1 /* $OpenBSD: gencode.c,v 1.18 2002/11/29 18:27:54 mickey Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 #ifndef lint 24 static const char rcsid[] = 25 "@(#) $Header: /home/cvs/src/lib/libpcap/gencode.c,v 1.18 2002/11/29 18:27:54 mickey Exp $ (LBL)"; 26 #endif 27 28 #include <sys/types.h> 29 #include <sys/socket.h> 30 #include <sys/time.h> 31 32 struct mbuf; 33 struct rtentry; 34 35 #include <net/if.h> 36 37 #include <netinet/in.h> 38 #include <netinet/if_ether.h> 39 #include <netinet/if_arc.h> 40 41 #include <net/if_pflog.h> 42 #include <net/pfvar.h> 43 44 #include <stdlib.h> 45 #include <stddef.h> 46 #include <memory.h> 47 #include <setjmp.h> 48 #include <stdarg.h> 49 50 #include "pcap-int.h" 51 52 #include "ethertype.h" 53 #include "gencode.h" 54 #include "ppp.h" 55 #include <pcap-namedb.h> 56 #ifdef INET6 57 #include <netdb.h> 58 #include <sys/socket.h> 59 #endif /*INET6*/ 60 61 #ifdef HAVE_OS_PROTO_H 62 #include "os-proto.h" 63 #endif 64 65 #define JMP(c) ((c)|BPF_JMP|BPF_K) 66 67 /* Locals */ 68 static jmp_buf top_ctx; 69 static pcap_t *bpf_pcap; 70 71 /* XXX */ 72 #ifdef PCAP_FDDIPAD 73 int pcap_fddipad = PCAP_FDDIPAD; 74 #else 75 int pcap_fddipad; 76 #endif 77 78 /* VARARGS */ 79 __dead void 80 bpf_error(const char *fmt, ...) 81 { 82 va_list ap; 83 84 va_start(ap, fmt); 85 if (bpf_pcap != NULL) 86 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 87 fmt, ap); 88 va_end(ap); 89 longjmp(top_ctx, 1); 90 /* NOTREACHED */ 91 } 92 93 static void init_linktype(int); 94 95 static int alloc_reg(void); 96 static void free_reg(int); 97 98 static struct block *root; 99 100 /* 101 * We divy out chunks of memory rather than call malloc each time so 102 * we don't have to worry about leaking memory. It's probably 103 * not a big deal if all this memory was wasted but it this ever 104 * goes into a library that would probably not be a good idea. 105 */ 106 #define NCHUNKS 16 107 #define CHUNK0SIZE 1024 108 struct chunk { 109 u_int n_left; 110 void *m; 111 }; 112 113 static struct chunk chunks[NCHUNKS]; 114 static int cur_chunk; 115 116 static void *newchunk(u_int); 117 static void freechunks(void); 118 static __inline struct block *new_block(int); 119 static __inline struct slist *new_stmt(int); 120 static struct block *gen_retblk(int); 121 static __inline void syntax(void); 122 123 static void backpatch(struct block *, struct block *); 124 static void merge(struct block *, struct block *); 125 static struct block *gen_cmp(u_int, u_int, bpf_int32); 126 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 127 static struct block *gen_bcmp(u_int, u_int, const u_char *); 128 static struct block *gen_uncond(int); 129 static __inline struct block *gen_true(void); 130 static __inline struct block *gen_false(void); 131 static struct block *gen_linktype(int); 132 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 133 #ifdef INET6 134 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 135 #endif 136 static struct block *gen_ahostop(const u_char *, int); 137 static struct block *gen_ehostop(const u_char *, int); 138 static struct block *gen_fhostop(const u_char *, int); 139 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 140 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 141 #ifdef INET6 142 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 143 #endif 144 #ifndef INET6 145 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 146 #endif 147 static struct block *gen_ipfrag(void); 148 static struct block *gen_portatom(int, bpf_int32); 149 #ifdef INET6 150 static struct block *gen_portatom6(int, bpf_int32); 151 #endif 152 struct block *gen_portop(int, int, int); 153 static struct block *gen_port(int, int, int); 154 #ifdef INET6 155 struct block *gen_portop6(int, int, int); 156 static struct block *gen_port6(int, int, int); 157 #endif 158 static int lookup_proto(const char *, int); 159 static struct block *gen_protochain(int, int, int); 160 static struct block *gen_proto(int, int, int); 161 static struct slist *xfer_to_x(struct arth *); 162 static struct slist *xfer_to_a(struct arth *); 163 static struct block *gen_len(int, int); 164 165 static void * 166 newchunk(n) 167 u_int n; 168 { 169 struct chunk *cp; 170 int k, size; 171 172 /* XXX Round to structure boundary. */ 173 n = ALIGN(n); 174 175 cp = &chunks[cur_chunk]; 176 if (n > cp->n_left) { 177 ++cp, k = ++cur_chunk; 178 if (k >= NCHUNKS) 179 bpf_error("out of memory"); 180 size = CHUNK0SIZE << k; 181 cp->m = (void *)malloc(size); 182 if (cp->m == NULL) 183 bpf_error("out of memory"); 184 185 memset((char *)cp->m, 0, size); 186 cp->n_left = size; 187 if (n > size) 188 bpf_error("out of memory"); 189 } 190 cp->n_left -= n; 191 return (void *)((char *)cp->m + cp->n_left); 192 } 193 194 static void 195 freechunks() 196 { 197 int i; 198 199 cur_chunk = 0; 200 for (i = 0; i < NCHUNKS; ++i) 201 if (chunks[i].m != NULL) { 202 free(chunks[i].m); 203 chunks[i].m = NULL; 204 } 205 } 206 207 /* 208 * A strdup whose allocations are freed after code generation is over. 209 */ 210 char * 211 sdup(s) 212 register const char *s; 213 { 214 int n = strlen(s) + 1; 215 char *cp = newchunk(n); 216 217 strlcpy(cp, s, n); 218 return (cp); 219 } 220 221 static __inline struct block * 222 new_block(code) 223 int code; 224 { 225 struct block *p; 226 227 p = (struct block *)newchunk(sizeof(*p)); 228 p->s.code = code; 229 p->head = p; 230 231 return p; 232 } 233 234 static __inline struct slist * 235 new_stmt(code) 236 int code; 237 { 238 struct slist *p; 239 240 p = (struct slist *)newchunk(sizeof(*p)); 241 p->s.code = code; 242 243 return p; 244 } 245 246 static struct block * 247 gen_retblk(v) 248 int v; 249 { 250 struct block *b = new_block(BPF_RET|BPF_K); 251 252 b->s.k = v; 253 return b; 254 } 255 256 static __inline void 257 syntax() 258 { 259 bpf_error("syntax error in filter expression"); 260 } 261 262 static bpf_u_int32 netmask; 263 static int snaplen; 264 int no_optimize; 265 266 int 267 pcap_compile(pcap_t *p, struct bpf_program *program, 268 char *buf, int optimize, bpf_u_int32 mask) 269 { 270 extern int n_errors; 271 int len; 272 273 no_optimize = 0; 274 n_errors = 0; 275 root = NULL; 276 bpf_pcap = p; 277 if (setjmp(top_ctx)) { 278 freechunks(); 279 return (-1); 280 } 281 282 netmask = mask; 283 snaplen = pcap_snapshot(p); 284 285 lex_init(buf ? buf : ""); 286 init_linktype(pcap_datalink(p)); 287 (void)pcap_parse(); 288 289 if (n_errors) 290 syntax(); 291 292 if (root == NULL) 293 root = gen_retblk(snaplen); 294 295 if (optimize && !no_optimize) { 296 bpf_optimize(&root); 297 if (root == NULL || 298 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 299 bpf_error("expression rejects all packets"); 300 } 301 program->bf_insns = icode_to_fcode(root, &len); 302 program->bf_len = len; 303 304 freechunks(); 305 return (0); 306 } 307 308 /* 309 * entry point for using the compiler with no pcap open 310 * pass in all the stuff that is needed explicitly instead. 311 */ 312 int 313 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 314 struct bpf_program *program, 315 char *buf, int optimize, bpf_u_int32 mask) 316 { 317 extern int n_errors; 318 int len; 319 320 n_errors = 0; 321 root = NULL; 322 bpf_pcap = NULL; 323 if (setjmp(top_ctx)) { 324 freechunks(); 325 return (-1); 326 } 327 328 netmask = mask; 329 330 /* XXX needed? I don't grok the use of globals here. */ 331 snaplen = snaplen_arg; 332 333 lex_init(buf ? buf : ""); 334 init_linktype(linktype_arg); 335 (void)pcap_parse(); 336 337 if (n_errors) 338 syntax(); 339 340 if (root == NULL) 341 root = gen_retblk(snaplen_arg); 342 343 if (optimize) { 344 bpf_optimize(&root); 345 if (root == NULL || 346 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 347 bpf_error("expression rejects all packets"); 348 } 349 program->bf_insns = icode_to_fcode(root, &len); 350 program->bf_len = len; 351 352 freechunks(); 353 return (0); 354 } 355 356 /* 357 * Clean up a "struct bpf_program" by freeing all the memory allocated 358 * in it. 359 */ 360 void 361 pcap_freecode(struct bpf_program *program) 362 { 363 program->bf_len = 0; 364 if (program->bf_insns != NULL) { 365 free((char *)program->bf_insns); 366 program->bf_insns = NULL; 367 } 368 } 369 370 /* 371 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 372 * which of the jt and jf fields has been resolved and which is a pointer 373 * back to another unresolved block (or nil). At least one of the fields 374 * in each block is already resolved. 375 */ 376 static void 377 backpatch(list, target) 378 struct block *list, *target; 379 { 380 struct block *next; 381 382 while (list) { 383 if (!list->sense) { 384 next = JT(list); 385 JT(list) = target; 386 } else { 387 next = JF(list); 388 JF(list) = target; 389 } 390 list = next; 391 } 392 } 393 394 /* 395 * Merge the lists in b0 and b1, using the 'sense' field to indicate 396 * which of jt and jf is the link. 397 */ 398 static void 399 merge(b0, b1) 400 struct block *b0, *b1; 401 { 402 register struct block **p = &b0; 403 404 /* Find end of list. */ 405 while (*p) 406 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 407 408 /* Concatenate the lists. */ 409 *p = b1; 410 } 411 412 void 413 finish_parse(p) 414 struct block *p; 415 { 416 backpatch(p, gen_retblk(snaplen)); 417 p->sense = !p->sense; 418 backpatch(p, gen_retblk(0)); 419 root = p->head; 420 } 421 422 void 423 gen_and(b0, b1) 424 struct block *b0, *b1; 425 { 426 backpatch(b0, b1->head); 427 b0->sense = !b0->sense; 428 b1->sense = !b1->sense; 429 merge(b1, b0); 430 b1->sense = !b1->sense; 431 b1->head = b0->head; 432 } 433 434 void 435 gen_or(b0, b1) 436 struct block *b0, *b1; 437 { 438 b0->sense = !b0->sense; 439 backpatch(b0, b1->head); 440 b0->sense = !b0->sense; 441 merge(b1, b0); 442 b1->head = b0->head; 443 } 444 445 void 446 gen_not(b) 447 struct block *b; 448 { 449 b->sense = !b->sense; 450 } 451 452 static struct block * 453 gen_cmp(offset, size, v) 454 u_int offset, size; 455 bpf_int32 v; 456 { 457 struct slist *s; 458 struct block *b; 459 460 s = new_stmt(BPF_LD|BPF_ABS|size); 461 s->s.k = offset; 462 463 b = new_block(JMP(BPF_JEQ)); 464 b->stmts = s; 465 b->s.k = v; 466 467 return b; 468 } 469 470 static struct block * 471 gen_mcmp(offset, size, v, mask) 472 u_int offset, size; 473 bpf_int32 v; 474 bpf_u_int32 mask; 475 { 476 struct block *b = gen_cmp(offset, size, v); 477 struct slist *s; 478 479 if (mask != 0xffffffff) { 480 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 481 s->s.k = mask; 482 b->stmts->next = s; 483 } 484 return b; 485 } 486 487 static struct block * 488 gen_bcmp(offset, size, v) 489 register u_int offset, size; 490 register const u_char *v; 491 { 492 register struct block *b, *tmp; 493 494 b = NULL; 495 while (size >= 4) { 496 register const u_char *p = &v[size - 4]; 497 bpf_int32 w = ((bpf_int32)p[0] << 24) | 498 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 499 500 tmp = gen_cmp(offset + size - 4, BPF_W, w); 501 if (b != NULL) 502 gen_and(b, tmp); 503 b = tmp; 504 size -= 4; 505 } 506 while (size >= 2) { 507 register const u_char *p = &v[size - 2]; 508 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 509 510 tmp = gen_cmp(offset + size - 2, BPF_H, w); 511 if (b != NULL) 512 gen_and(b, tmp); 513 b = tmp; 514 size -= 2; 515 } 516 if (size > 0) { 517 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 518 if (b != NULL) 519 gen_and(b, tmp); 520 b = tmp; 521 } 522 return b; 523 } 524 525 /* 526 * Various code constructs need to know the layout of the data link 527 * layer. These variables give the necessary offsets. off_linktype 528 * is set to -1 for no encapsulation, in which case, IP is assumed. 529 */ 530 static u_int off_linktype; 531 static u_int off_nl; 532 static int linktype; 533 534 static void 535 init_linktype(type) 536 int type; 537 { 538 linktype = type; 539 540 switch (type) { 541 542 case DLT_ARCNET: 543 off_linktype = 2; 544 off_nl = 6; /* XXX in reality, variable! */ 545 return; 546 547 case DLT_EN10MB: 548 off_linktype = 12; 549 off_nl = 14; 550 return; 551 552 case DLT_SLIP: 553 /* 554 * SLIP doesn't have a link level type. The 16 byte 555 * header is hacked into our SLIP driver. 556 */ 557 off_linktype = -1; 558 off_nl = 16; 559 return; 560 561 case DLT_SLIP_BSDOS: 562 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 563 off_linktype = -1; 564 /* XXX end */ 565 off_nl = 24; 566 return; 567 568 case DLT_NULL: 569 off_linktype = 0; 570 off_nl = 4; 571 return; 572 573 case DLT_PPP: 574 off_linktype = 2; 575 off_nl = 4; 576 return; 577 578 case DLT_PPP_BSDOS: 579 off_linktype = 5; 580 off_nl = 24; 581 return; 582 583 case DLT_FDDI: 584 /* 585 * FDDI doesn't really have a link-level type field. 586 * We assume that SSAP = SNAP is being used and pick 587 * out the encapsulated Ethernet type. 588 */ 589 off_linktype = 19; 590 #ifdef PCAP_FDDIPAD 591 off_linktype += pcap_fddipad; 592 #endif 593 off_nl = 21; 594 #ifdef PCAP_FDDIPAD 595 off_nl += pcap_fddipad; 596 #endif 597 return; 598 599 case DLT_IEEE802: 600 off_linktype = 20; 601 off_nl = 22; 602 return; 603 604 case DLT_ATM_RFC1483: 605 /* 606 * assume routed, non-ISO PDUs 607 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 608 */ 609 off_linktype = 6; 610 off_nl = 8; 611 return; 612 613 case DLT_LOOP: 614 off_linktype = -1; 615 off_nl = 4; 616 return; 617 618 case DLT_ENC: 619 off_linktype = -1; 620 off_nl = 12; 621 return; 622 623 case DLT_PFLOG: 624 off_linktype = 0; 625 off_nl = 28; 626 return; 627 628 case DLT_PFSYNC: 629 off_linktype = -1; 630 off_nl = 4; 631 return; 632 633 case DLT_RAW: 634 off_linktype = -1; 635 off_nl = 0; 636 return; 637 } 638 bpf_error("unknown data link type 0x%x", linktype); 639 /* NOTREACHED */ 640 } 641 642 static struct block * 643 gen_uncond(rsense) 644 int rsense; 645 { 646 struct block *b; 647 struct slist *s; 648 649 s = new_stmt(BPF_LD|BPF_IMM); 650 s->s.k = !rsense; 651 b = new_block(JMP(BPF_JEQ)); 652 b->stmts = s; 653 654 return b; 655 } 656 657 static __inline struct block * 658 gen_true() 659 { 660 return gen_uncond(1); 661 } 662 663 static __inline struct block * 664 gen_false() 665 { 666 return gen_uncond(0); 667 } 668 669 static struct block * 670 gen_linktype(proto) 671 register int proto; 672 { 673 struct block *b0, *b1; 674 675 /* If we're not using encapsulation and checking for IP, we're done */ 676 if (off_linktype == -1 && proto == ETHERTYPE_IP) 677 return gen_true(); 678 #ifdef INET6 679 /* this isn't the right thing to do, but sometimes necessary */ 680 if (off_linktype == -1 && proto == ETHERTYPE_IPV6) 681 return gen_true(); 682 #endif 683 684 switch (linktype) { 685 686 case DLT_SLIP: 687 return gen_false(); 688 689 case DLT_PPP: 690 if (proto == ETHERTYPE_IP) 691 proto = PPP_IP; /* XXX was 0x21 */ 692 #ifdef INET6 693 else if (proto == ETHERTYPE_IPV6) 694 proto = PPP_IPV6; 695 #endif 696 break; 697 698 case DLT_PPP_BSDOS: 699 switch (proto) { 700 701 case ETHERTYPE_IP: 702 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 703 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 704 gen_or(b0, b1); 705 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 706 gen_or(b1, b0); 707 return b0; 708 709 #ifdef INET6 710 case ETHERTYPE_IPV6: 711 proto = PPP_IPV6; 712 /* more to go? */ 713 break; 714 #endif /* INET6 */ 715 716 case ETHERTYPE_DN: 717 proto = PPP_DECNET; 718 break; 719 720 case ETHERTYPE_ATALK: 721 proto = PPP_APPLE; 722 break; 723 724 case ETHERTYPE_NS: 725 proto = PPP_NS; 726 break; 727 } 728 break; 729 730 case DLT_LOOP: 731 case DLT_ENC: 732 case DLT_NULL: 733 /* XXX */ 734 if (proto == ETHERTYPE_IP) 735 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 736 #ifdef INET6 737 else if (proto == ETHERTYPE_IPV6) 738 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 739 #endif /* INET6 */ 740 else 741 return gen_false(); 742 break; 743 case DLT_PFLOG: 744 if (proto == ETHERTYPE_IP) 745 return (gen_cmp(0, BPF_W, (bpf_int32)AF_INET)); 746 #ifdef INET6 747 else if (proto == ETHERTYPE_IPV6) 748 return (gen_cmp(0, BPF_W, (bpf_int32)AF_INET6)); 749 #endif /* INET6 */ 750 else 751 return gen_false(); 752 break; 753 case DLT_ARCNET: 754 /* 755 * XXX should we check for first fragment if the protocol 756 * uses PHDS? 757 */ 758 switch(proto) { 759 default: 760 return gen_false(); 761 #ifdef INET6 762 case ETHERTYPE_IPV6: 763 return(gen_cmp(2, BPF_B, 764 (bpf_int32)htonl(ARCTYPE_INET6))); 765 #endif /* INET6 */ 766 case ETHERTYPE_IP: 767 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP)); 768 b1 = gen_cmp(2, BPF_B, 769 (bpf_int32)htonl(ARCTYPE_IP_OLD)); 770 gen_or(b0, b1); 771 return(b1); 772 case ETHERTYPE_ARP: 773 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP)); 774 b1 = gen_cmp(2, BPF_B, 775 (bpf_int32)htonl(ARCTYPE_ARP_OLD)); 776 gen_or(b0, b1); 777 return(b1); 778 case ETHERTYPE_REVARP: 779 return(gen_cmp(2, BPF_B, 780 (bpf_int32)htonl(ARCTYPE_REVARP))); 781 case ETHERTYPE_ATALK: 782 return(gen_cmp(2, BPF_B, 783 (bpf_int32)htonl(ARCTYPE_ATALK))); 784 } 785 } 786 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 787 } 788 789 static struct block * 790 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 791 bpf_u_int32 addr; 792 bpf_u_int32 mask; 793 int dir, proto; 794 u_int src_off, dst_off; 795 { 796 struct block *b0, *b1; 797 u_int offset; 798 799 switch (dir) { 800 801 case Q_SRC: 802 offset = src_off; 803 break; 804 805 case Q_DST: 806 offset = dst_off; 807 break; 808 809 case Q_AND: 810 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 811 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 812 gen_and(b0, b1); 813 return b1; 814 815 case Q_OR: 816 case Q_DEFAULT: 817 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 818 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 819 gen_or(b0, b1); 820 return b1; 821 822 default: 823 abort(); 824 } 825 b0 = gen_linktype(proto); 826 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 827 gen_and(b0, b1); 828 return b1; 829 } 830 831 #ifdef INET6 832 static struct block * 833 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 834 struct in6_addr *addr; 835 struct in6_addr *mask; 836 int dir, proto; 837 u_int src_off, dst_off; 838 { 839 struct block *b0, *b1; 840 u_int offset; 841 u_int32_t *a, *m; 842 843 switch (dir) { 844 845 case Q_SRC: 846 offset = src_off; 847 break; 848 849 case Q_DST: 850 offset = dst_off; 851 break; 852 853 case Q_AND: 854 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 855 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 856 gen_and(b0, b1); 857 return b1; 858 859 case Q_OR: 860 case Q_DEFAULT: 861 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 862 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 863 gen_or(b0, b1); 864 return b1; 865 866 default: 867 abort(); 868 } 869 /* this order is important */ 870 a = (u_int32_t *)addr; 871 m = (u_int32_t *)mask; 872 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 873 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 874 gen_and(b0, b1); 875 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 876 gen_and(b0, b1); 877 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 878 gen_and(b0, b1); 879 b0 = gen_linktype(proto); 880 gen_and(b0, b1); 881 return b1; 882 } 883 #endif /*INET6*/ 884 885 static struct block * 886 gen_ehostop(eaddr, dir) 887 register const u_char *eaddr; 888 register int dir; 889 { 890 struct block *b0, *b1; 891 892 switch (dir) { 893 case Q_SRC: 894 return gen_bcmp(6, 6, eaddr); 895 896 case Q_DST: 897 return gen_bcmp(0, 6, eaddr); 898 899 case Q_AND: 900 b0 = gen_ehostop(eaddr, Q_SRC); 901 b1 = gen_ehostop(eaddr, Q_DST); 902 gen_and(b0, b1); 903 return b1; 904 905 case Q_DEFAULT: 906 case Q_OR: 907 b0 = gen_ehostop(eaddr, Q_SRC); 908 b1 = gen_ehostop(eaddr, Q_DST); 909 gen_or(b0, b1); 910 return b1; 911 } 912 abort(); 913 /* NOTREACHED */ 914 } 915 916 /* 917 * Like gen_ehostop, but for DLT_FDDI 918 */ 919 static struct block * 920 gen_fhostop(eaddr, dir) 921 register const u_char *eaddr; 922 register int dir; 923 { 924 struct block *b0, *b1; 925 926 switch (dir) { 927 case Q_SRC: 928 #ifdef PCAP_FDDIPAD 929 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 930 #else 931 return gen_bcmp(6 + 1, 6, eaddr); 932 #endif 933 934 case Q_DST: 935 #ifdef PCAP_FDDIPAD 936 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 937 #else 938 return gen_bcmp(0 + 1, 6, eaddr); 939 #endif 940 941 case Q_AND: 942 b0 = gen_fhostop(eaddr, Q_SRC); 943 b1 = gen_fhostop(eaddr, Q_DST); 944 gen_and(b0, b1); 945 return b1; 946 947 case Q_DEFAULT: 948 case Q_OR: 949 b0 = gen_fhostop(eaddr, Q_SRC); 950 b1 = gen_fhostop(eaddr, Q_DST); 951 gen_or(b0, b1); 952 return b1; 953 } 954 abort(); 955 /* NOTREACHED */ 956 } 957 958 /* 959 * This is quite tricky because there may be pad bytes in front of the 960 * DECNET header, and then there are two possible data packet formats that 961 * carry both src and dst addresses, plus 5 packet types in a format that 962 * carries only the src node, plus 2 types that use a different format and 963 * also carry just the src node. 964 * 965 * Yuck. 966 * 967 * Instead of doing those all right, we just look for data packets with 968 * 0 or 1 bytes of padding. If you want to look at other packets, that 969 * will require a lot more hacking. 970 * 971 * To add support for filtering on DECNET "areas" (network numbers) 972 * one would want to add a "mask" argument to this routine. That would 973 * make the filter even more inefficient, although one could be clever 974 * and not generate masking instructions if the mask is 0xFFFF. 975 */ 976 static struct block * 977 gen_dnhostop(addr, dir, base_off) 978 bpf_u_int32 addr; 979 int dir; 980 u_int base_off; 981 { 982 struct block *b0, *b1, *b2, *tmp; 983 u_int offset_lh; /* offset if long header is received */ 984 u_int offset_sh; /* offset if short header is received */ 985 986 switch (dir) { 987 988 case Q_DST: 989 offset_sh = 1; /* follows flags */ 990 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 991 break; 992 993 case Q_SRC: 994 offset_sh = 3; /* follows flags, dstnode */ 995 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 996 break; 997 998 case Q_AND: 999 /* Inefficient because we do our Calvinball dance twice */ 1000 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1001 b1 = gen_dnhostop(addr, Q_DST, base_off); 1002 gen_and(b0, b1); 1003 return b1; 1004 1005 case Q_OR: 1006 case Q_DEFAULT: 1007 /* Inefficient because we do our Calvinball dance twice */ 1008 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1009 b1 = gen_dnhostop(addr, Q_DST, base_off); 1010 gen_or(b0, b1); 1011 return b1; 1012 1013 default: 1014 abort(); 1015 } 1016 b0 = gen_linktype(ETHERTYPE_DN); 1017 /* Check for pad = 1, long header case */ 1018 tmp = gen_mcmp(base_off + 2, BPF_H, 1019 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1020 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 1021 BPF_H, (bpf_int32)ntohs(addr)); 1022 gen_and(tmp, b1); 1023 /* Check for pad = 0, long header case */ 1024 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1025 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1026 gen_and(tmp, b2); 1027 gen_or(b2, b1); 1028 /* Check for pad = 1, short header case */ 1029 tmp = gen_mcmp(base_off + 2, BPF_H, 1030 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1031 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 1032 BPF_H, (bpf_int32)ntohs(addr)); 1033 gen_and(tmp, b2); 1034 gen_or(b2, b1); 1035 /* Check for pad = 0, short header case */ 1036 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1037 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1038 gen_and(tmp, b2); 1039 gen_or(b2, b1); 1040 1041 /* Combine with test for linktype */ 1042 gen_and(b0, b1); 1043 return b1; 1044 } 1045 1046 static struct block * 1047 gen_host(addr, mask, proto, dir) 1048 bpf_u_int32 addr; 1049 bpf_u_int32 mask; 1050 int proto; 1051 int dir; 1052 { 1053 struct block *b0, *b1; 1054 1055 switch (proto) { 1056 1057 case Q_DEFAULT: 1058 b0 = gen_host(addr, mask, Q_IP, dir); 1059 b1 = gen_host(addr, mask, Q_ARP, dir); 1060 gen_or(b0, b1); 1061 b0 = gen_host(addr, mask, Q_RARP, dir); 1062 gen_or(b1, b0); 1063 return b0; 1064 1065 case Q_IP: 1066 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1067 off_nl + 12, off_nl + 16); 1068 1069 case Q_RARP: 1070 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1071 off_nl + 14, off_nl + 24); 1072 1073 case Q_ARP: 1074 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1075 off_nl + 14, off_nl + 24); 1076 1077 case Q_TCP: 1078 bpf_error("'tcp' modifier applied to host"); 1079 1080 case Q_UDP: 1081 bpf_error("'udp' modifier applied to host"); 1082 1083 case Q_ICMP: 1084 bpf_error("'icmp' modifier applied to host"); 1085 1086 case Q_IGMP: 1087 bpf_error("'igmp' modifier applied to host"); 1088 1089 case Q_IGRP: 1090 bpf_error("'igrp' modifier applied to host"); 1091 1092 case Q_PIM: 1093 bpf_error("'pim' modifier applied to host"); 1094 1095 case Q_ATALK: 1096 bpf_error("ATALK host filtering not implemented"); 1097 1098 case Q_DECNET: 1099 return gen_dnhostop(addr, dir, off_nl); 1100 1101 case Q_SCA: 1102 bpf_error("SCA host filtering not implemented"); 1103 1104 case Q_LAT: 1105 bpf_error("LAT host filtering not implemented"); 1106 1107 case Q_MOPDL: 1108 bpf_error("MOPDL host filtering not implemented"); 1109 1110 case Q_MOPRC: 1111 bpf_error("MOPRC host filtering not implemented"); 1112 1113 #ifdef INET6 1114 case Q_IPV6: 1115 bpf_error("'ip6' modifier applied to ip host"); 1116 1117 case Q_ICMPV6: 1118 bpf_error("'icmp6' modifier applied to host"); 1119 #endif /* INET6 */ 1120 1121 case Q_AH: 1122 bpf_error("'ah' modifier applied to host"); 1123 1124 case Q_ESP: 1125 bpf_error("'esp' modifier applied to host"); 1126 1127 default: 1128 abort(); 1129 } 1130 /* NOTREACHED */ 1131 } 1132 1133 #ifdef INET6 1134 static struct block * 1135 gen_host6(addr, mask, proto, dir) 1136 struct in6_addr *addr; 1137 struct in6_addr *mask; 1138 int proto; 1139 int dir; 1140 { 1141 switch (proto) { 1142 1143 case Q_DEFAULT: 1144 return gen_host6(addr, mask, Q_IPV6, dir); 1145 1146 case Q_IP: 1147 bpf_error("'ip' modifier applied to ip6 host"); 1148 1149 case Q_RARP: 1150 bpf_error("'rarp' modifier applied to ip6 host"); 1151 1152 case Q_ARP: 1153 bpf_error("'arp' modifier applied to ip6 host"); 1154 1155 case Q_TCP: 1156 bpf_error("'tcp' modifier applied to host"); 1157 1158 case Q_UDP: 1159 bpf_error("'udp' modifier applied to host"); 1160 1161 case Q_ICMP: 1162 bpf_error("'icmp' modifier applied to host"); 1163 1164 case Q_IGMP: 1165 bpf_error("'igmp' modifier applied to host"); 1166 1167 case Q_IGRP: 1168 bpf_error("'igrp' modifier applied to host"); 1169 1170 case Q_PIM: 1171 bpf_error("'pim' modifier applied to host"); 1172 1173 case Q_ATALK: 1174 bpf_error("ATALK host filtering not implemented"); 1175 1176 case Q_DECNET: 1177 bpf_error("'decnet' modifier applied to ip6 host"); 1178 1179 case Q_SCA: 1180 bpf_error("SCA host filtering not implemented"); 1181 1182 case Q_LAT: 1183 bpf_error("LAT host filtering not implemented"); 1184 1185 case Q_MOPDL: 1186 bpf_error("MOPDL host filtering not implemented"); 1187 1188 case Q_MOPRC: 1189 bpf_error("MOPRC host filtering not implemented"); 1190 1191 case Q_IPV6: 1192 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1193 off_nl + 8, off_nl + 24); 1194 1195 case Q_ICMPV6: 1196 bpf_error("'icmp6' modifier applied to host"); 1197 1198 case Q_AH: 1199 bpf_error("'ah' modifier applied to host"); 1200 1201 case Q_ESP: 1202 bpf_error("'esp' modifier applied to host"); 1203 1204 default: 1205 abort(); 1206 } 1207 /* NOTREACHED */ 1208 } 1209 #endif /*INET6*/ 1210 1211 #ifndef INET6 1212 static struct block * 1213 gen_gateway(eaddr, alist, proto, dir) 1214 const u_char *eaddr; 1215 bpf_u_int32 **alist; 1216 int proto; 1217 int dir; 1218 { 1219 struct block *b0, *b1, *tmp; 1220 1221 if (dir != 0) 1222 bpf_error("direction applied to 'gateway'"); 1223 1224 switch (proto) { 1225 case Q_DEFAULT: 1226 case Q_IP: 1227 case Q_ARP: 1228 case Q_RARP: 1229 if (linktype == DLT_EN10MB) 1230 b0 = gen_ehostop(eaddr, Q_OR); 1231 else if (linktype == DLT_FDDI) 1232 b0 = gen_fhostop(eaddr, Q_OR); 1233 else 1234 bpf_error( 1235 "'gateway' supported only on ethernet or FDDI"); 1236 1237 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1238 while (*alist) { 1239 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1240 gen_or(b1, tmp); 1241 b1 = tmp; 1242 } 1243 gen_not(b1); 1244 gen_and(b0, b1); 1245 return b1; 1246 } 1247 bpf_error("illegal modifier of 'gateway'"); 1248 /* NOTREACHED */ 1249 } 1250 #endif /*INET6*/ 1251 1252 struct block * 1253 gen_proto_abbrev(proto) 1254 int proto; 1255 { 1256 struct block *b0 = NULL, *b1; 1257 1258 switch (proto) { 1259 1260 case Q_TCP: 1261 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1262 #ifdef INET6 1263 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1264 gen_or(b0, b1); 1265 #endif 1266 break; 1267 1268 case Q_UDP: 1269 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1270 #ifdef INET6 1271 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1272 gen_or(b0, b1); 1273 #endif 1274 break; 1275 1276 case Q_ICMP: 1277 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1278 break; 1279 1280 #ifndef IPPROTO_IGMP 1281 #define IPPROTO_IGMP 2 1282 #endif 1283 1284 case Q_IGMP: 1285 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1286 break; 1287 1288 #ifndef IPPROTO_IGRP 1289 #define IPPROTO_IGRP 9 1290 #endif 1291 case Q_IGRP: 1292 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1293 break; 1294 1295 #ifndef IPPROTO_PIM 1296 #define IPPROTO_PIM 103 1297 #endif 1298 1299 case Q_PIM: 1300 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1301 #ifdef INET6 1302 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1303 gen_or(b0, b1); 1304 #endif 1305 break; 1306 1307 case Q_IP: 1308 b1 = gen_linktype(ETHERTYPE_IP); 1309 break; 1310 1311 case Q_ARP: 1312 b1 = gen_linktype(ETHERTYPE_ARP); 1313 break; 1314 1315 case Q_RARP: 1316 b1 = gen_linktype(ETHERTYPE_REVARP); 1317 break; 1318 1319 case Q_LINK: 1320 bpf_error("link layer applied in wrong context"); 1321 1322 case Q_ATALK: 1323 b1 = gen_linktype(ETHERTYPE_ATALK); 1324 break; 1325 1326 case Q_DECNET: 1327 b1 = gen_linktype(ETHERTYPE_DN); 1328 break; 1329 1330 case Q_SCA: 1331 b1 = gen_linktype(ETHERTYPE_SCA); 1332 break; 1333 1334 case Q_LAT: 1335 b1 = gen_linktype(ETHERTYPE_LAT); 1336 break; 1337 1338 case Q_MOPDL: 1339 b1 = gen_linktype(ETHERTYPE_MOPDL); 1340 break; 1341 1342 case Q_MOPRC: 1343 b1 = gen_linktype(ETHERTYPE_MOPRC); 1344 break; 1345 1346 #ifdef INET6 1347 case Q_IPV6: 1348 b1 = gen_linktype(ETHERTYPE_IPV6); 1349 break; 1350 1351 #ifndef IPPROTO_ICMPV6 1352 #define IPPROTO_ICMPV6 58 1353 #endif 1354 case Q_ICMPV6: 1355 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1356 break; 1357 #endif /* INET6 */ 1358 1359 #ifndef IPPROTO_AH 1360 #define IPPROTO_AH 51 1361 #endif 1362 case Q_AH: 1363 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1364 #ifdef INET6 1365 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1366 gen_or(b0, b1); 1367 #endif 1368 break; 1369 1370 #ifndef IPPROTO_ESP 1371 #define IPPROTO_ESP 50 1372 #endif 1373 case Q_ESP: 1374 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1375 #ifdef INET6 1376 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1377 gen_or(b0, b1); 1378 #endif 1379 break; 1380 1381 default: 1382 abort(); 1383 } 1384 return b1; 1385 } 1386 1387 static struct block * 1388 gen_ipfrag() 1389 { 1390 struct slist *s; 1391 struct block *b; 1392 1393 /* not ip frag */ 1394 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1395 s->s.k = off_nl + 6; 1396 b = new_block(JMP(BPF_JSET)); 1397 b->s.k = 0x1fff; 1398 b->stmts = s; 1399 gen_not(b); 1400 1401 return b; 1402 } 1403 1404 static struct block * 1405 gen_portatom(off, v) 1406 int off; 1407 bpf_int32 v; 1408 { 1409 struct slist *s; 1410 struct block *b; 1411 1412 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1413 s->s.k = off_nl; 1414 1415 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 1416 s->next->s.k = off_nl + off; 1417 1418 b = new_block(JMP(BPF_JEQ)); 1419 b->stmts = s; 1420 b->s.k = v; 1421 1422 return b; 1423 } 1424 1425 #ifdef INET6 1426 static struct block * 1427 gen_portatom6(off, v) 1428 int off; 1429 bpf_int32 v; 1430 { 1431 return gen_cmp(off_nl + 40 + off, BPF_H, v); 1432 } 1433 #endif/*INET6*/ 1434 1435 struct block * 1436 gen_portop(port, proto, dir) 1437 int port, proto, dir; 1438 { 1439 struct block *b0, *b1, *tmp; 1440 1441 /* ip proto 'proto' */ 1442 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 1443 b0 = gen_ipfrag(); 1444 gen_and(tmp, b0); 1445 1446 switch (dir) { 1447 case Q_SRC: 1448 b1 = gen_portatom(0, (bpf_int32)port); 1449 break; 1450 1451 case Q_DST: 1452 b1 = gen_portatom(2, (bpf_int32)port); 1453 break; 1454 1455 case Q_OR: 1456 case Q_DEFAULT: 1457 tmp = gen_portatom(0, (bpf_int32)port); 1458 b1 = gen_portatom(2, (bpf_int32)port); 1459 gen_or(tmp, b1); 1460 break; 1461 1462 case Q_AND: 1463 tmp = gen_portatom(0, (bpf_int32)port); 1464 b1 = gen_portatom(2, (bpf_int32)port); 1465 gen_and(tmp, b1); 1466 break; 1467 1468 default: 1469 abort(); 1470 } 1471 gen_and(b0, b1); 1472 1473 return b1; 1474 } 1475 1476 static struct block * 1477 gen_port(port, ip_proto, dir) 1478 int port; 1479 int ip_proto; 1480 int dir; 1481 { 1482 struct block *b0, *b1, *tmp; 1483 1484 /* ether proto ip */ 1485 b0 = gen_linktype(ETHERTYPE_IP); 1486 1487 switch (ip_proto) { 1488 case IPPROTO_UDP: 1489 case IPPROTO_TCP: 1490 b1 = gen_portop(port, ip_proto, dir); 1491 break; 1492 1493 case PROTO_UNDEF: 1494 tmp = gen_portop(port, IPPROTO_TCP, dir); 1495 b1 = gen_portop(port, IPPROTO_UDP, dir); 1496 gen_or(tmp, b1); 1497 break; 1498 1499 default: 1500 abort(); 1501 } 1502 gen_and(b0, b1); 1503 return b1; 1504 } 1505 1506 #ifdef INET6 1507 struct block * 1508 gen_portop6(port, proto, dir) 1509 int port, proto, dir; 1510 { 1511 struct block *b0, *b1, *tmp; 1512 1513 /* ip proto 'proto' */ 1514 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 1515 1516 switch (dir) { 1517 case Q_SRC: 1518 b1 = gen_portatom6(0, (bpf_int32)port); 1519 break; 1520 1521 case Q_DST: 1522 b1 = gen_portatom6(2, (bpf_int32)port); 1523 break; 1524 1525 case Q_OR: 1526 case Q_DEFAULT: 1527 tmp = gen_portatom6(0, (bpf_int32)port); 1528 b1 = gen_portatom6(2, (bpf_int32)port); 1529 gen_or(tmp, b1); 1530 break; 1531 1532 case Q_AND: 1533 tmp = gen_portatom6(0, (bpf_int32)port); 1534 b1 = gen_portatom6(2, (bpf_int32)port); 1535 gen_and(tmp, b1); 1536 break; 1537 1538 default: 1539 abort(); 1540 } 1541 gen_and(b0, b1); 1542 1543 return b1; 1544 } 1545 1546 static struct block * 1547 gen_port6(port, ip_proto, dir) 1548 int port; 1549 int ip_proto; 1550 int dir; 1551 { 1552 struct block *b0, *b1, *tmp; 1553 1554 /* ether proto ip */ 1555 b0 = gen_linktype(ETHERTYPE_IPV6); 1556 1557 switch (ip_proto) { 1558 case IPPROTO_UDP: 1559 case IPPROTO_TCP: 1560 b1 = gen_portop6(port, ip_proto, dir); 1561 break; 1562 1563 case PROTO_UNDEF: 1564 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1565 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1566 gen_or(tmp, b1); 1567 break; 1568 1569 default: 1570 abort(); 1571 } 1572 gen_and(b0, b1); 1573 return b1; 1574 } 1575 #endif /* INET6 */ 1576 1577 static int 1578 lookup_proto(name, proto) 1579 register const char *name; 1580 register int proto; 1581 { 1582 register int v; 1583 1584 switch (proto) { 1585 1586 case Q_DEFAULT: 1587 case Q_IP: 1588 v = pcap_nametoproto(name); 1589 if (v == PROTO_UNDEF) 1590 bpf_error("unknown ip proto '%s'", name); 1591 break; 1592 1593 case Q_LINK: 1594 /* XXX should look up h/w protocol type based on linktype */ 1595 v = pcap_nametoeproto(name); 1596 if (v == PROTO_UNDEF) 1597 bpf_error("unknown ether proto '%s'", name); 1598 break; 1599 1600 default: 1601 v = PROTO_UNDEF; 1602 break; 1603 } 1604 return v; 1605 } 1606 1607 static struct block * 1608 gen_protochain(v, proto, dir) 1609 int v; 1610 int proto; 1611 int dir; 1612 { 1613 struct block *b0, *b; 1614 struct slist *s[100]; 1615 int fix2, fix3, fix4, fix5; 1616 int ahcheck, again, end; 1617 int i, max; 1618 int reg1 = alloc_reg(); 1619 int reg2 = alloc_reg(); 1620 1621 memset(s, 0, sizeof(s)); 1622 fix2 = fix3 = fix4 = fix5 = 0; 1623 1624 switch (proto) { 1625 case Q_IP: 1626 case Q_IPV6: 1627 break; 1628 case Q_DEFAULT: 1629 b0 = gen_protochain(v, Q_IP, dir); 1630 b = gen_protochain(v, Q_IPV6, dir); 1631 gen_or(b0, b); 1632 return b; 1633 default: 1634 bpf_error("bad protocol applied for 'protochain'"); 1635 /*NOTREACHED*/ 1636 } 1637 1638 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1639 1640 /* 1641 * s[0] is a dummy entry to protect other BPF insn from damaged 1642 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1643 * hard to find interdependency made by jump table fixup. 1644 */ 1645 i = 0; 1646 s[i] = new_stmt(0); /*dummy*/ 1647 i++; 1648 1649 switch (proto) { 1650 case Q_IP: 1651 b0 = gen_linktype(ETHERTYPE_IP); 1652 1653 /* A = ip->ip_p */ 1654 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1655 s[i]->s.k = off_nl + 9; 1656 i++; 1657 /* X = ip->ip_hl << 2 */ 1658 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1659 s[i]->s.k = off_nl; 1660 i++; 1661 break; 1662 case Q_IPV6: 1663 b0 = gen_linktype(ETHERTYPE_IPV6); 1664 1665 /* A = ip6->ip_nxt */ 1666 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1667 s[i]->s.k = off_nl + 6; 1668 i++; 1669 /* X = sizeof(struct ip6_hdr) */ 1670 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1671 s[i]->s.k = 40; 1672 i++; 1673 break; 1674 default: 1675 bpf_error("unsupported proto to gen_protochain"); 1676 /*NOTREACHED*/ 1677 } 1678 1679 /* again: if (A == v) goto end; else fall through; */ 1680 again = i; 1681 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1682 s[i]->s.k = v; 1683 s[i]->s.jt = NULL; /*later*/ 1684 s[i]->s.jf = NULL; /*update in next stmt*/ 1685 fix5 = i; 1686 i++; 1687 1688 /* if (A == IPPROTO_NONE) goto end */ 1689 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1690 s[i]->s.jt = NULL; /*later*/ 1691 s[i]->s.jf = NULL; /*update in next stmt*/ 1692 s[i]->s.k = IPPROTO_NONE; 1693 s[fix5]->s.jf = s[i]; 1694 fix2 = i; 1695 i++; 1696 1697 if (proto == Q_IPV6) { 1698 int v6start, v6end, v6advance, j; 1699 1700 v6start = i; 1701 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1702 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1703 s[i]->s.jt = NULL; /*later*/ 1704 s[i]->s.jf = NULL; /*update in next stmt*/ 1705 s[i]->s.k = IPPROTO_HOPOPTS; 1706 s[fix2]->s.jf = s[i]; 1707 i++; 1708 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1709 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1710 s[i]->s.jt = NULL; /*later*/ 1711 s[i]->s.jf = NULL; /*update in next stmt*/ 1712 s[i]->s.k = IPPROTO_DSTOPTS; 1713 i++; 1714 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1715 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1716 s[i]->s.jt = NULL; /*later*/ 1717 s[i]->s.jf = NULL; /*update in next stmt*/ 1718 s[i]->s.k = IPPROTO_ROUTING; 1719 i++; 1720 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1721 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1722 s[i]->s.jt = NULL; /*later*/ 1723 s[i]->s.jf = NULL; /*later*/ 1724 s[i]->s.k = IPPROTO_FRAGMENT; 1725 fix3 = i; 1726 v6end = i; 1727 i++; 1728 1729 /* v6advance: */ 1730 v6advance = i; 1731 1732 /* 1733 * in short, 1734 * A = P[X + 1]; 1735 * X = X + (P[X] + 1) * 8; 1736 */ 1737 /* A = X */ 1738 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1739 i++; 1740 /* MEM[reg1] = A */ 1741 s[i] = new_stmt(BPF_ST); 1742 s[i]->s.k = reg1; 1743 i++; 1744 /* A += 1 */ 1745 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1746 s[i]->s.k = 1; 1747 i++; 1748 /* X = A */ 1749 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1750 i++; 1751 /* A = P[X + packet head]; */ 1752 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1753 s[i]->s.k = off_nl; 1754 i++; 1755 /* MEM[reg2] = A */ 1756 s[i] = new_stmt(BPF_ST); 1757 s[i]->s.k = reg2; 1758 i++; 1759 /* X = MEM[reg1] */ 1760 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1761 s[i]->s.k = reg1; 1762 i++; 1763 /* A = P[X + packet head] */ 1764 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1765 s[i]->s.k = off_nl; 1766 i++; 1767 /* A += 1 */ 1768 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1769 s[i]->s.k = 1; 1770 i++; 1771 /* A *= 8 */ 1772 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1773 s[i]->s.k = 8; 1774 i++; 1775 /* X = A; */ 1776 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1777 i++; 1778 /* A = MEM[reg2] */ 1779 s[i] = new_stmt(BPF_LD|BPF_MEM); 1780 s[i]->s.k = reg2; 1781 i++; 1782 1783 /* goto again; (must use BPF_JA for backward jump) */ 1784 s[i] = new_stmt(BPF_JMP|BPF_JA); 1785 s[i]->s.k = again - i - 1; 1786 s[i - 1]->s.jf = s[i]; 1787 i++; 1788 1789 /* fixup */ 1790 for (j = v6start; j <= v6end; j++) 1791 s[j]->s.jt = s[v6advance]; 1792 } else { 1793 /* nop */ 1794 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1795 s[i]->s.k = 0; 1796 s[fix2]->s.jf = s[i]; 1797 i++; 1798 } 1799 1800 /* ahcheck: */ 1801 ahcheck = i; 1802 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 1803 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1804 s[i]->s.jt = NULL; /*later*/ 1805 s[i]->s.jf = NULL; /*later*/ 1806 s[i]->s.k = IPPROTO_AH; 1807 if (fix3) 1808 s[fix3]->s.jf = s[ahcheck]; 1809 fix4 = i; 1810 i++; 1811 1812 /* 1813 * in short, 1814 * A = P[X + 1]; 1815 * X = X + (P[X] + 2) * 4; 1816 */ 1817 /* A = X */ 1818 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 1819 i++; 1820 /* MEM[reg1] = A */ 1821 s[i] = new_stmt(BPF_ST); 1822 s[i]->s.k = reg1; 1823 i++; 1824 /* A += 1 */ 1825 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1826 s[i]->s.k = 1; 1827 i++; 1828 /* X = A */ 1829 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1830 i++; 1831 /* A = P[X + packet head]; */ 1832 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1833 s[i]->s.k = off_nl; 1834 i++; 1835 /* MEM[reg2] = A */ 1836 s[i] = new_stmt(BPF_ST); 1837 s[i]->s.k = reg2; 1838 i++; 1839 /* X = MEM[reg1] */ 1840 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1841 s[i]->s.k = reg1; 1842 i++; 1843 /* A = P[X + packet head] */ 1844 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1845 s[i]->s.k = off_nl; 1846 i++; 1847 /* A += 2 */ 1848 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1849 s[i]->s.k = 2; 1850 i++; 1851 /* A *= 4 */ 1852 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1853 s[i]->s.k = 4; 1854 i++; 1855 /* X = A; */ 1856 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1857 i++; 1858 /* A = MEM[reg2] */ 1859 s[i] = new_stmt(BPF_LD|BPF_MEM); 1860 s[i]->s.k = reg2; 1861 i++; 1862 1863 /* goto again; (must use BPF_JA for backward jump) */ 1864 s[i] = new_stmt(BPF_JMP|BPF_JA); 1865 s[i]->s.k = again - i - 1; 1866 i++; 1867 1868 /* end: nop */ 1869 end = i; 1870 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1871 s[i]->s.k = 0; 1872 s[fix2]->s.jt = s[end]; 1873 s[fix4]->s.jf = s[end]; 1874 s[fix5]->s.jt = s[end]; 1875 i++; 1876 1877 /* 1878 * make slist chain 1879 */ 1880 max = i; 1881 for (i = 0; i < max - 1; i++) 1882 s[i]->next = s[i + 1]; 1883 s[max - 1]->next = NULL; 1884 1885 /* 1886 * emit final check 1887 */ 1888 b = new_block(JMP(BPF_JEQ)); 1889 b->stmts = s[1]; /*remember, s[0] is dummy*/ 1890 b->s.k = v; 1891 1892 free_reg(reg1); 1893 free_reg(reg2); 1894 1895 gen_and(b0, b); 1896 return b; 1897 } 1898 1899 static struct block * 1900 gen_proto(v, proto, dir) 1901 int v; 1902 int proto; 1903 int dir; 1904 { 1905 struct block *b0, *b1; 1906 1907 if (dir != Q_DEFAULT) 1908 bpf_error("direction applied to 'proto'"); 1909 1910 switch (proto) { 1911 case Q_DEFAULT: 1912 #ifdef INET6 1913 b0 = gen_proto(v, Q_IP, dir); 1914 b1 = gen_proto(v, Q_IPV6, dir); 1915 gen_or(b0, b1); 1916 return b1; 1917 #else 1918 /*FALLTHROUGH*/ 1919 #endif 1920 case Q_IP: 1921 b0 = gen_linktype(ETHERTYPE_IP); 1922 #ifndef CHASE_CHAIN 1923 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 1924 #else 1925 b1 = gen_protochain(v, Q_IP); 1926 #endif 1927 gen_and(b0, b1); 1928 return b1; 1929 1930 case Q_ARP: 1931 bpf_error("arp does not encapsulate another protocol"); 1932 /* NOTREACHED */ 1933 1934 case Q_RARP: 1935 bpf_error("rarp does not encapsulate another protocol"); 1936 /* NOTREACHED */ 1937 1938 case Q_ATALK: 1939 bpf_error("atalk encapsulation is not specifiable"); 1940 /* NOTREACHED */ 1941 1942 case Q_DECNET: 1943 bpf_error("decnet encapsulation is not specifiable"); 1944 /* NOTREACHED */ 1945 1946 case Q_SCA: 1947 bpf_error("sca does not encapsulate another protocol"); 1948 /* NOTREACHED */ 1949 1950 case Q_LAT: 1951 bpf_error("lat does not encapsulate another protocol"); 1952 /* NOTREACHED */ 1953 1954 case Q_MOPRC: 1955 bpf_error("moprc does not encapsulate another protocol"); 1956 /* NOTREACHED */ 1957 1958 case Q_MOPDL: 1959 bpf_error("mopdl does not encapsulate another protocol"); 1960 /* NOTREACHED */ 1961 1962 case Q_LINK: 1963 return gen_linktype(v); 1964 1965 case Q_UDP: 1966 bpf_error("'udp proto' is bogus"); 1967 /* NOTREACHED */ 1968 1969 case Q_TCP: 1970 bpf_error("'tcp proto' is bogus"); 1971 /* NOTREACHED */ 1972 1973 case Q_ICMP: 1974 bpf_error("'icmp proto' is bogus"); 1975 /* NOTREACHED */ 1976 1977 case Q_IGMP: 1978 bpf_error("'igmp proto' is bogus"); 1979 /* NOTREACHED */ 1980 1981 case Q_IGRP: 1982 bpf_error("'igrp proto' is bogus"); 1983 /* NOTREACHED */ 1984 1985 case Q_PIM: 1986 bpf_error("'pim proto' is bogus"); 1987 /* NOTREACHED */ 1988 1989 #ifdef INET6 1990 case Q_IPV6: 1991 b0 = gen_linktype(ETHERTYPE_IPV6); 1992 #ifndef CHASE_CHAIN 1993 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 1994 #else 1995 b1 = gen_protochain(v, Q_IPV6); 1996 #endif 1997 gen_and(b0, b1); 1998 return b1; 1999 2000 case Q_ICMPV6: 2001 bpf_error("'icmp6 proto' is bogus"); 2002 #endif /* INET6 */ 2003 2004 case Q_AH: 2005 bpf_error("'ah proto' is bogus"); 2006 2007 case Q_ESP: 2008 bpf_error("'ah proto' is bogus"); 2009 2010 default: 2011 abort(); 2012 /* NOTREACHED */ 2013 } 2014 /* NOTREACHED */ 2015 } 2016 2017 struct block * 2018 gen_scode(name, q) 2019 register const char *name; 2020 struct qual q; 2021 { 2022 int proto = q.proto; 2023 int dir = q.dir; 2024 int tproto; 2025 u_char *eaddr; 2026 bpf_u_int32 mask, addr; 2027 #ifndef INET6 2028 bpf_u_int32 **alist; 2029 #else 2030 int tproto6; 2031 struct sockaddr_in *sin; 2032 struct sockaddr_in6 *sin6; 2033 struct addrinfo *res, *res0; 2034 struct in6_addr mask128; 2035 #endif /*INET6*/ 2036 struct block *b, *tmp; 2037 int port, real_proto; 2038 2039 switch (q.addr) { 2040 2041 case Q_NET: 2042 addr = pcap_nametonetaddr(name); 2043 if (addr == 0) 2044 bpf_error("unknown network '%s'", name); 2045 /* Left justify network addr and calculate its network mask */ 2046 mask = 0xffffffff; 2047 while (addr && (addr & 0xff000000) == 0) { 2048 addr <<= 8; 2049 mask <<= 8; 2050 } 2051 return gen_host(addr, mask, proto, dir); 2052 2053 case Q_DEFAULT: 2054 case Q_HOST: 2055 if (proto == Q_LINK) { 2056 switch (linktype) { 2057 2058 case DLT_EN10MB: 2059 eaddr = pcap_ether_hostton(name); 2060 if (eaddr == NULL) 2061 bpf_error( 2062 "unknown ether host '%s'", name); 2063 return gen_ehostop(eaddr, dir); 2064 2065 case DLT_FDDI: 2066 eaddr = pcap_ether_hostton(name); 2067 if (eaddr == NULL) 2068 bpf_error( 2069 "unknown FDDI host '%s'", name); 2070 return gen_fhostop(eaddr, dir); 2071 2072 default: 2073 bpf_error( 2074 "only ethernet/FDDI supports link-level host name"); 2075 break; 2076 } 2077 } else if (proto == Q_DECNET) { 2078 unsigned short dn_addr = __pcap_nametodnaddr(name); 2079 /* 2080 * I don't think DECNET hosts can be multihomed, so 2081 * there is no need to build up a list of addresses 2082 */ 2083 return (gen_host(dn_addr, 0, proto, dir)); 2084 } else { 2085 #ifndef INET6 2086 alist = pcap_nametoaddr(name); 2087 if (alist == NULL || *alist == NULL) 2088 bpf_error("unknown host '%s'", name); 2089 tproto = proto; 2090 if (off_linktype == -1 && tproto == Q_DEFAULT) 2091 tproto = Q_IP; 2092 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2093 while (*alist) { 2094 tmp = gen_host(**alist++, 0xffffffff, 2095 tproto, dir); 2096 gen_or(b, tmp); 2097 b = tmp; 2098 } 2099 return b; 2100 #else 2101 memset(&mask128, 0xff, sizeof(mask128)); 2102 res0 = res = pcap_nametoaddrinfo(name); 2103 if (res == NULL) 2104 bpf_error("unknown host '%s'", name); 2105 b = tmp = NULL; 2106 tproto = tproto6 = proto; 2107 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2108 tproto = Q_IP; 2109 tproto6 = Q_IPV6; 2110 } 2111 for (res = res0; res; res = res->ai_next) { 2112 switch (res->ai_family) { 2113 case AF_INET: 2114 if (tproto == Q_IPV6) 2115 continue; 2116 2117 sin = (struct sockaddr_in *) 2118 res->ai_addr; 2119 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2120 0xffffffff, tproto, dir); 2121 break; 2122 case AF_INET6: 2123 if (tproto6 == Q_IP) 2124 continue; 2125 2126 sin6 = (struct sockaddr_in6 *) 2127 res->ai_addr; 2128 tmp = gen_host6(&sin6->sin6_addr, 2129 &mask128, tproto6, dir); 2130 break; 2131 } 2132 if (b) 2133 gen_or(b, tmp); 2134 b = tmp; 2135 } 2136 freeaddrinfo(res0); 2137 if (b == NULL) { 2138 bpf_error("unknown host '%s'%s", name, 2139 (proto == Q_DEFAULT) 2140 ? "" 2141 : " for specified address family"); 2142 } 2143 return b; 2144 #endif /*INET6*/ 2145 } 2146 2147 case Q_PORT: 2148 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2149 bpf_error("illegal qualifier of 'port'"); 2150 if (pcap_nametoport(name, &port, &real_proto) == 0) 2151 bpf_error("unknown port '%s'", name); 2152 if (proto == Q_UDP) { 2153 if (real_proto == IPPROTO_TCP) 2154 bpf_error("port '%s' is tcp", name); 2155 else 2156 /* override PROTO_UNDEF */ 2157 real_proto = IPPROTO_UDP; 2158 } 2159 if (proto == Q_TCP) { 2160 if (real_proto == IPPROTO_UDP) 2161 bpf_error("port '%s' is udp", name); 2162 else 2163 /* override PROTO_UNDEF */ 2164 real_proto = IPPROTO_TCP; 2165 } 2166 #ifndef INET6 2167 return gen_port(port, real_proto, dir); 2168 #else 2169 { 2170 struct block *b; 2171 b = gen_port(port, real_proto, dir); 2172 gen_or(gen_port6(port, real_proto, dir), b); 2173 return b; 2174 } 2175 #endif /* INET6 */ 2176 2177 case Q_GATEWAY: 2178 #ifndef INET6 2179 eaddr = pcap_ether_hostton(name); 2180 if (eaddr == NULL) 2181 bpf_error("unknown ether host: %s", name); 2182 2183 alist = pcap_nametoaddr(name); 2184 if (alist == NULL || *alist == NULL) 2185 bpf_error("unknown host '%s'", name); 2186 return gen_gateway(eaddr, alist, proto, dir); 2187 #else 2188 bpf_error("'gateway' not supported in this configuration"); 2189 #endif /*INET6*/ 2190 2191 case Q_PROTO: 2192 real_proto = lookup_proto(name, proto); 2193 if (real_proto >= 0) 2194 return gen_proto(real_proto, proto, dir); 2195 else 2196 bpf_error("unknown protocol: %s", name); 2197 2198 case Q_PROTOCHAIN: 2199 real_proto = lookup_proto(name, proto); 2200 if (real_proto >= 0) 2201 return gen_protochain(real_proto, proto, dir); 2202 else 2203 bpf_error("unknown protocol: %s", name); 2204 2205 2206 case Q_UNDEF: 2207 syntax(); 2208 /* NOTREACHED */ 2209 } 2210 abort(); 2211 /* NOTREACHED */ 2212 } 2213 2214 struct block * 2215 gen_mcode(s1, s2, masklen, q) 2216 register const char *s1, *s2; 2217 register int masklen; 2218 struct qual q; 2219 { 2220 register int nlen, mlen; 2221 bpf_u_int32 n, m; 2222 2223 nlen = __pcap_atoin(s1, &n); 2224 /* Promote short ipaddr */ 2225 n <<= 32 - nlen; 2226 2227 if (s2 != NULL) { 2228 mlen = __pcap_atoin(s2, &m); 2229 /* Promote short ipaddr */ 2230 m <<= 32 - mlen; 2231 if ((n & ~m) != 0) 2232 bpf_error("non-network bits set in \"%s mask %s\"", 2233 s1, s2); 2234 } else { 2235 /* Convert mask len to mask */ 2236 if (masklen > 32) 2237 bpf_error("mask length must be <= 32"); 2238 m = 0xffffffff << (32 - masklen); 2239 if ((n & ~m) != 0) 2240 bpf_error("non-network bits set in \"%s/%d\"", 2241 s1, masklen); 2242 } 2243 2244 switch (q.addr) { 2245 2246 case Q_NET: 2247 return gen_host(n, m, q.proto, q.dir); 2248 2249 default: 2250 bpf_error("Mask syntax for networks only"); 2251 /* NOTREACHED */ 2252 } 2253 } 2254 2255 struct block * 2256 gen_ncode(s, v, q) 2257 register const char *s; 2258 bpf_u_int32 v; 2259 struct qual q; 2260 { 2261 bpf_u_int32 mask; 2262 int proto = q.proto; 2263 int dir = q.dir; 2264 register int vlen; 2265 2266 if (s == NULL) 2267 vlen = 32; 2268 else if (q.proto == Q_DECNET) 2269 vlen = __pcap_atodn(s, &v); 2270 else 2271 vlen = __pcap_atoin(s, &v); 2272 2273 switch (q.addr) { 2274 2275 case Q_DEFAULT: 2276 case Q_HOST: 2277 case Q_NET: 2278 if (proto == Q_DECNET) 2279 return gen_host(v, 0, proto, dir); 2280 else if (proto == Q_LINK) { 2281 bpf_error("illegal link layer address"); 2282 } else { 2283 mask = 0xffffffff; 2284 if (s == NULL && q.addr == Q_NET) { 2285 /* Promote short net number */ 2286 while (v && (v & 0xff000000) == 0) { 2287 v <<= 8; 2288 mask <<= 8; 2289 } 2290 } else { 2291 /* Promote short ipaddr */ 2292 v <<= 32 - vlen; 2293 mask <<= 32 - vlen; 2294 } 2295 return gen_host(v, mask, proto, dir); 2296 } 2297 2298 case Q_PORT: 2299 if (proto == Q_UDP) 2300 proto = IPPROTO_UDP; 2301 else if (proto == Q_TCP) 2302 proto = IPPROTO_TCP; 2303 else if (proto == Q_DEFAULT) 2304 proto = PROTO_UNDEF; 2305 else 2306 bpf_error("illegal qualifier of 'port'"); 2307 2308 #ifndef INET6 2309 return gen_port((int)v, proto, dir); 2310 #else 2311 { 2312 struct block *b; 2313 b = gen_port((int)v, proto, dir); 2314 gen_or(gen_port6((int)v, proto, dir), b); 2315 return b; 2316 } 2317 #endif /* INET6 */ 2318 2319 case Q_GATEWAY: 2320 bpf_error("'gateway' requires a name"); 2321 /* NOTREACHED */ 2322 2323 case Q_PROTO: 2324 return gen_proto((int)v, proto, dir); 2325 2326 case Q_PROTOCHAIN: 2327 return gen_protochain((int)v, proto, dir); 2328 2329 case Q_UNDEF: 2330 syntax(); 2331 /* NOTREACHED */ 2332 2333 default: 2334 abort(); 2335 /* NOTREACHED */ 2336 } 2337 /* NOTREACHED */ 2338 } 2339 2340 #ifdef INET6 2341 struct block * 2342 gen_mcode6(s1, s2, masklen, q) 2343 register const char *s1, *s2; 2344 register int masklen; 2345 struct qual q; 2346 { 2347 struct addrinfo *res; 2348 struct in6_addr *addr; 2349 struct in6_addr mask; 2350 struct block *b; 2351 u_int32_t *a, *m; 2352 2353 if (s2) 2354 bpf_error("no mask %s supported", s2); 2355 2356 res = pcap_nametoaddrinfo(s1); 2357 if (!res) 2358 bpf_error("invalid ip6 address %s", s1); 2359 if (res->ai_next) 2360 bpf_error("%s resolved to multiple address", s1); 2361 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2362 2363 if (sizeof(mask) * 8 < masklen) 2364 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2365 memset(&mask, 0xff, masklen / 8); 2366 if (masklen % 8) { 2367 mask.s6_addr[masklen / 8] = 2368 (0xff << (8 - masklen % 8)) & 0xff; 2369 } 2370 2371 a = (u_int32_t *)addr; 2372 m = (u_int32_t *)&mask; 2373 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2374 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2375 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2376 } 2377 2378 switch (q.addr) { 2379 2380 case Q_DEFAULT: 2381 case Q_HOST: 2382 if (masklen != 128) 2383 bpf_error("Mask syntax for networks only"); 2384 /* FALLTHROUGH */ 2385 2386 case Q_NET: 2387 b = gen_host6(addr, &mask, q.proto, q.dir); 2388 freeaddrinfo(res); 2389 return b; 2390 2391 default: 2392 bpf_error("invalid qualifier against IPv6 address"); 2393 /* NOTREACHED */ 2394 } 2395 } 2396 #endif /*INET6*/ 2397 2398 struct block * 2399 gen_ecode(eaddr, q) 2400 register const u_char *eaddr; 2401 struct qual q; 2402 { 2403 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2404 if (linktype == DLT_EN10MB) 2405 return gen_ehostop(eaddr, (int)q.dir); 2406 if (linktype == DLT_FDDI) 2407 return gen_fhostop(eaddr, (int)q.dir); 2408 } 2409 bpf_error("ethernet address used in non-ether expression"); 2410 /* NOTREACHED */ 2411 } 2412 2413 void 2414 sappend(s0, s1) 2415 struct slist *s0, *s1; 2416 { 2417 /* 2418 * This is definitely not the best way to do this, but the 2419 * lists will rarely get long. 2420 */ 2421 while (s0->next) 2422 s0 = s0->next; 2423 s0->next = s1; 2424 } 2425 2426 static struct slist * 2427 xfer_to_x(a) 2428 struct arth *a; 2429 { 2430 struct slist *s; 2431 2432 s = new_stmt(BPF_LDX|BPF_MEM); 2433 s->s.k = a->regno; 2434 return s; 2435 } 2436 2437 static struct slist * 2438 xfer_to_a(a) 2439 struct arth *a; 2440 { 2441 struct slist *s; 2442 2443 s = new_stmt(BPF_LD|BPF_MEM); 2444 s->s.k = a->regno; 2445 return s; 2446 } 2447 2448 struct arth * 2449 gen_load(proto, index, size) 2450 int proto; 2451 struct arth *index; 2452 int size; 2453 { 2454 struct slist *s, *tmp; 2455 struct block *b; 2456 int regno = alloc_reg(); 2457 2458 free_reg(index->regno); 2459 switch (size) { 2460 2461 default: 2462 bpf_error("data size must be 1, 2, or 4"); 2463 2464 case 1: 2465 size = BPF_B; 2466 break; 2467 2468 case 2: 2469 size = BPF_H; 2470 break; 2471 2472 case 4: 2473 size = BPF_W; 2474 break; 2475 } 2476 switch (proto) { 2477 default: 2478 bpf_error("unsupported index operation"); 2479 2480 case Q_LINK: 2481 s = xfer_to_x(index); 2482 tmp = new_stmt(BPF_LD|BPF_IND|size); 2483 sappend(s, tmp); 2484 sappend(index->s, s); 2485 break; 2486 2487 case Q_IP: 2488 case Q_ARP: 2489 case Q_RARP: 2490 case Q_ATALK: 2491 case Q_DECNET: 2492 case Q_SCA: 2493 case Q_LAT: 2494 case Q_MOPRC: 2495 case Q_MOPDL: 2496 #ifdef INET6 2497 case Q_IPV6: 2498 #endif 2499 /* XXX Note that we assume a fixed link header here. */ 2500 s = xfer_to_x(index); 2501 tmp = new_stmt(BPF_LD|BPF_IND|size); 2502 tmp->s.k = off_nl; 2503 sappend(s, tmp); 2504 sappend(index->s, s); 2505 2506 b = gen_proto_abbrev(proto); 2507 if (index->b) 2508 gen_and(index->b, b); 2509 index->b = b; 2510 break; 2511 2512 case Q_TCP: 2513 case Q_UDP: 2514 case Q_ICMP: 2515 case Q_IGMP: 2516 case Q_IGRP: 2517 case Q_PIM: 2518 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2519 s->s.k = off_nl; 2520 sappend(s, xfer_to_a(index)); 2521 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2522 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2523 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2524 tmp->s.k = off_nl; 2525 sappend(index->s, s); 2526 2527 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2528 if (index->b) 2529 gen_and(index->b, b); 2530 #ifdef INET6 2531 gen_and(gen_proto_abbrev(Q_IP), b); 2532 #endif 2533 index->b = b; 2534 break; 2535 #ifdef INET6 2536 case Q_ICMPV6: 2537 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2538 /*NOTREACHED*/ 2539 #endif 2540 } 2541 index->regno = regno; 2542 s = new_stmt(BPF_ST); 2543 s->s.k = regno; 2544 sappend(index->s, s); 2545 2546 return index; 2547 } 2548 2549 struct block * 2550 gen_relation(code, a0, a1, reversed) 2551 int code; 2552 struct arth *a0, *a1; 2553 int reversed; 2554 { 2555 struct slist *s0, *s1, *s2; 2556 struct block *b, *tmp; 2557 2558 s0 = xfer_to_x(a1); 2559 s1 = xfer_to_a(a0); 2560 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2561 b = new_block(JMP(code)); 2562 if (code == BPF_JGT || code == BPF_JGE) { 2563 reversed = !reversed; 2564 b->s.k = 0x80000000; 2565 } 2566 if (reversed) 2567 gen_not(b); 2568 2569 sappend(s1, s2); 2570 sappend(s0, s1); 2571 sappend(a1->s, s0); 2572 sappend(a0->s, a1->s); 2573 2574 b->stmts = a0->s; 2575 2576 free_reg(a0->regno); 2577 free_reg(a1->regno); 2578 2579 /* 'and' together protocol checks */ 2580 if (a0->b) { 2581 if (a1->b) { 2582 gen_and(a0->b, tmp = a1->b); 2583 } 2584 else 2585 tmp = a0->b; 2586 } else 2587 tmp = a1->b; 2588 2589 if (tmp) 2590 gen_and(tmp, b); 2591 2592 return b; 2593 } 2594 2595 struct arth * 2596 gen_loadlen() 2597 { 2598 int regno = alloc_reg(); 2599 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2600 struct slist *s; 2601 2602 s = new_stmt(BPF_LD|BPF_LEN); 2603 s->next = new_stmt(BPF_ST); 2604 s->next->s.k = regno; 2605 a->s = s; 2606 a->regno = regno; 2607 2608 return a; 2609 } 2610 2611 struct arth * 2612 gen_loadi(val) 2613 int val; 2614 { 2615 struct arth *a; 2616 struct slist *s; 2617 int reg; 2618 2619 a = (struct arth *)newchunk(sizeof(*a)); 2620 2621 reg = alloc_reg(); 2622 2623 s = new_stmt(BPF_LD|BPF_IMM); 2624 s->s.k = val; 2625 s->next = new_stmt(BPF_ST); 2626 s->next->s.k = reg; 2627 a->s = s; 2628 a->regno = reg; 2629 2630 return a; 2631 } 2632 2633 struct arth * 2634 gen_neg(a) 2635 struct arth *a; 2636 { 2637 struct slist *s; 2638 2639 s = xfer_to_a(a); 2640 sappend(a->s, s); 2641 s = new_stmt(BPF_ALU|BPF_NEG); 2642 s->s.k = 0; 2643 sappend(a->s, s); 2644 s = new_stmt(BPF_ST); 2645 s->s.k = a->regno; 2646 sappend(a->s, s); 2647 2648 return a; 2649 } 2650 2651 struct arth * 2652 gen_arth(code, a0, a1) 2653 int code; 2654 struct arth *a0, *a1; 2655 { 2656 struct slist *s0, *s1, *s2; 2657 2658 s0 = xfer_to_x(a1); 2659 s1 = xfer_to_a(a0); 2660 s2 = new_stmt(BPF_ALU|BPF_X|code); 2661 2662 sappend(s1, s2); 2663 sappend(s0, s1); 2664 sappend(a1->s, s0); 2665 sappend(a0->s, a1->s); 2666 2667 free_reg(a1->regno); 2668 2669 s0 = new_stmt(BPF_ST); 2670 a0->regno = s0->s.k = alloc_reg(); 2671 sappend(a0->s, s0); 2672 2673 return a0; 2674 } 2675 2676 /* 2677 * Here we handle simple allocation of the scratch registers. 2678 * If too many registers are alloc'd, the allocator punts. 2679 */ 2680 static int regused[BPF_MEMWORDS]; 2681 static int curreg; 2682 2683 /* 2684 * Return the next free register. 2685 */ 2686 static int 2687 alloc_reg() 2688 { 2689 int n = BPF_MEMWORDS; 2690 2691 while (--n >= 0) { 2692 if (regused[curreg]) 2693 curreg = (curreg + 1) % BPF_MEMWORDS; 2694 else { 2695 regused[curreg] = 1; 2696 return curreg; 2697 } 2698 } 2699 bpf_error("too many registers needed to evaluate expression"); 2700 /* NOTREACHED */ 2701 } 2702 2703 /* 2704 * Return a register to the table so it can 2705 * be used later. 2706 */ 2707 static void 2708 free_reg(n) 2709 int n; 2710 { 2711 regused[n] = 0; 2712 } 2713 2714 static struct block * 2715 gen_len(jmp, n) 2716 int jmp, n; 2717 { 2718 struct slist *s; 2719 struct block *b; 2720 2721 s = new_stmt(BPF_LD|BPF_LEN); 2722 b = new_block(JMP(jmp)); 2723 b->stmts = s; 2724 b->s.k = n; 2725 2726 return b; 2727 } 2728 2729 struct block * 2730 gen_greater(n) 2731 int n; 2732 { 2733 return gen_len(BPF_JGE, n); 2734 } 2735 2736 struct block * 2737 gen_less(n) 2738 int n; 2739 { 2740 struct block *b; 2741 2742 b = gen_len(BPF_JGT, n); 2743 gen_not(b); 2744 2745 return b; 2746 } 2747 2748 struct block * 2749 gen_byteop(op, idx, val) 2750 int op, idx, val; 2751 { 2752 struct block *b; 2753 struct slist *s; 2754 2755 switch (op) { 2756 default: 2757 abort(); 2758 2759 case '=': 2760 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2761 2762 case '<': 2763 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2764 b->s.code = JMP(BPF_JGE); 2765 gen_not(b); 2766 return b; 2767 2768 case '>': 2769 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2770 b->s.code = JMP(BPF_JGT); 2771 return b; 2772 2773 case '|': 2774 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 2775 break; 2776 2777 case '&': 2778 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 2779 break; 2780 } 2781 s->s.k = val; 2782 b = new_block(JMP(BPF_JEQ)); 2783 b->stmts = s; 2784 gen_not(b); 2785 2786 return b; 2787 } 2788 2789 static u_char abroadcast[] = { 0x0 }; 2790 2791 struct block * 2792 gen_broadcast(proto) 2793 int proto; 2794 { 2795 bpf_u_int32 hostmask; 2796 struct block *b0, *b1, *b2; 2797 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 2798 2799 switch (proto) { 2800 2801 case Q_DEFAULT: 2802 case Q_LINK: 2803 if (linktype == DLT_ARCNET) 2804 return gen_ahostop(abroadcast, Q_DST); 2805 if (linktype == DLT_EN10MB) 2806 return gen_ehostop(ebroadcast, Q_DST); 2807 if (linktype == DLT_FDDI) 2808 return gen_fhostop(ebroadcast, Q_DST); 2809 bpf_error("not a broadcast link"); 2810 break; 2811 2812 case Q_IP: 2813 b0 = gen_linktype(ETHERTYPE_IP); 2814 hostmask = ~netmask; 2815 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 2816 b2 = gen_mcmp(off_nl + 16, BPF_W, 2817 (bpf_int32)(~0 & hostmask), hostmask); 2818 gen_or(b1, b2); 2819 gen_and(b0, b2); 2820 return b2; 2821 } 2822 bpf_error("only ether/ip broadcast filters supported"); 2823 } 2824 2825 struct block * 2826 gen_multicast(proto) 2827 int proto; 2828 { 2829 register struct block *b0, *b1; 2830 register struct slist *s; 2831 2832 switch (proto) { 2833 2834 case Q_DEFAULT: 2835 case Q_LINK: 2836 if (linktype == DLT_ARCNET) 2837 /* all ARCnet multicasts use the same address */ 2838 return gen_ahostop(abroadcast, Q_DST); 2839 2840 if (linktype == DLT_EN10MB) { 2841 /* ether[0] & 1 != 0 */ 2842 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2843 s->s.k = 0; 2844 b0 = new_block(JMP(BPF_JSET)); 2845 b0->s.k = 1; 2846 b0->stmts = s; 2847 return b0; 2848 } 2849 2850 if (linktype == DLT_FDDI) { 2851 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 2852 /* fddi[1] & 1 != 0 */ 2853 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2854 s->s.k = 1; 2855 b0 = new_block(JMP(BPF_JSET)); 2856 b0->s.k = 1; 2857 b0->stmts = s; 2858 return b0; 2859 } 2860 /* Link not known to support multicasts */ 2861 break; 2862 2863 case Q_IP: 2864 b0 = gen_linktype(ETHERTYPE_IP); 2865 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 2866 b1->s.code = JMP(BPF_JGE); 2867 gen_and(b0, b1); 2868 return b1; 2869 2870 #ifdef INET6 2871 case Q_IPV6: 2872 b0 = gen_linktype(ETHERTYPE_IPV6); 2873 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 2874 gen_and(b0, b1); 2875 return b1; 2876 #endif /* INET6 */ 2877 } 2878 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 2879 } 2880 2881 /* 2882 * generate command for inbound/outbound. It's here so we can 2883 * make it link-type specific. 'dir' = 0 implies "inbound", 2884 * = 1 implies "outbound". 2885 */ 2886 struct block * 2887 gen_inbound(dir) 2888 int dir; 2889 { 2890 register struct block *b0; 2891 2892 /* 2893 * Only SLIP and old-style PPP data link types support 2894 * inbound/outbound qualifiers. 2895 */ 2896 switch (linktype) { 2897 case DLT_SLIP: 2898 case DLT_PPP: 2899 b0 = gen_relation(BPF_JEQ, 2900 gen_load(Q_LINK, gen_loadi(0), 1), 2901 gen_loadi(0), 2902 dir); 2903 break; 2904 2905 case DLT_PFLOG: 2906 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_H, 2907 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 2908 break; 2909 2910 default: 2911 bpf_error("inbound/outbound not supported on linktype 0x%x\n", 2912 linktype); 2913 /* NOTREACHED */ 2914 } 2915 2916 return (b0); 2917 } 2918 2919 2920 /* PF firewall log matched interface */ 2921 struct block * 2922 gen_pf_ifname(char *ifname) 2923 { 2924 struct block *b0; 2925 2926 if (linktype != DLT_PFLOG) { 2927 bpf_error("ifname not supported on linktype 0x%x\n", linktype); 2928 /* NOTREACHED */ 2929 } 2930 if (strlen(ifname) >= sizeof(((struct pfloghdr *)0)->ifname)) { 2931 bpf_error("ifname interface names can only be %d characters\n", 2932 sizeof(((struct pfloghdr *)0)->ifname) - 1); 2933 2934 /* NOTREACHED */ 2935 } 2936 b0 = gen_bcmp(offsetof(struct pfloghdr, ifname), strlen(ifname), 2937 ifname); 2938 return (b0); 2939 } 2940 2941 2942 /* PF firewall log rule number */ 2943 struct block * 2944 gen_pf_rnr(int rnr) 2945 { 2946 struct block *b0; 2947 2948 if (linktype != DLT_PFLOG) { 2949 bpf_error("rnr not supported on linktype 0x%x\n", linktype); 2950 /* NOTREACHED */ 2951 } 2952 2953 b0 = gen_cmp(offsetof(struct pfloghdr, rnr), BPF_H, (bpf_int32)rnr); 2954 return (b0); 2955 } 2956 2957 /* PF firewall log reason code */ 2958 struct block * 2959 gen_pf_reason(int reason) 2960 { 2961 struct block *b0; 2962 2963 if (linktype != DLT_PFLOG) { 2964 bpf_error("reason not supported on linktype 0x%x\n", linktype); 2965 /* NOTREACHED */ 2966 } 2967 2968 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_H, 2969 (bpf_int32)reason); 2970 return (b0); 2971 } 2972 2973 /* PF firewall log action */ 2974 struct block * 2975 gen_pf_action(int action) 2976 { 2977 struct block *b0; 2978 2979 if (linktype != DLT_PFLOG) { 2980 bpf_error("action not supported on linktype 0x%x\n", linktype); 2981 /* NOTREACHED */ 2982 } 2983 2984 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_H, 2985 (bpf_int32)action); 2986 return (b0); 2987 } 2988 2989 struct block * 2990 gen_acode(eaddr, q) 2991 register const u_char *eaddr; 2992 struct qual q; 2993 { 2994 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2995 if (linktype == DLT_ARCNET) 2996 return gen_ahostop(eaddr, (int)q.dir); 2997 } 2998 bpf_error("ARCnet address used in non-arc expression"); 2999 /* NOTREACHED */ 3000 } 3001 3002 static struct block * 3003 gen_ahostop(eaddr, dir) 3004 register const u_char *eaddr; 3005 register int dir; 3006 { 3007 register struct block *b0, *b1; 3008 3009 switch (dir) { 3010 /* src comes first, different from Ethernet */ 3011 case Q_SRC: 3012 return gen_bcmp(0, 1, eaddr); 3013 3014 case Q_DST: 3015 return gen_bcmp(1, 1, eaddr); 3016 3017 case Q_AND: 3018 b0 = gen_ahostop(eaddr, Q_SRC); 3019 b1 = gen_ahostop(eaddr, Q_DST); 3020 gen_and(b0, b1); 3021 return b1; 3022 3023 case Q_DEFAULT: 3024 case Q_OR: 3025 b0 = gen_ahostop(eaddr, Q_SRC); 3026 b1 = gen_ahostop(eaddr, Q_DST); 3027 gen_or(b0, b1); 3028 return b1; 3029 } 3030 abort(); 3031 /* NOTREACHED */ 3032 } 3033