1 /* $OpenBSD: gencode.c,v 1.58 2021/12/01 18:28:45 deraadt Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/param.h> /* ALIGN */ 25 #include <sys/types.h> 26 #include <sys/socket.h> 27 #include <sys/time.h> 28 29 #include <net/if.h> 30 31 #include <netinet/in.h> 32 #include <netinet/if_ether.h> 33 34 #include <net/if_pflog.h> 35 #include <net/pfvar.h> 36 37 #include <netmpls/mpls.h> 38 39 #include <net80211/ieee80211.h> 40 #include <net80211/ieee80211_radiotap.h> 41 42 #include <stdlib.h> 43 #include <stddef.h> 44 #include <setjmp.h> 45 #include <stdarg.h> 46 #include <string.h> 47 48 #include "pcap-int.h" 49 50 #include "ethertype.h" 51 #include "llc.h" 52 #include "gencode.h" 53 #include "ppp.h" 54 #include <pcap-namedb.h> 55 #ifdef INET6 56 #include <netdb.h> 57 #endif /*INET6*/ 58 59 #ifdef HAVE_OS_PROTO_H 60 #include "os-proto.h" 61 #endif 62 63 #define JMP(c) ((c)|BPF_JMP|BPF_K) 64 65 /* Locals */ 66 static jmp_buf top_ctx; 67 static pcap_t *bpf_pcap; 68 69 /* Hack for updating VLAN offsets. */ 70 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 71 static u_int mpls_stack = 0; 72 73 /* XXX */ 74 #ifdef PCAP_FDDIPAD 75 int pcap_fddipad = PCAP_FDDIPAD; 76 #else 77 int pcap_fddipad; 78 #endif 79 80 __dead void 81 bpf_error(const char *fmt, ...) 82 { 83 va_list ap; 84 85 va_start(ap, fmt); 86 if (bpf_pcap != NULL) 87 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 88 fmt, ap); 89 va_end(ap); 90 longjmp(top_ctx, 1); 91 /* NOTREACHED */ 92 } 93 94 static void init_linktype(int); 95 96 static int alloc_reg(void); 97 static void free_reg(int); 98 99 static struct block *root; 100 101 /* initialization code used for variable link header */ 102 static struct slist *init_code = NULL; 103 104 /* Flags and registers for variable link type handling */ 105 static int variable_nl; 106 static int nl_reg, iphl_reg; 107 108 /* 109 * We divy out chunks of memory rather than call malloc each time so 110 * we don't have to worry about leaking memory. It's probably 111 * not a big deal if all this memory was wasted but it this ever 112 * goes into a library that would probably not be a good idea. 113 */ 114 #define NCHUNKS 16 115 #define CHUNK0SIZE 1024 116 struct chunk { 117 u_int n_left; 118 void *m; 119 }; 120 121 static struct chunk chunks[NCHUNKS]; 122 static int cur_chunk; 123 124 static void *newchunk(u_int); 125 static void freechunks(void); 126 static __inline struct block *new_block(int); 127 static __inline struct slist *new_stmt(int); 128 static struct block *gen_retblk(int); 129 static __inline void syntax(void); 130 131 static void backpatch(struct block *, struct block *); 132 static void merge(struct block *, struct block *); 133 static struct block *gen_cmp(u_int, u_int, bpf_int32); 134 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 135 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 136 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 137 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 138 static struct block *gen_bcmp(u_int, u_int, const u_char *); 139 static struct block *gen_uncond(int); 140 static __inline struct block *gen_true(void); 141 static __inline struct block *gen_false(void); 142 static struct block *gen_linktype(int); 143 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 144 #ifdef INET6 145 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 146 #endif 147 static struct block *gen_ehostop(const u_char *, int); 148 static struct block *gen_fhostop(const u_char *, int); 149 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 150 static struct block *gen_p80211_hostop(const u_char *, int); 151 static struct block *gen_p80211_addr(int, u_int, const u_char *); 152 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 153 #ifdef INET6 154 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 155 #endif 156 #ifndef INET6 157 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 158 #endif 159 static struct block *gen_ipfrag(void); 160 static struct block *gen_portatom(int, bpf_int32); 161 #ifdef INET6 162 static struct block *gen_portatom6(int, bpf_int32); 163 #endif 164 struct block *gen_portop(int, int, int); 165 static struct block *gen_port(int, int, int); 166 #ifdef INET6 167 struct block *gen_portop6(int, int, int); 168 static struct block *gen_port6(int, int, int); 169 #endif 170 static int lookup_proto(const char *, int); 171 static struct block *gen_protochain(int, int, int); 172 static struct block *gen_proto(int, int, int); 173 static struct slist *xfer_to_x(struct arth *); 174 static struct slist *xfer_to_a(struct arth *); 175 static struct block *gen_len(int, int); 176 177 static void * 178 newchunk(n) 179 u_int n; 180 { 181 struct chunk *cp; 182 int k, size; 183 184 /* XXX Round to structure boundary. */ 185 n = ALIGN(n); 186 187 cp = &chunks[cur_chunk]; 188 if (n > cp->n_left) { 189 ++cp, k = ++cur_chunk; 190 if (k >= NCHUNKS) 191 bpf_error("out of memory"); 192 size = CHUNK0SIZE << k; 193 cp->m = calloc(1, size); 194 if (cp->m == NULL) 195 bpf_error("out of memory"); 196 197 cp->n_left = size; 198 if (n > size) 199 bpf_error("out of memory"); 200 } 201 cp->n_left -= n; 202 return (void *)((char *)cp->m + cp->n_left); 203 } 204 205 static void 206 freechunks() 207 { 208 int i; 209 210 cur_chunk = 0; 211 for (i = 0; i < NCHUNKS; ++i) { 212 free(chunks[i].m); 213 chunks[i].m = NULL; 214 } 215 } 216 217 /* 218 * A strdup whose allocations are freed after code generation is over. 219 */ 220 char * 221 sdup(s) 222 const char *s; 223 { 224 int n = strlen(s) + 1; 225 char *cp = newchunk(n); 226 227 strlcpy(cp, s, n); 228 return (cp); 229 } 230 231 static __inline struct block * 232 new_block(code) 233 int code; 234 { 235 struct block *p; 236 237 p = (struct block *)newchunk(sizeof(*p)); 238 p->s.code = code; 239 p->head = p; 240 241 return p; 242 } 243 244 static __inline struct slist * 245 new_stmt(code) 246 int code; 247 { 248 struct slist *p; 249 250 p = (struct slist *)newchunk(sizeof(*p)); 251 p->s.code = code; 252 253 return p; 254 } 255 256 static struct block * 257 gen_retblk(v) 258 int v; 259 { 260 struct block *b = new_block(BPF_RET|BPF_K); 261 262 b->s.k = v; 263 return b; 264 } 265 266 static __inline void 267 syntax() 268 { 269 bpf_error("syntax error in filter expression"); 270 } 271 272 static bpf_u_int32 netmask; 273 static int snaplen; 274 int no_optimize; 275 276 int 277 pcap_compile(pcap_t *p, struct bpf_program *program, 278 const char *buf, int optimize, bpf_u_int32 mask) 279 { 280 extern int n_errors; 281 int len; 282 283 no_optimize = 0; 284 n_errors = 0; 285 root = NULL; 286 bpf_pcap = p; 287 if (setjmp(top_ctx)) { 288 freechunks(); 289 return (-1); 290 } 291 292 netmask = mask; 293 snaplen = pcap_snapshot(p); 294 295 lex_init(buf ? buf : ""); 296 init_linktype(pcap_datalink(p)); 297 (void)pcap_parse(); 298 299 if (n_errors) 300 syntax(); 301 302 if (root == NULL) 303 root = gen_retblk(snaplen); 304 305 if (optimize && !no_optimize) { 306 bpf_optimize(&root); 307 if (root == NULL || 308 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 309 bpf_error("expression rejects all packets"); 310 } 311 program->bf_insns = icode_to_fcode(root, &len); 312 program->bf_len = len; 313 314 freechunks(); 315 return (0); 316 } 317 318 /* 319 * entry point for using the compiler with no pcap open 320 * pass in all the stuff that is needed explicitly instead. 321 */ 322 int 323 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 324 struct bpf_program *program, 325 const char *buf, int optimize, bpf_u_int32 mask) 326 { 327 extern int n_errors; 328 int len; 329 330 n_errors = 0; 331 root = NULL; 332 bpf_pcap = NULL; 333 if (setjmp(top_ctx)) { 334 freechunks(); 335 return (-1); 336 } 337 338 netmask = mask; 339 340 /* XXX needed? I don't grok the use of globals here. */ 341 snaplen = snaplen_arg; 342 343 lex_init(buf ? buf : ""); 344 init_linktype(linktype_arg); 345 (void)pcap_parse(); 346 347 if (n_errors) 348 syntax(); 349 350 if (root == NULL) 351 root = gen_retblk(snaplen_arg); 352 353 if (optimize) { 354 bpf_optimize(&root); 355 if (root == NULL || 356 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 357 bpf_error("expression rejects all packets"); 358 } 359 program->bf_insns = icode_to_fcode(root, &len); 360 program->bf_len = len; 361 362 freechunks(); 363 return (0); 364 } 365 366 /* 367 * Clean up a "struct bpf_program" by freeing all the memory allocated 368 * in it. 369 */ 370 void 371 pcap_freecode(struct bpf_program *program) 372 { 373 program->bf_len = 0; 374 if (program->bf_insns != NULL) { 375 free((char *)program->bf_insns); 376 program->bf_insns = NULL; 377 } 378 } 379 380 /* 381 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 382 * which of the jt and jf fields has been resolved and which is a pointer 383 * back to another unresolved block (or nil). At least one of the fields 384 * in each block is already resolved. 385 */ 386 static void 387 backpatch(list, target) 388 struct block *list, *target; 389 { 390 struct block *next; 391 392 while (list) { 393 if (!list->sense) { 394 next = JT(list); 395 JT(list) = target; 396 } else { 397 next = JF(list); 398 JF(list) = target; 399 } 400 list = next; 401 } 402 } 403 404 /* 405 * Merge the lists in b0 and b1, using the 'sense' field to indicate 406 * which of jt and jf is the link. 407 */ 408 static void 409 merge(b0, b1) 410 struct block *b0, *b1; 411 { 412 struct block **p = &b0; 413 414 /* Find end of list. */ 415 while (*p) 416 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 417 418 /* Concatenate the lists. */ 419 *p = b1; 420 } 421 422 void 423 finish_parse(p) 424 struct block *p; 425 { 426 backpatch(p, gen_retblk(snaplen)); 427 p->sense = !p->sense; 428 backpatch(p, gen_retblk(0)); 429 root = p->head; 430 431 /* prepend initialization code to root */ 432 if (init_code != NULL && root != NULL) { 433 sappend(init_code, root->stmts); 434 root->stmts = init_code; 435 init_code = NULL; 436 } 437 438 if (iphl_reg != -1) { 439 free_reg(iphl_reg); 440 iphl_reg = -1; 441 } 442 if (nl_reg != -1) { 443 free_reg(nl_reg); 444 nl_reg = -1; 445 } 446 } 447 448 void 449 gen_and(b0, b1) 450 struct block *b0, *b1; 451 { 452 backpatch(b0, b1->head); 453 b0->sense = !b0->sense; 454 b1->sense = !b1->sense; 455 merge(b1, b0); 456 b1->sense = !b1->sense; 457 b1->head = b0->head; 458 } 459 460 void 461 gen_or(b0, b1) 462 struct block *b0, *b1; 463 { 464 b0->sense = !b0->sense; 465 backpatch(b0, b1->head); 466 b0->sense = !b0->sense; 467 merge(b1, b0); 468 b1->head = b0->head; 469 } 470 471 void 472 gen_not(b) 473 struct block *b; 474 { 475 b->sense = !b->sense; 476 } 477 478 static struct block * 479 gen_cmp(offset, size, v) 480 u_int offset, size; 481 bpf_int32 v; 482 { 483 struct slist *s; 484 struct block *b; 485 486 s = new_stmt(BPF_LD|BPF_ABS|size); 487 s->s.k = offset; 488 489 b = new_block(JMP(BPF_JEQ)); 490 b->stmts = s; 491 b->s.k = v; 492 493 return b; 494 } 495 496 static struct block * 497 gen_cmp_gt(offset, size, v) 498 u_int offset, size; 499 bpf_int32 v; 500 { 501 struct slist *s; 502 struct block *b; 503 504 s = new_stmt(BPF_LD|BPF_ABS|size); 505 s->s.k = offset; 506 507 b = new_block(JMP(BPF_JGT)); 508 b->stmts = s; 509 b->s.k = v; 510 511 return b; 512 } 513 514 static struct block * 515 gen_mcmp(offset, size, v, mask) 516 u_int offset, size; 517 bpf_int32 v; 518 bpf_u_int32 mask; 519 { 520 struct block *b = gen_cmp(offset, size, v); 521 struct slist *s; 522 523 if (mask != 0xffffffff) { 524 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 525 s->s.k = mask; 526 sappend(b->stmts, s); 527 } 528 return b; 529 } 530 531 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 532 static struct block * 533 gen_mcmp_nl(offset, size, v, mask) 534 u_int offset, size; 535 bpf_int32 v; 536 bpf_u_int32 mask; 537 { 538 struct block *b = gen_cmp_nl(offset, size, v); 539 struct slist *s; 540 541 if (mask != 0xffffffff) { 542 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 543 s->s.k = mask; 544 sappend(b->stmts, s); 545 } 546 return b; 547 } 548 549 static struct block * 550 gen_bcmp(offset, size, v) 551 u_int offset, size; 552 const u_char *v; 553 { 554 struct block *b, *tmp; 555 556 b = NULL; 557 while (size >= 4) { 558 const u_char *p = &v[size - 4]; 559 bpf_int32 w = ((bpf_int32)p[0] << 24) | 560 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 561 562 tmp = gen_cmp(offset + size - 4, BPF_W, w); 563 if (b != NULL) 564 gen_and(b, tmp); 565 b = tmp; 566 size -= 4; 567 } 568 while (size >= 2) { 569 const u_char *p = &v[size - 2]; 570 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 571 572 tmp = gen_cmp(offset + size - 2, BPF_H, w); 573 if (b != NULL) 574 gen_and(b, tmp); 575 b = tmp; 576 size -= 2; 577 } 578 if (size > 0) { 579 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 580 if (b != NULL) 581 gen_and(b, tmp); 582 b = tmp; 583 } 584 return b; 585 } 586 587 /* 588 * Various code constructs need to know the layout of the data link 589 * layer. These variables give the necessary offsets. off_linktype 590 * is set to -1 for no encapsulation, in which case, IP is assumed. 591 */ 592 static u_int off_linktype; 593 static u_int off_nl; 594 static u_int off_nl_nosnap; 595 596 static int linktype; 597 598 /* Generate code to load the dynamic 'off_nl' to the X register */ 599 static struct slist * 600 nl2X_stmt(void) 601 { 602 struct slist *s, *tmp; 603 604 if (nl_reg == -1) { 605 switch (linktype) { 606 case DLT_PFLOG: 607 /* The pflog header contains PFLOG_REAL_HDRLEN 608 which does NOT include the padding. Round 609 up to the nearest dword boundary */ 610 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 611 s->s.k = 0; 612 613 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 614 tmp->s.k = 3; 615 sappend(s, tmp); 616 617 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 618 tmp->s.k = 0xfc; 619 sappend(s, tmp); 620 621 nl_reg = alloc_reg(); 622 tmp = new_stmt(BPF_ST); 623 tmp->s.k = nl_reg; 624 sappend(s, tmp); 625 626 break; 627 default: 628 bpf_error("Unknown header size for link type 0x%x", 629 linktype); 630 } 631 632 if (init_code == NULL) 633 init_code = s; 634 else 635 sappend(init_code, s); 636 } 637 638 s = new_stmt(BPF_LDX|BPF_MEM); 639 s->s.k = nl_reg; 640 641 return s; 642 } 643 644 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 645 static struct block * 646 gen_cmp_nl(offset, size, v) 647 u_int offset, size; 648 bpf_int32 v; 649 { 650 struct slist *s, *tmp; 651 struct block *b; 652 653 if (variable_nl) { 654 s = nl2X_stmt(); 655 tmp = new_stmt(BPF_LD|BPF_IND|size); 656 tmp->s.k = offset; 657 sappend(s, tmp); 658 } else { 659 s = new_stmt(BPF_LD|BPF_ABS|size); 660 s->s.k = offset + off_nl; 661 } 662 b = new_block(JMP(BPF_JEQ)); 663 b->stmts = s; 664 b->s.k = v; 665 666 return b; 667 } 668 669 static void 670 init_linktype(type) 671 int type; 672 { 673 linktype = type; 674 init_code = NULL; 675 nl_reg = iphl_reg = -1; 676 677 switch (type) { 678 679 case DLT_EN10MB: 680 off_linktype = 12; 681 off_nl = 14; 682 return; 683 684 case DLT_SLIP: 685 /* 686 * SLIP doesn't have a link level type. The 16 byte 687 * header is hacked into our SLIP driver. 688 */ 689 off_linktype = -1; 690 off_nl = 16; 691 return; 692 693 case DLT_SLIP_BSDOS: 694 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 695 off_linktype = -1; 696 /* XXX end */ 697 off_nl = 24; 698 return; 699 700 case DLT_NULL: 701 off_linktype = 0; 702 off_nl = 4; 703 return; 704 705 case DLT_PPP: 706 off_linktype = 2; 707 off_nl = 4; 708 return; 709 710 case DLT_PPP_SERIAL: 711 off_linktype = -1; 712 off_nl = 2; 713 return; 714 715 case DLT_PPP_ETHER: 716 /* 717 * This does not include the Ethernet header, and 718 * only covers session state. 719 */ 720 off_linktype = 6; 721 off_nl = 8; 722 return; 723 724 case DLT_PPP_BSDOS: 725 off_linktype = 5; 726 off_nl = 24; 727 return; 728 729 case DLT_FDDI: 730 /* 731 * FDDI doesn't really have a link-level type field. 732 * We assume that SSAP = SNAP is being used and pick 733 * out the encapsulated Ethernet type. 734 */ 735 off_linktype = 19; 736 #ifdef PCAP_FDDIPAD 737 off_linktype += pcap_fddipad; 738 #endif 739 off_nl = 21; 740 #ifdef PCAP_FDDIPAD 741 off_nl += pcap_fddipad; 742 #endif 743 return; 744 745 case DLT_IEEE802: 746 off_linktype = 20; 747 off_nl = 22; 748 return; 749 750 case DLT_IEEE802_11: 751 off_linktype = 30; /* XXX variable */ 752 off_nl = 32; 753 return; 754 755 case DLT_IEEE802_11_RADIO: /* XXX variable */ 756 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 757 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 758 return; 759 760 case DLT_ATM_RFC1483: 761 /* 762 * assume routed, non-ISO PDUs 763 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 764 */ 765 off_linktype = 6; 766 off_nl = 8; 767 return; 768 769 case DLT_LOOP: 770 off_linktype = 0; 771 off_nl = 4; 772 return; 773 774 case DLT_ENC: 775 off_linktype = -1; 776 off_nl = 12; 777 return; 778 779 case DLT_PFLOG: 780 off_linktype = 0; 781 variable_nl = 1; 782 off_nl = 0; 783 return; 784 785 case DLT_PFSYNC: 786 off_linktype = -1; 787 off_nl = 4; 788 return; 789 790 case DLT_OPENFLOW: 791 off_linktype = -1; 792 off_nl = 12; 793 return; 794 795 case DLT_USBPCAP: 796 /* FALLTHROUGH */ 797 case DLT_RAW: 798 off_linktype = -1; 799 off_nl = 0; 800 return; 801 } 802 bpf_error("unknown data link type 0x%x", linktype); 803 /* NOTREACHED */ 804 } 805 806 static struct block * 807 gen_uncond(rsense) 808 int rsense; 809 { 810 struct block *b; 811 struct slist *s; 812 813 s = new_stmt(BPF_LD|BPF_IMM); 814 s->s.k = !rsense; 815 b = new_block(JMP(BPF_JEQ)); 816 b->stmts = s; 817 818 return b; 819 } 820 821 static __inline struct block * 822 gen_true() 823 { 824 return gen_uncond(1); 825 } 826 827 static __inline struct block * 828 gen_false() 829 { 830 return gen_uncond(0); 831 } 832 833 static struct block * 834 gen_linktype(proto) 835 int proto; 836 { 837 struct block *b0, *b1; 838 839 /* If we're not using encapsulation and checking for IP, we're done */ 840 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP) 841 return gen_true(); 842 #ifdef INET6 843 /* this isn't the right thing to do, but sometimes necessary */ 844 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6) 845 return gen_true(); 846 #endif 847 848 switch (linktype) { 849 850 case DLT_EN10MB: 851 if (proto <= ETHERMTU) { 852 /* This is an LLC SAP value */ 853 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 854 gen_not(b0); 855 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 856 gen_and(b0, b1); 857 return b1; 858 } else { 859 /* This is an Ethernet type */ 860 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 861 } 862 break; 863 864 case DLT_SLIP: 865 return gen_false(); 866 867 case DLT_PPP: 868 case DLT_PPP_ETHER: 869 if (proto == ETHERTYPE_IP) 870 proto = PPP_IP; /* XXX was 0x21 */ 871 #ifdef INET6 872 else if (proto == ETHERTYPE_IPV6) 873 proto = PPP_IPV6; 874 #endif 875 break; 876 877 case DLT_PPP_BSDOS: 878 switch (proto) { 879 880 case ETHERTYPE_IP: 881 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 882 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 883 gen_or(b0, b1); 884 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 885 gen_or(b1, b0); 886 return b0; 887 888 #ifdef INET6 889 case ETHERTYPE_IPV6: 890 proto = PPP_IPV6; 891 /* more to go? */ 892 break; 893 #endif /* INET6 */ 894 895 case ETHERTYPE_DN: 896 proto = PPP_DECNET; 897 break; 898 899 case ETHERTYPE_ATALK: 900 proto = PPP_APPLE; 901 break; 902 903 case ETHERTYPE_NS: 904 proto = PPP_NS; 905 break; 906 } 907 break; 908 909 case DLT_LOOP: 910 case DLT_ENC: 911 case DLT_NULL: 912 { 913 int v; 914 915 if (proto == ETHERTYPE_IP) 916 v = AF_INET; 917 #ifdef INET6 918 else if (proto == ETHERTYPE_IPV6) 919 v = AF_INET6; 920 #endif /* INET6 */ 921 else 922 return gen_false(); 923 924 /* 925 * For DLT_NULL, the link-layer header is a 32-bit word 926 * containing an AF_ value in *host* byte order, and for 927 * DLT_ENC, the link-layer header begins with a 32-bit 928 * word containing an AF_ value in host byte order. 929 * 930 * For DLT_LOOP, the link-layer header is a 32-bit 931 * word containing an AF_ value in *network* byte order. 932 */ 933 if (linktype != DLT_LOOP) 934 v = htonl(v); 935 936 return (gen_cmp(0, BPF_W, (bpf_int32)v)); 937 break; 938 } 939 case DLT_PFLOG: 940 if (proto == ETHERTYPE_IP) 941 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 942 (bpf_int32)AF_INET)); 943 #ifdef INET6 944 else if (proto == ETHERTYPE_IPV6) 945 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 946 (bpf_int32)AF_INET6)); 947 #endif /* INET6 */ 948 else 949 return gen_false(); 950 break; 951 952 } 953 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 954 } 955 956 static struct block * 957 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 958 bpf_u_int32 addr; 959 bpf_u_int32 mask; 960 int dir, proto; 961 u_int src_off, dst_off; 962 { 963 struct block *b0, *b1; 964 u_int offset; 965 966 switch (dir) { 967 968 case Q_SRC: 969 offset = src_off; 970 break; 971 972 case Q_DST: 973 offset = dst_off; 974 break; 975 976 case Q_AND: 977 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 978 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 979 gen_and(b0, b1); 980 return b1; 981 982 case Q_OR: 983 case Q_DEFAULT: 984 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 985 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 986 gen_or(b0, b1); 987 return b1; 988 989 default: 990 bpf_error("direction not supported on linktype 0x%x", 991 linktype); 992 } 993 b0 = gen_linktype(proto); 994 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 995 gen_and(b0, b1); 996 return b1; 997 } 998 999 #ifdef INET6 1000 static struct block * 1001 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 1002 struct in6_addr *addr; 1003 struct in6_addr *mask; 1004 int dir, proto; 1005 u_int src_off, dst_off; 1006 { 1007 struct block *b0, *b1; 1008 u_int offset; 1009 u_int32_t *a, *m; 1010 1011 switch (dir) { 1012 1013 case Q_SRC: 1014 offset = src_off; 1015 break; 1016 1017 case Q_DST: 1018 offset = dst_off; 1019 break; 1020 1021 case Q_AND: 1022 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1023 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1024 gen_and(b0, b1); 1025 return b1; 1026 1027 case Q_OR: 1028 case Q_DEFAULT: 1029 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1030 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1031 gen_or(b0, b1); 1032 return b1; 1033 1034 default: 1035 bpf_error("direction not supported on linktype 0x%x", 1036 linktype); 1037 } 1038 /* this order is important */ 1039 a = (u_int32_t *)addr; 1040 m = (u_int32_t *)mask; 1041 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1042 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1043 gen_and(b0, b1); 1044 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1045 gen_and(b0, b1); 1046 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1047 gen_and(b0, b1); 1048 b0 = gen_linktype(proto); 1049 gen_and(b0, b1); 1050 return b1; 1051 } 1052 #endif /*INET6*/ 1053 1054 static struct block * 1055 gen_ehostop(eaddr, dir) 1056 const u_char *eaddr; 1057 int dir; 1058 { 1059 struct block *b0, *b1; 1060 1061 switch (dir) { 1062 case Q_SRC: 1063 return gen_bcmp(6, 6, eaddr); 1064 1065 case Q_DST: 1066 return gen_bcmp(0, 6, eaddr); 1067 1068 case Q_AND: 1069 b0 = gen_ehostop(eaddr, Q_SRC); 1070 b1 = gen_ehostop(eaddr, Q_DST); 1071 gen_and(b0, b1); 1072 return b1; 1073 1074 case Q_DEFAULT: 1075 case Q_OR: 1076 b0 = gen_ehostop(eaddr, Q_SRC); 1077 b1 = gen_ehostop(eaddr, Q_DST); 1078 gen_or(b0, b1); 1079 return b1; 1080 default: 1081 bpf_error("direction not supported on linktype 0x%x", 1082 linktype); 1083 } 1084 /* NOTREACHED */ 1085 } 1086 1087 /* 1088 * Like gen_ehostop, but for DLT_FDDI 1089 */ 1090 static struct block * 1091 gen_fhostop(eaddr, dir) 1092 const u_char *eaddr; 1093 int dir; 1094 { 1095 struct block *b0, *b1; 1096 1097 switch (dir) { 1098 case Q_SRC: 1099 #ifdef PCAP_FDDIPAD 1100 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1101 #else 1102 return gen_bcmp(6 + 1, 6, eaddr); 1103 #endif 1104 1105 case Q_DST: 1106 #ifdef PCAP_FDDIPAD 1107 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1108 #else 1109 return gen_bcmp(0 + 1, 6, eaddr); 1110 #endif 1111 1112 case Q_AND: 1113 b0 = gen_fhostop(eaddr, Q_SRC); 1114 b1 = gen_fhostop(eaddr, Q_DST); 1115 gen_and(b0, b1); 1116 return b1; 1117 1118 case Q_DEFAULT: 1119 case Q_OR: 1120 b0 = gen_fhostop(eaddr, Q_SRC); 1121 b1 = gen_fhostop(eaddr, Q_DST); 1122 gen_or(b0, b1); 1123 return b1; 1124 default: 1125 bpf_error("direction not supported on linktype 0x%x", 1126 linktype); 1127 } 1128 /* NOTREACHED */ 1129 } 1130 1131 /* 1132 * This is quite tricky because there may be pad bytes in front of the 1133 * DECNET header, and then there are two possible data packet formats that 1134 * carry both src and dst addresses, plus 5 packet types in a format that 1135 * carries only the src node, plus 2 types that use a different format and 1136 * also carry just the src node. 1137 * 1138 * Yuck. 1139 * 1140 * Instead of doing those all right, we just look for data packets with 1141 * 0 or 1 bytes of padding. If you want to look at other packets, that 1142 * will require a lot more hacking. 1143 * 1144 * To add support for filtering on DECNET "areas" (network numbers) 1145 * one would want to add a "mask" argument to this routine. That would 1146 * make the filter even more inefficient, although one could be clever 1147 * and not generate masking instructions if the mask is 0xFFFF. 1148 */ 1149 static struct block * 1150 gen_dnhostop(addr, dir, base_off) 1151 bpf_u_int32 addr; 1152 int dir; 1153 u_int base_off; 1154 { 1155 struct block *b0, *b1, *b2, *tmp; 1156 u_int offset_lh; /* offset if long header is received */ 1157 u_int offset_sh; /* offset if short header is received */ 1158 1159 switch (dir) { 1160 1161 case Q_DST: 1162 offset_sh = 1; /* follows flags */ 1163 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1164 break; 1165 1166 case Q_SRC: 1167 offset_sh = 3; /* follows flags, dstnode */ 1168 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1169 break; 1170 1171 case Q_AND: 1172 /* Inefficient because we do our Calvinball dance twice */ 1173 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1174 b1 = gen_dnhostop(addr, Q_DST, base_off); 1175 gen_and(b0, b1); 1176 return b1; 1177 1178 case Q_OR: 1179 case Q_DEFAULT: 1180 /* Inefficient because we do our Calvinball dance twice */ 1181 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1182 b1 = gen_dnhostop(addr, Q_DST, base_off); 1183 gen_or(b0, b1); 1184 return b1; 1185 1186 default: 1187 bpf_error("direction not supported on linktype 0x%x", 1188 linktype); 1189 } 1190 b0 = gen_linktype(ETHERTYPE_DN); 1191 /* Check for pad = 1, long header case */ 1192 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1193 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1194 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1195 BPF_H, (bpf_int32)ntohs(addr)); 1196 gen_and(tmp, b1); 1197 /* Check for pad = 0, long header case */ 1198 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1199 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1200 gen_and(tmp, b2); 1201 gen_or(b2, b1); 1202 /* Check for pad = 1, short header case */ 1203 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1204 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1205 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1206 BPF_H, (bpf_int32)ntohs(addr)); 1207 gen_and(tmp, b2); 1208 gen_or(b2, b1); 1209 /* Check for pad = 0, short header case */ 1210 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1211 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1212 gen_and(tmp, b2); 1213 gen_or(b2, b1); 1214 1215 /* Combine with test for linktype */ 1216 gen_and(b0, b1); 1217 return b1; 1218 } 1219 1220 static struct block * 1221 gen_host(addr, mask, proto, dir) 1222 bpf_u_int32 addr; 1223 bpf_u_int32 mask; 1224 int proto; 1225 int dir; 1226 { 1227 struct block *b0, *b1; 1228 1229 switch (proto) { 1230 1231 case Q_DEFAULT: 1232 b0 = gen_host(addr, mask, Q_IP, dir); 1233 b1 = gen_host(addr, mask, Q_ARP, dir); 1234 gen_or(b0, b1); 1235 b0 = gen_host(addr, mask, Q_RARP, dir); 1236 gen_or(b1, b0); 1237 return b0; 1238 1239 case Q_IP: 1240 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1241 12, 16); 1242 1243 case Q_RARP: 1244 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1245 14, 24); 1246 1247 case Q_ARP: 1248 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1249 14, 24); 1250 1251 case Q_TCP: 1252 bpf_error("'tcp' modifier applied to host"); 1253 1254 case Q_UDP: 1255 bpf_error("'udp' modifier applied to host"); 1256 1257 case Q_ICMP: 1258 bpf_error("'icmp' modifier applied to host"); 1259 1260 case Q_IGMP: 1261 bpf_error("'igmp' modifier applied to host"); 1262 1263 case Q_IGRP: 1264 bpf_error("'igrp' modifier applied to host"); 1265 1266 case Q_PIM: 1267 bpf_error("'pim' modifier applied to host"); 1268 1269 case Q_STP: 1270 bpf_error("'stp' modifier applied to host"); 1271 1272 case Q_ATALK: 1273 bpf_error("ATALK host filtering not implemented"); 1274 1275 case Q_DECNET: 1276 return gen_dnhostop(addr, dir, 0); 1277 1278 case Q_SCA: 1279 bpf_error("SCA host filtering not implemented"); 1280 1281 case Q_LAT: 1282 bpf_error("LAT host filtering not implemented"); 1283 1284 case Q_MOPDL: 1285 bpf_error("MOPDL host filtering not implemented"); 1286 1287 case Q_MOPRC: 1288 bpf_error("MOPRC host filtering not implemented"); 1289 1290 #ifdef INET6 1291 case Q_IPV6: 1292 bpf_error("'ip6' modifier applied to ip host"); 1293 1294 case Q_ICMPV6: 1295 bpf_error("'icmp6' modifier applied to host"); 1296 #endif /* INET6 */ 1297 1298 case Q_AH: 1299 bpf_error("'ah' modifier applied to host"); 1300 1301 case Q_ESP: 1302 bpf_error("'esp' modifier applied to host"); 1303 1304 default: 1305 bpf_error("direction not supported on linktype 0x%x", 1306 linktype); 1307 } 1308 /* NOTREACHED */ 1309 } 1310 1311 #ifdef INET6 1312 static struct block * 1313 gen_host6(addr, mask, proto, dir) 1314 struct in6_addr *addr; 1315 struct in6_addr *mask; 1316 int proto; 1317 int dir; 1318 { 1319 switch (proto) { 1320 1321 case Q_DEFAULT: 1322 return gen_host6(addr, mask, Q_IPV6, dir); 1323 1324 case Q_IP: 1325 bpf_error("'ip' modifier applied to ip6 host"); 1326 1327 case Q_RARP: 1328 bpf_error("'rarp' modifier applied to ip6 host"); 1329 1330 case Q_ARP: 1331 bpf_error("'arp' modifier applied to ip6 host"); 1332 1333 case Q_TCP: 1334 bpf_error("'tcp' modifier applied to host"); 1335 1336 case Q_UDP: 1337 bpf_error("'udp' modifier applied to host"); 1338 1339 case Q_ICMP: 1340 bpf_error("'icmp' modifier applied to host"); 1341 1342 case Q_IGMP: 1343 bpf_error("'igmp' modifier applied to host"); 1344 1345 case Q_IGRP: 1346 bpf_error("'igrp' modifier applied to host"); 1347 1348 case Q_PIM: 1349 bpf_error("'pim' modifier applied to host"); 1350 1351 case Q_STP: 1352 bpf_error("'stp' modifier applied to host"); 1353 1354 case Q_ATALK: 1355 bpf_error("ATALK host filtering not implemented"); 1356 1357 case Q_DECNET: 1358 bpf_error("'decnet' modifier applied to ip6 host"); 1359 1360 case Q_SCA: 1361 bpf_error("SCA host filtering not implemented"); 1362 1363 case Q_LAT: 1364 bpf_error("LAT host filtering not implemented"); 1365 1366 case Q_MOPDL: 1367 bpf_error("MOPDL host filtering not implemented"); 1368 1369 case Q_MOPRC: 1370 bpf_error("MOPRC host filtering not implemented"); 1371 1372 case Q_IPV6: 1373 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1374 8, 24); 1375 1376 case Q_ICMPV6: 1377 bpf_error("'icmp6' modifier applied to host"); 1378 1379 case Q_AH: 1380 bpf_error("'ah' modifier applied to host"); 1381 1382 case Q_ESP: 1383 bpf_error("'esp' modifier applied to host"); 1384 1385 default: 1386 abort(); 1387 } 1388 /* NOTREACHED */ 1389 } 1390 #endif /*INET6*/ 1391 1392 #ifndef INET6 1393 static struct block * 1394 gen_gateway(eaddr, alist, proto, dir) 1395 const u_char *eaddr; 1396 bpf_u_int32 **alist; 1397 int proto; 1398 int dir; 1399 { 1400 struct block *b0, *b1, *tmp; 1401 1402 if (dir != 0) 1403 bpf_error("direction applied to 'gateway'"); 1404 1405 switch (proto) { 1406 case Q_DEFAULT: 1407 case Q_IP: 1408 case Q_ARP: 1409 case Q_RARP: 1410 if (linktype == DLT_EN10MB) 1411 b0 = gen_ehostop(eaddr, Q_OR); 1412 else if (linktype == DLT_FDDI) 1413 b0 = gen_fhostop(eaddr, Q_OR); 1414 else 1415 bpf_error( 1416 "'gateway' supported only on ethernet or FDDI"); 1417 1418 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1419 while (*alist) { 1420 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1421 gen_or(b1, tmp); 1422 b1 = tmp; 1423 } 1424 gen_not(b1); 1425 gen_and(b0, b1); 1426 return b1; 1427 } 1428 bpf_error("illegal modifier of 'gateway'"); 1429 /* NOTREACHED */ 1430 } 1431 #endif /*INET6*/ 1432 1433 struct block * 1434 gen_proto_abbrev(proto) 1435 int proto; 1436 { 1437 struct block *b0 = NULL, *b1; 1438 1439 switch (proto) { 1440 1441 case Q_TCP: 1442 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1443 #ifdef INET6 1444 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1445 gen_or(b0, b1); 1446 #endif 1447 break; 1448 1449 case Q_UDP: 1450 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1451 #ifdef INET6 1452 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1453 gen_or(b0, b1); 1454 #endif 1455 break; 1456 1457 case Q_ICMP: 1458 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1459 break; 1460 1461 #ifndef IPPROTO_IGMP 1462 #define IPPROTO_IGMP 2 1463 #endif 1464 1465 case Q_IGMP: 1466 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1467 break; 1468 1469 #ifndef IPPROTO_IGRP 1470 #define IPPROTO_IGRP 9 1471 #endif 1472 case Q_IGRP: 1473 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1474 break; 1475 1476 #ifndef IPPROTO_PIM 1477 #define IPPROTO_PIM 103 1478 #endif 1479 1480 case Q_PIM: 1481 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1482 #ifdef INET6 1483 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1484 gen_or(b0, b1); 1485 #endif 1486 break; 1487 1488 case Q_IP: 1489 b1 = gen_linktype(ETHERTYPE_IP); 1490 break; 1491 1492 case Q_ARP: 1493 b1 = gen_linktype(ETHERTYPE_ARP); 1494 break; 1495 1496 case Q_RARP: 1497 b1 = gen_linktype(ETHERTYPE_REVARP); 1498 break; 1499 1500 case Q_LINK: 1501 bpf_error("link layer applied in wrong context"); 1502 1503 case Q_ATALK: 1504 b1 = gen_linktype(ETHERTYPE_ATALK); 1505 break; 1506 1507 case Q_DECNET: 1508 b1 = gen_linktype(ETHERTYPE_DN); 1509 break; 1510 1511 case Q_SCA: 1512 b1 = gen_linktype(ETHERTYPE_SCA); 1513 break; 1514 1515 case Q_LAT: 1516 b1 = gen_linktype(ETHERTYPE_LAT); 1517 break; 1518 1519 case Q_MOPDL: 1520 b1 = gen_linktype(ETHERTYPE_MOPDL); 1521 break; 1522 1523 case Q_MOPRC: 1524 b1 = gen_linktype(ETHERTYPE_MOPRC); 1525 break; 1526 1527 case Q_STP: 1528 b1 = gen_linktype(LLCSAP_8021D); 1529 break; 1530 1531 #ifdef INET6 1532 case Q_IPV6: 1533 b1 = gen_linktype(ETHERTYPE_IPV6); 1534 break; 1535 1536 #ifndef IPPROTO_ICMPV6 1537 #define IPPROTO_ICMPV6 58 1538 #endif 1539 case Q_ICMPV6: 1540 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1541 break; 1542 #endif /* INET6 */ 1543 1544 #ifndef IPPROTO_AH 1545 #define IPPROTO_AH 51 1546 #endif 1547 case Q_AH: 1548 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1549 #ifdef INET6 1550 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1551 gen_or(b0, b1); 1552 #endif 1553 break; 1554 1555 #ifndef IPPROTO_ESP 1556 #define IPPROTO_ESP 50 1557 #endif 1558 case Q_ESP: 1559 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1560 #ifdef INET6 1561 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1562 gen_or(b0, b1); 1563 #endif 1564 break; 1565 1566 default: 1567 abort(); 1568 } 1569 return b1; 1570 } 1571 1572 static struct block * 1573 gen_ipfrag() 1574 { 1575 struct slist *s, *tmp; 1576 struct block *b; 1577 1578 /* not ip frag */ 1579 if (variable_nl) { 1580 s = nl2X_stmt(); 1581 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1582 tmp->s.k = 6; 1583 sappend(s, tmp); 1584 } else { 1585 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1586 s->s.k = off_nl + 6; 1587 } 1588 b = new_block(JMP(BPF_JSET)); 1589 b->s.k = 0x1fff; 1590 b->stmts = s; 1591 gen_not(b); 1592 1593 return b; 1594 } 1595 1596 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1597 This function generates code to set X to the start of the IP payload 1598 X = off_nl + IP header_len. 1599 */ 1600 static struct slist * 1601 iphl_to_x(void) 1602 { 1603 struct slist *s, *tmp; 1604 1605 /* XXX clobbers A if variable_nl*/ 1606 if (variable_nl) { 1607 if (iphl_reg == -1) { 1608 /* X <- off_nl */ 1609 s = nl2X_stmt(); 1610 1611 /* A = p[X+0] */ 1612 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1613 tmp->s.k = 0; 1614 sappend(s, tmp); 1615 1616 /* A = A & 0x0f */ 1617 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1618 tmp->s.k = 0x0f; 1619 sappend(s, tmp); 1620 1621 /* A = A << 2 */ 1622 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1623 tmp->s.k = 2; 1624 sappend(s, tmp); 1625 1626 /* A = A + X (add off_nl again to compansate) */ 1627 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1628 1629 /* MEM[iphl_reg] = A */ 1630 iphl_reg = alloc_reg(); 1631 tmp = new_stmt(BPF_ST); 1632 tmp->s.k = iphl_reg; 1633 sappend(s, tmp); 1634 1635 sappend(init_code, s); 1636 } 1637 s = new_stmt(BPF_LDX|BPF_MEM); 1638 s->s.k = iphl_reg; 1639 1640 } else { 1641 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1642 s->s.k = off_nl; 1643 } 1644 1645 return s; 1646 } 1647 1648 static struct block * 1649 gen_portatom(off, v) 1650 int off; 1651 bpf_int32 v; 1652 { 1653 struct slist *s, *tmp; 1654 struct block *b; 1655 1656 s = iphl_to_x(); 1657 1658 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1659 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1660 sappend(s, tmp); 1661 1662 b = new_block(JMP(BPF_JEQ)); 1663 b->stmts = s; 1664 b->s.k = v; 1665 1666 return b; 1667 } 1668 1669 #ifdef INET6 1670 static struct block * 1671 gen_portatom6(off, v) 1672 int off; 1673 bpf_int32 v; 1674 { 1675 return gen_cmp_nl(40 + off, BPF_H, v); 1676 } 1677 #endif/*INET6*/ 1678 1679 struct block * 1680 gen_portop(port, proto, dir) 1681 int port, proto, dir; 1682 { 1683 struct block *b0, *b1, *tmp; 1684 1685 /* ip proto 'proto' */ 1686 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1687 b0 = gen_ipfrag(); 1688 gen_and(tmp, b0); 1689 1690 switch (dir) { 1691 case Q_SRC: 1692 b1 = gen_portatom(0, (bpf_int32)port); 1693 break; 1694 1695 case Q_DST: 1696 b1 = gen_portatom(2, (bpf_int32)port); 1697 break; 1698 1699 case Q_OR: 1700 case Q_DEFAULT: 1701 tmp = gen_portatom(0, (bpf_int32)port); 1702 b1 = gen_portatom(2, (bpf_int32)port); 1703 gen_or(tmp, b1); 1704 break; 1705 1706 case Q_AND: 1707 tmp = gen_portatom(0, (bpf_int32)port); 1708 b1 = gen_portatom(2, (bpf_int32)port); 1709 gen_and(tmp, b1); 1710 break; 1711 1712 default: 1713 abort(); 1714 } 1715 gen_and(b0, b1); 1716 1717 return b1; 1718 } 1719 1720 static struct block * 1721 gen_port(port, ip_proto, dir) 1722 int port; 1723 int ip_proto; 1724 int dir; 1725 { 1726 struct block *b0, *b1, *tmp; 1727 1728 /* ether proto ip */ 1729 b0 = gen_linktype(ETHERTYPE_IP); 1730 1731 switch (ip_proto) { 1732 case IPPROTO_UDP: 1733 case IPPROTO_TCP: 1734 b1 = gen_portop(port, ip_proto, dir); 1735 break; 1736 1737 case PROTO_UNDEF: 1738 tmp = gen_portop(port, IPPROTO_TCP, dir); 1739 b1 = gen_portop(port, IPPROTO_UDP, dir); 1740 gen_or(tmp, b1); 1741 break; 1742 1743 default: 1744 abort(); 1745 } 1746 gen_and(b0, b1); 1747 return b1; 1748 } 1749 1750 #ifdef INET6 1751 struct block * 1752 gen_portop6(port, proto, dir) 1753 int port, proto, dir; 1754 { 1755 struct block *b0, *b1, *tmp; 1756 1757 /* ip proto 'proto' */ 1758 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1759 1760 switch (dir) { 1761 case Q_SRC: 1762 b1 = gen_portatom6(0, (bpf_int32)port); 1763 break; 1764 1765 case Q_DST: 1766 b1 = gen_portatom6(2, (bpf_int32)port); 1767 break; 1768 1769 case Q_OR: 1770 case Q_DEFAULT: 1771 tmp = gen_portatom6(0, (bpf_int32)port); 1772 b1 = gen_portatom6(2, (bpf_int32)port); 1773 gen_or(tmp, b1); 1774 break; 1775 1776 case Q_AND: 1777 tmp = gen_portatom6(0, (bpf_int32)port); 1778 b1 = gen_portatom6(2, (bpf_int32)port); 1779 gen_and(tmp, b1); 1780 break; 1781 1782 default: 1783 abort(); 1784 } 1785 gen_and(b0, b1); 1786 1787 return b1; 1788 } 1789 1790 static struct block * 1791 gen_port6(port, ip_proto, dir) 1792 int port; 1793 int ip_proto; 1794 int dir; 1795 { 1796 struct block *b0, *b1, *tmp; 1797 1798 /* ether proto ip */ 1799 b0 = gen_linktype(ETHERTYPE_IPV6); 1800 1801 switch (ip_proto) { 1802 case IPPROTO_UDP: 1803 case IPPROTO_TCP: 1804 b1 = gen_portop6(port, ip_proto, dir); 1805 break; 1806 1807 case PROTO_UNDEF: 1808 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1809 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1810 gen_or(tmp, b1); 1811 break; 1812 1813 default: 1814 abort(); 1815 } 1816 gen_and(b0, b1); 1817 return b1; 1818 } 1819 #endif /* INET6 */ 1820 1821 static int 1822 lookup_proto(name, proto) 1823 const char *name; 1824 int proto; 1825 { 1826 int v; 1827 1828 switch (proto) { 1829 1830 case Q_DEFAULT: 1831 case Q_IP: 1832 v = pcap_nametoproto(name); 1833 if (v == PROTO_UNDEF) 1834 bpf_error("unknown ip proto '%s'", name); 1835 break; 1836 1837 case Q_LINK: 1838 /* XXX should look up h/w protocol type based on linktype */ 1839 v = pcap_nametoeproto(name); 1840 if (v == PROTO_UNDEF) { 1841 v = pcap_nametollc(name); 1842 if (v == PROTO_UNDEF) 1843 bpf_error("unknown ether proto '%s'", name); 1844 } 1845 break; 1846 1847 default: 1848 v = PROTO_UNDEF; 1849 break; 1850 } 1851 return v; 1852 } 1853 1854 static struct block * 1855 gen_protochain(v, proto, dir) 1856 int v; 1857 int proto; 1858 int dir; 1859 { 1860 struct block *b0, *b; 1861 struct slist *s[100]; 1862 int fix2, fix3, fix4, fix5; 1863 int ahcheck, again, end; 1864 int i, max; 1865 int reg1 = alloc_reg(); 1866 int reg2 = alloc_reg(); 1867 1868 memset(s, 0, sizeof(s)); 1869 fix2 = fix3 = fix4 = fix5 = 0; 1870 1871 if (variable_nl) { 1872 bpf_error("'gen_protochain' not supported for variable DLTs"); 1873 /*NOTREACHED*/ 1874 } 1875 1876 switch (proto) { 1877 case Q_IP: 1878 case Q_IPV6: 1879 break; 1880 case Q_DEFAULT: 1881 b0 = gen_protochain(v, Q_IP, dir); 1882 b = gen_protochain(v, Q_IPV6, dir); 1883 gen_or(b0, b); 1884 return b; 1885 default: 1886 bpf_error("bad protocol applied for 'protochain'"); 1887 /*NOTREACHED*/ 1888 } 1889 1890 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1891 1892 /* 1893 * s[0] is a dummy entry to protect other BPF insn from damaged 1894 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1895 * hard to find interdependency made by jump table fixup. 1896 */ 1897 i = 0; 1898 s[i] = new_stmt(0); /*dummy*/ 1899 i++; 1900 1901 switch (proto) { 1902 case Q_IP: 1903 b0 = gen_linktype(ETHERTYPE_IP); 1904 1905 /* A = ip->ip_p */ 1906 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1907 s[i]->s.k = off_nl + 9; 1908 i++; 1909 /* X = ip->ip_hl << 2 */ 1910 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1911 s[i]->s.k = off_nl; 1912 i++; 1913 break; 1914 case Q_IPV6: 1915 b0 = gen_linktype(ETHERTYPE_IPV6); 1916 1917 /* A = ip6->ip_nxt */ 1918 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1919 s[i]->s.k = off_nl + 6; 1920 i++; 1921 /* X = sizeof(struct ip6_hdr) */ 1922 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1923 s[i]->s.k = 40; 1924 i++; 1925 break; 1926 default: 1927 bpf_error("unsupported proto to gen_protochain"); 1928 /*NOTREACHED*/ 1929 } 1930 1931 /* again: if (A == v) goto end; else fall through; */ 1932 again = i; 1933 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1934 s[i]->s.k = v; 1935 s[i]->s.jt = NULL; /*later*/ 1936 s[i]->s.jf = NULL; /*update in next stmt*/ 1937 fix5 = i; 1938 i++; 1939 1940 /* if (A == IPPROTO_NONE) goto end */ 1941 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1942 s[i]->s.jt = NULL; /*later*/ 1943 s[i]->s.jf = NULL; /*update in next stmt*/ 1944 s[i]->s.k = IPPROTO_NONE; 1945 s[fix5]->s.jf = s[i]; 1946 fix2 = i; 1947 i++; 1948 1949 if (proto == Q_IPV6) { 1950 int v6start, v6end, v6advance, j; 1951 1952 v6start = i; 1953 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1954 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1955 s[i]->s.jt = NULL; /*later*/ 1956 s[i]->s.jf = NULL; /*update in next stmt*/ 1957 s[i]->s.k = IPPROTO_HOPOPTS; 1958 s[fix2]->s.jf = s[i]; 1959 i++; 1960 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1961 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1962 s[i]->s.jt = NULL; /*later*/ 1963 s[i]->s.jf = NULL; /*update in next stmt*/ 1964 s[i]->s.k = IPPROTO_DSTOPTS; 1965 i++; 1966 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1967 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1968 s[i]->s.jt = NULL; /*later*/ 1969 s[i]->s.jf = NULL; /*update in next stmt*/ 1970 s[i]->s.k = IPPROTO_ROUTING; 1971 i++; 1972 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1973 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1974 s[i]->s.jt = NULL; /*later*/ 1975 s[i]->s.jf = NULL; /*later*/ 1976 s[i]->s.k = IPPROTO_FRAGMENT; 1977 fix3 = i; 1978 v6end = i; 1979 i++; 1980 1981 /* v6advance: */ 1982 v6advance = i; 1983 1984 /* 1985 * in short, 1986 * A = P[X + 1]; 1987 * X = X + (P[X] + 1) * 8; 1988 */ 1989 /* A = X */ 1990 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1991 i++; 1992 /* MEM[reg1] = A */ 1993 s[i] = new_stmt(BPF_ST); 1994 s[i]->s.k = reg1; 1995 i++; 1996 /* A += 1 */ 1997 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1998 s[i]->s.k = 1; 1999 i++; 2000 /* X = A */ 2001 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2002 i++; 2003 /* A = P[X + packet head]; */ 2004 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2005 s[i]->s.k = off_nl; 2006 i++; 2007 /* MEM[reg2] = A */ 2008 s[i] = new_stmt(BPF_ST); 2009 s[i]->s.k = reg2; 2010 i++; 2011 /* X = MEM[reg1] */ 2012 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2013 s[i]->s.k = reg1; 2014 i++; 2015 /* A = P[X + packet head] */ 2016 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2017 s[i]->s.k = off_nl; 2018 i++; 2019 /* A += 1 */ 2020 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2021 s[i]->s.k = 1; 2022 i++; 2023 /* A *= 8 */ 2024 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2025 s[i]->s.k = 8; 2026 i++; 2027 /* X = A; */ 2028 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2029 i++; 2030 /* A = MEM[reg2] */ 2031 s[i] = new_stmt(BPF_LD|BPF_MEM); 2032 s[i]->s.k = reg2; 2033 i++; 2034 2035 /* goto again; (must use BPF_JA for backward jump) */ 2036 s[i] = new_stmt(BPF_JMP|BPF_JA); 2037 s[i]->s.k = again - i - 1; 2038 s[i - 1]->s.jf = s[i]; 2039 i++; 2040 2041 /* fixup */ 2042 for (j = v6start; j <= v6end; j++) 2043 s[j]->s.jt = s[v6advance]; 2044 } else { 2045 /* nop */ 2046 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2047 s[i]->s.k = 0; 2048 s[fix2]->s.jf = s[i]; 2049 i++; 2050 } 2051 2052 /* ahcheck: */ 2053 ahcheck = i; 2054 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2055 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2056 s[i]->s.jt = NULL; /*later*/ 2057 s[i]->s.jf = NULL; /*later*/ 2058 s[i]->s.k = IPPROTO_AH; 2059 if (fix3) 2060 s[fix3]->s.jf = s[ahcheck]; 2061 fix4 = i; 2062 i++; 2063 2064 /* 2065 * in short, 2066 * A = P[X + 1]; 2067 * X = X + (P[X] + 2) * 4; 2068 */ 2069 /* A = X */ 2070 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2071 i++; 2072 /* MEM[reg1] = A */ 2073 s[i] = new_stmt(BPF_ST); 2074 s[i]->s.k = reg1; 2075 i++; 2076 /* A += 1 */ 2077 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2078 s[i]->s.k = 1; 2079 i++; 2080 /* X = A */ 2081 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2082 i++; 2083 /* A = P[X + packet head]; */ 2084 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2085 s[i]->s.k = off_nl; 2086 i++; 2087 /* MEM[reg2] = A */ 2088 s[i] = new_stmt(BPF_ST); 2089 s[i]->s.k = reg2; 2090 i++; 2091 /* X = MEM[reg1] */ 2092 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2093 s[i]->s.k = reg1; 2094 i++; 2095 /* A = P[X + packet head] */ 2096 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2097 s[i]->s.k = off_nl; 2098 i++; 2099 /* A += 2 */ 2100 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2101 s[i]->s.k = 2; 2102 i++; 2103 /* A *= 4 */ 2104 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2105 s[i]->s.k = 4; 2106 i++; 2107 /* X = A; */ 2108 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2109 i++; 2110 /* A = MEM[reg2] */ 2111 s[i] = new_stmt(BPF_LD|BPF_MEM); 2112 s[i]->s.k = reg2; 2113 i++; 2114 2115 /* goto again; (must use BPF_JA for backward jump) */ 2116 s[i] = new_stmt(BPF_JMP|BPF_JA); 2117 s[i]->s.k = again - i - 1; 2118 i++; 2119 2120 /* end: nop */ 2121 end = i; 2122 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2123 s[i]->s.k = 0; 2124 s[fix2]->s.jt = s[end]; 2125 s[fix4]->s.jf = s[end]; 2126 s[fix5]->s.jt = s[end]; 2127 i++; 2128 2129 /* 2130 * make slist chain 2131 */ 2132 max = i; 2133 for (i = 0; i < max - 1; i++) 2134 s[i]->next = s[i + 1]; 2135 s[max - 1]->next = NULL; 2136 2137 /* 2138 * emit final check 2139 */ 2140 b = new_block(JMP(BPF_JEQ)); 2141 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2142 b->s.k = v; 2143 2144 free_reg(reg1); 2145 free_reg(reg2); 2146 2147 gen_and(b0, b); 2148 return b; 2149 } 2150 2151 static struct block * 2152 gen_proto(v, proto, dir) 2153 int v; 2154 int proto; 2155 int dir; 2156 { 2157 struct block *b0, *b1; 2158 2159 if (dir != Q_DEFAULT) 2160 bpf_error("direction applied to 'proto'"); 2161 2162 switch (proto) { 2163 case Q_DEFAULT: 2164 #ifdef INET6 2165 b0 = gen_proto(v, Q_IP, dir); 2166 b1 = gen_proto(v, Q_IPV6, dir); 2167 gen_or(b0, b1); 2168 return b1; 2169 #else 2170 /*FALLTHROUGH*/ 2171 #endif 2172 case Q_IP: 2173 b0 = gen_linktype(ETHERTYPE_IP); 2174 #ifndef CHASE_CHAIN 2175 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2176 #else 2177 b1 = gen_protochain(v, Q_IP); 2178 #endif 2179 gen_and(b0, b1); 2180 return b1; 2181 2182 case Q_ARP: 2183 bpf_error("arp does not encapsulate another protocol"); 2184 /* NOTREACHED */ 2185 2186 case Q_RARP: 2187 bpf_error("rarp does not encapsulate another protocol"); 2188 /* NOTREACHED */ 2189 2190 case Q_ATALK: 2191 bpf_error("atalk encapsulation is not specifiable"); 2192 /* NOTREACHED */ 2193 2194 case Q_DECNET: 2195 bpf_error("decnet encapsulation is not specifiable"); 2196 /* NOTREACHED */ 2197 2198 case Q_SCA: 2199 bpf_error("sca does not encapsulate another protocol"); 2200 /* NOTREACHED */ 2201 2202 case Q_LAT: 2203 bpf_error("lat does not encapsulate another protocol"); 2204 /* NOTREACHED */ 2205 2206 case Q_MOPRC: 2207 bpf_error("moprc does not encapsulate another protocol"); 2208 /* NOTREACHED */ 2209 2210 case Q_MOPDL: 2211 bpf_error("mopdl does not encapsulate another protocol"); 2212 /* NOTREACHED */ 2213 2214 case Q_LINK: 2215 return gen_linktype(v); 2216 2217 case Q_UDP: 2218 bpf_error("'udp proto' is bogus"); 2219 /* NOTREACHED */ 2220 2221 case Q_TCP: 2222 bpf_error("'tcp proto' is bogus"); 2223 /* NOTREACHED */ 2224 2225 case Q_ICMP: 2226 bpf_error("'icmp proto' is bogus"); 2227 /* NOTREACHED */ 2228 2229 case Q_IGMP: 2230 bpf_error("'igmp proto' is bogus"); 2231 /* NOTREACHED */ 2232 2233 case Q_IGRP: 2234 bpf_error("'igrp proto' is bogus"); 2235 /* NOTREACHED */ 2236 2237 case Q_PIM: 2238 bpf_error("'pim proto' is bogus"); 2239 /* NOTREACHED */ 2240 2241 case Q_STP: 2242 bpf_error("'stp proto' is bogus"); 2243 /* NOTREACHED */ 2244 2245 #ifdef INET6 2246 case Q_IPV6: 2247 b0 = gen_linktype(ETHERTYPE_IPV6); 2248 #ifndef CHASE_CHAIN 2249 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2250 #else 2251 b1 = gen_protochain(v, Q_IPV6); 2252 #endif 2253 gen_and(b0, b1); 2254 return b1; 2255 2256 case Q_ICMPV6: 2257 bpf_error("'icmp6 proto' is bogus"); 2258 #endif /* INET6 */ 2259 2260 case Q_AH: 2261 bpf_error("'ah proto' is bogus"); 2262 2263 case Q_ESP: 2264 bpf_error("'esp proto' is bogus"); 2265 2266 default: 2267 abort(); 2268 /* NOTREACHED */ 2269 } 2270 /* NOTREACHED */ 2271 } 2272 2273 struct block * 2274 gen_scode(name, q) 2275 const char *name; 2276 struct qual q; 2277 { 2278 int proto = q.proto; 2279 int dir = q.dir; 2280 int tproto; 2281 u_char *eaddr; 2282 bpf_u_int32 mask, addr; 2283 #ifndef INET6 2284 bpf_u_int32 **alist; 2285 #else 2286 int tproto6; 2287 struct sockaddr_in *sin; 2288 struct sockaddr_in6 *sin6; 2289 struct addrinfo *res, *res0; 2290 struct in6_addr mask128; 2291 #endif /*INET6*/ 2292 struct block *b, *tmp; 2293 int port, real_proto; 2294 2295 switch (q.addr) { 2296 2297 case Q_NET: 2298 addr = pcap_nametonetaddr(name); 2299 if (addr == 0) 2300 bpf_error("unknown network '%s'", name); 2301 /* Left justify network addr and calculate its network mask */ 2302 mask = 0xffffffff; 2303 while (addr && (addr & 0xff000000) == 0) { 2304 addr <<= 8; 2305 mask <<= 8; 2306 } 2307 return gen_host(addr, mask, proto, dir); 2308 2309 case Q_DEFAULT: 2310 case Q_HOST: 2311 if (proto == Q_LINK) { 2312 switch (linktype) { 2313 2314 case DLT_EN10MB: 2315 eaddr = pcap_ether_hostton(name); 2316 if (eaddr == NULL) 2317 bpf_error( 2318 "unknown ether host '%s'", name); 2319 return gen_ehostop(eaddr, dir); 2320 2321 case DLT_FDDI: 2322 eaddr = pcap_ether_hostton(name); 2323 if (eaddr == NULL) 2324 bpf_error( 2325 "unknown FDDI host '%s'", name); 2326 return gen_fhostop(eaddr, dir); 2327 2328 case DLT_IEEE802_11: 2329 case DLT_IEEE802_11_RADIO: 2330 eaddr = pcap_ether_hostton(name); 2331 if (eaddr == NULL) 2332 bpf_error( 2333 "unknown 802.11 host '%s'", name); 2334 2335 return gen_p80211_hostop(eaddr, dir); 2336 2337 default: 2338 bpf_error( 2339 "only ethernet/FDDI supports link-level host name"); 2340 break; 2341 } 2342 } else if (proto == Q_DECNET) { 2343 unsigned short dn_addr = __pcap_nametodnaddr(name); 2344 /* 2345 * I don't think DECNET hosts can be multihomed, so 2346 * there is no need to build up a list of addresses 2347 */ 2348 return (gen_host(dn_addr, 0, proto, dir)); 2349 } else { 2350 #ifndef INET6 2351 alist = pcap_nametoaddr(name); 2352 if (alist == NULL || *alist == NULL) 2353 bpf_error("unknown host '%s'", name); 2354 tproto = proto; 2355 if (off_linktype == -1 && tproto == Q_DEFAULT) 2356 tproto = Q_IP; 2357 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2358 while (*alist) { 2359 tmp = gen_host(**alist++, 0xffffffff, 2360 tproto, dir); 2361 gen_or(b, tmp); 2362 b = tmp; 2363 } 2364 return b; 2365 #else 2366 memset(&mask128, 0xff, sizeof(mask128)); 2367 res0 = res = pcap_nametoaddrinfo(name); 2368 if (res == NULL) 2369 bpf_error("unknown host '%s'", name); 2370 b = tmp = NULL; 2371 tproto = tproto6 = proto; 2372 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2373 tproto = Q_IP; 2374 tproto6 = Q_IPV6; 2375 } 2376 for (res = res0; res; res = res->ai_next) { 2377 switch (res->ai_family) { 2378 case AF_INET: 2379 if (tproto == Q_IPV6) 2380 continue; 2381 2382 sin = (struct sockaddr_in *) 2383 res->ai_addr; 2384 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2385 0xffffffff, tproto, dir); 2386 break; 2387 case AF_INET6: 2388 if (tproto6 == Q_IP) 2389 continue; 2390 2391 sin6 = (struct sockaddr_in6 *) 2392 res->ai_addr; 2393 tmp = gen_host6(&sin6->sin6_addr, 2394 &mask128, tproto6, dir); 2395 break; 2396 } 2397 if (b) 2398 gen_or(b, tmp); 2399 b = tmp; 2400 } 2401 freeaddrinfo(res0); 2402 if (b == NULL) { 2403 bpf_error("unknown host '%s'%s", name, 2404 (proto == Q_DEFAULT) 2405 ? "" 2406 : " for specified address family"); 2407 } 2408 return b; 2409 #endif /*INET6*/ 2410 } 2411 2412 case Q_PORT: 2413 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2414 bpf_error("illegal qualifier of 'port'"); 2415 if (pcap_nametoport(name, &port, &real_proto) == 0) 2416 bpf_error("unknown port '%s'", name); 2417 if (proto == Q_UDP) { 2418 if (real_proto == IPPROTO_TCP) 2419 bpf_error("port '%s' is tcp", name); 2420 else 2421 /* override PROTO_UNDEF */ 2422 real_proto = IPPROTO_UDP; 2423 } 2424 if (proto == Q_TCP) { 2425 if (real_proto == IPPROTO_UDP) 2426 bpf_error("port '%s' is udp", name); 2427 else 2428 /* override PROTO_UNDEF */ 2429 real_proto = IPPROTO_TCP; 2430 } 2431 #ifndef INET6 2432 return gen_port(port, real_proto, dir); 2433 #else 2434 { 2435 struct block *b; 2436 b = gen_port(port, real_proto, dir); 2437 gen_or(gen_port6(port, real_proto, dir), b); 2438 return b; 2439 } 2440 #endif /* INET6 */ 2441 2442 case Q_GATEWAY: 2443 #ifndef INET6 2444 eaddr = pcap_ether_hostton(name); 2445 if (eaddr == NULL) 2446 bpf_error("unknown ether host: %s", name); 2447 2448 alist = pcap_nametoaddr(name); 2449 if (alist == NULL || *alist == NULL) 2450 bpf_error("unknown host '%s'", name); 2451 return gen_gateway(eaddr, alist, proto, dir); 2452 #else 2453 bpf_error("'gateway' not supported in this configuration"); 2454 #endif /*INET6*/ 2455 2456 case Q_PROTO: 2457 real_proto = lookup_proto(name, proto); 2458 if (real_proto >= 0) 2459 return gen_proto(real_proto, proto, dir); 2460 else 2461 bpf_error("unknown protocol: %s", name); 2462 2463 case Q_PROTOCHAIN: 2464 real_proto = lookup_proto(name, proto); 2465 if (real_proto >= 0) 2466 return gen_protochain(real_proto, proto, dir); 2467 else 2468 bpf_error("unknown protocol: %s", name); 2469 2470 2471 case Q_UNDEF: 2472 syntax(); 2473 /* NOTREACHED */ 2474 } 2475 abort(); 2476 /* NOTREACHED */ 2477 } 2478 2479 struct block * 2480 gen_mcode(s1, s2, masklen, q) 2481 const char *s1, *s2; 2482 int masklen; 2483 struct qual q; 2484 { 2485 int nlen, mlen; 2486 bpf_u_int32 n, m; 2487 2488 nlen = __pcap_atoin(s1, &n); 2489 /* Promote short ipaddr */ 2490 n <<= 32 - nlen; 2491 2492 if (s2 != NULL) { 2493 mlen = __pcap_atoin(s2, &m); 2494 /* Promote short ipaddr */ 2495 m <<= 32 - mlen; 2496 if ((n & ~m) != 0) 2497 bpf_error("non-network bits set in \"%s mask %s\"", 2498 s1, s2); 2499 } else { 2500 /* Convert mask len to mask */ 2501 if (masklen > 32) 2502 bpf_error("mask length must be <= 32"); 2503 m = 0xffffffff << (32 - masklen); 2504 if ((n & ~m) != 0) 2505 bpf_error("non-network bits set in \"%s/%d\"", 2506 s1, masklen); 2507 } 2508 2509 switch (q.addr) { 2510 2511 case Q_NET: 2512 return gen_host(n, m, q.proto, q.dir); 2513 2514 default: 2515 bpf_error("Mask syntax for networks only"); 2516 /* NOTREACHED */ 2517 } 2518 } 2519 2520 struct block * 2521 gen_ncode(s, v, q) 2522 const char *s; 2523 bpf_u_int32 v; 2524 struct qual q; 2525 { 2526 bpf_u_int32 mask; 2527 int proto = q.proto; 2528 int dir = q.dir; 2529 int vlen; 2530 2531 if (s == NULL) 2532 vlen = 32; 2533 else if (q.proto == Q_DECNET) 2534 vlen = __pcap_atodn(s, &v); 2535 else 2536 vlen = __pcap_atoin(s, &v); 2537 2538 switch (q.addr) { 2539 2540 case Q_DEFAULT: 2541 case Q_HOST: 2542 case Q_NET: 2543 if (proto == Q_DECNET) 2544 return gen_host(v, 0, proto, dir); 2545 else if (proto == Q_LINK) { 2546 bpf_error("illegal link layer address"); 2547 } else { 2548 mask = 0xffffffff; 2549 if (s == NULL && q.addr == Q_NET) { 2550 /* Promote short net number */ 2551 while (v && (v & 0xff000000) == 0) { 2552 v <<= 8; 2553 mask <<= 8; 2554 } 2555 } else { 2556 /* Promote short ipaddr */ 2557 v <<= 32 - vlen; 2558 mask <<= 32 - vlen; 2559 } 2560 return gen_host(v, mask, proto, dir); 2561 } 2562 2563 case Q_PORT: 2564 if (proto == Q_UDP) 2565 proto = IPPROTO_UDP; 2566 else if (proto == Q_TCP) 2567 proto = IPPROTO_TCP; 2568 else if (proto == Q_DEFAULT) 2569 proto = PROTO_UNDEF; 2570 else 2571 bpf_error("illegal qualifier of 'port'"); 2572 2573 #ifndef INET6 2574 return gen_port((int)v, proto, dir); 2575 #else 2576 { 2577 struct block *b; 2578 b = gen_port((int)v, proto, dir); 2579 gen_or(gen_port6((int)v, proto, dir), b); 2580 return b; 2581 } 2582 #endif /* INET6 */ 2583 2584 case Q_GATEWAY: 2585 bpf_error("'gateway' requires a name"); 2586 /* NOTREACHED */ 2587 2588 case Q_PROTO: 2589 return gen_proto((int)v, proto, dir); 2590 2591 case Q_PROTOCHAIN: 2592 return gen_protochain((int)v, proto, dir); 2593 2594 case Q_UNDEF: 2595 syntax(); 2596 /* NOTREACHED */ 2597 2598 default: 2599 abort(); 2600 /* NOTREACHED */ 2601 } 2602 /* NOTREACHED */ 2603 } 2604 2605 #ifdef INET6 2606 struct block * 2607 gen_mcode6(s1, s2, masklen, q) 2608 const char *s1, *s2; 2609 int masklen; 2610 struct qual q; 2611 { 2612 struct addrinfo *res; 2613 struct in6_addr *addr; 2614 struct in6_addr mask; 2615 struct block *b; 2616 u_int32_t *a, *m; 2617 2618 if (s2) 2619 bpf_error("no mask %s supported", s2); 2620 2621 res = pcap_nametoaddrinfo(s1); 2622 if (!res) 2623 bpf_error("invalid ip6 address %s", s1); 2624 if (res->ai_next) 2625 bpf_error("%s resolved to multiple address", s1); 2626 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2627 2628 if (sizeof(mask) * 8 < masklen) 2629 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2630 memset(&mask, 0, sizeof(mask)); 2631 memset(&mask, 0xff, masklen / 8); 2632 if (masklen % 8) { 2633 mask.s6_addr[masklen / 8] = 2634 (0xff << (8 - masklen % 8)) & 0xff; 2635 } 2636 2637 a = (u_int32_t *)addr; 2638 m = (u_int32_t *)&mask; 2639 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2640 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2641 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2642 } 2643 2644 switch (q.addr) { 2645 2646 case Q_DEFAULT: 2647 case Q_HOST: 2648 if (masklen != 128) 2649 bpf_error("Mask syntax for networks only"); 2650 /* FALLTHROUGH */ 2651 2652 case Q_NET: 2653 b = gen_host6(addr, &mask, q.proto, q.dir); 2654 freeaddrinfo(res); 2655 return b; 2656 2657 default: 2658 bpf_error("invalid qualifier against IPv6 address"); 2659 /* NOTREACHED */ 2660 } 2661 } 2662 #endif /*INET6*/ 2663 2664 struct block * 2665 gen_ecode(eaddr, q) 2666 const u_char *eaddr; 2667 struct qual q; 2668 { 2669 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2670 if (linktype == DLT_EN10MB) 2671 return gen_ehostop(eaddr, (int)q.dir); 2672 if (linktype == DLT_FDDI) 2673 return gen_fhostop(eaddr, (int)q.dir); 2674 if (linktype == DLT_IEEE802_11 || 2675 linktype == DLT_IEEE802_11_RADIO) 2676 return gen_p80211_hostop(eaddr, (int)q.dir); 2677 } 2678 bpf_error("ethernet address used in non-ether expression"); 2679 /* NOTREACHED */ 2680 } 2681 2682 void 2683 sappend(s0, s1) 2684 struct slist *s0, *s1; 2685 { 2686 /* 2687 * This is definitely not the best way to do this, but the 2688 * lists will rarely get long. 2689 */ 2690 while (s0->next) 2691 s0 = s0->next; 2692 s0->next = s1; 2693 } 2694 2695 static struct slist * 2696 xfer_to_x(a) 2697 struct arth *a; 2698 { 2699 struct slist *s; 2700 2701 s = new_stmt(BPF_LDX|BPF_MEM); 2702 s->s.k = a->regno; 2703 return s; 2704 } 2705 2706 static struct slist * 2707 xfer_to_a(a) 2708 struct arth *a; 2709 { 2710 struct slist *s; 2711 2712 s = new_stmt(BPF_LD|BPF_MEM); 2713 s->s.k = a->regno; 2714 return s; 2715 } 2716 2717 struct arth * 2718 gen_load(proto, index, size) 2719 int proto; 2720 struct arth *index; 2721 int size; 2722 { 2723 struct slist *s, *tmp; 2724 struct block *b; 2725 int regno = alloc_reg(); 2726 2727 free_reg(index->regno); 2728 switch (size) { 2729 2730 default: 2731 bpf_error("data size must be 1, 2, or 4"); 2732 2733 case 1: 2734 size = BPF_B; 2735 break; 2736 2737 case 2: 2738 size = BPF_H; 2739 break; 2740 2741 case 4: 2742 size = BPF_W; 2743 break; 2744 } 2745 switch (proto) { 2746 default: 2747 bpf_error("unsupported index operation"); 2748 2749 case Q_LINK: 2750 s = xfer_to_x(index); 2751 tmp = new_stmt(BPF_LD|BPF_IND|size); 2752 sappend(s, tmp); 2753 sappend(index->s, s); 2754 break; 2755 2756 case Q_IP: 2757 case Q_ARP: 2758 case Q_RARP: 2759 case Q_ATALK: 2760 case Q_DECNET: 2761 case Q_SCA: 2762 case Q_LAT: 2763 case Q_MOPRC: 2764 case Q_MOPDL: 2765 #ifdef INET6 2766 case Q_IPV6: 2767 #endif 2768 /* XXX Note that we assume a fixed link header here. */ 2769 if (variable_nl) { 2770 s = nl2X_stmt(); 2771 sappend(s, xfer_to_a(index)); 2772 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2773 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2774 } else { 2775 s = xfer_to_x(index); 2776 } 2777 tmp = new_stmt(BPF_LD|BPF_IND|size); 2778 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2779 sappend(s, tmp); 2780 sappend(index->s, s); 2781 2782 b = gen_proto_abbrev(proto); 2783 if (index->b) 2784 gen_and(index->b, b); 2785 index->b = b; 2786 break; 2787 2788 case Q_TCP: 2789 case Q_UDP: 2790 case Q_ICMP: 2791 case Q_IGMP: 2792 case Q_IGRP: 2793 case Q_PIM: 2794 s = iphl_to_x(); 2795 sappend(s, xfer_to_a(index)); 2796 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2797 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2798 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2799 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2800 sappend(index->s, s); 2801 2802 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2803 if (index->b) 2804 gen_and(index->b, b); 2805 #ifdef INET6 2806 gen_and(gen_proto_abbrev(Q_IP), b); 2807 #endif 2808 index->b = b; 2809 break; 2810 #ifdef INET6 2811 case Q_ICMPV6: 2812 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2813 /*NOTREACHED*/ 2814 #endif 2815 } 2816 index->regno = regno; 2817 s = new_stmt(BPF_ST); 2818 s->s.k = regno; 2819 sappend(index->s, s); 2820 2821 return index; 2822 } 2823 2824 struct block * 2825 gen_relation(code, a0, a1, reversed) 2826 int code; 2827 struct arth *a0, *a1; 2828 int reversed; 2829 { 2830 struct slist *s0, *s1, *s2; 2831 struct block *b, *tmp; 2832 2833 s0 = xfer_to_x(a1); 2834 s1 = xfer_to_a(a0); 2835 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2836 b = new_block(JMP(code)); 2837 if (code == BPF_JGT || code == BPF_JGE) { 2838 reversed = !reversed; 2839 b->s.k = 0x80000000; 2840 } 2841 if (reversed) 2842 gen_not(b); 2843 2844 sappend(s1, s2); 2845 sappend(s0, s1); 2846 sappend(a1->s, s0); 2847 sappend(a0->s, a1->s); 2848 2849 b->stmts = a0->s; 2850 2851 free_reg(a0->regno); 2852 free_reg(a1->regno); 2853 2854 /* 'and' together protocol checks */ 2855 if (a0->b) { 2856 if (a1->b) { 2857 gen_and(a0->b, tmp = a1->b); 2858 } 2859 else 2860 tmp = a0->b; 2861 } else 2862 tmp = a1->b; 2863 2864 if (tmp) 2865 gen_and(tmp, b); 2866 2867 return b; 2868 } 2869 2870 struct arth * 2871 gen_loadlen() 2872 { 2873 int regno = alloc_reg(); 2874 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2875 struct slist *s; 2876 2877 s = new_stmt(BPF_LD|BPF_LEN); 2878 s->next = new_stmt(BPF_ST); 2879 s->next->s.k = regno; 2880 a->s = s; 2881 a->regno = regno; 2882 2883 return a; 2884 } 2885 2886 struct arth * 2887 gen_loadrnd() 2888 { 2889 int regno = alloc_reg(); 2890 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2891 struct slist *s; 2892 2893 s = new_stmt(BPF_LD|BPF_RND); 2894 s->next = new_stmt(BPF_ST); 2895 s->next->s.k = regno; 2896 a->s = s; 2897 a->regno = regno; 2898 2899 return a; 2900 } 2901 2902 struct arth * 2903 gen_loadi(val) 2904 int val; 2905 { 2906 struct arth *a; 2907 struct slist *s; 2908 int reg; 2909 2910 a = (struct arth *)newchunk(sizeof(*a)); 2911 2912 reg = alloc_reg(); 2913 2914 s = new_stmt(BPF_LD|BPF_IMM); 2915 s->s.k = val; 2916 s->next = new_stmt(BPF_ST); 2917 s->next->s.k = reg; 2918 a->s = s; 2919 a->regno = reg; 2920 2921 return a; 2922 } 2923 2924 struct arth * 2925 gen_neg(a) 2926 struct arth *a; 2927 { 2928 struct slist *s; 2929 2930 s = xfer_to_a(a); 2931 sappend(a->s, s); 2932 s = new_stmt(BPF_ALU|BPF_NEG); 2933 s->s.k = 0; 2934 sappend(a->s, s); 2935 s = new_stmt(BPF_ST); 2936 s->s.k = a->regno; 2937 sappend(a->s, s); 2938 2939 return a; 2940 } 2941 2942 struct arth * 2943 gen_arth(code, a0, a1) 2944 int code; 2945 struct arth *a0, *a1; 2946 { 2947 struct slist *s0, *s1, *s2; 2948 2949 s0 = xfer_to_x(a1); 2950 s1 = xfer_to_a(a0); 2951 s2 = new_stmt(BPF_ALU|BPF_X|code); 2952 2953 sappend(s1, s2); 2954 sappend(s0, s1); 2955 sappend(a1->s, s0); 2956 sappend(a0->s, a1->s); 2957 2958 free_reg(a1->regno); 2959 2960 s0 = new_stmt(BPF_ST); 2961 a0->regno = s0->s.k = alloc_reg(); 2962 sappend(a0->s, s0); 2963 2964 return a0; 2965 } 2966 2967 /* 2968 * Here we handle simple allocation of the scratch registers. 2969 * If too many registers are alloc'd, the allocator punts. 2970 */ 2971 static int regused[BPF_MEMWORDS]; 2972 static int curreg; 2973 2974 /* 2975 * Return the next free register. 2976 */ 2977 static int 2978 alloc_reg() 2979 { 2980 int n = BPF_MEMWORDS; 2981 2982 while (--n >= 0) { 2983 if (regused[curreg]) 2984 curreg = (curreg + 1) % BPF_MEMWORDS; 2985 else { 2986 regused[curreg] = 1; 2987 return curreg; 2988 } 2989 } 2990 bpf_error("too many registers needed to evaluate expression"); 2991 /* NOTREACHED */ 2992 } 2993 2994 /* 2995 * Return a register to the table so it can 2996 * be used later. 2997 */ 2998 static void 2999 free_reg(n) 3000 int n; 3001 { 3002 regused[n] = 0; 3003 } 3004 3005 static struct block * 3006 gen_len(jmp, n) 3007 int jmp, n; 3008 { 3009 struct slist *s; 3010 struct block *b; 3011 3012 s = new_stmt(BPF_LD|BPF_LEN); 3013 b = new_block(JMP(jmp)); 3014 b->stmts = s; 3015 b->s.k = n; 3016 3017 return b; 3018 } 3019 3020 struct block * 3021 gen_greater(n) 3022 int n; 3023 { 3024 return gen_len(BPF_JGE, n); 3025 } 3026 3027 struct block * 3028 gen_less(n) 3029 int n; 3030 { 3031 struct block *b; 3032 3033 b = gen_len(BPF_JGT, n); 3034 gen_not(b); 3035 3036 return b; 3037 } 3038 3039 struct block * 3040 gen_byteop(op, idx, val) 3041 int op, idx, val; 3042 { 3043 struct block *b; 3044 struct slist *s; 3045 3046 switch (op) { 3047 default: 3048 abort(); 3049 3050 case '=': 3051 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3052 3053 case '<': 3054 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3055 b->s.code = JMP(BPF_JGE); 3056 gen_not(b); 3057 return b; 3058 3059 case '>': 3060 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3061 b->s.code = JMP(BPF_JGT); 3062 return b; 3063 3064 case '|': 3065 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3066 break; 3067 3068 case '&': 3069 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3070 break; 3071 } 3072 s->s.k = val; 3073 b = new_block(JMP(BPF_JEQ)); 3074 b->stmts = s; 3075 gen_not(b); 3076 3077 return b; 3078 } 3079 3080 struct block * 3081 gen_broadcast(proto) 3082 int proto; 3083 { 3084 bpf_u_int32 hostmask; 3085 struct block *b0, *b1, *b2; 3086 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3087 3088 switch (proto) { 3089 3090 case Q_DEFAULT: 3091 case Q_LINK: 3092 if (linktype == DLT_EN10MB) 3093 return gen_ehostop(ebroadcast, Q_DST); 3094 if (linktype == DLT_FDDI) 3095 return gen_fhostop(ebroadcast, Q_DST); 3096 if (linktype == DLT_IEEE802_11 || 3097 linktype == DLT_IEEE802_11_RADIO) 3098 return gen_p80211_hostop(ebroadcast, Q_DST); 3099 bpf_error("not a broadcast link"); 3100 break; 3101 3102 case Q_IP: 3103 /* 3104 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff) 3105 * as an indication that we don't know the netmask, and fail 3106 * in that case. 3107 */ 3108 if (netmask == PCAP_NETMASK_UNKNOWN) 3109 bpf_error("netmask not known, so 'ip broadcast' not supported"); 3110 b0 = gen_linktype(ETHERTYPE_IP); 3111 hostmask = ~netmask; 3112 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3113 b2 = gen_mcmp_nl(16, BPF_W, 3114 (bpf_int32)(~0 & hostmask), hostmask); 3115 gen_or(b1, b2); 3116 gen_and(b0, b2); 3117 return b2; 3118 } 3119 bpf_error("only ether/ip broadcast filters supported"); 3120 } 3121 3122 struct block * 3123 gen_multicast(proto) 3124 int proto; 3125 { 3126 struct block *b0, *b1; 3127 struct slist *s; 3128 3129 switch (proto) { 3130 3131 case Q_DEFAULT: 3132 case Q_LINK: 3133 if (linktype == DLT_EN10MB) { 3134 /* ether[0] & 1 != 0 */ 3135 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3136 s->s.k = 0; 3137 b0 = new_block(JMP(BPF_JSET)); 3138 b0->s.k = 1; 3139 b0->stmts = s; 3140 return b0; 3141 } 3142 3143 if (linktype == DLT_FDDI) { 3144 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3145 /* fddi[1] & 1 != 0 */ 3146 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3147 s->s.k = 1; 3148 b0 = new_block(JMP(BPF_JSET)); 3149 b0->s.k = 1; 3150 b0->stmts = s; 3151 return b0; 3152 } 3153 /* Link not known to support multicasts */ 3154 break; 3155 3156 case Q_IP: 3157 b0 = gen_linktype(ETHERTYPE_IP); 3158 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3159 b1->s.code = JMP(BPF_JGE); 3160 gen_and(b0, b1); 3161 return b1; 3162 3163 #ifdef INET6 3164 case Q_IPV6: 3165 b0 = gen_linktype(ETHERTYPE_IPV6); 3166 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3167 gen_and(b0, b1); 3168 return b1; 3169 #endif /* INET6 */ 3170 } 3171 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3172 } 3173 3174 /* 3175 * generate command for inbound/outbound. It's here so we can 3176 * make it link-type specific. 'dir' = 0 implies "inbound", 3177 * = 1 implies "outbound". 3178 */ 3179 struct block * 3180 gen_inbound(dir) 3181 int dir; 3182 { 3183 struct block *b0; 3184 3185 /* 3186 * Only SLIP and old-style PPP data link types support 3187 * inbound/outbound qualifiers. 3188 */ 3189 switch (linktype) { 3190 case DLT_SLIP: 3191 case DLT_PPP: 3192 b0 = gen_relation(BPF_JEQ, 3193 gen_load(Q_LINK, gen_loadi(0), 1), 3194 gen_loadi(0), 3195 dir); 3196 break; 3197 3198 case DLT_PFLOG: 3199 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3200 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3201 break; 3202 3203 default: 3204 bpf_error("inbound/outbound not supported on linktype 0x%x", 3205 linktype); 3206 /* NOTREACHED */ 3207 } 3208 3209 return (b0); 3210 } 3211 3212 3213 /* PF firewall log matched interface */ 3214 struct block * 3215 gen_pf_ifname(char *ifname) 3216 { 3217 struct block *b0; 3218 u_int len, off; 3219 3220 if (linktype == DLT_PFLOG) { 3221 len = sizeof(((struct pfloghdr *)0)->ifname); 3222 off = offsetof(struct pfloghdr, ifname); 3223 } else { 3224 bpf_error("ifname not supported on linktype 0x%x", linktype); 3225 /* NOTREACHED */ 3226 } 3227 if (strlen(ifname) >= len) { 3228 bpf_error("ifname interface names can only be %d characters", 3229 len - 1); 3230 /* NOTREACHED */ 3231 } 3232 b0 = gen_bcmp(off, strlen(ifname), ifname); 3233 return (b0); 3234 } 3235 3236 3237 /* PF firewall log ruleset name */ 3238 struct block * 3239 gen_pf_ruleset(char *ruleset) 3240 { 3241 struct block *b0; 3242 3243 if (linktype != DLT_PFLOG) { 3244 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3245 /* NOTREACHED */ 3246 } 3247 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3248 bpf_error("ruleset names can only be %zu characters", 3249 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3250 /* NOTREACHED */ 3251 } 3252 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3253 strlen(ruleset), ruleset); 3254 return (b0); 3255 } 3256 3257 3258 /* PF firewall log rule number */ 3259 struct block * 3260 gen_pf_rnr(int rnr) 3261 { 3262 struct block *b0; 3263 3264 if (linktype == DLT_PFLOG) { 3265 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3266 (bpf_int32)rnr); 3267 } else { 3268 bpf_error("rnr not supported on linktype 0x%x", linktype); 3269 /* NOTREACHED */ 3270 } 3271 3272 return (b0); 3273 } 3274 3275 3276 /* PF firewall log sub-rule number */ 3277 struct block * 3278 gen_pf_srnr(int srnr) 3279 { 3280 struct block *b0; 3281 3282 if (linktype != DLT_PFLOG) { 3283 bpf_error("srnr not supported on linktype 0x%x", linktype); 3284 /* NOTREACHED */ 3285 } 3286 3287 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3288 (bpf_int32)srnr); 3289 return (b0); 3290 } 3291 3292 /* PF firewall log reason code */ 3293 struct block * 3294 gen_pf_reason(int reason) 3295 { 3296 struct block *b0; 3297 3298 if (linktype == DLT_PFLOG) { 3299 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3300 (bpf_int32)reason); 3301 } else { 3302 bpf_error("reason not supported on linktype 0x%x", linktype); 3303 /* NOTREACHED */ 3304 } 3305 3306 return (b0); 3307 } 3308 3309 /* PF firewall log action */ 3310 struct block * 3311 gen_pf_action(int action) 3312 { 3313 struct block *b0; 3314 3315 if (linktype == DLT_PFLOG) { 3316 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3317 (bpf_int32)action); 3318 } else { 3319 bpf_error("action not supported on linktype 0x%x", linktype); 3320 /* NOTREACHED */ 3321 } 3322 3323 return (b0); 3324 } 3325 3326 /* IEEE 802.11 wireless header */ 3327 struct block * 3328 gen_p80211_type(int type, int mask) 3329 { 3330 struct block *b0; 3331 u_int offset; 3332 3333 if (!(linktype == DLT_IEEE802_11 || 3334 linktype == DLT_IEEE802_11_RADIO)) { 3335 bpf_error("type not supported on linktype 0x%x", 3336 linktype); 3337 /* NOTREACHED */ 3338 } 3339 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3340 if (linktype == DLT_IEEE802_11_RADIO) 3341 offset += IEEE80211_RADIOTAP_HDRLEN; 3342 3343 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3344 3345 return (b0); 3346 } 3347 3348 static struct block * 3349 gen_ahostop(eaddr, dir) 3350 const u_char *eaddr; 3351 int dir; 3352 { 3353 struct block *b0, *b1; 3354 3355 switch (dir) { 3356 /* src comes first, different from Ethernet */ 3357 case Q_SRC: 3358 return gen_bcmp(0, 1, eaddr); 3359 3360 case Q_DST: 3361 return gen_bcmp(1, 1, eaddr); 3362 3363 case Q_AND: 3364 b0 = gen_ahostop(eaddr, Q_SRC); 3365 b1 = gen_ahostop(eaddr, Q_DST); 3366 gen_and(b0, b1); 3367 return b1; 3368 3369 case Q_DEFAULT: 3370 case Q_OR: 3371 b0 = gen_ahostop(eaddr, Q_SRC); 3372 b1 = gen_ahostop(eaddr, Q_DST); 3373 gen_or(b0, b1); 3374 return b1; 3375 } 3376 abort(); 3377 /* NOTREACHED */ 3378 } 3379 3380 struct block * 3381 gen_acode(eaddr, q) 3382 const u_char *eaddr; 3383 struct qual q; 3384 { 3385 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3386 if (linktype == DLT_ARCNET) 3387 return gen_ahostop(eaddr, (int)q.dir); 3388 } 3389 bpf_error("ARCnet address used in non-arc expression"); 3390 /* NOTREACHED */ 3391 } 3392 3393 struct block * 3394 gen_mpls(label) 3395 int label; 3396 { 3397 struct block *b0; 3398 3399 if (label > MPLS_LABEL_MAX) 3400 bpf_error("invalid MPLS label : %d", label); 3401 3402 if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */ 3403 b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1); 3404 else 3405 b0 = gen_linktype(ETHERTYPE_MPLS); 3406 3407 if (label >= 0) { 3408 struct block *b1; 3409 3410 b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12), 3411 MPLS_LABEL_MASK); 3412 gen_and(b0, b1); 3413 b0 = b1; 3414 } 3415 off_nl += 4; 3416 off_linktype += 4; 3417 mpls_stack++; 3418 return (b0); 3419 } 3420 3421 /* 3422 * support IEEE 802.1Q VLAN trunk over ethernet 3423 */ 3424 struct block * 3425 gen_vlan(vlan_num) 3426 int vlan_num; 3427 { 3428 struct block *b0; 3429 3430 if (variable_nl) { 3431 bpf_error("'vlan' not supported for variable DLTs"); 3432 /*NOTREACHED*/ 3433 } 3434 3435 if (vlan_num > 4095) { 3436 bpf_error("invalid VLAN number : %d", vlan_num); 3437 /*NOTREACHED*/ 3438 } 3439 3440 /* 3441 * Change the offsets to point to the type and data fields within 3442 * the VLAN packet. This is somewhat of a kludge. 3443 */ 3444 if (orig_nl == (u_int)-1) { 3445 orig_linktype = off_linktype; /* save original values */ 3446 orig_nl = off_nl; 3447 orig_nl_nosnap = off_nl_nosnap; 3448 3449 switch (linktype) { 3450 3451 case DLT_EN10MB: 3452 off_linktype = 16; 3453 off_nl_nosnap = 18; 3454 off_nl = 18; 3455 break; 3456 3457 default: 3458 bpf_error("no VLAN support for data link type %d", 3459 linktype); 3460 /*NOTREACHED*/ 3461 } 3462 } 3463 3464 /* check for VLAN */ 3465 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3466 3467 /* If a specific VLAN is requested, check VLAN id */ 3468 if (vlan_num >= 0) { 3469 struct block *b1; 3470 3471 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF); 3472 gen_and(b0, b1); 3473 b0 = b1; 3474 } 3475 3476 return (b0); 3477 } 3478 3479 struct block * 3480 gen_sample(int rate) 3481 { 3482 struct block *b0; 3483 long long threshold = 0x100000000LL; /* 0xffffffff + 1 */ 3484 3485 if (rate < 2) { 3486 bpf_error("sample %d is too low", rate); 3487 /*NOTREACHED*/ 3488 } 3489 if (rate > (1 << 20)) { 3490 bpf_error("sample %d is too high", rate); 3491 /*NOTREACHED*/ 3492 } 3493 3494 threshold /= rate; 3495 b0 = gen_relation(BPF_JGT, gen_loadrnd(), gen_loadi(threshold), 1); 3496 3497 return (b0); 3498 } 3499 3500 struct block * 3501 gen_p80211_fcdir(int fcdir) 3502 { 3503 struct block *b0; 3504 u_int offset; 3505 3506 if (!(linktype == DLT_IEEE802_11 || 3507 linktype == DLT_IEEE802_11_RADIO)) { 3508 bpf_error("frame direction not supported on linktype 0x%x", 3509 linktype); 3510 /* NOTREACHED */ 3511 } 3512 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3513 if (linktype == DLT_IEEE802_11_RADIO) 3514 offset += IEEE80211_RADIOTAP_HDRLEN; 3515 3516 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3517 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3518 3519 return (b0); 3520 } 3521 3522 static struct block * 3523 gen_p80211_hostop(const u_char *lladdr, int dir) 3524 { 3525 struct block *b0, *b1, *b2, *b3, *b4; 3526 u_int offset = 0; 3527 3528 if (linktype == DLT_IEEE802_11_RADIO) 3529 offset = IEEE80211_RADIOTAP_HDRLEN; 3530 3531 switch (dir) { 3532 case Q_SRC: 3533 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3534 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3535 lladdr); 3536 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3537 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3538 lladdr); 3539 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3540 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3541 lladdr); 3542 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3543 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3544 lladdr); 3545 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3546 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3547 lladdr); 3548 3549 gen_or(b0, b1); 3550 gen_or(b1, b2); 3551 gen_or(b2, b3); 3552 gen_or(b3, b4); 3553 return (b4); 3554 3555 case Q_DST: 3556 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3557 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3558 lladdr); 3559 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3560 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3561 lladdr); 3562 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3563 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3564 lladdr); 3565 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3566 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3567 lladdr); 3568 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3569 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3570 lladdr); 3571 3572 gen_or(b0, b1); 3573 gen_or(b1, b2); 3574 gen_or(b2, b3); 3575 gen_or(b3, b4); 3576 return (b4); 3577 3578 case Q_ADDR1: 3579 return (gen_bcmp(offset + 3580 (u_int)offsetof(struct ieee80211_frame, 3581 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3582 3583 case Q_ADDR2: 3584 return (gen_bcmp(offset + 3585 (u_int)offsetof(struct ieee80211_frame, 3586 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3587 3588 case Q_ADDR3: 3589 return (gen_bcmp(offset + 3590 (u_int)offsetof(struct ieee80211_frame, 3591 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3592 3593 case Q_ADDR4: 3594 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3595 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3596 lladdr)); 3597 3598 case Q_AND: 3599 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3600 b1 = gen_p80211_hostop(lladdr, Q_DST); 3601 gen_and(b0, b1); 3602 return (b1); 3603 3604 case Q_DEFAULT: 3605 case Q_OR: 3606 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3607 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3608 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3609 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3610 gen_or(b0, b1); 3611 gen_or(b1, b2); 3612 gen_or(b2, b3); 3613 return (b3); 3614 3615 default: 3616 bpf_error("direction not supported on linktype 0x%x", 3617 linktype); 3618 } 3619 /* NOTREACHED */ 3620 } 3621 3622 static struct block * 3623 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3624 { 3625 struct block *b0, *b1; 3626 3627 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3628 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3629 gen_and(b0, b1); 3630 3631 return (b1); 3632 } 3633