1 /* $OpenBSD: gencode.c,v 1.44 2015/12/22 19:51:04 mmcc Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/param.h> /* ALIGN */ 25 #include <sys/types.h> 26 #include <sys/socket.h> 27 #include <sys/time.h> 28 29 struct mbuf; 30 struct rtentry; 31 32 #include <net/if.h> 33 34 #include <netinet/in.h> 35 #include <netinet/if_ether.h> 36 37 #include <net/if_pflog.h> 38 #include <net/pfvar.h> 39 40 #include <net80211/ieee80211.h> 41 #include <net80211/ieee80211_radiotap.h> 42 43 #include <stdlib.h> 44 #include <stddef.h> 45 #include <setjmp.h> 46 #include <stdarg.h> 47 #include <string.h> 48 49 #include "pcap-int.h" 50 51 #include "ethertype.h" 52 #include "llc.h" 53 #include "gencode.h" 54 #include "ppp.h" 55 #include <pcap-namedb.h> 56 #ifdef INET6 57 #include <netdb.h> 58 #endif /*INET6*/ 59 60 #ifdef HAVE_OS_PROTO_H 61 #include "os-proto.h" 62 #endif 63 64 #define JMP(c) ((c)|BPF_JMP|BPF_K) 65 66 /* Locals */ 67 static jmp_buf top_ctx; 68 static pcap_t *bpf_pcap; 69 70 /* Hack for updating VLAN offsets. */ 71 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 72 73 /* XXX */ 74 #ifdef PCAP_FDDIPAD 75 int pcap_fddipad = PCAP_FDDIPAD; 76 #else 77 int pcap_fddipad; 78 #endif 79 80 __dead void 81 bpf_error(const char *fmt, ...) 82 { 83 va_list ap; 84 85 va_start(ap, fmt); 86 if (bpf_pcap != NULL) 87 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 88 fmt, ap); 89 va_end(ap); 90 longjmp(top_ctx, 1); 91 /* NOTREACHED */ 92 } 93 94 static void init_linktype(int); 95 96 static int alloc_reg(void); 97 static void free_reg(int); 98 99 static struct block *root; 100 101 /* initialization code used for variable link header */ 102 static struct slist *init_code = NULL; 103 104 /* Flags and registers for variable link type handling */ 105 static int variable_nl; 106 static int nl_reg, iphl_reg; 107 108 /* 109 * We divy out chunks of memory rather than call malloc each time so 110 * we don't have to worry about leaking memory. It's probably 111 * not a big deal if all this memory was wasted but it this ever 112 * goes into a library that would probably not be a good idea. 113 */ 114 #define NCHUNKS 16 115 #define CHUNK0SIZE 1024 116 struct chunk { 117 u_int n_left; 118 void *m; 119 }; 120 121 static struct chunk chunks[NCHUNKS]; 122 static int cur_chunk; 123 124 static void *newchunk(u_int); 125 static void freechunks(void); 126 static __inline struct block *new_block(int); 127 static __inline struct slist *new_stmt(int); 128 static struct block *gen_retblk(int); 129 static __inline void syntax(void); 130 131 static void backpatch(struct block *, struct block *); 132 static void merge(struct block *, struct block *); 133 static struct block *gen_cmp(u_int, u_int, bpf_int32); 134 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 135 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 136 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 137 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 138 static struct block *gen_bcmp(u_int, u_int, const u_char *); 139 static struct block *gen_uncond(int); 140 static __inline struct block *gen_true(void); 141 static __inline struct block *gen_false(void); 142 static struct block *gen_linktype(int); 143 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 144 #ifdef INET6 145 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 146 #endif 147 static struct block *gen_ehostop(const u_char *, int); 148 static struct block *gen_fhostop(const u_char *, int); 149 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 150 static struct block *gen_p80211_hostop(const u_char *, int); 151 static struct block *gen_p80211_addr(int, u_int, const u_char *); 152 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 153 #ifdef INET6 154 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 155 #endif 156 #ifndef INET6 157 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 158 #endif 159 static struct block *gen_ipfrag(void); 160 static struct block *gen_portatom(int, bpf_int32); 161 #ifdef INET6 162 static struct block *gen_portatom6(int, bpf_int32); 163 #endif 164 struct block *gen_portop(int, int, int); 165 static struct block *gen_port(int, int, int); 166 #ifdef INET6 167 struct block *gen_portop6(int, int, int); 168 static struct block *gen_port6(int, int, int); 169 #endif 170 static int lookup_proto(const char *, int); 171 static struct block *gen_protochain(int, int, int); 172 static struct block *gen_proto(int, int, int); 173 static struct slist *xfer_to_x(struct arth *); 174 static struct slist *xfer_to_a(struct arth *); 175 static struct block *gen_len(int, int); 176 177 static void * 178 newchunk(n) 179 u_int n; 180 { 181 struct chunk *cp; 182 int k, size; 183 184 /* XXX Round to structure boundary. */ 185 n = ALIGN(n); 186 187 cp = &chunks[cur_chunk]; 188 if (n > cp->n_left) { 189 ++cp, k = ++cur_chunk; 190 if (k >= NCHUNKS) 191 bpf_error("out of memory"); 192 size = CHUNK0SIZE << k; 193 cp->m = calloc(1, size); 194 if (cp->m == NULL) 195 bpf_error("out of memory"); 196 197 cp->n_left = size; 198 if (n > size) 199 bpf_error("out of memory"); 200 } 201 cp->n_left -= n; 202 return (void *)((char *)cp->m + cp->n_left); 203 } 204 205 static void 206 freechunks() 207 { 208 int i; 209 210 cur_chunk = 0; 211 for (i = 0; i < NCHUNKS; ++i) { 212 free(chunks[i].m); 213 chunks[i].m = NULL; 214 } 215 } 216 217 /* 218 * A strdup whose allocations are freed after code generation is over. 219 */ 220 char * 221 sdup(s) 222 const char *s; 223 { 224 int n = strlen(s) + 1; 225 char *cp = newchunk(n); 226 227 strlcpy(cp, s, n); 228 return (cp); 229 } 230 231 static __inline struct block * 232 new_block(code) 233 int code; 234 { 235 struct block *p; 236 237 p = (struct block *)newchunk(sizeof(*p)); 238 p->s.code = code; 239 p->head = p; 240 241 return p; 242 } 243 244 static __inline struct slist * 245 new_stmt(code) 246 int code; 247 { 248 struct slist *p; 249 250 p = (struct slist *)newchunk(sizeof(*p)); 251 p->s.code = code; 252 253 return p; 254 } 255 256 static struct block * 257 gen_retblk(v) 258 int v; 259 { 260 struct block *b = new_block(BPF_RET|BPF_K); 261 262 b->s.k = v; 263 return b; 264 } 265 266 static __inline void 267 syntax() 268 { 269 bpf_error("syntax error in filter expression"); 270 } 271 272 static bpf_u_int32 netmask; 273 static int snaplen; 274 int no_optimize; 275 276 int 277 pcap_compile(pcap_t *p, struct bpf_program *program, 278 char *buf, int optimize, bpf_u_int32 mask) 279 { 280 extern int n_errors; 281 int len; 282 283 no_optimize = 0; 284 n_errors = 0; 285 root = NULL; 286 bpf_pcap = p; 287 if (setjmp(top_ctx)) { 288 freechunks(); 289 return (-1); 290 } 291 292 netmask = mask; 293 snaplen = pcap_snapshot(p); 294 295 lex_init(buf ? buf : ""); 296 init_linktype(pcap_datalink(p)); 297 (void)pcap_parse(); 298 299 if (n_errors) 300 syntax(); 301 302 if (root == NULL) 303 root = gen_retblk(snaplen); 304 305 if (optimize && !no_optimize) { 306 bpf_optimize(&root); 307 if (root == NULL || 308 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 309 bpf_error("expression rejects all packets"); 310 } 311 program->bf_insns = icode_to_fcode(root, &len); 312 program->bf_len = len; 313 314 freechunks(); 315 return (0); 316 } 317 318 /* 319 * entry point for using the compiler with no pcap open 320 * pass in all the stuff that is needed explicitly instead. 321 */ 322 int 323 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 324 struct bpf_program *program, 325 char *buf, int optimize, bpf_u_int32 mask) 326 { 327 extern int n_errors; 328 int len; 329 330 n_errors = 0; 331 root = NULL; 332 bpf_pcap = NULL; 333 if (setjmp(top_ctx)) { 334 freechunks(); 335 return (-1); 336 } 337 338 netmask = mask; 339 340 /* XXX needed? I don't grok the use of globals here. */ 341 snaplen = snaplen_arg; 342 343 lex_init(buf ? buf : ""); 344 init_linktype(linktype_arg); 345 (void)pcap_parse(); 346 347 if (n_errors) 348 syntax(); 349 350 if (root == NULL) 351 root = gen_retblk(snaplen_arg); 352 353 if (optimize) { 354 bpf_optimize(&root); 355 if (root == NULL || 356 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 357 bpf_error("expression rejects all packets"); 358 } 359 program->bf_insns = icode_to_fcode(root, &len); 360 program->bf_len = len; 361 362 freechunks(); 363 return (0); 364 } 365 366 /* 367 * Clean up a "struct bpf_program" by freeing all the memory allocated 368 * in it. 369 */ 370 void 371 pcap_freecode(struct bpf_program *program) 372 { 373 program->bf_len = 0; 374 if (program->bf_insns != NULL) { 375 free((char *)program->bf_insns); 376 program->bf_insns = NULL; 377 } 378 } 379 380 /* 381 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 382 * which of the jt and jf fields has been resolved and which is a pointer 383 * back to another unresolved block (or nil). At least one of the fields 384 * in each block is already resolved. 385 */ 386 static void 387 backpatch(list, target) 388 struct block *list, *target; 389 { 390 struct block *next; 391 392 while (list) { 393 if (!list->sense) { 394 next = JT(list); 395 JT(list) = target; 396 } else { 397 next = JF(list); 398 JF(list) = target; 399 } 400 list = next; 401 } 402 } 403 404 /* 405 * Merge the lists in b0 and b1, using the 'sense' field to indicate 406 * which of jt and jf is the link. 407 */ 408 static void 409 merge(b0, b1) 410 struct block *b0, *b1; 411 { 412 struct block **p = &b0; 413 414 /* Find end of list. */ 415 while (*p) 416 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 417 418 /* Concatenate the lists. */ 419 *p = b1; 420 } 421 422 void 423 finish_parse(p) 424 struct block *p; 425 { 426 backpatch(p, gen_retblk(snaplen)); 427 p->sense = !p->sense; 428 backpatch(p, gen_retblk(0)); 429 root = p->head; 430 431 /* prepend initialization code to root */ 432 if (init_code != NULL && root != NULL) { 433 sappend(init_code, root->stmts); 434 root->stmts = init_code; 435 init_code = NULL; 436 } 437 438 if (iphl_reg != -1) { 439 free_reg(iphl_reg); 440 iphl_reg = -1; 441 } 442 if (nl_reg != -1) { 443 free_reg(nl_reg); 444 nl_reg = -1; 445 } 446 } 447 448 void 449 gen_and(b0, b1) 450 struct block *b0, *b1; 451 { 452 backpatch(b0, b1->head); 453 b0->sense = !b0->sense; 454 b1->sense = !b1->sense; 455 merge(b1, b0); 456 b1->sense = !b1->sense; 457 b1->head = b0->head; 458 } 459 460 void 461 gen_or(b0, b1) 462 struct block *b0, *b1; 463 { 464 b0->sense = !b0->sense; 465 backpatch(b0, b1->head); 466 b0->sense = !b0->sense; 467 merge(b1, b0); 468 b1->head = b0->head; 469 } 470 471 void 472 gen_not(b) 473 struct block *b; 474 { 475 b->sense = !b->sense; 476 } 477 478 static struct block * 479 gen_cmp(offset, size, v) 480 u_int offset, size; 481 bpf_int32 v; 482 { 483 struct slist *s; 484 struct block *b; 485 486 s = new_stmt(BPF_LD|BPF_ABS|size); 487 s->s.k = offset; 488 489 b = new_block(JMP(BPF_JEQ)); 490 b->stmts = s; 491 b->s.k = v; 492 493 return b; 494 } 495 496 static struct block * 497 gen_cmp_gt(offset, size, v) 498 u_int offset, size; 499 bpf_int32 v; 500 { 501 struct slist *s; 502 struct block *b; 503 504 s = new_stmt(BPF_LD|BPF_ABS|size); 505 s->s.k = offset; 506 507 b = new_block(JMP(BPF_JGT)); 508 b->stmts = s; 509 b->s.k = v; 510 511 return b; 512 } 513 514 static struct block * 515 gen_mcmp(offset, size, v, mask) 516 u_int offset, size; 517 bpf_int32 v; 518 bpf_u_int32 mask; 519 { 520 struct block *b = gen_cmp(offset, size, v); 521 struct slist *s; 522 523 if (mask != 0xffffffff) { 524 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 525 s->s.k = mask; 526 sappend(b->stmts, s); 527 } 528 return b; 529 } 530 531 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 532 static struct block * 533 gen_mcmp_nl(offset, size, v, mask) 534 u_int offset, size; 535 bpf_int32 v; 536 bpf_u_int32 mask; 537 { 538 struct block *b = gen_cmp_nl(offset, size, v); 539 struct slist *s; 540 541 if (mask != 0xffffffff) { 542 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 543 s->s.k = mask; 544 sappend(b->stmts, s); 545 } 546 return b; 547 } 548 549 static struct block * 550 gen_bcmp(offset, size, v) 551 u_int offset, size; 552 const u_char *v; 553 { 554 struct block *b, *tmp; 555 556 b = NULL; 557 while (size >= 4) { 558 const u_char *p = &v[size - 4]; 559 bpf_int32 w = ((bpf_int32)p[0] << 24) | 560 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 561 562 tmp = gen_cmp(offset + size - 4, BPF_W, w); 563 if (b != NULL) 564 gen_and(b, tmp); 565 b = tmp; 566 size -= 4; 567 } 568 while (size >= 2) { 569 const u_char *p = &v[size - 2]; 570 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 571 572 tmp = gen_cmp(offset + size - 2, BPF_H, w); 573 if (b != NULL) 574 gen_and(b, tmp); 575 b = tmp; 576 size -= 2; 577 } 578 if (size > 0) { 579 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 580 if (b != NULL) 581 gen_and(b, tmp); 582 b = tmp; 583 } 584 return b; 585 } 586 587 /* 588 * Various code constructs need to know the layout of the data link 589 * layer. These variables give the necessary offsets. off_linktype 590 * is set to -1 for no encapsulation, in which case, IP is assumed. 591 */ 592 static u_int off_linktype; 593 static u_int off_nl; 594 static u_int off_nl_nosnap; 595 596 static int linktype; 597 598 /* Generate code to load the dynamic 'off_nl' to the X register */ 599 static struct slist * 600 nl2X_stmt(void) 601 { 602 struct slist *s, *tmp; 603 604 if (nl_reg == -1) { 605 switch (linktype) { 606 case DLT_PFLOG: 607 /* The pflog header contains PFLOG_REAL_HDRLEN 608 which does NOT include the padding. Round 609 up to the nearest dword boundary */ 610 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 611 s->s.k = 0; 612 613 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 614 tmp->s.k = 3; 615 sappend(s, tmp); 616 617 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 618 tmp->s.k = 0xfc; 619 sappend(s, tmp); 620 621 nl_reg = alloc_reg(); 622 tmp = new_stmt(BPF_ST); 623 tmp->s.k = nl_reg; 624 sappend(s, tmp); 625 626 break; 627 default: 628 bpf_error("Unknown header size for link type 0x%x", 629 linktype); 630 } 631 632 if (init_code == NULL) 633 init_code = s; 634 else 635 sappend(init_code, s); 636 } 637 638 s = new_stmt(BPF_LDX|BPF_MEM); 639 s->s.k = nl_reg; 640 641 return s; 642 } 643 644 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 645 static struct block * 646 gen_cmp_nl(offset, size, v) 647 u_int offset, size; 648 bpf_int32 v; 649 { 650 struct slist *s, *tmp; 651 struct block *b; 652 653 if (variable_nl) { 654 s = nl2X_stmt(); 655 tmp = new_stmt(BPF_LD|BPF_IND|size); 656 tmp->s.k = offset; 657 sappend(s, tmp); 658 } else { 659 s = new_stmt(BPF_LD|BPF_ABS|size); 660 s->s.k = offset + off_nl; 661 } 662 b = new_block(JMP(BPF_JEQ)); 663 b->stmts = s; 664 b->s.k = v; 665 666 return b; 667 } 668 669 static void 670 init_linktype(type) 671 int type; 672 { 673 linktype = type; 674 init_code = NULL; 675 nl_reg = iphl_reg = -1; 676 677 switch (type) { 678 679 case DLT_EN10MB: 680 off_linktype = 12; 681 off_nl = 14; 682 return; 683 684 case DLT_SLIP: 685 /* 686 * SLIP doesn't have a link level type. The 16 byte 687 * header is hacked into our SLIP driver. 688 */ 689 off_linktype = -1; 690 off_nl = 16; 691 return; 692 693 case DLT_SLIP_BSDOS: 694 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 695 off_linktype = -1; 696 /* XXX end */ 697 off_nl = 24; 698 return; 699 700 case DLT_NULL: 701 off_linktype = 0; 702 off_nl = 4; 703 return; 704 705 case DLT_PPP: 706 off_linktype = 2; 707 off_nl = 4; 708 return; 709 710 case DLT_PPP_ETHER: 711 /* 712 * This does not include the Ethernet header, and 713 * only covers session state. 714 */ 715 off_linktype = 6; 716 off_nl = 8; 717 return; 718 719 case DLT_PPP_BSDOS: 720 off_linktype = 5; 721 off_nl = 24; 722 return; 723 724 case DLT_FDDI: 725 /* 726 * FDDI doesn't really have a link-level type field. 727 * We assume that SSAP = SNAP is being used and pick 728 * out the encapsulated Ethernet type. 729 */ 730 off_linktype = 19; 731 #ifdef PCAP_FDDIPAD 732 off_linktype += pcap_fddipad; 733 #endif 734 off_nl = 21; 735 #ifdef PCAP_FDDIPAD 736 off_nl += pcap_fddipad; 737 #endif 738 return; 739 740 case DLT_IEEE802: 741 off_linktype = 20; 742 off_nl = 22; 743 return; 744 745 case DLT_IEEE802_11: 746 off_linktype = 30; /* XXX variable */ 747 off_nl = 32; 748 return; 749 750 case DLT_IEEE802_11_RADIO: /* XXX variable */ 751 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 752 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 753 return; 754 755 case DLT_ATM_RFC1483: 756 /* 757 * assume routed, non-ISO PDUs 758 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 759 */ 760 off_linktype = 6; 761 off_nl = 8; 762 return; 763 764 case DLT_LOOP: 765 off_linktype = -1; 766 off_nl = 4; 767 return; 768 769 case DLT_ENC: 770 off_linktype = -1; 771 off_nl = 12; 772 return; 773 774 case DLT_PFLOG: 775 off_linktype = 0; 776 variable_nl = 1; 777 off_nl = 0; 778 return; 779 780 case DLT_PFSYNC: 781 off_linktype = -1; 782 off_nl = 4; 783 return; 784 785 case DLT_RAW: 786 off_linktype = -1; 787 off_nl = 0; 788 return; 789 } 790 bpf_error("unknown data link type 0x%x", linktype); 791 /* NOTREACHED */ 792 } 793 794 static struct block * 795 gen_uncond(rsense) 796 int rsense; 797 { 798 struct block *b; 799 struct slist *s; 800 801 s = new_stmt(BPF_LD|BPF_IMM); 802 s->s.k = !rsense; 803 b = new_block(JMP(BPF_JEQ)); 804 b->stmts = s; 805 806 return b; 807 } 808 809 static __inline struct block * 810 gen_true() 811 { 812 return gen_uncond(1); 813 } 814 815 static __inline struct block * 816 gen_false() 817 { 818 return gen_uncond(0); 819 } 820 821 static struct block * 822 gen_linktype(proto) 823 int proto; 824 { 825 struct block *b0, *b1; 826 827 /* If we're not using encapsulation and checking for IP, we're done */ 828 if (off_linktype == -1 && proto == ETHERTYPE_IP) 829 return gen_true(); 830 #ifdef INET6 831 /* this isn't the right thing to do, but sometimes necessary */ 832 if (off_linktype == -1 && proto == ETHERTYPE_IPV6) 833 return gen_true(); 834 #endif 835 836 switch (linktype) { 837 838 case DLT_EN10MB: 839 if (proto <= ETHERMTU) { 840 /* This is an LLC SAP value */ 841 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 842 gen_not(b0); 843 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 844 gen_and(b0, b1); 845 return b1; 846 } else { 847 /* This is an Ethernet type */ 848 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 849 } 850 break; 851 852 case DLT_SLIP: 853 return gen_false(); 854 855 case DLT_PPP: 856 case DLT_PPP_ETHER: 857 if (proto == ETHERTYPE_IP) 858 proto = PPP_IP; /* XXX was 0x21 */ 859 #ifdef INET6 860 else if (proto == ETHERTYPE_IPV6) 861 proto = PPP_IPV6; 862 #endif 863 break; 864 865 case DLT_PPP_BSDOS: 866 switch (proto) { 867 868 case ETHERTYPE_IP: 869 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 870 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 871 gen_or(b0, b1); 872 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 873 gen_or(b1, b0); 874 return b0; 875 876 #ifdef INET6 877 case ETHERTYPE_IPV6: 878 proto = PPP_IPV6; 879 /* more to go? */ 880 break; 881 #endif /* INET6 */ 882 883 case ETHERTYPE_DN: 884 proto = PPP_DECNET; 885 break; 886 887 case ETHERTYPE_ATALK: 888 proto = PPP_APPLE; 889 break; 890 891 case ETHERTYPE_NS: 892 proto = PPP_NS; 893 break; 894 } 895 break; 896 897 case DLT_LOOP: 898 case DLT_ENC: 899 case DLT_NULL: 900 /* XXX */ 901 if (proto == ETHERTYPE_IP) 902 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 903 #ifdef INET6 904 else if (proto == ETHERTYPE_IPV6) 905 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 906 #endif /* INET6 */ 907 else 908 return gen_false(); 909 break; 910 case DLT_PFLOG: 911 if (proto == ETHERTYPE_IP) 912 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 913 (bpf_int32)AF_INET)); 914 #ifdef INET6 915 else if (proto == ETHERTYPE_IPV6) 916 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 917 (bpf_int32)AF_INET6)); 918 #endif /* INET6 */ 919 else 920 return gen_false(); 921 break; 922 923 } 924 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 925 } 926 927 static struct block * 928 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 929 bpf_u_int32 addr; 930 bpf_u_int32 mask; 931 int dir, proto; 932 u_int src_off, dst_off; 933 { 934 struct block *b0, *b1; 935 u_int offset; 936 937 switch (dir) { 938 939 case Q_SRC: 940 offset = src_off; 941 break; 942 943 case Q_DST: 944 offset = dst_off; 945 break; 946 947 case Q_AND: 948 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 949 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 950 gen_and(b0, b1); 951 return b1; 952 953 case Q_OR: 954 case Q_DEFAULT: 955 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 956 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 957 gen_or(b0, b1); 958 return b1; 959 960 default: 961 bpf_error("direction not supported on linktype 0x%x", 962 linktype); 963 } 964 b0 = gen_linktype(proto); 965 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 966 gen_and(b0, b1); 967 return b1; 968 } 969 970 #ifdef INET6 971 static struct block * 972 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 973 struct in6_addr *addr; 974 struct in6_addr *mask; 975 int dir, proto; 976 u_int src_off, dst_off; 977 { 978 struct block *b0, *b1; 979 u_int offset; 980 u_int32_t *a, *m; 981 982 switch (dir) { 983 984 case Q_SRC: 985 offset = src_off; 986 break; 987 988 case Q_DST: 989 offset = dst_off; 990 break; 991 992 case Q_AND: 993 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 994 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 995 gen_and(b0, b1); 996 return b1; 997 998 case Q_OR: 999 case Q_DEFAULT: 1000 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1001 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1002 gen_or(b0, b1); 1003 return b1; 1004 1005 default: 1006 bpf_error("direction not supported on linktype 0x%x", 1007 linktype); 1008 } 1009 /* this order is important */ 1010 a = (u_int32_t *)addr; 1011 m = (u_int32_t *)mask; 1012 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1013 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1014 gen_and(b0, b1); 1015 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1016 gen_and(b0, b1); 1017 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1018 gen_and(b0, b1); 1019 b0 = gen_linktype(proto); 1020 gen_and(b0, b1); 1021 return b1; 1022 } 1023 #endif /*INET6*/ 1024 1025 static struct block * 1026 gen_ehostop(eaddr, dir) 1027 const u_char *eaddr; 1028 int dir; 1029 { 1030 struct block *b0, *b1; 1031 1032 switch (dir) { 1033 case Q_SRC: 1034 return gen_bcmp(6, 6, eaddr); 1035 1036 case Q_DST: 1037 return gen_bcmp(0, 6, eaddr); 1038 1039 case Q_AND: 1040 b0 = gen_ehostop(eaddr, Q_SRC); 1041 b1 = gen_ehostop(eaddr, Q_DST); 1042 gen_and(b0, b1); 1043 return b1; 1044 1045 case Q_DEFAULT: 1046 case Q_OR: 1047 b0 = gen_ehostop(eaddr, Q_SRC); 1048 b1 = gen_ehostop(eaddr, Q_DST); 1049 gen_or(b0, b1); 1050 return b1; 1051 default: 1052 bpf_error("direction not supported on linktype 0x%x", 1053 linktype); 1054 } 1055 /* NOTREACHED */ 1056 } 1057 1058 /* 1059 * Like gen_ehostop, but for DLT_FDDI 1060 */ 1061 static struct block * 1062 gen_fhostop(eaddr, dir) 1063 const u_char *eaddr; 1064 int dir; 1065 { 1066 struct block *b0, *b1; 1067 1068 switch (dir) { 1069 case Q_SRC: 1070 #ifdef PCAP_FDDIPAD 1071 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1072 #else 1073 return gen_bcmp(6 + 1, 6, eaddr); 1074 #endif 1075 1076 case Q_DST: 1077 #ifdef PCAP_FDDIPAD 1078 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1079 #else 1080 return gen_bcmp(0 + 1, 6, eaddr); 1081 #endif 1082 1083 case Q_AND: 1084 b0 = gen_fhostop(eaddr, Q_SRC); 1085 b1 = gen_fhostop(eaddr, Q_DST); 1086 gen_and(b0, b1); 1087 return b1; 1088 1089 case Q_DEFAULT: 1090 case Q_OR: 1091 b0 = gen_fhostop(eaddr, Q_SRC); 1092 b1 = gen_fhostop(eaddr, Q_DST); 1093 gen_or(b0, b1); 1094 return b1; 1095 default: 1096 bpf_error("direction not supported on linktype 0x%x", 1097 linktype); 1098 } 1099 /* NOTREACHED */ 1100 } 1101 1102 /* 1103 * This is quite tricky because there may be pad bytes in front of the 1104 * DECNET header, and then there are two possible data packet formats that 1105 * carry both src and dst addresses, plus 5 packet types in a format that 1106 * carries only the src node, plus 2 types that use a different format and 1107 * also carry just the src node. 1108 * 1109 * Yuck. 1110 * 1111 * Instead of doing those all right, we just look for data packets with 1112 * 0 or 1 bytes of padding. If you want to look at other packets, that 1113 * will require a lot more hacking. 1114 * 1115 * To add support for filtering on DECNET "areas" (network numbers) 1116 * one would want to add a "mask" argument to this routine. That would 1117 * make the filter even more inefficient, although one could be clever 1118 * and not generate masking instructions if the mask is 0xFFFF. 1119 */ 1120 static struct block * 1121 gen_dnhostop(addr, dir, base_off) 1122 bpf_u_int32 addr; 1123 int dir; 1124 u_int base_off; 1125 { 1126 struct block *b0, *b1, *b2, *tmp; 1127 u_int offset_lh; /* offset if long header is received */ 1128 u_int offset_sh; /* offset if short header is received */ 1129 1130 switch (dir) { 1131 1132 case Q_DST: 1133 offset_sh = 1; /* follows flags */ 1134 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1135 break; 1136 1137 case Q_SRC: 1138 offset_sh = 3; /* follows flags, dstnode */ 1139 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1140 break; 1141 1142 case Q_AND: 1143 /* Inefficient because we do our Calvinball dance twice */ 1144 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1145 b1 = gen_dnhostop(addr, Q_DST, base_off); 1146 gen_and(b0, b1); 1147 return b1; 1148 1149 case Q_OR: 1150 case Q_DEFAULT: 1151 /* Inefficient because we do our Calvinball dance twice */ 1152 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1153 b1 = gen_dnhostop(addr, Q_DST, base_off); 1154 gen_or(b0, b1); 1155 return b1; 1156 1157 default: 1158 bpf_error("direction not supported on linktype 0x%x", 1159 linktype); 1160 } 1161 b0 = gen_linktype(ETHERTYPE_DN); 1162 /* Check for pad = 1, long header case */ 1163 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1164 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1165 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1166 BPF_H, (bpf_int32)ntohs(addr)); 1167 gen_and(tmp, b1); 1168 /* Check for pad = 0, long header case */ 1169 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1170 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1171 gen_and(tmp, b2); 1172 gen_or(b2, b1); 1173 /* Check for pad = 1, short header case */ 1174 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1175 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1176 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1177 BPF_H, (bpf_int32)ntohs(addr)); 1178 gen_and(tmp, b2); 1179 gen_or(b2, b1); 1180 /* Check for pad = 0, short header case */ 1181 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1182 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1183 gen_and(tmp, b2); 1184 gen_or(b2, b1); 1185 1186 /* Combine with test for linktype */ 1187 gen_and(b0, b1); 1188 return b1; 1189 } 1190 1191 static struct block * 1192 gen_host(addr, mask, proto, dir) 1193 bpf_u_int32 addr; 1194 bpf_u_int32 mask; 1195 int proto; 1196 int dir; 1197 { 1198 struct block *b0, *b1; 1199 1200 switch (proto) { 1201 1202 case Q_DEFAULT: 1203 b0 = gen_host(addr, mask, Q_IP, dir); 1204 b1 = gen_host(addr, mask, Q_ARP, dir); 1205 gen_or(b0, b1); 1206 b0 = gen_host(addr, mask, Q_RARP, dir); 1207 gen_or(b1, b0); 1208 return b0; 1209 1210 case Q_IP: 1211 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1212 12, 16); 1213 1214 case Q_RARP: 1215 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1216 14, 24); 1217 1218 case Q_ARP: 1219 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1220 14, 24); 1221 1222 case Q_TCP: 1223 bpf_error("'tcp' modifier applied to host"); 1224 1225 case Q_UDP: 1226 bpf_error("'udp' modifier applied to host"); 1227 1228 case Q_ICMP: 1229 bpf_error("'icmp' modifier applied to host"); 1230 1231 case Q_IGMP: 1232 bpf_error("'igmp' modifier applied to host"); 1233 1234 case Q_IGRP: 1235 bpf_error("'igrp' modifier applied to host"); 1236 1237 case Q_PIM: 1238 bpf_error("'pim' modifier applied to host"); 1239 1240 case Q_STP: 1241 bpf_error("'stp' modifier applied to host"); 1242 1243 case Q_ATALK: 1244 bpf_error("ATALK host filtering not implemented"); 1245 1246 case Q_DECNET: 1247 return gen_dnhostop(addr, dir, 0); 1248 1249 case Q_SCA: 1250 bpf_error("SCA host filtering not implemented"); 1251 1252 case Q_LAT: 1253 bpf_error("LAT host filtering not implemented"); 1254 1255 case Q_MOPDL: 1256 bpf_error("MOPDL host filtering not implemented"); 1257 1258 case Q_MOPRC: 1259 bpf_error("MOPRC host filtering not implemented"); 1260 1261 #ifdef INET6 1262 case Q_IPV6: 1263 bpf_error("'ip6' modifier applied to ip host"); 1264 1265 case Q_ICMPV6: 1266 bpf_error("'icmp6' modifier applied to host"); 1267 #endif /* INET6 */ 1268 1269 case Q_AH: 1270 bpf_error("'ah' modifier applied to host"); 1271 1272 case Q_ESP: 1273 bpf_error("'esp' modifier applied to host"); 1274 1275 default: 1276 bpf_error("direction not supported on linktype 0x%x", 1277 linktype); 1278 } 1279 /* NOTREACHED */ 1280 } 1281 1282 #ifdef INET6 1283 static struct block * 1284 gen_host6(addr, mask, proto, dir) 1285 struct in6_addr *addr; 1286 struct in6_addr *mask; 1287 int proto; 1288 int dir; 1289 { 1290 switch (proto) { 1291 1292 case Q_DEFAULT: 1293 return gen_host6(addr, mask, Q_IPV6, dir); 1294 1295 case Q_IP: 1296 bpf_error("'ip' modifier applied to ip6 host"); 1297 1298 case Q_RARP: 1299 bpf_error("'rarp' modifier applied to ip6 host"); 1300 1301 case Q_ARP: 1302 bpf_error("'arp' modifier applied to ip6 host"); 1303 1304 case Q_TCP: 1305 bpf_error("'tcp' modifier applied to host"); 1306 1307 case Q_UDP: 1308 bpf_error("'udp' modifier applied to host"); 1309 1310 case Q_ICMP: 1311 bpf_error("'icmp' modifier applied to host"); 1312 1313 case Q_IGMP: 1314 bpf_error("'igmp' modifier applied to host"); 1315 1316 case Q_IGRP: 1317 bpf_error("'igrp' modifier applied to host"); 1318 1319 case Q_PIM: 1320 bpf_error("'pim' modifier applied to host"); 1321 1322 case Q_STP: 1323 bpf_error("'stp' modifier applied to host"); 1324 1325 case Q_ATALK: 1326 bpf_error("ATALK host filtering not implemented"); 1327 1328 case Q_DECNET: 1329 bpf_error("'decnet' modifier applied to ip6 host"); 1330 1331 case Q_SCA: 1332 bpf_error("SCA host filtering not implemented"); 1333 1334 case Q_LAT: 1335 bpf_error("LAT host filtering not implemented"); 1336 1337 case Q_MOPDL: 1338 bpf_error("MOPDL host filtering not implemented"); 1339 1340 case Q_MOPRC: 1341 bpf_error("MOPRC host filtering not implemented"); 1342 1343 case Q_IPV6: 1344 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1345 8, 24); 1346 1347 case Q_ICMPV6: 1348 bpf_error("'icmp6' modifier applied to host"); 1349 1350 case Q_AH: 1351 bpf_error("'ah' modifier applied to host"); 1352 1353 case Q_ESP: 1354 bpf_error("'esp' modifier applied to host"); 1355 1356 default: 1357 abort(); 1358 } 1359 /* NOTREACHED */ 1360 } 1361 #endif /*INET6*/ 1362 1363 #ifndef INET6 1364 static struct block * 1365 gen_gateway(eaddr, alist, proto, dir) 1366 const u_char *eaddr; 1367 bpf_u_int32 **alist; 1368 int proto; 1369 int dir; 1370 { 1371 struct block *b0, *b1, *tmp; 1372 1373 if (dir != 0) 1374 bpf_error("direction applied to 'gateway'"); 1375 1376 switch (proto) { 1377 case Q_DEFAULT: 1378 case Q_IP: 1379 case Q_ARP: 1380 case Q_RARP: 1381 if (linktype == DLT_EN10MB) 1382 b0 = gen_ehostop(eaddr, Q_OR); 1383 else if (linktype == DLT_FDDI) 1384 b0 = gen_fhostop(eaddr, Q_OR); 1385 else 1386 bpf_error( 1387 "'gateway' supported only on ethernet or FDDI"); 1388 1389 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1390 while (*alist) { 1391 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1392 gen_or(b1, tmp); 1393 b1 = tmp; 1394 } 1395 gen_not(b1); 1396 gen_and(b0, b1); 1397 return b1; 1398 } 1399 bpf_error("illegal modifier of 'gateway'"); 1400 /* NOTREACHED */ 1401 } 1402 #endif /*INET6*/ 1403 1404 struct block * 1405 gen_proto_abbrev(proto) 1406 int proto; 1407 { 1408 struct block *b0 = NULL, *b1; 1409 1410 switch (proto) { 1411 1412 case Q_TCP: 1413 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1414 #ifdef INET6 1415 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1416 gen_or(b0, b1); 1417 #endif 1418 break; 1419 1420 case Q_UDP: 1421 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1422 #ifdef INET6 1423 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1424 gen_or(b0, b1); 1425 #endif 1426 break; 1427 1428 case Q_ICMP: 1429 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1430 break; 1431 1432 #ifndef IPPROTO_IGMP 1433 #define IPPROTO_IGMP 2 1434 #endif 1435 1436 case Q_IGMP: 1437 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1438 break; 1439 1440 #ifndef IPPROTO_IGRP 1441 #define IPPROTO_IGRP 9 1442 #endif 1443 case Q_IGRP: 1444 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1445 break; 1446 1447 #ifndef IPPROTO_PIM 1448 #define IPPROTO_PIM 103 1449 #endif 1450 1451 case Q_PIM: 1452 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1453 #ifdef INET6 1454 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1455 gen_or(b0, b1); 1456 #endif 1457 break; 1458 1459 case Q_IP: 1460 b1 = gen_linktype(ETHERTYPE_IP); 1461 break; 1462 1463 case Q_ARP: 1464 b1 = gen_linktype(ETHERTYPE_ARP); 1465 break; 1466 1467 case Q_RARP: 1468 b1 = gen_linktype(ETHERTYPE_REVARP); 1469 break; 1470 1471 case Q_LINK: 1472 bpf_error("link layer applied in wrong context"); 1473 1474 case Q_ATALK: 1475 b1 = gen_linktype(ETHERTYPE_ATALK); 1476 break; 1477 1478 case Q_DECNET: 1479 b1 = gen_linktype(ETHERTYPE_DN); 1480 break; 1481 1482 case Q_SCA: 1483 b1 = gen_linktype(ETHERTYPE_SCA); 1484 break; 1485 1486 case Q_LAT: 1487 b1 = gen_linktype(ETHERTYPE_LAT); 1488 break; 1489 1490 case Q_MOPDL: 1491 b1 = gen_linktype(ETHERTYPE_MOPDL); 1492 break; 1493 1494 case Q_MOPRC: 1495 b1 = gen_linktype(ETHERTYPE_MOPRC); 1496 break; 1497 1498 case Q_STP: 1499 b1 = gen_linktype(LLCSAP_8021D); 1500 break; 1501 1502 #ifdef INET6 1503 case Q_IPV6: 1504 b1 = gen_linktype(ETHERTYPE_IPV6); 1505 break; 1506 1507 #ifndef IPPROTO_ICMPV6 1508 #define IPPROTO_ICMPV6 58 1509 #endif 1510 case Q_ICMPV6: 1511 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1512 break; 1513 #endif /* INET6 */ 1514 1515 #ifndef IPPROTO_AH 1516 #define IPPROTO_AH 51 1517 #endif 1518 case Q_AH: 1519 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1520 #ifdef INET6 1521 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1522 gen_or(b0, b1); 1523 #endif 1524 break; 1525 1526 #ifndef IPPROTO_ESP 1527 #define IPPROTO_ESP 50 1528 #endif 1529 case Q_ESP: 1530 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1531 #ifdef INET6 1532 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1533 gen_or(b0, b1); 1534 #endif 1535 break; 1536 1537 default: 1538 abort(); 1539 } 1540 return b1; 1541 } 1542 1543 static struct block * 1544 gen_ipfrag() 1545 { 1546 struct slist *s, *tmp; 1547 struct block *b; 1548 1549 /* not ip frag */ 1550 if (variable_nl) { 1551 s = nl2X_stmt(); 1552 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1553 tmp->s.k = 6; 1554 sappend(s, tmp); 1555 } else { 1556 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1557 s->s.k = off_nl + 6; 1558 } 1559 b = new_block(JMP(BPF_JSET)); 1560 b->s.k = 0x1fff; 1561 b->stmts = s; 1562 gen_not(b); 1563 1564 return b; 1565 } 1566 1567 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1568 This function generates code to set X to the start of the IP payload 1569 X = off_nl + IP header_len. 1570 */ 1571 static struct slist * 1572 iphl_to_x(void) 1573 { 1574 struct slist *s, *tmp; 1575 1576 /* XXX clobbers A if variable_nl*/ 1577 if (variable_nl) { 1578 if (iphl_reg == -1) { 1579 /* X <- off_nl */ 1580 s = nl2X_stmt(); 1581 1582 /* A = p[X+0] */ 1583 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1584 tmp->s.k = 0; 1585 sappend(s, tmp); 1586 1587 /* A = A & 0x0f */ 1588 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1589 tmp->s.k = 0x0f; 1590 sappend(s, tmp); 1591 1592 /* A = A << 2 */ 1593 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1594 tmp->s.k = 2; 1595 sappend(s, tmp); 1596 1597 /* A = A + X (add off_nl again to compansate) */ 1598 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1599 1600 /* MEM[iphl_reg] = A */ 1601 iphl_reg = alloc_reg(); 1602 tmp = new_stmt(BPF_ST); 1603 tmp->s.k = iphl_reg; 1604 sappend(s, tmp); 1605 1606 sappend(init_code, s); 1607 } 1608 s = new_stmt(BPF_LDX|BPF_MEM); 1609 s->s.k = iphl_reg; 1610 1611 } else { 1612 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1613 s->s.k = off_nl; 1614 } 1615 1616 return s; 1617 } 1618 1619 static struct block * 1620 gen_portatom(off, v) 1621 int off; 1622 bpf_int32 v; 1623 { 1624 struct slist *s, *tmp; 1625 struct block *b; 1626 1627 s = iphl_to_x(); 1628 1629 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1630 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1631 sappend(s, tmp); 1632 1633 b = new_block(JMP(BPF_JEQ)); 1634 b->stmts = s; 1635 b->s.k = v; 1636 1637 return b; 1638 } 1639 1640 #ifdef INET6 1641 static struct block * 1642 gen_portatom6(off, v) 1643 int off; 1644 bpf_int32 v; 1645 { 1646 return gen_cmp_nl(40 + off, BPF_H, v); 1647 } 1648 #endif/*INET6*/ 1649 1650 struct block * 1651 gen_portop(port, proto, dir) 1652 int port, proto, dir; 1653 { 1654 struct block *b0, *b1, *tmp; 1655 1656 /* ip proto 'proto' */ 1657 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1658 b0 = gen_ipfrag(); 1659 gen_and(tmp, b0); 1660 1661 switch (dir) { 1662 case Q_SRC: 1663 b1 = gen_portatom(0, (bpf_int32)port); 1664 break; 1665 1666 case Q_DST: 1667 b1 = gen_portatom(2, (bpf_int32)port); 1668 break; 1669 1670 case Q_OR: 1671 case Q_DEFAULT: 1672 tmp = gen_portatom(0, (bpf_int32)port); 1673 b1 = gen_portatom(2, (bpf_int32)port); 1674 gen_or(tmp, b1); 1675 break; 1676 1677 case Q_AND: 1678 tmp = gen_portatom(0, (bpf_int32)port); 1679 b1 = gen_portatom(2, (bpf_int32)port); 1680 gen_and(tmp, b1); 1681 break; 1682 1683 default: 1684 abort(); 1685 } 1686 gen_and(b0, b1); 1687 1688 return b1; 1689 } 1690 1691 static struct block * 1692 gen_port(port, ip_proto, dir) 1693 int port; 1694 int ip_proto; 1695 int dir; 1696 { 1697 struct block *b0, *b1, *tmp; 1698 1699 /* ether proto ip */ 1700 b0 = gen_linktype(ETHERTYPE_IP); 1701 1702 switch (ip_proto) { 1703 case IPPROTO_UDP: 1704 case IPPROTO_TCP: 1705 b1 = gen_portop(port, ip_proto, dir); 1706 break; 1707 1708 case PROTO_UNDEF: 1709 tmp = gen_portop(port, IPPROTO_TCP, dir); 1710 b1 = gen_portop(port, IPPROTO_UDP, dir); 1711 gen_or(tmp, b1); 1712 break; 1713 1714 default: 1715 abort(); 1716 } 1717 gen_and(b0, b1); 1718 return b1; 1719 } 1720 1721 #ifdef INET6 1722 struct block * 1723 gen_portop6(port, proto, dir) 1724 int port, proto, dir; 1725 { 1726 struct block *b0, *b1, *tmp; 1727 1728 /* ip proto 'proto' */ 1729 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1730 1731 switch (dir) { 1732 case Q_SRC: 1733 b1 = gen_portatom6(0, (bpf_int32)port); 1734 break; 1735 1736 case Q_DST: 1737 b1 = gen_portatom6(2, (bpf_int32)port); 1738 break; 1739 1740 case Q_OR: 1741 case Q_DEFAULT: 1742 tmp = gen_portatom6(0, (bpf_int32)port); 1743 b1 = gen_portatom6(2, (bpf_int32)port); 1744 gen_or(tmp, b1); 1745 break; 1746 1747 case Q_AND: 1748 tmp = gen_portatom6(0, (bpf_int32)port); 1749 b1 = gen_portatom6(2, (bpf_int32)port); 1750 gen_and(tmp, b1); 1751 break; 1752 1753 default: 1754 abort(); 1755 } 1756 gen_and(b0, b1); 1757 1758 return b1; 1759 } 1760 1761 static struct block * 1762 gen_port6(port, ip_proto, dir) 1763 int port; 1764 int ip_proto; 1765 int dir; 1766 { 1767 struct block *b0, *b1, *tmp; 1768 1769 /* ether proto ip */ 1770 b0 = gen_linktype(ETHERTYPE_IPV6); 1771 1772 switch (ip_proto) { 1773 case IPPROTO_UDP: 1774 case IPPROTO_TCP: 1775 b1 = gen_portop6(port, ip_proto, dir); 1776 break; 1777 1778 case PROTO_UNDEF: 1779 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1780 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1781 gen_or(tmp, b1); 1782 break; 1783 1784 default: 1785 abort(); 1786 } 1787 gen_and(b0, b1); 1788 return b1; 1789 } 1790 #endif /* INET6 */ 1791 1792 static int 1793 lookup_proto(name, proto) 1794 const char *name; 1795 int proto; 1796 { 1797 int v; 1798 1799 switch (proto) { 1800 1801 case Q_DEFAULT: 1802 case Q_IP: 1803 v = pcap_nametoproto(name); 1804 if (v == PROTO_UNDEF) 1805 bpf_error("unknown ip proto '%s'", name); 1806 break; 1807 1808 case Q_LINK: 1809 /* XXX should look up h/w protocol type based on linktype */ 1810 v = pcap_nametoeproto(name); 1811 if (v == PROTO_UNDEF) { 1812 v = pcap_nametollc(name); 1813 if (v == PROTO_UNDEF) 1814 bpf_error("unknown ether proto '%s'", name); 1815 } 1816 break; 1817 1818 default: 1819 v = PROTO_UNDEF; 1820 break; 1821 } 1822 return v; 1823 } 1824 1825 static struct block * 1826 gen_protochain(v, proto, dir) 1827 int v; 1828 int proto; 1829 int dir; 1830 { 1831 struct block *b0, *b; 1832 struct slist *s[100]; 1833 int fix2, fix3, fix4, fix5; 1834 int ahcheck, again, end; 1835 int i, max; 1836 int reg1 = alloc_reg(); 1837 int reg2 = alloc_reg(); 1838 1839 memset(s, 0, sizeof(s)); 1840 fix2 = fix3 = fix4 = fix5 = 0; 1841 1842 if (variable_nl) { 1843 bpf_error("'gen_protochain' not supported for variable DLTs"); 1844 /*NOTREACHED*/ 1845 } 1846 1847 switch (proto) { 1848 case Q_IP: 1849 case Q_IPV6: 1850 break; 1851 case Q_DEFAULT: 1852 b0 = gen_protochain(v, Q_IP, dir); 1853 b = gen_protochain(v, Q_IPV6, dir); 1854 gen_or(b0, b); 1855 return b; 1856 default: 1857 bpf_error("bad protocol applied for 'protochain'"); 1858 /*NOTREACHED*/ 1859 } 1860 1861 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1862 1863 /* 1864 * s[0] is a dummy entry to protect other BPF insn from damaged 1865 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1866 * hard to find interdependency made by jump table fixup. 1867 */ 1868 i = 0; 1869 s[i] = new_stmt(0); /*dummy*/ 1870 i++; 1871 1872 switch (proto) { 1873 case Q_IP: 1874 b0 = gen_linktype(ETHERTYPE_IP); 1875 1876 /* A = ip->ip_p */ 1877 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1878 s[i]->s.k = off_nl + 9; 1879 i++; 1880 /* X = ip->ip_hl << 2 */ 1881 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1882 s[i]->s.k = off_nl; 1883 i++; 1884 break; 1885 case Q_IPV6: 1886 b0 = gen_linktype(ETHERTYPE_IPV6); 1887 1888 /* A = ip6->ip_nxt */ 1889 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1890 s[i]->s.k = off_nl + 6; 1891 i++; 1892 /* X = sizeof(struct ip6_hdr) */ 1893 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1894 s[i]->s.k = 40; 1895 i++; 1896 break; 1897 default: 1898 bpf_error("unsupported proto to gen_protochain"); 1899 /*NOTREACHED*/ 1900 } 1901 1902 /* again: if (A == v) goto end; else fall through; */ 1903 again = i; 1904 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1905 s[i]->s.k = v; 1906 s[i]->s.jt = NULL; /*later*/ 1907 s[i]->s.jf = NULL; /*update in next stmt*/ 1908 fix5 = i; 1909 i++; 1910 1911 /* if (A == IPPROTO_NONE) goto end */ 1912 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1913 s[i]->s.jt = NULL; /*later*/ 1914 s[i]->s.jf = NULL; /*update in next stmt*/ 1915 s[i]->s.k = IPPROTO_NONE; 1916 s[fix5]->s.jf = s[i]; 1917 fix2 = i; 1918 i++; 1919 1920 if (proto == Q_IPV6) { 1921 int v6start, v6end, v6advance, j; 1922 1923 v6start = i; 1924 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1925 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1926 s[i]->s.jt = NULL; /*later*/ 1927 s[i]->s.jf = NULL; /*update in next stmt*/ 1928 s[i]->s.k = IPPROTO_HOPOPTS; 1929 s[fix2]->s.jf = s[i]; 1930 i++; 1931 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1932 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1933 s[i]->s.jt = NULL; /*later*/ 1934 s[i]->s.jf = NULL; /*update in next stmt*/ 1935 s[i]->s.k = IPPROTO_DSTOPTS; 1936 i++; 1937 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1938 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1939 s[i]->s.jt = NULL; /*later*/ 1940 s[i]->s.jf = NULL; /*update in next stmt*/ 1941 s[i]->s.k = IPPROTO_ROUTING; 1942 i++; 1943 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1944 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1945 s[i]->s.jt = NULL; /*later*/ 1946 s[i]->s.jf = NULL; /*later*/ 1947 s[i]->s.k = IPPROTO_FRAGMENT; 1948 fix3 = i; 1949 v6end = i; 1950 i++; 1951 1952 /* v6advance: */ 1953 v6advance = i; 1954 1955 /* 1956 * in short, 1957 * A = P[X + 1]; 1958 * X = X + (P[X] + 1) * 8; 1959 */ 1960 /* A = X */ 1961 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1962 i++; 1963 /* MEM[reg1] = A */ 1964 s[i] = new_stmt(BPF_ST); 1965 s[i]->s.k = reg1; 1966 i++; 1967 /* A += 1 */ 1968 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1969 s[i]->s.k = 1; 1970 i++; 1971 /* X = A */ 1972 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1973 i++; 1974 /* A = P[X + packet head]; */ 1975 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1976 s[i]->s.k = off_nl; 1977 i++; 1978 /* MEM[reg2] = A */ 1979 s[i] = new_stmt(BPF_ST); 1980 s[i]->s.k = reg2; 1981 i++; 1982 /* X = MEM[reg1] */ 1983 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1984 s[i]->s.k = reg1; 1985 i++; 1986 /* A = P[X + packet head] */ 1987 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1988 s[i]->s.k = off_nl; 1989 i++; 1990 /* A += 1 */ 1991 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1992 s[i]->s.k = 1; 1993 i++; 1994 /* A *= 8 */ 1995 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1996 s[i]->s.k = 8; 1997 i++; 1998 /* X = A; */ 1999 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2000 i++; 2001 /* A = MEM[reg2] */ 2002 s[i] = new_stmt(BPF_LD|BPF_MEM); 2003 s[i]->s.k = reg2; 2004 i++; 2005 2006 /* goto again; (must use BPF_JA for backward jump) */ 2007 s[i] = new_stmt(BPF_JMP|BPF_JA); 2008 s[i]->s.k = again - i - 1; 2009 s[i - 1]->s.jf = s[i]; 2010 i++; 2011 2012 /* fixup */ 2013 for (j = v6start; j <= v6end; j++) 2014 s[j]->s.jt = s[v6advance]; 2015 } else { 2016 /* nop */ 2017 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2018 s[i]->s.k = 0; 2019 s[fix2]->s.jf = s[i]; 2020 i++; 2021 } 2022 2023 /* ahcheck: */ 2024 ahcheck = i; 2025 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2026 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2027 s[i]->s.jt = NULL; /*later*/ 2028 s[i]->s.jf = NULL; /*later*/ 2029 s[i]->s.k = IPPROTO_AH; 2030 if (fix3) 2031 s[fix3]->s.jf = s[ahcheck]; 2032 fix4 = i; 2033 i++; 2034 2035 /* 2036 * in short, 2037 * A = P[X + 1]; 2038 * X = X + (P[X] + 2) * 4; 2039 */ 2040 /* A = X */ 2041 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2042 i++; 2043 /* MEM[reg1] = A */ 2044 s[i] = new_stmt(BPF_ST); 2045 s[i]->s.k = reg1; 2046 i++; 2047 /* A += 1 */ 2048 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2049 s[i]->s.k = 1; 2050 i++; 2051 /* X = A */ 2052 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2053 i++; 2054 /* A = P[X + packet head]; */ 2055 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2056 s[i]->s.k = off_nl; 2057 i++; 2058 /* MEM[reg2] = A */ 2059 s[i] = new_stmt(BPF_ST); 2060 s[i]->s.k = reg2; 2061 i++; 2062 /* X = MEM[reg1] */ 2063 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2064 s[i]->s.k = reg1; 2065 i++; 2066 /* A = P[X + packet head] */ 2067 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2068 s[i]->s.k = off_nl; 2069 i++; 2070 /* A += 2 */ 2071 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2072 s[i]->s.k = 2; 2073 i++; 2074 /* A *= 4 */ 2075 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2076 s[i]->s.k = 4; 2077 i++; 2078 /* X = A; */ 2079 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2080 i++; 2081 /* A = MEM[reg2] */ 2082 s[i] = new_stmt(BPF_LD|BPF_MEM); 2083 s[i]->s.k = reg2; 2084 i++; 2085 2086 /* goto again; (must use BPF_JA for backward jump) */ 2087 s[i] = new_stmt(BPF_JMP|BPF_JA); 2088 s[i]->s.k = again - i - 1; 2089 i++; 2090 2091 /* end: nop */ 2092 end = i; 2093 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2094 s[i]->s.k = 0; 2095 s[fix2]->s.jt = s[end]; 2096 s[fix4]->s.jf = s[end]; 2097 s[fix5]->s.jt = s[end]; 2098 i++; 2099 2100 /* 2101 * make slist chain 2102 */ 2103 max = i; 2104 for (i = 0; i < max - 1; i++) 2105 s[i]->next = s[i + 1]; 2106 s[max - 1]->next = NULL; 2107 2108 /* 2109 * emit final check 2110 */ 2111 b = new_block(JMP(BPF_JEQ)); 2112 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2113 b->s.k = v; 2114 2115 free_reg(reg1); 2116 free_reg(reg2); 2117 2118 gen_and(b0, b); 2119 return b; 2120 } 2121 2122 static struct block * 2123 gen_proto(v, proto, dir) 2124 int v; 2125 int proto; 2126 int dir; 2127 { 2128 struct block *b0, *b1; 2129 2130 if (dir != Q_DEFAULT) 2131 bpf_error("direction applied to 'proto'"); 2132 2133 switch (proto) { 2134 case Q_DEFAULT: 2135 #ifdef INET6 2136 b0 = gen_proto(v, Q_IP, dir); 2137 b1 = gen_proto(v, Q_IPV6, dir); 2138 gen_or(b0, b1); 2139 return b1; 2140 #else 2141 /*FALLTHROUGH*/ 2142 #endif 2143 case Q_IP: 2144 b0 = gen_linktype(ETHERTYPE_IP); 2145 #ifndef CHASE_CHAIN 2146 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2147 #else 2148 b1 = gen_protochain(v, Q_IP); 2149 #endif 2150 gen_and(b0, b1); 2151 return b1; 2152 2153 case Q_ARP: 2154 bpf_error("arp does not encapsulate another protocol"); 2155 /* NOTREACHED */ 2156 2157 case Q_RARP: 2158 bpf_error("rarp does not encapsulate another protocol"); 2159 /* NOTREACHED */ 2160 2161 case Q_ATALK: 2162 bpf_error("atalk encapsulation is not specifiable"); 2163 /* NOTREACHED */ 2164 2165 case Q_DECNET: 2166 bpf_error("decnet encapsulation is not specifiable"); 2167 /* NOTREACHED */ 2168 2169 case Q_SCA: 2170 bpf_error("sca does not encapsulate another protocol"); 2171 /* NOTREACHED */ 2172 2173 case Q_LAT: 2174 bpf_error("lat does not encapsulate another protocol"); 2175 /* NOTREACHED */ 2176 2177 case Q_MOPRC: 2178 bpf_error("moprc does not encapsulate another protocol"); 2179 /* NOTREACHED */ 2180 2181 case Q_MOPDL: 2182 bpf_error("mopdl does not encapsulate another protocol"); 2183 /* NOTREACHED */ 2184 2185 case Q_LINK: 2186 return gen_linktype(v); 2187 2188 case Q_UDP: 2189 bpf_error("'udp proto' is bogus"); 2190 /* NOTREACHED */ 2191 2192 case Q_TCP: 2193 bpf_error("'tcp proto' is bogus"); 2194 /* NOTREACHED */ 2195 2196 case Q_ICMP: 2197 bpf_error("'icmp proto' is bogus"); 2198 /* NOTREACHED */ 2199 2200 case Q_IGMP: 2201 bpf_error("'igmp proto' is bogus"); 2202 /* NOTREACHED */ 2203 2204 case Q_IGRP: 2205 bpf_error("'igrp proto' is bogus"); 2206 /* NOTREACHED */ 2207 2208 case Q_PIM: 2209 bpf_error("'pim proto' is bogus"); 2210 /* NOTREACHED */ 2211 2212 case Q_STP: 2213 bpf_error("'stp proto' is bogus"); 2214 /* NOTREACHED */ 2215 2216 #ifdef INET6 2217 case Q_IPV6: 2218 b0 = gen_linktype(ETHERTYPE_IPV6); 2219 #ifndef CHASE_CHAIN 2220 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2221 #else 2222 b1 = gen_protochain(v, Q_IPV6); 2223 #endif 2224 gen_and(b0, b1); 2225 return b1; 2226 2227 case Q_ICMPV6: 2228 bpf_error("'icmp6 proto' is bogus"); 2229 #endif /* INET6 */ 2230 2231 case Q_AH: 2232 bpf_error("'ah proto' is bogus"); 2233 2234 case Q_ESP: 2235 bpf_error("'ah proto' is bogus"); 2236 2237 default: 2238 abort(); 2239 /* NOTREACHED */ 2240 } 2241 /* NOTREACHED */ 2242 } 2243 2244 struct block * 2245 gen_scode(name, q) 2246 const char *name; 2247 struct qual q; 2248 { 2249 int proto = q.proto; 2250 int dir = q.dir; 2251 int tproto; 2252 u_char *eaddr; 2253 bpf_u_int32 mask, addr; 2254 #ifndef INET6 2255 bpf_u_int32 **alist; 2256 #else 2257 int tproto6; 2258 struct sockaddr_in *sin; 2259 struct sockaddr_in6 *sin6; 2260 struct addrinfo *res, *res0; 2261 struct in6_addr mask128; 2262 #endif /*INET6*/ 2263 struct block *b, *tmp; 2264 int port, real_proto; 2265 2266 switch (q.addr) { 2267 2268 case Q_NET: 2269 addr = pcap_nametonetaddr(name); 2270 if (addr == 0) 2271 bpf_error("unknown network '%s'", name); 2272 /* Left justify network addr and calculate its network mask */ 2273 mask = 0xffffffff; 2274 while (addr && (addr & 0xff000000) == 0) { 2275 addr <<= 8; 2276 mask <<= 8; 2277 } 2278 return gen_host(addr, mask, proto, dir); 2279 2280 case Q_DEFAULT: 2281 case Q_HOST: 2282 if (proto == Q_LINK) { 2283 switch (linktype) { 2284 2285 case DLT_EN10MB: 2286 eaddr = pcap_ether_hostton(name); 2287 if (eaddr == NULL) 2288 bpf_error( 2289 "unknown ether host '%s'", name); 2290 return gen_ehostop(eaddr, dir); 2291 2292 case DLT_FDDI: 2293 eaddr = pcap_ether_hostton(name); 2294 if (eaddr == NULL) 2295 bpf_error( 2296 "unknown FDDI host '%s'", name); 2297 return gen_fhostop(eaddr, dir); 2298 2299 case DLT_IEEE802_11: 2300 case DLT_IEEE802_11_RADIO: 2301 eaddr = pcap_ether_hostton(name); 2302 if (eaddr == NULL) 2303 bpf_error( 2304 "unknown 802.11 host '%s'", name); 2305 2306 return gen_p80211_hostop(eaddr, dir); 2307 2308 default: 2309 bpf_error( 2310 "only ethernet/FDDI supports link-level host name"); 2311 break; 2312 } 2313 } else if (proto == Q_DECNET) { 2314 unsigned short dn_addr = __pcap_nametodnaddr(name); 2315 /* 2316 * I don't think DECNET hosts can be multihomed, so 2317 * there is no need to build up a list of addresses 2318 */ 2319 return (gen_host(dn_addr, 0, proto, dir)); 2320 } else { 2321 #ifndef INET6 2322 alist = pcap_nametoaddr(name); 2323 if (alist == NULL || *alist == NULL) 2324 bpf_error("unknown host '%s'", name); 2325 tproto = proto; 2326 if (off_linktype == -1 && tproto == Q_DEFAULT) 2327 tproto = Q_IP; 2328 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2329 while (*alist) { 2330 tmp = gen_host(**alist++, 0xffffffff, 2331 tproto, dir); 2332 gen_or(b, tmp); 2333 b = tmp; 2334 } 2335 return b; 2336 #else 2337 memset(&mask128, 0xff, sizeof(mask128)); 2338 res0 = res = pcap_nametoaddrinfo(name); 2339 if (res == NULL) 2340 bpf_error("unknown host '%s'", name); 2341 b = tmp = NULL; 2342 tproto = tproto6 = proto; 2343 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2344 tproto = Q_IP; 2345 tproto6 = Q_IPV6; 2346 } 2347 for (res = res0; res; res = res->ai_next) { 2348 switch (res->ai_family) { 2349 case AF_INET: 2350 if (tproto == Q_IPV6) 2351 continue; 2352 2353 sin = (struct sockaddr_in *) 2354 res->ai_addr; 2355 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2356 0xffffffff, tproto, dir); 2357 break; 2358 case AF_INET6: 2359 if (tproto6 == Q_IP) 2360 continue; 2361 2362 sin6 = (struct sockaddr_in6 *) 2363 res->ai_addr; 2364 tmp = gen_host6(&sin6->sin6_addr, 2365 &mask128, tproto6, dir); 2366 break; 2367 } 2368 if (b) 2369 gen_or(b, tmp); 2370 b = tmp; 2371 } 2372 freeaddrinfo(res0); 2373 if (b == NULL) { 2374 bpf_error("unknown host '%s'%s", name, 2375 (proto == Q_DEFAULT) 2376 ? "" 2377 : " for specified address family"); 2378 } 2379 return b; 2380 #endif /*INET6*/ 2381 } 2382 2383 case Q_PORT: 2384 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2385 bpf_error("illegal qualifier of 'port'"); 2386 if (pcap_nametoport(name, &port, &real_proto) == 0) 2387 bpf_error("unknown port '%s'", name); 2388 if (proto == Q_UDP) { 2389 if (real_proto == IPPROTO_TCP) 2390 bpf_error("port '%s' is tcp", name); 2391 else 2392 /* override PROTO_UNDEF */ 2393 real_proto = IPPROTO_UDP; 2394 } 2395 if (proto == Q_TCP) { 2396 if (real_proto == IPPROTO_UDP) 2397 bpf_error("port '%s' is udp", name); 2398 else 2399 /* override PROTO_UNDEF */ 2400 real_proto = IPPROTO_TCP; 2401 } 2402 #ifndef INET6 2403 return gen_port(port, real_proto, dir); 2404 #else 2405 { 2406 struct block *b; 2407 b = gen_port(port, real_proto, dir); 2408 gen_or(gen_port6(port, real_proto, dir), b); 2409 return b; 2410 } 2411 #endif /* INET6 */ 2412 2413 case Q_GATEWAY: 2414 #ifndef INET6 2415 eaddr = pcap_ether_hostton(name); 2416 if (eaddr == NULL) 2417 bpf_error("unknown ether host: %s", name); 2418 2419 alist = pcap_nametoaddr(name); 2420 if (alist == NULL || *alist == NULL) 2421 bpf_error("unknown host '%s'", name); 2422 return gen_gateway(eaddr, alist, proto, dir); 2423 #else 2424 bpf_error("'gateway' not supported in this configuration"); 2425 #endif /*INET6*/ 2426 2427 case Q_PROTO: 2428 real_proto = lookup_proto(name, proto); 2429 if (real_proto >= 0) 2430 return gen_proto(real_proto, proto, dir); 2431 else 2432 bpf_error("unknown protocol: %s", name); 2433 2434 case Q_PROTOCHAIN: 2435 real_proto = lookup_proto(name, proto); 2436 if (real_proto >= 0) 2437 return gen_protochain(real_proto, proto, dir); 2438 else 2439 bpf_error("unknown protocol: %s", name); 2440 2441 2442 case Q_UNDEF: 2443 syntax(); 2444 /* NOTREACHED */ 2445 } 2446 abort(); 2447 /* NOTREACHED */ 2448 } 2449 2450 struct block * 2451 gen_mcode(s1, s2, masklen, q) 2452 const char *s1, *s2; 2453 int masklen; 2454 struct qual q; 2455 { 2456 int nlen, mlen; 2457 bpf_u_int32 n, m; 2458 2459 nlen = __pcap_atoin(s1, &n); 2460 /* Promote short ipaddr */ 2461 n <<= 32 - nlen; 2462 2463 if (s2 != NULL) { 2464 mlen = __pcap_atoin(s2, &m); 2465 /* Promote short ipaddr */ 2466 m <<= 32 - mlen; 2467 if ((n & ~m) != 0) 2468 bpf_error("non-network bits set in \"%s mask %s\"", 2469 s1, s2); 2470 } else { 2471 /* Convert mask len to mask */ 2472 if (masklen > 32) 2473 bpf_error("mask length must be <= 32"); 2474 m = 0xffffffff << (32 - masklen); 2475 if ((n & ~m) != 0) 2476 bpf_error("non-network bits set in \"%s/%d\"", 2477 s1, masklen); 2478 } 2479 2480 switch (q.addr) { 2481 2482 case Q_NET: 2483 return gen_host(n, m, q.proto, q.dir); 2484 2485 default: 2486 bpf_error("Mask syntax for networks only"); 2487 /* NOTREACHED */ 2488 } 2489 } 2490 2491 struct block * 2492 gen_ncode(s, v, q) 2493 const char *s; 2494 bpf_u_int32 v; 2495 struct qual q; 2496 { 2497 bpf_u_int32 mask; 2498 int proto = q.proto; 2499 int dir = q.dir; 2500 int vlen; 2501 2502 if (s == NULL) 2503 vlen = 32; 2504 else if (q.proto == Q_DECNET) 2505 vlen = __pcap_atodn(s, &v); 2506 else 2507 vlen = __pcap_atoin(s, &v); 2508 2509 switch (q.addr) { 2510 2511 case Q_DEFAULT: 2512 case Q_HOST: 2513 case Q_NET: 2514 if (proto == Q_DECNET) 2515 return gen_host(v, 0, proto, dir); 2516 else if (proto == Q_LINK) { 2517 bpf_error("illegal link layer address"); 2518 } else { 2519 mask = 0xffffffff; 2520 if (s == NULL && q.addr == Q_NET) { 2521 /* Promote short net number */ 2522 while (v && (v & 0xff000000) == 0) { 2523 v <<= 8; 2524 mask <<= 8; 2525 } 2526 } else { 2527 /* Promote short ipaddr */ 2528 v <<= 32 - vlen; 2529 mask <<= 32 - vlen; 2530 } 2531 return gen_host(v, mask, proto, dir); 2532 } 2533 2534 case Q_PORT: 2535 if (proto == Q_UDP) 2536 proto = IPPROTO_UDP; 2537 else if (proto == Q_TCP) 2538 proto = IPPROTO_TCP; 2539 else if (proto == Q_DEFAULT) 2540 proto = PROTO_UNDEF; 2541 else 2542 bpf_error("illegal qualifier of 'port'"); 2543 2544 #ifndef INET6 2545 return gen_port((int)v, proto, dir); 2546 #else 2547 { 2548 struct block *b; 2549 b = gen_port((int)v, proto, dir); 2550 gen_or(gen_port6((int)v, proto, dir), b); 2551 return b; 2552 } 2553 #endif /* INET6 */ 2554 2555 case Q_GATEWAY: 2556 bpf_error("'gateway' requires a name"); 2557 /* NOTREACHED */ 2558 2559 case Q_PROTO: 2560 return gen_proto((int)v, proto, dir); 2561 2562 case Q_PROTOCHAIN: 2563 return gen_protochain((int)v, proto, dir); 2564 2565 case Q_UNDEF: 2566 syntax(); 2567 /* NOTREACHED */ 2568 2569 default: 2570 abort(); 2571 /* NOTREACHED */ 2572 } 2573 /* NOTREACHED */ 2574 } 2575 2576 #ifdef INET6 2577 struct block * 2578 gen_mcode6(s1, s2, masklen, q) 2579 const char *s1, *s2; 2580 int masklen; 2581 struct qual q; 2582 { 2583 struct addrinfo *res; 2584 struct in6_addr *addr; 2585 struct in6_addr mask; 2586 struct block *b; 2587 u_int32_t *a, *m; 2588 2589 if (s2) 2590 bpf_error("no mask %s supported", s2); 2591 2592 res = pcap_nametoaddrinfo(s1); 2593 if (!res) 2594 bpf_error("invalid ip6 address %s", s1); 2595 if (res->ai_next) 2596 bpf_error("%s resolved to multiple address", s1); 2597 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2598 2599 if (sizeof(mask) * 8 < masklen) 2600 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2601 memset(&mask, 0, sizeof(mask)); 2602 memset(&mask, 0xff, masklen / 8); 2603 if (masklen % 8) { 2604 mask.s6_addr[masklen / 8] = 2605 (0xff << (8 - masklen % 8)) & 0xff; 2606 } 2607 2608 a = (u_int32_t *)addr; 2609 m = (u_int32_t *)&mask; 2610 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2611 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2612 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2613 } 2614 2615 switch (q.addr) { 2616 2617 case Q_DEFAULT: 2618 case Q_HOST: 2619 if (masklen != 128) 2620 bpf_error("Mask syntax for networks only"); 2621 /* FALLTHROUGH */ 2622 2623 case Q_NET: 2624 b = gen_host6(addr, &mask, q.proto, q.dir); 2625 freeaddrinfo(res); 2626 return b; 2627 2628 default: 2629 bpf_error("invalid qualifier against IPv6 address"); 2630 /* NOTREACHED */ 2631 } 2632 } 2633 #endif /*INET6*/ 2634 2635 struct block * 2636 gen_ecode(eaddr, q) 2637 const u_char *eaddr; 2638 struct qual q; 2639 { 2640 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2641 if (linktype == DLT_EN10MB) 2642 return gen_ehostop(eaddr, (int)q.dir); 2643 if (linktype == DLT_FDDI) 2644 return gen_fhostop(eaddr, (int)q.dir); 2645 if (linktype == DLT_IEEE802_11 || 2646 linktype == DLT_IEEE802_11_RADIO) 2647 return gen_p80211_hostop(eaddr, (int)q.dir); 2648 } 2649 bpf_error("ethernet address used in non-ether expression"); 2650 /* NOTREACHED */ 2651 } 2652 2653 void 2654 sappend(s0, s1) 2655 struct slist *s0, *s1; 2656 { 2657 /* 2658 * This is definitely not the best way to do this, but the 2659 * lists will rarely get long. 2660 */ 2661 while (s0->next) 2662 s0 = s0->next; 2663 s0->next = s1; 2664 } 2665 2666 static struct slist * 2667 xfer_to_x(a) 2668 struct arth *a; 2669 { 2670 struct slist *s; 2671 2672 s = new_stmt(BPF_LDX|BPF_MEM); 2673 s->s.k = a->regno; 2674 return s; 2675 } 2676 2677 static struct slist * 2678 xfer_to_a(a) 2679 struct arth *a; 2680 { 2681 struct slist *s; 2682 2683 s = new_stmt(BPF_LD|BPF_MEM); 2684 s->s.k = a->regno; 2685 return s; 2686 } 2687 2688 struct arth * 2689 gen_load(proto, index, size) 2690 int proto; 2691 struct arth *index; 2692 int size; 2693 { 2694 struct slist *s, *tmp; 2695 struct block *b; 2696 int regno = alloc_reg(); 2697 2698 free_reg(index->regno); 2699 switch (size) { 2700 2701 default: 2702 bpf_error("data size must be 1, 2, or 4"); 2703 2704 case 1: 2705 size = BPF_B; 2706 break; 2707 2708 case 2: 2709 size = BPF_H; 2710 break; 2711 2712 case 4: 2713 size = BPF_W; 2714 break; 2715 } 2716 switch (proto) { 2717 default: 2718 bpf_error("unsupported index operation"); 2719 2720 case Q_LINK: 2721 s = xfer_to_x(index); 2722 tmp = new_stmt(BPF_LD|BPF_IND|size); 2723 sappend(s, tmp); 2724 sappend(index->s, s); 2725 break; 2726 2727 case Q_IP: 2728 case Q_ARP: 2729 case Q_RARP: 2730 case Q_ATALK: 2731 case Q_DECNET: 2732 case Q_SCA: 2733 case Q_LAT: 2734 case Q_MOPRC: 2735 case Q_MOPDL: 2736 #ifdef INET6 2737 case Q_IPV6: 2738 #endif 2739 /* XXX Note that we assume a fixed link header here. */ 2740 if (variable_nl) { 2741 s = nl2X_stmt(); 2742 sappend(s, xfer_to_a(index)); 2743 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2744 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2745 } else { 2746 s = xfer_to_x(index); 2747 } 2748 tmp = new_stmt(BPF_LD|BPF_IND|size); 2749 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2750 sappend(s, tmp); 2751 sappend(index->s, s); 2752 2753 b = gen_proto_abbrev(proto); 2754 if (index->b) 2755 gen_and(index->b, b); 2756 index->b = b; 2757 break; 2758 2759 case Q_TCP: 2760 case Q_UDP: 2761 case Q_ICMP: 2762 case Q_IGMP: 2763 case Q_IGRP: 2764 case Q_PIM: 2765 s = iphl_to_x(); 2766 sappend(s, xfer_to_a(index)); 2767 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2768 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2769 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2770 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2771 sappend(index->s, s); 2772 2773 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2774 if (index->b) 2775 gen_and(index->b, b); 2776 #ifdef INET6 2777 gen_and(gen_proto_abbrev(Q_IP), b); 2778 #endif 2779 index->b = b; 2780 break; 2781 #ifdef INET6 2782 case Q_ICMPV6: 2783 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2784 /*NOTREACHED*/ 2785 #endif 2786 } 2787 index->regno = regno; 2788 s = new_stmt(BPF_ST); 2789 s->s.k = regno; 2790 sappend(index->s, s); 2791 2792 return index; 2793 } 2794 2795 struct block * 2796 gen_relation(code, a0, a1, reversed) 2797 int code; 2798 struct arth *a0, *a1; 2799 int reversed; 2800 { 2801 struct slist *s0, *s1, *s2; 2802 struct block *b, *tmp; 2803 2804 s0 = xfer_to_x(a1); 2805 s1 = xfer_to_a(a0); 2806 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2807 b = new_block(JMP(code)); 2808 if (code == BPF_JGT || code == BPF_JGE) { 2809 reversed = !reversed; 2810 b->s.k = 0x80000000; 2811 } 2812 if (reversed) 2813 gen_not(b); 2814 2815 sappend(s1, s2); 2816 sappend(s0, s1); 2817 sappend(a1->s, s0); 2818 sappend(a0->s, a1->s); 2819 2820 b->stmts = a0->s; 2821 2822 free_reg(a0->regno); 2823 free_reg(a1->regno); 2824 2825 /* 'and' together protocol checks */ 2826 if (a0->b) { 2827 if (a1->b) { 2828 gen_and(a0->b, tmp = a1->b); 2829 } 2830 else 2831 tmp = a0->b; 2832 } else 2833 tmp = a1->b; 2834 2835 if (tmp) 2836 gen_and(tmp, b); 2837 2838 return b; 2839 } 2840 2841 struct arth * 2842 gen_loadlen() 2843 { 2844 int regno = alloc_reg(); 2845 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2846 struct slist *s; 2847 2848 s = new_stmt(BPF_LD|BPF_LEN); 2849 s->next = new_stmt(BPF_ST); 2850 s->next->s.k = regno; 2851 a->s = s; 2852 a->regno = regno; 2853 2854 return a; 2855 } 2856 2857 struct arth * 2858 gen_loadi(val) 2859 int val; 2860 { 2861 struct arth *a; 2862 struct slist *s; 2863 int reg; 2864 2865 a = (struct arth *)newchunk(sizeof(*a)); 2866 2867 reg = alloc_reg(); 2868 2869 s = new_stmt(BPF_LD|BPF_IMM); 2870 s->s.k = val; 2871 s->next = new_stmt(BPF_ST); 2872 s->next->s.k = reg; 2873 a->s = s; 2874 a->regno = reg; 2875 2876 return a; 2877 } 2878 2879 struct arth * 2880 gen_neg(a) 2881 struct arth *a; 2882 { 2883 struct slist *s; 2884 2885 s = xfer_to_a(a); 2886 sappend(a->s, s); 2887 s = new_stmt(BPF_ALU|BPF_NEG); 2888 s->s.k = 0; 2889 sappend(a->s, s); 2890 s = new_stmt(BPF_ST); 2891 s->s.k = a->regno; 2892 sappend(a->s, s); 2893 2894 return a; 2895 } 2896 2897 struct arth * 2898 gen_arth(code, a0, a1) 2899 int code; 2900 struct arth *a0, *a1; 2901 { 2902 struct slist *s0, *s1, *s2; 2903 2904 s0 = xfer_to_x(a1); 2905 s1 = xfer_to_a(a0); 2906 s2 = new_stmt(BPF_ALU|BPF_X|code); 2907 2908 sappend(s1, s2); 2909 sappend(s0, s1); 2910 sappend(a1->s, s0); 2911 sappend(a0->s, a1->s); 2912 2913 free_reg(a1->regno); 2914 2915 s0 = new_stmt(BPF_ST); 2916 a0->regno = s0->s.k = alloc_reg(); 2917 sappend(a0->s, s0); 2918 2919 return a0; 2920 } 2921 2922 /* 2923 * Here we handle simple allocation of the scratch registers. 2924 * If too many registers are alloc'd, the allocator punts. 2925 */ 2926 static int regused[BPF_MEMWORDS]; 2927 static int curreg; 2928 2929 /* 2930 * Return the next free register. 2931 */ 2932 static int 2933 alloc_reg() 2934 { 2935 int n = BPF_MEMWORDS; 2936 2937 while (--n >= 0) { 2938 if (regused[curreg]) 2939 curreg = (curreg + 1) % BPF_MEMWORDS; 2940 else { 2941 regused[curreg] = 1; 2942 return curreg; 2943 } 2944 } 2945 bpf_error("too many registers needed to evaluate expression"); 2946 /* NOTREACHED */ 2947 } 2948 2949 /* 2950 * Return a register to the table so it can 2951 * be used later. 2952 */ 2953 static void 2954 free_reg(n) 2955 int n; 2956 { 2957 regused[n] = 0; 2958 } 2959 2960 static struct block * 2961 gen_len(jmp, n) 2962 int jmp, n; 2963 { 2964 struct slist *s; 2965 struct block *b; 2966 2967 s = new_stmt(BPF_LD|BPF_LEN); 2968 b = new_block(JMP(jmp)); 2969 b->stmts = s; 2970 b->s.k = n; 2971 2972 return b; 2973 } 2974 2975 struct block * 2976 gen_greater(n) 2977 int n; 2978 { 2979 return gen_len(BPF_JGE, n); 2980 } 2981 2982 struct block * 2983 gen_less(n) 2984 int n; 2985 { 2986 struct block *b; 2987 2988 b = gen_len(BPF_JGT, n); 2989 gen_not(b); 2990 2991 return b; 2992 } 2993 2994 struct block * 2995 gen_byteop(op, idx, val) 2996 int op, idx, val; 2997 { 2998 struct block *b; 2999 struct slist *s; 3000 3001 switch (op) { 3002 default: 3003 abort(); 3004 3005 case '=': 3006 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3007 3008 case '<': 3009 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3010 b->s.code = JMP(BPF_JGE); 3011 gen_not(b); 3012 return b; 3013 3014 case '>': 3015 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3016 b->s.code = JMP(BPF_JGT); 3017 return b; 3018 3019 case '|': 3020 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3021 break; 3022 3023 case '&': 3024 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3025 break; 3026 } 3027 s->s.k = val; 3028 b = new_block(JMP(BPF_JEQ)); 3029 b->stmts = s; 3030 gen_not(b); 3031 3032 return b; 3033 } 3034 3035 struct block * 3036 gen_broadcast(proto) 3037 int proto; 3038 { 3039 bpf_u_int32 hostmask; 3040 struct block *b0, *b1, *b2; 3041 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3042 3043 switch (proto) { 3044 3045 case Q_DEFAULT: 3046 case Q_LINK: 3047 if (linktype == DLT_EN10MB) 3048 return gen_ehostop(ebroadcast, Q_DST); 3049 if (linktype == DLT_FDDI) 3050 return gen_fhostop(ebroadcast, Q_DST); 3051 if (linktype == DLT_IEEE802_11 || 3052 linktype == DLT_IEEE802_11_RADIO) 3053 return gen_p80211_hostop(ebroadcast, Q_DST); 3054 bpf_error("not a broadcast link"); 3055 break; 3056 3057 case Q_IP: 3058 b0 = gen_linktype(ETHERTYPE_IP); 3059 hostmask = ~netmask; 3060 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3061 b2 = gen_mcmp_nl(16, BPF_W, 3062 (bpf_int32)(~0 & hostmask), hostmask); 3063 gen_or(b1, b2); 3064 gen_and(b0, b2); 3065 return b2; 3066 } 3067 bpf_error("only ether/ip broadcast filters supported"); 3068 } 3069 3070 struct block * 3071 gen_multicast(proto) 3072 int proto; 3073 { 3074 struct block *b0, *b1; 3075 struct slist *s; 3076 3077 switch (proto) { 3078 3079 case Q_DEFAULT: 3080 case Q_LINK: 3081 if (linktype == DLT_EN10MB) { 3082 /* ether[0] & 1 != 0 */ 3083 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3084 s->s.k = 0; 3085 b0 = new_block(JMP(BPF_JSET)); 3086 b0->s.k = 1; 3087 b0->stmts = s; 3088 return b0; 3089 } 3090 3091 if (linktype == DLT_FDDI) { 3092 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3093 /* fddi[1] & 1 != 0 */ 3094 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3095 s->s.k = 1; 3096 b0 = new_block(JMP(BPF_JSET)); 3097 b0->s.k = 1; 3098 b0->stmts = s; 3099 return b0; 3100 } 3101 /* Link not known to support multicasts */ 3102 break; 3103 3104 case Q_IP: 3105 b0 = gen_linktype(ETHERTYPE_IP); 3106 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3107 b1->s.code = JMP(BPF_JGE); 3108 gen_and(b0, b1); 3109 return b1; 3110 3111 #ifdef INET6 3112 case Q_IPV6: 3113 b0 = gen_linktype(ETHERTYPE_IPV6); 3114 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3115 gen_and(b0, b1); 3116 return b1; 3117 #endif /* INET6 */ 3118 } 3119 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3120 } 3121 3122 /* 3123 * generate command for inbound/outbound. It's here so we can 3124 * make it link-type specific. 'dir' = 0 implies "inbound", 3125 * = 1 implies "outbound". 3126 */ 3127 struct block * 3128 gen_inbound(dir) 3129 int dir; 3130 { 3131 struct block *b0; 3132 3133 /* 3134 * Only SLIP and old-style PPP data link types support 3135 * inbound/outbound qualifiers. 3136 */ 3137 switch (linktype) { 3138 case DLT_SLIP: 3139 case DLT_PPP: 3140 b0 = gen_relation(BPF_JEQ, 3141 gen_load(Q_LINK, gen_loadi(0), 1), 3142 gen_loadi(0), 3143 dir); 3144 break; 3145 3146 case DLT_PFLOG: 3147 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3148 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3149 break; 3150 3151 default: 3152 bpf_error("inbound/outbound not supported on linktype 0x%x", 3153 linktype); 3154 /* NOTREACHED */ 3155 } 3156 3157 return (b0); 3158 } 3159 3160 3161 /* PF firewall log matched interface */ 3162 struct block * 3163 gen_pf_ifname(char *ifname) 3164 { 3165 struct block *b0; 3166 u_int len, off; 3167 3168 if (linktype == DLT_PFLOG) { 3169 len = sizeof(((struct pfloghdr *)0)->ifname); 3170 off = offsetof(struct pfloghdr, ifname); 3171 } else { 3172 bpf_error("ifname not supported on linktype 0x%x", linktype); 3173 /* NOTREACHED */ 3174 } 3175 if (strlen(ifname) >= len) { 3176 bpf_error("ifname interface names can only be %d characters", 3177 len - 1); 3178 /* NOTREACHED */ 3179 } 3180 b0 = gen_bcmp(off, strlen(ifname), ifname); 3181 return (b0); 3182 } 3183 3184 3185 /* PF firewall log ruleset name */ 3186 struct block * 3187 gen_pf_ruleset(char *ruleset) 3188 { 3189 struct block *b0; 3190 3191 if (linktype != DLT_PFLOG) { 3192 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3193 /* NOTREACHED */ 3194 } 3195 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3196 bpf_error("ruleset names can only be %zu characters", 3197 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3198 /* NOTREACHED */ 3199 } 3200 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3201 strlen(ruleset), ruleset); 3202 return (b0); 3203 } 3204 3205 3206 /* PF firewall log rule number */ 3207 struct block * 3208 gen_pf_rnr(int rnr) 3209 { 3210 struct block *b0; 3211 3212 if (linktype == DLT_PFLOG) { 3213 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3214 (bpf_int32)rnr); 3215 } else { 3216 bpf_error("rnr not supported on linktype 0x%x", linktype); 3217 /* NOTREACHED */ 3218 } 3219 3220 return (b0); 3221 } 3222 3223 3224 /* PF firewall log sub-rule number */ 3225 struct block * 3226 gen_pf_srnr(int srnr) 3227 { 3228 struct block *b0; 3229 3230 if (linktype != DLT_PFLOG) { 3231 bpf_error("srnr not supported on linktype 0x%x", linktype); 3232 /* NOTREACHED */ 3233 } 3234 3235 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3236 (bpf_int32)srnr); 3237 return (b0); 3238 } 3239 3240 /* PF firewall log reason code */ 3241 struct block * 3242 gen_pf_reason(int reason) 3243 { 3244 struct block *b0; 3245 3246 if (linktype == DLT_PFLOG) { 3247 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3248 (bpf_int32)reason); 3249 } else { 3250 bpf_error("reason not supported on linktype 0x%x", linktype); 3251 /* NOTREACHED */ 3252 } 3253 3254 return (b0); 3255 } 3256 3257 /* PF firewall log action */ 3258 struct block * 3259 gen_pf_action(int action) 3260 { 3261 struct block *b0; 3262 3263 if (linktype == DLT_PFLOG) { 3264 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3265 (bpf_int32)action); 3266 } else { 3267 bpf_error("action not supported on linktype 0x%x", linktype); 3268 /* NOTREACHED */ 3269 } 3270 3271 return (b0); 3272 } 3273 3274 /* IEEE 802.11 wireless header */ 3275 struct block * 3276 gen_p80211_type(int type, int mask) 3277 { 3278 struct block *b0; 3279 u_int offset; 3280 3281 if (!(linktype == DLT_IEEE802_11 || 3282 linktype == DLT_IEEE802_11_RADIO)) { 3283 bpf_error("type not supported on linktype 0x%x", 3284 linktype); 3285 /* NOTREACHED */ 3286 } 3287 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3288 if (linktype == DLT_IEEE802_11_RADIO) 3289 offset += IEEE80211_RADIOTAP_HDRLEN; 3290 3291 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3292 3293 return (b0); 3294 } 3295 3296 static struct block * 3297 gen_ahostop(eaddr, dir) 3298 const u_char *eaddr; 3299 int dir; 3300 { 3301 struct block *b0, *b1; 3302 3303 switch (dir) { 3304 /* src comes first, different from Ethernet */ 3305 case Q_SRC: 3306 return gen_bcmp(0, 1, eaddr); 3307 3308 case Q_DST: 3309 return gen_bcmp(1, 1, eaddr); 3310 3311 case Q_AND: 3312 b0 = gen_ahostop(eaddr, Q_SRC); 3313 b1 = gen_ahostop(eaddr, Q_DST); 3314 gen_and(b0, b1); 3315 return b1; 3316 3317 case Q_DEFAULT: 3318 case Q_OR: 3319 b0 = gen_ahostop(eaddr, Q_SRC); 3320 b1 = gen_ahostop(eaddr, Q_DST); 3321 gen_or(b0, b1); 3322 return b1; 3323 } 3324 abort(); 3325 /* NOTREACHED */ 3326 } 3327 3328 struct block * 3329 gen_acode(eaddr, q) 3330 const u_char *eaddr; 3331 struct qual q; 3332 { 3333 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3334 if (linktype == DLT_ARCNET) 3335 return gen_ahostop(eaddr, (int)q.dir); 3336 } 3337 bpf_error("ARCnet address used in non-arc expression"); 3338 /* NOTREACHED */ 3339 } 3340 3341 /* 3342 * support IEEE 802.1Q VLAN trunk over ethernet 3343 */ 3344 struct block * 3345 gen_vlan(vlan_num) 3346 int vlan_num; 3347 { 3348 struct block *b0; 3349 3350 if (variable_nl) { 3351 bpf_error("'vlan' not supported for variable DLTs"); 3352 /*NOTREACHED*/ 3353 } 3354 3355 /* 3356 * Change the offsets to point to the type and data fields within 3357 * the VLAN packet. This is somewhat of a kludge. 3358 */ 3359 if (orig_nl == (u_int)-1) { 3360 orig_linktype = off_linktype; /* save original values */ 3361 orig_nl = off_nl; 3362 orig_nl_nosnap = off_nl_nosnap; 3363 3364 switch (linktype) { 3365 3366 case DLT_EN10MB: 3367 off_linktype = 16; 3368 off_nl_nosnap = 18; 3369 off_nl = 18; 3370 break; 3371 3372 default: 3373 bpf_error("no VLAN support for data link type %d", 3374 linktype); 3375 /*NOTREACHED*/ 3376 } 3377 } 3378 3379 /* check for VLAN */ 3380 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3381 3382 /* If a specific VLAN is requested, check VLAN id */ 3383 if (vlan_num >= 0) { 3384 struct block *b1; 3385 3386 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3387 gen_and(b0, b1); 3388 b0 = b1; 3389 } 3390 3391 return (b0); 3392 } 3393 3394 struct block * 3395 gen_p80211_fcdir(int fcdir) 3396 { 3397 struct block *b0; 3398 u_int offset; 3399 3400 if (!(linktype == DLT_IEEE802_11 || 3401 linktype == DLT_IEEE802_11_RADIO)) { 3402 bpf_error("frame direction not supported on linktype 0x%x", 3403 linktype); 3404 /* NOTREACHED */ 3405 } 3406 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3407 if (linktype == DLT_IEEE802_11_RADIO) 3408 offset += IEEE80211_RADIOTAP_HDRLEN; 3409 3410 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3411 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3412 3413 return (b0); 3414 } 3415 3416 static struct block * 3417 gen_p80211_hostop(const u_char *lladdr, int dir) 3418 { 3419 struct block *b0, *b1, *b2, *b3, *b4; 3420 u_int offset = 0; 3421 3422 if (linktype == DLT_IEEE802_11_RADIO) 3423 offset = IEEE80211_RADIOTAP_HDRLEN; 3424 3425 switch (dir) { 3426 case Q_SRC: 3427 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3428 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3429 lladdr); 3430 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3431 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3432 lladdr); 3433 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3434 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3435 lladdr); 3436 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3437 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3438 lladdr); 3439 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3440 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3441 lladdr); 3442 3443 gen_or(b0, b1); 3444 gen_or(b1, b2); 3445 gen_or(b2, b3); 3446 gen_or(b3, b4); 3447 return (b4); 3448 3449 case Q_DST: 3450 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3451 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3452 lladdr); 3453 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3454 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3455 lladdr); 3456 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3457 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3458 lladdr); 3459 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3460 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3461 lladdr); 3462 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3463 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3464 lladdr); 3465 3466 gen_or(b0, b1); 3467 gen_or(b1, b2); 3468 gen_or(b2, b3); 3469 gen_or(b3, b4); 3470 return (b4); 3471 3472 case Q_ADDR1: 3473 return (gen_bcmp(offset + 3474 (u_int)offsetof(struct ieee80211_frame, 3475 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3476 3477 case Q_ADDR2: 3478 return (gen_bcmp(offset + 3479 (u_int)offsetof(struct ieee80211_frame, 3480 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3481 3482 case Q_ADDR3: 3483 return (gen_bcmp(offset + 3484 (u_int)offsetof(struct ieee80211_frame, 3485 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3486 3487 case Q_ADDR4: 3488 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3489 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3490 lladdr)); 3491 3492 case Q_AND: 3493 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3494 b1 = gen_p80211_hostop(lladdr, Q_DST); 3495 gen_and(b0, b1); 3496 return (b1); 3497 3498 case Q_DEFAULT: 3499 case Q_OR: 3500 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3501 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3502 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3503 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3504 gen_or(b0, b1); 3505 gen_or(b1, b2); 3506 gen_or(b2, b3); 3507 return (b3); 3508 3509 default: 3510 bpf_error("direction not supported on linktype 0x%x", 3511 linktype); 3512 } 3513 /* NOTREACHED */ 3514 } 3515 3516 static struct block * 3517 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3518 { 3519 struct block *b0, *b1; 3520 3521 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3522 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3523 gen_and(b0, b1); 3524 3525 return (b1); 3526 } 3527