xref: /openbsd-src/lib/libpcap/gencode.c (revision 19fef81560be48509a81878548a6da7da6687cb4) 
1 /*	$OpenBSD: gencode.c,v 1.65 2024/04/05 18:01:56 deraadt Exp $	*/
2 
3 /*
4  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that: (1) source code distributions
9  * retain the above copyright notice and this paragraph in its entirety, (2)
10  * distributions including binary code include the above copyright notice and
11  * this paragraph in its entirety in the documentation or other materials
12  * provided with the distribution, and (3) all advertising materials mentioning
13  * features or use of this software display the following acknowledgement:
14  * ``This product includes software developed by the University of California,
15  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16  * the University nor the names of its contributors may be used to endorse
17  * or promote products derived from this software without specific prior
18  * written permission.
19  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22  */
23 
24 #include <sys/types.h>
25 #include <sys/socket.h>
26 #include <sys/time.h>
27 
28 #include <net/if.h>
29 
30 #include <netinet/in.h>
31 #include <netinet/if_ether.h>
32 
33 #include <net/if_pflog.h>
34 #include <net/pfvar.h>
35 
36 #include <netmpls/mpls.h>
37 
38 #include <net80211/ieee80211.h>
39 #include <net80211/ieee80211_radiotap.h>
40 
41 #include <stdlib.h>
42 #include <stddef.h>
43 #include <setjmp.h>
44 #include <stdarg.h>
45 #include <string.h>
46 
47 #include "pcap-int.h"
48 
49 #include "ethertype.h"
50 #include "llc.h"
51 #include "gencode.h"
52 #include "ppp.h"
53 #include <pcap-namedb.h>
54 #ifdef INET6
55 #include <netdb.h>
56 #endif /*INET6*/
57 
58 #ifdef HAVE_OS_PROTO_H
59 #include "os-proto.h"
60 #endif
61 
62 #define JMP(c) ((c)|BPF_JMP|BPF_K)
63 
64 /* Locals */
65 static jmp_buf top_ctx;
66 static pcap_t *bpf_pcap;
67 
68 /* Hack for updating VLAN offsets. */
69 static u_int	orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
70 static u_int	mpls_stack = 0;
71 
72 /* XXX */
73 #ifdef PCAP_FDDIPAD
74 int	pcap_fddipad = PCAP_FDDIPAD;
75 #else
76 int	pcap_fddipad;
77 #endif
78 
79 __dead void
80 bpf_error(const char *fmt, ...)
81 {
82 	va_list ap;
83 
84 	va_start(ap, fmt);
85 	if (bpf_pcap != NULL)
86 		(void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
87 		    fmt, ap);
88 	va_end(ap);
89 	longjmp(top_ctx, 1);
90 	/* NOTREACHED */
91 }
92 
93 static void init_linktype(int);
94 
95 static int alloc_reg(void);
96 static void free_reg(int);
97 
98 static struct block *root;
99 
100 /* initialization code used for variable link header */
101 static struct slist *init_code = NULL;
102 
103 /* Flags and registers for variable link type handling */
104 static int variable_nl;
105 static int nl_reg, iphl_reg;
106 
107 /*
108  * Track memory allocations, for bulk freeing at the end
109  */
110 #define NMEMBAG 16
111 #define MEMBAG0SIZE (4096 / sizeof (void *))
112 struct membag {
113 	u_int total;
114 	u_int slot;
115 	void **ptrs;	/* allocated array[total] to each malloc */
116 };
117 
118 static struct membag membag[NMEMBAG];
119 static int cur_membag;
120 
121 static void *newchunk(size_t);
122 static void freechunks(void);
123 static __inline struct block *new_block(int);
124 static __inline struct slist *new_stmt(int);
125 static struct block *gen_retblk(int);
126 static __inline void syntax(void);
127 
128 static void backpatch(struct block *, struct block *);
129 static void merge(struct block *, struct block *);
130 static struct block *gen_cmp(u_int, u_int, bpf_int32);
131 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
132 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32);
133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
134 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32);
135 static struct block *gen_bcmp(u_int, u_int, const u_char *);
136 static struct block *gen_uncond(int);
137 static __inline struct block *gen_true(void);
138 static __inline struct block *gen_false(void);
139 static struct block *gen_linktype(int);
140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
141 #ifdef INET6
142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
143 #endif
144 static struct block *gen_ehostop(const u_char *, int);
145 static struct block *gen_fhostop(const u_char *, int);
146 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
147 static struct block *gen_p80211_hostop(const u_char *, int);
148 static struct block *gen_p80211_addr(int, u_int, const u_char *);
149 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
150 #ifdef INET6
151 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
152 #endif
153 #ifndef INET6
154 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
155 #endif
156 static struct block *gen_ipfrag(void);
157 static struct block *gen_portatom(int, bpf_int32);
158 #ifdef INET6
159 static struct block *gen_portatom6(int, bpf_int32);
160 #endif
161 struct block *gen_portop(int, int, int);
162 static struct block *gen_port(int, int, int);
163 #ifdef INET6
164 struct block *gen_portop6(int, int, int);
165 static struct block *gen_port6(int, int, int);
166 #endif
167 static int lookup_proto(const char *, int);
168 static struct block *gen_protochain(int, int, int);
169 static struct block *gen_proto(int, int, int);
170 static struct slist *xfer_to_x(struct arth *);
171 static struct slist *xfer_to_a(struct arth *);
172 static struct block *gen_len(int, int);
173 
174 static void *
175 newchunk(size_t n)
176 {
177 	struct membag *m;
178 	int k, size;
179 	void *p;
180 
181 	m = &membag[cur_membag];
182 	if (m->total != 0 && m->total - m->slot == 0) {
183 		if (++cur_membag == NMEMBAG)
184 			bpf_error("out of memory");
185 		m = &membag[cur_membag];
186 	}
187 	if (m->total - m->slot == 0) {
188 		m->ptrs = calloc(sizeof (char *), MEMBAG0SIZE << cur_membag);
189 		if (m->ptrs == NULL)
190 			bpf_error("out of memory");
191 		m->total = MEMBAG0SIZE << cur_membag;
192 		m->slot = 0;
193 	}
194 
195 	p = calloc(1, n);
196 	if (p == NULL)
197 		bpf_error("out of memory");
198 	m->ptrs[m->slot++] = p;
199 	return (p);
200 }
201 
202 static void
203 freechunks(void)
204 {
205 	int i, j;
206 
207 	for (i = 0; i <= cur_membag; i++) {
208 		if (membag[i].ptrs == NULL)
209 			continue;
210 		for (j = 0; j < membag[i].slot; j++)
211 			free(membag[i].ptrs[j]);
212 		free(membag[i].ptrs);
213 		membag[i].ptrs = NULL;
214 		membag[i].slot = membag[i].total = 0;
215 	}
216 	cur_membag = 0;
217 }
218 
219 /*
220  * A strdup whose allocations are freed after code generation is over.
221  */
222 char *
223 sdup(const char *s)
224 {
225 	int n = strlen(s) + 1;
226 	char *cp = newchunk(n);
227 
228 	strlcpy(cp, s, n);
229 	return (cp);
230 }
231 
232 static __inline struct block *
233 new_block(int code)
234 {
235 	struct block *p;
236 
237 	p = (struct block *)newchunk(sizeof(*p));
238 	p->s.code = code;
239 	p->head = p;
240 
241 	return p;
242 }
243 
244 static __inline struct slist *
245 new_stmt(int code)
246 {
247 	struct slist *p;
248 
249 	p = (struct slist *)newchunk(sizeof(*p));
250 	p->s.code = code;
251 
252 	return p;
253 }
254 
255 static struct block *
256 gen_retblk(int v)
257 {
258 	struct block *b = new_block(BPF_RET|BPF_K);
259 
260 	b->s.k = v;
261 	return b;
262 }
263 
264 static __inline void
265 syntax()
266 {
267 	bpf_error("syntax error in filter expression");
268 }
269 
270 static bpf_u_int32 netmask;
271 static int snaplen;
272 int no_optimize;
273 
274 int
275 pcap_compile(pcap_t *p, struct bpf_program *program,
276 	     const char *buf, int optimize, bpf_u_int32 mask)
277 {
278 	extern int n_errors;
279 	int len;
280 
281 	no_optimize = 0;
282 	n_errors = 0;
283 	root = NULL;
284 	bpf_pcap = p;
285 	if (setjmp(top_ctx)) {
286 		freechunks();
287 		return (-1);
288 	}
289 
290 	netmask = mask;
291 	snaplen = pcap_snapshot(p);
292 
293 	lex_init(buf ? buf : "");
294 	init_linktype(pcap_datalink(p));
295 	(void)pcap_parse();
296 
297 	if (n_errors)
298 		syntax();
299 
300 	if (root == NULL)
301 		root = gen_retblk(snaplen);
302 
303 	if (optimize && !no_optimize) {
304 		bpf_optimize(&root);
305 		if (root == NULL ||
306 		    (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
307 			bpf_error("expression rejects all packets");
308 	}
309 	program->bf_insns = icode_to_fcode(root, &len);
310 	program->bf_len = len;
311 
312 	freechunks();
313 	return (0);
314 }
315 
316 /*
317  * entry point for using the compiler with no pcap open
318  * pass in all the stuff that is needed explicitly instead.
319  */
320 int
321 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
322 		    struct bpf_program *program,
323 	     const char *buf, int optimize, bpf_u_int32 mask)
324 {
325 	extern int n_errors;
326 	int len;
327 
328 	n_errors = 0;
329 	root = NULL;
330 	bpf_pcap = NULL;
331 	if (setjmp(top_ctx)) {
332 		freechunks();
333 		return (-1);
334 	}
335 
336 	netmask = mask;
337 
338 	/* XXX needed? I don't grok the use of globals here. */
339 	snaplen = snaplen_arg;
340 
341 	lex_init(buf ? buf : "");
342 	init_linktype(linktype_arg);
343 	(void)pcap_parse();
344 
345 	if (n_errors)
346 		syntax();
347 
348 	if (root == NULL)
349 		root = gen_retblk(snaplen_arg);
350 
351 	if (optimize) {
352 		bpf_optimize(&root);
353 		if (root == NULL ||
354 		    (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
355 			bpf_error("expression rejects all packets");
356 	}
357 	program->bf_insns = icode_to_fcode(root, &len);
358 	program->bf_len = len;
359 
360 	freechunks();
361 	return (0);
362 }
363 
364 /*
365  * Clean up a "struct bpf_program" by freeing all the memory allocated
366  * in it.
367  */
368 void
369 pcap_freecode(struct bpf_program *program)
370 {
371 	program->bf_len = 0;
372 	if (program->bf_insns != NULL) {
373 		free((char *)program->bf_insns);
374 		program->bf_insns = NULL;
375 	}
376 }
377 
378 /*
379  * Backpatch the blocks in 'list' to 'target'.  The 'sense' field indicates
380  * which of the jt and jf fields has been resolved and which is a pointer
381  * back to another unresolved block (or nil).  At least one of the fields
382  * in each block is already resolved.
383  */
384 static void
385 backpatch(struct block *list, struct block *target)
386 {
387 	struct block *next;
388 
389 	while (list) {
390 		if (!list->sense) {
391 			next = JT(list);
392 			JT(list) = target;
393 		} else {
394 			next = JF(list);
395 			JF(list) = target;
396 		}
397 		list = next;
398 	}
399 }
400 
401 /*
402  * Merge the lists in b0 and b1, using the 'sense' field to indicate
403  * which of jt and jf is the link.
404  */
405 static void
406 merge(struct block *b0, struct block *b1)
407 {
408 	struct block **p = &b0;
409 
410 	/* Find end of list. */
411 	while (*p)
412 		p = !((*p)->sense) ? &JT(*p) : &JF(*p);
413 
414 	/* Concatenate the lists. */
415 	*p = b1;
416 }
417 
418 void
419 finish_parse(struct block *p)
420 {
421 	backpatch(p, gen_retblk(snaplen));
422 	p->sense = !p->sense;
423 	backpatch(p, gen_retblk(0));
424 	root = p->head;
425 
426 	/* prepend initialization code to root */
427 	if (init_code != NULL && root != NULL) {
428 		sappend(init_code, root->stmts);
429 		root->stmts = init_code;
430 		init_code = NULL;
431 	}
432 
433 	if (iphl_reg != -1) {
434 		free_reg(iphl_reg);
435 		iphl_reg = -1;
436 	}
437 	if (nl_reg != -1) {
438 		free_reg(nl_reg);
439 		nl_reg = -1;
440 	}
441 }
442 
443 void
444 gen_and(struct block *b0, struct block *b1)
445 {
446 	backpatch(b0, b1->head);
447 	b0->sense = !b0->sense;
448 	b1->sense = !b1->sense;
449 	merge(b1, b0);
450 	b1->sense = !b1->sense;
451 	b1->head = b0->head;
452 }
453 
454 void
455 gen_or(struct block *b0, struct block *b1)
456 {
457 	b0->sense = !b0->sense;
458 	backpatch(b0, b1->head);
459 	b0->sense = !b0->sense;
460 	merge(b1, b0);
461 	b1->head = b0->head;
462 }
463 
464 void
465 gen_not(struct block *b)
466 {
467 	b->sense = !b->sense;
468 }
469 
470 static struct block *
471 gen_cmp(u_int offset, u_int size, bpf_int32 v)
472 {
473 	struct slist *s;
474 	struct block *b;
475 
476 	s = new_stmt(BPF_LD|BPF_ABS|size);
477 	s->s.k = offset;
478 
479 	b = new_block(JMP(BPF_JEQ));
480 	b->stmts = s;
481 	b->s.k = v;
482 
483 	return b;
484 }
485 
486 static struct block *
487 gen_cmp_gt(u_int offset, u_int size, bpf_int32 v)
488 {
489 	struct slist *s;
490 	struct block *b;
491 
492 	s = new_stmt(BPF_LD|BPF_ABS|size);
493 	s->s.k = offset;
494 
495 	b = new_block(JMP(BPF_JGT));
496 	b->stmts = s;
497 	b->s.k = v;
498 
499 	return b;
500 }
501 
502 static struct block *
503 gen_mcmp(u_int offset, u_int size, bpf_int32 v, bpf_u_int32 mask)
504 {
505 	struct block *b = gen_cmp(offset, size, v);
506 	struct slist *s;
507 
508 	if (mask != 0xffffffff) {
509 		s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
510 		s->s.k = mask;
511 		sappend(b->stmts, s);
512 	}
513 	return b;
514 }
515 
516 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */
517 static struct block *
518 gen_mcmp_nl(u_int offset, u_int size, bpf_int32 v, bpf_u_int32 mask)
519 {
520 	struct block *b = gen_cmp_nl(offset, size, v);
521 	struct slist *s;
522 
523 	if (mask != 0xffffffff) {
524 		s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
525 		s->s.k = mask;
526 		sappend(b->stmts, s);
527 	}
528 	return b;
529 }
530 
531 static struct block *
532 gen_bcmp(u_int offset, u_int size, const u_char *v)
533 {
534 	struct block *b, *tmp;
535 
536 	b = NULL;
537 	while (size >= 4) {
538 		const u_char *p = &v[size - 4];
539 		bpf_int32 w = ((bpf_int32)p[0] << 24) |
540 		    ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
541 
542 		tmp = gen_cmp(offset + size - 4, BPF_W, w);
543 		if (b != NULL)
544 			gen_and(b, tmp);
545 		b = tmp;
546 		size -= 4;
547 	}
548 	while (size >= 2) {
549 		const u_char *p = &v[size - 2];
550 		bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
551 
552 		tmp = gen_cmp(offset + size - 2, BPF_H, w);
553 		if (b != NULL)
554 			gen_and(b, tmp);
555 		b = tmp;
556 		size -= 2;
557 	}
558 	if (size > 0) {
559 		tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
560 		if (b != NULL)
561 			gen_and(b, tmp);
562 		b = tmp;
563 	}
564 	return b;
565 }
566 
567 /*
568  * Various code constructs need to know the layout of the data link
569  * layer.  These variables give the necessary offsets.  off_linktype
570  * is set to -1 for no encapsulation, in which case, IP is assumed.
571  */
572 static u_int off_linktype;
573 static u_int off_nl;
574 static u_int off_nl_nosnap;
575 
576 static int linktype;
577 
578 /* Generate code to load the dynamic 'off_nl' to the X register */
579 static struct slist *
580 nl2X_stmt(void)
581 {
582 	struct slist *s, *tmp;
583 
584 	if (nl_reg == -1) {
585 		switch (linktype) {
586 		case DLT_PFLOG:
587 			/* The pflog header contains PFLOG_REAL_HDRLEN
588 			   which does NOT include the padding. Round
589 			   up to the nearest dword boundary */
590 			s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
591 			s->s.k = 0;
592 
593 			tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
594 			tmp->s.k = 3;
595 			sappend(s, tmp);
596 
597 			tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K);
598 			tmp->s.k = 0xfc;
599 			sappend(s, tmp);
600 
601 			nl_reg = alloc_reg();
602 			tmp = new_stmt(BPF_ST);
603 			tmp->s.k = nl_reg;
604 			sappend(s, tmp);
605 
606 			break;
607 		default:
608 			bpf_error("Unknown header size for link type 0x%x",
609 				  linktype);
610 		}
611 
612 		if (init_code == NULL)
613 			init_code = s;
614 		else
615 			sappend(init_code, s);
616 	}
617 
618 	s = new_stmt(BPF_LDX|BPF_MEM);
619 	s->s.k = nl_reg;
620 
621 	return s;
622 }
623 
624 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */
625 static struct block *
626 gen_cmp_nl(u_int offset, u_int size, bpf_int32 v)
627 {
628 	struct slist *s, *tmp;
629 	struct block *b;
630 
631 	if (variable_nl) {
632 		s = nl2X_stmt();
633 		tmp = new_stmt(BPF_LD|BPF_IND|size);
634 		tmp->s.k = offset;
635 		sappend(s, tmp);
636 	} else {
637 		s = new_stmt(BPF_LD|BPF_ABS|size);
638 		s->s.k = offset + off_nl;
639 	}
640 	b = new_block(JMP(BPF_JEQ));
641 	b->stmts = s;
642 	b->s.k = v;
643 
644 	return b;
645 }
646 
647 static void
648 init_linktype(int type)
649 {
650 	linktype = type;
651 	init_code = NULL;
652 	nl_reg = iphl_reg = -1;
653 
654 	switch (type) {
655 
656 	case DLT_EN10MB:
657 		off_linktype = 12;
658 		off_nl = 14;
659 		return;
660 
661 	case DLT_SLIP:
662 		/*
663 		 * SLIP doesn't have a link level type.  The 16 byte
664 		 * header is hacked into our SLIP driver.
665 		 */
666 		off_linktype = -1;
667 		off_nl = 16;
668 		return;
669 
670 	case DLT_SLIP_BSDOS:
671 		/* XXX this may be the same as the DLT_PPP_BSDOS case */
672 		off_linktype = -1;
673 		/* XXX end */
674 		off_nl = 24;
675 		return;
676 
677 	case DLT_NULL:
678 		off_linktype = 0;
679 		off_nl = 4;
680 		return;
681 
682 	case DLT_PPP:
683 		off_linktype = 2;
684 		off_nl = 4;
685 		return;
686 
687 	case DLT_PPP_SERIAL:
688 		off_linktype = -1;
689 		off_nl = 2;
690 		return;
691 
692 	case DLT_PPP_ETHER:
693 		/*
694 		 * This does not include the Ethernet header, and
695 		 * only covers session state.
696  		 */
697 		off_linktype = 6;
698 		off_nl = 8;
699 		return;
700 
701 	case DLT_PPP_BSDOS:
702 		off_linktype = 5;
703 		off_nl = 24;
704 		return;
705 
706 	case DLT_FDDI:
707 		/*
708 		 * FDDI doesn't really have a link-level type field.
709 		 * We assume that SSAP = SNAP is being used and pick
710 		 * out the encapsulated Ethernet type.
711 		 */
712 		off_linktype = 19;
713 #ifdef PCAP_FDDIPAD
714 		off_linktype += pcap_fddipad;
715 #endif
716 		off_nl = 21;
717 #ifdef PCAP_FDDIPAD
718 		off_nl += pcap_fddipad;
719 #endif
720 		return;
721 
722 	case DLT_IEEE802:
723 		off_linktype = 20;
724 		off_nl = 22;
725 		return;
726 
727 	case DLT_IEEE802_11:
728 		off_linktype = 30; /* XXX variable */
729 		off_nl = 32;
730 		return;
731 
732 	case DLT_IEEE802_11_RADIO: /* XXX variable */
733 		off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN;
734 		off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN;
735 		return;
736 
737 	case DLT_ATM_RFC1483:
738 		/*
739 		 * assume routed, non-ISO PDUs
740 		 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
741 		 */
742 		off_linktype = 6;
743 		off_nl = 8;
744 		return;
745 
746 	case DLT_LOOP:
747 		off_linktype = 0;
748 		off_nl = 4;
749 		return;
750 
751 	case DLT_ENC:
752 		off_linktype = -1;
753 		off_nl = 12;
754 		return;
755 
756 	case DLT_PFLOG:
757 		off_linktype = 0;
758 		variable_nl = 1;
759 		off_nl = 0;
760 		return;
761 
762 	case DLT_PFSYNC:
763 		off_linktype = -1;
764 		off_nl = 4;
765 		return;
766 
767 	case DLT_OPENFLOW:
768 		off_linktype = -1;
769 		off_nl = 12;
770 		return;
771 
772 	case DLT_USBPCAP:
773 		/* FALLTHROUGH */
774 	case DLT_RAW:
775 		off_linktype = -1;
776 		off_nl = 0;
777 		return;
778 	}
779 	bpf_error("unknown data link type 0x%x", linktype);
780 	/* NOTREACHED */
781 }
782 
783 static struct block *
784 gen_uncond(int rsense)
785 {
786 	struct block *b;
787 	struct slist *s;
788 
789 	s = new_stmt(BPF_LD|BPF_IMM);
790 	s->s.k = !rsense;
791 	b = new_block(JMP(BPF_JEQ));
792 	b->stmts = s;
793 
794 	return b;
795 }
796 
797 static __inline struct block *
798 gen_true()
799 {
800 	return gen_uncond(1);
801 }
802 
803 static __inline struct block *
804 gen_false()
805 {
806 	return gen_uncond(0);
807 }
808 
809 static struct block *
810 gen_linktype(int proto)
811 {
812 	struct block *b0, *b1;
813 
814 	/* If we're not using encapsulation and checking for IP, we're done */
815 	if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP)
816 		return gen_true();
817 #ifdef INET6
818 	/* this isn't the right thing to do, but sometimes necessary */
819 	if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6)
820 		return gen_true();
821 #endif
822 
823 	switch (linktype) {
824 
825 	case DLT_EN10MB:
826 		if (proto <= ETHERMTU) {
827 			/* This is an LLC SAP value */
828 			b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
829 			gen_not(b0);
830 			b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
831 			gen_and(b0, b1);
832 			return b1;
833 		} else {
834 			/* This is an Ethernet type */
835 			return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
836 		}
837 		break;
838 
839 	case DLT_SLIP:
840 		return gen_false();
841 
842 	case DLT_PPP:
843 	case DLT_PPP_ETHER:
844 		if (proto == ETHERTYPE_IP)
845 			proto = PPP_IP;			/* XXX was 0x21 */
846 #ifdef INET6
847 		else if (proto == ETHERTYPE_IPV6)
848 			proto = PPP_IPV6;
849 #endif
850 		break;
851 
852 	case DLT_PPP_BSDOS:
853 		switch (proto) {
854 
855 		case ETHERTYPE_IP:
856 			b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
857 			b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
858 			gen_or(b0, b1);
859 			b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
860 			gen_or(b1, b0);
861 			return b0;
862 
863 #ifdef INET6
864 		case ETHERTYPE_IPV6:
865 			proto = PPP_IPV6;
866 			/* more to go? */
867 			break;
868 #endif /* INET6 */
869 
870 		case ETHERTYPE_DN:
871 			proto = PPP_DECNET;
872 			break;
873 
874 		case ETHERTYPE_ATALK:
875 			proto = PPP_APPLE;
876 			break;
877 
878 		case ETHERTYPE_NS:
879 			proto = PPP_NS;
880 			break;
881 		}
882 		break;
883 
884 	case DLT_LOOP:
885 	case DLT_ENC:
886 	case DLT_NULL:
887 	{
888 		int v;
889 
890 		if (proto == ETHERTYPE_IP)
891 			v = AF_INET;
892 #ifdef INET6
893 		else if (proto == ETHERTYPE_IPV6)
894 			v = AF_INET6;
895 #endif /* INET6 */
896 		else
897 			return gen_false();
898 
899 		/*
900 		 * For DLT_NULL, the link-layer header is a 32-bit word
901 		 * containing an AF_ value in *host* byte order, and for
902 		 * DLT_ENC, the link-layer header begins with a 32-bit
903 		 * word containing an AF_ value in host byte order.
904 		 *
905 		 * For DLT_LOOP, the link-layer header is a 32-bit
906 		 * word containing an AF_ value in *network* byte order.
907 		 */
908 		if (linktype != DLT_LOOP)
909 			v = htonl(v);
910 
911 		return (gen_cmp(0, BPF_W, (bpf_int32)v));
912 		break;
913 	}
914 	case DLT_PFLOG:
915 		if (proto == ETHERTYPE_IP)
916 			return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
917 			    (bpf_int32)AF_INET));
918 #ifdef INET6
919 		else if (proto == ETHERTYPE_IPV6)
920 			return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
921 			    (bpf_int32)AF_INET6));
922 #endif /* INET6 */
923 		else
924 			return gen_false();
925 		break;
926 
927 	}
928 	return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
929 }
930 
931 static struct block *
932 gen_hostop(bpf_u_int32 addr, bpf_u_int32 mask, int dir, int proto,
933     u_int src_off, u_int dst_off)
934 {
935 	struct block *b0, *b1;
936 	u_int offset;
937 
938 	switch (dir) {
939 
940 	case Q_SRC:
941 		offset = src_off;
942 		break;
943 
944 	case Q_DST:
945 		offset = dst_off;
946 		break;
947 
948 	case Q_AND:
949 		b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
950 		b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
951 		gen_and(b0, b1);
952 		return b1;
953 
954 	case Q_OR:
955 	case Q_DEFAULT:
956 		b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
957 		b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
958 		gen_or(b0, b1);
959 		return b1;
960 
961 	default:
962 		bpf_error("direction not supported on linktype 0x%x",
963 		    linktype);
964 	}
965 	b0 = gen_linktype(proto);
966 	b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask);
967 	gen_and(b0, b1);
968 	return b1;
969 }
970 
971 #ifdef INET6
972 static struct block *
973 gen_hostop6(struct in6_addr *addr, struct in6_addr *mask, int dir, int proto,
974 	u_int src_off, u_int dst_off)
975 {
976 	struct block *b0, *b1;
977 	u_int offset;
978 	u_int32_t *a, *m;
979 
980 	switch (dir) {
981 
982 	case Q_SRC:
983 		offset = src_off;
984 		break;
985 
986 	case Q_DST:
987 		offset = dst_off;
988 		break;
989 
990 	case Q_AND:
991 		b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
992 		b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
993 		gen_and(b0, b1);
994 		return b1;
995 
996 	case Q_OR:
997 	case Q_DEFAULT:
998 		b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
999 		b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
1000 		gen_or(b0, b1);
1001 		return b1;
1002 
1003 	default:
1004 		bpf_error("direction not supported on linktype 0x%x",
1005 		    linktype);
1006 	}
1007 	/* this order is important */
1008 	a = (u_int32_t *)addr;
1009 	m = (u_int32_t *)mask;
1010 	b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1011 	b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1012 	gen_and(b0, b1);
1013 	b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1014 	gen_and(b0, b1);
1015 	b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1016 	gen_and(b0, b1);
1017 	b0 = gen_linktype(proto);
1018 	gen_and(b0, b1);
1019 	return b1;
1020 }
1021 #endif /*INET6*/
1022 
1023 static struct block *
1024 gen_ehostop(const u_char *eaddr, int dir)
1025 {
1026 	struct block *b0, *b1;
1027 
1028 	switch (dir) {
1029 	case Q_SRC:
1030 		return gen_bcmp(6, 6, eaddr);
1031 
1032 	case Q_DST:
1033 		return gen_bcmp(0, 6, eaddr);
1034 
1035 	case Q_AND:
1036 		b0 = gen_ehostop(eaddr, Q_SRC);
1037 		b1 = gen_ehostop(eaddr, Q_DST);
1038 		gen_and(b0, b1);
1039 		return b1;
1040 
1041 	case Q_DEFAULT:
1042 	case Q_OR:
1043 		b0 = gen_ehostop(eaddr, Q_SRC);
1044 		b1 = gen_ehostop(eaddr, Q_DST);
1045 		gen_or(b0, b1);
1046 		return b1;
1047 	default:
1048 		bpf_error("direction not supported on linktype 0x%x",
1049 		    linktype);
1050 	}
1051 	/* NOTREACHED */
1052 }
1053 
1054 /*
1055  * Like gen_ehostop, but for DLT_FDDI
1056  */
1057 static struct block *
1058 gen_fhostop(const u_char *eaddr, int dir)
1059 {
1060 	struct block *b0, *b1;
1061 
1062 	switch (dir) {
1063 	case Q_SRC:
1064 #ifdef PCAP_FDDIPAD
1065 		return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1066 #else
1067 		return gen_bcmp(6 + 1, 6, eaddr);
1068 #endif
1069 
1070 	case Q_DST:
1071 #ifdef PCAP_FDDIPAD
1072 		return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1073 #else
1074 		return gen_bcmp(0 + 1, 6, eaddr);
1075 #endif
1076 
1077 	case Q_AND:
1078 		b0 = gen_fhostop(eaddr, Q_SRC);
1079 		b1 = gen_fhostop(eaddr, Q_DST);
1080 		gen_and(b0, b1);
1081 		return b1;
1082 
1083 	case Q_DEFAULT:
1084 	case Q_OR:
1085 		b0 = gen_fhostop(eaddr, Q_SRC);
1086 		b1 = gen_fhostop(eaddr, Q_DST);
1087 		gen_or(b0, b1);
1088 		return b1;
1089 	default:
1090 		bpf_error("direction not supported on linktype 0x%x",
1091 		    linktype);
1092 	}
1093 	/* NOTREACHED */
1094 }
1095 
1096 /*
1097  * This is quite tricky because there may be pad bytes in front of the
1098  * DECNET header, and then there are two possible data packet formats that
1099  * carry both src and dst addresses, plus 5 packet types in a format that
1100  * carries only the src node, plus 2 types that use a different format and
1101  * also carry just the src node.
1102  *
1103  * Yuck.
1104  *
1105  * Instead of doing those all right, we just look for data packets with
1106  * 0 or 1 bytes of padding.  If you want to look at other packets, that
1107  * will require a lot more hacking.
1108  *
1109  * To add support for filtering on DECNET "areas" (network numbers)
1110  * one would want to add a "mask" argument to this routine.  That would
1111  * make the filter even more inefficient, although one could be clever
1112  * and not generate masking instructions if the mask is 0xFFFF.
1113  */
1114 static struct block *
1115 gen_dnhostop(bpf_u_int32 addr, int dir, u_int base_off)
1116 {
1117 	struct block *b0, *b1, *b2, *tmp;
1118 	u_int offset_lh;	/* offset if long header is received */
1119 	u_int offset_sh;	/* offset if short header is received */
1120 
1121 	switch (dir) {
1122 
1123 	case Q_DST:
1124 		offset_sh = 1;	/* follows flags */
1125 		offset_lh = 7;	/* flgs,darea,dsubarea,HIORD */
1126 		break;
1127 
1128 	case Q_SRC:
1129 		offset_sh = 3;	/* follows flags, dstnode */
1130 		offset_lh = 15;	/* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1131 		break;
1132 
1133 	case Q_AND:
1134 		/* Inefficient because we do our Calvinball dance twice */
1135 		b0 = gen_dnhostop(addr, Q_SRC, base_off);
1136 		b1 = gen_dnhostop(addr, Q_DST, base_off);
1137 		gen_and(b0, b1);
1138 		return b1;
1139 
1140 	case Q_OR:
1141 	case Q_DEFAULT:
1142 		/* Inefficient because we do our Calvinball dance twice */
1143 		b0 = gen_dnhostop(addr, Q_SRC, base_off);
1144 		b1 = gen_dnhostop(addr, Q_DST, base_off);
1145 		gen_or(b0, b1);
1146 		return b1;
1147 
1148 	default:
1149 		bpf_error("direction not supported on linktype 0x%x",
1150 		    linktype);
1151 	}
1152 	b0 = gen_linktype(ETHERTYPE_DN);
1153 	/* Check for pad = 1, long header case */
1154 	tmp = gen_mcmp_nl(base_off + 2, BPF_H,
1155 		       (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1156 	b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh,
1157 	    BPF_H, (bpf_int32)ntohs(addr));
1158 	gen_and(tmp, b1);
1159 	/* Check for pad = 0, long header case */
1160 	tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1161 	b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1162 	gen_and(tmp, b2);
1163 	gen_or(b2, b1);
1164 	/* Check for pad = 1, short header case */
1165 	tmp = gen_mcmp_nl(base_off + 2, BPF_H,
1166 		       (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1167 	b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh,
1168 	    BPF_H, (bpf_int32)ntohs(addr));
1169 	gen_and(tmp, b2);
1170 	gen_or(b2, b1);
1171 	/* Check for pad = 0, short header case */
1172 	tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1173 	b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1174 	gen_and(tmp, b2);
1175 	gen_or(b2, b1);
1176 
1177 	/* Combine with test for linktype */
1178 	gen_and(b0, b1);
1179 	return b1;
1180 }
1181 
1182 static struct block *
1183 gen_host(bpf_u_int32 addr, bpf_u_int32 mask, int proto, int dir)
1184 {
1185 	struct block *b0, *b1;
1186 
1187 	switch (proto) {
1188 
1189 	case Q_DEFAULT:
1190 		b0 = gen_host(addr, mask, Q_IP, dir);
1191 		b1 = gen_host(addr, mask, Q_ARP, dir);
1192 		gen_or(b0, b1);
1193 		b0 = gen_host(addr, mask, Q_RARP, dir);
1194 		gen_or(b1, b0);
1195 		return b0;
1196 
1197 	case Q_IP:
1198 		return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1199 				  12, 16);
1200 
1201 	case Q_RARP:
1202 		return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1203 				  14, 24);
1204 
1205 	case Q_ARP:
1206 		return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1207 				  14, 24);
1208 
1209 	case Q_TCP:
1210 		bpf_error("'tcp' modifier applied to host");
1211 
1212 	case Q_UDP:
1213 		bpf_error("'udp' modifier applied to host");
1214 
1215 	case Q_ICMP:
1216 		bpf_error("'icmp' modifier applied to host");
1217 
1218 	case Q_IGMP:
1219 		bpf_error("'igmp' modifier applied to host");
1220 
1221 	case Q_IGRP:
1222 		bpf_error("'igrp' modifier applied to host");
1223 
1224 	case Q_PIM:
1225 		bpf_error("'pim' modifier applied to host");
1226 
1227 	case Q_STP:
1228 		bpf_error("'stp' modifier applied to host");
1229 
1230 	case Q_ATALK:
1231 		bpf_error("ATALK host filtering not implemented");
1232 
1233 	case Q_DECNET:
1234 		return gen_dnhostop(addr, dir, 0);
1235 
1236 	case Q_SCA:
1237 		bpf_error("SCA host filtering not implemented");
1238 
1239 	case Q_LAT:
1240 		bpf_error("LAT host filtering not implemented");
1241 
1242 	case Q_MOPDL:
1243 		bpf_error("MOPDL host filtering not implemented");
1244 
1245 	case Q_MOPRC:
1246 		bpf_error("MOPRC host filtering not implemented");
1247 
1248 #ifdef INET6
1249 	case Q_IPV6:
1250 		bpf_error("'ip6' modifier applied to ip host");
1251 
1252 	case Q_ICMPV6:
1253 		bpf_error("'icmp6' modifier applied to host");
1254 #endif /* INET6 */
1255 
1256 	case Q_AH:
1257 		bpf_error("'ah' modifier applied to host");
1258 
1259 	case Q_ESP:
1260 		bpf_error("'esp' modifier applied to host");
1261 
1262 	default:
1263 		bpf_error("direction not supported on linktype 0x%x",
1264 		    linktype);
1265 	}
1266 	/* NOTREACHED */
1267 }
1268 
1269 #ifdef INET6
1270 static struct block *
1271 gen_host6(struct in6_addr *addr, struct in6_addr *mask, int proto, int dir)
1272 {
1273 	switch (proto) {
1274 
1275 	case Q_DEFAULT:
1276 		return gen_host6(addr, mask, Q_IPV6, dir);
1277 
1278 	case Q_IP:
1279 		bpf_error("'ip' modifier applied to ip6 host");
1280 
1281 	case Q_RARP:
1282 		bpf_error("'rarp' modifier applied to ip6 host");
1283 
1284 	case Q_ARP:
1285 		bpf_error("'arp' modifier applied to ip6 host");
1286 
1287 	case Q_TCP:
1288 		bpf_error("'tcp' modifier applied to host");
1289 
1290 	case Q_UDP:
1291 		bpf_error("'udp' modifier applied to host");
1292 
1293 	case Q_ICMP:
1294 		bpf_error("'icmp' modifier applied to host");
1295 
1296 	case Q_IGMP:
1297 		bpf_error("'igmp' modifier applied to host");
1298 
1299 	case Q_IGRP:
1300 		bpf_error("'igrp' modifier applied to host");
1301 
1302 	case Q_PIM:
1303 		bpf_error("'pim' modifier applied to host");
1304 
1305 	case Q_STP:
1306 		bpf_error("'stp' modifier applied to host");
1307 
1308 	case Q_ATALK:
1309 		bpf_error("ATALK host filtering not implemented");
1310 
1311 	case Q_DECNET:
1312 		bpf_error("'decnet' modifier applied to ip6 host");
1313 
1314 	case Q_SCA:
1315 		bpf_error("SCA host filtering not implemented");
1316 
1317 	case Q_LAT:
1318 		bpf_error("LAT host filtering not implemented");
1319 
1320 	case Q_MOPDL:
1321 		bpf_error("MOPDL host filtering not implemented");
1322 
1323 	case Q_MOPRC:
1324 		bpf_error("MOPRC host filtering not implemented");
1325 
1326 	case Q_IPV6:
1327 		return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1328 				   8, 24);
1329 
1330 	case Q_ICMPV6:
1331 		bpf_error("'icmp6' modifier applied to host");
1332 
1333 	case Q_AH:
1334 		bpf_error("'ah' modifier applied to host");
1335 
1336 	case Q_ESP:
1337 		bpf_error("'esp' modifier applied to host");
1338 
1339 	default:
1340 		abort();
1341 	}
1342 	/* NOTREACHED */
1343 }
1344 #endif /*INET6*/
1345 
1346 #ifndef INET6
1347 static struct block *
1348 gen_gateway(eaddr, alist, proto, dir)
1349 	const u_char *eaddr;
1350 	bpf_u_int32 **alist;
1351 	int proto;
1352 	int dir;
1353 {
1354 	struct block *b0, *b1, *tmp;
1355 
1356 	if (dir != 0)
1357 		bpf_error("direction applied to 'gateway'");
1358 
1359 	switch (proto) {
1360 	case Q_DEFAULT:
1361 	case Q_IP:
1362 	case Q_ARP:
1363 	case Q_RARP:
1364 		if (linktype == DLT_EN10MB)
1365 			b0 = gen_ehostop(eaddr, Q_OR);
1366 		else if (linktype == DLT_FDDI)
1367 			b0 = gen_fhostop(eaddr, Q_OR);
1368 		else
1369 			bpf_error(
1370 			    "'gateway' supported only on ethernet or FDDI");
1371 
1372 		b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1373 		while (*alist) {
1374 			tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1375 			gen_or(b1, tmp);
1376 			b1 = tmp;
1377 		}
1378 		gen_not(b1);
1379 		gen_and(b0, b1);
1380 		return b1;
1381 	}
1382 	bpf_error("illegal modifier of 'gateway'");
1383 	/* NOTREACHED */
1384 }
1385 #endif	/*INET6*/
1386 
1387 struct block *
1388 gen_proto_abbrev(int proto)
1389 {
1390 	struct block *b0 = NULL, *b1;
1391 
1392 	switch (proto) {
1393 
1394 	case Q_TCP:
1395 		b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1396 #ifdef INET6
1397 		b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1398 		gen_or(b0, b1);
1399 #endif
1400 		break;
1401 
1402 	case Q_UDP:
1403 		b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1404 #ifdef INET6
1405 		b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1406 		gen_or(b0, b1);
1407 #endif
1408 		break;
1409 
1410 	case Q_ICMP:
1411 		b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1412 		break;
1413 
1414 #ifndef	IPPROTO_IGMP
1415 #define	IPPROTO_IGMP	2
1416 #endif
1417 
1418 	case Q_IGMP:
1419 		b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1420 		break;
1421 
1422 #ifndef	IPPROTO_IGRP
1423 #define	IPPROTO_IGRP	9
1424 #endif
1425 	case Q_IGRP:
1426 		b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1427 		break;
1428 
1429 #ifndef IPPROTO_PIM
1430 #define IPPROTO_PIM	103
1431 #endif
1432 
1433 	case Q_PIM:
1434 		b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1435 #ifdef INET6
1436 		b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1437 		gen_or(b0, b1);
1438 #endif
1439 		break;
1440 
1441 	case Q_IP:
1442 		b1 =  gen_linktype(ETHERTYPE_IP);
1443 		break;
1444 
1445 	case Q_ARP:
1446 		b1 =  gen_linktype(ETHERTYPE_ARP);
1447 		break;
1448 
1449 	case Q_RARP:
1450 		b1 =  gen_linktype(ETHERTYPE_REVARP);
1451 		break;
1452 
1453 	case Q_LINK:
1454 		bpf_error("link layer applied in wrong context");
1455 
1456 	case Q_ATALK:
1457 		b1 =  gen_linktype(ETHERTYPE_ATALK);
1458 		break;
1459 
1460 	case Q_DECNET:
1461 		b1 =  gen_linktype(ETHERTYPE_DN);
1462 		break;
1463 
1464 	case Q_SCA:
1465 		b1 =  gen_linktype(ETHERTYPE_SCA);
1466 		break;
1467 
1468 	case Q_LAT:
1469 		b1 =  gen_linktype(ETHERTYPE_LAT);
1470 		break;
1471 
1472 	case Q_MOPDL:
1473 		b1 =  gen_linktype(ETHERTYPE_MOPDL);
1474 		break;
1475 
1476 	case Q_MOPRC:
1477 		b1 =  gen_linktype(ETHERTYPE_MOPRC);
1478 		break;
1479 
1480 	case Q_STP:
1481 		b1 = gen_linktype(LLCSAP_8021D);
1482 		break;
1483 
1484 #ifdef INET6
1485 	case Q_IPV6:
1486 		b1 = gen_linktype(ETHERTYPE_IPV6);
1487 		break;
1488 
1489 #ifndef IPPROTO_ICMPV6
1490 #define IPPROTO_ICMPV6	58
1491 #endif
1492 	case Q_ICMPV6:
1493 		b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1494 		break;
1495 #endif /* INET6 */
1496 
1497 #ifndef IPPROTO_AH
1498 #define IPPROTO_AH	51
1499 #endif
1500 	case Q_AH:
1501 		b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1502 #ifdef INET6
1503 		b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1504 		gen_or(b0, b1);
1505 #endif
1506 		break;
1507 
1508 #ifndef IPPROTO_ESP
1509 #define IPPROTO_ESP	50
1510 #endif
1511 	case Q_ESP:
1512 		b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1513 #ifdef INET6
1514 		b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1515 		gen_or(b0, b1);
1516 #endif
1517 		break;
1518 
1519 	default:
1520 		abort();
1521 	}
1522 	return b1;
1523 }
1524 
1525 static struct block *
1526 gen_ipfrag()
1527 {
1528 	struct slist *s, *tmp;
1529 	struct block *b;
1530 
1531 	/* not ip frag */
1532 	if (variable_nl) {
1533 		s = nl2X_stmt();
1534 		tmp = new_stmt(BPF_LD|BPF_H|BPF_IND);
1535 		tmp->s.k = 6;
1536 		sappend(s, tmp);
1537 	} else {
1538 		s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1539 		s->s.k = off_nl + 6;
1540 	}
1541 	b = new_block(JMP(BPF_JSET));
1542 	b->s.k = 0x1fff;
1543 	b->stmts = s;
1544 	gen_not(b);
1545 
1546 	return b;
1547 }
1548 
1549 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work
1550    This function generates code to set X to the start of the IP payload
1551    X = off_nl + IP header_len.
1552 */
1553 static struct slist *
1554 iphl_to_x(void)
1555 {
1556 	struct slist *s, *tmp;
1557 
1558 	/* XXX clobbers A if variable_nl*/
1559 	if (variable_nl) {
1560 		if (iphl_reg == -1) {
1561 			/* X <- off_nl */
1562 			s = nl2X_stmt();
1563 
1564 			/* A = p[X+0] */
1565 			tmp = new_stmt(BPF_LD|BPF_B|BPF_IND);
1566 			tmp->s.k = 0;
1567 			sappend(s, tmp);
1568 
1569 			/* A = A & 0x0f */
1570 			tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K);
1571 			tmp->s.k = 0x0f;
1572 			sappend(s, tmp);
1573 
1574 			/* A = A << 2 */
1575 			tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K);
1576 			tmp->s.k = 2;
1577 			sappend(s, tmp);
1578 
1579 			/* A = A + X (add off_nl again to compensate) */
1580 			sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
1581 
1582 			/* MEM[iphl_reg] = A */
1583 			iphl_reg = alloc_reg();
1584 			tmp = new_stmt(BPF_ST);
1585 			tmp->s.k = iphl_reg;
1586 			sappend(s, tmp);
1587 
1588 			sappend(init_code, s);
1589 		}
1590 		s = new_stmt(BPF_LDX|BPF_MEM);
1591 		s->s.k = iphl_reg;
1592 
1593 	} else {
1594 		s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1595 		s->s.k = off_nl;
1596 	}
1597 
1598 	return s;
1599 }
1600 
1601 static struct block *
1602 gen_portatom(int off, bpf_int32 v)
1603 {
1604 	struct slist *s, *tmp;
1605 	struct block *b;
1606 
1607 	s = iphl_to_x();
1608 
1609 	tmp = new_stmt(BPF_LD|BPF_IND|BPF_H);
1610 	tmp->s.k = off_nl + off;	/* off_nl == 0 if variable_nl */
1611 	sappend(s, tmp);
1612 
1613 	b = new_block(JMP(BPF_JEQ));
1614 	b->stmts = s;
1615 	b->s.k = v;
1616 
1617 	return b;
1618 }
1619 
1620 #ifdef INET6
1621 static struct block *
1622 gen_portatom6(int off, bpf_int32 v)
1623 {
1624 	return gen_cmp_nl(40 + off, BPF_H, v);
1625 }
1626 #endif/*INET6*/
1627 
1628 struct block *
1629 gen_portop(int port, int proto, int dir)
1630 {
1631 	struct block *b0, *b1, *tmp;
1632 
1633 	/* ip proto 'proto' */
1634 	tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto);
1635 	b0 = gen_ipfrag();
1636 	gen_and(tmp, b0);
1637 
1638 	switch (dir) {
1639 	case Q_SRC:
1640 		b1 = gen_portatom(0, (bpf_int32)port);
1641 		break;
1642 
1643 	case Q_DST:
1644 		b1 = gen_portatom(2, (bpf_int32)port);
1645 		break;
1646 
1647 	case Q_OR:
1648 	case Q_DEFAULT:
1649 		tmp = gen_portatom(0, (bpf_int32)port);
1650 		b1 = gen_portatom(2, (bpf_int32)port);
1651 		gen_or(tmp, b1);
1652 		break;
1653 
1654 	case Q_AND:
1655 		tmp = gen_portatom(0, (bpf_int32)port);
1656 		b1 = gen_portatom(2, (bpf_int32)port);
1657 		gen_and(tmp, b1);
1658 		break;
1659 
1660 	default:
1661 		abort();
1662 	}
1663 	gen_and(b0, b1);
1664 
1665 	return b1;
1666 }
1667 
1668 static struct block *
1669 gen_port(int port, int ip_proto, int dir)
1670 {
1671 	struct block *b0, *b1, *tmp;
1672 
1673 	/* ether proto ip */
1674 	b0 =  gen_linktype(ETHERTYPE_IP);
1675 
1676 	switch (ip_proto) {
1677 	case IPPROTO_UDP:
1678 	case IPPROTO_TCP:
1679 		b1 = gen_portop(port, ip_proto, dir);
1680 		break;
1681 
1682 	case PROTO_UNDEF:
1683 		tmp = gen_portop(port, IPPROTO_TCP, dir);
1684 		b1 = gen_portop(port, IPPROTO_UDP, dir);
1685 		gen_or(tmp, b1);
1686 		break;
1687 
1688 	default:
1689 		abort();
1690 	}
1691 	gen_and(b0, b1);
1692 	return b1;
1693 }
1694 
1695 #ifdef INET6
1696 struct block *
1697 gen_portop6(int port, int proto, int dir)
1698 {
1699 	struct block *b0, *b1, *tmp;
1700 
1701 	/* ip proto 'proto' */
1702 	b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto);
1703 
1704 	switch (dir) {
1705 	case Q_SRC:
1706 		b1 = gen_portatom6(0, (bpf_int32)port);
1707 		break;
1708 
1709 	case Q_DST:
1710 		b1 = gen_portatom6(2, (bpf_int32)port);
1711 		break;
1712 
1713 	case Q_OR:
1714 	case Q_DEFAULT:
1715 		tmp = gen_portatom6(0, (bpf_int32)port);
1716 		b1 = gen_portatom6(2, (bpf_int32)port);
1717 		gen_or(tmp, b1);
1718 		break;
1719 
1720 	case Q_AND:
1721 		tmp = gen_portatom6(0, (bpf_int32)port);
1722 		b1 = gen_portatom6(2, (bpf_int32)port);
1723 		gen_and(tmp, b1);
1724 		break;
1725 
1726 	default:
1727 		abort();
1728 	}
1729 	gen_and(b0, b1);
1730 
1731 	return b1;
1732 }
1733 
1734 static struct block *
1735 gen_port6(int port, int ip_proto, int dir)
1736 {
1737 	struct block *b0, *b1, *tmp;
1738 
1739 	/* ether proto ip */
1740 	b0 =  gen_linktype(ETHERTYPE_IPV6);
1741 
1742 	switch (ip_proto) {
1743 	case IPPROTO_UDP:
1744 	case IPPROTO_TCP:
1745 		b1 = gen_portop6(port, ip_proto, dir);
1746 		break;
1747 
1748 	case PROTO_UNDEF:
1749 		tmp = gen_portop6(port, IPPROTO_TCP, dir);
1750 		b1 = gen_portop6(port, IPPROTO_UDP, dir);
1751 		gen_or(tmp, b1);
1752 		break;
1753 
1754 	default:
1755 		abort();
1756 	}
1757 	gen_and(b0, b1);
1758 	return b1;
1759 }
1760 #endif /* INET6 */
1761 
1762 static int
1763 lookup_proto(const char *name, int proto)
1764 {
1765 	int v;
1766 
1767 	switch (proto) {
1768 
1769 	case Q_DEFAULT:
1770 	case Q_IP:
1771 		v = pcap_nametoproto(name);
1772 		if (v == PROTO_UNDEF)
1773 			bpf_error("unknown ip proto '%s'", name);
1774 		break;
1775 
1776 	case Q_LINK:
1777 		/* XXX should look up h/w protocol type based on linktype */
1778 		v = pcap_nametoeproto(name);
1779 		if (v == PROTO_UNDEF) {
1780 			v = pcap_nametollc(name);
1781 			if (v == PROTO_UNDEF)
1782 				bpf_error("unknown ether proto '%s'", name);
1783 		}
1784 		break;
1785 
1786 	default:
1787 		v = PROTO_UNDEF;
1788 		break;
1789 	}
1790 	return v;
1791 }
1792 
1793 static struct block *
1794 gen_protochain(int v, int proto, int dir)
1795 {
1796 	struct block *b0, *b;
1797 	struct slist *s[100];
1798 	int fix2, fix3, fix4, fix5;
1799 	int ahcheck, again, end;
1800 	int i, max;
1801 	int reg1 = alloc_reg();
1802 	int reg2 = alloc_reg();
1803 
1804 	memset(s, 0, sizeof(s));
1805 	fix2 = fix3 = fix4 = fix5 = 0;
1806 
1807 	if (variable_nl) {
1808 		bpf_error("'gen_protochain' not supported for variable DLTs");
1809 		/*NOTREACHED*/
1810 	}
1811 
1812 	switch (proto) {
1813 	case Q_IP:
1814 	case Q_IPV6:
1815 		break;
1816 	case Q_DEFAULT:
1817 		b0 = gen_protochain(v, Q_IP, dir);
1818 		b = gen_protochain(v, Q_IPV6, dir);
1819 		gen_or(b0, b);
1820 		return b;
1821 	default:
1822 		bpf_error("bad protocol applied for 'protochain'");
1823 		/*NOTREACHED*/
1824 	}
1825 
1826 	no_optimize = 1; /*this code is not compatible with optimzer yet */
1827 
1828 	/*
1829 	 * s[0] is a dummy entry to protect other BPF insn from damaged
1830 	 * by s[fix] = foo with uninitialized variable "fix".  It is somewhat
1831 	 * hard to find interdependency made by jump table fixup.
1832 	 */
1833 	i = 0;
1834 	s[i] = new_stmt(0);	/*dummy*/
1835 	i++;
1836 
1837 	switch (proto) {
1838 	case Q_IP:
1839 		b0 = gen_linktype(ETHERTYPE_IP);
1840 
1841 		/* A = ip->ip_p */
1842 		s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1843 		s[i]->s.k = off_nl + 9;
1844 		i++;
1845 		/* X = ip->ip_hl << 2 */
1846 		s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1847 		s[i]->s.k = off_nl;
1848 		i++;
1849 		break;
1850 	case Q_IPV6:
1851 		b0 = gen_linktype(ETHERTYPE_IPV6);
1852 
1853 		/* A = ip6->ip_nxt */
1854 		s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1855 		s[i]->s.k = off_nl + 6;
1856 		i++;
1857 		/* X = sizeof(struct ip6_hdr) */
1858 		s[i] = new_stmt(BPF_LDX|BPF_IMM);
1859 		s[i]->s.k = 40;
1860 		i++;
1861 		break;
1862 	default:
1863 		bpf_error("unsupported proto to gen_protochain");
1864 		/*NOTREACHED*/
1865 	}
1866 
1867 	/* again: if (A == v) goto end; else fall through; */
1868 	again = i;
1869 	s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1870 	s[i]->s.k = v;
1871 	s[i]->s.jt = NULL;		/*later*/
1872 	s[i]->s.jf = NULL;		/*update in next stmt*/
1873 	fix5 = i;
1874 	i++;
1875 
1876 	/* if (A == IPPROTO_NONE) goto end */
1877 	s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1878 	s[i]->s.jt = NULL;	/*later*/
1879 	s[i]->s.jf = NULL;	/*update in next stmt*/
1880 	s[i]->s.k = IPPROTO_NONE;
1881 	s[fix5]->s.jf = s[i];
1882 	fix2 = i;
1883 	i++;
1884 
1885 	if (proto == Q_IPV6) {
1886 		int v6start, v6end, v6advance, j;
1887 
1888 		v6start = i;
1889 		/* if (A == IPPROTO_HOPOPTS) goto v6advance */
1890 		s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1891 		s[i]->s.jt = NULL;	/*later*/
1892 		s[i]->s.jf = NULL;	/*update in next stmt*/
1893 		s[i]->s.k = IPPROTO_HOPOPTS;
1894 		s[fix2]->s.jf = s[i];
1895 		i++;
1896 		/* if (A == IPPROTO_DSTOPTS) goto v6advance */
1897 		s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1898 		s[i]->s.jt = NULL;	/*later*/
1899 		s[i]->s.jf = NULL;	/*update in next stmt*/
1900 		s[i]->s.k = IPPROTO_DSTOPTS;
1901 		i++;
1902 		/* if (A == IPPROTO_ROUTING) goto v6advance */
1903 		s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1904 		s[i]->s.jt = NULL;	/*later*/
1905 		s[i]->s.jf = NULL;	/*update in next stmt*/
1906 		s[i]->s.k = IPPROTO_ROUTING;
1907 		i++;
1908 		/* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
1909 		s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1910 		s[i]->s.jt = NULL;	/*later*/
1911 		s[i]->s.jf = NULL;	/*later*/
1912 		s[i]->s.k = IPPROTO_FRAGMENT;
1913 		fix3 = i;
1914 		v6end = i;
1915 		i++;
1916 
1917 		/* v6advance: */
1918 		v6advance = i;
1919 
1920 		/*
1921 		 * in short,
1922 		 * A = P[X + 1];
1923 		 * X = X + (P[X] + 1) * 8;
1924 		 */
1925 		/* A = X */
1926 		s[i] = new_stmt(BPF_MISC|BPF_TXA);
1927 		i++;
1928 		/* MEM[reg1] = A */
1929 		s[i] = new_stmt(BPF_ST);
1930 		s[i]->s.k = reg1;
1931 		i++;
1932 		/* A += 1 */
1933 		s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1934 		s[i]->s.k = 1;
1935 		i++;
1936 		/* X = A */
1937 		s[i] = new_stmt(BPF_MISC|BPF_TAX);
1938 		i++;
1939 		/* A = P[X + packet head]; */
1940 		s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1941 		s[i]->s.k = off_nl;
1942 		i++;
1943 		/* MEM[reg2] = A */
1944 		s[i] = new_stmt(BPF_ST);
1945 		s[i]->s.k = reg2;
1946 		i++;
1947 		/* X = MEM[reg1] */
1948 		s[i] = new_stmt(BPF_LDX|BPF_MEM);
1949 		s[i]->s.k = reg1;
1950 		i++;
1951 		/* A = P[X + packet head] */
1952 		s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1953 		s[i]->s.k = off_nl;
1954 		i++;
1955 		/* A += 1 */
1956 		s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1957 		s[i]->s.k = 1;
1958 		i++;
1959 		/* A *= 8 */
1960 		s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
1961 		s[i]->s.k = 8;
1962 		i++;
1963 		/* X = A; */
1964 		s[i] = new_stmt(BPF_MISC|BPF_TAX);
1965 		i++;
1966 		/* A = MEM[reg2] */
1967 		s[i] = new_stmt(BPF_LD|BPF_MEM);
1968 		s[i]->s.k = reg2;
1969 		i++;
1970 
1971 		/* goto again; (must use BPF_JA for backward jump) */
1972 		s[i] = new_stmt(BPF_JMP|BPF_JA);
1973 		s[i]->s.k = again - i - 1;
1974 		s[i - 1]->s.jf = s[i];
1975 		i++;
1976 
1977 		/* fixup */
1978 		for (j = v6start; j <= v6end; j++)
1979 			s[j]->s.jt = s[v6advance];
1980 	} else {
1981 		/* nop */
1982 		s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1983 		s[i]->s.k = 0;
1984 		s[fix2]->s.jf = s[i];
1985 		i++;
1986 	}
1987 
1988 	/* ahcheck: */
1989 	ahcheck = i;
1990 	/* if (A == IPPROTO_AH) then fall through; else goto end; */
1991 	s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1992 	s[i]->s.jt = NULL;	/*later*/
1993 	s[i]->s.jf = NULL;	/*later*/
1994 	s[i]->s.k = IPPROTO_AH;
1995 	if (fix3)
1996 		s[fix3]->s.jf = s[ahcheck];
1997 	fix4 = i;
1998 	i++;
1999 
2000 	/*
2001 	 * in short,
2002 	 * A = P[X + 1];
2003 	 * X = X + (P[X] + 2) * 4;
2004 	 */
2005 	/* A = X */
2006 	s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2007 	i++;
2008 	/* MEM[reg1] = A */
2009 	s[i] = new_stmt(BPF_ST);
2010 	s[i]->s.k = reg1;
2011 	i++;
2012 	/* A += 1 */
2013 	s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2014 	s[i]->s.k = 1;
2015 	i++;
2016 	/* X = A */
2017 	s[i] = new_stmt(BPF_MISC|BPF_TAX);
2018 	i++;
2019 	/* A = P[X + packet head]; */
2020 	s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2021 	s[i]->s.k = off_nl;
2022 	i++;
2023 	/* MEM[reg2] = A */
2024 	s[i] = new_stmt(BPF_ST);
2025 	s[i]->s.k = reg2;
2026 	i++;
2027 	/* X = MEM[reg1] */
2028 	s[i] = new_stmt(BPF_LDX|BPF_MEM);
2029 	s[i]->s.k = reg1;
2030 	i++;
2031 	/* A = P[X + packet head] */
2032 	s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2033 	s[i]->s.k = off_nl;
2034 	i++;
2035 	/* A += 2 */
2036 	s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2037 	s[i]->s.k = 2;
2038 	i++;
2039 	/* A *= 4 */
2040 	s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2041 	s[i]->s.k = 4;
2042 	i++;
2043 	/* X = A; */
2044 	s[i] = new_stmt(BPF_MISC|BPF_TAX);
2045 	i++;
2046 	/* A = MEM[reg2] */
2047 	s[i] = new_stmt(BPF_LD|BPF_MEM);
2048 	s[i]->s.k = reg2;
2049 	i++;
2050 
2051 	/* goto again; (must use BPF_JA for backward jump) */
2052 	s[i] = new_stmt(BPF_JMP|BPF_JA);
2053 	s[i]->s.k = again - i - 1;
2054 	i++;
2055 
2056 	/* end: nop */
2057 	end = i;
2058 	s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2059 	s[i]->s.k = 0;
2060 	s[fix2]->s.jt = s[end];
2061 	s[fix4]->s.jf = s[end];
2062 	s[fix5]->s.jt = s[end];
2063 	i++;
2064 
2065 	/*
2066 	 * make slist chain
2067 	 */
2068 	max = i;
2069 	for (i = 0; i < max - 1; i++)
2070 		s[i]->next = s[i + 1];
2071 	s[max - 1]->next = NULL;
2072 
2073 	/*
2074 	 * emit final check
2075 	 */
2076 	b = new_block(JMP(BPF_JEQ));
2077 	b->stmts = s[1];	/*remember, s[0] is dummy*/
2078 	b->s.k = v;
2079 
2080 	free_reg(reg1);
2081 	free_reg(reg2);
2082 
2083 	gen_and(b0, b);
2084 	return b;
2085 }
2086 
2087 static struct block *
2088 gen_proto(int v, int proto, int dir)
2089 {
2090 	struct block *b0, *b1;
2091 
2092 	if (dir != Q_DEFAULT)
2093 		bpf_error("direction applied to 'proto'");
2094 
2095 	switch (proto) {
2096 	case Q_DEFAULT:
2097 #ifdef INET6
2098 		b0 = gen_proto(v, Q_IP, dir);
2099 		b1 = gen_proto(v, Q_IPV6, dir);
2100 		gen_or(b0, b1);
2101 		return b1;
2102 #else
2103 		/*FALLTHROUGH*/
2104 #endif
2105 	case Q_IP:
2106 		b0 = gen_linktype(ETHERTYPE_IP);
2107 #ifndef CHASE_CHAIN
2108 		b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v);
2109 #else
2110 		b1 = gen_protochain(v, Q_IP);
2111 #endif
2112 		gen_and(b0, b1);
2113 		return b1;
2114 
2115 	case Q_ARP:
2116 		bpf_error("arp does not encapsulate another protocol");
2117 		/* NOTREACHED */
2118 
2119 	case Q_RARP:
2120 		bpf_error("rarp does not encapsulate another protocol");
2121 		/* NOTREACHED */
2122 
2123 	case Q_ATALK:
2124 		bpf_error("atalk encapsulation is not specifiable");
2125 		/* NOTREACHED */
2126 
2127 	case Q_DECNET:
2128 		bpf_error("decnet encapsulation is not specifiable");
2129 		/* NOTREACHED */
2130 
2131 	case Q_SCA:
2132 		bpf_error("sca does not encapsulate another protocol");
2133 		/* NOTREACHED */
2134 
2135 	case Q_LAT:
2136 		bpf_error("lat does not encapsulate another protocol");
2137 		/* NOTREACHED */
2138 
2139 	case Q_MOPRC:
2140 		bpf_error("moprc does not encapsulate another protocol");
2141 		/* NOTREACHED */
2142 
2143 	case Q_MOPDL:
2144 		bpf_error("mopdl does not encapsulate another protocol");
2145 		/* NOTREACHED */
2146 
2147 	case Q_LINK:
2148 		return gen_linktype(v);
2149 
2150 	case Q_UDP:
2151 		bpf_error("'udp proto' is bogus");
2152 		/* NOTREACHED */
2153 
2154 	case Q_TCP:
2155 		bpf_error("'tcp proto' is bogus");
2156 		/* NOTREACHED */
2157 
2158 	case Q_ICMP:
2159 		bpf_error("'icmp proto' is bogus");
2160 		/* NOTREACHED */
2161 
2162 	case Q_IGMP:
2163 		bpf_error("'igmp proto' is bogus");
2164 		/* NOTREACHED */
2165 
2166 	case Q_IGRP:
2167 		bpf_error("'igrp proto' is bogus");
2168 		/* NOTREACHED */
2169 
2170 	case Q_PIM:
2171 		bpf_error("'pim proto' is bogus");
2172 		/* NOTREACHED */
2173 
2174 	case Q_STP:
2175 		bpf_error("'stp proto' is bogus");
2176 		/* NOTREACHED */
2177 
2178 #ifdef INET6
2179 	case Q_IPV6:
2180 		b0 = gen_linktype(ETHERTYPE_IPV6);
2181 #ifndef CHASE_CHAIN
2182 		b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v);
2183 #else
2184 		b1 = gen_protochain(v, Q_IPV6);
2185 #endif
2186 		gen_and(b0, b1);
2187 		return b1;
2188 
2189 	case Q_ICMPV6:
2190 		bpf_error("'icmp6 proto' is bogus");
2191 #endif /* INET6 */
2192 
2193 	case Q_AH:
2194 		bpf_error("'ah proto' is bogus");
2195 
2196 	case Q_ESP:
2197 		bpf_error("'esp proto' is bogus");
2198 
2199 	default:
2200 		abort();
2201 		/* NOTREACHED */
2202 	}
2203 	/* NOTREACHED */
2204 }
2205 
2206 struct block *
2207 gen_scode(const char *name, struct qual q)
2208 {
2209 	int proto = q.proto;
2210 	int dir = q.dir;
2211 	int tproto;
2212 	u_char *eaddr;
2213 	bpf_u_int32 mask, addr;
2214 #ifndef INET6
2215 	bpf_u_int32 **alist;
2216 #else
2217 	int tproto6;
2218 	struct sockaddr_in *sin;
2219 	struct sockaddr_in6 *sin6;
2220 	struct addrinfo *res, *res0;
2221 	struct in6_addr mask128;
2222 #endif /*INET6*/
2223 	struct block *b, *tmp;
2224 	int port, real_proto;
2225 
2226 	switch (q.addr) {
2227 
2228 	case Q_NET:
2229 		addr = pcap_nametonetaddr(name);
2230 		if (addr == 0)
2231 			bpf_error("unknown network '%s'", name);
2232 		/* Left justify network addr and calculate its network mask */
2233 		mask = 0xffffffff;
2234 		while (addr && (addr & 0xff000000) == 0) {
2235 			addr <<= 8;
2236 			mask <<= 8;
2237 		}
2238 		return gen_host(addr, mask, proto, dir);
2239 
2240 	case Q_DEFAULT:
2241 	case Q_HOST:
2242 		if (proto == Q_LINK) {
2243 			switch (linktype) {
2244 
2245 			case DLT_EN10MB:
2246 				eaddr = pcap_ether_hostton(name);
2247 				if (eaddr == NULL)
2248 					bpf_error(
2249 					    "unknown ether host '%s'", name);
2250 				return gen_ehostop(eaddr, dir);
2251 
2252 			case DLT_FDDI:
2253 				eaddr = pcap_ether_hostton(name);
2254 				if (eaddr == NULL)
2255 					bpf_error(
2256 					    "unknown FDDI host '%s'", name);
2257 				return gen_fhostop(eaddr, dir);
2258 
2259 			case DLT_IEEE802_11:
2260 			case DLT_IEEE802_11_RADIO:
2261 				eaddr = pcap_ether_hostton(name);
2262 				if (eaddr == NULL)
2263 					bpf_error(
2264 					    "unknown 802.11 host '%s'", name);
2265 
2266 				return gen_p80211_hostop(eaddr, dir);
2267 
2268 			default:
2269 				bpf_error(
2270 			"only ethernet/FDDI supports link-level host name");
2271 				break;
2272 			}
2273 		} else if (proto == Q_DECNET) {
2274 			unsigned short dn_addr = __pcap_nametodnaddr(name);
2275 			/*
2276 			 * I don't think DECNET hosts can be multihomed, so
2277 			 * there is no need to build up a list of addresses
2278 			 */
2279 			return (gen_host(dn_addr, 0, proto, dir));
2280 		} else {
2281 #ifndef INET6
2282 			alist = pcap_nametoaddr(name);
2283 			if (alist == NULL || *alist == NULL)
2284 				bpf_error("unknown host '%s'", name);
2285 			tproto = proto;
2286 			if (off_linktype == -1 && tproto == Q_DEFAULT)
2287 				tproto = Q_IP;
2288 			b = gen_host(**alist++, 0xffffffff, tproto, dir);
2289 			while (*alist) {
2290 				tmp = gen_host(**alist++, 0xffffffff,
2291 					       tproto, dir);
2292 				gen_or(b, tmp);
2293 				b = tmp;
2294 			}
2295 			return b;
2296 #else
2297 			memset(&mask128, 0xff, sizeof(mask128));
2298 			res0 = res = pcap_nametoaddrinfo(name);
2299 			if (res == NULL)
2300 				bpf_error("unknown host '%s'", name);
2301 			b = tmp = NULL;
2302 			tproto = tproto6 = proto;
2303 			if (off_linktype == -1 && tproto == Q_DEFAULT) {
2304 				tproto = Q_IP;
2305 				tproto6 = Q_IPV6;
2306 			}
2307 			for (res = res0; res; res = res->ai_next) {
2308 				switch (res->ai_family) {
2309 				case AF_INET:
2310 					if (tproto == Q_IPV6)
2311 						continue;
2312 
2313 					sin = (struct sockaddr_in *)
2314 						res->ai_addr;
2315 					tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2316 						0xffffffff, tproto, dir);
2317 					break;
2318 				case AF_INET6:
2319 					if (tproto6 == Q_IP)
2320 						continue;
2321 
2322 					sin6 = (struct sockaddr_in6 *)
2323 						res->ai_addr;
2324 					tmp = gen_host6(&sin6->sin6_addr,
2325 						&mask128, tproto6, dir);
2326 					break;
2327 				}
2328 				if (b)
2329 					gen_or(b, tmp);
2330 				b = tmp;
2331 			}
2332 			freeaddrinfo(res0);
2333 			if (b == NULL) {
2334 				bpf_error("unknown host '%s'%s", name,
2335 				    (proto == Q_DEFAULT)
2336 					? ""
2337 					: " for specified address family");
2338 			}
2339 			return b;
2340 #endif /*INET6*/
2341 		}
2342 
2343 	case Q_PORT:
2344 		if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2345 			bpf_error("illegal qualifier of 'port'");
2346 		if (pcap_nametoport(name, &port, &real_proto) == 0)
2347 			bpf_error("unknown port '%s'", name);
2348 		if (proto == Q_UDP) {
2349 			if (real_proto == IPPROTO_TCP)
2350 				bpf_error("port '%s' is tcp", name);
2351 			else
2352 				/* override PROTO_UNDEF */
2353 				real_proto = IPPROTO_UDP;
2354 		}
2355 		if (proto == Q_TCP) {
2356 			if (real_proto == IPPROTO_UDP)
2357 				bpf_error("port '%s' is udp", name);
2358 			else
2359 				/* override PROTO_UNDEF */
2360 				real_proto = IPPROTO_TCP;
2361 		}
2362 #ifndef INET6
2363 		return gen_port(port, real_proto, dir);
2364 #else
2365 	    {
2366 		struct block *b;
2367 		b = gen_port(port, real_proto, dir);
2368 		gen_or(gen_port6(port, real_proto, dir), b);
2369 		return b;
2370 	    }
2371 #endif /* INET6 */
2372 
2373 	case Q_GATEWAY:
2374 #ifndef INET6
2375 		eaddr = pcap_ether_hostton(name);
2376 		if (eaddr == NULL)
2377 			bpf_error("unknown ether host: %s", name);
2378 
2379 		alist = pcap_nametoaddr(name);
2380 		if (alist == NULL || *alist == NULL)
2381 			bpf_error("unknown host '%s'", name);
2382 		return gen_gateway(eaddr, alist, proto, dir);
2383 #else
2384 		bpf_error("'gateway' not supported in this configuration");
2385 #endif /*INET6*/
2386 
2387 	case Q_PROTO:
2388 		real_proto = lookup_proto(name, proto);
2389 		if (real_proto >= 0)
2390 			return gen_proto(real_proto, proto, dir);
2391 		else
2392 			bpf_error("unknown protocol: %s", name);
2393 
2394 	case Q_PROTOCHAIN:
2395 		real_proto = lookup_proto(name, proto);
2396 		if (real_proto >= 0)
2397 			return gen_protochain(real_proto, proto, dir);
2398 		else
2399 			bpf_error("unknown protocol: %s", name);
2400 
2401 
2402 	case Q_UNDEF:
2403 		syntax();
2404 		/* NOTREACHED */
2405 	}
2406 	abort();
2407 	/* NOTREACHED */
2408 }
2409 
2410 struct block *
2411 gen_mcode(const char *s1, const char *s2, int masklen, struct qual q)
2412 {
2413 	int nlen, mlen;
2414 	bpf_u_int32 n, m;
2415 
2416 	nlen = __pcap_atoin(s1, &n);
2417 	/* Promote short ipaddr */
2418 	n <<= 32 - nlen;
2419 
2420 	if (s2 != NULL) {
2421 		mlen = __pcap_atoin(s2, &m);
2422 		/* Promote short ipaddr */
2423 		m <<= 32 - mlen;
2424 		if ((n & ~m) != 0)
2425 			bpf_error("non-network bits set in \"%s mask %s\"",
2426 			    s1, s2);
2427 	} else {
2428 		/* Convert mask len to mask */
2429 		if (masklen > 32)
2430 			bpf_error("mask length must be <= 32");
2431 		m = 0xffffffff << (32 - masklen);
2432 		if ((n & ~m) != 0)
2433 			bpf_error("non-network bits set in \"%s/%d\"",
2434 			    s1, masklen);
2435 	}
2436 
2437 	switch (q.addr) {
2438 
2439 	case Q_NET:
2440 		return gen_host(n, m, q.proto, q.dir);
2441 
2442 	default:
2443 		bpf_error("Mask syntax for networks only");
2444 		/* NOTREACHED */
2445 	}
2446 }
2447 
2448 struct block *
2449 gen_ncode(const char *s, bpf_u_int32 v, struct qual q)
2450 {
2451 	bpf_u_int32 mask;
2452 	int proto = q.proto;
2453 	int dir = q.dir;
2454 	int vlen;
2455 
2456 	if (s == NULL)
2457 		vlen = 32;
2458 	else if (q.proto == Q_DECNET)
2459 		vlen = __pcap_atodn(s, &v);
2460 	else
2461 		vlen = __pcap_atoin(s, &v);
2462 
2463 	switch (q.addr) {
2464 
2465 	case Q_DEFAULT:
2466 	case Q_HOST:
2467 	case Q_NET:
2468 		if (proto == Q_DECNET)
2469 			return gen_host(v, 0, proto, dir);
2470 		else if (proto == Q_LINK) {
2471 			bpf_error("illegal link layer address");
2472 		} else {
2473 			mask = 0xffffffff;
2474 			if (s == NULL && q.addr == Q_NET) {
2475 				/* Promote short net number */
2476 				while (v && (v & 0xff000000) == 0) {
2477 					v <<= 8;
2478 					mask <<= 8;
2479 				}
2480 			} else {
2481 				/* Promote short ipaddr */
2482 				v <<= 32 - vlen;
2483 				mask <<= 32 - vlen;
2484 			}
2485 			return gen_host(v, mask, proto, dir);
2486 		}
2487 
2488 	case Q_PORT:
2489 		if (proto == Q_UDP)
2490 			proto = IPPROTO_UDP;
2491 		else if (proto == Q_TCP)
2492 			proto = IPPROTO_TCP;
2493 		else if (proto == Q_DEFAULT)
2494 			proto = PROTO_UNDEF;
2495 		else
2496 			bpf_error("illegal qualifier of 'port'");
2497 
2498 #ifndef INET6
2499 		return gen_port((int)v, proto, dir);
2500 #else
2501 	    {
2502 		struct block *b;
2503 		b = gen_port((int)v, proto, dir);
2504 		gen_or(gen_port6((int)v, proto, dir), b);
2505 		return b;
2506 	    }
2507 #endif /* INET6 */
2508 
2509 	case Q_GATEWAY:
2510 		bpf_error("'gateway' requires a name");
2511 		/* NOTREACHED */
2512 
2513 	case Q_PROTO:
2514 		return gen_proto((int)v, proto, dir);
2515 
2516 	case Q_PROTOCHAIN:
2517 		return gen_protochain((int)v, proto, dir);
2518 
2519 	case Q_UNDEF:
2520 		syntax();
2521 		/* NOTREACHED */
2522 
2523 	default:
2524 		abort();
2525 		/* NOTREACHED */
2526 	}
2527 	/* NOTREACHED */
2528 }
2529 
2530 #ifdef INET6
2531 struct block *
2532 gen_mcode6(const char *s1, const char *s2, int masklen, struct qual q)
2533 {
2534 	struct addrinfo *res;
2535 	struct in6_addr *addr;
2536 	struct in6_addr mask;
2537 	struct block *b;
2538 	u_int32_t *a, *m;
2539 
2540 	if (s2)
2541 		bpf_error("no mask %s supported", s2);
2542 
2543 	res = pcap_nametoaddrinfo(s1);
2544 	if (!res)
2545 		bpf_error("invalid ip6 address %s", s1);
2546 	if (res->ai_next)
2547 		bpf_error("%s resolved to multiple address", s1);
2548 	addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2549 
2550 	if (sizeof(mask) * 8 < masklen)
2551 		bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2552 	memset(&mask, 0, sizeof(mask));
2553 	memset(&mask, 0xff, masklen / 8);
2554 	if (masklen % 8) {
2555 		mask.s6_addr[masklen / 8] =
2556 			(0xff << (8 - masklen % 8)) & 0xff;
2557 	}
2558 
2559 	a = (u_int32_t *)addr;
2560 	m = (u_int32_t *)&mask;
2561 	if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2562 	 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2563 		bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2564 	}
2565 
2566 	switch (q.addr) {
2567 
2568 	case Q_DEFAULT:
2569 	case Q_HOST:
2570 		if (masklen != 128)
2571 			bpf_error("Mask syntax for networks only");
2572 		/* FALLTHROUGH */
2573 
2574 	case Q_NET:
2575 		b = gen_host6(addr, &mask, q.proto, q.dir);
2576 		freeaddrinfo(res);
2577 		return b;
2578 
2579 	default:
2580 		bpf_error("invalid qualifier against IPv6 address");
2581 		/* NOTREACHED */
2582 	}
2583 }
2584 #endif /*INET6*/
2585 
2586 struct block *
2587 gen_ecode(const u_char *eaddr, struct qual q)
2588 {
2589 	if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2590 		if (linktype == DLT_EN10MB)
2591 			return gen_ehostop(eaddr, (int)q.dir);
2592 		if (linktype == DLT_FDDI)
2593 			return gen_fhostop(eaddr, (int)q.dir);
2594 		if (linktype == DLT_IEEE802_11 ||
2595 		    linktype == DLT_IEEE802_11_RADIO)
2596 			return gen_p80211_hostop(eaddr, (int)q.dir);
2597 	}
2598 	bpf_error("ethernet address used in non-ether expression");
2599 	/* NOTREACHED */
2600 }
2601 
2602 void
2603 sappend(struct slist *s0, struct slist *s1)
2604 {
2605 	/*
2606 	 * This is definitely not the best way to do this, but the
2607 	 * lists will rarely get long.
2608 	 */
2609 	while (s0->next)
2610 		s0 = s0->next;
2611 	s0->next = s1;
2612 }
2613 
2614 static struct slist *
2615 xfer_to_x(struct arth *a)
2616 {
2617 	struct slist *s;
2618 
2619 	s = new_stmt(BPF_LDX|BPF_MEM);
2620 	s->s.k = a->regno;
2621 	return s;
2622 }
2623 
2624 static struct slist *
2625 xfer_to_a(struct arth *a)
2626 {
2627 	struct slist *s;
2628 
2629 	s = new_stmt(BPF_LD|BPF_MEM);
2630 	s->s.k = a->regno;
2631 	return s;
2632 }
2633 
2634 struct arth *
2635 gen_load(int proto, struct arth *index, int size)
2636 {
2637 	struct slist *s, *tmp;
2638 	struct block *b;
2639 	int regno = alloc_reg();
2640 
2641 	free_reg(index->regno);
2642 	switch (size) {
2643 
2644 	default:
2645 		bpf_error("data size must be 1, 2, or 4");
2646 
2647 	case 1:
2648 		size = BPF_B;
2649 		break;
2650 
2651 	case 2:
2652 		size = BPF_H;
2653 		break;
2654 
2655 	case 4:
2656 		size = BPF_W;
2657 		break;
2658 	}
2659 	switch (proto) {
2660 	default:
2661 		bpf_error("unsupported index operation");
2662 
2663 	case Q_LINK:
2664 		s = xfer_to_x(index);
2665 		tmp = new_stmt(BPF_LD|BPF_IND|size);
2666 		sappend(s, tmp);
2667 		sappend(index->s, s);
2668 		break;
2669 
2670 	case Q_IP:
2671 	case Q_ARP:
2672 	case Q_RARP:
2673 	case Q_ATALK:
2674 	case Q_DECNET:
2675 	case Q_SCA:
2676 	case Q_LAT:
2677 	case Q_MOPRC:
2678 	case Q_MOPDL:
2679 #ifdef INET6
2680 	case Q_IPV6:
2681 #endif
2682 		/* XXX Note that we assume a fixed link header here. */
2683 		if (variable_nl) {
2684 			s = nl2X_stmt();
2685 			sappend(s, xfer_to_a(index));
2686 			sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2687 			sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2688 		} else {
2689 			s = xfer_to_x(index);
2690 		}
2691 		tmp = new_stmt(BPF_LD|BPF_IND|size);
2692 		tmp->s.k = off_nl;	/* off_nl == 0 for variable_nl */
2693 		sappend(s, tmp);
2694 		sappend(index->s, s);
2695 
2696 		b = gen_proto_abbrev(proto);
2697 		if (index->b)
2698 			gen_and(index->b, b);
2699 		index->b = b;
2700 		break;
2701 
2702 	case Q_TCP:
2703 	case Q_UDP:
2704 	case Q_ICMP:
2705 	case Q_IGMP:
2706 	case Q_IGRP:
2707 	case Q_PIM:
2708 		s = iphl_to_x();
2709 		sappend(s, xfer_to_a(index));
2710 		sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2711 		sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2712 		sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
2713 		tmp->s.k = off_nl;	/* off_nl is 0 if variable_nl */
2714 		sappend(index->s, s);
2715 
2716 		gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
2717 		if (index->b)
2718 			gen_and(index->b, b);
2719 #ifdef INET6
2720 		gen_and(gen_proto_abbrev(Q_IP), b);
2721 #endif
2722 		index->b = b;
2723 		break;
2724 #ifdef INET6
2725 	case Q_ICMPV6:
2726 		bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
2727 		/*NOTREACHED*/
2728 #endif
2729 	}
2730 	index->regno = regno;
2731 	s = new_stmt(BPF_ST);
2732 	s->s.k = regno;
2733 	sappend(index->s, s);
2734 
2735 	return index;
2736 }
2737 
2738 struct block *
2739 gen_relation(int code, struct arth *a0, struct arth *a1, int reversed)
2740 {
2741 	struct slist *s0, *s1, *s2;
2742 	struct block *b, *tmp;
2743 
2744 	s0 = xfer_to_x(a1);
2745 	s1 = xfer_to_a(a0);
2746 	s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
2747 	b = new_block(JMP(code));
2748 	if (code == BPF_JGT || code == BPF_JGE) {
2749 		reversed = !reversed;
2750 		b->s.k = 0x80000000;
2751 	}
2752 	if (reversed)
2753 		gen_not(b);
2754 
2755 	sappend(s1, s2);
2756 	sappend(s0, s1);
2757 	sappend(a1->s, s0);
2758 	sappend(a0->s, a1->s);
2759 
2760 	b->stmts = a0->s;
2761 
2762 	free_reg(a0->regno);
2763 	free_reg(a1->regno);
2764 
2765 	/* 'and' together protocol checks */
2766 	if (a0->b) {
2767 		if (a1->b) {
2768 			gen_and(a0->b, tmp = a1->b);
2769 		}
2770 		else
2771 			tmp = a0->b;
2772 	} else
2773 		tmp = a1->b;
2774 
2775 	if (tmp)
2776 		gen_and(tmp, b);
2777 
2778 	return b;
2779 }
2780 
2781 struct arth *
2782 gen_loadlen()
2783 {
2784 	int regno = alloc_reg();
2785 	struct arth *a = (struct arth *)newchunk(sizeof(*a));
2786 	struct slist *s;
2787 
2788 	s = new_stmt(BPF_LD|BPF_LEN);
2789 	s->next = new_stmt(BPF_ST);
2790 	s->next->s.k = regno;
2791 	a->s = s;
2792 	a->regno = regno;
2793 
2794 	return a;
2795 }
2796 
2797 struct arth *
2798 gen_loadrnd()
2799 {
2800 	int regno = alloc_reg();
2801 	struct arth *a = (struct arth *)newchunk(sizeof(*a));
2802 	struct slist *s;
2803 
2804 	s = new_stmt(BPF_LD|BPF_RND);
2805 	s->next = new_stmt(BPF_ST);
2806 	s->next->s.k = regno;
2807 	a->s = s;
2808 	a->regno = regno;
2809 
2810 	return a;
2811 }
2812 
2813 struct arth *
2814 gen_loadi(int val)
2815 {
2816 	struct arth *a;
2817 	struct slist *s;
2818 	int reg;
2819 
2820 	a = (struct arth *)newchunk(sizeof(*a));
2821 
2822 	reg = alloc_reg();
2823 
2824 	s = new_stmt(BPF_LD|BPF_IMM);
2825 	s->s.k = val;
2826 	s->next = new_stmt(BPF_ST);
2827 	s->next->s.k = reg;
2828 	a->s = s;
2829 	a->regno = reg;
2830 
2831 	return a;
2832 }
2833 
2834 struct arth *
2835 gen_neg(struct arth *a)
2836 {
2837 	struct slist *s;
2838 
2839 	s = xfer_to_a(a);
2840 	sappend(a->s, s);
2841 	s = new_stmt(BPF_ALU|BPF_NEG);
2842 	s->s.k = 0;
2843 	sappend(a->s, s);
2844 	s = new_stmt(BPF_ST);
2845 	s->s.k = a->regno;
2846 	sappend(a->s, s);
2847 
2848 	return a;
2849 }
2850 
2851 struct arth *
2852 gen_arth(int code, struct arth *a0, struct arth *a1)
2853 {
2854 	struct slist *s0, *s1, *s2;
2855 
2856 	s0 = xfer_to_x(a1);
2857 	s1 = xfer_to_a(a0);
2858 	s2 = new_stmt(BPF_ALU|BPF_X|code);
2859 
2860 	sappend(s1, s2);
2861 	sappend(s0, s1);
2862 	sappend(a1->s, s0);
2863 	sappend(a0->s, a1->s);
2864 
2865 	free_reg(a1->regno);
2866 
2867 	s0 = new_stmt(BPF_ST);
2868 	a0->regno = s0->s.k = alloc_reg();
2869 	sappend(a0->s, s0);
2870 
2871 	return a0;
2872 }
2873 
2874 /*
2875  * Here we handle simple allocation of the scratch registers.
2876  * If too many registers are alloc'd, the allocator punts.
2877  */
2878 static int regused[BPF_MEMWORDS];
2879 static int curreg;
2880 
2881 /*
2882  * Return the next free register.
2883  */
2884 static int
2885 alloc_reg()
2886 {
2887 	int n = BPF_MEMWORDS;
2888 
2889 	while (--n >= 0) {
2890 		if (regused[curreg])
2891 			curreg = (curreg + 1) % BPF_MEMWORDS;
2892 		else {
2893 			regused[curreg] = 1;
2894 			return curreg;
2895 		}
2896 	}
2897 	bpf_error("too many registers needed to evaluate expression");
2898 	/* NOTREACHED */
2899 }
2900 
2901 /*
2902  * Return a register to the table so it can
2903  * be used later.
2904  */
2905 static void
2906 free_reg(int n)
2907 {
2908 	regused[n] = 0;
2909 }
2910 
2911 static struct block *
2912 gen_len(int jmp, int n)
2913 {
2914 	struct slist *s;
2915 	struct block *b;
2916 
2917 	s = new_stmt(BPF_LD|BPF_LEN);
2918 	b = new_block(JMP(jmp));
2919 	b->stmts = s;
2920 	b->s.k = n;
2921 
2922 	return b;
2923 }
2924 
2925 struct block *
2926 gen_greater(int n)
2927 {
2928 	return gen_len(BPF_JGE, n);
2929 }
2930 
2931 struct block *
2932 gen_less(int n)
2933 {
2934 	struct block *b;
2935 
2936 	b = gen_len(BPF_JGT, n);
2937 	gen_not(b);
2938 
2939 	return b;
2940 }
2941 
2942 struct block *
2943 gen_byteop(int op, int idx, int val)
2944 {
2945 	struct block *b;
2946 	struct slist *s;
2947 
2948 	switch (op) {
2949 	default:
2950 		abort();
2951 
2952 	case '=':
2953 		return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2954 
2955 	case '<':
2956 		b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2957 		b->s.code = JMP(BPF_JGE);
2958 		gen_not(b);
2959 		return b;
2960 
2961 	case '>':
2962 		b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2963 		b->s.code = JMP(BPF_JGT);
2964 		return b;
2965 
2966 	case '|':
2967 		s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
2968 		break;
2969 
2970 	case '&':
2971 		s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
2972 		break;
2973 	}
2974 	s->s.k = val;
2975 	b = new_block(JMP(BPF_JEQ));
2976 	b->stmts = s;
2977 	gen_not(b);
2978 
2979 	return b;
2980 }
2981 
2982 struct block *
2983 gen_broadcast(int proto)
2984 {
2985 	bpf_u_int32 hostmask;
2986 	struct block *b0, *b1, *b2;
2987 	static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
2988 
2989 	switch (proto) {
2990 
2991 	case Q_DEFAULT:
2992 	case Q_LINK:
2993 		if (linktype == DLT_EN10MB)
2994 			return gen_ehostop(ebroadcast, Q_DST);
2995 		if (linktype == DLT_FDDI)
2996 			return gen_fhostop(ebroadcast, Q_DST);
2997 		if (linktype == DLT_IEEE802_11 ||
2998 		    linktype == DLT_IEEE802_11_RADIO)
2999 			return gen_p80211_hostop(ebroadcast, Q_DST);
3000 		bpf_error("not a broadcast link");
3001 		break;
3002 
3003 	case Q_IP:
3004 		/*
3005 		 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff)
3006 		 * as an indication that we don't know the netmask, and fail
3007 		 * in that case.
3008 		 */
3009 		if (netmask == PCAP_NETMASK_UNKNOWN)
3010 			bpf_error("netmask not known, so 'ip broadcast' not supported");
3011 		b0 = gen_linktype(ETHERTYPE_IP);
3012 		hostmask = ~netmask;
3013 		b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask);
3014 		b2 = gen_mcmp_nl(16, BPF_W,
3015 			      (bpf_int32)(~0 & hostmask), hostmask);
3016 		gen_or(b1, b2);
3017 		gen_and(b0, b2);
3018 		return b2;
3019 	}
3020 	bpf_error("only ether/ip broadcast filters supported");
3021 }
3022 
3023 struct block *
3024 gen_multicast(int proto)
3025 {
3026 	struct block *b0, *b1;
3027 	struct slist *s;
3028 
3029 	switch (proto) {
3030 
3031 	case Q_DEFAULT:
3032 	case Q_LINK:
3033 		if (linktype == DLT_EN10MB) {
3034 			/* ether[0] & 1 != 0 */
3035 			s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3036 			s->s.k = 0;
3037 			b0 = new_block(JMP(BPF_JSET));
3038 			b0->s.k = 1;
3039 			b0->stmts = s;
3040 			return b0;
3041 		}
3042 
3043 		if (linktype == DLT_FDDI) {
3044 			/* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3045 			/* fddi[1] & 1 != 0 */
3046 			s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3047 			s->s.k = 1;
3048 			b0 = new_block(JMP(BPF_JSET));
3049 			b0->s.k = 1;
3050 			b0->stmts = s;
3051 			return b0;
3052 		}
3053 		/* Link not known to support multicasts */
3054 		break;
3055 
3056 	case Q_IP:
3057 		b0 = gen_linktype(ETHERTYPE_IP);
3058 		b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224);
3059 		b1->s.code = JMP(BPF_JGE);
3060 		gen_and(b0, b1);
3061 		return b1;
3062 
3063 #ifdef INET6
3064 	case Q_IPV6:
3065 		b0 = gen_linktype(ETHERTYPE_IPV6);
3066 		b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255);
3067 		gen_and(b0, b1);
3068 		return b1;
3069 #endif /* INET6 */
3070 	}
3071 	bpf_error("only IP multicast filters supported on ethernet/FDDI");
3072 }
3073 
3074 /*
3075  * generate command for inbound/outbound.  It's here so we can
3076  * make it link-type specific.  'dir' = 0 implies "inbound",
3077  * = 1 implies "outbound".
3078  */
3079 struct block *
3080 gen_inbound(int dir)
3081 {
3082 	struct block *b0;
3083 
3084 	/*
3085 	 * Only SLIP and old-style PPP data link types support
3086 	 * inbound/outbound qualifiers.
3087 	 */
3088 	switch (linktype) {
3089 	case DLT_SLIP:
3090 	case DLT_PPP:
3091 		b0 = gen_relation(BPF_JEQ,
3092 				  gen_load(Q_LINK, gen_loadi(0), 1),
3093 				  gen_loadi(0),
3094 				  dir);
3095 		break;
3096 
3097 	case DLT_PFLOG:
3098 		b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
3099 		    (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
3100 		break;
3101 
3102 	default:
3103 		bpf_error("inbound/outbound not supported on linktype 0x%x",
3104 		    linktype);
3105 		/* NOTREACHED */
3106 	}
3107 
3108 	return (b0);
3109 }
3110 
3111 
3112 /* PF firewall log matched interface */
3113 struct block *
3114 gen_pf_ifname(char *ifname)
3115 {
3116 	struct block *b0;
3117 	u_int len, off;
3118 
3119 	if (linktype == DLT_PFLOG) {
3120 		len = sizeof(((struct pfloghdr *)0)->ifname);
3121 		off = offsetof(struct pfloghdr, ifname);
3122 	} else {
3123 		bpf_error("ifname not supported on linktype 0x%x", linktype);
3124 		/* NOTREACHED */
3125 	}
3126 	if (strlen(ifname) >= len) {
3127 		bpf_error("ifname interface names can only be %d characters",
3128 		    len - 1);
3129 		/* NOTREACHED */
3130 	}
3131 	b0 = gen_bcmp(off, strlen(ifname) + 1, ifname);
3132 	return (b0);
3133 }
3134 
3135 
3136 /* PF firewall log ruleset name */
3137 struct block *
3138 gen_pf_ruleset(char *ruleset)
3139 {
3140 	struct block *b0;
3141 
3142 	if (linktype != DLT_PFLOG) {
3143 		bpf_error("ruleset not supported on linktype 0x%x", linktype);
3144 		/* NOTREACHED */
3145 	}
3146 	if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
3147 		bpf_error("ruleset names can only be %zu characters",
3148 		    sizeof(((struct pfloghdr *)0)->ruleset) - 1);
3149 		/* NOTREACHED */
3150 	}
3151 	b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
3152 	    strlen(ruleset), ruleset);
3153 	return (b0);
3154 }
3155 
3156 
3157 /* PF firewall log rule number */
3158 struct block *
3159 gen_pf_rnr(int rnr)
3160 {
3161 	struct block *b0;
3162 
3163 	if (linktype == DLT_PFLOG) {
3164 		b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
3165 			 (bpf_int32)rnr);
3166 	} else {
3167 		bpf_error("rnr not supported on linktype 0x%x", linktype);
3168 		/* NOTREACHED */
3169 	}
3170 
3171 	return (b0);
3172 }
3173 
3174 
3175 /* PF firewall log sub-rule number */
3176 struct block *
3177 gen_pf_srnr(int srnr)
3178 {
3179 	struct block *b0;
3180 
3181 	if (linktype != DLT_PFLOG) {
3182 		bpf_error("srnr not supported on linktype 0x%x", linktype);
3183 		/* NOTREACHED */
3184 	}
3185 
3186 	b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
3187 	    (bpf_int32)srnr);
3188 	return (b0);
3189 }
3190 
3191 /* PF firewall log reason code */
3192 struct block *
3193 gen_pf_reason(int reason)
3194 {
3195 	struct block *b0;
3196 
3197 	if (linktype == DLT_PFLOG) {
3198 		b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
3199 		    (bpf_int32)reason);
3200 	} else {
3201 		bpf_error("reason not supported on linktype 0x%x", linktype);
3202 		/* NOTREACHED */
3203 	}
3204 
3205 	return (b0);
3206 }
3207 
3208 /* PF firewall log action */
3209 struct block *
3210 gen_pf_action(int action)
3211 {
3212 	struct block *b0;
3213 
3214 	if (linktype == DLT_PFLOG) {
3215 		b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
3216 		    (bpf_int32)action);
3217 	} else {
3218 		bpf_error("action not supported on linktype 0x%x", linktype);
3219 		/* NOTREACHED */
3220 	}
3221 
3222 	return (b0);
3223 }
3224 
3225 /* IEEE 802.11 wireless header */
3226 struct block *
3227 gen_p80211_type(int type, int mask)
3228 {
3229 	struct block *b0;
3230 	u_int offset;
3231 
3232 	if (!(linktype == DLT_IEEE802_11 ||
3233 	    linktype == DLT_IEEE802_11_RADIO)) {
3234 		bpf_error("type not supported on linktype 0x%x",
3235 		    linktype);
3236 		/* NOTREACHED */
3237 	}
3238 	offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]);
3239 	if (linktype == DLT_IEEE802_11_RADIO)
3240 		offset += IEEE80211_RADIOTAP_HDRLEN;
3241 
3242 	b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask);
3243 
3244 	return (b0);
3245 }
3246 
3247 static struct block *
3248 gen_ahostop(const u_char *eaddr, int dir)
3249 {
3250 	struct block *b0, *b1;
3251 
3252 	switch (dir) {
3253 	/* src comes first, different from Ethernet */
3254 	case Q_SRC:
3255 		return gen_bcmp(0, 1, eaddr);
3256 
3257 	case Q_DST:
3258 		return gen_bcmp(1, 1, eaddr);
3259 
3260 	case Q_AND:
3261 		b0 = gen_ahostop(eaddr, Q_SRC);
3262 		b1 = gen_ahostop(eaddr, Q_DST);
3263 		gen_and(b0, b1);
3264 		return b1;
3265 
3266 	case Q_DEFAULT:
3267 	case Q_OR:
3268 		b0 = gen_ahostop(eaddr, Q_SRC);
3269 		b1 = gen_ahostop(eaddr, Q_DST);
3270 		gen_or(b0, b1);
3271 		return b1;
3272 	}
3273 	abort();
3274 	/* NOTREACHED */
3275 }
3276 
3277 struct block *
3278 gen_acode(const u_char *eaddr, struct qual q)
3279 {
3280 	if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3281 		if (linktype == DLT_ARCNET)
3282 			return gen_ahostop(eaddr, (int)q.dir);
3283 	}
3284 	bpf_error("ARCnet address used in non-arc expression");
3285 	/* NOTREACHED */
3286 }
3287 
3288 struct block *
3289 gen_mpls(int label)
3290 {
3291 	struct block	*b0;
3292 
3293 	if (label > MPLS_LABEL_MAX)
3294 		bpf_error("invalid MPLS label : %d", label);
3295 
3296 	if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */
3297 		b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1);
3298 	else
3299 		b0 = gen_linktype(ETHERTYPE_MPLS);
3300 
3301 	if (label >= 0) {
3302 		struct block *b1;
3303 
3304 		b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12),
3305 		    MPLS_LABEL_MASK);
3306 		gen_and(b0, b1);
3307 		b0 = b1;
3308 	}
3309 	off_nl += 4;
3310 	off_linktype += 4;
3311 	mpls_stack++;
3312 	return (b0);
3313 }
3314 
3315 /*
3316  * support IEEE 802.1Q VLAN trunk over ethernet
3317  */
3318 struct block *
3319 gen_vlan(int vlan_num)
3320 {
3321 	struct	block	*b0;
3322 
3323 	if (variable_nl) {
3324 		bpf_error("'vlan' not supported for variable DLTs");
3325 		/*NOTREACHED*/
3326 	}
3327 
3328 	if (vlan_num > 4095) {
3329 		bpf_error("invalid VLAN number : %d", vlan_num);
3330 		/*NOTREACHED*/
3331 	}
3332 
3333 	/*
3334 	 * Change the offsets to point to the type and data fields within
3335 	 * the VLAN packet.  This is somewhat of a kludge.
3336 	 */
3337 	if (orig_nl == (u_int)-1) {
3338 		orig_linktype = off_linktype;	/* save original values */
3339 		orig_nl = off_nl;
3340 		orig_nl_nosnap = off_nl_nosnap;
3341 
3342 		switch (linktype) {
3343 
3344 		case DLT_EN10MB:
3345 			off_linktype = 16;
3346 			off_nl_nosnap = 18;
3347 			off_nl = 18;
3348 			break;
3349 
3350 		default:
3351 			bpf_error("no VLAN support for data link type %d",
3352 				  linktype);
3353 			/*NOTREACHED*/
3354 		}
3355 	}
3356 
3357 	/* check for VLAN */
3358 	b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3359 
3360 	/* If a specific VLAN is requested, check VLAN id */
3361 	if (vlan_num >= 0) {
3362 		struct block *b1;
3363 
3364 		b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF);
3365 		gen_and(b0, b1);
3366 		b0 = b1;
3367 	}
3368 
3369 	return (b0);
3370 }
3371 
3372 struct block *
3373 gen_sample(int rate)
3374 {
3375 	struct block *b0;
3376 	long long threshold = 0x100000000LL; /* 0xffffffff + 1 */
3377 
3378 	if (rate < 2) {
3379 		bpf_error("sample %d is too low", rate);
3380 		/*NOTREACHED*/
3381 	}
3382 	if (rate > (1 << 20)) {
3383 		bpf_error("sample %d is too high", rate);
3384 		/*NOTREACHED*/
3385 	}
3386 
3387 	threshold /= rate;
3388 	b0 = gen_relation(BPF_JGT, gen_loadrnd(), gen_loadi(threshold), 1);
3389 
3390 	return (b0);
3391 }
3392 
3393 struct block *
3394 gen_p80211_fcdir(int fcdir)
3395 {
3396 	struct block *b0;
3397 	u_int offset;
3398 
3399 	if (!(linktype == DLT_IEEE802_11 ||
3400 	    linktype == DLT_IEEE802_11_RADIO)) {
3401 		bpf_error("frame direction not supported on linktype 0x%x",
3402 		    linktype);
3403 		/* NOTREACHED */
3404 	}
3405 	offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]);
3406 	if (linktype == DLT_IEEE802_11_RADIO)
3407 		offset += IEEE80211_RADIOTAP_HDRLEN;
3408 
3409 	b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir,
3410 	    (bpf_u_int32)IEEE80211_FC1_DIR_MASK);
3411 
3412 	return (b0);
3413 }
3414 
3415 static struct block *
3416 gen_p80211_hostop(const u_char *lladdr, int dir)
3417 {
3418 	struct block *b0, *b1, *b2, *b3, *b4;
3419 	u_int offset = 0;
3420 
3421 	if (linktype == DLT_IEEE802_11_RADIO)
3422 		offset = IEEE80211_RADIOTAP_HDRLEN;
3423 
3424 	switch (dir) {
3425 	case Q_SRC:
3426 		b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset +
3427 		    (u_int)offsetof(struct ieee80211_frame, i_addr2),
3428 		    lladdr);
3429 		b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset +
3430 		    (u_int)offsetof(struct ieee80211_frame, i_addr2),
3431 		    lladdr);
3432 		b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset +
3433 		    (u_int)offsetof(struct ieee80211_frame, i_addr3),
3434 		    lladdr);
3435 		b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset +
3436 		    (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4),
3437 		    lladdr);
3438 		b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset +
3439 		    (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2),
3440 		    lladdr);
3441 
3442 		gen_or(b0, b1);
3443 		gen_or(b1, b2);
3444 		gen_or(b2, b3);
3445 		gen_or(b3, b4);
3446 		return (b4);
3447 
3448 	case Q_DST:
3449 		b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset +
3450 		    (u_int)offsetof(struct ieee80211_frame, i_addr1),
3451 		    lladdr);
3452 		b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset +
3453 		    (u_int)offsetof(struct ieee80211_frame, i_addr3),
3454 		    lladdr);
3455 		b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset +
3456 		    (u_int)offsetof(struct ieee80211_frame, i_addr1),
3457 		    lladdr);
3458 		b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset +
3459 		    (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3),
3460 		    lladdr);
3461 		b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset +
3462 		    (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1),
3463 		    lladdr);
3464 
3465 		gen_or(b0, b1);
3466 		gen_or(b1, b2);
3467 		gen_or(b2, b3);
3468 		gen_or(b3, b4);
3469 		return (b4);
3470 
3471 	case Q_ADDR1:
3472 		return (gen_bcmp(offset +
3473 		    (u_int)offsetof(struct ieee80211_frame,
3474 		    i_addr1), IEEE80211_ADDR_LEN, lladdr));
3475 
3476 	case Q_ADDR2:
3477 		return (gen_bcmp(offset +
3478 		    (u_int)offsetof(struct ieee80211_frame,
3479 		    i_addr2), IEEE80211_ADDR_LEN, lladdr));
3480 
3481 	case Q_ADDR3:
3482 		return (gen_bcmp(offset +
3483 		    (u_int)offsetof(struct ieee80211_frame,
3484 		    i_addr3), IEEE80211_ADDR_LEN, lladdr));
3485 
3486 	case Q_ADDR4:
3487 		return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset +
3488 		    (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4),
3489 		    lladdr));
3490 
3491 	case Q_AND:
3492 		b0 = gen_p80211_hostop(lladdr, Q_SRC);
3493 		b1 = gen_p80211_hostop(lladdr, Q_DST);
3494 		gen_and(b0, b1);
3495 		return (b1);
3496 
3497 	case Q_DEFAULT:
3498 	case Q_OR:
3499 		b0 = gen_p80211_hostop(lladdr, Q_ADDR1);
3500 		b1 = gen_p80211_hostop(lladdr, Q_ADDR2);
3501 		b2 = gen_p80211_hostop(lladdr, Q_ADDR3);
3502 		b3 = gen_p80211_hostop(lladdr, Q_ADDR4);
3503 		gen_or(b0, b1);
3504 		gen_or(b1, b2);
3505 		gen_or(b2, b3);
3506 		return (b3);
3507 
3508 	default:
3509 		bpf_error("direction not supported on linktype 0x%x",
3510 		    linktype);
3511 	}
3512 	/* NOTREACHED */
3513 }
3514 
3515 static struct block *
3516 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr)
3517 {
3518 	struct block *b0, *b1;
3519 
3520 	b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK);
3521 	b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr);
3522 	gen_and(b0, b1);
3523 
3524 	return (b1);
3525 }
3526