1 /* $OpenBSD: gencode.c,v 1.55 2020/08/03 03:40:02 dlg Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/param.h> /* ALIGN */ 25 #include <sys/types.h> 26 #include <sys/socket.h> 27 #include <sys/time.h> 28 29 struct mbuf; 30 struct rtentry; 31 32 #include <net/if.h> 33 34 #include <netinet/in.h> 35 #include <netinet/if_ether.h> 36 37 #include <net/if_pflog.h> 38 #include <net/pfvar.h> 39 40 #include <netmpls/mpls.h> 41 42 #include <net80211/ieee80211.h> 43 #include <net80211/ieee80211_radiotap.h> 44 45 #include <stdlib.h> 46 #include <stddef.h> 47 #include <setjmp.h> 48 #include <stdarg.h> 49 #include <string.h> 50 51 #include "pcap-int.h" 52 53 #include "ethertype.h" 54 #include "llc.h" 55 #include "gencode.h" 56 #include "ppp.h" 57 #include <pcap-namedb.h> 58 #ifdef INET6 59 #include <netdb.h> 60 #endif /*INET6*/ 61 62 #ifdef HAVE_OS_PROTO_H 63 #include "os-proto.h" 64 #endif 65 66 #define JMP(c) ((c)|BPF_JMP|BPF_K) 67 68 /* Locals */ 69 static jmp_buf top_ctx; 70 static pcap_t *bpf_pcap; 71 72 /* Hack for updating VLAN offsets. */ 73 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 74 static u_int mpls_stack = 0; 75 76 /* XXX */ 77 #ifdef PCAP_FDDIPAD 78 int pcap_fddipad = PCAP_FDDIPAD; 79 #else 80 int pcap_fddipad; 81 #endif 82 83 __dead void 84 bpf_error(const char *fmt, ...) 85 { 86 va_list ap; 87 88 va_start(ap, fmt); 89 if (bpf_pcap != NULL) 90 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 91 fmt, ap); 92 va_end(ap); 93 longjmp(top_ctx, 1); 94 /* NOTREACHED */ 95 } 96 97 static void init_linktype(int); 98 99 static int alloc_reg(void); 100 static void free_reg(int); 101 102 static struct block *root; 103 104 /* initialization code used for variable link header */ 105 static struct slist *init_code = NULL; 106 107 /* Flags and registers for variable link type handling */ 108 static int variable_nl; 109 static int nl_reg, iphl_reg; 110 111 /* 112 * We divy out chunks of memory rather than call malloc each time so 113 * we don't have to worry about leaking memory. It's probably 114 * not a big deal if all this memory was wasted but it this ever 115 * goes into a library that would probably not be a good idea. 116 */ 117 #define NCHUNKS 16 118 #define CHUNK0SIZE 1024 119 struct chunk { 120 u_int n_left; 121 void *m; 122 }; 123 124 static struct chunk chunks[NCHUNKS]; 125 static int cur_chunk; 126 127 static void *newchunk(u_int); 128 static void freechunks(void); 129 static __inline struct block *new_block(int); 130 static __inline struct slist *new_stmt(int); 131 static struct block *gen_retblk(int); 132 static __inline void syntax(void); 133 134 static void backpatch(struct block *, struct block *); 135 static void merge(struct block *, struct block *); 136 static struct block *gen_cmp(u_int, u_int, bpf_int32); 137 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 138 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 139 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 140 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 141 static struct block *gen_bcmp(u_int, u_int, const u_char *); 142 static struct block *gen_uncond(int); 143 static __inline struct block *gen_true(void); 144 static __inline struct block *gen_false(void); 145 static struct block *gen_linktype(int); 146 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 147 #ifdef INET6 148 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 149 #endif 150 static struct block *gen_ehostop(const u_char *, int); 151 static struct block *gen_fhostop(const u_char *, int); 152 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 153 static struct block *gen_p80211_hostop(const u_char *, int); 154 static struct block *gen_p80211_addr(int, u_int, const u_char *); 155 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 156 #ifdef INET6 157 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 158 #endif 159 #ifndef INET6 160 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 161 #endif 162 static struct block *gen_ipfrag(void); 163 static struct block *gen_portatom(int, bpf_int32); 164 #ifdef INET6 165 static struct block *gen_portatom6(int, bpf_int32); 166 #endif 167 struct block *gen_portop(int, int, int); 168 static struct block *gen_port(int, int, int); 169 #ifdef INET6 170 struct block *gen_portop6(int, int, int); 171 static struct block *gen_port6(int, int, int); 172 #endif 173 static int lookup_proto(const char *, int); 174 static struct block *gen_protochain(int, int, int); 175 static struct block *gen_proto(int, int, int); 176 static struct slist *xfer_to_x(struct arth *); 177 static struct slist *xfer_to_a(struct arth *); 178 static struct block *gen_len(int, int); 179 180 static void * 181 newchunk(n) 182 u_int n; 183 { 184 struct chunk *cp; 185 int k, size; 186 187 /* XXX Round to structure boundary. */ 188 n = ALIGN(n); 189 190 cp = &chunks[cur_chunk]; 191 if (n > cp->n_left) { 192 ++cp, k = ++cur_chunk; 193 if (k >= NCHUNKS) 194 bpf_error("out of memory"); 195 size = CHUNK0SIZE << k; 196 cp->m = calloc(1, size); 197 if (cp->m == NULL) 198 bpf_error("out of memory"); 199 200 cp->n_left = size; 201 if (n > size) 202 bpf_error("out of memory"); 203 } 204 cp->n_left -= n; 205 return (void *)((char *)cp->m + cp->n_left); 206 } 207 208 static void 209 freechunks() 210 { 211 int i; 212 213 cur_chunk = 0; 214 for (i = 0; i < NCHUNKS; ++i) { 215 free(chunks[i].m); 216 chunks[i].m = NULL; 217 } 218 } 219 220 /* 221 * A strdup whose allocations are freed after code generation is over. 222 */ 223 char * 224 sdup(s) 225 const char *s; 226 { 227 int n = strlen(s) + 1; 228 char *cp = newchunk(n); 229 230 strlcpy(cp, s, n); 231 return (cp); 232 } 233 234 static __inline struct block * 235 new_block(code) 236 int code; 237 { 238 struct block *p; 239 240 p = (struct block *)newchunk(sizeof(*p)); 241 p->s.code = code; 242 p->head = p; 243 244 return p; 245 } 246 247 static __inline struct slist * 248 new_stmt(code) 249 int code; 250 { 251 struct slist *p; 252 253 p = (struct slist *)newchunk(sizeof(*p)); 254 p->s.code = code; 255 256 return p; 257 } 258 259 static struct block * 260 gen_retblk(v) 261 int v; 262 { 263 struct block *b = new_block(BPF_RET|BPF_K); 264 265 b->s.k = v; 266 return b; 267 } 268 269 static __inline void 270 syntax() 271 { 272 bpf_error("syntax error in filter expression"); 273 } 274 275 static bpf_u_int32 netmask; 276 static int snaplen; 277 int no_optimize; 278 279 int 280 pcap_compile(pcap_t *p, struct bpf_program *program, 281 const char *buf, int optimize, bpf_u_int32 mask) 282 { 283 extern int n_errors; 284 int len; 285 286 no_optimize = 0; 287 n_errors = 0; 288 root = NULL; 289 bpf_pcap = p; 290 if (setjmp(top_ctx)) { 291 freechunks(); 292 return (-1); 293 } 294 295 netmask = mask; 296 snaplen = pcap_snapshot(p); 297 298 lex_init(buf ? buf : ""); 299 init_linktype(pcap_datalink(p)); 300 (void)pcap_parse(); 301 302 if (n_errors) 303 syntax(); 304 305 if (root == NULL) 306 root = gen_retblk(snaplen); 307 308 if (optimize && !no_optimize) { 309 bpf_optimize(&root); 310 if (root == NULL || 311 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 312 bpf_error("expression rejects all packets"); 313 } 314 program->bf_insns = icode_to_fcode(root, &len); 315 program->bf_len = len; 316 317 freechunks(); 318 return (0); 319 } 320 321 /* 322 * entry point for using the compiler with no pcap open 323 * pass in all the stuff that is needed explicitly instead. 324 */ 325 int 326 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 327 struct bpf_program *program, 328 const char *buf, int optimize, bpf_u_int32 mask) 329 { 330 extern int n_errors; 331 int len; 332 333 n_errors = 0; 334 root = NULL; 335 bpf_pcap = NULL; 336 if (setjmp(top_ctx)) { 337 freechunks(); 338 return (-1); 339 } 340 341 netmask = mask; 342 343 /* XXX needed? I don't grok the use of globals here. */ 344 snaplen = snaplen_arg; 345 346 lex_init(buf ? buf : ""); 347 init_linktype(linktype_arg); 348 (void)pcap_parse(); 349 350 if (n_errors) 351 syntax(); 352 353 if (root == NULL) 354 root = gen_retblk(snaplen_arg); 355 356 if (optimize) { 357 bpf_optimize(&root); 358 if (root == NULL || 359 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 360 bpf_error("expression rejects all packets"); 361 } 362 program->bf_insns = icode_to_fcode(root, &len); 363 program->bf_len = len; 364 365 freechunks(); 366 return (0); 367 } 368 369 /* 370 * Clean up a "struct bpf_program" by freeing all the memory allocated 371 * in it. 372 */ 373 void 374 pcap_freecode(struct bpf_program *program) 375 { 376 program->bf_len = 0; 377 if (program->bf_insns != NULL) { 378 free((char *)program->bf_insns); 379 program->bf_insns = NULL; 380 } 381 } 382 383 /* 384 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 385 * which of the jt and jf fields has been resolved and which is a pointer 386 * back to another unresolved block (or nil). At least one of the fields 387 * in each block is already resolved. 388 */ 389 static void 390 backpatch(list, target) 391 struct block *list, *target; 392 { 393 struct block *next; 394 395 while (list) { 396 if (!list->sense) { 397 next = JT(list); 398 JT(list) = target; 399 } else { 400 next = JF(list); 401 JF(list) = target; 402 } 403 list = next; 404 } 405 } 406 407 /* 408 * Merge the lists in b0 and b1, using the 'sense' field to indicate 409 * which of jt and jf is the link. 410 */ 411 static void 412 merge(b0, b1) 413 struct block *b0, *b1; 414 { 415 struct block **p = &b0; 416 417 /* Find end of list. */ 418 while (*p) 419 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 420 421 /* Concatenate the lists. */ 422 *p = b1; 423 } 424 425 void 426 finish_parse(p) 427 struct block *p; 428 { 429 backpatch(p, gen_retblk(snaplen)); 430 p->sense = !p->sense; 431 backpatch(p, gen_retblk(0)); 432 root = p->head; 433 434 /* prepend initialization code to root */ 435 if (init_code != NULL && root != NULL) { 436 sappend(init_code, root->stmts); 437 root->stmts = init_code; 438 init_code = NULL; 439 } 440 441 if (iphl_reg != -1) { 442 free_reg(iphl_reg); 443 iphl_reg = -1; 444 } 445 if (nl_reg != -1) { 446 free_reg(nl_reg); 447 nl_reg = -1; 448 } 449 } 450 451 void 452 gen_and(b0, b1) 453 struct block *b0, *b1; 454 { 455 backpatch(b0, b1->head); 456 b0->sense = !b0->sense; 457 b1->sense = !b1->sense; 458 merge(b1, b0); 459 b1->sense = !b1->sense; 460 b1->head = b0->head; 461 } 462 463 void 464 gen_or(b0, b1) 465 struct block *b0, *b1; 466 { 467 b0->sense = !b0->sense; 468 backpatch(b0, b1->head); 469 b0->sense = !b0->sense; 470 merge(b1, b0); 471 b1->head = b0->head; 472 } 473 474 void 475 gen_not(b) 476 struct block *b; 477 { 478 b->sense = !b->sense; 479 } 480 481 static struct block * 482 gen_cmp(offset, size, v) 483 u_int offset, size; 484 bpf_int32 v; 485 { 486 struct slist *s; 487 struct block *b; 488 489 s = new_stmt(BPF_LD|BPF_ABS|size); 490 s->s.k = offset; 491 492 b = new_block(JMP(BPF_JEQ)); 493 b->stmts = s; 494 b->s.k = v; 495 496 return b; 497 } 498 499 static struct block * 500 gen_cmp_gt(offset, size, v) 501 u_int offset, size; 502 bpf_int32 v; 503 { 504 struct slist *s; 505 struct block *b; 506 507 s = new_stmt(BPF_LD|BPF_ABS|size); 508 s->s.k = offset; 509 510 b = new_block(JMP(BPF_JGT)); 511 b->stmts = s; 512 b->s.k = v; 513 514 return b; 515 } 516 517 static struct block * 518 gen_mcmp(offset, size, v, mask) 519 u_int offset, size; 520 bpf_int32 v; 521 bpf_u_int32 mask; 522 { 523 struct block *b = gen_cmp(offset, size, v); 524 struct slist *s; 525 526 if (mask != 0xffffffff) { 527 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 528 s->s.k = mask; 529 sappend(b->stmts, s); 530 } 531 return b; 532 } 533 534 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 535 static struct block * 536 gen_mcmp_nl(offset, size, v, mask) 537 u_int offset, size; 538 bpf_int32 v; 539 bpf_u_int32 mask; 540 { 541 struct block *b = gen_cmp_nl(offset, size, v); 542 struct slist *s; 543 544 if (mask != 0xffffffff) { 545 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 546 s->s.k = mask; 547 sappend(b->stmts, s); 548 } 549 return b; 550 } 551 552 static struct block * 553 gen_bcmp(offset, size, v) 554 u_int offset, size; 555 const u_char *v; 556 { 557 struct block *b, *tmp; 558 559 b = NULL; 560 while (size >= 4) { 561 const u_char *p = &v[size - 4]; 562 bpf_int32 w = ((bpf_int32)p[0] << 24) | 563 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 564 565 tmp = gen_cmp(offset + size - 4, BPF_W, w); 566 if (b != NULL) 567 gen_and(b, tmp); 568 b = tmp; 569 size -= 4; 570 } 571 while (size >= 2) { 572 const u_char *p = &v[size - 2]; 573 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 574 575 tmp = gen_cmp(offset + size - 2, BPF_H, w); 576 if (b != NULL) 577 gen_and(b, tmp); 578 b = tmp; 579 size -= 2; 580 } 581 if (size > 0) { 582 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 583 if (b != NULL) 584 gen_and(b, tmp); 585 b = tmp; 586 } 587 return b; 588 } 589 590 /* 591 * Various code constructs need to know the layout of the data link 592 * layer. These variables give the necessary offsets. off_linktype 593 * is set to -1 for no encapsulation, in which case, IP is assumed. 594 */ 595 static u_int off_linktype; 596 static u_int off_nl; 597 static u_int off_nl_nosnap; 598 599 static int linktype; 600 601 /* Generate code to load the dynamic 'off_nl' to the X register */ 602 static struct slist * 603 nl2X_stmt(void) 604 { 605 struct slist *s, *tmp; 606 607 if (nl_reg == -1) { 608 switch (linktype) { 609 case DLT_PFLOG: 610 /* The pflog header contains PFLOG_REAL_HDRLEN 611 which does NOT include the padding. Round 612 up to the nearest dword boundary */ 613 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 614 s->s.k = 0; 615 616 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 617 tmp->s.k = 3; 618 sappend(s, tmp); 619 620 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 621 tmp->s.k = 0xfc; 622 sappend(s, tmp); 623 624 nl_reg = alloc_reg(); 625 tmp = new_stmt(BPF_ST); 626 tmp->s.k = nl_reg; 627 sappend(s, tmp); 628 629 break; 630 default: 631 bpf_error("Unknown header size for link type 0x%x", 632 linktype); 633 } 634 635 if (init_code == NULL) 636 init_code = s; 637 else 638 sappend(init_code, s); 639 } 640 641 s = new_stmt(BPF_LDX|BPF_MEM); 642 s->s.k = nl_reg; 643 644 return s; 645 } 646 647 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 648 static struct block * 649 gen_cmp_nl(offset, size, v) 650 u_int offset, size; 651 bpf_int32 v; 652 { 653 struct slist *s, *tmp; 654 struct block *b; 655 656 if (variable_nl) { 657 s = nl2X_stmt(); 658 tmp = new_stmt(BPF_LD|BPF_IND|size); 659 tmp->s.k = offset; 660 sappend(s, tmp); 661 } else { 662 s = new_stmt(BPF_LD|BPF_ABS|size); 663 s->s.k = offset + off_nl; 664 } 665 b = new_block(JMP(BPF_JEQ)); 666 b->stmts = s; 667 b->s.k = v; 668 669 return b; 670 } 671 672 static void 673 init_linktype(type) 674 int type; 675 { 676 linktype = type; 677 init_code = NULL; 678 nl_reg = iphl_reg = -1; 679 680 switch (type) { 681 682 case DLT_EN10MB: 683 off_linktype = 12; 684 off_nl = 14; 685 return; 686 687 case DLT_SLIP: 688 /* 689 * SLIP doesn't have a link level type. The 16 byte 690 * header is hacked into our SLIP driver. 691 */ 692 off_linktype = -1; 693 off_nl = 16; 694 return; 695 696 case DLT_SLIP_BSDOS: 697 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 698 off_linktype = -1; 699 /* XXX end */ 700 off_nl = 24; 701 return; 702 703 case DLT_NULL: 704 off_linktype = 0; 705 off_nl = 4; 706 return; 707 708 case DLT_PPP: 709 off_linktype = 2; 710 off_nl = 4; 711 return; 712 713 case DLT_PPP_SERIAL: 714 off_linktype = -1; 715 off_nl = 2; 716 return; 717 718 case DLT_PPP_ETHER: 719 /* 720 * This does not include the Ethernet header, and 721 * only covers session state. 722 */ 723 off_linktype = 6; 724 off_nl = 8; 725 return; 726 727 case DLT_PPP_BSDOS: 728 off_linktype = 5; 729 off_nl = 24; 730 return; 731 732 case DLT_FDDI: 733 /* 734 * FDDI doesn't really have a link-level type field. 735 * We assume that SSAP = SNAP is being used and pick 736 * out the encapsulated Ethernet type. 737 */ 738 off_linktype = 19; 739 #ifdef PCAP_FDDIPAD 740 off_linktype += pcap_fddipad; 741 #endif 742 off_nl = 21; 743 #ifdef PCAP_FDDIPAD 744 off_nl += pcap_fddipad; 745 #endif 746 return; 747 748 case DLT_IEEE802: 749 off_linktype = 20; 750 off_nl = 22; 751 return; 752 753 case DLT_IEEE802_11: 754 off_linktype = 30; /* XXX variable */ 755 off_nl = 32; 756 return; 757 758 case DLT_IEEE802_11_RADIO: /* XXX variable */ 759 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 760 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 761 return; 762 763 case DLT_ATM_RFC1483: 764 /* 765 * assume routed, non-ISO PDUs 766 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 767 */ 768 off_linktype = 6; 769 off_nl = 8; 770 return; 771 772 case DLT_LOOP: 773 off_linktype = 0; 774 off_nl = 4; 775 return; 776 777 case DLT_ENC: 778 off_linktype = -1; 779 off_nl = 12; 780 return; 781 782 case DLT_PFLOG: 783 off_linktype = 0; 784 variable_nl = 1; 785 off_nl = 0; 786 return; 787 788 case DLT_PFSYNC: 789 off_linktype = -1; 790 off_nl = 4; 791 return; 792 793 case DLT_OPENFLOW: 794 off_linktype = -1; 795 off_nl = 12; 796 return; 797 798 case DLT_USBPCAP: 799 /* FALLTHROUGH */ 800 case DLT_RAW: 801 off_linktype = -1; 802 off_nl = 0; 803 return; 804 } 805 bpf_error("unknown data link type 0x%x", linktype); 806 /* NOTREACHED */ 807 } 808 809 static struct block * 810 gen_uncond(rsense) 811 int rsense; 812 { 813 struct block *b; 814 struct slist *s; 815 816 s = new_stmt(BPF_LD|BPF_IMM); 817 s->s.k = !rsense; 818 b = new_block(JMP(BPF_JEQ)); 819 b->stmts = s; 820 821 return b; 822 } 823 824 static __inline struct block * 825 gen_true() 826 { 827 return gen_uncond(1); 828 } 829 830 static __inline struct block * 831 gen_false() 832 { 833 return gen_uncond(0); 834 } 835 836 static struct block * 837 gen_linktype(proto) 838 int proto; 839 { 840 struct block *b0, *b1; 841 842 /* If we're not using encapsulation and checking for IP, we're done */ 843 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP) 844 return gen_true(); 845 #ifdef INET6 846 /* this isn't the right thing to do, but sometimes necessary */ 847 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6) 848 return gen_true(); 849 #endif 850 851 switch (linktype) { 852 853 case DLT_EN10MB: 854 if (proto <= ETHERMTU) { 855 /* This is an LLC SAP value */ 856 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 857 gen_not(b0); 858 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 859 gen_and(b0, b1); 860 return b1; 861 } else { 862 /* This is an Ethernet type */ 863 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 864 } 865 break; 866 867 case DLT_SLIP: 868 return gen_false(); 869 870 case DLT_PPP: 871 case DLT_PPP_ETHER: 872 if (proto == ETHERTYPE_IP) 873 proto = PPP_IP; /* XXX was 0x21 */ 874 #ifdef INET6 875 else if (proto == ETHERTYPE_IPV6) 876 proto = PPP_IPV6; 877 #endif 878 break; 879 880 case DLT_PPP_BSDOS: 881 switch (proto) { 882 883 case ETHERTYPE_IP: 884 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 885 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 886 gen_or(b0, b1); 887 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 888 gen_or(b1, b0); 889 return b0; 890 891 #ifdef INET6 892 case ETHERTYPE_IPV6: 893 proto = PPP_IPV6; 894 /* more to go? */ 895 break; 896 #endif /* INET6 */ 897 898 case ETHERTYPE_DN: 899 proto = PPP_DECNET; 900 break; 901 902 case ETHERTYPE_ATALK: 903 proto = PPP_APPLE; 904 break; 905 906 case ETHERTYPE_NS: 907 proto = PPP_NS; 908 break; 909 } 910 break; 911 912 case DLT_LOOP: 913 case DLT_ENC: 914 case DLT_NULL: 915 /* XXX */ 916 if (proto == ETHERTYPE_IP) 917 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 918 #ifdef INET6 919 else if (proto == ETHERTYPE_IPV6) 920 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 921 #endif /* INET6 */ 922 else 923 return gen_false(); 924 break; 925 case DLT_PFLOG: 926 if (proto == ETHERTYPE_IP) 927 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 928 (bpf_int32)AF_INET)); 929 #ifdef INET6 930 else if (proto == ETHERTYPE_IPV6) 931 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 932 (bpf_int32)AF_INET6)); 933 #endif /* INET6 */ 934 else 935 return gen_false(); 936 break; 937 938 } 939 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 940 } 941 942 static struct block * 943 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 944 bpf_u_int32 addr; 945 bpf_u_int32 mask; 946 int dir, proto; 947 u_int src_off, dst_off; 948 { 949 struct block *b0, *b1; 950 u_int offset; 951 952 switch (dir) { 953 954 case Q_SRC: 955 offset = src_off; 956 break; 957 958 case Q_DST: 959 offset = dst_off; 960 break; 961 962 case Q_AND: 963 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 964 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 965 gen_and(b0, b1); 966 return b1; 967 968 case Q_OR: 969 case Q_DEFAULT: 970 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 971 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 972 gen_or(b0, b1); 973 return b1; 974 975 default: 976 bpf_error("direction not supported on linktype 0x%x", 977 linktype); 978 } 979 b0 = gen_linktype(proto); 980 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 981 gen_and(b0, b1); 982 return b1; 983 } 984 985 #ifdef INET6 986 static struct block * 987 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 988 struct in6_addr *addr; 989 struct in6_addr *mask; 990 int dir, proto; 991 u_int src_off, dst_off; 992 { 993 struct block *b0, *b1; 994 u_int offset; 995 u_int32_t *a, *m; 996 997 switch (dir) { 998 999 case Q_SRC: 1000 offset = src_off; 1001 break; 1002 1003 case Q_DST: 1004 offset = dst_off; 1005 break; 1006 1007 case Q_AND: 1008 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1009 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1010 gen_and(b0, b1); 1011 return b1; 1012 1013 case Q_OR: 1014 case Q_DEFAULT: 1015 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1016 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1017 gen_or(b0, b1); 1018 return b1; 1019 1020 default: 1021 bpf_error("direction not supported on linktype 0x%x", 1022 linktype); 1023 } 1024 /* this order is important */ 1025 a = (u_int32_t *)addr; 1026 m = (u_int32_t *)mask; 1027 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1028 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1029 gen_and(b0, b1); 1030 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1031 gen_and(b0, b1); 1032 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1033 gen_and(b0, b1); 1034 b0 = gen_linktype(proto); 1035 gen_and(b0, b1); 1036 return b1; 1037 } 1038 #endif /*INET6*/ 1039 1040 static struct block * 1041 gen_ehostop(eaddr, dir) 1042 const u_char *eaddr; 1043 int dir; 1044 { 1045 struct block *b0, *b1; 1046 1047 switch (dir) { 1048 case Q_SRC: 1049 return gen_bcmp(6, 6, eaddr); 1050 1051 case Q_DST: 1052 return gen_bcmp(0, 6, eaddr); 1053 1054 case Q_AND: 1055 b0 = gen_ehostop(eaddr, Q_SRC); 1056 b1 = gen_ehostop(eaddr, Q_DST); 1057 gen_and(b0, b1); 1058 return b1; 1059 1060 case Q_DEFAULT: 1061 case Q_OR: 1062 b0 = gen_ehostop(eaddr, Q_SRC); 1063 b1 = gen_ehostop(eaddr, Q_DST); 1064 gen_or(b0, b1); 1065 return b1; 1066 default: 1067 bpf_error("direction not supported on linktype 0x%x", 1068 linktype); 1069 } 1070 /* NOTREACHED */ 1071 } 1072 1073 /* 1074 * Like gen_ehostop, but for DLT_FDDI 1075 */ 1076 static struct block * 1077 gen_fhostop(eaddr, dir) 1078 const u_char *eaddr; 1079 int dir; 1080 { 1081 struct block *b0, *b1; 1082 1083 switch (dir) { 1084 case Q_SRC: 1085 #ifdef PCAP_FDDIPAD 1086 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1087 #else 1088 return gen_bcmp(6 + 1, 6, eaddr); 1089 #endif 1090 1091 case Q_DST: 1092 #ifdef PCAP_FDDIPAD 1093 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1094 #else 1095 return gen_bcmp(0 + 1, 6, eaddr); 1096 #endif 1097 1098 case Q_AND: 1099 b0 = gen_fhostop(eaddr, Q_SRC); 1100 b1 = gen_fhostop(eaddr, Q_DST); 1101 gen_and(b0, b1); 1102 return b1; 1103 1104 case Q_DEFAULT: 1105 case Q_OR: 1106 b0 = gen_fhostop(eaddr, Q_SRC); 1107 b1 = gen_fhostop(eaddr, Q_DST); 1108 gen_or(b0, b1); 1109 return b1; 1110 default: 1111 bpf_error("direction not supported on linktype 0x%x", 1112 linktype); 1113 } 1114 /* NOTREACHED */ 1115 } 1116 1117 /* 1118 * This is quite tricky because there may be pad bytes in front of the 1119 * DECNET header, and then there are two possible data packet formats that 1120 * carry both src and dst addresses, plus 5 packet types in a format that 1121 * carries only the src node, plus 2 types that use a different format and 1122 * also carry just the src node. 1123 * 1124 * Yuck. 1125 * 1126 * Instead of doing those all right, we just look for data packets with 1127 * 0 or 1 bytes of padding. If you want to look at other packets, that 1128 * will require a lot more hacking. 1129 * 1130 * To add support for filtering on DECNET "areas" (network numbers) 1131 * one would want to add a "mask" argument to this routine. That would 1132 * make the filter even more inefficient, although one could be clever 1133 * and not generate masking instructions if the mask is 0xFFFF. 1134 */ 1135 static struct block * 1136 gen_dnhostop(addr, dir, base_off) 1137 bpf_u_int32 addr; 1138 int dir; 1139 u_int base_off; 1140 { 1141 struct block *b0, *b1, *b2, *tmp; 1142 u_int offset_lh; /* offset if long header is received */ 1143 u_int offset_sh; /* offset if short header is received */ 1144 1145 switch (dir) { 1146 1147 case Q_DST: 1148 offset_sh = 1; /* follows flags */ 1149 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1150 break; 1151 1152 case Q_SRC: 1153 offset_sh = 3; /* follows flags, dstnode */ 1154 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1155 break; 1156 1157 case Q_AND: 1158 /* Inefficient because we do our Calvinball dance twice */ 1159 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1160 b1 = gen_dnhostop(addr, Q_DST, base_off); 1161 gen_and(b0, b1); 1162 return b1; 1163 1164 case Q_OR: 1165 case Q_DEFAULT: 1166 /* Inefficient because we do our Calvinball dance twice */ 1167 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1168 b1 = gen_dnhostop(addr, Q_DST, base_off); 1169 gen_or(b0, b1); 1170 return b1; 1171 1172 default: 1173 bpf_error("direction not supported on linktype 0x%x", 1174 linktype); 1175 } 1176 b0 = gen_linktype(ETHERTYPE_DN); 1177 /* Check for pad = 1, long header case */ 1178 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1179 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1180 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1181 BPF_H, (bpf_int32)ntohs(addr)); 1182 gen_and(tmp, b1); 1183 /* Check for pad = 0, long header case */ 1184 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1185 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1186 gen_and(tmp, b2); 1187 gen_or(b2, b1); 1188 /* Check for pad = 1, short header case */ 1189 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1190 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1191 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1192 BPF_H, (bpf_int32)ntohs(addr)); 1193 gen_and(tmp, b2); 1194 gen_or(b2, b1); 1195 /* Check for pad = 0, short header case */ 1196 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1197 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1198 gen_and(tmp, b2); 1199 gen_or(b2, b1); 1200 1201 /* Combine with test for linktype */ 1202 gen_and(b0, b1); 1203 return b1; 1204 } 1205 1206 static struct block * 1207 gen_host(addr, mask, proto, dir) 1208 bpf_u_int32 addr; 1209 bpf_u_int32 mask; 1210 int proto; 1211 int dir; 1212 { 1213 struct block *b0, *b1; 1214 1215 switch (proto) { 1216 1217 case Q_DEFAULT: 1218 b0 = gen_host(addr, mask, Q_IP, dir); 1219 b1 = gen_host(addr, mask, Q_ARP, dir); 1220 gen_or(b0, b1); 1221 b0 = gen_host(addr, mask, Q_RARP, dir); 1222 gen_or(b1, b0); 1223 return b0; 1224 1225 case Q_IP: 1226 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1227 12, 16); 1228 1229 case Q_RARP: 1230 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1231 14, 24); 1232 1233 case Q_ARP: 1234 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1235 14, 24); 1236 1237 case Q_TCP: 1238 bpf_error("'tcp' modifier applied to host"); 1239 1240 case Q_UDP: 1241 bpf_error("'udp' modifier applied to host"); 1242 1243 case Q_ICMP: 1244 bpf_error("'icmp' modifier applied to host"); 1245 1246 case Q_IGMP: 1247 bpf_error("'igmp' modifier applied to host"); 1248 1249 case Q_IGRP: 1250 bpf_error("'igrp' modifier applied to host"); 1251 1252 case Q_PIM: 1253 bpf_error("'pim' modifier applied to host"); 1254 1255 case Q_STP: 1256 bpf_error("'stp' modifier applied to host"); 1257 1258 case Q_ATALK: 1259 bpf_error("ATALK host filtering not implemented"); 1260 1261 case Q_DECNET: 1262 return gen_dnhostop(addr, dir, 0); 1263 1264 case Q_SCA: 1265 bpf_error("SCA host filtering not implemented"); 1266 1267 case Q_LAT: 1268 bpf_error("LAT host filtering not implemented"); 1269 1270 case Q_MOPDL: 1271 bpf_error("MOPDL host filtering not implemented"); 1272 1273 case Q_MOPRC: 1274 bpf_error("MOPRC host filtering not implemented"); 1275 1276 #ifdef INET6 1277 case Q_IPV6: 1278 bpf_error("'ip6' modifier applied to ip host"); 1279 1280 case Q_ICMPV6: 1281 bpf_error("'icmp6' modifier applied to host"); 1282 #endif /* INET6 */ 1283 1284 case Q_AH: 1285 bpf_error("'ah' modifier applied to host"); 1286 1287 case Q_ESP: 1288 bpf_error("'esp' modifier applied to host"); 1289 1290 default: 1291 bpf_error("direction not supported on linktype 0x%x", 1292 linktype); 1293 } 1294 /* NOTREACHED */ 1295 } 1296 1297 #ifdef INET6 1298 static struct block * 1299 gen_host6(addr, mask, proto, dir) 1300 struct in6_addr *addr; 1301 struct in6_addr *mask; 1302 int proto; 1303 int dir; 1304 { 1305 switch (proto) { 1306 1307 case Q_DEFAULT: 1308 return gen_host6(addr, mask, Q_IPV6, dir); 1309 1310 case Q_IP: 1311 bpf_error("'ip' modifier applied to ip6 host"); 1312 1313 case Q_RARP: 1314 bpf_error("'rarp' modifier applied to ip6 host"); 1315 1316 case Q_ARP: 1317 bpf_error("'arp' modifier applied to ip6 host"); 1318 1319 case Q_TCP: 1320 bpf_error("'tcp' modifier applied to host"); 1321 1322 case Q_UDP: 1323 bpf_error("'udp' modifier applied to host"); 1324 1325 case Q_ICMP: 1326 bpf_error("'icmp' modifier applied to host"); 1327 1328 case Q_IGMP: 1329 bpf_error("'igmp' modifier applied to host"); 1330 1331 case Q_IGRP: 1332 bpf_error("'igrp' modifier applied to host"); 1333 1334 case Q_PIM: 1335 bpf_error("'pim' modifier applied to host"); 1336 1337 case Q_STP: 1338 bpf_error("'stp' modifier applied to host"); 1339 1340 case Q_ATALK: 1341 bpf_error("ATALK host filtering not implemented"); 1342 1343 case Q_DECNET: 1344 bpf_error("'decnet' modifier applied to ip6 host"); 1345 1346 case Q_SCA: 1347 bpf_error("SCA host filtering not implemented"); 1348 1349 case Q_LAT: 1350 bpf_error("LAT host filtering not implemented"); 1351 1352 case Q_MOPDL: 1353 bpf_error("MOPDL host filtering not implemented"); 1354 1355 case Q_MOPRC: 1356 bpf_error("MOPRC host filtering not implemented"); 1357 1358 case Q_IPV6: 1359 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1360 8, 24); 1361 1362 case Q_ICMPV6: 1363 bpf_error("'icmp6' modifier applied to host"); 1364 1365 case Q_AH: 1366 bpf_error("'ah' modifier applied to host"); 1367 1368 case Q_ESP: 1369 bpf_error("'esp' modifier applied to host"); 1370 1371 default: 1372 abort(); 1373 } 1374 /* NOTREACHED */ 1375 } 1376 #endif /*INET6*/ 1377 1378 #ifndef INET6 1379 static struct block * 1380 gen_gateway(eaddr, alist, proto, dir) 1381 const u_char *eaddr; 1382 bpf_u_int32 **alist; 1383 int proto; 1384 int dir; 1385 { 1386 struct block *b0, *b1, *tmp; 1387 1388 if (dir != 0) 1389 bpf_error("direction applied to 'gateway'"); 1390 1391 switch (proto) { 1392 case Q_DEFAULT: 1393 case Q_IP: 1394 case Q_ARP: 1395 case Q_RARP: 1396 if (linktype == DLT_EN10MB) 1397 b0 = gen_ehostop(eaddr, Q_OR); 1398 else if (linktype == DLT_FDDI) 1399 b0 = gen_fhostop(eaddr, Q_OR); 1400 else 1401 bpf_error( 1402 "'gateway' supported only on ethernet or FDDI"); 1403 1404 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1405 while (*alist) { 1406 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1407 gen_or(b1, tmp); 1408 b1 = tmp; 1409 } 1410 gen_not(b1); 1411 gen_and(b0, b1); 1412 return b1; 1413 } 1414 bpf_error("illegal modifier of 'gateway'"); 1415 /* NOTREACHED */ 1416 } 1417 #endif /*INET6*/ 1418 1419 struct block * 1420 gen_proto_abbrev(proto) 1421 int proto; 1422 { 1423 struct block *b0 = NULL, *b1; 1424 1425 switch (proto) { 1426 1427 case Q_TCP: 1428 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1429 #ifdef INET6 1430 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1431 gen_or(b0, b1); 1432 #endif 1433 break; 1434 1435 case Q_UDP: 1436 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1437 #ifdef INET6 1438 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1439 gen_or(b0, b1); 1440 #endif 1441 break; 1442 1443 case Q_ICMP: 1444 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1445 break; 1446 1447 #ifndef IPPROTO_IGMP 1448 #define IPPROTO_IGMP 2 1449 #endif 1450 1451 case Q_IGMP: 1452 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1453 break; 1454 1455 #ifndef IPPROTO_IGRP 1456 #define IPPROTO_IGRP 9 1457 #endif 1458 case Q_IGRP: 1459 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1460 break; 1461 1462 #ifndef IPPROTO_PIM 1463 #define IPPROTO_PIM 103 1464 #endif 1465 1466 case Q_PIM: 1467 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1468 #ifdef INET6 1469 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1470 gen_or(b0, b1); 1471 #endif 1472 break; 1473 1474 case Q_IP: 1475 b1 = gen_linktype(ETHERTYPE_IP); 1476 break; 1477 1478 case Q_ARP: 1479 b1 = gen_linktype(ETHERTYPE_ARP); 1480 break; 1481 1482 case Q_RARP: 1483 b1 = gen_linktype(ETHERTYPE_REVARP); 1484 break; 1485 1486 case Q_LINK: 1487 bpf_error("link layer applied in wrong context"); 1488 1489 case Q_ATALK: 1490 b1 = gen_linktype(ETHERTYPE_ATALK); 1491 break; 1492 1493 case Q_DECNET: 1494 b1 = gen_linktype(ETHERTYPE_DN); 1495 break; 1496 1497 case Q_SCA: 1498 b1 = gen_linktype(ETHERTYPE_SCA); 1499 break; 1500 1501 case Q_LAT: 1502 b1 = gen_linktype(ETHERTYPE_LAT); 1503 break; 1504 1505 case Q_MOPDL: 1506 b1 = gen_linktype(ETHERTYPE_MOPDL); 1507 break; 1508 1509 case Q_MOPRC: 1510 b1 = gen_linktype(ETHERTYPE_MOPRC); 1511 break; 1512 1513 case Q_STP: 1514 b1 = gen_linktype(LLCSAP_8021D); 1515 break; 1516 1517 #ifdef INET6 1518 case Q_IPV6: 1519 b1 = gen_linktype(ETHERTYPE_IPV6); 1520 break; 1521 1522 #ifndef IPPROTO_ICMPV6 1523 #define IPPROTO_ICMPV6 58 1524 #endif 1525 case Q_ICMPV6: 1526 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1527 break; 1528 #endif /* INET6 */ 1529 1530 #ifndef IPPROTO_AH 1531 #define IPPROTO_AH 51 1532 #endif 1533 case Q_AH: 1534 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1535 #ifdef INET6 1536 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1537 gen_or(b0, b1); 1538 #endif 1539 break; 1540 1541 #ifndef IPPROTO_ESP 1542 #define IPPROTO_ESP 50 1543 #endif 1544 case Q_ESP: 1545 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1546 #ifdef INET6 1547 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1548 gen_or(b0, b1); 1549 #endif 1550 break; 1551 1552 default: 1553 abort(); 1554 } 1555 return b1; 1556 } 1557 1558 static struct block * 1559 gen_ipfrag() 1560 { 1561 struct slist *s, *tmp; 1562 struct block *b; 1563 1564 /* not ip frag */ 1565 if (variable_nl) { 1566 s = nl2X_stmt(); 1567 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1568 tmp->s.k = 6; 1569 sappend(s, tmp); 1570 } else { 1571 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1572 s->s.k = off_nl + 6; 1573 } 1574 b = new_block(JMP(BPF_JSET)); 1575 b->s.k = 0x1fff; 1576 b->stmts = s; 1577 gen_not(b); 1578 1579 return b; 1580 } 1581 1582 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1583 This function generates code to set X to the start of the IP payload 1584 X = off_nl + IP header_len. 1585 */ 1586 static struct slist * 1587 iphl_to_x(void) 1588 { 1589 struct slist *s, *tmp; 1590 1591 /* XXX clobbers A if variable_nl*/ 1592 if (variable_nl) { 1593 if (iphl_reg == -1) { 1594 /* X <- off_nl */ 1595 s = nl2X_stmt(); 1596 1597 /* A = p[X+0] */ 1598 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1599 tmp->s.k = 0; 1600 sappend(s, tmp); 1601 1602 /* A = A & 0x0f */ 1603 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1604 tmp->s.k = 0x0f; 1605 sappend(s, tmp); 1606 1607 /* A = A << 2 */ 1608 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1609 tmp->s.k = 2; 1610 sappend(s, tmp); 1611 1612 /* A = A + X (add off_nl again to compansate) */ 1613 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1614 1615 /* MEM[iphl_reg] = A */ 1616 iphl_reg = alloc_reg(); 1617 tmp = new_stmt(BPF_ST); 1618 tmp->s.k = iphl_reg; 1619 sappend(s, tmp); 1620 1621 sappend(init_code, s); 1622 } 1623 s = new_stmt(BPF_LDX|BPF_MEM); 1624 s->s.k = iphl_reg; 1625 1626 } else { 1627 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1628 s->s.k = off_nl; 1629 } 1630 1631 return s; 1632 } 1633 1634 static struct block * 1635 gen_portatom(off, v) 1636 int off; 1637 bpf_int32 v; 1638 { 1639 struct slist *s, *tmp; 1640 struct block *b; 1641 1642 s = iphl_to_x(); 1643 1644 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1645 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1646 sappend(s, tmp); 1647 1648 b = new_block(JMP(BPF_JEQ)); 1649 b->stmts = s; 1650 b->s.k = v; 1651 1652 return b; 1653 } 1654 1655 #ifdef INET6 1656 static struct block * 1657 gen_portatom6(off, v) 1658 int off; 1659 bpf_int32 v; 1660 { 1661 return gen_cmp_nl(40 + off, BPF_H, v); 1662 } 1663 #endif/*INET6*/ 1664 1665 struct block * 1666 gen_portop(port, proto, dir) 1667 int port, proto, dir; 1668 { 1669 struct block *b0, *b1, *tmp; 1670 1671 /* ip proto 'proto' */ 1672 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1673 b0 = gen_ipfrag(); 1674 gen_and(tmp, b0); 1675 1676 switch (dir) { 1677 case Q_SRC: 1678 b1 = gen_portatom(0, (bpf_int32)port); 1679 break; 1680 1681 case Q_DST: 1682 b1 = gen_portatom(2, (bpf_int32)port); 1683 break; 1684 1685 case Q_OR: 1686 case Q_DEFAULT: 1687 tmp = gen_portatom(0, (bpf_int32)port); 1688 b1 = gen_portatom(2, (bpf_int32)port); 1689 gen_or(tmp, b1); 1690 break; 1691 1692 case Q_AND: 1693 tmp = gen_portatom(0, (bpf_int32)port); 1694 b1 = gen_portatom(2, (bpf_int32)port); 1695 gen_and(tmp, b1); 1696 break; 1697 1698 default: 1699 abort(); 1700 } 1701 gen_and(b0, b1); 1702 1703 return b1; 1704 } 1705 1706 static struct block * 1707 gen_port(port, ip_proto, dir) 1708 int port; 1709 int ip_proto; 1710 int dir; 1711 { 1712 struct block *b0, *b1, *tmp; 1713 1714 /* ether proto ip */ 1715 b0 = gen_linktype(ETHERTYPE_IP); 1716 1717 switch (ip_proto) { 1718 case IPPROTO_UDP: 1719 case IPPROTO_TCP: 1720 b1 = gen_portop(port, ip_proto, dir); 1721 break; 1722 1723 case PROTO_UNDEF: 1724 tmp = gen_portop(port, IPPROTO_TCP, dir); 1725 b1 = gen_portop(port, IPPROTO_UDP, dir); 1726 gen_or(tmp, b1); 1727 break; 1728 1729 default: 1730 abort(); 1731 } 1732 gen_and(b0, b1); 1733 return b1; 1734 } 1735 1736 #ifdef INET6 1737 struct block * 1738 gen_portop6(port, proto, dir) 1739 int port, proto, dir; 1740 { 1741 struct block *b0, *b1, *tmp; 1742 1743 /* ip proto 'proto' */ 1744 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1745 1746 switch (dir) { 1747 case Q_SRC: 1748 b1 = gen_portatom6(0, (bpf_int32)port); 1749 break; 1750 1751 case Q_DST: 1752 b1 = gen_portatom6(2, (bpf_int32)port); 1753 break; 1754 1755 case Q_OR: 1756 case Q_DEFAULT: 1757 tmp = gen_portatom6(0, (bpf_int32)port); 1758 b1 = gen_portatom6(2, (bpf_int32)port); 1759 gen_or(tmp, b1); 1760 break; 1761 1762 case Q_AND: 1763 tmp = gen_portatom6(0, (bpf_int32)port); 1764 b1 = gen_portatom6(2, (bpf_int32)port); 1765 gen_and(tmp, b1); 1766 break; 1767 1768 default: 1769 abort(); 1770 } 1771 gen_and(b0, b1); 1772 1773 return b1; 1774 } 1775 1776 static struct block * 1777 gen_port6(port, ip_proto, dir) 1778 int port; 1779 int ip_proto; 1780 int dir; 1781 { 1782 struct block *b0, *b1, *tmp; 1783 1784 /* ether proto ip */ 1785 b0 = gen_linktype(ETHERTYPE_IPV6); 1786 1787 switch (ip_proto) { 1788 case IPPROTO_UDP: 1789 case IPPROTO_TCP: 1790 b1 = gen_portop6(port, ip_proto, dir); 1791 break; 1792 1793 case PROTO_UNDEF: 1794 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1795 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1796 gen_or(tmp, b1); 1797 break; 1798 1799 default: 1800 abort(); 1801 } 1802 gen_and(b0, b1); 1803 return b1; 1804 } 1805 #endif /* INET6 */ 1806 1807 static int 1808 lookup_proto(name, proto) 1809 const char *name; 1810 int proto; 1811 { 1812 int v; 1813 1814 switch (proto) { 1815 1816 case Q_DEFAULT: 1817 case Q_IP: 1818 v = pcap_nametoproto(name); 1819 if (v == PROTO_UNDEF) 1820 bpf_error("unknown ip proto '%s'", name); 1821 break; 1822 1823 case Q_LINK: 1824 /* XXX should look up h/w protocol type based on linktype */ 1825 v = pcap_nametoeproto(name); 1826 if (v == PROTO_UNDEF) { 1827 v = pcap_nametollc(name); 1828 if (v == PROTO_UNDEF) 1829 bpf_error("unknown ether proto '%s'", name); 1830 } 1831 break; 1832 1833 default: 1834 v = PROTO_UNDEF; 1835 break; 1836 } 1837 return v; 1838 } 1839 1840 static struct block * 1841 gen_protochain(v, proto, dir) 1842 int v; 1843 int proto; 1844 int dir; 1845 { 1846 struct block *b0, *b; 1847 struct slist *s[100]; 1848 int fix2, fix3, fix4, fix5; 1849 int ahcheck, again, end; 1850 int i, max; 1851 int reg1 = alloc_reg(); 1852 int reg2 = alloc_reg(); 1853 1854 memset(s, 0, sizeof(s)); 1855 fix2 = fix3 = fix4 = fix5 = 0; 1856 1857 if (variable_nl) { 1858 bpf_error("'gen_protochain' not supported for variable DLTs"); 1859 /*NOTREACHED*/ 1860 } 1861 1862 switch (proto) { 1863 case Q_IP: 1864 case Q_IPV6: 1865 break; 1866 case Q_DEFAULT: 1867 b0 = gen_protochain(v, Q_IP, dir); 1868 b = gen_protochain(v, Q_IPV6, dir); 1869 gen_or(b0, b); 1870 return b; 1871 default: 1872 bpf_error("bad protocol applied for 'protochain'"); 1873 /*NOTREACHED*/ 1874 } 1875 1876 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1877 1878 /* 1879 * s[0] is a dummy entry to protect other BPF insn from damaged 1880 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1881 * hard to find interdependency made by jump table fixup. 1882 */ 1883 i = 0; 1884 s[i] = new_stmt(0); /*dummy*/ 1885 i++; 1886 1887 switch (proto) { 1888 case Q_IP: 1889 b0 = gen_linktype(ETHERTYPE_IP); 1890 1891 /* A = ip->ip_p */ 1892 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1893 s[i]->s.k = off_nl + 9; 1894 i++; 1895 /* X = ip->ip_hl << 2 */ 1896 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1897 s[i]->s.k = off_nl; 1898 i++; 1899 break; 1900 case Q_IPV6: 1901 b0 = gen_linktype(ETHERTYPE_IPV6); 1902 1903 /* A = ip6->ip_nxt */ 1904 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1905 s[i]->s.k = off_nl + 6; 1906 i++; 1907 /* X = sizeof(struct ip6_hdr) */ 1908 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1909 s[i]->s.k = 40; 1910 i++; 1911 break; 1912 default: 1913 bpf_error("unsupported proto to gen_protochain"); 1914 /*NOTREACHED*/ 1915 } 1916 1917 /* again: if (A == v) goto end; else fall through; */ 1918 again = i; 1919 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1920 s[i]->s.k = v; 1921 s[i]->s.jt = NULL; /*later*/ 1922 s[i]->s.jf = NULL; /*update in next stmt*/ 1923 fix5 = i; 1924 i++; 1925 1926 /* if (A == IPPROTO_NONE) goto end */ 1927 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1928 s[i]->s.jt = NULL; /*later*/ 1929 s[i]->s.jf = NULL; /*update in next stmt*/ 1930 s[i]->s.k = IPPROTO_NONE; 1931 s[fix5]->s.jf = s[i]; 1932 fix2 = i; 1933 i++; 1934 1935 if (proto == Q_IPV6) { 1936 int v6start, v6end, v6advance, j; 1937 1938 v6start = i; 1939 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1940 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1941 s[i]->s.jt = NULL; /*later*/ 1942 s[i]->s.jf = NULL; /*update in next stmt*/ 1943 s[i]->s.k = IPPROTO_HOPOPTS; 1944 s[fix2]->s.jf = s[i]; 1945 i++; 1946 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1947 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1948 s[i]->s.jt = NULL; /*later*/ 1949 s[i]->s.jf = NULL; /*update in next stmt*/ 1950 s[i]->s.k = IPPROTO_DSTOPTS; 1951 i++; 1952 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1953 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1954 s[i]->s.jt = NULL; /*later*/ 1955 s[i]->s.jf = NULL; /*update in next stmt*/ 1956 s[i]->s.k = IPPROTO_ROUTING; 1957 i++; 1958 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1959 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1960 s[i]->s.jt = NULL; /*later*/ 1961 s[i]->s.jf = NULL; /*later*/ 1962 s[i]->s.k = IPPROTO_FRAGMENT; 1963 fix3 = i; 1964 v6end = i; 1965 i++; 1966 1967 /* v6advance: */ 1968 v6advance = i; 1969 1970 /* 1971 * in short, 1972 * A = P[X + 1]; 1973 * X = X + (P[X] + 1) * 8; 1974 */ 1975 /* A = X */ 1976 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1977 i++; 1978 /* MEM[reg1] = A */ 1979 s[i] = new_stmt(BPF_ST); 1980 s[i]->s.k = reg1; 1981 i++; 1982 /* A += 1 */ 1983 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1984 s[i]->s.k = 1; 1985 i++; 1986 /* X = A */ 1987 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1988 i++; 1989 /* A = P[X + packet head]; */ 1990 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1991 s[i]->s.k = off_nl; 1992 i++; 1993 /* MEM[reg2] = A */ 1994 s[i] = new_stmt(BPF_ST); 1995 s[i]->s.k = reg2; 1996 i++; 1997 /* X = MEM[reg1] */ 1998 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1999 s[i]->s.k = reg1; 2000 i++; 2001 /* A = P[X + packet head] */ 2002 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2003 s[i]->s.k = off_nl; 2004 i++; 2005 /* A += 1 */ 2006 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2007 s[i]->s.k = 1; 2008 i++; 2009 /* A *= 8 */ 2010 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2011 s[i]->s.k = 8; 2012 i++; 2013 /* X = A; */ 2014 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2015 i++; 2016 /* A = MEM[reg2] */ 2017 s[i] = new_stmt(BPF_LD|BPF_MEM); 2018 s[i]->s.k = reg2; 2019 i++; 2020 2021 /* goto again; (must use BPF_JA for backward jump) */ 2022 s[i] = new_stmt(BPF_JMP|BPF_JA); 2023 s[i]->s.k = again - i - 1; 2024 s[i - 1]->s.jf = s[i]; 2025 i++; 2026 2027 /* fixup */ 2028 for (j = v6start; j <= v6end; j++) 2029 s[j]->s.jt = s[v6advance]; 2030 } else { 2031 /* nop */ 2032 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2033 s[i]->s.k = 0; 2034 s[fix2]->s.jf = s[i]; 2035 i++; 2036 } 2037 2038 /* ahcheck: */ 2039 ahcheck = i; 2040 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2041 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2042 s[i]->s.jt = NULL; /*later*/ 2043 s[i]->s.jf = NULL; /*later*/ 2044 s[i]->s.k = IPPROTO_AH; 2045 if (fix3) 2046 s[fix3]->s.jf = s[ahcheck]; 2047 fix4 = i; 2048 i++; 2049 2050 /* 2051 * in short, 2052 * A = P[X + 1]; 2053 * X = X + (P[X] + 2) * 4; 2054 */ 2055 /* A = X */ 2056 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2057 i++; 2058 /* MEM[reg1] = A */ 2059 s[i] = new_stmt(BPF_ST); 2060 s[i]->s.k = reg1; 2061 i++; 2062 /* A += 1 */ 2063 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2064 s[i]->s.k = 1; 2065 i++; 2066 /* X = A */ 2067 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2068 i++; 2069 /* A = P[X + packet head]; */ 2070 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2071 s[i]->s.k = off_nl; 2072 i++; 2073 /* MEM[reg2] = A */ 2074 s[i] = new_stmt(BPF_ST); 2075 s[i]->s.k = reg2; 2076 i++; 2077 /* X = MEM[reg1] */ 2078 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2079 s[i]->s.k = reg1; 2080 i++; 2081 /* A = P[X + packet head] */ 2082 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2083 s[i]->s.k = off_nl; 2084 i++; 2085 /* A += 2 */ 2086 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2087 s[i]->s.k = 2; 2088 i++; 2089 /* A *= 4 */ 2090 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2091 s[i]->s.k = 4; 2092 i++; 2093 /* X = A; */ 2094 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2095 i++; 2096 /* A = MEM[reg2] */ 2097 s[i] = new_stmt(BPF_LD|BPF_MEM); 2098 s[i]->s.k = reg2; 2099 i++; 2100 2101 /* goto again; (must use BPF_JA for backward jump) */ 2102 s[i] = new_stmt(BPF_JMP|BPF_JA); 2103 s[i]->s.k = again - i - 1; 2104 i++; 2105 2106 /* end: nop */ 2107 end = i; 2108 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2109 s[i]->s.k = 0; 2110 s[fix2]->s.jt = s[end]; 2111 s[fix4]->s.jf = s[end]; 2112 s[fix5]->s.jt = s[end]; 2113 i++; 2114 2115 /* 2116 * make slist chain 2117 */ 2118 max = i; 2119 for (i = 0; i < max - 1; i++) 2120 s[i]->next = s[i + 1]; 2121 s[max - 1]->next = NULL; 2122 2123 /* 2124 * emit final check 2125 */ 2126 b = new_block(JMP(BPF_JEQ)); 2127 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2128 b->s.k = v; 2129 2130 free_reg(reg1); 2131 free_reg(reg2); 2132 2133 gen_and(b0, b); 2134 return b; 2135 } 2136 2137 static struct block * 2138 gen_proto(v, proto, dir) 2139 int v; 2140 int proto; 2141 int dir; 2142 { 2143 struct block *b0, *b1; 2144 2145 if (dir != Q_DEFAULT) 2146 bpf_error("direction applied to 'proto'"); 2147 2148 switch (proto) { 2149 case Q_DEFAULT: 2150 #ifdef INET6 2151 b0 = gen_proto(v, Q_IP, dir); 2152 b1 = gen_proto(v, Q_IPV6, dir); 2153 gen_or(b0, b1); 2154 return b1; 2155 #else 2156 /*FALLTHROUGH*/ 2157 #endif 2158 case Q_IP: 2159 b0 = gen_linktype(ETHERTYPE_IP); 2160 #ifndef CHASE_CHAIN 2161 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2162 #else 2163 b1 = gen_protochain(v, Q_IP); 2164 #endif 2165 gen_and(b0, b1); 2166 return b1; 2167 2168 case Q_ARP: 2169 bpf_error("arp does not encapsulate another protocol"); 2170 /* NOTREACHED */ 2171 2172 case Q_RARP: 2173 bpf_error("rarp does not encapsulate another protocol"); 2174 /* NOTREACHED */ 2175 2176 case Q_ATALK: 2177 bpf_error("atalk encapsulation is not specifiable"); 2178 /* NOTREACHED */ 2179 2180 case Q_DECNET: 2181 bpf_error("decnet encapsulation is not specifiable"); 2182 /* NOTREACHED */ 2183 2184 case Q_SCA: 2185 bpf_error("sca does not encapsulate another protocol"); 2186 /* NOTREACHED */ 2187 2188 case Q_LAT: 2189 bpf_error("lat does not encapsulate another protocol"); 2190 /* NOTREACHED */ 2191 2192 case Q_MOPRC: 2193 bpf_error("moprc does not encapsulate another protocol"); 2194 /* NOTREACHED */ 2195 2196 case Q_MOPDL: 2197 bpf_error("mopdl does not encapsulate another protocol"); 2198 /* NOTREACHED */ 2199 2200 case Q_LINK: 2201 return gen_linktype(v); 2202 2203 case Q_UDP: 2204 bpf_error("'udp proto' is bogus"); 2205 /* NOTREACHED */ 2206 2207 case Q_TCP: 2208 bpf_error("'tcp proto' is bogus"); 2209 /* NOTREACHED */ 2210 2211 case Q_ICMP: 2212 bpf_error("'icmp proto' is bogus"); 2213 /* NOTREACHED */ 2214 2215 case Q_IGMP: 2216 bpf_error("'igmp proto' is bogus"); 2217 /* NOTREACHED */ 2218 2219 case Q_IGRP: 2220 bpf_error("'igrp proto' is bogus"); 2221 /* NOTREACHED */ 2222 2223 case Q_PIM: 2224 bpf_error("'pim proto' is bogus"); 2225 /* NOTREACHED */ 2226 2227 case Q_STP: 2228 bpf_error("'stp proto' is bogus"); 2229 /* NOTREACHED */ 2230 2231 #ifdef INET6 2232 case Q_IPV6: 2233 b0 = gen_linktype(ETHERTYPE_IPV6); 2234 #ifndef CHASE_CHAIN 2235 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2236 #else 2237 b1 = gen_protochain(v, Q_IPV6); 2238 #endif 2239 gen_and(b0, b1); 2240 return b1; 2241 2242 case Q_ICMPV6: 2243 bpf_error("'icmp6 proto' is bogus"); 2244 #endif /* INET6 */ 2245 2246 case Q_AH: 2247 bpf_error("'ah proto' is bogus"); 2248 2249 case Q_ESP: 2250 bpf_error("'esp proto' is bogus"); 2251 2252 default: 2253 abort(); 2254 /* NOTREACHED */ 2255 } 2256 /* NOTREACHED */ 2257 } 2258 2259 struct block * 2260 gen_scode(name, q) 2261 const char *name; 2262 struct qual q; 2263 { 2264 int proto = q.proto; 2265 int dir = q.dir; 2266 int tproto; 2267 u_char *eaddr; 2268 bpf_u_int32 mask, addr; 2269 #ifndef INET6 2270 bpf_u_int32 **alist; 2271 #else 2272 int tproto6; 2273 struct sockaddr_in *sin; 2274 struct sockaddr_in6 *sin6; 2275 struct addrinfo *res, *res0; 2276 struct in6_addr mask128; 2277 #endif /*INET6*/ 2278 struct block *b, *tmp; 2279 int port, real_proto; 2280 2281 switch (q.addr) { 2282 2283 case Q_NET: 2284 addr = pcap_nametonetaddr(name); 2285 if (addr == 0) 2286 bpf_error("unknown network '%s'", name); 2287 /* Left justify network addr and calculate its network mask */ 2288 mask = 0xffffffff; 2289 while (addr && (addr & 0xff000000) == 0) { 2290 addr <<= 8; 2291 mask <<= 8; 2292 } 2293 return gen_host(addr, mask, proto, dir); 2294 2295 case Q_DEFAULT: 2296 case Q_HOST: 2297 if (proto == Q_LINK) { 2298 switch (linktype) { 2299 2300 case DLT_EN10MB: 2301 eaddr = pcap_ether_hostton(name); 2302 if (eaddr == NULL) 2303 bpf_error( 2304 "unknown ether host '%s'", name); 2305 return gen_ehostop(eaddr, dir); 2306 2307 case DLT_FDDI: 2308 eaddr = pcap_ether_hostton(name); 2309 if (eaddr == NULL) 2310 bpf_error( 2311 "unknown FDDI host '%s'", name); 2312 return gen_fhostop(eaddr, dir); 2313 2314 case DLT_IEEE802_11: 2315 case DLT_IEEE802_11_RADIO: 2316 eaddr = pcap_ether_hostton(name); 2317 if (eaddr == NULL) 2318 bpf_error( 2319 "unknown 802.11 host '%s'", name); 2320 2321 return gen_p80211_hostop(eaddr, dir); 2322 2323 default: 2324 bpf_error( 2325 "only ethernet/FDDI supports link-level host name"); 2326 break; 2327 } 2328 } else if (proto == Q_DECNET) { 2329 unsigned short dn_addr = __pcap_nametodnaddr(name); 2330 /* 2331 * I don't think DECNET hosts can be multihomed, so 2332 * there is no need to build up a list of addresses 2333 */ 2334 return (gen_host(dn_addr, 0, proto, dir)); 2335 } else { 2336 #ifndef INET6 2337 alist = pcap_nametoaddr(name); 2338 if (alist == NULL || *alist == NULL) 2339 bpf_error("unknown host '%s'", name); 2340 tproto = proto; 2341 if (off_linktype == -1 && tproto == Q_DEFAULT) 2342 tproto = Q_IP; 2343 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2344 while (*alist) { 2345 tmp = gen_host(**alist++, 0xffffffff, 2346 tproto, dir); 2347 gen_or(b, tmp); 2348 b = tmp; 2349 } 2350 return b; 2351 #else 2352 memset(&mask128, 0xff, sizeof(mask128)); 2353 res0 = res = pcap_nametoaddrinfo(name); 2354 if (res == NULL) 2355 bpf_error("unknown host '%s'", name); 2356 b = tmp = NULL; 2357 tproto = tproto6 = proto; 2358 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2359 tproto = Q_IP; 2360 tproto6 = Q_IPV6; 2361 } 2362 for (res = res0; res; res = res->ai_next) { 2363 switch (res->ai_family) { 2364 case AF_INET: 2365 if (tproto == Q_IPV6) 2366 continue; 2367 2368 sin = (struct sockaddr_in *) 2369 res->ai_addr; 2370 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2371 0xffffffff, tproto, dir); 2372 break; 2373 case AF_INET6: 2374 if (tproto6 == Q_IP) 2375 continue; 2376 2377 sin6 = (struct sockaddr_in6 *) 2378 res->ai_addr; 2379 tmp = gen_host6(&sin6->sin6_addr, 2380 &mask128, tproto6, dir); 2381 break; 2382 } 2383 if (b) 2384 gen_or(b, tmp); 2385 b = tmp; 2386 } 2387 freeaddrinfo(res0); 2388 if (b == NULL) { 2389 bpf_error("unknown host '%s'%s", name, 2390 (proto == Q_DEFAULT) 2391 ? "" 2392 : " for specified address family"); 2393 } 2394 return b; 2395 #endif /*INET6*/ 2396 } 2397 2398 case Q_PORT: 2399 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2400 bpf_error("illegal qualifier of 'port'"); 2401 if (pcap_nametoport(name, &port, &real_proto) == 0) 2402 bpf_error("unknown port '%s'", name); 2403 if (proto == Q_UDP) { 2404 if (real_proto == IPPROTO_TCP) 2405 bpf_error("port '%s' is tcp", name); 2406 else 2407 /* override PROTO_UNDEF */ 2408 real_proto = IPPROTO_UDP; 2409 } 2410 if (proto == Q_TCP) { 2411 if (real_proto == IPPROTO_UDP) 2412 bpf_error("port '%s' is udp", name); 2413 else 2414 /* override PROTO_UNDEF */ 2415 real_proto = IPPROTO_TCP; 2416 } 2417 #ifndef INET6 2418 return gen_port(port, real_proto, dir); 2419 #else 2420 { 2421 struct block *b; 2422 b = gen_port(port, real_proto, dir); 2423 gen_or(gen_port6(port, real_proto, dir), b); 2424 return b; 2425 } 2426 #endif /* INET6 */ 2427 2428 case Q_GATEWAY: 2429 #ifndef INET6 2430 eaddr = pcap_ether_hostton(name); 2431 if (eaddr == NULL) 2432 bpf_error("unknown ether host: %s", name); 2433 2434 alist = pcap_nametoaddr(name); 2435 if (alist == NULL || *alist == NULL) 2436 bpf_error("unknown host '%s'", name); 2437 return gen_gateway(eaddr, alist, proto, dir); 2438 #else 2439 bpf_error("'gateway' not supported in this configuration"); 2440 #endif /*INET6*/ 2441 2442 case Q_PROTO: 2443 real_proto = lookup_proto(name, proto); 2444 if (real_proto >= 0) 2445 return gen_proto(real_proto, proto, dir); 2446 else 2447 bpf_error("unknown protocol: %s", name); 2448 2449 case Q_PROTOCHAIN: 2450 real_proto = lookup_proto(name, proto); 2451 if (real_proto >= 0) 2452 return gen_protochain(real_proto, proto, dir); 2453 else 2454 bpf_error("unknown protocol: %s", name); 2455 2456 2457 case Q_UNDEF: 2458 syntax(); 2459 /* NOTREACHED */ 2460 } 2461 abort(); 2462 /* NOTREACHED */ 2463 } 2464 2465 struct block * 2466 gen_mcode(s1, s2, masklen, q) 2467 const char *s1, *s2; 2468 int masklen; 2469 struct qual q; 2470 { 2471 int nlen, mlen; 2472 bpf_u_int32 n, m; 2473 2474 nlen = __pcap_atoin(s1, &n); 2475 /* Promote short ipaddr */ 2476 n <<= 32 - nlen; 2477 2478 if (s2 != NULL) { 2479 mlen = __pcap_atoin(s2, &m); 2480 /* Promote short ipaddr */ 2481 m <<= 32 - mlen; 2482 if ((n & ~m) != 0) 2483 bpf_error("non-network bits set in \"%s mask %s\"", 2484 s1, s2); 2485 } else { 2486 /* Convert mask len to mask */ 2487 if (masklen > 32) 2488 bpf_error("mask length must be <= 32"); 2489 m = 0xffffffff << (32 - masklen); 2490 if ((n & ~m) != 0) 2491 bpf_error("non-network bits set in \"%s/%d\"", 2492 s1, masklen); 2493 } 2494 2495 switch (q.addr) { 2496 2497 case Q_NET: 2498 return gen_host(n, m, q.proto, q.dir); 2499 2500 default: 2501 bpf_error("Mask syntax for networks only"); 2502 /* NOTREACHED */ 2503 } 2504 } 2505 2506 struct block * 2507 gen_ncode(s, v, q) 2508 const char *s; 2509 bpf_u_int32 v; 2510 struct qual q; 2511 { 2512 bpf_u_int32 mask; 2513 int proto = q.proto; 2514 int dir = q.dir; 2515 int vlen; 2516 2517 if (s == NULL) 2518 vlen = 32; 2519 else if (q.proto == Q_DECNET) 2520 vlen = __pcap_atodn(s, &v); 2521 else 2522 vlen = __pcap_atoin(s, &v); 2523 2524 switch (q.addr) { 2525 2526 case Q_DEFAULT: 2527 case Q_HOST: 2528 case Q_NET: 2529 if (proto == Q_DECNET) 2530 return gen_host(v, 0, proto, dir); 2531 else if (proto == Q_LINK) { 2532 bpf_error("illegal link layer address"); 2533 } else { 2534 mask = 0xffffffff; 2535 if (s == NULL && q.addr == Q_NET) { 2536 /* Promote short net number */ 2537 while (v && (v & 0xff000000) == 0) { 2538 v <<= 8; 2539 mask <<= 8; 2540 } 2541 } else { 2542 /* Promote short ipaddr */ 2543 v <<= 32 - vlen; 2544 mask <<= 32 - vlen; 2545 } 2546 return gen_host(v, mask, proto, dir); 2547 } 2548 2549 case Q_PORT: 2550 if (proto == Q_UDP) 2551 proto = IPPROTO_UDP; 2552 else if (proto == Q_TCP) 2553 proto = IPPROTO_TCP; 2554 else if (proto == Q_DEFAULT) 2555 proto = PROTO_UNDEF; 2556 else 2557 bpf_error("illegal qualifier of 'port'"); 2558 2559 #ifndef INET6 2560 return gen_port((int)v, proto, dir); 2561 #else 2562 { 2563 struct block *b; 2564 b = gen_port((int)v, proto, dir); 2565 gen_or(gen_port6((int)v, proto, dir), b); 2566 return b; 2567 } 2568 #endif /* INET6 */ 2569 2570 case Q_GATEWAY: 2571 bpf_error("'gateway' requires a name"); 2572 /* NOTREACHED */ 2573 2574 case Q_PROTO: 2575 return gen_proto((int)v, proto, dir); 2576 2577 case Q_PROTOCHAIN: 2578 return gen_protochain((int)v, proto, dir); 2579 2580 case Q_UNDEF: 2581 syntax(); 2582 /* NOTREACHED */ 2583 2584 default: 2585 abort(); 2586 /* NOTREACHED */ 2587 } 2588 /* NOTREACHED */ 2589 } 2590 2591 #ifdef INET6 2592 struct block * 2593 gen_mcode6(s1, s2, masklen, q) 2594 const char *s1, *s2; 2595 int masklen; 2596 struct qual q; 2597 { 2598 struct addrinfo *res; 2599 struct in6_addr *addr; 2600 struct in6_addr mask; 2601 struct block *b; 2602 u_int32_t *a, *m; 2603 2604 if (s2) 2605 bpf_error("no mask %s supported", s2); 2606 2607 res = pcap_nametoaddrinfo(s1); 2608 if (!res) 2609 bpf_error("invalid ip6 address %s", s1); 2610 if (res->ai_next) 2611 bpf_error("%s resolved to multiple address", s1); 2612 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2613 2614 if (sizeof(mask) * 8 < masklen) 2615 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2616 memset(&mask, 0, sizeof(mask)); 2617 memset(&mask, 0xff, masklen / 8); 2618 if (masklen % 8) { 2619 mask.s6_addr[masklen / 8] = 2620 (0xff << (8 - masklen % 8)) & 0xff; 2621 } 2622 2623 a = (u_int32_t *)addr; 2624 m = (u_int32_t *)&mask; 2625 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2626 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2627 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2628 } 2629 2630 switch (q.addr) { 2631 2632 case Q_DEFAULT: 2633 case Q_HOST: 2634 if (masklen != 128) 2635 bpf_error("Mask syntax for networks only"); 2636 /* FALLTHROUGH */ 2637 2638 case Q_NET: 2639 b = gen_host6(addr, &mask, q.proto, q.dir); 2640 freeaddrinfo(res); 2641 return b; 2642 2643 default: 2644 bpf_error("invalid qualifier against IPv6 address"); 2645 /* NOTREACHED */ 2646 } 2647 } 2648 #endif /*INET6*/ 2649 2650 struct block * 2651 gen_ecode(eaddr, q) 2652 const u_char *eaddr; 2653 struct qual q; 2654 { 2655 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2656 if (linktype == DLT_EN10MB) 2657 return gen_ehostop(eaddr, (int)q.dir); 2658 if (linktype == DLT_FDDI) 2659 return gen_fhostop(eaddr, (int)q.dir); 2660 if (linktype == DLT_IEEE802_11 || 2661 linktype == DLT_IEEE802_11_RADIO) 2662 return gen_p80211_hostop(eaddr, (int)q.dir); 2663 } 2664 bpf_error("ethernet address used in non-ether expression"); 2665 /* NOTREACHED */ 2666 } 2667 2668 void 2669 sappend(s0, s1) 2670 struct slist *s0, *s1; 2671 { 2672 /* 2673 * This is definitely not the best way to do this, but the 2674 * lists will rarely get long. 2675 */ 2676 while (s0->next) 2677 s0 = s0->next; 2678 s0->next = s1; 2679 } 2680 2681 static struct slist * 2682 xfer_to_x(a) 2683 struct arth *a; 2684 { 2685 struct slist *s; 2686 2687 s = new_stmt(BPF_LDX|BPF_MEM); 2688 s->s.k = a->regno; 2689 return s; 2690 } 2691 2692 static struct slist * 2693 xfer_to_a(a) 2694 struct arth *a; 2695 { 2696 struct slist *s; 2697 2698 s = new_stmt(BPF_LD|BPF_MEM); 2699 s->s.k = a->regno; 2700 return s; 2701 } 2702 2703 struct arth * 2704 gen_load(proto, index, size) 2705 int proto; 2706 struct arth *index; 2707 int size; 2708 { 2709 struct slist *s, *tmp; 2710 struct block *b; 2711 int regno = alloc_reg(); 2712 2713 free_reg(index->regno); 2714 switch (size) { 2715 2716 default: 2717 bpf_error("data size must be 1, 2, or 4"); 2718 2719 case 1: 2720 size = BPF_B; 2721 break; 2722 2723 case 2: 2724 size = BPF_H; 2725 break; 2726 2727 case 4: 2728 size = BPF_W; 2729 break; 2730 } 2731 switch (proto) { 2732 default: 2733 bpf_error("unsupported index operation"); 2734 2735 case Q_LINK: 2736 s = xfer_to_x(index); 2737 tmp = new_stmt(BPF_LD|BPF_IND|size); 2738 sappend(s, tmp); 2739 sappend(index->s, s); 2740 break; 2741 2742 case Q_IP: 2743 case Q_ARP: 2744 case Q_RARP: 2745 case Q_ATALK: 2746 case Q_DECNET: 2747 case Q_SCA: 2748 case Q_LAT: 2749 case Q_MOPRC: 2750 case Q_MOPDL: 2751 #ifdef INET6 2752 case Q_IPV6: 2753 #endif 2754 /* XXX Note that we assume a fixed link header here. */ 2755 if (variable_nl) { 2756 s = nl2X_stmt(); 2757 sappend(s, xfer_to_a(index)); 2758 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2759 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2760 } else { 2761 s = xfer_to_x(index); 2762 } 2763 tmp = new_stmt(BPF_LD|BPF_IND|size); 2764 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2765 sappend(s, tmp); 2766 sappend(index->s, s); 2767 2768 b = gen_proto_abbrev(proto); 2769 if (index->b) 2770 gen_and(index->b, b); 2771 index->b = b; 2772 break; 2773 2774 case Q_TCP: 2775 case Q_UDP: 2776 case Q_ICMP: 2777 case Q_IGMP: 2778 case Q_IGRP: 2779 case Q_PIM: 2780 s = iphl_to_x(); 2781 sappend(s, xfer_to_a(index)); 2782 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2783 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2784 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2785 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2786 sappend(index->s, s); 2787 2788 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2789 if (index->b) 2790 gen_and(index->b, b); 2791 #ifdef INET6 2792 gen_and(gen_proto_abbrev(Q_IP), b); 2793 #endif 2794 index->b = b; 2795 break; 2796 #ifdef INET6 2797 case Q_ICMPV6: 2798 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2799 /*NOTREACHED*/ 2800 #endif 2801 } 2802 index->regno = regno; 2803 s = new_stmt(BPF_ST); 2804 s->s.k = regno; 2805 sappend(index->s, s); 2806 2807 return index; 2808 } 2809 2810 struct block * 2811 gen_relation(code, a0, a1, reversed) 2812 int code; 2813 struct arth *a0, *a1; 2814 int reversed; 2815 { 2816 struct slist *s0, *s1, *s2; 2817 struct block *b, *tmp; 2818 2819 s0 = xfer_to_x(a1); 2820 s1 = xfer_to_a(a0); 2821 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2822 b = new_block(JMP(code)); 2823 if (code == BPF_JGT || code == BPF_JGE) { 2824 reversed = !reversed; 2825 b->s.k = 0x80000000; 2826 } 2827 if (reversed) 2828 gen_not(b); 2829 2830 sappend(s1, s2); 2831 sappend(s0, s1); 2832 sappend(a1->s, s0); 2833 sappend(a0->s, a1->s); 2834 2835 b->stmts = a0->s; 2836 2837 free_reg(a0->regno); 2838 free_reg(a1->regno); 2839 2840 /* 'and' together protocol checks */ 2841 if (a0->b) { 2842 if (a1->b) { 2843 gen_and(a0->b, tmp = a1->b); 2844 } 2845 else 2846 tmp = a0->b; 2847 } else 2848 tmp = a1->b; 2849 2850 if (tmp) 2851 gen_and(tmp, b); 2852 2853 return b; 2854 } 2855 2856 struct arth * 2857 gen_loadlen() 2858 { 2859 int regno = alloc_reg(); 2860 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2861 struct slist *s; 2862 2863 s = new_stmt(BPF_LD|BPF_LEN); 2864 s->next = new_stmt(BPF_ST); 2865 s->next->s.k = regno; 2866 a->s = s; 2867 a->regno = regno; 2868 2869 return a; 2870 } 2871 2872 struct arth * 2873 gen_loadrnd() 2874 { 2875 int regno = alloc_reg(); 2876 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2877 struct slist *s; 2878 2879 s = new_stmt(BPF_LD|BPF_RND); 2880 s->next = new_stmt(BPF_ST); 2881 s->next->s.k = regno; 2882 a->s = s; 2883 a->regno = regno; 2884 2885 return a; 2886 } 2887 2888 struct arth * 2889 gen_loadi(val) 2890 int val; 2891 { 2892 struct arth *a; 2893 struct slist *s; 2894 int reg; 2895 2896 a = (struct arth *)newchunk(sizeof(*a)); 2897 2898 reg = alloc_reg(); 2899 2900 s = new_stmt(BPF_LD|BPF_IMM); 2901 s->s.k = val; 2902 s->next = new_stmt(BPF_ST); 2903 s->next->s.k = reg; 2904 a->s = s; 2905 a->regno = reg; 2906 2907 return a; 2908 } 2909 2910 struct arth * 2911 gen_neg(a) 2912 struct arth *a; 2913 { 2914 struct slist *s; 2915 2916 s = xfer_to_a(a); 2917 sappend(a->s, s); 2918 s = new_stmt(BPF_ALU|BPF_NEG); 2919 s->s.k = 0; 2920 sappend(a->s, s); 2921 s = new_stmt(BPF_ST); 2922 s->s.k = a->regno; 2923 sappend(a->s, s); 2924 2925 return a; 2926 } 2927 2928 struct arth * 2929 gen_arth(code, a0, a1) 2930 int code; 2931 struct arth *a0, *a1; 2932 { 2933 struct slist *s0, *s1, *s2; 2934 2935 s0 = xfer_to_x(a1); 2936 s1 = xfer_to_a(a0); 2937 s2 = new_stmt(BPF_ALU|BPF_X|code); 2938 2939 sappend(s1, s2); 2940 sappend(s0, s1); 2941 sappend(a1->s, s0); 2942 sappend(a0->s, a1->s); 2943 2944 free_reg(a1->regno); 2945 2946 s0 = new_stmt(BPF_ST); 2947 a0->regno = s0->s.k = alloc_reg(); 2948 sappend(a0->s, s0); 2949 2950 return a0; 2951 } 2952 2953 /* 2954 * Here we handle simple allocation of the scratch registers. 2955 * If too many registers are alloc'd, the allocator punts. 2956 */ 2957 static int regused[BPF_MEMWORDS]; 2958 static int curreg; 2959 2960 /* 2961 * Return the next free register. 2962 */ 2963 static int 2964 alloc_reg() 2965 { 2966 int n = BPF_MEMWORDS; 2967 2968 while (--n >= 0) { 2969 if (regused[curreg]) 2970 curreg = (curreg + 1) % BPF_MEMWORDS; 2971 else { 2972 regused[curreg] = 1; 2973 return curreg; 2974 } 2975 } 2976 bpf_error("too many registers needed to evaluate expression"); 2977 /* NOTREACHED */ 2978 } 2979 2980 /* 2981 * Return a register to the table so it can 2982 * be used later. 2983 */ 2984 static void 2985 free_reg(n) 2986 int n; 2987 { 2988 regused[n] = 0; 2989 } 2990 2991 static struct block * 2992 gen_len(jmp, n) 2993 int jmp, n; 2994 { 2995 struct slist *s; 2996 struct block *b; 2997 2998 s = new_stmt(BPF_LD|BPF_LEN); 2999 b = new_block(JMP(jmp)); 3000 b->stmts = s; 3001 b->s.k = n; 3002 3003 return b; 3004 } 3005 3006 struct block * 3007 gen_greater(n) 3008 int n; 3009 { 3010 return gen_len(BPF_JGE, n); 3011 } 3012 3013 struct block * 3014 gen_less(n) 3015 int n; 3016 { 3017 struct block *b; 3018 3019 b = gen_len(BPF_JGT, n); 3020 gen_not(b); 3021 3022 return b; 3023 } 3024 3025 struct block * 3026 gen_byteop(op, idx, val) 3027 int op, idx, val; 3028 { 3029 struct block *b; 3030 struct slist *s; 3031 3032 switch (op) { 3033 default: 3034 abort(); 3035 3036 case '=': 3037 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3038 3039 case '<': 3040 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3041 b->s.code = JMP(BPF_JGE); 3042 gen_not(b); 3043 return b; 3044 3045 case '>': 3046 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3047 b->s.code = JMP(BPF_JGT); 3048 return b; 3049 3050 case '|': 3051 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3052 break; 3053 3054 case '&': 3055 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3056 break; 3057 } 3058 s->s.k = val; 3059 b = new_block(JMP(BPF_JEQ)); 3060 b->stmts = s; 3061 gen_not(b); 3062 3063 return b; 3064 } 3065 3066 struct block * 3067 gen_broadcast(proto) 3068 int proto; 3069 { 3070 bpf_u_int32 hostmask; 3071 struct block *b0, *b1, *b2; 3072 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3073 3074 switch (proto) { 3075 3076 case Q_DEFAULT: 3077 case Q_LINK: 3078 if (linktype == DLT_EN10MB) 3079 return gen_ehostop(ebroadcast, Q_DST); 3080 if (linktype == DLT_FDDI) 3081 return gen_fhostop(ebroadcast, Q_DST); 3082 if (linktype == DLT_IEEE802_11 || 3083 linktype == DLT_IEEE802_11_RADIO) 3084 return gen_p80211_hostop(ebroadcast, Q_DST); 3085 bpf_error("not a broadcast link"); 3086 break; 3087 3088 case Q_IP: 3089 b0 = gen_linktype(ETHERTYPE_IP); 3090 hostmask = ~netmask; 3091 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3092 b2 = gen_mcmp_nl(16, BPF_W, 3093 (bpf_int32)(~0 & hostmask), hostmask); 3094 gen_or(b1, b2); 3095 gen_and(b0, b2); 3096 return b2; 3097 } 3098 bpf_error("only ether/ip broadcast filters supported"); 3099 } 3100 3101 struct block * 3102 gen_multicast(proto) 3103 int proto; 3104 { 3105 struct block *b0, *b1; 3106 struct slist *s; 3107 3108 switch (proto) { 3109 3110 case Q_DEFAULT: 3111 case Q_LINK: 3112 if (linktype == DLT_EN10MB) { 3113 /* ether[0] & 1 != 0 */ 3114 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3115 s->s.k = 0; 3116 b0 = new_block(JMP(BPF_JSET)); 3117 b0->s.k = 1; 3118 b0->stmts = s; 3119 return b0; 3120 } 3121 3122 if (linktype == DLT_FDDI) { 3123 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3124 /* fddi[1] & 1 != 0 */ 3125 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3126 s->s.k = 1; 3127 b0 = new_block(JMP(BPF_JSET)); 3128 b0->s.k = 1; 3129 b0->stmts = s; 3130 return b0; 3131 } 3132 /* Link not known to support multicasts */ 3133 break; 3134 3135 case Q_IP: 3136 b0 = gen_linktype(ETHERTYPE_IP); 3137 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3138 b1->s.code = JMP(BPF_JGE); 3139 gen_and(b0, b1); 3140 return b1; 3141 3142 #ifdef INET6 3143 case Q_IPV6: 3144 b0 = gen_linktype(ETHERTYPE_IPV6); 3145 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3146 gen_and(b0, b1); 3147 return b1; 3148 #endif /* INET6 */ 3149 } 3150 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3151 } 3152 3153 /* 3154 * generate command for inbound/outbound. It's here so we can 3155 * make it link-type specific. 'dir' = 0 implies "inbound", 3156 * = 1 implies "outbound". 3157 */ 3158 struct block * 3159 gen_inbound(dir) 3160 int dir; 3161 { 3162 struct block *b0; 3163 3164 /* 3165 * Only SLIP and old-style PPP data link types support 3166 * inbound/outbound qualifiers. 3167 */ 3168 switch (linktype) { 3169 case DLT_SLIP: 3170 case DLT_PPP: 3171 b0 = gen_relation(BPF_JEQ, 3172 gen_load(Q_LINK, gen_loadi(0), 1), 3173 gen_loadi(0), 3174 dir); 3175 break; 3176 3177 case DLT_PFLOG: 3178 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3179 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3180 break; 3181 3182 default: 3183 bpf_error("inbound/outbound not supported on linktype 0x%x", 3184 linktype); 3185 /* NOTREACHED */ 3186 } 3187 3188 return (b0); 3189 } 3190 3191 3192 /* PF firewall log matched interface */ 3193 struct block * 3194 gen_pf_ifname(char *ifname) 3195 { 3196 struct block *b0; 3197 u_int len, off; 3198 3199 if (linktype == DLT_PFLOG) { 3200 len = sizeof(((struct pfloghdr *)0)->ifname); 3201 off = offsetof(struct pfloghdr, ifname); 3202 } else { 3203 bpf_error("ifname not supported on linktype 0x%x", linktype); 3204 /* NOTREACHED */ 3205 } 3206 if (strlen(ifname) >= len) { 3207 bpf_error("ifname interface names can only be %d characters", 3208 len - 1); 3209 /* NOTREACHED */ 3210 } 3211 b0 = gen_bcmp(off, strlen(ifname), ifname); 3212 return (b0); 3213 } 3214 3215 3216 /* PF firewall log ruleset name */ 3217 struct block * 3218 gen_pf_ruleset(char *ruleset) 3219 { 3220 struct block *b0; 3221 3222 if (linktype != DLT_PFLOG) { 3223 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3224 /* NOTREACHED */ 3225 } 3226 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3227 bpf_error("ruleset names can only be %zu characters", 3228 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3229 /* NOTREACHED */ 3230 } 3231 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3232 strlen(ruleset), ruleset); 3233 return (b0); 3234 } 3235 3236 3237 /* PF firewall log rule number */ 3238 struct block * 3239 gen_pf_rnr(int rnr) 3240 { 3241 struct block *b0; 3242 3243 if (linktype == DLT_PFLOG) { 3244 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3245 (bpf_int32)rnr); 3246 } else { 3247 bpf_error("rnr not supported on linktype 0x%x", linktype); 3248 /* NOTREACHED */ 3249 } 3250 3251 return (b0); 3252 } 3253 3254 3255 /* PF firewall log sub-rule number */ 3256 struct block * 3257 gen_pf_srnr(int srnr) 3258 { 3259 struct block *b0; 3260 3261 if (linktype != DLT_PFLOG) { 3262 bpf_error("srnr not supported on linktype 0x%x", linktype); 3263 /* NOTREACHED */ 3264 } 3265 3266 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3267 (bpf_int32)srnr); 3268 return (b0); 3269 } 3270 3271 /* PF firewall log reason code */ 3272 struct block * 3273 gen_pf_reason(int reason) 3274 { 3275 struct block *b0; 3276 3277 if (linktype == DLT_PFLOG) { 3278 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3279 (bpf_int32)reason); 3280 } else { 3281 bpf_error("reason not supported on linktype 0x%x", linktype); 3282 /* NOTREACHED */ 3283 } 3284 3285 return (b0); 3286 } 3287 3288 /* PF firewall log action */ 3289 struct block * 3290 gen_pf_action(int action) 3291 { 3292 struct block *b0; 3293 3294 if (linktype == DLT_PFLOG) { 3295 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3296 (bpf_int32)action); 3297 } else { 3298 bpf_error("action not supported on linktype 0x%x", linktype); 3299 /* NOTREACHED */ 3300 } 3301 3302 return (b0); 3303 } 3304 3305 /* IEEE 802.11 wireless header */ 3306 struct block * 3307 gen_p80211_type(int type, int mask) 3308 { 3309 struct block *b0; 3310 u_int offset; 3311 3312 if (!(linktype == DLT_IEEE802_11 || 3313 linktype == DLT_IEEE802_11_RADIO)) { 3314 bpf_error("type not supported on linktype 0x%x", 3315 linktype); 3316 /* NOTREACHED */ 3317 } 3318 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3319 if (linktype == DLT_IEEE802_11_RADIO) 3320 offset += IEEE80211_RADIOTAP_HDRLEN; 3321 3322 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3323 3324 return (b0); 3325 } 3326 3327 static struct block * 3328 gen_ahostop(eaddr, dir) 3329 const u_char *eaddr; 3330 int dir; 3331 { 3332 struct block *b0, *b1; 3333 3334 switch (dir) { 3335 /* src comes first, different from Ethernet */ 3336 case Q_SRC: 3337 return gen_bcmp(0, 1, eaddr); 3338 3339 case Q_DST: 3340 return gen_bcmp(1, 1, eaddr); 3341 3342 case Q_AND: 3343 b0 = gen_ahostop(eaddr, Q_SRC); 3344 b1 = gen_ahostop(eaddr, Q_DST); 3345 gen_and(b0, b1); 3346 return b1; 3347 3348 case Q_DEFAULT: 3349 case Q_OR: 3350 b0 = gen_ahostop(eaddr, Q_SRC); 3351 b1 = gen_ahostop(eaddr, Q_DST); 3352 gen_or(b0, b1); 3353 return b1; 3354 } 3355 abort(); 3356 /* NOTREACHED */ 3357 } 3358 3359 struct block * 3360 gen_acode(eaddr, q) 3361 const u_char *eaddr; 3362 struct qual q; 3363 { 3364 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3365 if (linktype == DLT_ARCNET) 3366 return gen_ahostop(eaddr, (int)q.dir); 3367 } 3368 bpf_error("ARCnet address used in non-arc expression"); 3369 /* NOTREACHED */ 3370 } 3371 3372 struct block * 3373 gen_mpls(label) 3374 int label; 3375 { 3376 struct block *b0; 3377 3378 if (label > MPLS_LABEL_MAX) 3379 bpf_error("invalid MPLS label : %d", label); 3380 3381 if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */ 3382 b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1); 3383 else 3384 b0 = gen_linktype(ETHERTYPE_MPLS); 3385 3386 if (label >= 0) { 3387 struct block *b1; 3388 3389 b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12), 3390 MPLS_LABEL_MASK); 3391 gen_and(b0, b1); 3392 b0 = b1; 3393 } 3394 off_nl += 4; 3395 off_linktype += 4; 3396 mpls_stack++; 3397 return (b0); 3398 } 3399 3400 /* 3401 * support IEEE 802.1Q VLAN trunk over ethernet 3402 */ 3403 struct block * 3404 gen_vlan(vlan_num) 3405 int vlan_num; 3406 { 3407 struct block *b0; 3408 3409 if (variable_nl) { 3410 bpf_error("'vlan' not supported for variable DLTs"); 3411 /*NOTREACHED*/ 3412 } 3413 3414 if (vlan_num > 4095) { 3415 bpf_error("invalid VLAN number : %d", vlan_num); 3416 /*NOTREACHED*/ 3417 } 3418 3419 /* 3420 * Change the offsets to point to the type and data fields within 3421 * the VLAN packet. This is somewhat of a kludge. 3422 */ 3423 if (orig_nl == (u_int)-1) { 3424 orig_linktype = off_linktype; /* save original values */ 3425 orig_nl = off_nl; 3426 orig_nl_nosnap = off_nl_nosnap; 3427 3428 switch (linktype) { 3429 3430 case DLT_EN10MB: 3431 off_linktype = 16; 3432 off_nl_nosnap = 18; 3433 off_nl = 18; 3434 break; 3435 3436 default: 3437 bpf_error("no VLAN support for data link type %d", 3438 linktype); 3439 /*NOTREACHED*/ 3440 } 3441 } 3442 3443 /* check for VLAN */ 3444 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3445 3446 /* If a specific VLAN is requested, check VLAN id */ 3447 if (vlan_num >= 0) { 3448 struct block *b1; 3449 3450 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF); 3451 gen_and(b0, b1); 3452 b0 = b1; 3453 } 3454 3455 return (b0); 3456 } 3457 3458 struct block * 3459 gen_sample(int rate) 3460 { 3461 struct block *b0; 3462 long long threshold = 0x100000000LL; /* 0xffffffff + 1 */ 3463 3464 if (rate < 2) { 3465 bpf_error("sample %d is too low", rate); 3466 /*NOTREACHED*/ 3467 } 3468 if (rate > (1 << 20)) { 3469 bpf_error("sample %d is too high", rate); 3470 /*NOTREACHED*/ 3471 } 3472 3473 threshold /= rate; 3474 b0 = gen_relation(BPF_JGT, gen_loadrnd(), gen_loadi(threshold), 1); 3475 3476 return (b0); 3477 } 3478 3479 struct block * 3480 gen_p80211_fcdir(int fcdir) 3481 { 3482 struct block *b0; 3483 u_int offset; 3484 3485 if (!(linktype == DLT_IEEE802_11 || 3486 linktype == DLT_IEEE802_11_RADIO)) { 3487 bpf_error("frame direction not supported on linktype 0x%x", 3488 linktype); 3489 /* NOTREACHED */ 3490 } 3491 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3492 if (linktype == DLT_IEEE802_11_RADIO) 3493 offset += IEEE80211_RADIOTAP_HDRLEN; 3494 3495 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3496 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3497 3498 return (b0); 3499 } 3500 3501 static struct block * 3502 gen_p80211_hostop(const u_char *lladdr, int dir) 3503 { 3504 struct block *b0, *b1, *b2, *b3, *b4; 3505 u_int offset = 0; 3506 3507 if (linktype == DLT_IEEE802_11_RADIO) 3508 offset = IEEE80211_RADIOTAP_HDRLEN; 3509 3510 switch (dir) { 3511 case Q_SRC: 3512 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3513 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3514 lladdr); 3515 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3516 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3517 lladdr); 3518 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3519 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3520 lladdr); 3521 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3522 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3523 lladdr); 3524 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3525 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3526 lladdr); 3527 3528 gen_or(b0, b1); 3529 gen_or(b1, b2); 3530 gen_or(b2, b3); 3531 gen_or(b3, b4); 3532 return (b4); 3533 3534 case Q_DST: 3535 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3536 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3537 lladdr); 3538 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3539 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3540 lladdr); 3541 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3542 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3543 lladdr); 3544 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3545 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3546 lladdr); 3547 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3548 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3549 lladdr); 3550 3551 gen_or(b0, b1); 3552 gen_or(b1, b2); 3553 gen_or(b2, b3); 3554 gen_or(b3, b4); 3555 return (b4); 3556 3557 case Q_ADDR1: 3558 return (gen_bcmp(offset + 3559 (u_int)offsetof(struct ieee80211_frame, 3560 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3561 3562 case Q_ADDR2: 3563 return (gen_bcmp(offset + 3564 (u_int)offsetof(struct ieee80211_frame, 3565 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3566 3567 case Q_ADDR3: 3568 return (gen_bcmp(offset + 3569 (u_int)offsetof(struct ieee80211_frame, 3570 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3571 3572 case Q_ADDR4: 3573 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3574 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3575 lladdr)); 3576 3577 case Q_AND: 3578 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3579 b1 = gen_p80211_hostop(lladdr, Q_DST); 3580 gen_and(b0, b1); 3581 return (b1); 3582 3583 case Q_DEFAULT: 3584 case Q_OR: 3585 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3586 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3587 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3588 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3589 gen_or(b0, b1); 3590 gen_or(b1, b2); 3591 gen_or(b2, b3); 3592 return (b3); 3593 3594 default: 3595 bpf_error("direction not supported on linktype 0x%x", 3596 linktype); 3597 } 3598 /* NOTREACHED */ 3599 } 3600 3601 static struct block * 3602 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3603 { 3604 struct block *b0, *b1; 3605 3606 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3607 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3608 gen_and(b0, b1); 3609 3610 return (b1); 3611 } 3612