1 /* $OpenBSD: gencode.c,v 1.42 2015/11/17 18:19:45 mmcc Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/param.h> /* ALIGN */ 25 #include <sys/types.h> 26 #include <sys/socket.h> 27 #include <sys/time.h> 28 29 struct mbuf; 30 struct rtentry; 31 32 #include <net/if.h> 33 34 #include <netinet/in.h> 35 #include <netinet/if_ether.h> 36 37 #include <net/if_pflog.h> 38 #include <net/pfvar.h> 39 40 #include <net80211/ieee80211.h> 41 #include <net80211/ieee80211_radiotap.h> 42 43 #include <stdlib.h> 44 #include <stddef.h> 45 #include <setjmp.h> 46 #include <stdarg.h> 47 #include <string.h> 48 49 #include "pcap-int.h" 50 51 #include "ethertype.h" 52 #include "llc.h" 53 #include "gencode.h" 54 #include "ppp.h" 55 #include <pcap-namedb.h> 56 #ifdef INET6 57 #include <netdb.h> 58 #endif /*INET6*/ 59 60 #ifdef HAVE_OS_PROTO_H 61 #include "os-proto.h" 62 #endif 63 64 #define JMP(c) ((c)|BPF_JMP|BPF_K) 65 66 /* Locals */ 67 static jmp_buf top_ctx; 68 static pcap_t *bpf_pcap; 69 70 /* Hack for updating VLAN offsets. */ 71 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 72 73 /* XXX */ 74 #ifdef PCAP_FDDIPAD 75 int pcap_fddipad = PCAP_FDDIPAD; 76 #else 77 int pcap_fddipad; 78 #endif 79 80 __dead void 81 bpf_error(const char *fmt, ...) 82 { 83 va_list ap; 84 85 va_start(ap, fmt); 86 if (bpf_pcap != NULL) 87 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 88 fmt, ap); 89 va_end(ap); 90 longjmp(top_ctx, 1); 91 /* NOTREACHED */ 92 } 93 94 static void init_linktype(int); 95 96 static int alloc_reg(void); 97 static void free_reg(int); 98 99 static struct block *root; 100 101 /* initialization code used for variable link header */ 102 static struct slist *init_code = NULL; 103 104 /* Flags and registers for variable link type handling */ 105 static int variable_nl; 106 static int nl_reg, iphl_reg; 107 108 /* 109 * We divy out chunks of memory rather than call malloc each time so 110 * we don't have to worry about leaking memory. It's probably 111 * not a big deal if all this memory was wasted but it this ever 112 * goes into a library that would probably not be a good idea. 113 */ 114 #define NCHUNKS 16 115 #define CHUNK0SIZE 1024 116 struct chunk { 117 u_int n_left; 118 void *m; 119 }; 120 121 static struct chunk chunks[NCHUNKS]; 122 static int cur_chunk; 123 124 static void *newchunk(u_int); 125 static void freechunks(void); 126 static __inline struct block *new_block(int); 127 static __inline struct slist *new_stmt(int); 128 static struct block *gen_retblk(int); 129 static __inline void syntax(void); 130 131 static void backpatch(struct block *, struct block *); 132 static void merge(struct block *, struct block *); 133 static struct block *gen_cmp(u_int, u_int, bpf_int32); 134 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 135 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 136 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 137 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 138 static struct block *gen_bcmp(u_int, u_int, const u_char *); 139 static struct block *gen_uncond(int); 140 static __inline struct block *gen_true(void); 141 static __inline struct block *gen_false(void); 142 static struct block *gen_linktype(int); 143 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 144 #ifdef INET6 145 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 146 #endif 147 static struct block *gen_ehostop(const u_char *, int); 148 static struct block *gen_fhostop(const u_char *, int); 149 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 150 static struct block *gen_p80211_hostop(const u_char *, int); 151 static struct block *gen_p80211_addr(int, u_int, const u_char *); 152 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 153 #ifdef INET6 154 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 155 #endif 156 #ifndef INET6 157 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 158 #endif 159 static struct block *gen_ipfrag(void); 160 static struct block *gen_portatom(int, bpf_int32); 161 #ifdef INET6 162 static struct block *gen_portatom6(int, bpf_int32); 163 #endif 164 struct block *gen_portop(int, int, int); 165 static struct block *gen_port(int, int, int); 166 #ifdef INET6 167 struct block *gen_portop6(int, int, int); 168 static struct block *gen_port6(int, int, int); 169 #endif 170 static int lookup_proto(const char *, int); 171 static struct block *gen_protochain(int, int, int); 172 static struct block *gen_proto(int, int, int); 173 static struct slist *xfer_to_x(struct arth *); 174 static struct slist *xfer_to_a(struct arth *); 175 static struct block *gen_len(int, int); 176 177 static void * 178 newchunk(n) 179 u_int n; 180 { 181 struct chunk *cp; 182 int k, size; 183 184 /* XXX Round to structure boundary. */ 185 n = ALIGN(n); 186 187 cp = &chunks[cur_chunk]; 188 if (n > cp->n_left) { 189 ++cp, k = ++cur_chunk; 190 if (k >= NCHUNKS) 191 bpf_error("out of memory"); 192 size = CHUNK0SIZE << k; 193 cp->m = calloc(1, size); 194 if (cp->m == NULL) 195 bpf_error("out of memory"); 196 197 cp->n_left = size; 198 if (n > size) 199 bpf_error("out of memory"); 200 } 201 cp->n_left -= n; 202 return (void *)((char *)cp->m + cp->n_left); 203 } 204 205 static void 206 freechunks() 207 { 208 int i; 209 210 cur_chunk = 0; 211 for (i = 0; i < NCHUNKS; ++i) 212 if (chunks[i].m != NULL) { 213 free(chunks[i].m); 214 chunks[i].m = NULL; 215 } 216 } 217 218 /* 219 * A strdup whose allocations are freed after code generation is over. 220 */ 221 char * 222 sdup(s) 223 register const char *s; 224 { 225 int n = strlen(s) + 1; 226 char *cp = newchunk(n); 227 228 strlcpy(cp, s, n); 229 return (cp); 230 } 231 232 static __inline struct block * 233 new_block(code) 234 int code; 235 { 236 struct block *p; 237 238 p = (struct block *)newchunk(sizeof(*p)); 239 p->s.code = code; 240 p->head = p; 241 242 return p; 243 } 244 245 static __inline struct slist * 246 new_stmt(code) 247 int code; 248 { 249 struct slist *p; 250 251 p = (struct slist *)newchunk(sizeof(*p)); 252 p->s.code = code; 253 254 return p; 255 } 256 257 static struct block * 258 gen_retblk(v) 259 int v; 260 { 261 struct block *b = new_block(BPF_RET|BPF_K); 262 263 b->s.k = v; 264 return b; 265 } 266 267 static __inline void 268 syntax() 269 { 270 bpf_error("syntax error in filter expression"); 271 } 272 273 static bpf_u_int32 netmask; 274 static int snaplen; 275 int no_optimize; 276 277 int 278 pcap_compile(pcap_t *p, struct bpf_program *program, 279 char *buf, int optimize, bpf_u_int32 mask) 280 { 281 extern int n_errors; 282 int len; 283 284 no_optimize = 0; 285 n_errors = 0; 286 root = NULL; 287 bpf_pcap = p; 288 if (setjmp(top_ctx)) { 289 freechunks(); 290 return (-1); 291 } 292 293 netmask = mask; 294 snaplen = pcap_snapshot(p); 295 296 lex_init(buf ? buf : ""); 297 init_linktype(pcap_datalink(p)); 298 (void)pcap_parse(); 299 300 if (n_errors) 301 syntax(); 302 303 if (root == NULL) 304 root = gen_retblk(snaplen); 305 306 if (optimize && !no_optimize) { 307 bpf_optimize(&root); 308 if (root == NULL || 309 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 310 bpf_error("expression rejects all packets"); 311 } 312 program->bf_insns = icode_to_fcode(root, &len); 313 program->bf_len = len; 314 315 freechunks(); 316 return (0); 317 } 318 319 /* 320 * entry point for using the compiler with no pcap open 321 * pass in all the stuff that is needed explicitly instead. 322 */ 323 int 324 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 325 struct bpf_program *program, 326 char *buf, int optimize, bpf_u_int32 mask) 327 { 328 extern int n_errors; 329 int len; 330 331 n_errors = 0; 332 root = NULL; 333 bpf_pcap = NULL; 334 if (setjmp(top_ctx)) { 335 freechunks(); 336 return (-1); 337 } 338 339 netmask = mask; 340 341 /* XXX needed? I don't grok the use of globals here. */ 342 snaplen = snaplen_arg; 343 344 lex_init(buf ? buf : ""); 345 init_linktype(linktype_arg); 346 (void)pcap_parse(); 347 348 if (n_errors) 349 syntax(); 350 351 if (root == NULL) 352 root = gen_retblk(snaplen_arg); 353 354 if (optimize) { 355 bpf_optimize(&root); 356 if (root == NULL || 357 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 358 bpf_error("expression rejects all packets"); 359 } 360 program->bf_insns = icode_to_fcode(root, &len); 361 program->bf_len = len; 362 363 freechunks(); 364 return (0); 365 } 366 367 /* 368 * Clean up a "struct bpf_program" by freeing all the memory allocated 369 * in it. 370 */ 371 void 372 pcap_freecode(struct bpf_program *program) 373 { 374 program->bf_len = 0; 375 if (program->bf_insns != NULL) { 376 free((char *)program->bf_insns); 377 program->bf_insns = NULL; 378 } 379 } 380 381 /* 382 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 383 * which of the jt and jf fields has been resolved and which is a pointer 384 * back to another unresolved block (or nil). At least one of the fields 385 * in each block is already resolved. 386 */ 387 static void 388 backpatch(list, target) 389 struct block *list, *target; 390 { 391 struct block *next; 392 393 while (list) { 394 if (!list->sense) { 395 next = JT(list); 396 JT(list) = target; 397 } else { 398 next = JF(list); 399 JF(list) = target; 400 } 401 list = next; 402 } 403 } 404 405 /* 406 * Merge the lists in b0 and b1, using the 'sense' field to indicate 407 * which of jt and jf is the link. 408 */ 409 static void 410 merge(b0, b1) 411 struct block *b0, *b1; 412 { 413 register struct block **p = &b0; 414 415 /* Find end of list. */ 416 while (*p) 417 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 418 419 /* Concatenate the lists. */ 420 *p = b1; 421 } 422 423 void 424 finish_parse(p) 425 struct block *p; 426 { 427 backpatch(p, gen_retblk(snaplen)); 428 p->sense = !p->sense; 429 backpatch(p, gen_retblk(0)); 430 root = p->head; 431 432 /* prepend initialization code to root */ 433 if (init_code != NULL && root != NULL) { 434 sappend(init_code, root->stmts); 435 root->stmts = init_code; 436 init_code = NULL; 437 } 438 439 if (iphl_reg != -1) { 440 free_reg(iphl_reg); 441 iphl_reg = -1; 442 } 443 if (nl_reg != -1) { 444 free_reg(nl_reg); 445 nl_reg = -1; 446 } 447 } 448 449 void 450 gen_and(b0, b1) 451 struct block *b0, *b1; 452 { 453 backpatch(b0, b1->head); 454 b0->sense = !b0->sense; 455 b1->sense = !b1->sense; 456 merge(b1, b0); 457 b1->sense = !b1->sense; 458 b1->head = b0->head; 459 } 460 461 void 462 gen_or(b0, b1) 463 struct block *b0, *b1; 464 { 465 b0->sense = !b0->sense; 466 backpatch(b0, b1->head); 467 b0->sense = !b0->sense; 468 merge(b1, b0); 469 b1->head = b0->head; 470 } 471 472 void 473 gen_not(b) 474 struct block *b; 475 { 476 b->sense = !b->sense; 477 } 478 479 static struct block * 480 gen_cmp(offset, size, v) 481 u_int offset, size; 482 bpf_int32 v; 483 { 484 struct slist *s; 485 struct block *b; 486 487 s = new_stmt(BPF_LD|BPF_ABS|size); 488 s->s.k = offset; 489 490 b = new_block(JMP(BPF_JEQ)); 491 b->stmts = s; 492 b->s.k = v; 493 494 return b; 495 } 496 497 static struct block * 498 gen_cmp_gt(offset, size, v) 499 u_int offset, size; 500 bpf_int32 v; 501 { 502 struct slist *s; 503 struct block *b; 504 505 s = new_stmt(BPF_LD|BPF_ABS|size); 506 s->s.k = offset; 507 508 b = new_block(JMP(BPF_JGT)); 509 b->stmts = s; 510 b->s.k = v; 511 512 return b; 513 } 514 515 static struct block * 516 gen_mcmp(offset, size, v, mask) 517 u_int offset, size; 518 bpf_int32 v; 519 bpf_u_int32 mask; 520 { 521 struct block *b = gen_cmp(offset, size, v); 522 struct slist *s; 523 524 if (mask != 0xffffffff) { 525 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 526 s->s.k = mask; 527 sappend(b->stmts, s); 528 } 529 return b; 530 } 531 532 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 533 static struct block * 534 gen_mcmp_nl(offset, size, v, mask) 535 u_int offset, size; 536 bpf_int32 v; 537 bpf_u_int32 mask; 538 { 539 struct block *b = gen_cmp_nl(offset, size, v); 540 struct slist *s; 541 542 if (mask != 0xffffffff) { 543 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 544 s->s.k = mask; 545 sappend(b->stmts, s); 546 } 547 return b; 548 } 549 550 static struct block * 551 gen_bcmp(offset, size, v) 552 register u_int offset, size; 553 register const u_char *v; 554 { 555 register struct block *b, *tmp; 556 557 b = NULL; 558 while (size >= 4) { 559 register const u_char *p = &v[size - 4]; 560 bpf_int32 w = ((bpf_int32)p[0] << 24) | 561 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 562 563 tmp = gen_cmp(offset + size - 4, BPF_W, w); 564 if (b != NULL) 565 gen_and(b, tmp); 566 b = tmp; 567 size -= 4; 568 } 569 while (size >= 2) { 570 register const u_char *p = &v[size - 2]; 571 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 572 573 tmp = gen_cmp(offset + size - 2, BPF_H, w); 574 if (b != NULL) 575 gen_and(b, tmp); 576 b = tmp; 577 size -= 2; 578 } 579 if (size > 0) { 580 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 581 if (b != NULL) 582 gen_and(b, tmp); 583 b = tmp; 584 } 585 return b; 586 } 587 588 /* 589 * Various code constructs need to know the layout of the data link 590 * layer. These variables give the necessary offsets. off_linktype 591 * is set to -1 for no encapsulation, in which case, IP is assumed. 592 */ 593 static u_int off_linktype; 594 static u_int off_nl; 595 static u_int off_nl_nosnap; 596 597 static int linktype; 598 599 /* Generate code to load the dynamic 'off_nl' to the X register */ 600 static struct slist * 601 nl2X_stmt(void) 602 { 603 struct slist *s, *tmp; 604 605 if (nl_reg == -1) { 606 switch (linktype) { 607 case DLT_PFLOG: 608 /* The pflog header contains PFLOG_REAL_HDRLEN 609 which does NOT include the padding. Round 610 up to the nearest dword boundary */ 611 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 612 s->s.k = 0; 613 614 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 615 tmp->s.k = 3; 616 sappend(s, tmp); 617 618 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 619 tmp->s.k = 0xfc; 620 sappend(s, tmp); 621 622 nl_reg = alloc_reg(); 623 tmp = new_stmt(BPF_ST); 624 tmp->s.k = nl_reg; 625 sappend(s, tmp); 626 627 break; 628 default: 629 bpf_error("Unknown header size for link type 0x%x", 630 linktype); 631 } 632 633 if (init_code == NULL) 634 init_code = s; 635 else 636 sappend(init_code, s); 637 } 638 639 s = new_stmt(BPF_LDX|BPF_MEM); 640 s->s.k = nl_reg; 641 642 return s; 643 } 644 645 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 646 static struct block * 647 gen_cmp_nl(offset, size, v) 648 u_int offset, size; 649 bpf_int32 v; 650 { 651 struct slist *s, *tmp; 652 struct block *b; 653 654 if (variable_nl) { 655 s = nl2X_stmt(); 656 tmp = new_stmt(BPF_LD|BPF_IND|size); 657 tmp->s.k = offset; 658 sappend(s, tmp); 659 } else { 660 s = new_stmt(BPF_LD|BPF_ABS|size); 661 s->s.k = offset + off_nl; 662 } 663 b = new_block(JMP(BPF_JEQ)); 664 b->stmts = s; 665 b->s.k = v; 666 667 return b; 668 } 669 670 static void 671 init_linktype(type) 672 int type; 673 { 674 linktype = type; 675 init_code = NULL; 676 nl_reg = iphl_reg = -1; 677 678 switch (type) { 679 680 case DLT_EN10MB: 681 off_linktype = 12; 682 off_nl = 14; 683 return; 684 685 case DLT_SLIP: 686 /* 687 * SLIP doesn't have a link level type. The 16 byte 688 * header is hacked into our SLIP driver. 689 */ 690 off_linktype = -1; 691 off_nl = 16; 692 return; 693 694 case DLT_SLIP_BSDOS: 695 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 696 off_linktype = -1; 697 /* XXX end */ 698 off_nl = 24; 699 return; 700 701 case DLT_NULL: 702 off_linktype = 0; 703 off_nl = 4; 704 return; 705 706 case DLT_PPP: 707 off_linktype = 2; 708 off_nl = 4; 709 return; 710 711 case DLT_PPP_ETHER: 712 /* 713 * This does not include the Ethernet header, and 714 * only covers session state. 715 */ 716 off_linktype = 6; 717 off_nl = 8; 718 return; 719 720 case DLT_PPP_BSDOS: 721 off_linktype = 5; 722 off_nl = 24; 723 return; 724 725 case DLT_FDDI: 726 /* 727 * FDDI doesn't really have a link-level type field. 728 * We assume that SSAP = SNAP is being used and pick 729 * out the encapsulated Ethernet type. 730 */ 731 off_linktype = 19; 732 #ifdef PCAP_FDDIPAD 733 off_linktype += pcap_fddipad; 734 #endif 735 off_nl = 21; 736 #ifdef PCAP_FDDIPAD 737 off_nl += pcap_fddipad; 738 #endif 739 return; 740 741 case DLT_IEEE802: 742 off_linktype = 20; 743 off_nl = 22; 744 return; 745 746 case DLT_IEEE802_11: 747 off_linktype = 30; /* XXX variable */ 748 off_nl = 32; 749 return; 750 751 case DLT_IEEE802_11_RADIO: /* XXX variable */ 752 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 753 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 754 return; 755 756 case DLT_ATM_RFC1483: 757 /* 758 * assume routed, non-ISO PDUs 759 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 760 */ 761 off_linktype = 6; 762 off_nl = 8; 763 return; 764 765 case DLT_LOOP: 766 off_linktype = -1; 767 off_nl = 4; 768 return; 769 770 case DLT_ENC: 771 off_linktype = -1; 772 off_nl = 12; 773 return; 774 775 case DLT_PFLOG: 776 off_linktype = 0; 777 variable_nl = 1; 778 off_nl = 0; 779 return; 780 781 case DLT_PFSYNC: 782 off_linktype = -1; 783 off_nl = 4; 784 return; 785 786 case DLT_RAW: 787 off_linktype = -1; 788 off_nl = 0; 789 return; 790 } 791 bpf_error("unknown data link type 0x%x", linktype); 792 /* NOTREACHED */ 793 } 794 795 static struct block * 796 gen_uncond(rsense) 797 int rsense; 798 { 799 struct block *b; 800 struct slist *s; 801 802 s = new_stmt(BPF_LD|BPF_IMM); 803 s->s.k = !rsense; 804 b = new_block(JMP(BPF_JEQ)); 805 b->stmts = s; 806 807 return b; 808 } 809 810 static __inline struct block * 811 gen_true() 812 { 813 return gen_uncond(1); 814 } 815 816 static __inline struct block * 817 gen_false() 818 { 819 return gen_uncond(0); 820 } 821 822 static struct block * 823 gen_linktype(proto) 824 register int proto; 825 { 826 struct block *b0, *b1; 827 828 /* If we're not using encapsulation and checking for IP, we're done */ 829 if (off_linktype == -1 && proto == ETHERTYPE_IP) 830 return gen_true(); 831 #ifdef INET6 832 /* this isn't the right thing to do, but sometimes necessary */ 833 if (off_linktype == -1 && proto == ETHERTYPE_IPV6) 834 return gen_true(); 835 #endif 836 837 switch (linktype) { 838 839 case DLT_EN10MB: 840 if (proto <= ETHERMTU) { 841 /* This is an LLC SAP value */ 842 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 843 gen_not(b0); 844 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 845 gen_and(b0, b1); 846 return b1; 847 } else { 848 /* This is an Ethernet type */ 849 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 850 } 851 break; 852 853 case DLT_SLIP: 854 return gen_false(); 855 856 case DLT_PPP: 857 case DLT_PPP_ETHER: 858 if (proto == ETHERTYPE_IP) 859 proto = PPP_IP; /* XXX was 0x21 */ 860 #ifdef INET6 861 else if (proto == ETHERTYPE_IPV6) 862 proto = PPP_IPV6; 863 #endif 864 break; 865 866 case DLT_PPP_BSDOS: 867 switch (proto) { 868 869 case ETHERTYPE_IP: 870 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 871 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 872 gen_or(b0, b1); 873 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 874 gen_or(b1, b0); 875 return b0; 876 877 #ifdef INET6 878 case ETHERTYPE_IPV6: 879 proto = PPP_IPV6; 880 /* more to go? */ 881 break; 882 #endif /* INET6 */ 883 884 case ETHERTYPE_DN: 885 proto = PPP_DECNET; 886 break; 887 888 case ETHERTYPE_ATALK: 889 proto = PPP_APPLE; 890 break; 891 892 case ETHERTYPE_NS: 893 proto = PPP_NS; 894 break; 895 } 896 break; 897 898 case DLT_LOOP: 899 case DLT_ENC: 900 case DLT_NULL: 901 /* XXX */ 902 if (proto == ETHERTYPE_IP) 903 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 904 #ifdef INET6 905 else if (proto == ETHERTYPE_IPV6) 906 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 907 #endif /* INET6 */ 908 else 909 return gen_false(); 910 break; 911 case DLT_PFLOG: 912 if (proto == ETHERTYPE_IP) 913 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 914 (bpf_int32)AF_INET)); 915 #ifdef INET6 916 else if (proto == ETHERTYPE_IPV6) 917 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 918 (bpf_int32)AF_INET6)); 919 #endif /* INET6 */ 920 else 921 return gen_false(); 922 break; 923 924 } 925 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 926 } 927 928 static struct block * 929 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 930 bpf_u_int32 addr; 931 bpf_u_int32 mask; 932 int dir, proto; 933 u_int src_off, dst_off; 934 { 935 struct block *b0, *b1; 936 u_int offset; 937 938 switch (dir) { 939 940 case Q_SRC: 941 offset = src_off; 942 break; 943 944 case Q_DST: 945 offset = dst_off; 946 break; 947 948 case Q_AND: 949 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 950 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 951 gen_and(b0, b1); 952 return b1; 953 954 case Q_OR: 955 case Q_DEFAULT: 956 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 957 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 958 gen_or(b0, b1); 959 return b1; 960 961 default: 962 bpf_error("direction not supported on linktype 0x%x", 963 linktype); 964 } 965 b0 = gen_linktype(proto); 966 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 967 gen_and(b0, b1); 968 return b1; 969 } 970 971 #ifdef INET6 972 static struct block * 973 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 974 struct in6_addr *addr; 975 struct in6_addr *mask; 976 int dir, proto; 977 u_int src_off, dst_off; 978 { 979 struct block *b0, *b1; 980 u_int offset; 981 u_int32_t *a, *m; 982 983 switch (dir) { 984 985 case Q_SRC: 986 offset = src_off; 987 break; 988 989 case Q_DST: 990 offset = dst_off; 991 break; 992 993 case Q_AND: 994 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 995 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 996 gen_and(b0, b1); 997 return b1; 998 999 case Q_OR: 1000 case Q_DEFAULT: 1001 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1002 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1003 gen_or(b0, b1); 1004 return b1; 1005 1006 default: 1007 bpf_error("direction not supported on linktype 0x%x", 1008 linktype); 1009 } 1010 /* this order is important */ 1011 a = (u_int32_t *)addr; 1012 m = (u_int32_t *)mask; 1013 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1014 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1015 gen_and(b0, b1); 1016 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1017 gen_and(b0, b1); 1018 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1019 gen_and(b0, b1); 1020 b0 = gen_linktype(proto); 1021 gen_and(b0, b1); 1022 return b1; 1023 } 1024 #endif /*INET6*/ 1025 1026 static struct block * 1027 gen_ehostop(eaddr, dir) 1028 register const u_char *eaddr; 1029 register int dir; 1030 { 1031 struct block *b0, *b1; 1032 1033 switch (dir) { 1034 case Q_SRC: 1035 return gen_bcmp(6, 6, eaddr); 1036 1037 case Q_DST: 1038 return gen_bcmp(0, 6, eaddr); 1039 1040 case Q_AND: 1041 b0 = gen_ehostop(eaddr, Q_SRC); 1042 b1 = gen_ehostop(eaddr, Q_DST); 1043 gen_and(b0, b1); 1044 return b1; 1045 1046 case Q_DEFAULT: 1047 case Q_OR: 1048 b0 = gen_ehostop(eaddr, Q_SRC); 1049 b1 = gen_ehostop(eaddr, Q_DST); 1050 gen_or(b0, b1); 1051 return b1; 1052 default: 1053 bpf_error("direction not supported on linktype 0x%x", 1054 linktype); 1055 } 1056 /* NOTREACHED */ 1057 } 1058 1059 /* 1060 * Like gen_ehostop, but for DLT_FDDI 1061 */ 1062 static struct block * 1063 gen_fhostop(eaddr, dir) 1064 register const u_char *eaddr; 1065 register int dir; 1066 { 1067 struct block *b0, *b1; 1068 1069 switch (dir) { 1070 case Q_SRC: 1071 #ifdef PCAP_FDDIPAD 1072 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1073 #else 1074 return gen_bcmp(6 + 1, 6, eaddr); 1075 #endif 1076 1077 case Q_DST: 1078 #ifdef PCAP_FDDIPAD 1079 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1080 #else 1081 return gen_bcmp(0 + 1, 6, eaddr); 1082 #endif 1083 1084 case Q_AND: 1085 b0 = gen_fhostop(eaddr, Q_SRC); 1086 b1 = gen_fhostop(eaddr, Q_DST); 1087 gen_and(b0, b1); 1088 return b1; 1089 1090 case Q_DEFAULT: 1091 case Q_OR: 1092 b0 = gen_fhostop(eaddr, Q_SRC); 1093 b1 = gen_fhostop(eaddr, Q_DST); 1094 gen_or(b0, b1); 1095 return b1; 1096 default: 1097 bpf_error("direction not supported on linktype 0x%x", 1098 linktype); 1099 } 1100 /* NOTREACHED */ 1101 } 1102 1103 /* 1104 * This is quite tricky because there may be pad bytes in front of the 1105 * DECNET header, and then there are two possible data packet formats that 1106 * carry both src and dst addresses, plus 5 packet types in a format that 1107 * carries only the src node, plus 2 types that use a different format and 1108 * also carry just the src node. 1109 * 1110 * Yuck. 1111 * 1112 * Instead of doing those all right, we just look for data packets with 1113 * 0 or 1 bytes of padding. If you want to look at other packets, that 1114 * will require a lot more hacking. 1115 * 1116 * To add support for filtering on DECNET "areas" (network numbers) 1117 * one would want to add a "mask" argument to this routine. That would 1118 * make the filter even more inefficient, although one could be clever 1119 * and not generate masking instructions if the mask is 0xFFFF. 1120 */ 1121 static struct block * 1122 gen_dnhostop(addr, dir, base_off) 1123 bpf_u_int32 addr; 1124 int dir; 1125 u_int base_off; 1126 { 1127 struct block *b0, *b1, *b2, *tmp; 1128 u_int offset_lh; /* offset if long header is received */ 1129 u_int offset_sh; /* offset if short header is received */ 1130 1131 switch (dir) { 1132 1133 case Q_DST: 1134 offset_sh = 1; /* follows flags */ 1135 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1136 break; 1137 1138 case Q_SRC: 1139 offset_sh = 3; /* follows flags, dstnode */ 1140 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1141 break; 1142 1143 case Q_AND: 1144 /* Inefficient because we do our Calvinball dance twice */ 1145 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1146 b1 = gen_dnhostop(addr, Q_DST, base_off); 1147 gen_and(b0, b1); 1148 return b1; 1149 1150 case Q_OR: 1151 case Q_DEFAULT: 1152 /* Inefficient because we do our Calvinball dance twice */ 1153 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1154 b1 = gen_dnhostop(addr, Q_DST, base_off); 1155 gen_or(b0, b1); 1156 return b1; 1157 1158 default: 1159 bpf_error("direction not supported on linktype 0x%x", 1160 linktype); 1161 } 1162 b0 = gen_linktype(ETHERTYPE_DN); 1163 /* Check for pad = 1, long header case */ 1164 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1165 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1166 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1167 BPF_H, (bpf_int32)ntohs(addr)); 1168 gen_and(tmp, b1); 1169 /* Check for pad = 0, long header case */ 1170 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1171 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1172 gen_and(tmp, b2); 1173 gen_or(b2, b1); 1174 /* Check for pad = 1, short header case */ 1175 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1176 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1177 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1178 BPF_H, (bpf_int32)ntohs(addr)); 1179 gen_and(tmp, b2); 1180 gen_or(b2, b1); 1181 /* Check for pad = 0, short header case */ 1182 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1183 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1184 gen_and(tmp, b2); 1185 gen_or(b2, b1); 1186 1187 /* Combine with test for linktype */ 1188 gen_and(b0, b1); 1189 return b1; 1190 } 1191 1192 static struct block * 1193 gen_host(addr, mask, proto, dir) 1194 bpf_u_int32 addr; 1195 bpf_u_int32 mask; 1196 int proto; 1197 int dir; 1198 { 1199 struct block *b0, *b1; 1200 1201 switch (proto) { 1202 1203 case Q_DEFAULT: 1204 b0 = gen_host(addr, mask, Q_IP, dir); 1205 b1 = gen_host(addr, mask, Q_ARP, dir); 1206 gen_or(b0, b1); 1207 b0 = gen_host(addr, mask, Q_RARP, dir); 1208 gen_or(b1, b0); 1209 return b0; 1210 1211 case Q_IP: 1212 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1213 12, 16); 1214 1215 case Q_RARP: 1216 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1217 14, 24); 1218 1219 case Q_ARP: 1220 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1221 14, 24); 1222 1223 case Q_TCP: 1224 bpf_error("'tcp' modifier applied to host"); 1225 1226 case Q_UDP: 1227 bpf_error("'udp' modifier applied to host"); 1228 1229 case Q_ICMP: 1230 bpf_error("'icmp' modifier applied to host"); 1231 1232 case Q_IGMP: 1233 bpf_error("'igmp' modifier applied to host"); 1234 1235 case Q_IGRP: 1236 bpf_error("'igrp' modifier applied to host"); 1237 1238 case Q_PIM: 1239 bpf_error("'pim' modifier applied to host"); 1240 1241 case Q_STP: 1242 bpf_error("'stp' modifier applied to host"); 1243 1244 case Q_ATALK: 1245 bpf_error("ATALK host filtering not implemented"); 1246 1247 case Q_DECNET: 1248 return gen_dnhostop(addr, dir, 0); 1249 1250 case Q_SCA: 1251 bpf_error("SCA host filtering not implemented"); 1252 1253 case Q_LAT: 1254 bpf_error("LAT host filtering not implemented"); 1255 1256 case Q_MOPDL: 1257 bpf_error("MOPDL host filtering not implemented"); 1258 1259 case Q_MOPRC: 1260 bpf_error("MOPRC host filtering not implemented"); 1261 1262 #ifdef INET6 1263 case Q_IPV6: 1264 bpf_error("'ip6' modifier applied to ip host"); 1265 1266 case Q_ICMPV6: 1267 bpf_error("'icmp6' modifier applied to host"); 1268 #endif /* INET6 */ 1269 1270 case Q_AH: 1271 bpf_error("'ah' modifier applied to host"); 1272 1273 case Q_ESP: 1274 bpf_error("'esp' modifier applied to host"); 1275 1276 default: 1277 bpf_error("direction not supported on linktype 0x%x", 1278 linktype); 1279 } 1280 /* NOTREACHED */ 1281 } 1282 1283 #ifdef INET6 1284 static struct block * 1285 gen_host6(addr, mask, proto, dir) 1286 struct in6_addr *addr; 1287 struct in6_addr *mask; 1288 int proto; 1289 int dir; 1290 { 1291 switch (proto) { 1292 1293 case Q_DEFAULT: 1294 return gen_host6(addr, mask, Q_IPV6, dir); 1295 1296 case Q_IP: 1297 bpf_error("'ip' modifier applied to ip6 host"); 1298 1299 case Q_RARP: 1300 bpf_error("'rarp' modifier applied to ip6 host"); 1301 1302 case Q_ARP: 1303 bpf_error("'arp' modifier applied to ip6 host"); 1304 1305 case Q_TCP: 1306 bpf_error("'tcp' modifier applied to host"); 1307 1308 case Q_UDP: 1309 bpf_error("'udp' modifier applied to host"); 1310 1311 case Q_ICMP: 1312 bpf_error("'icmp' modifier applied to host"); 1313 1314 case Q_IGMP: 1315 bpf_error("'igmp' modifier applied to host"); 1316 1317 case Q_IGRP: 1318 bpf_error("'igrp' modifier applied to host"); 1319 1320 case Q_PIM: 1321 bpf_error("'pim' modifier applied to host"); 1322 1323 case Q_STP: 1324 bpf_error("'stp' modifier applied to host"); 1325 1326 case Q_ATALK: 1327 bpf_error("ATALK host filtering not implemented"); 1328 1329 case Q_DECNET: 1330 bpf_error("'decnet' modifier applied to ip6 host"); 1331 1332 case Q_SCA: 1333 bpf_error("SCA host filtering not implemented"); 1334 1335 case Q_LAT: 1336 bpf_error("LAT host filtering not implemented"); 1337 1338 case Q_MOPDL: 1339 bpf_error("MOPDL host filtering not implemented"); 1340 1341 case Q_MOPRC: 1342 bpf_error("MOPRC host filtering not implemented"); 1343 1344 case Q_IPV6: 1345 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1346 8, 24); 1347 1348 case Q_ICMPV6: 1349 bpf_error("'icmp6' modifier applied to host"); 1350 1351 case Q_AH: 1352 bpf_error("'ah' modifier applied to host"); 1353 1354 case Q_ESP: 1355 bpf_error("'esp' modifier applied to host"); 1356 1357 default: 1358 abort(); 1359 } 1360 /* NOTREACHED */ 1361 } 1362 #endif /*INET6*/ 1363 1364 #ifndef INET6 1365 static struct block * 1366 gen_gateway(eaddr, alist, proto, dir) 1367 const u_char *eaddr; 1368 bpf_u_int32 **alist; 1369 int proto; 1370 int dir; 1371 { 1372 struct block *b0, *b1, *tmp; 1373 1374 if (dir != 0) 1375 bpf_error("direction applied to 'gateway'"); 1376 1377 switch (proto) { 1378 case Q_DEFAULT: 1379 case Q_IP: 1380 case Q_ARP: 1381 case Q_RARP: 1382 if (linktype == DLT_EN10MB) 1383 b0 = gen_ehostop(eaddr, Q_OR); 1384 else if (linktype == DLT_FDDI) 1385 b0 = gen_fhostop(eaddr, Q_OR); 1386 else 1387 bpf_error( 1388 "'gateway' supported only on ethernet or FDDI"); 1389 1390 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1391 while (*alist) { 1392 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1393 gen_or(b1, tmp); 1394 b1 = tmp; 1395 } 1396 gen_not(b1); 1397 gen_and(b0, b1); 1398 return b1; 1399 } 1400 bpf_error("illegal modifier of 'gateway'"); 1401 /* NOTREACHED */ 1402 } 1403 #endif /*INET6*/ 1404 1405 struct block * 1406 gen_proto_abbrev(proto) 1407 int proto; 1408 { 1409 struct block *b0 = NULL, *b1; 1410 1411 switch (proto) { 1412 1413 case Q_TCP: 1414 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1415 #ifdef INET6 1416 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1417 gen_or(b0, b1); 1418 #endif 1419 break; 1420 1421 case Q_UDP: 1422 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1423 #ifdef INET6 1424 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1425 gen_or(b0, b1); 1426 #endif 1427 break; 1428 1429 case Q_ICMP: 1430 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1431 break; 1432 1433 #ifndef IPPROTO_IGMP 1434 #define IPPROTO_IGMP 2 1435 #endif 1436 1437 case Q_IGMP: 1438 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1439 break; 1440 1441 #ifndef IPPROTO_IGRP 1442 #define IPPROTO_IGRP 9 1443 #endif 1444 case Q_IGRP: 1445 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1446 break; 1447 1448 #ifndef IPPROTO_PIM 1449 #define IPPROTO_PIM 103 1450 #endif 1451 1452 case Q_PIM: 1453 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1454 #ifdef INET6 1455 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1456 gen_or(b0, b1); 1457 #endif 1458 break; 1459 1460 case Q_IP: 1461 b1 = gen_linktype(ETHERTYPE_IP); 1462 break; 1463 1464 case Q_ARP: 1465 b1 = gen_linktype(ETHERTYPE_ARP); 1466 break; 1467 1468 case Q_RARP: 1469 b1 = gen_linktype(ETHERTYPE_REVARP); 1470 break; 1471 1472 case Q_LINK: 1473 bpf_error("link layer applied in wrong context"); 1474 1475 case Q_ATALK: 1476 b1 = gen_linktype(ETHERTYPE_ATALK); 1477 break; 1478 1479 case Q_DECNET: 1480 b1 = gen_linktype(ETHERTYPE_DN); 1481 break; 1482 1483 case Q_SCA: 1484 b1 = gen_linktype(ETHERTYPE_SCA); 1485 break; 1486 1487 case Q_LAT: 1488 b1 = gen_linktype(ETHERTYPE_LAT); 1489 break; 1490 1491 case Q_MOPDL: 1492 b1 = gen_linktype(ETHERTYPE_MOPDL); 1493 break; 1494 1495 case Q_MOPRC: 1496 b1 = gen_linktype(ETHERTYPE_MOPRC); 1497 break; 1498 1499 case Q_STP: 1500 b1 = gen_linktype(LLCSAP_8021D); 1501 break; 1502 1503 #ifdef INET6 1504 case Q_IPV6: 1505 b1 = gen_linktype(ETHERTYPE_IPV6); 1506 break; 1507 1508 #ifndef IPPROTO_ICMPV6 1509 #define IPPROTO_ICMPV6 58 1510 #endif 1511 case Q_ICMPV6: 1512 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1513 break; 1514 #endif /* INET6 */ 1515 1516 #ifndef IPPROTO_AH 1517 #define IPPROTO_AH 51 1518 #endif 1519 case Q_AH: 1520 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1521 #ifdef INET6 1522 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1523 gen_or(b0, b1); 1524 #endif 1525 break; 1526 1527 #ifndef IPPROTO_ESP 1528 #define IPPROTO_ESP 50 1529 #endif 1530 case Q_ESP: 1531 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1532 #ifdef INET6 1533 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1534 gen_or(b0, b1); 1535 #endif 1536 break; 1537 1538 default: 1539 abort(); 1540 } 1541 return b1; 1542 } 1543 1544 static struct block * 1545 gen_ipfrag() 1546 { 1547 struct slist *s, *tmp; 1548 struct block *b; 1549 1550 /* not ip frag */ 1551 if (variable_nl) { 1552 s = nl2X_stmt(); 1553 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1554 tmp->s.k = 6; 1555 sappend(s, tmp); 1556 } else { 1557 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1558 s->s.k = off_nl + 6; 1559 } 1560 b = new_block(JMP(BPF_JSET)); 1561 b->s.k = 0x1fff; 1562 b->stmts = s; 1563 gen_not(b); 1564 1565 return b; 1566 } 1567 1568 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1569 This function generates code to set X to the start of the IP payload 1570 X = off_nl + IP header_len. 1571 */ 1572 static struct slist * 1573 iphl_to_x(void) 1574 { 1575 struct slist *s, *tmp; 1576 1577 /* XXX clobbers A if variable_nl*/ 1578 if (variable_nl) { 1579 if (iphl_reg == -1) { 1580 /* X <- off_nl */ 1581 s = nl2X_stmt(); 1582 1583 /* A = p[X+0] */ 1584 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1585 tmp->s.k = 0; 1586 sappend(s, tmp); 1587 1588 /* A = A & 0x0f */ 1589 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1590 tmp->s.k = 0x0f; 1591 sappend(s, tmp); 1592 1593 /* A = A << 2 */ 1594 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1595 tmp->s.k = 2; 1596 sappend(s, tmp); 1597 1598 /* A = A + X (add off_nl again to compansate) */ 1599 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1600 1601 /* MEM[iphl_reg] = A */ 1602 iphl_reg = alloc_reg(); 1603 tmp = new_stmt(BPF_ST); 1604 tmp->s.k = iphl_reg; 1605 sappend(s, tmp); 1606 1607 sappend(init_code, s); 1608 } 1609 s = new_stmt(BPF_LDX|BPF_MEM); 1610 s->s.k = iphl_reg; 1611 1612 } else { 1613 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1614 s->s.k = off_nl; 1615 } 1616 1617 return s; 1618 } 1619 1620 static struct block * 1621 gen_portatom(off, v) 1622 int off; 1623 bpf_int32 v; 1624 { 1625 struct slist *s, *tmp; 1626 struct block *b; 1627 1628 s = iphl_to_x(); 1629 1630 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1631 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1632 sappend(s, tmp); 1633 1634 b = new_block(JMP(BPF_JEQ)); 1635 b->stmts = s; 1636 b->s.k = v; 1637 1638 return b; 1639 } 1640 1641 #ifdef INET6 1642 static struct block * 1643 gen_portatom6(off, v) 1644 int off; 1645 bpf_int32 v; 1646 { 1647 return gen_cmp_nl(40 + off, BPF_H, v); 1648 } 1649 #endif/*INET6*/ 1650 1651 struct block * 1652 gen_portop(port, proto, dir) 1653 int port, proto, dir; 1654 { 1655 struct block *b0, *b1, *tmp; 1656 1657 /* ip proto 'proto' */ 1658 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1659 b0 = gen_ipfrag(); 1660 gen_and(tmp, b0); 1661 1662 switch (dir) { 1663 case Q_SRC: 1664 b1 = gen_portatom(0, (bpf_int32)port); 1665 break; 1666 1667 case Q_DST: 1668 b1 = gen_portatom(2, (bpf_int32)port); 1669 break; 1670 1671 case Q_OR: 1672 case Q_DEFAULT: 1673 tmp = gen_portatom(0, (bpf_int32)port); 1674 b1 = gen_portatom(2, (bpf_int32)port); 1675 gen_or(tmp, b1); 1676 break; 1677 1678 case Q_AND: 1679 tmp = gen_portatom(0, (bpf_int32)port); 1680 b1 = gen_portatom(2, (bpf_int32)port); 1681 gen_and(tmp, b1); 1682 break; 1683 1684 default: 1685 abort(); 1686 } 1687 gen_and(b0, b1); 1688 1689 return b1; 1690 } 1691 1692 static struct block * 1693 gen_port(port, ip_proto, dir) 1694 int port; 1695 int ip_proto; 1696 int dir; 1697 { 1698 struct block *b0, *b1, *tmp; 1699 1700 /* ether proto ip */ 1701 b0 = gen_linktype(ETHERTYPE_IP); 1702 1703 switch (ip_proto) { 1704 case IPPROTO_UDP: 1705 case IPPROTO_TCP: 1706 b1 = gen_portop(port, ip_proto, dir); 1707 break; 1708 1709 case PROTO_UNDEF: 1710 tmp = gen_portop(port, IPPROTO_TCP, dir); 1711 b1 = gen_portop(port, IPPROTO_UDP, dir); 1712 gen_or(tmp, b1); 1713 break; 1714 1715 default: 1716 abort(); 1717 } 1718 gen_and(b0, b1); 1719 return b1; 1720 } 1721 1722 #ifdef INET6 1723 struct block * 1724 gen_portop6(port, proto, dir) 1725 int port, proto, dir; 1726 { 1727 struct block *b0, *b1, *tmp; 1728 1729 /* ip proto 'proto' */ 1730 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1731 1732 switch (dir) { 1733 case Q_SRC: 1734 b1 = gen_portatom6(0, (bpf_int32)port); 1735 break; 1736 1737 case Q_DST: 1738 b1 = gen_portatom6(2, (bpf_int32)port); 1739 break; 1740 1741 case Q_OR: 1742 case Q_DEFAULT: 1743 tmp = gen_portatom6(0, (bpf_int32)port); 1744 b1 = gen_portatom6(2, (bpf_int32)port); 1745 gen_or(tmp, b1); 1746 break; 1747 1748 case Q_AND: 1749 tmp = gen_portatom6(0, (bpf_int32)port); 1750 b1 = gen_portatom6(2, (bpf_int32)port); 1751 gen_and(tmp, b1); 1752 break; 1753 1754 default: 1755 abort(); 1756 } 1757 gen_and(b0, b1); 1758 1759 return b1; 1760 } 1761 1762 static struct block * 1763 gen_port6(port, ip_proto, dir) 1764 int port; 1765 int ip_proto; 1766 int dir; 1767 { 1768 struct block *b0, *b1, *tmp; 1769 1770 /* ether proto ip */ 1771 b0 = gen_linktype(ETHERTYPE_IPV6); 1772 1773 switch (ip_proto) { 1774 case IPPROTO_UDP: 1775 case IPPROTO_TCP: 1776 b1 = gen_portop6(port, ip_proto, dir); 1777 break; 1778 1779 case PROTO_UNDEF: 1780 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1781 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1782 gen_or(tmp, b1); 1783 break; 1784 1785 default: 1786 abort(); 1787 } 1788 gen_and(b0, b1); 1789 return b1; 1790 } 1791 #endif /* INET6 */ 1792 1793 static int 1794 lookup_proto(name, proto) 1795 register const char *name; 1796 register int proto; 1797 { 1798 register int v; 1799 1800 switch (proto) { 1801 1802 case Q_DEFAULT: 1803 case Q_IP: 1804 v = pcap_nametoproto(name); 1805 if (v == PROTO_UNDEF) 1806 bpf_error("unknown ip proto '%s'", name); 1807 break; 1808 1809 case Q_LINK: 1810 /* XXX should look up h/w protocol type based on linktype */ 1811 v = pcap_nametoeproto(name); 1812 if (v == PROTO_UNDEF) { 1813 v = pcap_nametollc(name); 1814 if (v == PROTO_UNDEF) 1815 bpf_error("unknown ether proto '%s'", name); 1816 } 1817 break; 1818 1819 default: 1820 v = PROTO_UNDEF; 1821 break; 1822 } 1823 return v; 1824 } 1825 1826 static struct block * 1827 gen_protochain(v, proto, dir) 1828 int v; 1829 int proto; 1830 int dir; 1831 { 1832 struct block *b0, *b; 1833 struct slist *s[100]; 1834 int fix2, fix3, fix4, fix5; 1835 int ahcheck, again, end; 1836 int i, max; 1837 int reg1 = alloc_reg(); 1838 int reg2 = alloc_reg(); 1839 1840 memset(s, 0, sizeof(s)); 1841 fix2 = fix3 = fix4 = fix5 = 0; 1842 1843 if (variable_nl) { 1844 bpf_error("'gen_protochain' not supported for variable DLTs"); 1845 /*NOTREACHED*/ 1846 } 1847 1848 switch (proto) { 1849 case Q_IP: 1850 case Q_IPV6: 1851 break; 1852 case Q_DEFAULT: 1853 b0 = gen_protochain(v, Q_IP, dir); 1854 b = gen_protochain(v, Q_IPV6, dir); 1855 gen_or(b0, b); 1856 return b; 1857 default: 1858 bpf_error("bad protocol applied for 'protochain'"); 1859 /*NOTREACHED*/ 1860 } 1861 1862 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1863 1864 /* 1865 * s[0] is a dummy entry to protect other BPF insn from damaged 1866 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1867 * hard to find interdependency made by jump table fixup. 1868 */ 1869 i = 0; 1870 s[i] = new_stmt(0); /*dummy*/ 1871 i++; 1872 1873 switch (proto) { 1874 case Q_IP: 1875 b0 = gen_linktype(ETHERTYPE_IP); 1876 1877 /* A = ip->ip_p */ 1878 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1879 s[i]->s.k = off_nl + 9; 1880 i++; 1881 /* X = ip->ip_hl << 2 */ 1882 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1883 s[i]->s.k = off_nl; 1884 i++; 1885 break; 1886 case Q_IPV6: 1887 b0 = gen_linktype(ETHERTYPE_IPV6); 1888 1889 /* A = ip6->ip_nxt */ 1890 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1891 s[i]->s.k = off_nl + 6; 1892 i++; 1893 /* X = sizeof(struct ip6_hdr) */ 1894 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1895 s[i]->s.k = 40; 1896 i++; 1897 break; 1898 default: 1899 bpf_error("unsupported proto to gen_protochain"); 1900 /*NOTREACHED*/ 1901 } 1902 1903 /* again: if (A == v) goto end; else fall through; */ 1904 again = i; 1905 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1906 s[i]->s.k = v; 1907 s[i]->s.jt = NULL; /*later*/ 1908 s[i]->s.jf = NULL; /*update in next stmt*/ 1909 fix5 = i; 1910 i++; 1911 1912 /* if (A == IPPROTO_NONE) goto end */ 1913 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1914 s[i]->s.jt = NULL; /*later*/ 1915 s[i]->s.jf = NULL; /*update in next stmt*/ 1916 s[i]->s.k = IPPROTO_NONE; 1917 s[fix5]->s.jf = s[i]; 1918 fix2 = i; 1919 i++; 1920 1921 if (proto == Q_IPV6) { 1922 int v6start, v6end, v6advance, j; 1923 1924 v6start = i; 1925 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1926 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1927 s[i]->s.jt = NULL; /*later*/ 1928 s[i]->s.jf = NULL; /*update in next stmt*/ 1929 s[i]->s.k = IPPROTO_HOPOPTS; 1930 s[fix2]->s.jf = s[i]; 1931 i++; 1932 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1933 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1934 s[i]->s.jt = NULL; /*later*/ 1935 s[i]->s.jf = NULL; /*update in next stmt*/ 1936 s[i]->s.k = IPPROTO_DSTOPTS; 1937 i++; 1938 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1939 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1940 s[i]->s.jt = NULL; /*later*/ 1941 s[i]->s.jf = NULL; /*update in next stmt*/ 1942 s[i]->s.k = IPPROTO_ROUTING; 1943 i++; 1944 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1945 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1946 s[i]->s.jt = NULL; /*later*/ 1947 s[i]->s.jf = NULL; /*later*/ 1948 s[i]->s.k = IPPROTO_FRAGMENT; 1949 fix3 = i; 1950 v6end = i; 1951 i++; 1952 1953 /* v6advance: */ 1954 v6advance = i; 1955 1956 /* 1957 * in short, 1958 * A = P[X + 1]; 1959 * X = X + (P[X] + 1) * 8; 1960 */ 1961 /* A = X */ 1962 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1963 i++; 1964 /* MEM[reg1] = A */ 1965 s[i] = new_stmt(BPF_ST); 1966 s[i]->s.k = reg1; 1967 i++; 1968 /* A += 1 */ 1969 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1970 s[i]->s.k = 1; 1971 i++; 1972 /* X = A */ 1973 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1974 i++; 1975 /* A = P[X + packet head]; */ 1976 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1977 s[i]->s.k = off_nl; 1978 i++; 1979 /* MEM[reg2] = A */ 1980 s[i] = new_stmt(BPF_ST); 1981 s[i]->s.k = reg2; 1982 i++; 1983 /* X = MEM[reg1] */ 1984 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1985 s[i]->s.k = reg1; 1986 i++; 1987 /* A = P[X + packet head] */ 1988 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1989 s[i]->s.k = off_nl; 1990 i++; 1991 /* A += 1 */ 1992 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1993 s[i]->s.k = 1; 1994 i++; 1995 /* A *= 8 */ 1996 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1997 s[i]->s.k = 8; 1998 i++; 1999 /* X = A; */ 2000 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2001 i++; 2002 /* A = MEM[reg2] */ 2003 s[i] = new_stmt(BPF_LD|BPF_MEM); 2004 s[i]->s.k = reg2; 2005 i++; 2006 2007 /* goto again; (must use BPF_JA for backward jump) */ 2008 s[i] = new_stmt(BPF_JMP|BPF_JA); 2009 s[i]->s.k = again - i - 1; 2010 s[i - 1]->s.jf = s[i]; 2011 i++; 2012 2013 /* fixup */ 2014 for (j = v6start; j <= v6end; j++) 2015 s[j]->s.jt = s[v6advance]; 2016 } else { 2017 /* nop */ 2018 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2019 s[i]->s.k = 0; 2020 s[fix2]->s.jf = s[i]; 2021 i++; 2022 } 2023 2024 /* ahcheck: */ 2025 ahcheck = i; 2026 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2027 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2028 s[i]->s.jt = NULL; /*later*/ 2029 s[i]->s.jf = NULL; /*later*/ 2030 s[i]->s.k = IPPROTO_AH; 2031 if (fix3) 2032 s[fix3]->s.jf = s[ahcheck]; 2033 fix4 = i; 2034 i++; 2035 2036 /* 2037 * in short, 2038 * A = P[X + 1]; 2039 * X = X + (P[X] + 2) * 4; 2040 */ 2041 /* A = X */ 2042 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2043 i++; 2044 /* MEM[reg1] = A */ 2045 s[i] = new_stmt(BPF_ST); 2046 s[i]->s.k = reg1; 2047 i++; 2048 /* A += 1 */ 2049 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2050 s[i]->s.k = 1; 2051 i++; 2052 /* X = A */ 2053 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2054 i++; 2055 /* A = P[X + packet head]; */ 2056 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2057 s[i]->s.k = off_nl; 2058 i++; 2059 /* MEM[reg2] = A */ 2060 s[i] = new_stmt(BPF_ST); 2061 s[i]->s.k = reg2; 2062 i++; 2063 /* X = MEM[reg1] */ 2064 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2065 s[i]->s.k = reg1; 2066 i++; 2067 /* A = P[X + packet head] */ 2068 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2069 s[i]->s.k = off_nl; 2070 i++; 2071 /* A += 2 */ 2072 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2073 s[i]->s.k = 2; 2074 i++; 2075 /* A *= 4 */ 2076 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2077 s[i]->s.k = 4; 2078 i++; 2079 /* X = A; */ 2080 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2081 i++; 2082 /* A = MEM[reg2] */ 2083 s[i] = new_stmt(BPF_LD|BPF_MEM); 2084 s[i]->s.k = reg2; 2085 i++; 2086 2087 /* goto again; (must use BPF_JA for backward jump) */ 2088 s[i] = new_stmt(BPF_JMP|BPF_JA); 2089 s[i]->s.k = again - i - 1; 2090 i++; 2091 2092 /* end: nop */ 2093 end = i; 2094 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2095 s[i]->s.k = 0; 2096 s[fix2]->s.jt = s[end]; 2097 s[fix4]->s.jf = s[end]; 2098 s[fix5]->s.jt = s[end]; 2099 i++; 2100 2101 /* 2102 * make slist chain 2103 */ 2104 max = i; 2105 for (i = 0; i < max - 1; i++) 2106 s[i]->next = s[i + 1]; 2107 s[max - 1]->next = NULL; 2108 2109 /* 2110 * emit final check 2111 */ 2112 b = new_block(JMP(BPF_JEQ)); 2113 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2114 b->s.k = v; 2115 2116 free_reg(reg1); 2117 free_reg(reg2); 2118 2119 gen_and(b0, b); 2120 return b; 2121 } 2122 2123 static struct block * 2124 gen_proto(v, proto, dir) 2125 int v; 2126 int proto; 2127 int dir; 2128 { 2129 struct block *b0, *b1; 2130 2131 if (dir != Q_DEFAULT) 2132 bpf_error("direction applied to 'proto'"); 2133 2134 switch (proto) { 2135 case Q_DEFAULT: 2136 #ifdef INET6 2137 b0 = gen_proto(v, Q_IP, dir); 2138 b1 = gen_proto(v, Q_IPV6, dir); 2139 gen_or(b0, b1); 2140 return b1; 2141 #else 2142 /*FALLTHROUGH*/ 2143 #endif 2144 case Q_IP: 2145 b0 = gen_linktype(ETHERTYPE_IP); 2146 #ifndef CHASE_CHAIN 2147 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2148 #else 2149 b1 = gen_protochain(v, Q_IP); 2150 #endif 2151 gen_and(b0, b1); 2152 return b1; 2153 2154 case Q_ARP: 2155 bpf_error("arp does not encapsulate another protocol"); 2156 /* NOTREACHED */ 2157 2158 case Q_RARP: 2159 bpf_error("rarp does not encapsulate another protocol"); 2160 /* NOTREACHED */ 2161 2162 case Q_ATALK: 2163 bpf_error("atalk encapsulation is not specifiable"); 2164 /* NOTREACHED */ 2165 2166 case Q_DECNET: 2167 bpf_error("decnet encapsulation is not specifiable"); 2168 /* NOTREACHED */ 2169 2170 case Q_SCA: 2171 bpf_error("sca does not encapsulate another protocol"); 2172 /* NOTREACHED */ 2173 2174 case Q_LAT: 2175 bpf_error("lat does not encapsulate another protocol"); 2176 /* NOTREACHED */ 2177 2178 case Q_MOPRC: 2179 bpf_error("moprc does not encapsulate another protocol"); 2180 /* NOTREACHED */ 2181 2182 case Q_MOPDL: 2183 bpf_error("mopdl does not encapsulate another protocol"); 2184 /* NOTREACHED */ 2185 2186 case Q_LINK: 2187 return gen_linktype(v); 2188 2189 case Q_UDP: 2190 bpf_error("'udp proto' is bogus"); 2191 /* NOTREACHED */ 2192 2193 case Q_TCP: 2194 bpf_error("'tcp proto' is bogus"); 2195 /* NOTREACHED */ 2196 2197 case Q_ICMP: 2198 bpf_error("'icmp proto' is bogus"); 2199 /* NOTREACHED */ 2200 2201 case Q_IGMP: 2202 bpf_error("'igmp proto' is bogus"); 2203 /* NOTREACHED */ 2204 2205 case Q_IGRP: 2206 bpf_error("'igrp proto' is bogus"); 2207 /* NOTREACHED */ 2208 2209 case Q_PIM: 2210 bpf_error("'pim proto' is bogus"); 2211 /* NOTREACHED */ 2212 2213 case Q_STP: 2214 bpf_error("'stp proto' is bogus"); 2215 /* NOTREACHED */ 2216 2217 #ifdef INET6 2218 case Q_IPV6: 2219 b0 = gen_linktype(ETHERTYPE_IPV6); 2220 #ifndef CHASE_CHAIN 2221 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2222 #else 2223 b1 = gen_protochain(v, Q_IPV6); 2224 #endif 2225 gen_and(b0, b1); 2226 return b1; 2227 2228 case Q_ICMPV6: 2229 bpf_error("'icmp6 proto' is bogus"); 2230 #endif /* INET6 */ 2231 2232 case Q_AH: 2233 bpf_error("'ah proto' is bogus"); 2234 2235 case Q_ESP: 2236 bpf_error("'ah proto' is bogus"); 2237 2238 default: 2239 abort(); 2240 /* NOTREACHED */ 2241 } 2242 /* NOTREACHED */ 2243 } 2244 2245 struct block * 2246 gen_scode(name, q) 2247 register const char *name; 2248 struct qual q; 2249 { 2250 int proto = q.proto; 2251 int dir = q.dir; 2252 int tproto; 2253 u_char *eaddr; 2254 bpf_u_int32 mask, addr; 2255 #ifndef INET6 2256 bpf_u_int32 **alist; 2257 #else 2258 int tproto6; 2259 struct sockaddr_in *sin; 2260 struct sockaddr_in6 *sin6; 2261 struct addrinfo *res, *res0; 2262 struct in6_addr mask128; 2263 #endif /*INET6*/ 2264 struct block *b, *tmp; 2265 int port, real_proto; 2266 2267 switch (q.addr) { 2268 2269 case Q_NET: 2270 addr = pcap_nametonetaddr(name); 2271 if (addr == 0) 2272 bpf_error("unknown network '%s'", name); 2273 /* Left justify network addr and calculate its network mask */ 2274 mask = 0xffffffff; 2275 while (addr && (addr & 0xff000000) == 0) { 2276 addr <<= 8; 2277 mask <<= 8; 2278 } 2279 return gen_host(addr, mask, proto, dir); 2280 2281 case Q_DEFAULT: 2282 case Q_HOST: 2283 if (proto == Q_LINK) { 2284 switch (linktype) { 2285 2286 case DLT_EN10MB: 2287 eaddr = pcap_ether_hostton(name); 2288 if (eaddr == NULL) 2289 bpf_error( 2290 "unknown ether host '%s'", name); 2291 return gen_ehostop(eaddr, dir); 2292 2293 case DLT_FDDI: 2294 eaddr = pcap_ether_hostton(name); 2295 if (eaddr == NULL) 2296 bpf_error( 2297 "unknown FDDI host '%s'", name); 2298 return gen_fhostop(eaddr, dir); 2299 2300 case DLT_IEEE802_11: 2301 case DLT_IEEE802_11_RADIO: 2302 eaddr = pcap_ether_hostton(name); 2303 if (eaddr == NULL) 2304 bpf_error( 2305 "unknown 802.11 host '%s'", name); 2306 2307 return gen_p80211_hostop(eaddr, dir); 2308 2309 default: 2310 bpf_error( 2311 "only ethernet/FDDI supports link-level host name"); 2312 break; 2313 } 2314 } else if (proto == Q_DECNET) { 2315 unsigned short dn_addr = __pcap_nametodnaddr(name); 2316 /* 2317 * I don't think DECNET hosts can be multihomed, so 2318 * there is no need to build up a list of addresses 2319 */ 2320 return (gen_host(dn_addr, 0, proto, dir)); 2321 } else { 2322 #ifndef INET6 2323 alist = pcap_nametoaddr(name); 2324 if (alist == NULL || *alist == NULL) 2325 bpf_error("unknown host '%s'", name); 2326 tproto = proto; 2327 if (off_linktype == -1 && tproto == Q_DEFAULT) 2328 tproto = Q_IP; 2329 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2330 while (*alist) { 2331 tmp = gen_host(**alist++, 0xffffffff, 2332 tproto, dir); 2333 gen_or(b, tmp); 2334 b = tmp; 2335 } 2336 return b; 2337 #else 2338 memset(&mask128, 0xff, sizeof(mask128)); 2339 res0 = res = pcap_nametoaddrinfo(name); 2340 if (res == NULL) 2341 bpf_error("unknown host '%s'", name); 2342 b = tmp = NULL; 2343 tproto = tproto6 = proto; 2344 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2345 tproto = Q_IP; 2346 tproto6 = Q_IPV6; 2347 } 2348 for (res = res0; res; res = res->ai_next) { 2349 switch (res->ai_family) { 2350 case AF_INET: 2351 if (tproto == Q_IPV6) 2352 continue; 2353 2354 sin = (struct sockaddr_in *) 2355 res->ai_addr; 2356 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2357 0xffffffff, tproto, dir); 2358 break; 2359 case AF_INET6: 2360 if (tproto6 == Q_IP) 2361 continue; 2362 2363 sin6 = (struct sockaddr_in6 *) 2364 res->ai_addr; 2365 tmp = gen_host6(&sin6->sin6_addr, 2366 &mask128, tproto6, dir); 2367 break; 2368 } 2369 if (b) 2370 gen_or(b, tmp); 2371 b = tmp; 2372 } 2373 freeaddrinfo(res0); 2374 if (b == NULL) { 2375 bpf_error("unknown host '%s'%s", name, 2376 (proto == Q_DEFAULT) 2377 ? "" 2378 : " for specified address family"); 2379 } 2380 return b; 2381 #endif /*INET6*/ 2382 } 2383 2384 case Q_PORT: 2385 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2386 bpf_error("illegal qualifier of 'port'"); 2387 if (pcap_nametoport(name, &port, &real_proto) == 0) 2388 bpf_error("unknown port '%s'", name); 2389 if (proto == Q_UDP) { 2390 if (real_proto == IPPROTO_TCP) 2391 bpf_error("port '%s' is tcp", name); 2392 else 2393 /* override PROTO_UNDEF */ 2394 real_proto = IPPROTO_UDP; 2395 } 2396 if (proto == Q_TCP) { 2397 if (real_proto == IPPROTO_UDP) 2398 bpf_error("port '%s' is udp", name); 2399 else 2400 /* override PROTO_UNDEF */ 2401 real_proto = IPPROTO_TCP; 2402 } 2403 #ifndef INET6 2404 return gen_port(port, real_proto, dir); 2405 #else 2406 { 2407 struct block *b; 2408 b = gen_port(port, real_proto, dir); 2409 gen_or(gen_port6(port, real_proto, dir), b); 2410 return b; 2411 } 2412 #endif /* INET6 */ 2413 2414 case Q_GATEWAY: 2415 #ifndef INET6 2416 eaddr = pcap_ether_hostton(name); 2417 if (eaddr == NULL) 2418 bpf_error("unknown ether host: %s", name); 2419 2420 alist = pcap_nametoaddr(name); 2421 if (alist == NULL || *alist == NULL) 2422 bpf_error("unknown host '%s'", name); 2423 return gen_gateway(eaddr, alist, proto, dir); 2424 #else 2425 bpf_error("'gateway' not supported in this configuration"); 2426 #endif /*INET6*/ 2427 2428 case Q_PROTO: 2429 real_proto = lookup_proto(name, proto); 2430 if (real_proto >= 0) 2431 return gen_proto(real_proto, proto, dir); 2432 else 2433 bpf_error("unknown protocol: %s", name); 2434 2435 case Q_PROTOCHAIN: 2436 real_proto = lookup_proto(name, proto); 2437 if (real_proto >= 0) 2438 return gen_protochain(real_proto, proto, dir); 2439 else 2440 bpf_error("unknown protocol: %s", name); 2441 2442 2443 case Q_UNDEF: 2444 syntax(); 2445 /* NOTREACHED */ 2446 } 2447 abort(); 2448 /* NOTREACHED */ 2449 } 2450 2451 struct block * 2452 gen_mcode(s1, s2, masklen, q) 2453 register const char *s1, *s2; 2454 register int masklen; 2455 struct qual q; 2456 { 2457 register int nlen, mlen; 2458 bpf_u_int32 n, m; 2459 2460 nlen = __pcap_atoin(s1, &n); 2461 /* Promote short ipaddr */ 2462 n <<= 32 - nlen; 2463 2464 if (s2 != NULL) { 2465 mlen = __pcap_atoin(s2, &m); 2466 /* Promote short ipaddr */ 2467 m <<= 32 - mlen; 2468 if ((n & ~m) != 0) 2469 bpf_error("non-network bits set in \"%s mask %s\"", 2470 s1, s2); 2471 } else { 2472 /* Convert mask len to mask */ 2473 if (masklen > 32) 2474 bpf_error("mask length must be <= 32"); 2475 m = 0xffffffff << (32 - masklen); 2476 if ((n & ~m) != 0) 2477 bpf_error("non-network bits set in \"%s/%d\"", 2478 s1, masklen); 2479 } 2480 2481 switch (q.addr) { 2482 2483 case Q_NET: 2484 return gen_host(n, m, q.proto, q.dir); 2485 2486 default: 2487 bpf_error("Mask syntax for networks only"); 2488 /* NOTREACHED */ 2489 } 2490 } 2491 2492 struct block * 2493 gen_ncode(s, v, q) 2494 register const char *s; 2495 bpf_u_int32 v; 2496 struct qual q; 2497 { 2498 bpf_u_int32 mask; 2499 int proto = q.proto; 2500 int dir = q.dir; 2501 register int vlen; 2502 2503 if (s == NULL) 2504 vlen = 32; 2505 else if (q.proto == Q_DECNET) 2506 vlen = __pcap_atodn(s, &v); 2507 else 2508 vlen = __pcap_atoin(s, &v); 2509 2510 switch (q.addr) { 2511 2512 case Q_DEFAULT: 2513 case Q_HOST: 2514 case Q_NET: 2515 if (proto == Q_DECNET) 2516 return gen_host(v, 0, proto, dir); 2517 else if (proto == Q_LINK) { 2518 bpf_error("illegal link layer address"); 2519 } else { 2520 mask = 0xffffffff; 2521 if (s == NULL && q.addr == Q_NET) { 2522 /* Promote short net number */ 2523 while (v && (v & 0xff000000) == 0) { 2524 v <<= 8; 2525 mask <<= 8; 2526 } 2527 } else { 2528 /* Promote short ipaddr */ 2529 v <<= 32 - vlen; 2530 mask <<= 32 - vlen; 2531 } 2532 return gen_host(v, mask, proto, dir); 2533 } 2534 2535 case Q_PORT: 2536 if (proto == Q_UDP) 2537 proto = IPPROTO_UDP; 2538 else if (proto == Q_TCP) 2539 proto = IPPROTO_TCP; 2540 else if (proto == Q_DEFAULT) 2541 proto = PROTO_UNDEF; 2542 else 2543 bpf_error("illegal qualifier of 'port'"); 2544 2545 #ifndef INET6 2546 return gen_port((int)v, proto, dir); 2547 #else 2548 { 2549 struct block *b; 2550 b = gen_port((int)v, proto, dir); 2551 gen_or(gen_port6((int)v, proto, dir), b); 2552 return b; 2553 } 2554 #endif /* INET6 */ 2555 2556 case Q_GATEWAY: 2557 bpf_error("'gateway' requires a name"); 2558 /* NOTREACHED */ 2559 2560 case Q_PROTO: 2561 return gen_proto((int)v, proto, dir); 2562 2563 case Q_PROTOCHAIN: 2564 return gen_protochain((int)v, proto, dir); 2565 2566 case Q_UNDEF: 2567 syntax(); 2568 /* NOTREACHED */ 2569 2570 default: 2571 abort(); 2572 /* NOTREACHED */ 2573 } 2574 /* NOTREACHED */ 2575 } 2576 2577 #ifdef INET6 2578 struct block * 2579 gen_mcode6(s1, s2, masklen, q) 2580 register const char *s1, *s2; 2581 register int masklen; 2582 struct qual q; 2583 { 2584 struct addrinfo *res; 2585 struct in6_addr *addr; 2586 struct in6_addr mask; 2587 struct block *b; 2588 u_int32_t *a, *m; 2589 2590 if (s2) 2591 bpf_error("no mask %s supported", s2); 2592 2593 res = pcap_nametoaddrinfo(s1); 2594 if (!res) 2595 bpf_error("invalid ip6 address %s", s1); 2596 if (res->ai_next) 2597 bpf_error("%s resolved to multiple address", s1); 2598 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2599 2600 if (sizeof(mask) * 8 < masklen) 2601 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2602 memset(&mask, 0, sizeof(mask)); 2603 memset(&mask, 0xff, masklen / 8); 2604 if (masklen % 8) { 2605 mask.s6_addr[masklen / 8] = 2606 (0xff << (8 - masklen % 8)) & 0xff; 2607 } 2608 2609 a = (u_int32_t *)addr; 2610 m = (u_int32_t *)&mask; 2611 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2612 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2613 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2614 } 2615 2616 switch (q.addr) { 2617 2618 case Q_DEFAULT: 2619 case Q_HOST: 2620 if (masklen != 128) 2621 bpf_error("Mask syntax for networks only"); 2622 /* FALLTHROUGH */ 2623 2624 case Q_NET: 2625 b = gen_host6(addr, &mask, q.proto, q.dir); 2626 freeaddrinfo(res); 2627 return b; 2628 2629 default: 2630 bpf_error("invalid qualifier against IPv6 address"); 2631 /* NOTREACHED */ 2632 } 2633 } 2634 #endif /*INET6*/ 2635 2636 struct block * 2637 gen_ecode(eaddr, q) 2638 register const u_char *eaddr; 2639 struct qual q; 2640 { 2641 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2642 if (linktype == DLT_EN10MB) 2643 return gen_ehostop(eaddr, (int)q.dir); 2644 if (linktype == DLT_FDDI) 2645 return gen_fhostop(eaddr, (int)q.dir); 2646 if (linktype == DLT_IEEE802_11 || 2647 linktype == DLT_IEEE802_11_RADIO) 2648 return gen_p80211_hostop(eaddr, (int)q.dir); 2649 } 2650 bpf_error("ethernet address used in non-ether expression"); 2651 /* NOTREACHED */ 2652 } 2653 2654 void 2655 sappend(s0, s1) 2656 struct slist *s0, *s1; 2657 { 2658 /* 2659 * This is definitely not the best way to do this, but the 2660 * lists will rarely get long. 2661 */ 2662 while (s0->next) 2663 s0 = s0->next; 2664 s0->next = s1; 2665 } 2666 2667 static struct slist * 2668 xfer_to_x(a) 2669 struct arth *a; 2670 { 2671 struct slist *s; 2672 2673 s = new_stmt(BPF_LDX|BPF_MEM); 2674 s->s.k = a->regno; 2675 return s; 2676 } 2677 2678 static struct slist * 2679 xfer_to_a(a) 2680 struct arth *a; 2681 { 2682 struct slist *s; 2683 2684 s = new_stmt(BPF_LD|BPF_MEM); 2685 s->s.k = a->regno; 2686 return s; 2687 } 2688 2689 struct arth * 2690 gen_load(proto, index, size) 2691 int proto; 2692 struct arth *index; 2693 int size; 2694 { 2695 struct slist *s, *tmp; 2696 struct block *b; 2697 int regno = alloc_reg(); 2698 2699 free_reg(index->regno); 2700 switch (size) { 2701 2702 default: 2703 bpf_error("data size must be 1, 2, or 4"); 2704 2705 case 1: 2706 size = BPF_B; 2707 break; 2708 2709 case 2: 2710 size = BPF_H; 2711 break; 2712 2713 case 4: 2714 size = BPF_W; 2715 break; 2716 } 2717 switch (proto) { 2718 default: 2719 bpf_error("unsupported index operation"); 2720 2721 case Q_LINK: 2722 s = xfer_to_x(index); 2723 tmp = new_stmt(BPF_LD|BPF_IND|size); 2724 sappend(s, tmp); 2725 sappend(index->s, s); 2726 break; 2727 2728 case Q_IP: 2729 case Q_ARP: 2730 case Q_RARP: 2731 case Q_ATALK: 2732 case Q_DECNET: 2733 case Q_SCA: 2734 case Q_LAT: 2735 case Q_MOPRC: 2736 case Q_MOPDL: 2737 #ifdef INET6 2738 case Q_IPV6: 2739 #endif 2740 /* XXX Note that we assume a fixed link header here. */ 2741 if (variable_nl) { 2742 s = nl2X_stmt(); 2743 sappend(s, xfer_to_a(index)); 2744 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2745 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2746 } else { 2747 s = xfer_to_x(index); 2748 } 2749 tmp = new_stmt(BPF_LD|BPF_IND|size); 2750 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2751 sappend(s, tmp); 2752 sappend(index->s, s); 2753 2754 b = gen_proto_abbrev(proto); 2755 if (index->b) 2756 gen_and(index->b, b); 2757 index->b = b; 2758 break; 2759 2760 case Q_TCP: 2761 case Q_UDP: 2762 case Q_ICMP: 2763 case Q_IGMP: 2764 case Q_IGRP: 2765 case Q_PIM: 2766 s = iphl_to_x(); 2767 sappend(s, xfer_to_a(index)); 2768 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2769 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2770 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2771 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2772 sappend(index->s, s); 2773 2774 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2775 if (index->b) 2776 gen_and(index->b, b); 2777 #ifdef INET6 2778 gen_and(gen_proto_abbrev(Q_IP), b); 2779 #endif 2780 index->b = b; 2781 break; 2782 #ifdef INET6 2783 case Q_ICMPV6: 2784 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2785 /*NOTREACHED*/ 2786 #endif 2787 } 2788 index->regno = regno; 2789 s = new_stmt(BPF_ST); 2790 s->s.k = regno; 2791 sappend(index->s, s); 2792 2793 return index; 2794 } 2795 2796 struct block * 2797 gen_relation(code, a0, a1, reversed) 2798 int code; 2799 struct arth *a0, *a1; 2800 int reversed; 2801 { 2802 struct slist *s0, *s1, *s2; 2803 struct block *b, *tmp; 2804 2805 s0 = xfer_to_x(a1); 2806 s1 = xfer_to_a(a0); 2807 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2808 b = new_block(JMP(code)); 2809 if (code == BPF_JGT || code == BPF_JGE) { 2810 reversed = !reversed; 2811 b->s.k = 0x80000000; 2812 } 2813 if (reversed) 2814 gen_not(b); 2815 2816 sappend(s1, s2); 2817 sappend(s0, s1); 2818 sappend(a1->s, s0); 2819 sappend(a0->s, a1->s); 2820 2821 b->stmts = a0->s; 2822 2823 free_reg(a0->regno); 2824 free_reg(a1->regno); 2825 2826 /* 'and' together protocol checks */ 2827 if (a0->b) { 2828 if (a1->b) { 2829 gen_and(a0->b, tmp = a1->b); 2830 } 2831 else 2832 tmp = a0->b; 2833 } else 2834 tmp = a1->b; 2835 2836 if (tmp) 2837 gen_and(tmp, b); 2838 2839 return b; 2840 } 2841 2842 struct arth * 2843 gen_loadlen() 2844 { 2845 int regno = alloc_reg(); 2846 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2847 struct slist *s; 2848 2849 s = new_stmt(BPF_LD|BPF_LEN); 2850 s->next = new_stmt(BPF_ST); 2851 s->next->s.k = regno; 2852 a->s = s; 2853 a->regno = regno; 2854 2855 return a; 2856 } 2857 2858 struct arth * 2859 gen_loadi(val) 2860 int val; 2861 { 2862 struct arth *a; 2863 struct slist *s; 2864 int reg; 2865 2866 a = (struct arth *)newchunk(sizeof(*a)); 2867 2868 reg = alloc_reg(); 2869 2870 s = new_stmt(BPF_LD|BPF_IMM); 2871 s->s.k = val; 2872 s->next = new_stmt(BPF_ST); 2873 s->next->s.k = reg; 2874 a->s = s; 2875 a->regno = reg; 2876 2877 return a; 2878 } 2879 2880 struct arth * 2881 gen_neg(a) 2882 struct arth *a; 2883 { 2884 struct slist *s; 2885 2886 s = xfer_to_a(a); 2887 sappend(a->s, s); 2888 s = new_stmt(BPF_ALU|BPF_NEG); 2889 s->s.k = 0; 2890 sappend(a->s, s); 2891 s = new_stmt(BPF_ST); 2892 s->s.k = a->regno; 2893 sappend(a->s, s); 2894 2895 return a; 2896 } 2897 2898 struct arth * 2899 gen_arth(code, a0, a1) 2900 int code; 2901 struct arth *a0, *a1; 2902 { 2903 struct slist *s0, *s1, *s2; 2904 2905 s0 = xfer_to_x(a1); 2906 s1 = xfer_to_a(a0); 2907 s2 = new_stmt(BPF_ALU|BPF_X|code); 2908 2909 sappend(s1, s2); 2910 sappend(s0, s1); 2911 sappend(a1->s, s0); 2912 sappend(a0->s, a1->s); 2913 2914 free_reg(a1->regno); 2915 2916 s0 = new_stmt(BPF_ST); 2917 a0->regno = s0->s.k = alloc_reg(); 2918 sappend(a0->s, s0); 2919 2920 return a0; 2921 } 2922 2923 /* 2924 * Here we handle simple allocation of the scratch registers. 2925 * If too many registers are alloc'd, the allocator punts. 2926 */ 2927 static int regused[BPF_MEMWORDS]; 2928 static int curreg; 2929 2930 /* 2931 * Return the next free register. 2932 */ 2933 static int 2934 alloc_reg() 2935 { 2936 int n = BPF_MEMWORDS; 2937 2938 while (--n >= 0) { 2939 if (regused[curreg]) 2940 curreg = (curreg + 1) % BPF_MEMWORDS; 2941 else { 2942 regused[curreg] = 1; 2943 return curreg; 2944 } 2945 } 2946 bpf_error("too many registers needed to evaluate expression"); 2947 /* NOTREACHED */ 2948 } 2949 2950 /* 2951 * Return a register to the table so it can 2952 * be used later. 2953 */ 2954 static void 2955 free_reg(n) 2956 int n; 2957 { 2958 regused[n] = 0; 2959 } 2960 2961 static struct block * 2962 gen_len(jmp, n) 2963 int jmp, n; 2964 { 2965 struct slist *s; 2966 struct block *b; 2967 2968 s = new_stmt(BPF_LD|BPF_LEN); 2969 b = new_block(JMP(jmp)); 2970 b->stmts = s; 2971 b->s.k = n; 2972 2973 return b; 2974 } 2975 2976 struct block * 2977 gen_greater(n) 2978 int n; 2979 { 2980 return gen_len(BPF_JGE, n); 2981 } 2982 2983 struct block * 2984 gen_less(n) 2985 int n; 2986 { 2987 struct block *b; 2988 2989 b = gen_len(BPF_JGT, n); 2990 gen_not(b); 2991 2992 return b; 2993 } 2994 2995 struct block * 2996 gen_byteop(op, idx, val) 2997 int op, idx, val; 2998 { 2999 struct block *b; 3000 struct slist *s; 3001 3002 switch (op) { 3003 default: 3004 abort(); 3005 3006 case '=': 3007 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3008 3009 case '<': 3010 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3011 b->s.code = JMP(BPF_JGE); 3012 gen_not(b); 3013 return b; 3014 3015 case '>': 3016 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3017 b->s.code = JMP(BPF_JGT); 3018 return b; 3019 3020 case '|': 3021 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3022 break; 3023 3024 case '&': 3025 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3026 break; 3027 } 3028 s->s.k = val; 3029 b = new_block(JMP(BPF_JEQ)); 3030 b->stmts = s; 3031 gen_not(b); 3032 3033 return b; 3034 } 3035 3036 struct block * 3037 gen_broadcast(proto) 3038 int proto; 3039 { 3040 bpf_u_int32 hostmask; 3041 struct block *b0, *b1, *b2; 3042 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3043 3044 switch (proto) { 3045 3046 case Q_DEFAULT: 3047 case Q_LINK: 3048 if (linktype == DLT_EN10MB) 3049 return gen_ehostop(ebroadcast, Q_DST); 3050 if (linktype == DLT_FDDI) 3051 return gen_fhostop(ebroadcast, Q_DST); 3052 if (linktype == DLT_IEEE802_11 || 3053 linktype == DLT_IEEE802_11_RADIO) 3054 return gen_p80211_hostop(ebroadcast, Q_DST); 3055 bpf_error("not a broadcast link"); 3056 break; 3057 3058 case Q_IP: 3059 b0 = gen_linktype(ETHERTYPE_IP); 3060 hostmask = ~netmask; 3061 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3062 b2 = gen_mcmp_nl(16, BPF_W, 3063 (bpf_int32)(~0 & hostmask), hostmask); 3064 gen_or(b1, b2); 3065 gen_and(b0, b2); 3066 return b2; 3067 } 3068 bpf_error("only ether/ip broadcast filters supported"); 3069 } 3070 3071 struct block * 3072 gen_multicast(proto) 3073 int proto; 3074 { 3075 register struct block *b0, *b1; 3076 register struct slist *s; 3077 3078 switch (proto) { 3079 3080 case Q_DEFAULT: 3081 case Q_LINK: 3082 if (linktype == DLT_EN10MB) { 3083 /* ether[0] & 1 != 0 */ 3084 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3085 s->s.k = 0; 3086 b0 = new_block(JMP(BPF_JSET)); 3087 b0->s.k = 1; 3088 b0->stmts = s; 3089 return b0; 3090 } 3091 3092 if (linktype == DLT_FDDI) { 3093 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3094 /* fddi[1] & 1 != 0 */ 3095 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3096 s->s.k = 1; 3097 b0 = new_block(JMP(BPF_JSET)); 3098 b0->s.k = 1; 3099 b0->stmts = s; 3100 return b0; 3101 } 3102 /* Link not known to support multicasts */ 3103 break; 3104 3105 case Q_IP: 3106 b0 = gen_linktype(ETHERTYPE_IP); 3107 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3108 b1->s.code = JMP(BPF_JGE); 3109 gen_and(b0, b1); 3110 return b1; 3111 3112 #ifdef INET6 3113 case Q_IPV6: 3114 b0 = gen_linktype(ETHERTYPE_IPV6); 3115 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3116 gen_and(b0, b1); 3117 return b1; 3118 #endif /* INET6 */ 3119 } 3120 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3121 } 3122 3123 /* 3124 * generate command for inbound/outbound. It's here so we can 3125 * make it link-type specific. 'dir' = 0 implies "inbound", 3126 * = 1 implies "outbound". 3127 */ 3128 struct block * 3129 gen_inbound(dir) 3130 int dir; 3131 { 3132 register struct block *b0; 3133 3134 /* 3135 * Only SLIP and old-style PPP data link types support 3136 * inbound/outbound qualifiers. 3137 */ 3138 switch (linktype) { 3139 case DLT_SLIP: 3140 case DLT_PPP: 3141 b0 = gen_relation(BPF_JEQ, 3142 gen_load(Q_LINK, gen_loadi(0), 1), 3143 gen_loadi(0), 3144 dir); 3145 break; 3146 3147 case DLT_PFLOG: 3148 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3149 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3150 break; 3151 3152 default: 3153 bpf_error("inbound/outbound not supported on linktype 0x%x", 3154 linktype); 3155 /* NOTREACHED */ 3156 } 3157 3158 return (b0); 3159 } 3160 3161 3162 /* PF firewall log matched interface */ 3163 struct block * 3164 gen_pf_ifname(char *ifname) 3165 { 3166 struct block *b0; 3167 u_int len, off; 3168 3169 if (linktype == DLT_PFLOG) { 3170 len = sizeof(((struct pfloghdr *)0)->ifname); 3171 off = offsetof(struct pfloghdr, ifname); 3172 } else { 3173 bpf_error("ifname not supported on linktype 0x%x", linktype); 3174 /* NOTREACHED */ 3175 } 3176 if (strlen(ifname) >= len) { 3177 bpf_error("ifname interface names can only be %d characters", 3178 len - 1); 3179 /* NOTREACHED */ 3180 } 3181 b0 = gen_bcmp(off, strlen(ifname), ifname); 3182 return (b0); 3183 } 3184 3185 3186 /* PF firewall log ruleset name */ 3187 struct block * 3188 gen_pf_ruleset(char *ruleset) 3189 { 3190 struct block *b0; 3191 3192 if (linktype != DLT_PFLOG) { 3193 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3194 /* NOTREACHED */ 3195 } 3196 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3197 bpf_error("ruleset names can only be %zu characters", 3198 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3199 /* NOTREACHED */ 3200 } 3201 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3202 strlen(ruleset), ruleset); 3203 return (b0); 3204 } 3205 3206 3207 /* PF firewall log rule number */ 3208 struct block * 3209 gen_pf_rnr(int rnr) 3210 { 3211 struct block *b0; 3212 3213 if (linktype == DLT_PFLOG) { 3214 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3215 (bpf_int32)rnr); 3216 } else { 3217 bpf_error("rnr not supported on linktype 0x%x", linktype); 3218 /* NOTREACHED */ 3219 } 3220 3221 return (b0); 3222 } 3223 3224 3225 /* PF firewall log sub-rule number */ 3226 struct block * 3227 gen_pf_srnr(int srnr) 3228 { 3229 struct block *b0; 3230 3231 if (linktype != DLT_PFLOG) { 3232 bpf_error("srnr not supported on linktype 0x%x", linktype); 3233 /* NOTREACHED */ 3234 } 3235 3236 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3237 (bpf_int32)srnr); 3238 return (b0); 3239 } 3240 3241 /* PF firewall log reason code */ 3242 struct block * 3243 gen_pf_reason(int reason) 3244 { 3245 struct block *b0; 3246 3247 if (linktype == DLT_PFLOG) { 3248 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3249 (bpf_int32)reason); 3250 } else { 3251 bpf_error("reason not supported on linktype 0x%x", linktype); 3252 /* NOTREACHED */ 3253 } 3254 3255 return (b0); 3256 } 3257 3258 /* PF firewall log action */ 3259 struct block * 3260 gen_pf_action(int action) 3261 { 3262 struct block *b0; 3263 3264 if (linktype == DLT_PFLOG) { 3265 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3266 (bpf_int32)action); 3267 } else { 3268 bpf_error("action not supported on linktype 0x%x", linktype); 3269 /* NOTREACHED */ 3270 } 3271 3272 return (b0); 3273 } 3274 3275 /* IEEE 802.11 wireless header */ 3276 struct block * 3277 gen_p80211_type(int type, int mask) 3278 { 3279 struct block *b0; 3280 u_int offset; 3281 3282 if (!(linktype == DLT_IEEE802_11 || 3283 linktype == DLT_IEEE802_11_RADIO)) { 3284 bpf_error("type not supported on linktype 0x%x", 3285 linktype); 3286 /* NOTREACHED */ 3287 } 3288 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3289 if (linktype == DLT_IEEE802_11_RADIO) 3290 offset += IEEE80211_RADIOTAP_HDRLEN; 3291 3292 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3293 3294 return (b0); 3295 } 3296 3297 static struct block * 3298 gen_ahostop(eaddr, dir) 3299 register const u_char *eaddr; 3300 register int dir; 3301 { 3302 register struct block *b0, *b1; 3303 3304 switch (dir) { 3305 /* src comes first, different from Ethernet */ 3306 case Q_SRC: 3307 return gen_bcmp(0, 1, eaddr); 3308 3309 case Q_DST: 3310 return gen_bcmp(1, 1, eaddr); 3311 3312 case Q_AND: 3313 b0 = gen_ahostop(eaddr, Q_SRC); 3314 b1 = gen_ahostop(eaddr, Q_DST); 3315 gen_and(b0, b1); 3316 return b1; 3317 3318 case Q_DEFAULT: 3319 case Q_OR: 3320 b0 = gen_ahostop(eaddr, Q_SRC); 3321 b1 = gen_ahostop(eaddr, Q_DST); 3322 gen_or(b0, b1); 3323 return b1; 3324 } 3325 abort(); 3326 /* NOTREACHED */ 3327 } 3328 3329 struct block * 3330 gen_acode(eaddr, q) 3331 register const u_char *eaddr; 3332 struct qual q; 3333 { 3334 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3335 if (linktype == DLT_ARCNET) 3336 return gen_ahostop(eaddr, (int)q.dir); 3337 } 3338 bpf_error("ARCnet address used in non-arc expression"); 3339 /* NOTREACHED */ 3340 } 3341 3342 /* 3343 * support IEEE 802.1Q VLAN trunk over ethernet 3344 */ 3345 struct block * 3346 gen_vlan(vlan_num) 3347 int vlan_num; 3348 { 3349 struct block *b0; 3350 3351 if (variable_nl) { 3352 bpf_error("'vlan' not supported for variable DLTs"); 3353 /*NOTREACHED*/ 3354 } 3355 3356 /* 3357 * Change the offsets to point to the type and data fields within 3358 * the VLAN packet. This is somewhat of a kludge. 3359 */ 3360 if (orig_nl == (u_int)-1) { 3361 orig_linktype = off_linktype; /* save original values */ 3362 orig_nl = off_nl; 3363 orig_nl_nosnap = off_nl_nosnap; 3364 3365 switch (linktype) { 3366 3367 case DLT_EN10MB: 3368 off_linktype = 16; 3369 off_nl_nosnap = 18; 3370 off_nl = 18; 3371 break; 3372 3373 default: 3374 bpf_error("no VLAN support for data link type %d", 3375 linktype); 3376 /*NOTREACHED*/ 3377 } 3378 } 3379 3380 /* check for VLAN */ 3381 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3382 3383 /* If a specific VLAN is requested, check VLAN id */ 3384 if (vlan_num >= 0) { 3385 struct block *b1; 3386 3387 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3388 gen_and(b0, b1); 3389 b0 = b1; 3390 } 3391 3392 return (b0); 3393 } 3394 3395 struct block * 3396 gen_p80211_fcdir(int fcdir) 3397 { 3398 struct block *b0; 3399 u_int offset; 3400 3401 if (!(linktype == DLT_IEEE802_11 || 3402 linktype == DLT_IEEE802_11_RADIO)) { 3403 bpf_error("frame direction not supported on linktype 0x%x", 3404 linktype); 3405 /* NOTREACHED */ 3406 } 3407 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3408 if (linktype == DLT_IEEE802_11_RADIO) 3409 offset += IEEE80211_RADIOTAP_HDRLEN; 3410 3411 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3412 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3413 3414 return (b0); 3415 } 3416 3417 static struct block * 3418 gen_p80211_hostop(const u_char *lladdr, int dir) 3419 { 3420 struct block *b0, *b1, *b2, *b3, *b4; 3421 u_int offset = 0; 3422 3423 if (linktype == DLT_IEEE802_11_RADIO) 3424 offset = IEEE80211_RADIOTAP_HDRLEN; 3425 3426 switch (dir) { 3427 case Q_SRC: 3428 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3429 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3430 lladdr); 3431 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3432 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3433 lladdr); 3434 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3435 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3436 lladdr); 3437 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3438 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3439 lladdr); 3440 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3441 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3442 lladdr); 3443 3444 gen_or(b0, b1); 3445 gen_or(b1, b2); 3446 gen_or(b2, b3); 3447 gen_or(b3, b4); 3448 return (b4); 3449 3450 case Q_DST: 3451 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3452 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3453 lladdr); 3454 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3455 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3456 lladdr); 3457 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3458 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3459 lladdr); 3460 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3461 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3462 lladdr); 3463 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3464 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3465 lladdr); 3466 3467 gen_or(b0, b1); 3468 gen_or(b1, b2); 3469 gen_or(b2, b3); 3470 gen_or(b3, b4); 3471 return (b4); 3472 3473 case Q_ADDR1: 3474 return (gen_bcmp(offset + 3475 (u_int)offsetof(struct ieee80211_frame, 3476 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3477 3478 case Q_ADDR2: 3479 return (gen_bcmp(offset + 3480 (u_int)offsetof(struct ieee80211_frame, 3481 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3482 3483 case Q_ADDR3: 3484 return (gen_bcmp(offset + 3485 (u_int)offsetof(struct ieee80211_frame, 3486 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3487 3488 case Q_ADDR4: 3489 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3490 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3491 lladdr)); 3492 3493 case Q_AND: 3494 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3495 b1 = gen_p80211_hostop(lladdr, Q_DST); 3496 gen_and(b0, b1); 3497 return (b1); 3498 3499 case Q_DEFAULT: 3500 case Q_OR: 3501 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3502 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3503 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3504 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3505 gen_or(b0, b1); 3506 gen_or(b1, b2); 3507 gen_or(b2, b3); 3508 return (b3); 3509 3510 default: 3511 bpf_error("direction not supported on linktype 0x%x", 3512 linktype); 3513 } 3514 /* NOTREACHED */ 3515 } 3516 3517 static struct block * 3518 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3519 { 3520 struct block *b0, *b1; 3521 3522 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3523 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3524 gen_and(b0, b1); 3525 3526 return (b1); 3527 } 3528