1 /* $OpenBSD: gencode.c,v 1.32 2009/09/18 23:32:13 bluhm Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/time.h> 27 28 struct mbuf; 29 struct rtentry; 30 31 #include <net/if.h> 32 33 #include <netinet/in.h> 34 #include <netinet/if_ether.h> 35 36 #include <net/if_pflog.h> 37 #include <net/pfvar.h> 38 39 #include <net80211/ieee80211.h> 40 #include <net80211/ieee80211_radiotap.h> 41 42 #include <stdlib.h> 43 #include <stddef.h> 44 #include <memory.h> 45 #include <setjmp.h> 46 #include <stdarg.h> 47 48 #include "pcap-int.h" 49 50 #include "ethertype.h" 51 #include "llc.h" 52 #include "gencode.h" 53 #include "ppp.h" 54 #include <pcap-namedb.h> 55 #ifdef INET6 56 #include <netdb.h> 57 #include <sys/socket.h> 58 #endif /*INET6*/ 59 60 #ifdef HAVE_OS_PROTO_H 61 #include "os-proto.h" 62 #endif 63 64 #define JMP(c) ((c)|BPF_JMP|BPF_K) 65 66 /* Locals */ 67 static jmp_buf top_ctx; 68 static pcap_t *bpf_pcap; 69 70 /* Hack for updating VLAN offsets. */ 71 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 72 73 /* XXX */ 74 #ifdef PCAP_FDDIPAD 75 int pcap_fddipad = PCAP_FDDIPAD; 76 #else 77 int pcap_fddipad; 78 #endif 79 80 /* VARARGS */ 81 __dead void 82 bpf_error(const char *fmt, ...) 83 { 84 va_list ap; 85 86 va_start(ap, fmt); 87 if (bpf_pcap != NULL) 88 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 89 fmt, ap); 90 va_end(ap); 91 longjmp(top_ctx, 1); 92 /* NOTREACHED */ 93 } 94 95 static void init_linktype(int); 96 97 static int alloc_reg(void); 98 static void free_reg(int); 99 100 static struct block *root; 101 102 /* 103 * We divy out chunks of memory rather than call malloc each time so 104 * we don't have to worry about leaking memory. It's probably 105 * not a big deal if all this memory was wasted but it this ever 106 * goes into a library that would probably not be a good idea. 107 */ 108 #define NCHUNKS 16 109 #define CHUNK0SIZE 1024 110 struct chunk { 111 u_int n_left; 112 void *m; 113 }; 114 115 static struct chunk chunks[NCHUNKS]; 116 static int cur_chunk; 117 118 static void *newchunk(u_int); 119 static void freechunks(void); 120 static __inline struct block *new_block(int); 121 static __inline struct slist *new_stmt(int); 122 static struct block *gen_retblk(int); 123 static __inline void syntax(void); 124 125 static void backpatch(struct block *, struct block *); 126 static void merge(struct block *, struct block *); 127 static struct block *gen_cmp(u_int, u_int, bpf_int32); 128 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 129 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 130 static struct block *gen_bcmp(u_int, u_int, const u_char *); 131 static struct block *gen_uncond(int); 132 static __inline struct block *gen_true(void); 133 static __inline struct block *gen_false(void); 134 static struct block *gen_linktype(int); 135 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 136 #ifdef INET6 137 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 138 #endif 139 static struct block *gen_ehostop(const u_char *, int); 140 static struct block *gen_fhostop(const u_char *, int); 141 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 142 static struct block *gen_p80211_hostop(const u_char *, int); 143 static struct block *gen_p80211_addr(int, u_int, const u_char *); 144 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 145 #ifdef INET6 146 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 147 #endif 148 #ifndef INET6 149 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 150 #endif 151 static struct block *gen_ipfrag(void); 152 static struct block *gen_portatom(int, bpf_int32); 153 #ifdef INET6 154 static struct block *gen_portatom6(int, bpf_int32); 155 #endif 156 struct block *gen_portop(int, int, int); 157 static struct block *gen_port(int, int, int); 158 #ifdef INET6 159 struct block *gen_portop6(int, int, int); 160 static struct block *gen_port6(int, int, int); 161 #endif 162 static int lookup_proto(const char *, int); 163 static struct block *gen_protochain(int, int, int); 164 static struct block *gen_proto(int, int, int); 165 static struct slist *xfer_to_x(struct arth *); 166 static struct slist *xfer_to_a(struct arth *); 167 static struct block *gen_len(int, int); 168 169 static void * 170 newchunk(n) 171 u_int n; 172 { 173 struct chunk *cp; 174 int k, size; 175 176 /* XXX Round to structure boundary. */ 177 n = ALIGN(n); 178 179 cp = &chunks[cur_chunk]; 180 if (n > cp->n_left) { 181 ++cp, k = ++cur_chunk; 182 if (k >= NCHUNKS) 183 bpf_error("out of memory"); 184 size = CHUNK0SIZE << k; 185 cp->m = (void *)malloc(size); 186 if (cp->m == NULL) 187 bpf_error("out of memory"); 188 189 memset((char *)cp->m, 0, size); 190 cp->n_left = size; 191 if (n > size) 192 bpf_error("out of memory"); 193 } 194 cp->n_left -= n; 195 return (void *)((char *)cp->m + cp->n_left); 196 } 197 198 static void 199 freechunks() 200 { 201 int i; 202 203 cur_chunk = 0; 204 for (i = 0; i < NCHUNKS; ++i) 205 if (chunks[i].m != NULL) { 206 free(chunks[i].m); 207 chunks[i].m = NULL; 208 } 209 } 210 211 /* 212 * A strdup whose allocations are freed after code generation is over. 213 */ 214 char * 215 sdup(s) 216 register const char *s; 217 { 218 int n = strlen(s) + 1; 219 char *cp = newchunk(n); 220 221 strlcpy(cp, s, n); 222 return (cp); 223 } 224 225 static __inline struct block * 226 new_block(code) 227 int code; 228 { 229 struct block *p; 230 231 p = (struct block *)newchunk(sizeof(*p)); 232 p->s.code = code; 233 p->head = p; 234 235 return p; 236 } 237 238 static __inline struct slist * 239 new_stmt(code) 240 int code; 241 { 242 struct slist *p; 243 244 p = (struct slist *)newchunk(sizeof(*p)); 245 p->s.code = code; 246 247 return p; 248 } 249 250 static struct block * 251 gen_retblk(v) 252 int v; 253 { 254 struct block *b = new_block(BPF_RET|BPF_K); 255 256 b->s.k = v; 257 return b; 258 } 259 260 static __inline void 261 syntax() 262 { 263 bpf_error("syntax error in filter expression"); 264 } 265 266 static bpf_u_int32 netmask; 267 static int snaplen; 268 int no_optimize; 269 270 int 271 pcap_compile(pcap_t *p, struct bpf_program *program, 272 char *buf, int optimize, bpf_u_int32 mask) 273 { 274 extern int n_errors; 275 int len; 276 277 no_optimize = 0; 278 n_errors = 0; 279 root = NULL; 280 bpf_pcap = p; 281 if (setjmp(top_ctx)) { 282 freechunks(); 283 return (-1); 284 } 285 286 netmask = mask; 287 snaplen = pcap_snapshot(p); 288 289 lex_init(buf ? buf : ""); 290 init_linktype(pcap_datalink(p)); 291 (void)pcap_parse(); 292 293 if (n_errors) 294 syntax(); 295 296 if (root == NULL) 297 root = gen_retblk(snaplen); 298 299 if (optimize && !no_optimize) { 300 bpf_optimize(&root); 301 if (root == NULL || 302 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 303 bpf_error("expression rejects all packets"); 304 } 305 program->bf_insns = icode_to_fcode(root, &len); 306 program->bf_len = len; 307 308 freechunks(); 309 return (0); 310 } 311 312 /* 313 * entry point for using the compiler with no pcap open 314 * pass in all the stuff that is needed explicitly instead. 315 */ 316 int 317 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 318 struct bpf_program *program, 319 char *buf, int optimize, bpf_u_int32 mask) 320 { 321 extern int n_errors; 322 int len; 323 324 n_errors = 0; 325 root = NULL; 326 bpf_pcap = NULL; 327 if (setjmp(top_ctx)) { 328 freechunks(); 329 return (-1); 330 } 331 332 netmask = mask; 333 334 /* XXX needed? I don't grok the use of globals here. */ 335 snaplen = snaplen_arg; 336 337 lex_init(buf ? buf : ""); 338 init_linktype(linktype_arg); 339 (void)pcap_parse(); 340 341 if (n_errors) 342 syntax(); 343 344 if (root == NULL) 345 root = gen_retblk(snaplen_arg); 346 347 if (optimize) { 348 bpf_optimize(&root); 349 if (root == NULL || 350 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 351 bpf_error("expression rejects all packets"); 352 } 353 program->bf_insns = icode_to_fcode(root, &len); 354 program->bf_len = len; 355 356 freechunks(); 357 return (0); 358 } 359 360 /* 361 * Clean up a "struct bpf_program" by freeing all the memory allocated 362 * in it. 363 */ 364 void 365 pcap_freecode(struct bpf_program *program) 366 { 367 program->bf_len = 0; 368 if (program->bf_insns != NULL) { 369 free((char *)program->bf_insns); 370 program->bf_insns = NULL; 371 } 372 } 373 374 /* 375 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 376 * which of the jt and jf fields has been resolved and which is a pointer 377 * back to another unresolved block (or nil). At least one of the fields 378 * in each block is already resolved. 379 */ 380 static void 381 backpatch(list, target) 382 struct block *list, *target; 383 { 384 struct block *next; 385 386 while (list) { 387 if (!list->sense) { 388 next = JT(list); 389 JT(list) = target; 390 } else { 391 next = JF(list); 392 JF(list) = target; 393 } 394 list = next; 395 } 396 } 397 398 /* 399 * Merge the lists in b0 and b1, using the 'sense' field to indicate 400 * which of jt and jf is the link. 401 */ 402 static void 403 merge(b0, b1) 404 struct block *b0, *b1; 405 { 406 register struct block **p = &b0; 407 408 /* Find end of list. */ 409 while (*p) 410 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 411 412 /* Concatenate the lists. */ 413 *p = b1; 414 } 415 416 void 417 finish_parse(p) 418 struct block *p; 419 { 420 backpatch(p, gen_retblk(snaplen)); 421 p->sense = !p->sense; 422 backpatch(p, gen_retblk(0)); 423 root = p->head; 424 } 425 426 void 427 gen_and(b0, b1) 428 struct block *b0, *b1; 429 { 430 backpatch(b0, b1->head); 431 b0->sense = !b0->sense; 432 b1->sense = !b1->sense; 433 merge(b1, b0); 434 b1->sense = !b1->sense; 435 b1->head = b0->head; 436 } 437 438 void 439 gen_or(b0, b1) 440 struct block *b0, *b1; 441 { 442 b0->sense = !b0->sense; 443 backpatch(b0, b1->head); 444 b0->sense = !b0->sense; 445 merge(b1, b0); 446 b1->head = b0->head; 447 } 448 449 void 450 gen_not(b) 451 struct block *b; 452 { 453 b->sense = !b->sense; 454 } 455 456 static struct block * 457 gen_cmp(offset, size, v) 458 u_int offset, size; 459 bpf_int32 v; 460 { 461 struct slist *s; 462 struct block *b; 463 464 s = new_stmt(BPF_LD|BPF_ABS|size); 465 s->s.k = offset; 466 467 b = new_block(JMP(BPF_JEQ)); 468 b->stmts = s; 469 b->s.k = v; 470 471 return b; 472 } 473 474 static struct block * 475 gen_cmp_gt(offset, size, v) 476 u_int offset, size; 477 bpf_int32 v; 478 { 479 struct slist *s; 480 struct block *b; 481 482 s = new_stmt(BPF_LD|BPF_ABS|size); 483 s->s.k = offset; 484 485 b = new_block(JMP(BPF_JGT)); 486 b->stmts = s; 487 b->s.k = v; 488 489 return b; 490 } 491 492 static struct block * 493 gen_mcmp(offset, size, v, mask) 494 u_int offset, size; 495 bpf_int32 v; 496 bpf_u_int32 mask; 497 { 498 struct block *b = gen_cmp(offset, size, v); 499 struct slist *s; 500 501 if (mask != 0xffffffff) { 502 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 503 s->s.k = mask; 504 b->stmts->next = s; 505 } 506 return b; 507 } 508 509 static struct block * 510 gen_bcmp(offset, size, v) 511 register u_int offset, size; 512 register const u_char *v; 513 { 514 register struct block *b, *tmp; 515 516 b = NULL; 517 while (size >= 4) { 518 register const u_char *p = &v[size - 4]; 519 bpf_int32 w = ((bpf_int32)p[0] << 24) | 520 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 521 522 tmp = gen_cmp(offset + size - 4, BPF_W, w); 523 if (b != NULL) 524 gen_and(b, tmp); 525 b = tmp; 526 size -= 4; 527 } 528 while (size >= 2) { 529 register const u_char *p = &v[size - 2]; 530 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 531 532 tmp = gen_cmp(offset + size - 2, BPF_H, w); 533 if (b != NULL) 534 gen_and(b, tmp); 535 b = tmp; 536 size -= 2; 537 } 538 if (size > 0) { 539 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 540 if (b != NULL) 541 gen_and(b, tmp); 542 b = tmp; 543 } 544 return b; 545 } 546 547 /* 548 * Various code constructs need to know the layout of the data link 549 * layer. These variables give the necessary offsets. off_linktype 550 * is set to -1 for no encapsulation, in which case, IP is assumed. 551 */ 552 static u_int off_linktype; 553 static u_int off_nl; 554 static u_int off_nl_nosnap; 555 556 static int linktype; 557 558 static void 559 init_linktype(type) 560 int type; 561 { 562 linktype = type; 563 564 switch (type) { 565 566 case DLT_EN10MB: 567 off_linktype = 12; 568 off_nl = 14; 569 return; 570 571 case DLT_SLIP: 572 /* 573 * SLIP doesn't have a link level type. The 16 byte 574 * header is hacked into our SLIP driver. 575 */ 576 off_linktype = -1; 577 off_nl = 16; 578 return; 579 580 case DLT_SLIP_BSDOS: 581 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 582 off_linktype = -1; 583 /* XXX end */ 584 off_nl = 24; 585 return; 586 587 case DLT_NULL: 588 off_linktype = 0; 589 off_nl = 4; 590 return; 591 592 case DLT_PPP: 593 off_linktype = 2; 594 off_nl = 4; 595 return; 596 597 case DLT_PPP_ETHER: 598 /* 599 * This does not include the Ethernet header, and 600 * only covers session state. 601 */ 602 off_linktype = 6; 603 off_nl = 8; 604 return; 605 606 case DLT_PPP_BSDOS: 607 off_linktype = 5; 608 off_nl = 24; 609 return; 610 611 case DLT_FDDI: 612 /* 613 * FDDI doesn't really have a link-level type field. 614 * We assume that SSAP = SNAP is being used and pick 615 * out the encapsulated Ethernet type. 616 */ 617 off_linktype = 19; 618 #ifdef PCAP_FDDIPAD 619 off_linktype += pcap_fddipad; 620 #endif 621 off_nl = 21; 622 #ifdef PCAP_FDDIPAD 623 off_nl += pcap_fddipad; 624 #endif 625 return; 626 627 case DLT_IEEE802: 628 off_linktype = 20; 629 off_nl = 22; 630 return; 631 632 case DLT_IEEE802_11: 633 off_linktype = 30; /* XXX variable */ 634 off_nl = 32; 635 return; 636 637 case DLT_IEEE802_11_RADIO: /* XXX variable */ 638 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 639 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 640 return; 641 642 case DLT_ATM_RFC1483: 643 /* 644 * assume routed, non-ISO PDUs 645 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 646 */ 647 off_linktype = 6; 648 off_nl = 8; 649 return; 650 651 case DLT_LOOP: 652 off_linktype = -1; 653 off_nl = 4; 654 return; 655 656 case DLT_ENC: 657 off_linktype = -1; 658 off_nl = 12; 659 return; 660 661 case DLT_OLD_PFLOG: 662 off_linktype = 0; 663 off_nl = 28; 664 return; 665 666 case DLT_PFLOG: 667 off_linktype = 0; 668 /* XXX read from header? */ 669 off_nl = PFLOG_HDRLEN; 670 return; 671 672 case DLT_PFSYNC: 673 off_linktype = -1; 674 off_nl = 4; 675 return; 676 677 case DLT_RAW: 678 off_linktype = -1; 679 off_nl = 0; 680 return; 681 } 682 bpf_error("unknown data link type 0x%x", linktype); 683 /* NOTREACHED */ 684 } 685 686 static struct block * 687 gen_uncond(rsense) 688 int rsense; 689 { 690 struct block *b; 691 struct slist *s; 692 693 s = new_stmt(BPF_LD|BPF_IMM); 694 s->s.k = !rsense; 695 b = new_block(JMP(BPF_JEQ)); 696 b->stmts = s; 697 698 return b; 699 } 700 701 static __inline struct block * 702 gen_true() 703 { 704 return gen_uncond(1); 705 } 706 707 static __inline struct block * 708 gen_false() 709 { 710 return gen_uncond(0); 711 } 712 713 static struct block * 714 gen_linktype(proto) 715 register int proto; 716 { 717 struct block *b0, *b1; 718 719 /* If we're not using encapsulation and checking for IP, we're done */ 720 if (off_linktype == -1 && proto == ETHERTYPE_IP) 721 return gen_true(); 722 #ifdef INET6 723 /* this isn't the right thing to do, but sometimes necessary */ 724 if (off_linktype == -1 && proto == ETHERTYPE_IPV6) 725 return gen_true(); 726 #endif 727 728 switch (linktype) { 729 730 case DLT_EN10MB: 731 if (proto <= ETHERMTU) { 732 /* This is an LLC SAP value */ 733 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 734 gen_not(b0); 735 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 736 gen_and(b0, b1); 737 return b1; 738 } else { 739 /* This is an Ethernet type */ 740 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 741 } 742 break; 743 744 case DLT_SLIP: 745 return gen_false(); 746 747 case DLT_PPP: 748 case DLT_PPP_ETHER: 749 if (proto == ETHERTYPE_IP) 750 proto = PPP_IP; /* XXX was 0x21 */ 751 #ifdef INET6 752 else if (proto == ETHERTYPE_IPV6) 753 proto = PPP_IPV6; 754 #endif 755 break; 756 757 case DLT_PPP_BSDOS: 758 switch (proto) { 759 760 case ETHERTYPE_IP: 761 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 762 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 763 gen_or(b0, b1); 764 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 765 gen_or(b1, b0); 766 return b0; 767 768 #ifdef INET6 769 case ETHERTYPE_IPV6: 770 proto = PPP_IPV6; 771 /* more to go? */ 772 break; 773 #endif /* INET6 */ 774 775 case ETHERTYPE_DN: 776 proto = PPP_DECNET; 777 break; 778 779 case ETHERTYPE_ATALK: 780 proto = PPP_APPLE; 781 break; 782 783 case ETHERTYPE_NS: 784 proto = PPP_NS; 785 break; 786 } 787 break; 788 789 case DLT_LOOP: 790 case DLT_ENC: 791 case DLT_NULL: 792 /* XXX */ 793 if (proto == ETHERTYPE_IP) 794 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 795 #ifdef INET6 796 else if (proto == ETHERTYPE_IPV6) 797 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 798 #endif /* INET6 */ 799 else 800 return gen_false(); 801 break; 802 case DLT_OLD_PFLOG: 803 if (proto == ETHERTYPE_IP) 804 return (gen_cmp(0, BPF_W, (bpf_int32)AF_INET)); 805 #ifdef INET6 806 else if (proto == ETHERTYPE_IPV6) 807 return (gen_cmp(0, BPF_W, (bpf_int32)AF_INET6)); 808 #endif /* INET6 */ 809 else 810 return gen_false(); 811 break; 812 813 case DLT_PFLOG: 814 if (proto == ETHERTYPE_IP) 815 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 816 (bpf_int32)AF_INET)); 817 #ifdef INET6 818 else if (proto == ETHERTYPE_IPV6) 819 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 820 (bpf_int32)AF_INET6)); 821 #endif /* INET6 */ 822 else 823 return gen_false(); 824 break; 825 826 } 827 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 828 } 829 830 static struct block * 831 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 832 bpf_u_int32 addr; 833 bpf_u_int32 mask; 834 int dir, proto; 835 u_int src_off, dst_off; 836 { 837 struct block *b0, *b1; 838 u_int offset; 839 840 switch (dir) { 841 842 case Q_SRC: 843 offset = src_off; 844 break; 845 846 case Q_DST: 847 offset = dst_off; 848 break; 849 850 case Q_AND: 851 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 852 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 853 gen_and(b0, b1); 854 return b1; 855 856 case Q_OR: 857 case Q_DEFAULT: 858 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 859 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 860 gen_or(b0, b1); 861 return b1; 862 863 default: 864 bpf_error("direction not supported on linktype 0x%x", 865 linktype); 866 } 867 b0 = gen_linktype(proto); 868 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 869 gen_and(b0, b1); 870 return b1; 871 } 872 873 #ifdef INET6 874 static struct block * 875 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 876 struct in6_addr *addr; 877 struct in6_addr *mask; 878 int dir, proto; 879 u_int src_off, dst_off; 880 { 881 struct block *b0, *b1; 882 u_int offset; 883 u_int32_t *a, *m; 884 885 switch (dir) { 886 887 case Q_SRC: 888 offset = src_off; 889 break; 890 891 case Q_DST: 892 offset = dst_off; 893 break; 894 895 case Q_AND: 896 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 897 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 898 gen_and(b0, b1); 899 return b1; 900 901 case Q_OR: 902 case Q_DEFAULT: 903 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 904 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 905 gen_or(b0, b1); 906 return b1; 907 908 default: 909 bpf_error("direction not supported on linktype 0x%x", 910 linktype); 911 } 912 /* this order is important */ 913 a = (u_int32_t *)addr; 914 m = (u_int32_t *)mask; 915 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 916 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 917 gen_and(b0, b1); 918 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 919 gen_and(b0, b1); 920 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 921 gen_and(b0, b1); 922 b0 = gen_linktype(proto); 923 gen_and(b0, b1); 924 return b1; 925 } 926 #endif /*INET6*/ 927 928 static struct block * 929 gen_ehostop(eaddr, dir) 930 register const u_char *eaddr; 931 register int dir; 932 { 933 struct block *b0, *b1; 934 935 switch (dir) { 936 case Q_SRC: 937 return gen_bcmp(6, 6, eaddr); 938 939 case Q_DST: 940 return gen_bcmp(0, 6, eaddr); 941 942 case Q_AND: 943 b0 = gen_ehostop(eaddr, Q_SRC); 944 b1 = gen_ehostop(eaddr, Q_DST); 945 gen_and(b0, b1); 946 return b1; 947 948 case Q_DEFAULT: 949 case Q_OR: 950 b0 = gen_ehostop(eaddr, Q_SRC); 951 b1 = gen_ehostop(eaddr, Q_DST); 952 gen_or(b0, b1); 953 return b1; 954 default: 955 bpf_error("direction not supported on linktype 0x%x", 956 linktype); 957 } 958 /* NOTREACHED */ 959 } 960 961 /* 962 * Like gen_ehostop, but for DLT_FDDI 963 */ 964 static struct block * 965 gen_fhostop(eaddr, dir) 966 register const u_char *eaddr; 967 register int dir; 968 { 969 struct block *b0, *b1; 970 971 switch (dir) { 972 case Q_SRC: 973 #ifdef PCAP_FDDIPAD 974 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 975 #else 976 return gen_bcmp(6 + 1, 6, eaddr); 977 #endif 978 979 case Q_DST: 980 #ifdef PCAP_FDDIPAD 981 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 982 #else 983 return gen_bcmp(0 + 1, 6, eaddr); 984 #endif 985 986 case Q_AND: 987 b0 = gen_fhostop(eaddr, Q_SRC); 988 b1 = gen_fhostop(eaddr, Q_DST); 989 gen_and(b0, b1); 990 return b1; 991 992 case Q_DEFAULT: 993 case Q_OR: 994 b0 = gen_fhostop(eaddr, Q_SRC); 995 b1 = gen_fhostop(eaddr, Q_DST); 996 gen_or(b0, b1); 997 return b1; 998 default: 999 bpf_error("direction not supported on linktype 0x%x", 1000 linktype); 1001 } 1002 /* NOTREACHED */ 1003 } 1004 1005 /* 1006 * This is quite tricky because there may be pad bytes in front of the 1007 * DECNET header, and then there are two possible data packet formats that 1008 * carry both src and dst addresses, plus 5 packet types in a format that 1009 * carries only the src node, plus 2 types that use a different format and 1010 * also carry just the src node. 1011 * 1012 * Yuck. 1013 * 1014 * Instead of doing those all right, we just look for data packets with 1015 * 0 or 1 bytes of padding. If you want to look at other packets, that 1016 * will require a lot more hacking. 1017 * 1018 * To add support for filtering on DECNET "areas" (network numbers) 1019 * one would want to add a "mask" argument to this routine. That would 1020 * make the filter even more inefficient, although one could be clever 1021 * and not generate masking instructions if the mask is 0xFFFF. 1022 */ 1023 static struct block * 1024 gen_dnhostop(addr, dir, base_off) 1025 bpf_u_int32 addr; 1026 int dir; 1027 u_int base_off; 1028 { 1029 struct block *b0, *b1, *b2, *tmp; 1030 u_int offset_lh; /* offset if long header is received */ 1031 u_int offset_sh; /* offset if short header is received */ 1032 1033 switch (dir) { 1034 1035 case Q_DST: 1036 offset_sh = 1; /* follows flags */ 1037 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1038 break; 1039 1040 case Q_SRC: 1041 offset_sh = 3; /* follows flags, dstnode */ 1042 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1043 break; 1044 1045 case Q_AND: 1046 /* Inefficient because we do our Calvinball dance twice */ 1047 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1048 b1 = gen_dnhostop(addr, Q_DST, base_off); 1049 gen_and(b0, b1); 1050 return b1; 1051 1052 case Q_OR: 1053 case Q_DEFAULT: 1054 /* Inefficient because we do our Calvinball dance twice */ 1055 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1056 b1 = gen_dnhostop(addr, Q_DST, base_off); 1057 gen_or(b0, b1); 1058 return b1; 1059 1060 default: 1061 bpf_error("direction not supported on linktype 0x%x", 1062 linktype); 1063 } 1064 b0 = gen_linktype(ETHERTYPE_DN); 1065 /* Check for pad = 1, long header case */ 1066 tmp = gen_mcmp(base_off + 2, BPF_H, 1067 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1068 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 1069 BPF_H, (bpf_int32)ntohs(addr)); 1070 gen_and(tmp, b1); 1071 /* Check for pad = 0, long header case */ 1072 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1073 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1074 gen_and(tmp, b2); 1075 gen_or(b2, b1); 1076 /* Check for pad = 1, short header case */ 1077 tmp = gen_mcmp(base_off + 2, BPF_H, 1078 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1079 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 1080 BPF_H, (bpf_int32)ntohs(addr)); 1081 gen_and(tmp, b2); 1082 gen_or(b2, b1); 1083 /* Check for pad = 0, short header case */ 1084 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1085 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1086 gen_and(tmp, b2); 1087 gen_or(b2, b1); 1088 1089 /* Combine with test for linktype */ 1090 gen_and(b0, b1); 1091 return b1; 1092 } 1093 1094 static struct block * 1095 gen_host(addr, mask, proto, dir) 1096 bpf_u_int32 addr; 1097 bpf_u_int32 mask; 1098 int proto; 1099 int dir; 1100 { 1101 struct block *b0, *b1; 1102 1103 switch (proto) { 1104 1105 case Q_DEFAULT: 1106 b0 = gen_host(addr, mask, Q_IP, dir); 1107 b1 = gen_host(addr, mask, Q_ARP, dir); 1108 gen_or(b0, b1); 1109 b0 = gen_host(addr, mask, Q_RARP, dir); 1110 gen_or(b1, b0); 1111 return b0; 1112 1113 case Q_IP: 1114 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1115 off_nl + 12, off_nl + 16); 1116 1117 case Q_RARP: 1118 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1119 off_nl + 14, off_nl + 24); 1120 1121 case Q_ARP: 1122 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1123 off_nl + 14, off_nl + 24); 1124 1125 case Q_TCP: 1126 bpf_error("'tcp' modifier applied to host"); 1127 1128 case Q_UDP: 1129 bpf_error("'udp' modifier applied to host"); 1130 1131 case Q_ICMP: 1132 bpf_error("'icmp' modifier applied to host"); 1133 1134 case Q_IGMP: 1135 bpf_error("'igmp' modifier applied to host"); 1136 1137 case Q_IGRP: 1138 bpf_error("'igrp' modifier applied to host"); 1139 1140 case Q_PIM: 1141 bpf_error("'pim' modifier applied to host"); 1142 1143 case Q_STP: 1144 bpf_error("'stp' modifier applied to host"); 1145 1146 case Q_ATALK: 1147 bpf_error("ATALK host filtering not implemented"); 1148 1149 case Q_DECNET: 1150 return gen_dnhostop(addr, dir, off_nl); 1151 1152 case Q_SCA: 1153 bpf_error("SCA host filtering not implemented"); 1154 1155 case Q_LAT: 1156 bpf_error("LAT host filtering not implemented"); 1157 1158 case Q_MOPDL: 1159 bpf_error("MOPDL host filtering not implemented"); 1160 1161 case Q_MOPRC: 1162 bpf_error("MOPRC host filtering not implemented"); 1163 1164 #ifdef INET6 1165 case Q_IPV6: 1166 bpf_error("'ip6' modifier applied to ip host"); 1167 1168 case Q_ICMPV6: 1169 bpf_error("'icmp6' modifier applied to host"); 1170 #endif /* INET6 */ 1171 1172 case Q_AH: 1173 bpf_error("'ah' modifier applied to host"); 1174 1175 case Q_ESP: 1176 bpf_error("'esp' modifier applied to host"); 1177 1178 default: 1179 bpf_error("direction not supported on linktype 0x%x", 1180 linktype); 1181 } 1182 /* NOTREACHED */ 1183 } 1184 1185 #ifdef INET6 1186 static struct block * 1187 gen_host6(addr, mask, proto, dir) 1188 struct in6_addr *addr; 1189 struct in6_addr *mask; 1190 int proto; 1191 int dir; 1192 { 1193 switch (proto) { 1194 1195 case Q_DEFAULT: 1196 return gen_host6(addr, mask, Q_IPV6, dir); 1197 1198 case Q_IP: 1199 bpf_error("'ip' modifier applied to ip6 host"); 1200 1201 case Q_RARP: 1202 bpf_error("'rarp' modifier applied to ip6 host"); 1203 1204 case Q_ARP: 1205 bpf_error("'arp' modifier applied to ip6 host"); 1206 1207 case Q_TCP: 1208 bpf_error("'tcp' modifier applied to host"); 1209 1210 case Q_UDP: 1211 bpf_error("'udp' modifier applied to host"); 1212 1213 case Q_ICMP: 1214 bpf_error("'icmp' modifier applied to host"); 1215 1216 case Q_IGMP: 1217 bpf_error("'igmp' modifier applied to host"); 1218 1219 case Q_IGRP: 1220 bpf_error("'igrp' modifier applied to host"); 1221 1222 case Q_PIM: 1223 bpf_error("'pim' modifier applied to host"); 1224 1225 case Q_STP: 1226 bpf_error("'stp' modifier applied to host"); 1227 1228 case Q_ATALK: 1229 bpf_error("ATALK host filtering not implemented"); 1230 1231 case Q_DECNET: 1232 bpf_error("'decnet' modifier applied to ip6 host"); 1233 1234 case Q_SCA: 1235 bpf_error("SCA host filtering not implemented"); 1236 1237 case Q_LAT: 1238 bpf_error("LAT host filtering not implemented"); 1239 1240 case Q_MOPDL: 1241 bpf_error("MOPDL host filtering not implemented"); 1242 1243 case Q_MOPRC: 1244 bpf_error("MOPRC host filtering not implemented"); 1245 1246 case Q_IPV6: 1247 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1248 off_nl + 8, off_nl + 24); 1249 1250 case Q_ICMPV6: 1251 bpf_error("'icmp6' modifier applied to host"); 1252 1253 case Q_AH: 1254 bpf_error("'ah' modifier applied to host"); 1255 1256 case Q_ESP: 1257 bpf_error("'esp' modifier applied to host"); 1258 1259 default: 1260 abort(); 1261 } 1262 /* NOTREACHED */ 1263 } 1264 #endif /*INET6*/ 1265 1266 #ifndef INET6 1267 static struct block * 1268 gen_gateway(eaddr, alist, proto, dir) 1269 const u_char *eaddr; 1270 bpf_u_int32 **alist; 1271 int proto; 1272 int dir; 1273 { 1274 struct block *b0, *b1, *tmp; 1275 1276 if (dir != 0) 1277 bpf_error("direction applied to 'gateway'"); 1278 1279 switch (proto) { 1280 case Q_DEFAULT: 1281 case Q_IP: 1282 case Q_ARP: 1283 case Q_RARP: 1284 if (linktype == DLT_EN10MB) 1285 b0 = gen_ehostop(eaddr, Q_OR); 1286 else if (linktype == DLT_FDDI) 1287 b0 = gen_fhostop(eaddr, Q_OR); 1288 else 1289 bpf_error( 1290 "'gateway' supported only on ethernet or FDDI"); 1291 1292 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1293 while (*alist) { 1294 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1295 gen_or(b1, tmp); 1296 b1 = tmp; 1297 } 1298 gen_not(b1); 1299 gen_and(b0, b1); 1300 return b1; 1301 } 1302 bpf_error("illegal modifier of 'gateway'"); 1303 /* NOTREACHED */ 1304 } 1305 #endif /*INET6*/ 1306 1307 struct block * 1308 gen_proto_abbrev(proto) 1309 int proto; 1310 { 1311 struct block *b0 = NULL, *b1; 1312 1313 switch (proto) { 1314 1315 case Q_TCP: 1316 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1317 #ifdef INET6 1318 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1319 gen_or(b0, b1); 1320 #endif 1321 break; 1322 1323 case Q_UDP: 1324 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1325 #ifdef INET6 1326 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1327 gen_or(b0, b1); 1328 #endif 1329 break; 1330 1331 case Q_ICMP: 1332 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1333 break; 1334 1335 #ifndef IPPROTO_IGMP 1336 #define IPPROTO_IGMP 2 1337 #endif 1338 1339 case Q_IGMP: 1340 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1341 break; 1342 1343 #ifndef IPPROTO_IGRP 1344 #define IPPROTO_IGRP 9 1345 #endif 1346 case Q_IGRP: 1347 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1348 break; 1349 1350 #ifndef IPPROTO_PIM 1351 #define IPPROTO_PIM 103 1352 #endif 1353 1354 case Q_PIM: 1355 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1356 #ifdef INET6 1357 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1358 gen_or(b0, b1); 1359 #endif 1360 break; 1361 1362 case Q_IP: 1363 b1 = gen_linktype(ETHERTYPE_IP); 1364 break; 1365 1366 case Q_ARP: 1367 b1 = gen_linktype(ETHERTYPE_ARP); 1368 break; 1369 1370 case Q_RARP: 1371 b1 = gen_linktype(ETHERTYPE_REVARP); 1372 break; 1373 1374 case Q_LINK: 1375 bpf_error("link layer applied in wrong context"); 1376 1377 case Q_ATALK: 1378 b1 = gen_linktype(ETHERTYPE_ATALK); 1379 break; 1380 1381 case Q_DECNET: 1382 b1 = gen_linktype(ETHERTYPE_DN); 1383 break; 1384 1385 case Q_SCA: 1386 b1 = gen_linktype(ETHERTYPE_SCA); 1387 break; 1388 1389 case Q_LAT: 1390 b1 = gen_linktype(ETHERTYPE_LAT); 1391 break; 1392 1393 case Q_MOPDL: 1394 b1 = gen_linktype(ETHERTYPE_MOPDL); 1395 break; 1396 1397 case Q_MOPRC: 1398 b1 = gen_linktype(ETHERTYPE_MOPRC); 1399 break; 1400 1401 case Q_STP: 1402 b1 = gen_linktype(LLCSAP_8021D); 1403 break; 1404 1405 #ifdef INET6 1406 case Q_IPV6: 1407 b1 = gen_linktype(ETHERTYPE_IPV6); 1408 break; 1409 1410 #ifndef IPPROTO_ICMPV6 1411 #define IPPROTO_ICMPV6 58 1412 #endif 1413 case Q_ICMPV6: 1414 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1415 break; 1416 #endif /* INET6 */ 1417 1418 #ifndef IPPROTO_AH 1419 #define IPPROTO_AH 51 1420 #endif 1421 case Q_AH: 1422 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1423 #ifdef INET6 1424 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1425 gen_or(b0, b1); 1426 #endif 1427 break; 1428 1429 #ifndef IPPROTO_ESP 1430 #define IPPROTO_ESP 50 1431 #endif 1432 case Q_ESP: 1433 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1434 #ifdef INET6 1435 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1436 gen_or(b0, b1); 1437 #endif 1438 break; 1439 1440 default: 1441 abort(); 1442 } 1443 return b1; 1444 } 1445 1446 static struct block * 1447 gen_ipfrag() 1448 { 1449 struct slist *s; 1450 struct block *b; 1451 1452 /* not ip frag */ 1453 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1454 s->s.k = off_nl + 6; 1455 b = new_block(JMP(BPF_JSET)); 1456 b->s.k = 0x1fff; 1457 b->stmts = s; 1458 gen_not(b); 1459 1460 return b; 1461 } 1462 1463 static struct block * 1464 gen_portatom(off, v) 1465 int off; 1466 bpf_int32 v; 1467 { 1468 struct slist *s; 1469 struct block *b; 1470 1471 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1472 s->s.k = off_nl; 1473 1474 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 1475 s->next->s.k = off_nl + off; 1476 1477 b = new_block(JMP(BPF_JEQ)); 1478 b->stmts = s; 1479 b->s.k = v; 1480 1481 return b; 1482 } 1483 1484 #ifdef INET6 1485 static struct block * 1486 gen_portatom6(off, v) 1487 int off; 1488 bpf_int32 v; 1489 { 1490 return gen_cmp(off_nl + 40 + off, BPF_H, v); 1491 } 1492 #endif/*INET6*/ 1493 1494 struct block * 1495 gen_portop(port, proto, dir) 1496 int port, proto, dir; 1497 { 1498 struct block *b0, *b1, *tmp; 1499 1500 /* ip proto 'proto' */ 1501 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 1502 b0 = gen_ipfrag(); 1503 gen_and(tmp, b0); 1504 1505 switch (dir) { 1506 case Q_SRC: 1507 b1 = gen_portatom(0, (bpf_int32)port); 1508 break; 1509 1510 case Q_DST: 1511 b1 = gen_portatom(2, (bpf_int32)port); 1512 break; 1513 1514 case Q_OR: 1515 case Q_DEFAULT: 1516 tmp = gen_portatom(0, (bpf_int32)port); 1517 b1 = gen_portatom(2, (bpf_int32)port); 1518 gen_or(tmp, b1); 1519 break; 1520 1521 case Q_AND: 1522 tmp = gen_portatom(0, (bpf_int32)port); 1523 b1 = gen_portatom(2, (bpf_int32)port); 1524 gen_and(tmp, b1); 1525 break; 1526 1527 default: 1528 abort(); 1529 } 1530 gen_and(b0, b1); 1531 1532 return b1; 1533 } 1534 1535 static struct block * 1536 gen_port(port, ip_proto, dir) 1537 int port; 1538 int ip_proto; 1539 int dir; 1540 { 1541 struct block *b0, *b1, *tmp; 1542 1543 /* ether proto ip */ 1544 b0 = gen_linktype(ETHERTYPE_IP); 1545 1546 switch (ip_proto) { 1547 case IPPROTO_UDP: 1548 case IPPROTO_TCP: 1549 b1 = gen_portop(port, ip_proto, dir); 1550 break; 1551 1552 case PROTO_UNDEF: 1553 tmp = gen_portop(port, IPPROTO_TCP, dir); 1554 b1 = gen_portop(port, IPPROTO_UDP, dir); 1555 gen_or(tmp, b1); 1556 break; 1557 1558 default: 1559 abort(); 1560 } 1561 gen_and(b0, b1); 1562 return b1; 1563 } 1564 1565 #ifdef INET6 1566 struct block * 1567 gen_portop6(port, proto, dir) 1568 int port, proto, dir; 1569 { 1570 struct block *b0, *b1, *tmp; 1571 1572 /* ip proto 'proto' */ 1573 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 1574 1575 switch (dir) { 1576 case Q_SRC: 1577 b1 = gen_portatom6(0, (bpf_int32)port); 1578 break; 1579 1580 case Q_DST: 1581 b1 = gen_portatom6(2, (bpf_int32)port); 1582 break; 1583 1584 case Q_OR: 1585 case Q_DEFAULT: 1586 tmp = gen_portatom6(0, (bpf_int32)port); 1587 b1 = gen_portatom6(2, (bpf_int32)port); 1588 gen_or(tmp, b1); 1589 break; 1590 1591 case Q_AND: 1592 tmp = gen_portatom6(0, (bpf_int32)port); 1593 b1 = gen_portatom6(2, (bpf_int32)port); 1594 gen_and(tmp, b1); 1595 break; 1596 1597 default: 1598 abort(); 1599 } 1600 gen_and(b0, b1); 1601 1602 return b1; 1603 } 1604 1605 static struct block * 1606 gen_port6(port, ip_proto, dir) 1607 int port; 1608 int ip_proto; 1609 int dir; 1610 { 1611 struct block *b0, *b1, *tmp; 1612 1613 /* ether proto ip */ 1614 b0 = gen_linktype(ETHERTYPE_IPV6); 1615 1616 switch (ip_proto) { 1617 case IPPROTO_UDP: 1618 case IPPROTO_TCP: 1619 b1 = gen_portop6(port, ip_proto, dir); 1620 break; 1621 1622 case PROTO_UNDEF: 1623 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1624 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1625 gen_or(tmp, b1); 1626 break; 1627 1628 default: 1629 abort(); 1630 } 1631 gen_and(b0, b1); 1632 return b1; 1633 } 1634 #endif /* INET6 */ 1635 1636 static int 1637 lookup_proto(name, proto) 1638 register const char *name; 1639 register int proto; 1640 { 1641 register int v; 1642 1643 switch (proto) { 1644 1645 case Q_DEFAULT: 1646 case Q_IP: 1647 v = pcap_nametoproto(name); 1648 if (v == PROTO_UNDEF) 1649 bpf_error("unknown ip proto '%s'", name); 1650 break; 1651 1652 case Q_LINK: 1653 /* XXX should look up h/w protocol type based on linktype */ 1654 v = pcap_nametoeproto(name); 1655 if (v == PROTO_UNDEF) { 1656 v = pcap_nametollc(name); 1657 if (v == PROTO_UNDEF) 1658 bpf_error("unknown ether proto '%s'", name); 1659 } 1660 break; 1661 1662 default: 1663 v = PROTO_UNDEF; 1664 break; 1665 } 1666 return v; 1667 } 1668 1669 static struct block * 1670 gen_protochain(v, proto, dir) 1671 int v; 1672 int proto; 1673 int dir; 1674 { 1675 struct block *b0, *b; 1676 struct slist *s[100]; 1677 int fix2, fix3, fix4, fix5; 1678 int ahcheck, again, end; 1679 int i, max; 1680 int reg1 = alloc_reg(); 1681 int reg2 = alloc_reg(); 1682 1683 memset(s, 0, sizeof(s)); 1684 fix2 = fix3 = fix4 = fix5 = 0; 1685 1686 switch (proto) { 1687 case Q_IP: 1688 case Q_IPV6: 1689 break; 1690 case Q_DEFAULT: 1691 b0 = gen_protochain(v, Q_IP, dir); 1692 b = gen_protochain(v, Q_IPV6, dir); 1693 gen_or(b0, b); 1694 return b; 1695 default: 1696 bpf_error("bad protocol applied for 'protochain'"); 1697 /*NOTREACHED*/ 1698 } 1699 1700 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1701 1702 /* 1703 * s[0] is a dummy entry to protect other BPF insn from damaged 1704 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1705 * hard to find interdependency made by jump table fixup. 1706 */ 1707 i = 0; 1708 s[i] = new_stmt(0); /*dummy*/ 1709 i++; 1710 1711 switch (proto) { 1712 case Q_IP: 1713 b0 = gen_linktype(ETHERTYPE_IP); 1714 1715 /* A = ip->ip_p */ 1716 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1717 s[i]->s.k = off_nl + 9; 1718 i++; 1719 /* X = ip->ip_hl << 2 */ 1720 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1721 s[i]->s.k = off_nl; 1722 i++; 1723 break; 1724 case Q_IPV6: 1725 b0 = gen_linktype(ETHERTYPE_IPV6); 1726 1727 /* A = ip6->ip_nxt */ 1728 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1729 s[i]->s.k = off_nl + 6; 1730 i++; 1731 /* X = sizeof(struct ip6_hdr) */ 1732 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1733 s[i]->s.k = 40; 1734 i++; 1735 break; 1736 default: 1737 bpf_error("unsupported proto to gen_protochain"); 1738 /*NOTREACHED*/ 1739 } 1740 1741 /* again: if (A == v) goto end; else fall through; */ 1742 again = i; 1743 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1744 s[i]->s.k = v; 1745 s[i]->s.jt = NULL; /*later*/ 1746 s[i]->s.jf = NULL; /*update in next stmt*/ 1747 fix5 = i; 1748 i++; 1749 1750 /* if (A == IPPROTO_NONE) goto end */ 1751 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1752 s[i]->s.jt = NULL; /*later*/ 1753 s[i]->s.jf = NULL; /*update in next stmt*/ 1754 s[i]->s.k = IPPROTO_NONE; 1755 s[fix5]->s.jf = s[i]; 1756 fix2 = i; 1757 i++; 1758 1759 if (proto == Q_IPV6) { 1760 int v6start, v6end, v6advance, j; 1761 1762 v6start = i; 1763 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1764 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1765 s[i]->s.jt = NULL; /*later*/ 1766 s[i]->s.jf = NULL; /*update in next stmt*/ 1767 s[i]->s.k = IPPROTO_HOPOPTS; 1768 s[fix2]->s.jf = s[i]; 1769 i++; 1770 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1771 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1772 s[i]->s.jt = NULL; /*later*/ 1773 s[i]->s.jf = NULL; /*update in next stmt*/ 1774 s[i]->s.k = IPPROTO_DSTOPTS; 1775 i++; 1776 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1777 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1778 s[i]->s.jt = NULL; /*later*/ 1779 s[i]->s.jf = NULL; /*update in next stmt*/ 1780 s[i]->s.k = IPPROTO_ROUTING; 1781 i++; 1782 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1783 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1784 s[i]->s.jt = NULL; /*later*/ 1785 s[i]->s.jf = NULL; /*later*/ 1786 s[i]->s.k = IPPROTO_FRAGMENT; 1787 fix3 = i; 1788 v6end = i; 1789 i++; 1790 1791 /* v6advance: */ 1792 v6advance = i; 1793 1794 /* 1795 * in short, 1796 * A = P[X + 1]; 1797 * X = X + (P[X] + 1) * 8; 1798 */ 1799 /* A = X */ 1800 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1801 i++; 1802 /* MEM[reg1] = A */ 1803 s[i] = new_stmt(BPF_ST); 1804 s[i]->s.k = reg1; 1805 i++; 1806 /* A += 1 */ 1807 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1808 s[i]->s.k = 1; 1809 i++; 1810 /* X = A */ 1811 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1812 i++; 1813 /* A = P[X + packet head]; */ 1814 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1815 s[i]->s.k = off_nl; 1816 i++; 1817 /* MEM[reg2] = A */ 1818 s[i] = new_stmt(BPF_ST); 1819 s[i]->s.k = reg2; 1820 i++; 1821 /* X = MEM[reg1] */ 1822 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1823 s[i]->s.k = reg1; 1824 i++; 1825 /* A = P[X + packet head] */ 1826 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1827 s[i]->s.k = off_nl; 1828 i++; 1829 /* A += 1 */ 1830 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1831 s[i]->s.k = 1; 1832 i++; 1833 /* A *= 8 */ 1834 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1835 s[i]->s.k = 8; 1836 i++; 1837 /* X = A; */ 1838 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1839 i++; 1840 /* A = MEM[reg2] */ 1841 s[i] = new_stmt(BPF_LD|BPF_MEM); 1842 s[i]->s.k = reg2; 1843 i++; 1844 1845 /* goto again; (must use BPF_JA for backward jump) */ 1846 s[i] = new_stmt(BPF_JMP|BPF_JA); 1847 s[i]->s.k = again - i - 1; 1848 s[i - 1]->s.jf = s[i]; 1849 i++; 1850 1851 /* fixup */ 1852 for (j = v6start; j <= v6end; j++) 1853 s[j]->s.jt = s[v6advance]; 1854 } else { 1855 /* nop */ 1856 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1857 s[i]->s.k = 0; 1858 s[fix2]->s.jf = s[i]; 1859 i++; 1860 } 1861 1862 /* ahcheck: */ 1863 ahcheck = i; 1864 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 1865 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1866 s[i]->s.jt = NULL; /*later*/ 1867 s[i]->s.jf = NULL; /*later*/ 1868 s[i]->s.k = IPPROTO_AH; 1869 if (fix3) 1870 s[fix3]->s.jf = s[ahcheck]; 1871 fix4 = i; 1872 i++; 1873 1874 /* 1875 * in short, 1876 * A = P[X + 1]; 1877 * X = X + (P[X] + 2) * 4; 1878 */ 1879 /* A = X */ 1880 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 1881 i++; 1882 /* MEM[reg1] = A */ 1883 s[i] = new_stmt(BPF_ST); 1884 s[i]->s.k = reg1; 1885 i++; 1886 /* A += 1 */ 1887 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1888 s[i]->s.k = 1; 1889 i++; 1890 /* X = A */ 1891 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1892 i++; 1893 /* A = P[X + packet head]; */ 1894 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1895 s[i]->s.k = off_nl; 1896 i++; 1897 /* MEM[reg2] = A */ 1898 s[i] = new_stmt(BPF_ST); 1899 s[i]->s.k = reg2; 1900 i++; 1901 /* X = MEM[reg1] */ 1902 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1903 s[i]->s.k = reg1; 1904 i++; 1905 /* A = P[X + packet head] */ 1906 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1907 s[i]->s.k = off_nl; 1908 i++; 1909 /* A += 2 */ 1910 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1911 s[i]->s.k = 2; 1912 i++; 1913 /* A *= 4 */ 1914 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1915 s[i]->s.k = 4; 1916 i++; 1917 /* X = A; */ 1918 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1919 i++; 1920 /* A = MEM[reg2] */ 1921 s[i] = new_stmt(BPF_LD|BPF_MEM); 1922 s[i]->s.k = reg2; 1923 i++; 1924 1925 /* goto again; (must use BPF_JA for backward jump) */ 1926 s[i] = new_stmt(BPF_JMP|BPF_JA); 1927 s[i]->s.k = again - i - 1; 1928 i++; 1929 1930 /* end: nop */ 1931 end = i; 1932 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1933 s[i]->s.k = 0; 1934 s[fix2]->s.jt = s[end]; 1935 s[fix4]->s.jf = s[end]; 1936 s[fix5]->s.jt = s[end]; 1937 i++; 1938 1939 /* 1940 * make slist chain 1941 */ 1942 max = i; 1943 for (i = 0; i < max - 1; i++) 1944 s[i]->next = s[i + 1]; 1945 s[max - 1]->next = NULL; 1946 1947 /* 1948 * emit final check 1949 */ 1950 b = new_block(JMP(BPF_JEQ)); 1951 b->stmts = s[1]; /*remember, s[0] is dummy*/ 1952 b->s.k = v; 1953 1954 free_reg(reg1); 1955 free_reg(reg2); 1956 1957 gen_and(b0, b); 1958 return b; 1959 } 1960 1961 static struct block * 1962 gen_proto(v, proto, dir) 1963 int v; 1964 int proto; 1965 int dir; 1966 { 1967 struct block *b0, *b1; 1968 1969 if (dir != Q_DEFAULT) 1970 bpf_error("direction applied to 'proto'"); 1971 1972 switch (proto) { 1973 case Q_DEFAULT: 1974 #ifdef INET6 1975 b0 = gen_proto(v, Q_IP, dir); 1976 b1 = gen_proto(v, Q_IPV6, dir); 1977 gen_or(b0, b1); 1978 return b1; 1979 #else 1980 /*FALLTHROUGH*/ 1981 #endif 1982 case Q_IP: 1983 b0 = gen_linktype(ETHERTYPE_IP); 1984 #ifndef CHASE_CHAIN 1985 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 1986 #else 1987 b1 = gen_protochain(v, Q_IP); 1988 #endif 1989 gen_and(b0, b1); 1990 return b1; 1991 1992 case Q_ARP: 1993 bpf_error("arp does not encapsulate another protocol"); 1994 /* NOTREACHED */ 1995 1996 case Q_RARP: 1997 bpf_error("rarp does not encapsulate another protocol"); 1998 /* NOTREACHED */ 1999 2000 case Q_ATALK: 2001 bpf_error("atalk encapsulation is not specifiable"); 2002 /* NOTREACHED */ 2003 2004 case Q_DECNET: 2005 bpf_error("decnet encapsulation is not specifiable"); 2006 /* NOTREACHED */ 2007 2008 case Q_SCA: 2009 bpf_error("sca does not encapsulate another protocol"); 2010 /* NOTREACHED */ 2011 2012 case Q_LAT: 2013 bpf_error("lat does not encapsulate another protocol"); 2014 /* NOTREACHED */ 2015 2016 case Q_MOPRC: 2017 bpf_error("moprc does not encapsulate another protocol"); 2018 /* NOTREACHED */ 2019 2020 case Q_MOPDL: 2021 bpf_error("mopdl does not encapsulate another protocol"); 2022 /* NOTREACHED */ 2023 2024 case Q_LINK: 2025 return gen_linktype(v); 2026 2027 case Q_UDP: 2028 bpf_error("'udp proto' is bogus"); 2029 /* NOTREACHED */ 2030 2031 case Q_TCP: 2032 bpf_error("'tcp proto' is bogus"); 2033 /* NOTREACHED */ 2034 2035 case Q_ICMP: 2036 bpf_error("'icmp proto' is bogus"); 2037 /* NOTREACHED */ 2038 2039 case Q_IGMP: 2040 bpf_error("'igmp proto' is bogus"); 2041 /* NOTREACHED */ 2042 2043 case Q_IGRP: 2044 bpf_error("'igrp proto' is bogus"); 2045 /* NOTREACHED */ 2046 2047 case Q_PIM: 2048 bpf_error("'pim proto' is bogus"); 2049 /* NOTREACHED */ 2050 2051 case Q_STP: 2052 bpf_error("'stp proto' is bogus"); 2053 /* NOTREACHED */ 2054 2055 #ifdef INET6 2056 case Q_IPV6: 2057 b0 = gen_linktype(ETHERTYPE_IPV6); 2058 #ifndef CHASE_CHAIN 2059 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 2060 #else 2061 b1 = gen_protochain(v, Q_IPV6); 2062 #endif 2063 gen_and(b0, b1); 2064 return b1; 2065 2066 case Q_ICMPV6: 2067 bpf_error("'icmp6 proto' is bogus"); 2068 #endif /* INET6 */ 2069 2070 case Q_AH: 2071 bpf_error("'ah proto' is bogus"); 2072 2073 case Q_ESP: 2074 bpf_error("'ah proto' is bogus"); 2075 2076 default: 2077 abort(); 2078 /* NOTREACHED */ 2079 } 2080 /* NOTREACHED */ 2081 } 2082 2083 struct block * 2084 gen_scode(name, q) 2085 register const char *name; 2086 struct qual q; 2087 { 2088 int proto = q.proto; 2089 int dir = q.dir; 2090 int tproto; 2091 u_char *eaddr; 2092 bpf_u_int32 mask, addr; 2093 #ifndef INET6 2094 bpf_u_int32 **alist; 2095 #else 2096 int tproto6; 2097 struct sockaddr_in *sin; 2098 struct sockaddr_in6 *sin6; 2099 struct addrinfo *res, *res0; 2100 struct in6_addr mask128; 2101 #endif /*INET6*/ 2102 struct block *b, *tmp; 2103 int port, real_proto; 2104 2105 switch (q.addr) { 2106 2107 case Q_NET: 2108 addr = pcap_nametonetaddr(name); 2109 if (addr == 0) 2110 bpf_error("unknown network '%s'", name); 2111 /* Left justify network addr and calculate its network mask */ 2112 mask = 0xffffffff; 2113 while (addr && (addr & 0xff000000) == 0) { 2114 addr <<= 8; 2115 mask <<= 8; 2116 } 2117 return gen_host(addr, mask, proto, dir); 2118 2119 case Q_DEFAULT: 2120 case Q_HOST: 2121 if (proto == Q_LINK) { 2122 switch (linktype) { 2123 2124 case DLT_EN10MB: 2125 eaddr = pcap_ether_hostton(name); 2126 if (eaddr == NULL) 2127 bpf_error( 2128 "unknown ether host '%s'", name); 2129 return gen_ehostop(eaddr, dir); 2130 2131 case DLT_FDDI: 2132 eaddr = pcap_ether_hostton(name); 2133 if (eaddr == NULL) 2134 bpf_error( 2135 "unknown FDDI host '%s'", name); 2136 return gen_fhostop(eaddr, dir); 2137 2138 case DLT_IEEE802_11: 2139 case DLT_IEEE802_11_RADIO: 2140 eaddr = pcap_ether_hostton(name); 2141 if (eaddr == NULL) 2142 bpf_error( 2143 "unknown 802.11 host '%s'", name); 2144 2145 return gen_p80211_hostop(eaddr, dir); 2146 2147 default: 2148 bpf_error( 2149 "only ethernet/FDDI supports link-level host name"); 2150 break; 2151 } 2152 } else if (proto == Q_DECNET) { 2153 unsigned short dn_addr = __pcap_nametodnaddr(name); 2154 /* 2155 * I don't think DECNET hosts can be multihomed, so 2156 * there is no need to build up a list of addresses 2157 */ 2158 return (gen_host(dn_addr, 0, proto, dir)); 2159 } else { 2160 #ifndef INET6 2161 alist = pcap_nametoaddr(name); 2162 if (alist == NULL || *alist == NULL) 2163 bpf_error("unknown host '%s'", name); 2164 tproto = proto; 2165 if (off_linktype == -1 && tproto == Q_DEFAULT) 2166 tproto = Q_IP; 2167 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2168 while (*alist) { 2169 tmp = gen_host(**alist++, 0xffffffff, 2170 tproto, dir); 2171 gen_or(b, tmp); 2172 b = tmp; 2173 } 2174 return b; 2175 #else 2176 memset(&mask128, 0xff, sizeof(mask128)); 2177 res0 = res = pcap_nametoaddrinfo(name); 2178 if (res == NULL) 2179 bpf_error("unknown host '%s'", name); 2180 b = tmp = NULL; 2181 tproto = tproto6 = proto; 2182 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2183 tproto = Q_IP; 2184 tproto6 = Q_IPV6; 2185 } 2186 for (res = res0; res; res = res->ai_next) { 2187 switch (res->ai_family) { 2188 case AF_INET: 2189 if (tproto == Q_IPV6) 2190 continue; 2191 2192 sin = (struct sockaddr_in *) 2193 res->ai_addr; 2194 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2195 0xffffffff, tproto, dir); 2196 break; 2197 case AF_INET6: 2198 if (tproto6 == Q_IP) 2199 continue; 2200 2201 sin6 = (struct sockaddr_in6 *) 2202 res->ai_addr; 2203 tmp = gen_host6(&sin6->sin6_addr, 2204 &mask128, tproto6, dir); 2205 break; 2206 } 2207 if (b) 2208 gen_or(b, tmp); 2209 b = tmp; 2210 } 2211 freeaddrinfo(res0); 2212 if (b == NULL) { 2213 bpf_error("unknown host '%s'%s", name, 2214 (proto == Q_DEFAULT) 2215 ? "" 2216 : " for specified address family"); 2217 } 2218 return b; 2219 #endif /*INET6*/ 2220 } 2221 2222 case Q_PORT: 2223 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2224 bpf_error("illegal qualifier of 'port'"); 2225 if (pcap_nametoport(name, &port, &real_proto) == 0) 2226 bpf_error("unknown port '%s'", name); 2227 if (proto == Q_UDP) { 2228 if (real_proto == IPPROTO_TCP) 2229 bpf_error("port '%s' is tcp", name); 2230 else 2231 /* override PROTO_UNDEF */ 2232 real_proto = IPPROTO_UDP; 2233 } 2234 if (proto == Q_TCP) { 2235 if (real_proto == IPPROTO_UDP) 2236 bpf_error("port '%s' is udp", name); 2237 else 2238 /* override PROTO_UNDEF */ 2239 real_proto = IPPROTO_TCP; 2240 } 2241 #ifndef INET6 2242 return gen_port(port, real_proto, dir); 2243 #else 2244 { 2245 struct block *b; 2246 b = gen_port(port, real_proto, dir); 2247 gen_or(gen_port6(port, real_proto, dir), b); 2248 return b; 2249 } 2250 #endif /* INET6 */ 2251 2252 case Q_GATEWAY: 2253 #ifndef INET6 2254 eaddr = pcap_ether_hostton(name); 2255 if (eaddr == NULL) 2256 bpf_error("unknown ether host: %s", name); 2257 2258 alist = pcap_nametoaddr(name); 2259 if (alist == NULL || *alist == NULL) 2260 bpf_error("unknown host '%s'", name); 2261 return gen_gateway(eaddr, alist, proto, dir); 2262 #else 2263 bpf_error("'gateway' not supported in this configuration"); 2264 #endif /*INET6*/ 2265 2266 case Q_PROTO: 2267 real_proto = lookup_proto(name, proto); 2268 if (real_proto >= 0) 2269 return gen_proto(real_proto, proto, dir); 2270 else 2271 bpf_error("unknown protocol: %s", name); 2272 2273 case Q_PROTOCHAIN: 2274 real_proto = lookup_proto(name, proto); 2275 if (real_proto >= 0) 2276 return gen_protochain(real_proto, proto, dir); 2277 else 2278 bpf_error("unknown protocol: %s", name); 2279 2280 2281 case Q_UNDEF: 2282 syntax(); 2283 /* NOTREACHED */ 2284 } 2285 abort(); 2286 /* NOTREACHED */ 2287 } 2288 2289 struct block * 2290 gen_mcode(s1, s2, masklen, q) 2291 register const char *s1, *s2; 2292 register int masklen; 2293 struct qual q; 2294 { 2295 register int nlen, mlen; 2296 bpf_u_int32 n, m; 2297 2298 nlen = __pcap_atoin(s1, &n); 2299 /* Promote short ipaddr */ 2300 n <<= 32 - nlen; 2301 2302 if (s2 != NULL) { 2303 mlen = __pcap_atoin(s2, &m); 2304 /* Promote short ipaddr */ 2305 m <<= 32 - mlen; 2306 if ((n & ~m) != 0) 2307 bpf_error("non-network bits set in \"%s mask %s\"", 2308 s1, s2); 2309 } else { 2310 /* Convert mask len to mask */ 2311 if (masklen > 32) 2312 bpf_error("mask length must be <= 32"); 2313 m = 0xffffffff << (32 - masklen); 2314 if ((n & ~m) != 0) 2315 bpf_error("non-network bits set in \"%s/%d\"", 2316 s1, masklen); 2317 } 2318 2319 switch (q.addr) { 2320 2321 case Q_NET: 2322 return gen_host(n, m, q.proto, q.dir); 2323 2324 default: 2325 bpf_error("Mask syntax for networks only"); 2326 /* NOTREACHED */ 2327 } 2328 } 2329 2330 struct block * 2331 gen_ncode(s, v, q) 2332 register const char *s; 2333 bpf_u_int32 v; 2334 struct qual q; 2335 { 2336 bpf_u_int32 mask; 2337 int proto = q.proto; 2338 int dir = q.dir; 2339 register int vlen; 2340 2341 if (s == NULL) 2342 vlen = 32; 2343 else if (q.proto == Q_DECNET) 2344 vlen = __pcap_atodn(s, &v); 2345 else 2346 vlen = __pcap_atoin(s, &v); 2347 2348 switch (q.addr) { 2349 2350 case Q_DEFAULT: 2351 case Q_HOST: 2352 case Q_NET: 2353 if (proto == Q_DECNET) 2354 return gen_host(v, 0, proto, dir); 2355 else if (proto == Q_LINK) { 2356 bpf_error("illegal link layer address"); 2357 } else { 2358 mask = 0xffffffff; 2359 if (s == NULL && q.addr == Q_NET) { 2360 /* Promote short net number */ 2361 while (v && (v & 0xff000000) == 0) { 2362 v <<= 8; 2363 mask <<= 8; 2364 } 2365 } else { 2366 /* Promote short ipaddr */ 2367 v <<= 32 - vlen; 2368 mask <<= 32 - vlen; 2369 } 2370 return gen_host(v, mask, proto, dir); 2371 } 2372 2373 case Q_PORT: 2374 if (proto == Q_UDP) 2375 proto = IPPROTO_UDP; 2376 else if (proto == Q_TCP) 2377 proto = IPPROTO_TCP; 2378 else if (proto == Q_DEFAULT) 2379 proto = PROTO_UNDEF; 2380 else 2381 bpf_error("illegal qualifier of 'port'"); 2382 2383 #ifndef INET6 2384 return gen_port((int)v, proto, dir); 2385 #else 2386 { 2387 struct block *b; 2388 b = gen_port((int)v, proto, dir); 2389 gen_or(gen_port6((int)v, proto, dir), b); 2390 return b; 2391 } 2392 #endif /* INET6 */ 2393 2394 case Q_GATEWAY: 2395 bpf_error("'gateway' requires a name"); 2396 /* NOTREACHED */ 2397 2398 case Q_PROTO: 2399 return gen_proto((int)v, proto, dir); 2400 2401 case Q_PROTOCHAIN: 2402 return gen_protochain((int)v, proto, dir); 2403 2404 case Q_UNDEF: 2405 syntax(); 2406 /* NOTREACHED */ 2407 2408 default: 2409 abort(); 2410 /* NOTREACHED */ 2411 } 2412 /* NOTREACHED */ 2413 } 2414 2415 #ifdef INET6 2416 struct block * 2417 gen_mcode6(s1, s2, masklen, q) 2418 register const char *s1, *s2; 2419 register int masklen; 2420 struct qual q; 2421 { 2422 struct addrinfo *res; 2423 struct in6_addr *addr; 2424 struct in6_addr mask; 2425 struct block *b; 2426 u_int32_t *a, *m; 2427 2428 if (s2) 2429 bpf_error("no mask %s supported", s2); 2430 2431 res = pcap_nametoaddrinfo(s1); 2432 if (!res) 2433 bpf_error("invalid ip6 address %s", s1); 2434 if (res->ai_next) 2435 bpf_error("%s resolved to multiple address", s1); 2436 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2437 2438 if (sizeof(mask) * 8 < masklen) 2439 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2440 memset(&mask, 0, sizeof(mask)); 2441 memset(&mask, 0xff, masklen / 8); 2442 if (masklen % 8) { 2443 mask.s6_addr[masklen / 8] = 2444 (0xff << (8 - masklen % 8)) & 0xff; 2445 } 2446 2447 a = (u_int32_t *)addr; 2448 m = (u_int32_t *)&mask; 2449 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2450 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2451 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2452 } 2453 2454 switch (q.addr) { 2455 2456 case Q_DEFAULT: 2457 case Q_HOST: 2458 if (masklen != 128) 2459 bpf_error("Mask syntax for networks only"); 2460 /* FALLTHROUGH */ 2461 2462 case Q_NET: 2463 b = gen_host6(addr, &mask, q.proto, q.dir); 2464 freeaddrinfo(res); 2465 return b; 2466 2467 default: 2468 bpf_error("invalid qualifier against IPv6 address"); 2469 /* NOTREACHED */ 2470 } 2471 } 2472 #endif /*INET6*/ 2473 2474 struct block * 2475 gen_ecode(eaddr, q) 2476 register const u_char *eaddr; 2477 struct qual q; 2478 { 2479 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2480 if (linktype == DLT_EN10MB) 2481 return gen_ehostop(eaddr, (int)q.dir); 2482 if (linktype == DLT_FDDI) 2483 return gen_fhostop(eaddr, (int)q.dir); 2484 if (linktype == DLT_IEEE802_11 || 2485 linktype == DLT_IEEE802_11_RADIO) 2486 return gen_p80211_hostop(eaddr, (int)q.dir); 2487 } 2488 bpf_error("ethernet address used in non-ether expression"); 2489 /* NOTREACHED */ 2490 } 2491 2492 void 2493 sappend(s0, s1) 2494 struct slist *s0, *s1; 2495 { 2496 /* 2497 * This is definitely not the best way to do this, but the 2498 * lists will rarely get long. 2499 */ 2500 while (s0->next) 2501 s0 = s0->next; 2502 s0->next = s1; 2503 } 2504 2505 static struct slist * 2506 xfer_to_x(a) 2507 struct arth *a; 2508 { 2509 struct slist *s; 2510 2511 s = new_stmt(BPF_LDX|BPF_MEM); 2512 s->s.k = a->regno; 2513 return s; 2514 } 2515 2516 static struct slist * 2517 xfer_to_a(a) 2518 struct arth *a; 2519 { 2520 struct slist *s; 2521 2522 s = new_stmt(BPF_LD|BPF_MEM); 2523 s->s.k = a->regno; 2524 return s; 2525 } 2526 2527 struct arth * 2528 gen_load(proto, index, size) 2529 int proto; 2530 struct arth *index; 2531 int size; 2532 { 2533 struct slist *s, *tmp; 2534 struct block *b; 2535 int regno = alloc_reg(); 2536 2537 free_reg(index->regno); 2538 switch (size) { 2539 2540 default: 2541 bpf_error("data size must be 1, 2, or 4"); 2542 2543 case 1: 2544 size = BPF_B; 2545 break; 2546 2547 case 2: 2548 size = BPF_H; 2549 break; 2550 2551 case 4: 2552 size = BPF_W; 2553 break; 2554 } 2555 switch (proto) { 2556 default: 2557 bpf_error("unsupported index operation"); 2558 2559 case Q_LINK: 2560 s = xfer_to_x(index); 2561 tmp = new_stmt(BPF_LD|BPF_IND|size); 2562 sappend(s, tmp); 2563 sappend(index->s, s); 2564 break; 2565 2566 case Q_IP: 2567 case Q_ARP: 2568 case Q_RARP: 2569 case Q_ATALK: 2570 case Q_DECNET: 2571 case Q_SCA: 2572 case Q_LAT: 2573 case Q_MOPRC: 2574 case Q_MOPDL: 2575 #ifdef INET6 2576 case Q_IPV6: 2577 #endif 2578 /* XXX Note that we assume a fixed link header here. */ 2579 s = xfer_to_x(index); 2580 tmp = new_stmt(BPF_LD|BPF_IND|size); 2581 tmp->s.k = off_nl; 2582 sappend(s, tmp); 2583 sappend(index->s, s); 2584 2585 b = gen_proto_abbrev(proto); 2586 if (index->b) 2587 gen_and(index->b, b); 2588 index->b = b; 2589 break; 2590 2591 case Q_TCP: 2592 case Q_UDP: 2593 case Q_ICMP: 2594 case Q_IGMP: 2595 case Q_IGRP: 2596 case Q_PIM: 2597 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2598 s->s.k = off_nl; 2599 sappend(s, xfer_to_a(index)); 2600 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2601 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2602 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2603 tmp->s.k = off_nl; 2604 sappend(index->s, s); 2605 2606 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2607 if (index->b) 2608 gen_and(index->b, b); 2609 #ifdef INET6 2610 gen_and(gen_proto_abbrev(Q_IP), b); 2611 #endif 2612 index->b = b; 2613 break; 2614 #ifdef INET6 2615 case Q_ICMPV6: 2616 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2617 /*NOTREACHED*/ 2618 #endif 2619 } 2620 index->regno = regno; 2621 s = new_stmt(BPF_ST); 2622 s->s.k = regno; 2623 sappend(index->s, s); 2624 2625 return index; 2626 } 2627 2628 struct block * 2629 gen_relation(code, a0, a1, reversed) 2630 int code; 2631 struct arth *a0, *a1; 2632 int reversed; 2633 { 2634 struct slist *s0, *s1, *s2; 2635 struct block *b, *tmp; 2636 2637 s0 = xfer_to_x(a1); 2638 s1 = xfer_to_a(a0); 2639 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2640 b = new_block(JMP(code)); 2641 if (code == BPF_JGT || code == BPF_JGE) { 2642 reversed = !reversed; 2643 b->s.k = 0x80000000; 2644 } 2645 if (reversed) 2646 gen_not(b); 2647 2648 sappend(s1, s2); 2649 sappend(s0, s1); 2650 sappend(a1->s, s0); 2651 sappend(a0->s, a1->s); 2652 2653 b->stmts = a0->s; 2654 2655 free_reg(a0->regno); 2656 free_reg(a1->regno); 2657 2658 /* 'and' together protocol checks */ 2659 if (a0->b) { 2660 if (a1->b) { 2661 gen_and(a0->b, tmp = a1->b); 2662 } 2663 else 2664 tmp = a0->b; 2665 } else 2666 tmp = a1->b; 2667 2668 if (tmp) 2669 gen_and(tmp, b); 2670 2671 return b; 2672 } 2673 2674 struct arth * 2675 gen_loadlen() 2676 { 2677 int regno = alloc_reg(); 2678 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2679 struct slist *s; 2680 2681 s = new_stmt(BPF_LD|BPF_LEN); 2682 s->next = new_stmt(BPF_ST); 2683 s->next->s.k = regno; 2684 a->s = s; 2685 a->regno = regno; 2686 2687 return a; 2688 } 2689 2690 struct arth * 2691 gen_loadi(val) 2692 int val; 2693 { 2694 struct arth *a; 2695 struct slist *s; 2696 int reg; 2697 2698 a = (struct arth *)newchunk(sizeof(*a)); 2699 2700 reg = alloc_reg(); 2701 2702 s = new_stmt(BPF_LD|BPF_IMM); 2703 s->s.k = val; 2704 s->next = new_stmt(BPF_ST); 2705 s->next->s.k = reg; 2706 a->s = s; 2707 a->regno = reg; 2708 2709 return a; 2710 } 2711 2712 struct arth * 2713 gen_neg(a) 2714 struct arth *a; 2715 { 2716 struct slist *s; 2717 2718 s = xfer_to_a(a); 2719 sappend(a->s, s); 2720 s = new_stmt(BPF_ALU|BPF_NEG); 2721 s->s.k = 0; 2722 sappend(a->s, s); 2723 s = new_stmt(BPF_ST); 2724 s->s.k = a->regno; 2725 sappend(a->s, s); 2726 2727 return a; 2728 } 2729 2730 struct arth * 2731 gen_arth(code, a0, a1) 2732 int code; 2733 struct arth *a0, *a1; 2734 { 2735 struct slist *s0, *s1, *s2; 2736 2737 s0 = xfer_to_x(a1); 2738 s1 = xfer_to_a(a0); 2739 s2 = new_stmt(BPF_ALU|BPF_X|code); 2740 2741 sappend(s1, s2); 2742 sappend(s0, s1); 2743 sappend(a1->s, s0); 2744 sappend(a0->s, a1->s); 2745 2746 free_reg(a1->regno); 2747 2748 s0 = new_stmt(BPF_ST); 2749 a0->regno = s0->s.k = alloc_reg(); 2750 sappend(a0->s, s0); 2751 2752 return a0; 2753 } 2754 2755 /* 2756 * Here we handle simple allocation of the scratch registers. 2757 * If too many registers are alloc'd, the allocator punts. 2758 */ 2759 static int regused[BPF_MEMWORDS]; 2760 static int curreg; 2761 2762 /* 2763 * Return the next free register. 2764 */ 2765 static int 2766 alloc_reg() 2767 { 2768 int n = BPF_MEMWORDS; 2769 2770 while (--n >= 0) { 2771 if (regused[curreg]) 2772 curreg = (curreg + 1) % BPF_MEMWORDS; 2773 else { 2774 regused[curreg] = 1; 2775 return curreg; 2776 } 2777 } 2778 bpf_error("too many registers needed to evaluate expression"); 2779 /* NOTREACHED */ 2780 } 2781 2782 /* 2783 * Return a register to the table so it can 2784 * be used later. 2785 */ 2786 static void 2787 free_reg(n) 2788 int n; 2789 { 2790 regused[n] = 0; 2791 } 2792 2793 static struct block * 2794 gen_len(jmp, n) 2795 int jmp, n; 2796 { 2797 struct slist *s; 2798 struct block *b; 2799 2800 s = new_stmt(BPF_LD|BPF_LEN); 2801 b = new_block(JMP(jmp)); 2802 b->stmts = s; 2803 b->s.k = n; 2804 2805 return b; 2806 } 2807 2808 struct block * 2809 gen_greater(n) 2810 int n; 2811 { 2812 return gen_len(BPF_JGE, n); 2813 } 2814 2815 struct block * 2816 gen_less(n) 2817 int n; 2818 { 2819 struct block *b; 2820 2821 b = gen_len(BPF_JGT, n); 2822 gen_not(b); 2823 2824 return b; 2825 } 2826 2827 struct block * 2828 gen_byteop(op, idx, val) 2829 int op, idx, val; 2830 { 2831 struct block *b; 2832 struct slist *s; 2833 2834 switch (op) { 2835 default: 2836 abort(); 2837 2838 case '=': 2839 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2840 2841 case '<': 2842 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2843 b->s.code = JMP(BPF_JGE); 2844 gen_not(b); 2845 return b; 2846 2847 case '>': 2848 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2849 b->s.code = JMP(BPF_JGT); 2850 return b; 2851 2852 case '|': 2853 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 2854 break; 2855 2856 case '&': 2857 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 2858 break; 2859 } 2860 s->s.k = val; 2861 b = new_block(JMP(BPF_JEQ)); 2862 b->stmts = s; 2863 gen_not(b); 2864 2865 return b; 2866 } 2867 2868 struct block * 2869 gen_broadcast(proto) 2870 int proto; 2871 { 2872 bpf_u_int32 hostmask; 2873 struct block *b0, *b1, *b2; 2874 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 2875 2876 switch (proto) { 2877 2878 case Q_DEFAULT: 2879 case Q_LINK: 2880 if (linktype == DLT_EN10MB) 2881 return gen_ehostop(ebroadcast, Q_DST); 2882 if (linktype == DLT_FDDI) 2883 return gen_fhostop(ebroadcast, Q_DST); 2884 if (linktype == DLT_IEEE802_11 || 2885 linktype == DLT_IEEE802_11_RADIO) 2886 return gen_p80211_hostop(ebroadcast, Q_DST); 2887 bpf_error("not a broadcast link"); 2888 break; 2889 2890 case Q_IP: 2891 b0 = gen_linktype(ETHERTYPE_IP); 2892 hostmask = ~netmask; 2893 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 2894 b2 = gen_mcmp(off_nl + 16, BPF_W, 2895 (bpf_int32)(~0 & hostmask), hostmask); 2896 gen_or(b1, b2); 2897 gen_and(b0, b2); 2898 return b2; 2899 } 2900 bpf_error("only ether/ip broadcast filters supported"); 2901 } 2902 2903 struct block * 2904 gen_multicast(proto) 2905 int proto; 2906 { 2907 register struct block *b0, *b1; 2908 register struct slist *s; 2909 2910 switch (proto) { 2911 2912 case Q_DEFAULT: 2913 case Q_LINK: 2914 if (linktype == DLT_EN10MB) { 2915 /* ether[0] & 1 != 0 */ 2916 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2917 s->s.k = 0; 2918 b0 = new_block(JMP(BPF_JSET)); 2919 b0->s.k = 1; 2920 b0->stmts = s; 2921 return b0; 2922 } 2923 2924 if (linktype == DLT_FDDI) { 2925 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 2926 /* fddi[1] & 1 != 0 */ 2927 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2928 s->s.k = 1; 2929 b0 = new_block(JMP(BPF_JSET)); 2930 b0->s.k = 1; 2931 b0->stmts = s; 2932 return b0; 2933 } 2934 /* Link not known to support multicasts */ 2935 break; 2936 2937 case Q_IP: 2938 b0 = gen_linktype(ETHERTYPE_IP); 2939 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 2940 b1->s.code = JMP(BPF_JGE); 2941 gen_and(b0, b1); 2942 return b1; 2943 2944 #ifdef INET6 2945 case Q_IPV6: 2946 b0 = gen_linktype(ETHERTYPE_IPV6); 2947 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 2948 gen_and(b0, b1); 2949 return b1; 2950 #endif /* INET6 */ 2951 } 2952 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 2953 } 2954 2955 /* 2956 * generate command for inbound/outbound. It's here so we can 2957 * make it link-type specific. 'dir' = 0 implies "inbound", 2958 * = 1 implies "outbound". 2959 */ 2960 struct block * 2961 gen_inbound(dir) 2962 int dir; 2963 { 2964 register struct block *b0; 2965 2966 /* 2967 * Only SLIP and old-style PPP data link types support 2968 * inbound/outbound qualifiers. 2969 */ 2970 switch (linktype) { 2971 case DLT_SLIP: 2972 case DLT_PPP: 2973 b0 = gen_relation(BPF_JEQ, 2974 gen_load(Q_LINK, gen_loadi(0), 1), 2975 gen_loadi(0), 2976 dir); 2977 break; 2978 2979 case DLT_PFLOG: 2980 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 2981 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 2982 break; 2983 2984 case DLT_OLD_PFLOG: 2985 b0 = gen_cmp(offsetof(struct old_pfloghdr, dir), BPF_H, 2986 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 2987 break; 2988 2989 default: 2990 bpf_error("inbound/outbound not supported on linktype 0x%x", 2991 linktype); 2992 /* NOTREACHED */ 2993 } 2994 2995 return (b0); 2996 } 2997 2998 2999 /* PF firewall log matched interface */ 3000 struct block * 3001 gen_pf_ifname(char *ifname) 3002 { 3003 struct block *b0; 3004 u_int len, off; 3005 3006 if (linktype == DLT_PFLOG) { 3007 len = sizeof(((struct pfloghdr *)0)->ifname); 3008 off = offsetof(struct pfloghdr, ifname); 3009 } else if (linktype == DLT_OLD_PFLOG) { 3010 len = sizeof(((struct old_pfloghdr *)0)->ifname); 3011 off = offsetof(struct old_pfloghdr, ifname); 3012 } else { 3013 bpf_error("ifname not supported on linktype 0x%x", linktype); 3014 /* NOTREACHED */ 3015 } 3016 if (strlen(ifname) >= len) { 3017 bpf_error("ifname interface names can only be %d characters", 3018 len - 1); 3019 /* NOTREACHED */ 3020 } 3021 b0 = gen_bcmp(off, strlen(ifname), ifname); 3022 return (b0); 3023 } 3024 3025 3026 /* PF firewall log ruleset name */ 3027 struct block * 3028 gen_pf_ruleset(char *ruleset) 3029 { 3030 struct block *b0; 3031 3032 if (linktype != DLT_PFLOG) { 3033 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3034 /* NOTREACHED */ 3035 } 3036 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3037 bpf_error("ruleset names can only be %zu characters", 3038 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3039 /* NOTREACHED */ 3040 } 3041 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3042 strlen(ruleset), ruleset); 3043 return (b0); 3044 } 3045 3046 3047 /* PF firewall log rule number */ 3048 struct block * 3049 gen_pf_rnr(int rnr) 3050 { 3051 struct block *b0; 3052 3053 if (linktype == DLT_PFLOG) { 3054 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3055 (bpf_int32)rnr); 3056 } else if (linktype == DLT_OLD_PFLOG) { 3057 b0 = gen_cmp(offsetof(struct old_pfloghdr, rnr), BPF_H, 3058 (bpf_int32)rnr); 3059 } else { 3060 bpf_error("rnr not supported on linktype 0x%x", linktype); 3061 /* NOTREACHED */ 3062 } 3063 3064 return (b0); 3065 } 3066 3067 3068 /* PF firewall log sub-rule number */ 3069 struct block * 3070 gen_pf_srnr(int srnr) 3071 { 3072 struct block *b0; 3073 3074 if (linktype != DLT_PFLOG) { 3075 bpf_error("srnr not supported on linktype 0x%x", linktype); 3076 /* NOTREACHED */ 3077 } 3078 3079 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3080 (bpf_int32)srnr); 3081 return (b0); 3082 } 3083 3084 /* PF firewall log reason code */ 3085 struct block * 3086 gen_pf_reason(int reason) 3087 { 3088 struct block *b0; 3089 3090 if (linktype == DLT_PFLOG) { 3091 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3092 (bpf_int32)reason); 3093 } else if (linktype == DLT_OLD_PFLOG) { 3094 b0 = gen_cmp(offsetof(struct old_pfloghdr, reason), BPF_H, 3095 (bpf_int32)reason); 3096 } else { 3097 bpf_error("reason not supported on linktype 0x%x", linktype); 3098 /* NOTREACHED */ 3099 } 3100 3101 return (b0); 3102 } 3103 3104 /* PF firewall log action */ 3105 struct block * 3106 gen_pf_action(int action) 3107 { 3108 struct block *b0; 3109 3110 if (linktype == DLT_PFLOG) { 3111 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3112 (bpf_int32)action); 3113 } else if (linktype == DLT_OLD_PFLOG) { 3114 b0 = gen_cmp(offsetof(struct old_pfloghdr, action), BPF_H, 3115 (bpf_int32)action); 3116 } else { 3117 bpf_error("action not supported on linktype 0x%x", linktype); 3118 /* NOTREACHED */ 3119 } 3120 3121 return (b0); 3122 } 3123 3124 /* IEEE 802.11 wireless header */ 3125 struct block * 3126 gen_p80211_type(int type, int mask) 3127 { 3128 struct block *b0; 3129 u_int offset; 3130 3131 if (!(linktype == DLT_IEEE802_11 || 3132 linktype == DLT_IEEE802_11_RADIO)) { 3133 bpf_error("type not supported on linktype 0x%x", 3134 linktype); 3135 /* NOTREACHED */ 3136 } 3137 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3138 if (linktype == DLT_IEEE802_11_RADIO) 3139 offset += IEEE80211_RADIOTAP_HDRLEN; 3140 3141 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3142 3143 return (b0); 3144 } 3145 3146 static struct block * 3147 gen_ahostop(eaddr, dir) 3148 register const u_char *eaddr; 3149 register int dir; 3150 { 3151 register struct block *b0, *b1; 3152 3153 switch (dir) { 3154 /* src comes first, different from Ethernet */ 3155 case Q_SRC: 3156 return gen_bcmp(0, 1, eaddr); 3157 3158 case Q_DST: 3159 return gen_bcmp(1, 1, eaddr); 3160 3161 case Q_AND: 3162 b0 = gen_ahostop(eaddr, Q_SRC); 3163 b1 = gen_ahostop(eaddr, Q_DST); 3164 gen_and(b0, b1); 3165 return b1; 3166 3167 case Q_DEFAULT: 3168 case Q_OR: 3169 b0 = gen_ahostop(eaddr, Q_SRC); 3170 b1 = gen_ahostop(eaddr, Q_DST); 3171 gen_or(b0, b1); 3172 return b1; 3173 } 3174 abort(); 3175 /* NOTREACHED */ 3176 } 3177 3178 struct block * 3179 gen_acode(eaddr, q) 3180 register const u_char *eaddr; 3181 struct qual q; 3182 { 3183 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3184 if (linktype == DLT_ARCNET) 3185 return gen_ahostop(eaddr, (int)q.dir); 3186 } 3187 bpf_error("ARCnet address used in non-arc expression"); 3188 /* NOTREACHED */ 3189 } 3190 3191 /* 3192 * support IEEE 802.1Q VLAN trunk over ethernet 3193 */ 3194 struct block * 3195 gen_vlan(vlan_num) 3196 int vlan_num; 3197 { 3198 struct block *b0; 3199 3200 /* 3201 * Change the offsets to point to the type and data fields within 3202 * the VLAN packet. This is somewhat of a kludge. 3203 */ 3204 if (orig_nl == (u_int)-1) { 3205 orig_linktype = off_linktype; /* save original values */ 3206 orig_nl = off_nl; 3207 orig_nl_nosnap = off_nl_nosnap; 3208 3209 switch (linktype) { 3210 3211 case DLT_EN10MB: 3212 off_linktype = 16; 3213 off_nl_nosnap = 18; 3214 off_nl = 18; 3215 break; 3216 3217 default: 3218 bpf_error("no VLAN support for data link type %d", 3219 linktype); 3220 /*NOTREACHED*/ 3221 } 3222 } 3223 3224 /* check for VLAN */ 3225 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3226 3227 /* If a specific VLAN is requested, check VLAN id */ 3228 if (vlan_num >= 0) { 3229 struct block *b1; 3230 3231 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3232 gen_and(b0, b1); 3233 b0 = b1; 3234 } 3235 3236 return (b0); 3237 } 3238 3239 struct block * 3240 gen_p80211_fcdir(int fcdir) 3241 { 3242 struct block *b0; 3243 u_int offset; 3244 3245 if (!(linktype == DLT_IEEE802_11 || 3246 linktype == DLT_IEEE802_11_RADIO)) { 3247 bpf_error("frame direction not supported on linktype 0x%x", 3248 linktype); 3249 /* NOTREACHED */ 3250 } 3251 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3252 if (linktype == DLT_IEEE802_11_RADIO) 3253 offset += IEEE80211_RADIOTAP_HDRLEN; 3254 3255 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3256 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3257 3258 return (b0); 3259 } 3260 3261 static struct block * 3262 gen_p80211_hostop(const u_char *lladdr, int dir) 3263 { 3264 struct block *b0, *b1, *b2, *b3, *b4; 3265 u_int offset = 0; 3266 3267 if (linktype == DLT_IEEE802_11_RADIO) 3268 offset = IEEE80211_RADIOTAP_HDRLEN; 3269 3270 switch (dir) { 3271 case Q_SRC: 3272 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3273 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3274 lladdr); 3275 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3276 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3277 lladdr); 3278 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3279 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3280 lladdr); 3281 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3282 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3283 lladdr); 3284 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3285 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3286 lladdr); 3287 3288 gen_or(b0, b1); 3289 gen_or(b1, b2); 3290 gen_or(b2, b3); 3291 gen_or(b3, b4); 3292 return (b4); 3293 3294 case Q_DST: 3295 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3296 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3297 lladdr); 3298 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3299 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3300 lladdr); 3301 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3302 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3303 lladdr); 3304 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3305 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3306 lladdr); 3307 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3308 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3309 lladdr); 3310 3311 gen_or(b0, b1); 3312 gen_or(b1, b2); 3313 gen_or(b2, b3); 3314 gen_or(b3, b4); 3315 return (b4); 3316 3317 case Q_ADDR1: 3318 return (gen_bcmp(offset + 3319 (u_int)offsetof(struct ieee80211_frame, 3320 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3321 3322 case Q_ADDR2: 3323 return (gen_bcmp(offset + 3324 (u_int)offsetof(struct ieee80211_frame, 3325 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3326 3327 case Q_ADDR3: 3328 return (gen_bcmp(offset + 3329 (u_int)offsetof(struct ieee80211_frame, 3330 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3331 3332 case Q_ADDR4: 3333 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3334 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3335 lladdr)); 3336 3337 case Q_AND: 3338 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3339 b1 = gen_p80211_hostop(lladdr, Q_DST); 3340 gen_and(b0, b1); 3341 return (b1); 3342 3343 case Q_DEFAULT: 3344 case Q_OR: 3345 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3346 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3347 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3348 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3349 gen_or(b0, b1); 3350 gen_or(b1, b2); 3351 gen_or(b2, b3); 3352 return (b3); 3353 3354 default: 3355 bpf_error("direction not supported on linktype 0x%x", 3356 linktype); 3357 } 3358 /* NOTREACHED */ 3359 } 3360 3361 static struct block * 3362 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3363 { 3364 struct block *b0, *b1; 3365 3366 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3367 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3368 gen_and(b0, b1); 3369 3370 return (b1); 3371 } 3372