) { 9013 bpf_error(cstate, "VLAN tag %u greater than maximum %u", 9014 vlan_num, 0x0fff); 9015 } 9016 return gen_mcmp(cstate, OR_LINKPL, 0, BPF_H, vlan_num, 0x0fff); 9017 } 9018 9019 static struct block * 9020 gen_vlan_no_bpf_extensions(compiler_state_t *cstate, bpf_u_int32 vlan_num, 9021 int has_vlan_tag) 9022 { 9023 struct block *b0, *b1; 9024 9025 b0 = gen_vlan_tpid_test(cstate); 9026 9027 if (has_vlan_tag) { 9028 b1 = gen_vlan_vid_test(cstate, vlan_num); 9029 gen_and(b0, b1); 9030 b0 = b1; 9031 } 9032 9033 /* 9034 * Both payload and link header type follow the VLAN tags so that 9035 * both need to be updated. 9036 */ 9037 cstate->off_linkpl.constant_part += 4; 9038 cstate->off_linktype.constant_part += 4; 9039 9040 return b0; 9041 } 9042 9043 #if defined(SKF_AD_VLAN_TAG_PRESENT) 9044 /* add v to variable part of off */ 9045 static void 9046 gen_vlan_vloffset_add(compiler_state_t *cstate, bpf_abs_offset *off, 9047 bpf_u_int32 v, struct slist *s) 9048 { 9049 struct slist *s2; 9050 9051 if (!off->is_variable) 9052 off->is_variable = 1; 9053 if (off->reg == -1) 9054 off->reg = alloc_reg(cstate); 9055 9056 s2 = new_stmt(cstate, BPF_LD|BPF_MEM); 9057 s2->s.k = off->reg; 9058 sappend(s, s2); 9059 s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM); 9060 s2->s.k = v; 9061 sappend(s, s2); 9062 s2 = new_stmt(cstate, BPF_ST); 9063 s2->s.k = off->reg; 9064 sappend(s, s2); 9065 } 9066 9067 /* 9068 * patch block b_tpid (VLAN TPID test) to update variable parts of link payload 9069 * and link type offsets first 9070 */ 9071 static void 9072 gen_vlan_patch_tpid_test(compiler_state_t *cstate, struct block *b_tpid) 9073 { 9074 struct slist s; 9075 9076 /* offset determined at run time, shift variable part */ 9077 s.next = NULL; 9078 cstate->is_vlan_vloffset = 1; 9079 gen_vlan_vloffset_add(cstate, &cstate->off_linkpl, 4, &s); 9080 gen_vlan_vloffset_add(cstate, &cstate->off_linktype, 4, &s); 9081 9082 /* we get a pointer to a chain of or-ed blocks, patch first of them */ 9083 sappend(s.next, b_tpid->head->stmts); 9084 b_tpid->head->stmts = s.next; 9085 } 9086 9087 /* 9088 * patch block b_vid (VLAN id test) to load VID value either from packet 9089 * metadata (using BPF extensions) if SKF_AD_VLAN_TAG_PRESENT is true 9090 */ 9091 static void 9092 gen_vlan_patch_vid_test(compiler_state_t *cstate, struct block *b_vid) 9093 { 9094 struct slist *s, *s2, *sjeq; 9095 unsigned cnt; 9096 9097 s = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 9098 s->s.k = SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT; 9099 9100 /* true -> next instructions, false -> beginning of b_vid */ 9101 sjeq = new_stmt(cstate, JMP(BPF_JEQ)); 9102 sjeq->s.k = 1; 9103 sjeq->s.jf = b_vid->stmts; 9104 sappend(s, sjeq); 9105 9106 s2 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 9107 s2->s.k = SKF_AD_OFF + SKF_AD_VLAN_TAG; 9108 sappend(s, s2); 9109 sjeq->s.jt = s2; 9110 9111 /* Jump to the test in b_vid. We need to jump one instruction before 9112 * the end of the b_vid block so that we only skip loading the TCI 9113 * from packet data and not the 'and' instruction extracting VID. 9114 */ 9115 cnt = 0; 9116 for (s2 = b_vid->stmts; s2; s2 = s2->next) 9117 cnt++; 9118 s2 = new_stmt(cstate, JMP(BPF_JA)); 9119 s2->s.k = cnt - 1; 9120 sappend(s, s2); 9121 9122 /* insert our statements at the beginning of b_vid */ 9123 sappend(s, b_vid->stmts); 9124 b_vid->stmts = s; 9125 } 9126 9127 /* 9128 * Generate check for "vlan" or "vlan <id>" on systems with support for BPF 9129 * extensions. Even if kernel supports VLAN BPF extensions, (outermost) VLAN 9130 * tag can be either in metadata or in packet data; therefore if the 9131 * SKF_AD_VLAN_TAG_PRESENT test is negative, we need to check link 9132 * header for VLAN tag. As the decision is done at run time, we need 9133 * update variable part of the offsets 9134 */ 9135 static struct block * 9136 gen_vlan_bpf_extensions(compiler_state_t *cstate, bpf_u_int32 vlan_num, 9137 int has_vlan_tag) 9138 { 9139 struct block *b0, *b_tpid, *b_vid = NULL; 9140 struct slist *s; 9141 9142 /* generate new filter code based on extracting packet 9143 * metadata */ 9144 s = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS); 9145 s->s.k = SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT; 9146 9147 b0 = new_block(cstate, JMP(BPF_JEQ)); 9148 b0->stmts = s; 9149 b0->s.k = 1; 9150 9151 /* 9152 * This is tricky. We need to insert the statements updating variable 9153 * parts of offsets before the traditional TPID and VID tests so 9154 * that they are called whenever SKF_AD_VLAN_TAG_PRESENT fails but 9155 * we do not want this update to affect those checks. That's why we 9156 * generate both test blocks first and insert the statements updating 9157 * variable parts of both offsets after that. This wouldn't work if 9158 * there already were variable length link header when entering this 9159 * function but gen_vlan_bpf_extensions() isn't called in that case. 9160 */ 9161 b_tpid = gen_vlan_tpid_test(cstate); 9162 if (has_vlan_tag) 9163 b_vid = gen_vlan_vid_test(cstate, vlan_num); 9164 9165 gen_vlan_patch_tpid_test(cstate, b_tpid); 9166 gen_or(b0, b_tpid); 9167 b0 = b_tpid; 9168 9169 if (has_vlan_tag) { 9170 gen_vlan_patch_vid_test(cstate, b_vid); 9171 gen_and(b0, b_vid); 9172 b0 = b_vid; 9173 } 9174 9175 return b0; 9176 } 9177 #endif 9178 9179 /* 9180 * support IEEE 802.1Q VLAN trunk over ethernet 9181 */ 9182 struct block * 9183 gen_vlan(compiler_state_t *cstate, bpf_u_int32 vlan_num, int has_vlan_tag) 9184 { 9185 struct block *b0; 9186 9187 /* 9188 * Catch errors reported by us and routines below us, and return NULL 9189 * on an error. 9190 */ 9191 if (setjmp(cstate->top_ctx)) 9192 return (NULL); 9193 9194 /* can't check for VLAN-encapsulated packets inside MPLS */ 9195 if (cstate->label_stack_depth > 0) 9196 bpf_error(cstate, "no VLAN match after MPLS"); 9197 9198 /* 9199 * Check for a VLAN packet, and then change the offsets to point 9200 * to the type and data fields within the VLAN packet. Just 9201 * increment the offsets, so that we can support a hierarchy, e.g. 9202 * "vlan 300 && vlan 200" to capture VLAN 200 encapsulated within 9203 * VLAN 100. 9204 * 9205 * XXX - this is a bit of a kludge. If we were to split the 9206 * compiler into a parser that parses an expression and 9207 * generates an expression tree, and a code generator that 9208 * takes an expression tree (which could come from our 9209 * parser or from some other parser) and generates BPF code, 9210 * we could perhaps make the offsets parameters of routines 9211 * and, in the handler for an "AND" node, pass to subnodes 9212 * other than the VLAN node the adjusted offsets. 9213 * 9214 * This would mean that "vlan" would, instead of changing the 9215 * behavior of *all* tests after it, change only the behavior 9216 * of tests ANDed with it. That would change the documented 9217 * semantics of "vlan", which might break some expressions. 9218 * However, it would mean that "(vlan and ip) or ip" would check 9219 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than 9220 * checking only for VLAN-encapsulated IP, so that could still 9221 * be considered worth doing; it wouldn't break expressions 9222 * that are of the form "vlan and ..." or "vlan N and ...", 9223 * which I suspect are the most common expressions involving 9224 * "vlan". "vlan or ..." doesn't necessarily do what the user 9225 * would really want, now, as all the "or ..." tests would 9226 * be done assuming a VLAN, even though the "or" could be viewed 9227 * as meaning "or, if this isn't a VLAN packet...". 9228 */ 9229 switch (cstate->linktype) { 9230 9231 case DLT_EN10MB: 9232 case DLT_NETANALYZER: 9233 case DLT_NETANALYZER_TRANSPARENT: 9234 #if defined(SKF_AD_VLAN_TAG_PRESENT) 9235 /* Verify that this is the outer part of the packet and 9236 * not encapsulated somehow. */ 9237 if (cstate->vlan_stack_depth == 0 && !cstate->off_linkhdr.is_variable && 9238 cstate->off_linkhdr.constant_part == 9239 cstate->off_outermostlinkhdr.constant_part) { 9240 /* 9241 * Do we need special VLAN handling? 9242 */ 9243 if (cstate->bpf_pcap->bpf_codegen_flags & BPF_SPECIAL_VLAN_HANDLING) 9244 b0 = gen_vlan_bpf_extensions(cstate, vlan_num, 9245 has_vlan_tag); 9246 else 9247 b0 = gen_vlan_no_bpf_extensions(cstate, 9248 vlan_num, has_vlan_tag); 9249 } else 9250 #endif 9251 b0 = gen_vlan_no_bpf_extensions(cstate, vlan_num, 9252 has_vlan_tag); 9253 break; 9254 9255 case DLT_IEEE802_11: 9256 case DLT_PRISM_HEADER: 9257 case DLT_IEEE802_11_RADIO_AVS: 9258 case DLT_IEEE802_11_RADIO: 9259 b0 = gen_vlan_no_bpf_extensions(cstate, vlan_num, has_vlan_tag); 9260 break; 9261 9262 default: 9263 bpf_error(cstate, "no VLAN support for %s", 9264 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 9265 /*NOTREACHED*/ 9266 } 9267 9268 cstate->vlan_stack_depth++; 9269 9270 return (b0); 9271 } 9272 9273 /* 9274 * support for MPLS 9275 * 9276 * The label_num_arg dance is to avoid annoying whining by compilers that 9277 * label_num might be clobbered by longjmp - yeah, it might, but *WHO CARES*? 9278 * It's not *used* after setjmp returns. 9279 */ 9280 struct block * 9281 gen_mpls(compiler_state_t *cstate, bpf_u_int32 label_num_arg, 9282 int has_label_num) 9283 { 9284 volatile bpf_u_int32 label_num = label_num_arg; 9285 struct block *b0, *b1; 9286 9287 /* 9288 * Catch errors reported by us and routines below us, and return NULL 9289 * on an error. 9290 */ 9291 if (setjmp(cstate->top_ctx)) 9292 return (NULL); 9293 9294 if (cstate->label_stack_depth > 0) { 9295 /* just match the bottom-of-stack bit clear */ 9296 b0 = gen_mcmp(cstate, OR_PREVMPLSHDR, 2, BPF_B, 0, 0x01); 9297 } else { 9298 /* 9299 * We're not in an MPLS stack yet, so check the link-layer 9300 * type against MPLS. 9301 */ 9302 switch (cstate->linktype) { 9303 9304 case DLT_C_HDLC: /* fall through */ 9305 case DLT_HDLC: 9306 case DLT_EN10MB: 9307 case DLT_NETANALYZER: 9308 case DLT_NETANALYZER_TRANSPARENT: 9309 b0 = gen_linktype(cstate, ETHERTYPE_MPLS); 9310 break; 9311 9312 case DLT_PPP: 9313 b0 = gen_linktype(cstate, PPP_MPLS_UCAST); 9314 break; 9315 9316 /* FIXME add other DLT_s ... 9317 * for Frame-Relay/and ATM this may get messy due to SNAP headers 9318 * leave it for now */ 9319 9320 default: 9321 bpf_error(cstate, "no MPLS support for %s", 9322 pcap_datalink_val_to_description_or_dlt(cstate->linktype)); 9323 /*NOTREACHED*/ 9324 } 9325 } 9326 9327 /* If a specific MPLS label is requested, check it */ 9328 if (has_label_num) { 9329 if (label_num > 0xFFFFF) { 9330 bpf_error(cstate, "MPLS label %u greater than maximum %u", 9331 label_num, 0xFFFFF); 9332 } 9333 label_num = label_num << 12; /* label is shifted 12 bits on the wire */ 9334 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_W, label_num, 9335 0xfffff000); /* only compare the first 20 bits */ 9336 gen_and(b0, b1); 9337 b0 = b1; 9338 } 9339 9340 /* 9341 * Change the offsets to point to the type and data fields within 9342 * the MPLS packet. Just increment the offsets, so that we 9343 * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to 9344 * capture packets with an outer label of 100000 and an inner 9345 * label of 1024. 9346 * 9347 * Increment the MPLS stack depth as well; this indicates that 9348 * we're checking MPLS-encapsulated headers, to make sure higher 9349 * level code generators don't try to match against IP-related 9350 * protocols such as Q_ARP, Q_RARP etc. 9351 * 9352 * XXX - this is a bit of a kludge. See comments in gen_vlan(). 9353 */ 9354 cstate->off_nl_nosnap += 4; 9355 cstate->off_nl += 4; 9356 cstate->label_stack_depth++; 9357 return (b0); 9358 } 9359 9360 /* 9361 * Support PPPOE discovery and session. 9362 */ 9363 struct block * 9364 gen_pppoed(compiler_state_t *cstate) 9365 { 9366 /* 9367 * Catch errors reported by us and routines below us, and return NULL 9368 * on an error. 9369 */ 9370 if (setjmp(cstate->top_ctx)) 9371 return (NULL); 9372 9373 /* check for PPPoE discovery */ 9374 return gen_linktype(cstate, ETHERTYPE_PPPOED); 9375 } 9376 9377 struct block * 9378 gen_pppoes(compiler_state_t *cstate, bpf_u_int32 sess_num, int has_sess_num) 9379 { 9380 struct block *b0, *b1; 9381 9382 /* 9383 * Catch errors reported by us and routines below us, and return NULL 9384 * on an error. 9385 */ 9386 if (setjmp(cstate->top_ctx)) 9387 return (NULL); 9388 9389 /* 9390 * Test against the PPPoE session link-layer type. 9391 */ 9392 b0 = gen_linktype(cstate, ETHERTYPE_PPPOES); 9393 9394 /* If a specific session is requested, check PPPoE session id */ 9395 if (has_sess_num) { 9396 if (sess_num > 0x0000ffff) { 9397 bpf_error(cstate, "PPPoE session number %u greater than maximum %u", 9398 sess_num, 0x0000ffff); 9399 } 9400 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_W, sess_num, 0x0000ffff); 9401 gen_and(b0, b1); 9402 b0 = b1; 9403 } 9404 9405 /* 9406 * Change the offsets to point to the type and data fields within 9407 * the PPP packet, and note that this is PPPoE rather than 9408 * raw PPP. 9409 * 9410 * XXX - this is a bit of a kludge. See the comments in 9411 * gen_vlan(). 9412 * 9413 * The "network-layer" protocol is PPPoE, which has a 6-byte 9414 * PPPoE header, followed by a PPP packet. 9415 * 9416 * There is no HDLC encapsulation for the PPP packet (it's 9417 * encapsulated in PPPoES instead), so the link-layer type 9418 * starts at the first byte of the PPP packet. For PPPoE, 9419 * that offset is relative to the beginning of the total 9420 * link-layer payload, including any 802.2 LLC header, so 9421 * it's 6 bytes past cstate->off_nl. 9422 */ 9423 PUSH_LINKHDR(cstate, DLT_PPP, cstate->off_linkpl.is_variable, 9424 cstate->off_linkpl.constant_part + cstate->off_nl + 6, /* 6 bytes past the PPPoE header */ 9425 cstate->off_linkpl.reg); 9426 9427 cstate->off_linktype = cstate->off_linkhdr; 9428 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 2; 9429 9430 cstate->off_nl = 0; 9431 cstate->off_nl_nosnap = 0; /* no 802.2 LLC */ 9432 9433 return b0; 9434 } 9435 9436 /* Check that this is Geneve and the VNI is correct if 9437 * specified. Parameterized to handle both IPv4 and IPv6. */ 9438 static struct block * 9439 gen_geneve_check(compiler_state_t *cstate, 9440 struct block *(*gen_portfn)(compiler_state_t *, u_int, int, int), 9441 enum e_offrel offrel, bpf_u_int32 vni, int has_vni) 9442 { 9443 struct block *b0, *b1; 9444 9445 b0 = gen_portfn(cstate, GENEVE_PORT, IPPROTO_UDP, Q_DST); 9446 9447 /* Check that we are operating on version 0. Otherwise, we 9448 * can't decode the rest of the fields. The version is 2 bits 9449 * in the first byte of the Geneve header. */ 9450 b1 = gen_mcmp(cstate, offrel, 8, BPF_B, 0, 0xc0); 9451 gen_and(b0, b1); 9452 b0 = b1; 9453 9454 if (has_vni) { 9455 if (vni > 0xffffff) { 9456 bpf_error(cstate, "Geneve VNI %u greater than maximum %u", 9457 vni, 0xffffff); 9458 } 9459 vni <<= 8; /* VNI is in the upper 3 bytes */ 9460 b1 = gen_mcmp(cstate, offrel, 12, BPF_W, vni, 0xffffff00); 9461 gen_and(b0, b1); 9462 b0 = b1; 9463 } 9464 9465 return b0; 9466 } 9467 9468 /* The IPv4 and IPv6 Geneve checks need to do two things: 9469 * - Verify that this actually is Geneve with the right VNI. 9470 * - Place the IP header length (plus variable link prefix if 9471 * needed) into register A to be used later to compute 9472 * the inner packet offsets. */ 9473 static struct block * 9474 gen_geneve4(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni) 9475 { 9476 struct block *b0, *b1; 9477 struct slist *s, *s1; 9478 9479 b0 = gen_geneve_check(cstate, gen_port, OR_TRAN_IPV4, vni, has_vni); 9480 9481 /* Load the IP header length into A. */ 9482 s = gen_loadx_iphdrlen(cstate); 9483 9484 s1 = new_stmt(cstate, BPF_MISC|BPF_TXA); 9485 sappend(s, s1); 9486 9487 /* Forcibly append these statements to the true condition 9488 * of the protocol check by creating a new block that is 9489 * always true and ANDing them. */ 9490 b1 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X); 9491 b1->stmts = s; 9492 b1->s.k = 0; 9493 9494 gen_and(b0, b1); 9495 9496 return b1; 9497 } 9498 9499 static struct block * 9500 gen_geneve6(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni) 9501 { 9502 struct block *b0, *b1; 9503 struct slist *s, *s1; 9504 9505 b0 = gen_geneve_check(cstate, gen_port6, OR_TRAN_IPV6, vni, has_vni); 9506 9507 /* Load the IP header length. We need to account for a 9508 * variable length link prefix if there is one. */ 9509 s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl); 9510 if (s) { 9511 s1 = new_stmt(cstate, BPF_LD|BPF_IMM); 9512 s1->s.k = 40; 9513 sappend(s, s1); 9514 9515 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X); 9516 s1->s.k = 0; 9517 sappend(s, s1); 9518 } else { 9519 s = new_stmt(cstate, BPF_LD|BPF_IMM); 9520 s->s.k = 40; 9521 } 9522 9523 /* Forcibly append these statements to the true condition 9524 * of the protocol check by creating a new block that is 9525 * always true and ANDing them. */ 9526 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX); 9527 sappend(s, s1); 9528 9529 b1 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X); 9530 b1->stmts = s; 9531 b1->s.k = 0; 9532 9533 gen_and(b0, b1); 9534 9535 return b1; 9536 } 9537 9538 /* We need to store three values based on the Geneve header:: 9539 * - The offset of the linktype. 9540 * - The offset of the end of the Geneve header. 9541 * - The offset of the end of the encapsulated MAC header. */ 9542 static struct slist * 9543 gen_geneve_offsets(compiler_state_t *cstate) 9544 { 9545 struct slist *s, *s1, *s_proto; 9546 9547 /* First we need to calculate the offset of the Geneve header 9548 * itself. This is composed of the IP header previously calculated 9549 * (include any variable link prefix) and stored in A plus the 9550 * fixed sized headers (fixed link prefix, MAC length, and UDP 9551 * header). */ 9552 s = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 9553 s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 8; 9554 9555 /* Stash this in X since we'll need it later. */ 9556 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX); 9557 sappend(s, s1); 9558 9559 /* The EtherType in Geneve is 2 bytes in. Calculate this and 9560 * store it. */ 9561 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 9562 s1->s.k = 2; 9563 sappend(s, s1); 9564 9565 cstate->off_linktype.reg = alloc_reg(cstate); 9566 cstate->off_linktype.is_variable = 1; 9567 cstate->off_linktype.constant_part = 0; 9568 9569 s1 = new_stmt(cstate, BPF_ST); 9570 s1->s.k = cstate->off_linktype.reg; 9571 sappend(s, s1); 9572 9573 /* Load the Geneve option length and mask and shift to get the 9574 * number of bytes. It is stored in the first byte of the Geneve 9575 * header. */ 9576 s1 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B); 9577 s1->s.k = 0; 9578 sappend(s, s1); 9579 9580 s1 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K); 9581 s1->s.k = 0x3f; 9582 sappend(s, s1); 9583 9584 s1 = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K); 9585 s1->s.k = 4; 9586 sappend(s, s1); 9587 9588 /* Add in the rest of the Geneve base header. */ 9589 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 9590 s1->s.k = 8; 9591 sappend(s, s1); 9592 9593 /* Add the Geneve header length to its offset and store. */ 9594 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X); 9595 s1->s.k = 0; 9596 sappend(s, s1); 9597 9598 /* Set the encapsulated type as Ethernet. Even though we may 9599 * not actually have Ethernet inside there are two reasons this 9600 * is useful: 9601 * - The linktype field is always in EtherType format regardless 9602 * of whether it is in Geneve or an inner Ethernet frame. 9603 * - The only link layer that we have specific support for is 9604 * Ethernet. We will confirm that the packet actually is 9605 * Ethernet at runtime before executing these checks. */ 9606 PUSH_LINKHDR(cstate, DLT_EN10MB, 1, 0, alloc_reg(cstate)); 9607 9608 s1 = new_stmt(cstate, BPF_ST); 9609 s1->s.k = cstate->off_linkhdr.reg; 9610 sappend(s, s1); 9611 9612 /* Calculate whether we have an Ethernet header or just raw IP/ 9613 * MPLS/etc. If we have Ethernet, advance the end of the MAC offset 9614 * and linktype by 14 bytes so that the network header can be found 9615 * seamlessly. Otherwise, keep what we've calculated already. */ 9616 9617 /* We have a bare jmp so we can't use the optimizer. */ 9618 cstate->no_optimize = 1; 9619 9620 /* Load the EtherType in the Geneve header, 2 bytes in. */ 9621 s1 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_H); 9622 s1->s.k = 2; 9623 sappend(s, s1); 9624 9625 /* Load X with the end of the Geneve header. */ 9626 s1 = new_stmt(cstate, BPF_LDX|BPF_MEM); 9627 s1->s.k = cstate->off_linkhdr.reg; 9628 sappend(s, s1); 9629 9630 /* Check if the EtherType is Transparent Ethernet Bridging. At the 9631 * end of this check, we should have the total length in X. In 9632 * the non-Ethernet case, it's already there. */ 9633 s_proto = new_stmt(cstate, JMP(BPF_JEQ)); 9634 s_proto->s.k = ETHERTYPE_TEB; 9635 sappend(s, s_proto); 9636 9637 s1 = new_stmt(cstate, BPF_MISC|BPF_TXA); 9638 sappend(s, s1); 9639 s_proto->s.jt = s1; 9640 9641 /* Since this is Ethernet, use the EtherType of the payload 9642 * directly as the linktype. Overwrite what we already have. */ 9643 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 9644 s1->s.k = 12; 9645 sappend(s, s1); 9646 9647 s1 = new_stmt(cstate, BPF_ST); 9648 s1->s.k = cstate->off_linktype.reg; 9649 sappend(s, s1); 9650 9651 /* Advance two bytes further to get the end of the Ethernet 9652 * header. */ 9653 s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K); 9654 s1->s.k = 2; 9655 sappend(s, s1); 9656 9657 /* Move the result to X. */ 9658 s1 = new_stmt(cstate, BPF_MISC|BPF_TAX); 9659 sappend(s, s1); 9660 9661 /* Store the final result of our linkpl calculation. */ 9662 cstate->off_linkpl.reg = alloc_reg(cstate); 9663 cstate->off_linkpl.is_variable = 1; 9664 cstate->off_linkpl.constant_part = 0; 9665 9666 s1 = new_stmt(cstate, BPF_STX); 9667 s1->s.k = cstate->off_linkpl.reg; 9668 sappend(s, s1); 9669 s_proto->s.jf = s1; 9670 9671 cstate->off_nl = 0; 9672 9673 return s; 9674 } 9675 9676 /* Check to see if this is a Geneve packet. */ 9677 struct block * 9678 gen_geneve(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni) 9679 { 9680 struct block *b0, *b1; 9681 struct slist *s; 9682 9683 /* 9684 * Catch errors reported by us and routines below us, and return NULL 9685 * on an error. 9686 */ 9687 if (setjmp(cstate->top_ctx)) 9688 return (NULL); 9689 9690 b0 = gen_geneve4(cstate, vni, has_vni); 9691 b1 = gen_geneve6(cstate, vni, has_vni); 9692 9693 gen_or(b0, b1); 9694 b0 = b1; 9695 9696 /* Later filters should act on the payload of the Geneve frame, 9697 * update all of the header pointers. Attach this code so that 9698 * it gets executed in the event that the Geneve filter matches. */ 9699 s = gen_geneve_offsets(cstate); 9700 9701 b1 = gen_true(cstate); 9702 sappend(s, b1->stmts); 9703 b1->stmts = s; 9704 9705 gen_and(b0, b1); 9706 9707 cstate->is_geneve = 1; 9708 9709 return b1; 9710 } 9711 9712 /* Check that the encapsulated frame has a link layer header 9713 * for Ethernet filters. */ 9714 static struct block * 9715 gen_geneve_ll_check(compiler_state_t *cstate) 9716 { 9717 struct block *b0; 9718 struct slist *s, *s1; 9719 9720 /* The easiest way to see if there is a link layer present 9721 * is to check if the link layer header and payload are not 9722 * the same. */ 9723 9724 /* Geneve always generates pure variable offsets so we can 9725 * compare only the registers. */ 9726 s = new_stmt(cstate, BPF_LD|BPF_MEM); 9727 s->s.k = cstate->off_linkhdr.reg; 9728 9729 s1 = new_stmt(cstate, BPF_LDX|BPF_MEM); 9730 s1->s.k = cstate->off_linkpl.reg; 9731 sappend(s, s1); 9732 9733 b0 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X); 9734 b0->stmts = s; 9735 b0->s.k = 0; 9736 gen_not(b0); 9737 9738 return b0; 9739 } 9740 9741 static struct block * 9742 gen_atmfield_code_internal(compiler_state_t *cstate, int atmfield, 9743 bpf_u_int32 jvalue, int jtype, int reverse) 9744 { 9745 struct block *b0; 9746 9747 switch (atmfield) { 9748 9749 case A_VPI: 9750 if (!cstate->is_atm) 9751 bpf_error(cstate, "'vpi' supported only on raw ATM"); 9752 if (cstate->off_vpi == OFFSET_NOT_SET) 9753 abort(); 9754 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_vpi, BPF_B, 9755 0xffffffffU, jtype, reverse, jvalue); 9756 break; 9757 9758 case A_VCI: 9759 if (!cstate->is_atm) 9760 bpf_error(cstate, "'vci' supported only on raw ATM"); 9761 if (cstate->off_vci == OFFSET_NOT_SET) 9762 abort(); 9763 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_vci, BPF_H, 9764 0xffffffffU, jtype, reverse, jvalue); 9765 break; 9766 9767 case A_PROTOTYPE: 9768 if (cstate->off_proto == OFFSET_NOT_SET) 9769 abort(); /* XXX - this isn't on FreeBSD */ 9770 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_proto, BPF_B, 9771 0x0fU, jtype, reverse, jvalue); 9772 break; 9773 9774 case A_MSGTYPE: 9775 if (cstate->off_payload == OFFSET_NOT_SET) 9776 abort(); 9777 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_payload + MSG_TYPE_POS, BPF_B, 9778 0xffffffffU, jtype, reverse, jvalue); 9779 break; 9780 9781 case A_CALLREFTYPE: 9782 if (!cstate->is_atm) 9783 bpf_error(cstate, "'callref' supported only on raw ATM"); 9784 if (cstate->off_proto == OFFSET_NOT_SET) 9785 abort(); 9786 b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_proto, BPF_B, 9787 0xffffffffU, jtype, reverse, jvalue); 9788 break; 9789 9790 default: 9791 abort(); 9792 } 9793 return b0; 9794 } 9795 9796 static struct block * 9797 gen_atmtype_metac(compiler_state_t *cstate) 9798 { 9799 struct block *b0, *b1; 9800 9801 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 9802 b1 = gen_atmfield_code_internal(cstate, A_VCI, 1, BPF_JEQ, 0); 9803 gen_and(b0, b1); 9804 return b1; 9805 } 9806 9807 static struct block * 9808 gen_atmtype_sc(compiler_state_t *cstate) 9809 { 9810 struct block *b0, *b1; 9811 9812 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 9813 b1 = gen_atmfield_code_internal(cstate, A_VCI, 5, BPF_JEQ, 0); 9814 gen_and(b0, b1); 9815 return b1; 9816 } 9817 9818 static struct block * 9819 gen_atmtype_llc(compiler_state_t *cstate) 9820 { 9821 struct block *b0; 9822 9823 b0 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LLC, BPF_JEQ, 0); 9824 cstate->linktype = cstate->prevlinktype; 9825 return b0; 9826 } 9827 9828 struct block * 9829 gen_atmfield_code(compiler_state_t *cstate, int atmfield, 9830 bpf_u_int32 jvalue, int jtype, int reverse) 9831 { 9832 /* 9833 * Catch errors reported by us and routines below us, and return NULL 9834 * on an error. 9835 */ 9836 if (setjmp(cstate->top_ctx)) 9837 return (NULL); 9838 9839 return gen_atmfield_code_internal(cstate, atmfield, jvalue, jtype, 9840 reverse); 9841 } 9842 9843 struct block * 9844 gen_atmtype_abbrev(compiler_state_t *cstate, int type) 9845 { 9846 struct block *b0, *b1; 9847 9848 /* 9849 * Catch errors reported by us and routines below us, and return NULL 9850 * on an error. 9851 */ 9852 if (setjmp(cstate->top_ctx)) 9853 return (NULL); 9854 9855 switch (type) { 9856 9857 case A_METAC: 9858 /* Get all packets in Meta signalling Circuit */ 9859 if (!cstate->is_atm) 9860 bpf_error(cstate, "'metac' supported only on raw ATM"); 9861 b1 = gen_atmtype_metac(cstate); 9862 break; 9863 9864 case A_BCC: 9865 /* Get all packets in Broadcast Circuit*/ 9866 if (!cstate->is_atm) 9867 bpf_error(cstate, "'bcc' supported only on raw ATM"); 9868 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 9869 b1 = gen_atmfield_code_internal(cstate, A_VCI, 2, BPF_JEQ, 0); 9870 gen_and(b0, b1); 9871 break; 9872 9873 case A_OAMF4SC: 9874 /* Get all cells in Segment OAM F4 circuit*/ 9875 if (!cstate->is_atm) 9876 bpf_error(cstate, "'oam4sc' supported only on raw ATM"); 9877 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 9878 b1 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0); 9879 gen_and(b0, b1); 9880 break; 9881 9882 case A_OAMF4EC: 9883 /* Get all cells in End-to-End OAM F4 Circuit*/ 9884 if (!cstate->is_atm) 9885 bpf_error(cstate, "'oam4ec' supported only on raw ATM"); 9886 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 9887 b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0); 9888 gen_and(b0, b1); 9889 break; 9890 9891 case A_SC: 9892 /* Get all packets in connection Signalling Circuit */ 9893 if (!cstate->is_atm) 9894 bpf_error(cstate, "'sc' supported only on raw ATM"); 9895 b1 = gen_atmtype_sc(cstate); 9896 break; 9897 9898 case A_ILMIC: 9899 /* Get all packets in ILMI Circuit */ 9900 if (!cstate->is_atm) 9901 bpf_error(cstate, "'ilmic' supported only on raw ATM"); 9902 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 9903 b1 = gen_atmfield_code_internal(cstate, A_VCI, 16, BPF_JEQ, 0); 9904 gen_and(b0, b1); 9905 break; 9906 9907 case A_LANE: 9908 /* Get all LANE packets */ 9909 if (!cstate->is_atm) 9910 bpf_error(cstate, "'lane' supported only on raw ATM"); 9911 b1 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LANE, BPF_JEQ, 0); 9912 9913 /* 9914 * Arrange that all subsequent tests assume LANE 9915 * rather than LLC-encapsulated packets, and set 9916 * the offsets appropriately for LANE-encapsulated 9917 * Ethernet. 9918 * 9919 * We assume LANE means Ethernet, not Token Ring. 9920 */ 9921 PUSH_LINKHDR(cstate, DLT_EN10MB, 0, 9922 cstate->off_payload + 2, /* Ethernet header */ 9923 -1); 9924 cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12; 9925 cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14; /* Ethernet */ 9926 cstate->off_nl = 0; /* Ethernet II */ 9927 cstate->off_nl_nosnap = 3; /* 802.3+802.2 */ 9928 break; 9929 9930 case A_LLC: 9931 /* Get all LLC-encapsulated packets */ 9932 if (!cstate->is_atm) 9933 bpf_error(cstate, "'llc' supported only on raw ATM"); 9934 b1 = gen_atmtype_llc(cstate); 9935 break; 9936 9937 default: 9938 abort(); 9939 } 9940 return b1; 9941 } 9942 9943 /* 9944 * Filtering for MTP2 messages based on li value 9945 * FISU, length is null 9946 * LSSU, length is 1 or 2 9947 * MSU, length is 3 or more 9948 * For MTP2_HSL, sequences are on 2 bytes, and length on 9 bits 9949 */ 9950 struct block * 9951 gen_mtp2type_abbrev(compiler_state_t *cstate, int type) 9952 { 9953 struct block *b0, *b1; 9954 9955 /* 9956 * Catch errors reported by us and routines below us, and return NULL 9957 * on an error. 9958 */ 9959 if (setjmp(cstate->top_ctx)) 9960 return (NULL); 9961 9962 switch (type) { 9963 9964 case M_FISU: 9965 if ( (cstate->linktype != DLT_MTP2) && 9966 (cstate->linktype != DLT_ERF) && 9967 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 9968 bpf_error(cstate, "'fisu' supported only on MTP2"); 9969 /* gen_ncmp(cstate, offrel, offset, size, mask, jtype, reverse, value) */ 9970 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B, 9971 0x3fU, BPF_JEQ, 0, 0U); 9972 break; 9973 9974 case M_LSSU: 9975 if ( (cstate->linktype != DLT_MTP2) && 9976 (cstate->linktype != DLT_ERF) && 9977 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 9978 bpf_error(cstate, "'lssu' supported only on MTP2"); 9979 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B, 9980 0x3fU, BPF_JGT, 1, 2U); 9981 b1 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B, 9982 0x3fU, BPF_JGT, 0, 0U); 9983 gen_and(b1, b0); 9984 break; 9985 9986 case M_MSU: 9987 if ( (cstate->linktype != DLT_MTP2) && 9988 (cstate->linktype != DLT_ERF) && 9989 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 9990 bpf_error(cstate, "'msu' supported only on MTP2"); 9991 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B, 9992 0x3fU, BPF_JGT, 0, 2U); 9993 break; 9994 9995 case MH_FISU: 9996 if ( (cstate->linktype != DLT_MTP2) && 9997 (cstate->linktype != DLT_ERF) && 9998 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 9999 bpf_error(cstate, "'hfisu' supported only on MTP2_HSL"); 10000 /* gen_ncmp(cstate, offrel, offset, size, mask, jtype, reverse, value) */ 10001 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H, 10002 0xff80U, BPF_JEQ, 0, 0U); 10003 break; 10004 10005 case MH_LSSU: 10006 if ( (cstate->linktype != DLT_MTP2) && 10007 (cstate->linktype != DLT_ERF) && 10008 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 10009 bpf_error(cstate, "'hlssu' supported only on MTP2_HSL"); 10010 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H, 10011 0xff80U, BPF_JGT, 1, 0x0100U); 10012 b1 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H, 10013 0xff80U, BPF_JGT, 0, 0U); 10014 gen_and(b1, b0); 10015 break; 10016 10017 case MH_MSU: 10018 if ( (cstate->linktype != DLT_MTP2) && 10019 (cstate->linktype != DLT_ERF) && 10020 (cstate->linktype != DLT_MTP2_WITH_PHDR) ) 10021 bpf_error(cstate, "'hmsu' supported only on MTP2_HSL"); 10022 b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H, 10023 0xff80U, BPF_JGT, 0, 0x0100U); 10024 break; 10025 10026 default: 10027 abort(); 10028 } 10029 return b0; 10030 } 10031 10032 /* 10033 * The jvalue_arg dance is to avoid annoying whining by compilers that 10034 * jvalue might be clobbered by longjmp - yeah, it might, but *WHO CARES*? 10035 * It's not *used* after setjmp returns. 10036 */ 10037 struct block * 10038 gen_mtp3field_code(compiler_state_t *cstate, int mtp3field, 10039 bpf_u_int32 jvalue_arg, int jtype, int reverse) 10040 { 10041 volatile bpf_u_int32 jvalue = jvalue_arg; 10042 struct block *b0; 10043 bpf_u_int32 val1 , val2 , val3; 10044 u_int newoff_sio; 10045 u_int newoff_opc; 10046 u_int newoff_dpc; 10047 u_int newoff_sls; 10048 10049 /* 10050 * Catch errors reported by us and routines below us, and return NULL 10051 * on an error. 10052 */ 10053 if (setjmp(cstate->top_ctx)) 10054 return (NULL); 10055 10056 newoff_sio = cstate->off_sio; 10057 newoff_opc = cstate->off_opc; 10058 newoff_dpc = cstate->off_dpc; 10059 newoff_sls = cstate->off_sls; 10060 switch (mtp3field) { 10061 10062 case MH_SIO: 10063 newoff_sio += 3; /* offset for MTP2_HSL */ 10064 /* FALLTHROUGH */ 10065 10066 case M_SIO: 10067 if (cstate->off_sio == OFFSET_NOT_SET) 10068 bpf_error(cstate, "'sio' supported only on SS7"); 10069 /* sio coded on 1 byte so max value 255 */ 10070 if(jvalue > 255) 10071 bpf_error(cstate, "sio value %u too big; max value = 255", 10072 jvalue); 10073 b0 = gen_ncmp(cstate, OR_PACKET, newoff_sio, BPF_B, 0xffffffffU, 10074 jtype, reverse, jvalue); 10075 break; 10076 10077 case MH_OPC: 10078 newoff_opc += 3; 10079 10080 /* FALLTHROUGH */ 10081 case M_OPC: 10082 if (cstate->off_opc == OFFSET_NOT_SET) 10083 bpf_error(cstate, "'opc' supported only on SS7"); 10084 /* opc coded on 14 bits so max value 16383 */ 10085 if (jvalue > 16383) 10086 bpf_error(cstate, "opc value %u too big; max value = 16383", 10087 jvalue); 10088 /* the following instructions are made to convert jvalue 10089 * to the form used to write opc in an ss7 message*/ 10090 val1 = jvalue & 0x00003c00; 10091 val1 = val1 >>10; 10092 val2 = jvalue & 0x000003fc; 10093 val2 = val2 <<6; 10094 val3 = jvalue & 0x00000003; 10095 val3 = val3 <<22; 10096 jvalue = val1 + val2 + val3; 10097 b0 = gen_ncmp(cstate, OR_PACKET, newoff_opc, BPF_W, 0x00c0ff0fU, 10098 jtype, reverse, jvalue); 10099 break; 10100 10101 case MH_DPC: 10102 newoff_dpc += 3; 10103 /* FALLTHROUGH */ 10104 10105 case M_DPC: 10106 if (cstate->off_dpc == OFFSET_NOT_SET) 10107 bpf_error(cstate, "'dpc' supported only on SS7"); 10108 /* dpc coded on 14 bits so max value 16383 */ 10109 if (jvalue > 16383) 10110 bpf_error(cstate, "dpc value %u too big; max value = 16383", 10111 jvalue); 10112 /* the following instructions are made to convert jvalue 10113 * to the forme used to write dpc in an ss7 message*/ 10114 val1 = jvalue & 0x000000ff; 10115 val1 = val1 << 24; 10116 val2 = jvalue & 0x00003f00; 10117 val2 = val2 << 8; 10118 jvalue = val1 + val2; 10119 b0 = gen_ncmp(cstate, OR_PACKET, newoff_dpc, BPF_W, 0xff3f0000U, 10120 jtype, reverse, jvalue); 10121 break; 10122 10123 case MH_SLS: 10124 newoff_sls += 3; 10125 /* FALLTHROUGH */ 10126 10127 case M_SLS: 10128 if (cstate->off_sls == OFFSET_NOT_SET) 10129 bpf_error(cstate, "'sls' supported only on SS7"); 10130 /* sls coded on 4 bits so max value 15 */ 10131 if (jvalue > 15) 10132 bpf_error(cstate, "sls value %u too big; max value = 15", 10133 jvalue); 10134 /* the following instruction is made to convert jvalue 10135 * to the forme used to write sls in an ss7 message*/ 10136 jvalue = jvalue << 4; 10137 b0 = gen_ncmp(cstate, OR_PACKET, newoff_sls, BPF_B, 0xf0U, 10138 jtype, reverse, jvalue); 10139 break; 10140 10141 default: 10142 abort(); 10143 } 10144 return b0; 10145 } 10146 10147 static struct block * 10148 gen_msg_abbrev(compiler_state_t *cstate, int type) 10149 { 10150 struct block *b1; 10151 10152 /* 10153 * Q.2931 signalling protocol messages for handling virtual circuits 10154 * establishment and teardown 10155 */ 10156 switch (type) { 10157 10158 case A_SETUP: 10159 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, SETUP, BPF_JEQ, 0); 10160 break; 10161 10162 case A_CALLPROCEED: 10163 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0); 10164 break; 10165 10166 case A_CONNECT: 10167 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CONNECT, BPF_JEQ, 0); 10168 break; 10169 10170 case A_CONNECTACK: 10171 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0); 10172 break; 10173 10174 case A_RELEASE: 10175 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, RELEASE, BPF_JEQ, 0); 10176 break; 10177 10178 case A_RELEASE_DONE: 10179 b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0); 10180 break; 10181 10182 default: 10183 abort(); 10184 } 10185 return b1; 10186 } 10187 10188 struct block * 10189 gen_atmmulti_abbrev(compiler_state_t *cstate, int type) 10190 { 10191 struct block *b0, *b1; 10192 10193 /* 10194 * Catch errors reported by us and routines below us, and return NULL 10195 * on an error. 10196 */ 10197 if (setjmp(cstate->top_ctx)) 10198 return (NULL); 10199 10200 switch (type) { 10201 10202 case A_OAM: 10203 if (!cstate->is_atm) 10204 bpf_error(cstate, "'oam' supported only on raw ATM"); 10205 /* OAM F4 type */ 10206 b0 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0); 10207 b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0); 10208 gen_or(b0, b1); 10209 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 10210 gen_and(b0, b1); 10211 break; 10212 10213 case A_OAMF4: 10214 if (!cstate->is_atm) 10215 bpf_error(cstate, "'oamf4' supported only on raw ATM"); 10216 /* OAM F4 type */ 10217 b0 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0); 10218 b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0); 10219 gen_or(b0, b1); 10220 b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0); 10221 gen_and(b0, b1); 10222 break; 10223 10224 case A_CONNECTMSG: 10225 /* 10226 * Get Q.2931 signalling messages for switched 10227 * virtual connection 10228 */ 10229 if (!cstate->is_atm) 10230 bpf_error(cstate, "'connectmsg' supported only on raw ATM"); 10231 b0 = gen_msg_abbrev(cstate, A_SETUP); 10232 b1 = gen_msg_abbrev(cstate, A_CALLPROCEED); 10233 gen_or(b0, b1); 10234 b0 = gen_msg_abbrev(cstate, A_CONNECT); 10235 gen_or(b0, b1); 10236 b0 = gen_msg_abbrev(cstate, A_CONNECTACK); 10237 gen_or(b0, b1); 10238 b0 = gen_msg_abbrev(cstate, A_RELEASE); 10239 gen_or(b0, b1); 10240 b0 = gen_msg_abbrev(cstate, A_RELEASE_DONE); 10241 gen_or(b0, b1); 10242 b0 = gen_atmtype_sc(cstate); 10243 gen_and(b0, b1); 10244 break; 10245 10246 case A_METACONNECT: 10247 if (!cstate->is_atm) 10248 bpf_error(cstate, "'metaconnect' supported only on raw ATM"); 10249 b0 = gen_msg_abbrev(cstate, A_SETUP); 10250 b1 = gen_msg_abbrev(cstate, A_CALLPROCEED); 10251 gen_or(b0, b1); 10252 b0 = gen_msg_abbrev(cstate, A_CONNECT); 10253 gen_or(b0, b1); 10254 b0 = gen_msg_abbrev(cstate, A_RELEASE); 10255 gen_or(b0, b1); 10256 b0 = gen_msg_abbrev(cstate, A_RELEASE_DONE); 10257 gen_or(b0, b1); 10258 b0 = gen_atmtype_metac(cstate); 10259 gen_and(b0, b1); 10260 break; 10261 10262 default: 10263 abort(); 10264 } 10265 return b1; 10266 } 10267