1 /* $OpenBSD: gencode.c,v 1.59 2021/12/05 16:40:24 deraadt Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/time.h> 27 28 #include <net/if.h> 29 30 #include <netinet/in.h> 31 #include <netinet/if_ether.h> 32 33 #include <net/if_pflog.h> 34 #include <net/pfvar.h> 35 36 #include <netmpls/mpls.h> 37 38 #include <net80211/ieee80211.h> 39 #include <net80211/ieee80211_radiotap.h> 40 41 #include <stdlib.h> 42 #include <stddef.h> 43 #include <setjmp.h> 44 #include <stdarg.h> 45 #include <string.h> 46 47 #include "pcap-int.h" 48 49 #include "ethertype.h" 50 #include "llc.h" 51 #include "gencode.h" 52 #include "ppp.h" 53 #include <pcap-namedb.h> 54 #ifdef INET6 55 #include <netdb.h> 56 #endif /*INET6*/ 57 58 #ifdef HAVE_OS_PROTO_H 59 #include "os-proto.h" 60 #endif 61 62 #define JMP(c) ((c)|BPF_JMP|BPF_K) 63 64 /* Locals */ 65 static jmp_buf top_ctx; 66 static pcap_t *bpf_pcap; 67 68 /* Hack for updating VLAN offsets. */ 69 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 70 static u_int mpls_stack = 0; 71 72 /* XXX */ 73 #ifdef PCAP_FDDIPAD 74 int pcap_fddipad = PCAP_FDDIPAD; 75 #else 76 int pcap_fddipad; 77 #endif 78 79 __dead void 80 bpf_error(const char *fmt, ...) 81 { 82 va_list ap; 83 84 va_start(ap, fmt); 85 if (bpf_pcap != NULL) 86 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 87 fmt, ap); 88 va_end(ap); 89 longjmp(top_ctx, 1); 90 /* NOTREACHED */ 91 } 92 93 static void init_linktype(int); 94 95 static int alloc_reg(void); 96 static void free_reg(int); 97 98 static struct block *root; 99 100 /* initialization code used for variable link header */ 101 static struct slist *init_code = NULL; 102 103 /* Flags and registers for variable link type handling */ 104 static int variable_nl; 105 static int nl_reg, iphl_reg; 106 107 /* 108 * Track memory allocations, for bulk freeing at the end 109 */ 110 #define NMEMBAG 16 111 #define MEMBAG0SIZE (4096 / sizeof (void *)) 112 struct membag { 113 u_int total; 114 u_int slot; 115 void **ptrs; /* allocated array[total] to each malloc */ 116 }; 117 118 static struct membag membag[NMEMBAG]; 119 static int cur_membag; 120 121 static void *newchunk(size_t); 122 static void freechunks(void); 123 static __inline struct block *new_block(int); 124 static __inline struct slist *new_stmt(int); 125 static struct block *gen_retblk(int); 126 static __inline void syntax(void); 127 128 static void backpatch(struct block *, struct block *); 129 static void merge(struct block *, struct block *); 130 static struct block *gen_cmp(u_int, u_int, bpf_int32); 131 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 132 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 134 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 135 static struct block *gen_bcmp(u_int, u_int, const u_char *); 136 static struct block *gen_uncond(int); 137 static __inline struct block *gen_true(void); 138 static __inline struct block *gen_false(void); 139 static struct block *gen_linktype(int); 140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 141 #ifdef INET6 142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 143 #endif 144 static struct block *gen_ehostop(const u_char *, int); 145 static struct block *gen_fhostop(const u_char *, int); 146 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 147 static struct block *gen_p80211_hostop(const u_char *, int); 148 static struct block *gen_p80211_addr(int, u_int, const u_char *); 149 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 150 #ifdef INET6 151 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 152 #endif 153 #ifndef INET6 154 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 155 #endif 156 static struct block *gen_ipfrag(void); 157 static struct block *gen_portatom(int, bpf_int32); 158 #ifdef INET6 159 static struct block *gen_portatom6(int, bpf_int32); 160 #endif 161 struct block *gen_portop(int, int, int); 162 static struct block *gen_port(int, int, int); 163 #ifdef INET6 164 struct block *gen_portop6(int, int, int); 165 static struct block *gen_port6(int, int, int); 166 #endif 167 static int lookup_proto(const char *, int); 168 static struct block *gen_protochain(int, int, int); 169 static struct block *gen_proto(int, int, int); 170 static struct slist *xfer_to_x(struct arth *); 171 static struct slist *xfer_to_a(struct arth *); 172 static struct block *gen_len(int, int); 173 174 static void * 175 newchunk(size_t n) 176 { 177 struct membag *m; 178 int k, size; 179 void *p; 180 181 m = &membag[cur_membag]; 182 if (m->total != 0 && m->total - m->slot == 0) { 183 if (++cur_membag == NMEMBAG) 184 bpf_error("out of memory"); 185 m = &membag[cur_membag]; 186 } 187 if (m->total - m->slot == 0) { 188 m->ptrs = calloc(sizeof (char *), MEMBAG0SIZE << cur_membag); 189 if (m->ptrs == NULL) 190 bpf_error("out of memory"); 191 m->total = MEMBAG0SIZE << cur_membag; 192 m->slot = 0; 193 } 194 195 p = calloc(1, n); 196 if (p == NULL) 197 bpf_error("out of memory"); 198 m->ptrs[m->slot++] = p; 199 return (p); 200 } 201 202 static void 203 freechunks(void) 204 { 205 int i, j; 206 207 for (i = 0; i <= cur_membag; i++) { 208 for (j = 0; j <= membag[i].slot; j++) 209 free(membag[i].ptrs[j]); 210 free(membag[i].ptrs); 211 membag[i].ptrs = NULL; 212 membag[i].slot = membag[i].total = 0; 213 } 214 } 215 216 /* 217 * A strdup whose allocations are freed after code generation is over. 218 */ 219 char * 220 sdup(s) 221 const char *s; 222 { 223 int n = strlen(s) + 1; 224 char *cp = newchunk(n); 225 226 strlcpy(cp, s, n); 227 return (cp); 228 } 229 230 static __inline struct block * 231 new_block(code) 232 int code; 233 { 234 struct block *p; 235 236 p = (struct block *)newchunk(sizeof(*p)); 237 p->s.code = code; 238 p->head = p; 239 240 return p; 241 } 242 243 static __inline struct slist * 244 new_stmt(code) 245 int code; 246 { 247 struct slist *p; 248 249 p = (struct slist *)newchunk(sizeof(*p)); 250 p->s.code = code; 251 252 return p; 253 } 254 255 static struct block * 256 gen_retblk(v) 257 int v; 258 { 259 struct block *b = new_block(BPF_RET|BPF_K); 260 261 b->s.k = v; 262 return b; 263 } 264 265 static __inline void 266 syntax() 267 { 268 bpf_error("syntax error in filter expression"); 269 } 270 271 static bpf_u_int32 netmask; 272 static int snaplen; 273 int no_optimize; 274 275 int 276 pcap_compile(pcap_t *p, struct bpf_program *program, 277 const char *buf, int optimize, bpf_u_int32 mask) 278 { 279 extern int n_errors; 280 int len; 281 282 no_optimize = 0; 283 n_errors = 0; 284 root = NULL; 285 bpf_pcap = p; 286 if (setjmp(top_ctx)) { 287 freechunks(); 288 return (-1); 289 } 290 291 netmask = mask; 292 snaplen = pcap_snapshot(p); 293 294 lex_init(buf ? buf : ""); 295 init_linktype(pcap_datalink(p)); 296 (void)pcap_parse(); 297 298 if (n_errors) 299 syntax(); 300 301 if (root == NULL) 302 root = gen_retblk(snaplen); 303 304 if (optimize && !no_optimize) { 305 bpf_optimize(&root); 306 if (root == NULL || 307 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 308 bpf_error("expression rejects all packets"); 309 } 310 program->bf_insns = icode_to_fcode(root, &len); 311 program->bf_len = len; 312 313 freechunks(); 314 return (0); 315 } 316 317 /* 318 * entry point for using the compiler with no pcap open 319 * pass in all the stuff that is needed explicitly instead. 320 */ 321 int 322 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 323 struct bpf_program *program, 324 const char *buf, int optimize, bpf_u_int32 mask) 325 { 326 extern int n_errors; 327 int len; 328 329 n_errors = 0; 330 root = NULL; 331 bpf_pcap = NULL; 332 if (setjmp(top_ctx)) { 333 freechunks(); 334 return (-1); 335 } 336 337 netmask = mask; 338 339 /* XXX needed? I don't grok the use of globals here. */ 340 snaplen = snaplen_arg; 341 342 lex_init(buf ? buf : ""); 343 init_linktype(linktype_arg); 344 (void)pcap_parse(); 345 346 if (n_errors) 347 syntax(); 348 349 if (root == NULL) 350 root = gen_retblk(snaplen_arg); 351 352 if (optimize) { 353 bpf_optimize(&root); 354 if (root == NULL || 355 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 356 bpf_error("expression rejects all packets"); 357 } 358 program->bf_insns = icode_to_fcode(root, &len); 359 program->bf_len = len; 360 361 freechunks(); 362 return (0); 363 } 364 365 /* 366 * Clean up a "struct bpf_program" by freeing all the memory allocated 367 * in it. 368 */ 369 void 370 pcap_freecode(struct bpf_program *program) 371 { 372 program->bf_len = 0; 373 if (program->bf_insns != NULL) { 374 free((char *)program->bf_insns); 375 program->bf_insns = NULL; 376 } 377 } 378 379 /* 380 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 381 * which of the jt and jf fields has been resolved and which is a pointer 382 * back to another unresolved block (or nil). At least one of the fields 383 * in each block is already resolved. 384 */ 385 static void 386 backpatch(list, target) 387 struct block *list, *target; 388 { 389 struct block *next; 390 391 while (list) { 392 if (!list->sense) { 393 next = JT(list); 394 JT(list) = target; 395 } else { 396 next = JF(list); 397 JF(list) = target; 398 } 399 list = next; 400 } 401 } 402 403 /* 404 * Merge the lists in b0 and b1, using the 'sense' field to indicate 405 * which of jt and jf is the link. 406 */ 407 static void 408 merge(b0, b1) 409 struct block *b0, *b1; 410 { 411 struct block **p = &b0; 412 413 /* Find end of list. */ 414 while (*p) 415 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 416 417 /* Concatenate the lists. */ 418 *p = b1; 419 } 420 421 void 422 finish_parse(p) 423 struct block *p; 424 { 425 backpatch(p, gen_retblk(snaplen)); 426 p->sense = !p->sense; 427 backpatch(p, gen_retblk(0)); 428 root = p->head; 429 430 /* prepend initialization code to root */ 431 if (init_code != NULL && root != NULL) { 432 sappend(init_code, root->stmts); 433 root->stmts = init_code; 434 init_code = NULL; 435 } 436 437 if (iphl_reg != -1) { 438 free_reg(iphl_reg); 439 iphl_reg = -1; 440 } 441 if (nl_reg != -1) { 442 free_reg(nl_reg); 443 nl_reg = -1; 444 } 445 } 446 447 void 448 gen_and(b0, b1) 449 struct block *b0, *b1; 450 { 451 backpatch(b0, b1->head); 452 b0->sense = !b0->sense; 453 b1->sense = !b1->sense; 454 merge(b1, b0); 455 b1->sense = !b1->sense; 456 b1->head = b0->head; 457 } 458 459 void 460 gen_or(b0, b1) 461 struct block *b0, *b1; 462 { 463 b0->sense = !b0->sense; 464 backpatch(b0, b1->head); 465 b0->sense = !b0->sense; 466 merge(b1, b0); 467 b1->head = b0->head; 468 } 469 470 void 471 gen_not(b) 472 struct block *b; 473 { 474 b->sense = !b->sense; 475 } 476 477 static struct block * 478 gen_cmp(offset, size, v) 479 u_int offset, size; 480 bpf_int32 v; 481 { 482 struct slist *s; 483 struct block *b; 484 485 s = new_stmt(BPF_LD|BPF_ABS|size); 486 s->s.k = offset; 487 488 b = new_block(JMP(BPF_JEQ)); 489 b->stmts = s; 490 b->s.k = v; 491 492 return b; 493 } 494 495 static struct block * 496 gen_cmp_gt(offset, size, v) 497 u_int offset, size; 498 bpf_int32 v; 499 { 500 struct slist *s; 501 struct block *b; 502 503 s = new_stmt(BPF_LD|BPF_ABS|size); 504 s->s.k = offset; 505 506 b = new_block(JMP(BPF_JGT)); 507 b->stmts = s; 508 b->s.k = v; 509 510 return b; 511 } 512 513 static struct block * 514 gen_mcmp(offset, size, v, mask) 515 u_int offset, size; 516 bpf_int32 v; 517 bpf_u_int32 mask; 518 { 519 struct block *b = gen_cmp(offset, size, v); 520 struct slist *s; 521 522 if (mask != 0xffffffff) { 523 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 524 s->s.k = mask; 525 sappend(b->stmts, s); 526 } 527 return b; 528 } 529 530 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 531 static struct block * 532 gen_mcmp_nl(offset, size, v, mask) 533 u_int offset, size; 534 bpf_int32 v; 535 bpf_u_int32 mask; 536 { 537 struct block *b = gen_cmp_nl(offset, size, v); 538 struct slist *s; 539 540 if (mask != 0xffffffff) { 541 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 542 s->s.k = mask; 543 sappend(b->stmts, s); 544 } 545 return b; 546 } 547 548 static struct block * 549 gen_bcmp(offset, size, v) 550 u_int offset, size; 551 const u_char *v; 552 { 553 struct block *b, *tmp; 554 555 b = NULL; 556 while (size >= 4) { 557 const u_char *p = &v[size - 4]; 558 bpf_int32 w = ((bpf_int32)p[0] << 24) | 559 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 560 561 tmp = gen_cmp(offset + size - 4, BPF_W, w); 562 if (b != NULL) 563 gen_and(b, tmp); 564 b = tmp; 565 size -= 4; 566 } 567 while (size >= 2) { 568 const u_char *p = &v[size - 2]; 569 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 570 571 tmp = gen_cmp(offset + size - 2, BPF_H, w); 572 if (b != NULL) 573 gen_and(b, tmp); 574 b = tmp; 575 size -= 2; 576 } 577 if (size > 0) { 578 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 579 if (b != NULL) 580 gen_and(b, tmp); 581 b = tmp; 582 } 583 return b; 584 } 585 586 /* 587 * Various code constructs need to know the layout of the data link 588 * layer. These variables give the necessary offsets. off_linktype 589 * is set to -1 for no encapsulation, in which case, IP is assumed. 590 */ 591 static u_int off_linktype; 592 static u_int off_nl; 593 static u_int off_nl_nosnap; 594 595 static int linktype; 596 597 /* Generate code to load the dynamic 'off_nl' to the X register */ 598 static struct slist * 599 nl2X_stmt(void) 600 { 601 struct slist *s, *tmp; 602 603 if (nl_reg == -1) { 604 switch (linktype) { 605 case DLT_PFLOG: 606 /* The pflog header contains PFLOG_REAL_HDRLEN 607 which does NOT include the padding. Round 608 up to the nearest dword boundary */ 609 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 610 s->s.k = 0; 611 612 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 613 tmp->s.k = 3; 614 sappend(s, tmp); 615 616 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 617 tmp->s.k = 0xfc; 618 sappend(s, tmp); 619 620 nl_reg = alloc_reg(); 621 tmp = new_stmt(BPF_ST); 622 tmp->s.k = nl_reg; 623 sappend(s, tmp); 624 625 break; 626 default: 627 bpf_error("Unknown header size for link type 0x%x", 628 linktype); 629 } 630 631 if (init_code == NULL) 632 init_code = s; 633 else 634 sappend(init_code, s); 635 } 636 637 s = new_stmt(BPF_LDX|BPF_MEM); 638 s->s.k = nl_reg; 639 640 return s; 641 } 642 643 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 644 static struct block * 645 gen_cmp_nl(offset, size, v) 646 u_int offset, size; 647 bpf_int32 v; 648 { 649 struct slist *s, *tmp; 650 struct block *b; 651 652 if (variable_nl) { 653 s = nl2X_stmt(); 654 tmp = new_stmt(BPF_LD|BPF_IND|size); 655 tmp->s.k = offset; 656 sappend(s, tmp); 657 } else { 658 s = new_stmt(BPF_LD|BPF_ABS|size); 659 s->s.k = offset + off_nl; 660 } 661 b = new_block(JMP(BPF_JEQ)); 662 b->stmts = s; 663 b->s.k = v; 664 665 return b; 666 } 667 668 static void 669 init_linktype(type) 670 int type; 671 { 672 linktype = type; 673 init_code = NULL; 674 nl_reg = iphl_reg = -1; 675 676 switch (type) { 677 678 case DLT_EN10MB: 679 off_linktype = 12; 680 off_nl = 14; 681 return; 682 683 case DLT_SLIP: 684 /* 685 * SLIP doesn't have a link level type. The 16 byte 686 * header is hacked into our SLIP driver. 687 */ 688 off_linktype = -1; 689 off_nl = 16; 690 return; 691 692 case DLT_SLIP_BSDOS: 693 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 694 off_linktype = -1; 695 /* XXX end */ 696 off_nl = 24; 697 return; 698 699 case DLT_NULL: 700 off_linktype = 0; 701 off_nl = 4; 702 return; 703 704 case DLT_PPP: 705 off_linktype = 2; 706 off_nl = 4; 707 return; 708 709 case DLT_PPP_SERIAL: 710 off_linktype = -1; 711 off_nl = 2; 712 return; 713 714 case DLT_PPP_ETHER: 715 /* 716 * This does not include the Ethernet header, and 717 * only covers session state. 718 */ 719 off_linktype = 6; 720 off_nl = 8; 721 return; 722 723 case DLT_PPP_BSDOS: 724 off_linktype = 5; 725 off_nl = 24; 726 return; 727 728 case DLT_FDDI: 729 /* 730 * FDDI doesn't really have a link-level type field. 731 * We assume that SSAP = SNAP is being used and pick 732 * out the encapsulated Ethernet type. 733 */ 734 off_linktype = 19; 735 #ifdef PCAP_FDDIPAD 736 off_linktype += pcap_fddipad; 737 #endif 738 off_nl = 21; 739 #ifdef PCAP_FDDIPAD 740 off_nl += pcap_fddipad; 741 #endif 742 return; 743 744 case DLT_IEEE802: 745 off_linktype = 20; 746 off_nl = 22; 747 return; 748 749 case DLT_IEEE802_11: 750 off_linktype = 30; /* XXX variable */ 751 off_nl = 32; 752 return; 753 754 case DLT_IEEE802_11_RADIO: /* XXX variable */ 755 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 756 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 757 return; 758 759 case DLT_ATM_RFC1483: 760 /* 761 * assume routed, non-ISO PDUs 762 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 763 */ 764 off_linktype = 6; 765 off_nl = 8; 766 return; 767 768 case DLT_LOOP: 769 off_linktype = 0; 770 off_nl = 4; 771 return; 772 773 case DLT_ENC: 774 off_linktype = -1; 775 off_nl = 12; 776 return; 777 778 case DLT_PFLOG: 779 off_linktype = 0; 780 variable_nl = 1; 781 off_nl = 0; 782 return; 783 784 case DLT_PFSYNC: 785 off_linktype = -1; 786 off_nl = 4; 787 return; 788 789 case DLT_OPENFLOW: 790 off_linktype = -1; 791 off_nl = 12; 792 return; 793 794 case DLT_USBPCAP: 795 /* FALLTHROUGH */ 796 case DLT_RAW: 797 off_linktype = -1; 798 off_nl = 0; 799 return; 800 } 801 bpf_error("unknown data link type 0x%x", linktype); 802 /* NOTREACHED */ 803 } 804 805 static struct block * 806 gen_uncond(rsense) 807 int rsense; 808 { 809 struct block *b; 810 struct slist *s; 811 812 s = new_stmt(BPF_LD|BPF_IMM); 813 s->s.k = !rsense; 814 b = new_block(JMP(BPF_JEQ)); 815 b->stmts = s; 816 817 return b; 818 } 819 820 static __inline struct block * 821 gen_true() 822 { 823 return gen_uncond(1); 824 } 825 826 static __inline struct block * 827 gen_false() 828 { 829 return gen_uncond(0); 830 } 831 832 static struct block * 833 gen_linktype(proto) 834 int proto; 835 { 836 struct block *b0, *b1; 837 838 /* If we're not using encapsulation and checking for IP, we're done */ 839 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP) 840 return gen_true(); 841 #ifdef INET6 842 /* this isn't the right thing to do, but sometimes necessary */ 843 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6) 844 return gen_true(); 845 #endif 846 847 switch (linktype) { 848 849 case DLT_EN10MB: 850 if (proto <= ETHERMTU) { 851 /* This is an LLC SAP value */ 852 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 853 gen_not(b0); 854 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 855 gen_and(b0, b1); 856 return b1; 857 } else { 858 /* This is an Ethernet type */ 859 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 860 } 861 break; 862 863 case DLT_SLIP: 864 return gen_false(); 865 866 case DLT_PPP: 867 case DLT_PPP_ETHER: 868 if (proto == ETHERTYPE_IP) 869 proto = PPP_IP; /* XXX was 0x21 */ 870 #ifdef INET6 871 else if (proto == ETHERTYPE_IPV6) 872 proto = PPP_IPV6; 873 #endif 874 break; 875 876 case DLT_PPP_BSDOS: 877 switch (proto) { 878 879 case ETHERTYPE_IP: 880 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 881 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 882 gen_or(b0, b1); 883 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 884 gen_or(b1, b0); 885 return b0; 886 887 #ifdef INET6 888 case ETHERTYPE_IPV6: 889 proto = PPP_IPV6; 890 /* more to go? */ 891 break; 892 #endif /* INET6 */ 893 894 case ETHERTYPE_DN: 895 proto = PPP_DECNET; 896 break; 897 898 case ETHERTYPE_ATALK: 899 proto = PPP_APPLE; 900 break; 901 902 case ETHERTYPE_NS: 903 proto = PPP_NS; 904 break; 905 } 906 break; 907 908 case DLT_LOOP: 909 case DLT_ENC: 910 case DLT_NULL: 911 { 912 int v; 913 914 if (proto == ETHERTYPE_IP) 915 v = AF_INET; 916 #ifdef INET6 917 else if (proto == ETHERTYPE_IPV6) 918 v = AF_INET6; 919 #endif /* INET6 */ 920 else 921 return gen_false(); 922 923 /* 924 * For DLT_NULL, the link-layer header is a 32-bit word 925 * containing an AF_ value in *host* byte order, and for 926 * DLT_ENC, the link-layer header begins with a 32-bit 927 * word containing an AF_ value in host byte order. 928 * 929 * For DLT_LOOP, the link-layer header is a 32-bit 930 * word containing an AF_ value in *network* byte order. 931 */ 932 if (linktype != DLT_LOOP) 933 v = htonl(v); 934 935 return (gen_cmp(0, BPF_W, (bpf_int32)v)); 936 break; 937 } 938 case DLT_PFLOG: 939 if (proto == ETHERTYPE_IP) 940 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 941 (bpf_int32)AF_INET)); 942 #ifdef INET6 943 else if (proto == ETHERTYPE_IPV6) 944 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 945 (bpf_int32)AF_INET6)); 946 #endif /* INET6 */ 947 else 948 return gen_false(); 949 break; 950 951 } 952 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 953 } 954 955 static struct block * 956 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 957 bpf_u_int32 addr; 958 bpf_u_int32 mask; 959 int dir, proto; 960 u_int src_off, dst_off; 961 { 962 struct block *b0, *b1; 963 u_int offset; 964 965 switch (dir) { 966 967 case Q_SRC: 968 offset = src_off; 969 break; 970 971 case Q_DST: 972 offset = dst_off; 973 break; 974 975 case Q_AND: 976 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 977 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 978 gen_and(b0, b1); 979 return b1; 980 981 case Q_OR: 982 case Q_DEFAULT: 983 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 984 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 985 gen_or(b0, b1); 986 return b1; 987 988 default: 989 bpf_error("direction not supported on linktype 0x%x", 990 linktype); 991 } 992 b0 = gen_linktype(proto); 993 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 994 gen_and(b0, b1); 995 return b1; 996 } 997 998 #ifdef INET6 999 static struct block * 1000 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 1001 struct in6_addr *addr; 1002 struct in6_addr *mask; 1003 int dir, proto; 1004 u_int src_off, dst_off; 1005 { 1006 struct block *b0, *b1; 1007 u_int offset; 1008 u_int32_t *a, *m; 1009 1010 switch (dir) { 1011 1012 case Q_SRC: 1013 offset = src_off; 1014 break; 1015 1016 case Q_DST: 1017 offset = dst_off; 1018 break; 1019 1020 case Q_AND: 1021 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1022 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1023 gen_and(b0, b1); 1024 return b1; 1025 1026 case Q_OR: 1027 case Q_DEFAULT: 1028 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1029 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1030 gen_or(b0, b1); 1031 return b1; 1032 1033 default: 1034 bpf_error("direction not supported on linktype 0x%x", 1035 linktype); 1036 } 1037 /* this order is important */ 1038 a = (u_int32_t *)addr; 1039 m = (u_int32_t *)mask; 1040 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1041 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1042 gen_and(b0, b1); 1043 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1044 gen_and(b0, b1); 1045 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1046 gen_and(b0, b1); 1047 b0 = gen_linktype(proto); 1048 gen_and(b0, b1); 1049 return b1; 1050 } 1051 #endif /*INET6*/ 1052 1053 static struct block * 1054 gen_ehostop(eaddr, dir) 1055 const u_char *eaddr; 1056 int dir; 1057 { 1058 struct block *b0, *b1; 1059 1060 switch (dir) { 1061 case Q_SRC: 1062 return gen_bcmp(6, 6, eaddr); 1063 1064 case Q_DST: 1065 return gen_bcmp(0, 6, eaddr); 1066 1067 case Q_AND: 1068 b0 = gen_ehostop(eaddr, Q_SRC); 1069 b1 = gen_ehostop(eaddr, Q_DST); 1070 gen_and(b0, b1); 1071 return b1; 1072 1073 case Q_DEFAULT: 1074 case Q_OR: 1075 b0 = gen_ehostop(eaddr, Q_SRC); 1076 b1 = gen_ehostop(eaddr, Q_DST); 1077 gen_or(b0, b1); 1078 return b1; 1079 default: 1080 bpf_error("direction not supported on linktype 0x%x", 1081 linktype); 1082 } 1083 /* NOTREACHED */ 1084 } 1085 1086 /* 1087 * Like gen_ehostop, but for DLT_FDDI 1088 */ 1089 static struct block * 1090 gen_fhostop(eaddr, dir) 1091 const u_char *eaddr; 1092 int dir; 1093 { 1094 struct block *b0, *b1; 1095 1096 switch (dir) { 1097 case Q_SRC: 1098 #ifdef PCAP_FDDIPAD 1099 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1100 #else 1101 return gen_bcmp(6 + 1, 6, eaddr); 1102 #endif 1103 1104 case Q_DST: 1105 #ifdef PCAP_FDDIPAD 1106 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1107 #else 1108 return gen_bcmp(0 + 1, 6, eaddr); 1109 #endif 1110 1111 case Q_AND: 1112 b0 = gen_fhostop(eaddr, Q_SRC); 1113 b1 = gen_fhostop(eaddr, Q_DST); 1114 gen_and(b0, b1); 1115 return b1; 1116 1117 case Q_DEFAULT: 1118 case Q_OR: 1119 b0 = gen_fhostop(eaddr, Q_SRC); 1120 b1 = gen_fhostop(eaddr, Q_DST); 1121 gen_or(b0, b1); 1122 return b1; 1123 default: 1124 bpf_error("direction not supported on linktype 0x%x", 1125 linktype); 1126 } 1127 /* NOTREACHED */ 1128 } 1129 1130 /* 1131 * This is quite tricky because there may be pad bytes in front of the 1132 * DECNET header, and then there are two possible data packet formats that 1133 * carry both src and dst addresses, plus 5 packet types in a format that 1134 * carries only the src node, plus 2 types that use a different format and 1135 * also carry just the src node. 1136 * 1137 * Yuck. 1138 * 1139 * Instead of doing those all right, we just look for data packets with 1140 * 0 or 1 bytes of padding. If you want to look at other packets, that 1141 * will require a lot more hacking. 1142 * 1143 * To add support for filtering on DECNET "areas" (network numbers) 1144 * one would want to add a "mask" argument to this routine. That would 1145 * make the filter even more inefficient, although one could be clever 1146 * and not generate masking instructions if the mask is 0xFFFF. 1147 */ 1148 static struct block * 1149 gen_dnhostop(addr, dir, base_off) 1150 bpf_u_int32 addr; 1151 int dir; 1152 u_int base_off; 1153 { 1154 struct block *b0, *b1, *b2, *tmp; 1155 u_int offset_lh; /* offset if long header is received */ 1156 u_int offset_sh; /* offset if short header is received */ 1157 1158 switch (dir) { 1159 1160 case Q_DST: 1161 offset_sh = 1; /* follows flags */ 1162 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1163 break; 1164 1165 case Q_SRC: 1166 offset_sh = 3; /* follows flags, dstnode */ 1167 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1168 break; 1169 1170 case Q_AND: 1171 /* Inefficient because we do our Calvinball dance twice */ 1172 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1173 b1 = gen_dnhostop(addr, Q_DST, base_off); 1174 gen_and(b0, b1); 1175 return b1; 1176 1177 case Q_OR: 1178 case Q_DEFAULT: 1179 /* Inefficient because we do our Calvinball dance twice */ 1180 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1181 b1 = gen_dnhostop(addr, Q_DST, base_off); 1182 gen_or(b0, b1); 1183 return b1; 1184 1185 default: 1186 bpf_error("direction not supported on linktype 0x%x", 1187 linktype); 1188 } 1189 b0 = gen_linktype(ETHERTYPE_DN); 1190 /* Check for pad = 1, long header case */ 1191 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1192 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1193 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1194 BPF_H, (bpf_int32)ntohs(addr)); 1195 gen_and(tmp, b1); 1196 /* Check for pad = 0, long header case */ 1197 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1198 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1199 gen_and(tmp, b2); 1200 gen_or(b2, b1); 1201 /* Check for pad = 1, short header case */ 1202 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1203 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1204 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1205 BPF_H, (bpf_int32)ntohs(addr)); 1206 gen_and(tmp, b2); 1207 gen_or(b2, b1); 1208 /* Check for pad = 0, short header case */ 1209 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1210 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1211 gen_and(tmp, b2); 1212 gen_or(b2, b1); 1213 1214 /* Combine with test for linktype */ 1215 gen_and(b0, b1); 1216 return b1; 1217 } 1218 1219 static struct block * 1220 gen_host(addr, mask, proto, dir) 1221 bpf_u_int32 addr; 1222 bpf_u_int32 mask; 1223 int proto; 1224 int dir; 1225 { 1226 struct block *b0, *b1; 1227 1228 switch (proto) { 1229 1230 case Q_DEFAULT: 1231 b0 = gen_host(addr, mask, Q_IP, dir); 1232 b1 = gen_host(addr, mask, Q_ARP, dir); 1233 gen_or(b0, b1); 1234 b0 = gen_host(addr, mask, Q_RARP, dir); 1235 gen_or(b1, b0); 1236 return b0; 1237 1238 case Q_IP: 1239 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1240 12, 16); 1241 1242 case Q_RARP: 1243 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1244 14, 24); 1245 1246 case Q_ARP: 1247 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1248 14, 24); 1249 1250 case Q_TCP: 1251 bpf_error("'tcp' modifier applied to host"); 1252 1253 case Q_UDP: 1254 bpf_error("'udp' modifier applied to host"); 1255 1256 case Q_ICMP: 1257 bpf_error("'icmp' modifier applied to host"); 1258 1259 case Q_IGMP: 1260 bpf_error("'igmp' modifier applied to host"); 1261 1262 case Q_IGRP: 1263 bpf_error("'igrp' modifier applied to host"); 1264 1265 case Q_PIM: 1266 bpf_error("'pim' modifier applied to host"); 1267 1268 case Q_STP: 1269 bpf_error("'stp' modifier applied to host"); 1270 1271 case Q_ATALK: 1272 bpf_error("ATALK host filtering not implemented"); 1273 1274 case Q_DECNET: 1275 return gen_dnhostop(addr, dir, 0); 1276 1277 case Q_SCA: 1278 bpf_error("SCA host filtering not implemented"); 1279 1280 case Q_LAT: 1281 bpf_error("LAT host filtering not implemented"); 1282 1283 case Q_MOPDL: 1284 bpf_error("MOPDL host filtering not implemented"); 1285 1286 case Q_MOPRC: 1287 bpf_error("MOPRC host filtering not implemented"); 1288 1289 #ifdef INET6 1290 case Q_IPV6: 1291 bpf_error("'ip6' modifier applied to ip host"); 1292 1293 case Q_ICMPV6: 1294 bpf_error("'icmp6' modifier applied to host"); 1295 #endif /* INET6 */ 1296 1297 case Q_AH: 1298 bpf_error("'ah' modifier applied to host"); 1299 1300 case Q_ESP: 1301 bpf_error("'esp' modifier applied to host"); 1302 1303 default: 1304 bpf_error("direction not supported on linktype 0x%x", 1305 linktype); 1306 } 1307 /* NOTREACHED */ 1308 } 1309 1310 #ifdef INET6 1311 static struct block * 1312 gen_host6(addr, mask, proto, dir) 1313 struct in6_addr *addr; 1314 struct in6_addr *mask; 1315 int proto; 1316 int dir; 1317 { 1318 switch (proto) { 1319 1320 case Q_DEFAULT: 1321 return gen_host6(addr, mask, Q_IPV6, dir); 1322 1323 case Q_IP: 1324 bpf_error("'ip' modifier applied to ip6 host"); 1325 1326 case Q_RARP: 1327 bpf_error("'rarp' modifier applied to ip6 host"); 1328 1329 case Q_ARP: 1330 bpf_error("'arp' modifier applied to ip6 host"); 1331 1332 case Q_TCP: 1333 bpf_error("'tcp' modifier applied to host"); 1334 1335 case Q_UDP: 1336 bpf_error("'udp' modifier applied to host"); 1337 1338 case Q_ICMP: 1339 bpf_error("'icmp' modifier applied to host"); 1340 1341 case Q_IGMP: 1342 bpf_error("'igmp' modifier applied to host"); 1343 1344 case Q_IGRP: 1345 bpf_error("'igrp' modifier applied to host"); 1346 1347 case Q_PIM: 1348 bpf_error("'pim' modifier applied to host"); 1349 1350 case Q_STP: 1351 bpf_error("'stp' modifier applied to host"); 1352 1353 case Q_ATALK: 1354 bpf_error("ATALK host filtering not implemented"); 1355 1356 case Q_DECNET: 1357 bpf_error("'decnet' modifier applied to ip6 host"); 1358 1359 case Q_SCA: 1360 bpf_error("SCA host filtering not implemented"); 1361 1362 case Q_LAT: 1363 bpf_error("LAT host filtering not implemented"); 1364 1365 case Q_MOPDL: 1366 bpf_error("MOPDL host filtering not implemented"); 1367 1368 case Q_MOPRC: 1369 bpf_error("MOPRC host filtering not implemented"); 1370 1371 case Q_IPV6: 1372 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1373 8, 24); 1374 1375 case Q_ICMPV6: 1376 bpf_error("'icmp6' modifier applied to host"); 1377 1378 case Q_AH: 1379 bpf_error("'ah' modifier applied to host"); 1380 1381 case Q_ESP: 1382 bpf_error("'esp' modifier applied to host"); 1383 1384 default: 1385 abort(); 1386 } 1387 /* NOTREACHED */ 1388 } 1389 #endif /*INET6*/ 1390 1391 #ifndef INET6 1392 static struct block * 1393 gen_gateway(eaddr, alist, proto, dir) 1394 const u_char *eaddr; 1395 bpf_u_int32 **alist; 1396 int proto; 1397 int dir; 1398 { 1399 struct block *b0, *b1, *tmp; 1400 1401 if (dir != 0) 1402 bpf_error("direction applied to 'gateway'"); 1403 1404 switch (proto) { 1405 case Q_DEFAULT: 1406 case Q_IP: 1407 case Q_ARP: 1408 case Q_RARP: 1409 if (linktype == DLT_EN10MB) 1410 b0 = gen_ehostop(eaddr, Q_OR); 1411 else if (linktype == DLT_FDDI) 1412 b0 = gen_fhostop(eaddr, Q_OR); 1413 else 1414 bpf_error( 1415 "'gateway' supported only on ethernet or FDDI"); 1416 1417 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1418 while (*alist) { 1419 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1420 gen_or(b1, tmp); 1421 b1 = tmp; 1422 } 1423 gen_not(b1); 1424 gen_and(b0, b1); 1425 return b1; 1426 } 1427 bpf_error("illegal modifier of 'gateway'"); 1428 /* NOTREACHED */ 1429 } 1430 #endif /*INET6*/ 1431 1432 struct block * 1433 gen_proto_abbrev(proto) 1434 int proto; 1435 { 1436 struct block *b0 = NULL, *b1; 1437 1438 switch (proto) { 1439 1440 case Q_TCP: 1441 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1442 #ifdef INET6 1443 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1444 gen_or(b0, b1); 1445 #endif 1446 break; 1447 1448 case Q_UDP: 1449 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1450 #ifdef INET6 1451 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1452 gen_or(b0, b1); 1453 #endif 1454 break; 1455 1456 case Q_ICMP: 1457 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1458 break; 1459 1460 #ifndef IPPROTO_IGMP 1461 #define IPPROTO_IGMP 2 1462 #endif 1463 1464 case Q_IGMP: 1465 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1466 break; 1467 1468 #ifndef IPPROTO_IGRP 1469 #define IPPROTO_IGRP 9 1470 #endif 1471 case Q_IGRP: 1472 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1473 break; 1474 1475 #ifndef IPPROTO_PIM 1476 #define IPPROTO_PIM 103 1477 #endif 1478 1479 case Q_PIM: 1480 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1481 #ifdef INET6 1482 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1483 gen_or(b0, b1); 1484 #endif 1485 break; 1486 1487 case Q_IP: 1488 b1 = gen_linktype(ETHERTYPE_IP); 1489 break; 1490 1491 case Q_ARP: 1492 b1 = gen_linktype(ETHERTYPE_ARP); 1493 break; 1494 1495 case Q_RARP: 1496 b1 = gen_linktype(ETHERTYPE_REVARP); 1497 break; 1498 1499 case Q_LINK: 1500 bpf_error("link layer applied in wrong context"); 1501 1502 case Q_ATALK: 1503 b1 = gen_linktype(ETHERTYPE_ATALK); 1504 break; 1505 1506 case Q_DECNET: 1507 b1 = gen_linktype(ETHERTYPE_DN); 1508 break; 1509 1510 case Q_SCA: 1511 b1 = gen_linktype(ETHERTYPE_SCA); 1512 break; 1513 1514 case Q_LAT: 1515 b1 = gen_linktype(ETHERTYPE_LAT); 1516 break; 1517 1518 case Q_MOPDL: 1519 b1 = gen_linktype(ETHERTYPE_MOPDL); 1520 break; 1521 1522 case Q_MOPRC: 1523 b1 = gen_linktype(ETHERTYPE_MOPRC); 1524 break; 1525 1526 case Q_STP: 1527 b1 = gen_linktype(LLCSAP_8021D); 1528 break; 1529 1530 #ifdef INET6 1531 case Q_IPV6: 1532 b1 = gen_linktype(ETHERTYPE_IPV6); 1533 break; 1534 1535 #ifndef IPPROTO_ICMPV6 1536 #define IPPROTO_ICMPV6 58 1537 #endif 1538 case Q_ICMPV6: 1539 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1540 break; 1541 #endif /* INET6 */ 1542 1543 #ifndef IPPROTO_AH 1544 #define IPPROTO_AH 51 1545 #endif 1546 case Q_AH: 1547 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1548 #ifdef INET6 1549 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1550 gen_or(b0, b1); 1551 #endif 1552 break; 1553 1554 #ifndef IPPROTO_ESP 1555 #define IPPROTO_ESP 50 1556 #endif 1557 case Q_ESP: 1558 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1559 #ifdef INET6 1560 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1561 gen_or(b0, b1); 1562 #endif 1563 break; 1564 1565 default: 1566 abort(); 1567 } 1568 return b1; 1569 } 1570 1571 static struct block * 1572 gen_ipfrag() 1573 { 1574 struct slist *s, *tmp; 1575 struct block *b; 1576 1577 /* not ip frag */ 1578 if (variable_nl) { 1579 s = nl2X_stmt(); 1580 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1581 tmp->s.k = 6; 1582 sappend(s, tmp); 1583 } else { 1584 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1585 s->s.k = off_nl + 6; 1586 } 1587 b = new_block(JMP(BPF_JSET)); 1588 b->s.k = 0x1fff; 1589 b->stmts = s; 1590 gen_not(b); 1591 1592 return b; 1593 } 1594 1595 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1596 This function generates code to set X to the start of the IP payload 1597 X = off_nl + IP header_len. 1598 */ 1599 static struct slist * 1600 iphl_to_x(void) 1601 { 1602 struct slist *s, *tmp; 1603 1604 /* XXX clobbers A if variable_nl*/ 1605 if (variable_nl) { 1606 if (iphl_reg == -1) { 1607 /* X <- off_nl */ 1608 s = nl2X_stmt(); 1609 1610 /* A = p[X+0] */ 1611 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1612 tmp->s.k = 0; 1613 sappend(s, tmp); 1614 1615 /* A = A & 0x0f */ 1616 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1617 tmp->s.k = 0x0f; 1618 sappend(s, tmp); 1619 1620 /* A = A << 2 */ 1621 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1622 tmp->s.k = 2; 1623 sappend(s, tmp); 1624 1625 /* A = A + X (add off_nl again to compansate) */ 1626 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1627 1628 /* MEM[iphl_reg] = A */ 1629 iphl_reg = alloc_reg(); 1630 tmp = new_stmt(BPF_ST); 1631 tmp->s.k = iphl_reg; 1632 sappend(s, tmp); 1633 1634 sappend(init_code, s); 1635 } 1636 s = new_stmt(BPF_LDX|BPF_MEM); 1637 s->s.k = iphl_reg; 1638 1639 } else { 1640 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1641 s->s.k = off_nl; 1642 } 1643 1644 return s; 1645 } 1646 1647 static struct block * 1648 gen_portatom(off, v) 1649 int off; 1650 bpf_int32 v; 1651 { 1652 struct slist *s, *tmp; 1653 struct block *b; 1654 1655 s = iphl_to_x(); 1656 1657 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1658 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1659 sappend(s, tmp); 1660 1661 b = new_block(JMP(BPF_JEQ)); 1662 b->stmts = s; 1663 b->s.k = v; 1664 1665 return b; 1666 } 1667 1668 #ifdef INET6 1669 static struct block * 1670 gen_portatom6(off, v) 1671 int off; 1672 bpf_int32 v; 1673 { 1674 return gen_cmp_nl(40 + off, BPF_H, v); 1675 } 1676 #endif/*INET6*/ 1677 1678 struct block * 1679 gen_portop(port, proto, dir) 1680 int port, proto, dir; 1681 { 1682 struct block *b0, *b1, *tmp; 1683 1684 /* ip proto 'proto' */ 1685 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1686 b0 = gen_ipfrag(); 1687 gen_and(tmp, b0); 1688 1689 switch (dir) { 1690 case Q_SRC: 1691 b1 = gen_portatom(0, (bpf_int32)port); 1692 break; 1693 1694 case Q_DST: 1695 b1 = gen_portatom(2, (bpf_int32)port); 1696 break; 1697 1698 case Q_OR: 1699 case Q_DEFAULT: 1700 tmp = gen_portatom(0, (bpf_int32)port); 1701 b1 = gen_portatom(2, (bpf_int32)port); 1702 gen_or(tmp, b1); 1703 break; 1704 1705 case Q_AND: 1706 tmp = gen_portatom(0, (bpf_int32)port); 1707 b1 = gen_portatom(2, (bpf_int32)port); 1708 gen_and(tmp, b1); 1709 break; 1710 1711 default: 1712 abort(); 1713 } 1714 gen_and(b0, b1); 1715 1716 return b1; 1717 } 1718 1719 static struct block * 1720 gen_port(port, ip_proto, dir) 1721 int port; 1722 int ip_proto; 1723 int dir; 1724 { 1725 struct block *b0, *b1, *tmp; 1726 1727 /* ether proto ip */ 1728 b0 = gen_linktype(ETHERTYPE_IP); 1729 1730 switch (ip_proto) { 1731 case IPPROTO_UDP: 1732 case IPPROTO_TCP: 1733 b1 = gen_portop(port, ip_proto, dir); 1734 break; 1735 1736 case PROTO_UNDEF: 1737 tmp = gen_portop(port, IPPROTO_TCP, dir); 1738 b1 = gen_portop(port, IPPROTO_UDP, dir); 1739 gen_or(tmp, b1); 1740 break; 1741 1742 default: 1743 abort(); 1744 } 1745 gen_and(b0, b1); 1746 return b1; 1747 } 1748 1749 #ifdef INET6 1750 struct block * 1751 gen_portop6(port, proto, dir) 1752 int port, proto, dir; 1753 { 1754 struct block *b0, *b1, *tmp; 1755 1756 /* ip proto 'proto' */ 1757 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1758 1759 switch (dir) { 1760 case Q_SRC: 1761 b1 = gen_portatom6(0, (bpf_int32)port); 1762 break; 1763 1764 case Q_DST: 1765 b1 = gen_portatom6(2, (bpf_int32)port); 1766 break; 1767 1768 case Q_OR: 1769 case Q_DEFAULT: 1770 tmp = gen_portatom6(0, (bpf_int32)port); 1771 b1 = gen_portatom6(2, (bpf_int32)port); 1772 gen_or(tmp, b1); 1773 break; 1774 1775 case Q_AND: 1776 tmp = gen_portatom6(0, (bpf_int32)port); 1777 b1 = gen_portatom6(2, (bpf_int32)port); 1778 gen_and(tmp, b1); 1779 break; 1780 1781 default: 1782 abort(); 1783 } 1784 gen_and(b0, b1); 1785 1786 return b1; 1787 } 1788 1789 static struct block * 1790 gen_port6(port, ip_proto, dir) 1791 int port; 1792 int ip_proto; 1793 int dir; 1794 { 1795 struct block *b0, *b1, *tmp; 1796 1797 /* ether proto ip */ 1798 b0 = gen_linktype(ETHERTYPE_IPV6); 1799 1800 switch (ip_proto) { 1801 case IPPROTO_UDP: 1802 case IPPROTO_TCP: 1803 b1 = gen_portop6(port, ip_proto, dir); 1804 break; 1805 1806 case PROTO_UNDEF: 1807 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1808 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1809 gen_or(tmp, b1); 1810 break; 1811 1812 default: 1813 abort(); 1814 } 1815 gen_and(b0, b1); 1816 return b1; 1817 } 1818 #endif /* INET6 */ 1819 1820 static int 1821 lookup_proto(name, proto) 1822 const char *name; 1823 int proto; 1824 { 1825 int v; 1826 1827 switch (proto) { 1828 1829 case Q_DEFAULT: 1830 case Q_IP: 1831 v = pcap_nametoproto(name); 1832 if (v == PROTO_UNDEF) 1833 bpf_error("unknown ip proto '%s'", name); 1834 break; 1835 1836 case Q_LINK: 1837 /* XXX should look up h/w protocol type based on linktype */ 1838 v = pcap_nametoeproto(name); 1839 if (v == PROTO_UNDEF) { 1840 v = pcap_nametollc(name); 1841 if (v == PROTO_UNDEF) 1842 bpf_error("unknown ether proto '%s'", name); 1843 } 1844 break; 1845 1846 default: 1847 v = PROTO_UNDEF; 1848 break; 1849 } 1850 return v; 1851 } 1852 1853 static struct block * 1854 gen_protochain(v, proto, dir) 1855 int v; 1856 int proto; 1857 int dir; 1858 { 1859 struct block *b0, *b; 1860 struct slist *s[100]; 1861 int fix2, fix3, fix4, fix5; 1862 int ahcheck, again, end; 1863 int i, max; 1864 int reg1 = alloc_reg(); 1865 int reg2 = alloc_reg(); 1866 1867 memset(s, 0, sizeof(s)); 1868 fix2 = fix3 = fix4 = fix5 = 0; 1869 1870 if (variable_nl) { 1871 bpf_error("'gen_protochain' not supported for variable DLTs"); 1872 /*NOTREACHED*/ 1873 } 1874 1875 switch (proto) { 1876 case Q_IP: 1877 case Q_IPV6: 1878 break; 1879 case Q_DEFAULT: 1880 b0 = gen_protochain(v, Q_IP, dir); 1881 b = gen_protochain(v, Q_IPV6, dir); 1882 gen_or(b0, b); 1883 return b; 1884 default: 1885 bpf_error("bad protocol applied for 'protochain'"); 1886 /*NOTREACHED*/ 1887 } 1888 1889 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1890 1891 /* 1892 * s[0] is a dummy entry to protect other BPF insn from damaged 1893 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1894 * hard to find interdependency made by jump table fixup. 1895 */ 1896 i = 0; 1897 s[i] = new_stmt(0); /*dummy*/ 1898 i++; 1899 1900 switch (proto) { 1901 case Q_IP: 1902 b0 = gen_linktype(ETHERTYPE_IP); 1903 1904 /* A = ip->ip_p */ 1905 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1906 s[i]->s.k = off_nl + 9; 1907 i++; 1908 /* X = ip->ip_hl << 2 */ 1909 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1910 s[i]->s.k = off_nl; 1911 i++; 1912 break; 1913 case Q_IPV6: 1914 b0 = gen_linktype(ETHERTYPE_IPV6); 1915 1916 /* A = ip6->ip_nxt */ 1917 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1918 s[i]->s.k = off_nl + 6; 1919 i++; 1920 /* X = sizeof(struct ip6_hdr) */ 1921 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1922 s[i]->s.k = 40; 1923 i++; 1924 break; 1925 default: 1926 bpf_error("unsupported proto to gen_protochain"); 1927 /*NOTREACHED*/ 1928 } 1929 1930 /* again: if (A == v) goto end; else fall through; */ 1931 again = i; 1932 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1933 s[i]->s.k = v; 1934 s[i]->s.jt = NULL; /*later*/ 1935 s[i]->s.jf = NULL; /*update in next stmt*/ 1936 fix5 = i; 1937 i++; 1938 1939 /* if (A == IPPROTO_NONE) goto end */ 1940 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1941 s[i]->s.jt = NULL; /*later*/ 1942 s[i]->s.jf = NULL; /*update in next stmt*/ 1943 s[i]->s.k = IPPROTO_NONE; 1944 s[fix5]->s.jf = s[i]; 1945 fix2 = i; 1946 i++; 1947 1948 if (proto == Q_IPV6) { 1949 int v6start, v6end, v6advance, j; 1950 1951 v6start = i; 1952 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1953 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1954 s[i]->s.jt = NULL; /*later*/ 1955 s[i]->s.jf = NULL; /*update in next stmt*/ 1956 s[i]->s.k = IPPROTO_HOPOPTS; 1957 s[fix2]->s.jf = s[i]; 1958 i++; 1959 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1960 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1961 s[i]->s.jt = NULL; /*later*/ 1962 s[i]->s.jf = NULL; /*update in next stmt*/ 1963 s[i]->s.k = IPPROTO_DSTOPTS; 1964 i++; 1965 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1966 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1967 s[i]->s.jt = NULL; /*later*/ 1968 s[i]->s.jf = NULL; /*update in next stmt*/ 1969 s[i]->s.k = IPPROTO_ROUTING; 1970 i++; 1971 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1972 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1973 s[i]->s.jt = NULL; /*later*/ 1974 s[i]->s.jf = NULL; /*later*/ 1975 s[i]->s.k = IPPROTO_FRAGMENT; 1976 fix3 = i; 1977 v6end = i; 1978 i++; 1979 1980 /* v6advance: */ 1981 v6advance = i; 1982 1983 /* 1984 * in short, 1985 * A = P[X + 1]; 1986 * X = X + (P[X] + 1) * 8; 1987 */ 1988 /* A = X */ 1989 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1990 i++; 1991 /* MEM[reg1] = A */ 1992 s[i] = new_stmt(BPF_ST); 1993 s[i]->s.k = reg1; 1994 i++; 1995 /* A += 1 */ 1996 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1997 s[i]->s.k = 1; 1998 i++; 1999 /* X = A */ 2000 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2001 i++; 2002 /* A = P[X + packet head]; */ 2003 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2004 s[i]->s.k = off_nl; 2005 i++; 2006 /* MEM[reg2] = A */ 2007 s[i] = new_stmt(BPF_ST); 2008 s[i]->s.k = reg2; 2009 i++; 2010 /* X = MEM[reg1] */ 2011 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2012 s[i]->s.k = reg1; 2013 i++; 2014 /* A = P[X + packet head] */ 2015 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2016 s[i]->s.k = off_nl; 2017 i++; 2018 /* A += 1 */ 2019 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2020 s[i]->s.k = 1; 2021 i++; 2022 /* A *= 8 */ 2023 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2024 s[i]->s.k = 8; 2025 i++; 2026 /* X = A; */ 2027 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2028 i++; 2029 /* A = MEM[reg2] */ 2030 s[i] = new_stmt(BPF_LD|BPF_MEM); 2031 s[i]->s.k = reg2; 2032 i++; 2033 2034 /* goto again; (must use BPF_JA for backward jump) */ 2035 s[i] = new_stmt(BPF_JMP|BPF_JA); 2036 s[i]->s.k = again - i - 1; 2037 s[i - 1]->s.jf = s[i]; 2038 i++; 2039 2040 /* fixup */ 2041 for (j = v6start; j <= v6end; j++) 2042 s[j]->s.jt = s[v6advance]; 2043 } else { 2044 /* nop */ 2045 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2046 s[i]->s.k = 0; 2047 s[fix2]->s.jf = s[i]; 2048 i++; 2049 } 2050 2051 /* ahcheck: */ 2052 ahcheck = i; 2053 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2054 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2055 s[i]->s.jt = NULL; /*later*/ 2056 s[i]->s.jf = NULL; /*later*/ 2057 s[i]->s.k = IPPROTO_AH; 2058 if (fix3) 2059 s[fix3]->s.jf = s[ahcheck]; 2060 fix4 = i; 2061 i++; 2062 2063 /* 2064 * in short, 2065 * A = P[X + 1]; 2066 * X = X + (P[X] + 2) * 4; 2067 */ 2068 /* A = X */ 2069 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2070 i++; 2071 /* MEM[reg1] = A */ 2072 s[i] = new_stmt(BPF_ST); 2073 s[i]->s.k = reg1; 2074 i++; 2075 /* A += 1 */ 2076 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2077 s[i]->s.k = 1; 2078 i++; 2079 /* X = A */ 2080 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2081 i++; 2082 /* A = P[X + packet head]; */ 2083 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2084 s[i]->s.k = off_nl; 2085 i++; 2086 /* MEM[reg2] = A */ 2087 s[i] = new_stmt(BPF_ST); 2088 s[i]->s.k = reg2; 2089 i++; 2090 /* X = MEM[reg1] */ 2091 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2092 s[i]->s.k = reg1; 2093 i++; 2094 /* A = P[X + packet head] */ 2095 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2096 s[i]->s.k = off_nl; 2097 i++; 2098 /* A += 2 */ 2099 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2100 s[i]->s.k = 2; 2101 i++; 2102 /* A *= 4 */ 2103 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2104 s[i]->s.k = 4; 2105 i++; 2106 /* X = A; */ 2107 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2108 i++; 2109 /* A = MEM[reg2] */ 2110 s[i] = new_stmt(BPF_LD|BPF_MEM); 2111 s[i]->s.k = reg2; 2112 i++; 2113 2114 /* goto again; (must use BPF_JA for backward jump) */ 2115 s[i] = new_stmt(BPF_JMP|BPF_JA); 2116 s[i]->s.k = again - i - 1; 2117 i++; 2118 2119 /* end: nop */ 2120 end = i; 2121 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2122 s[i]->s.k = 0; 2123 s[fix2]->s.jt = s[end]; 2124 s[fix4]->s.jf = s[end]; 2125 s[fix5]->s.jt = s[end]; 2126 i++; 2127 2128 /* 2129 * make slist chain 2130 */ 2131 max = i; 2132 for (i = 0; i < max - 1; i++) 2133 s[i]->next = s[i + 1]; 2134 s[max - 1]->next = NULL; 2135 2136 /* 2137 * emit final check 2138 */ 2139 b = new_block(JMP(BPF_JEQ)); 2140 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2141 b->s.k = v; 2142 2143 free_reg(reg1); 2144 free_reg(reg2); 2145 2146 gen_and(b0, b); 2147 return b; 2148 } 2149 2150 static struct block * 2151 gen_proto(v, proto, dir) 2152 int v; 2153 int proto; 2154 int dir; 2155 { 2156 struct block *b0, *b1; 2157 2158 if (dir != Q_DEFAULT) 2159 bpf_error("direction applied to 'proto'"); 2160 2161 switch (proto) { 2162 case Q_DEFAULT: 2163 #ifdef INET6 2164 b0 = gen_proto(v, Q_IP, dir); 2165 b1 = gen_proto(v, Q_IPV6, dir); 2166 gen_or(b0, b1); 2167 return b1; 2168 #else 2169 /*FALLTHROUGH*/ 2170 #endif 2171 case Q_IP: 2172 b0 = gen_linktype(ETHERTYPE_IP); 2173 #ifndef CHASE_CHAIN 2174 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2175 #else 2176 b1 = gen_protochain(v, Q_IP); 2177 #endif 2178 gen_and(b0, b1); 2179 return b1; 2180 2181 case Q_ARP: 2182 bpf_error("arp does not encapsulate another protocol"); 2183 /* NOTREACHED */ 2184 2185 case Q_RARP: 2186 bpf_error("rarp does not encapsulate another protocol"); 2187 /* NOTREACHED */ 2188 2189 case Q_ATALK: 2190 bpf_error("atalk encapsulation is not specifiable"); 2191 /* NOTREACHED */ 2192 2193 case Q_DECNET: 2194 bpf_error("decnet encapsulation is not specifiable"); 2195 /* NOTREACHED */ 2196 2197 case Q_SCA: 2198 bpf_error("sca does not encapsulate another protocol"); 2199 /* NOTREACHED */ 2200 2201 case Q_LAT: 2202 bpf_error("lat does not encapsulate another protocol"); 2203 /* NOTREACHED */ 2204 2205 case Q_MOPRC: 2206 bpf_error("moprc does not encapsulate another protocol"); 2207 /* NOTREACHED */ 2208 2209 case Q_MOPDL: 2210 bpf_error("mopdl does not encapsulate another protocol"); 2211 /* NOTREACHED */ 2212 2213 case Q_LINK: 2214 return gen_linktype(v); 2215 2216 case Q_UDP: 2217 bpf_error("'udp proto' is bogus"); 2218 /* NOTREACHED */ 2219 2220 case Q_TCP: 2221 bpf_error("'tcp proto' is bogus"); 2222 /* NOTREACHED */ 2223 2224 case Q_ICMP: 2225 bpf_error("'icmp proto' is bogus"); 2226 /* NOTREACHED */ 2227 2228 case Q_IGMP: 2229 bpf_error("'igmp proto' is bogus"); 2230 /* NOTREACHED */ 2231 2232 case Q_IGRP: 2233 bpf_error("'igrp proto' is bogus"); 2234 /* NOTREACHED */ 2235 2236 case Q_PIM: 2237 bpf_error("'pim proto' is bogus"); 2238 /* NOTREACHED */ 2239 2240 case Q_STP: 2241 bpf_error("'stp proto' is bogus"); 2242 /* NOTREACHED */ 2243 2244 #ifdef INET6 2245 case Q_IPV6: 2246 b0 = gen_linktype(ETHERTYPE_IPV6); 2247 #ifndef CHASE_CHAIN 2248 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2249 #else 2250 b1 = gen_protochain(v, Q_IPV6); 2251 #endif 2252 gen_and(b0, b1); 2253 return b1; 2254 2255 case Q_ICMPV6: 2256 bpf_error("'icmp6 proto' is bogus"); 2257 #endif /* INET6 */ 2258 2259 case Q_AH: 2260 bpf_error("'ah proto' is bogus"); 2261 2262 case Q_ESP: 2263 bpf_error("'esp proto' is bogus"); 2264 2265 default: 2266 abort(); 2267 /* NOTREACHED */ 2268 } 2269 /* NOTREACHED */ 2270 } 2271 2272 struct block * 2273 gen_scode(name, q) 2274 const char *name; 2275 struct qual q; 2276 { 2277 int proto = q.proto; 2278 int dir = q.dir; 2279 int tproto; 2280 u_char *eaddr; 2281 bpf_u_int32 mask, addr; 2282 #ifndef INET6 2283 bpf_u_int32 **alist; 2284 #else 2285 int tproto6; 2286 struct sockaddr_in *sin; 2287 struct sockaddr_in6 *sin6; 2288 struct addrinfo *res, *res0; 2289 struct in6_addr mask128; 2290 #endif /*INET6*/ 2291 struct block *b, *tmp; 2292 int port, real_proto; 2293 2294 switch (q.addr) { 2295 2296 case Q_NET: 2297 addr = pcap_nametonetaddr(name); 2298 if (addr == 0) 2299 bpf_error("unknown network '%s'", name); 2300 /* Left justify network addr and calculate its network mask */ 2301 mask = 0xffffffff; 2302 while (addr && (addr & 0xff000000) == 0) { 2303 addr <<= 8; 2304 mask <<= 8; 2305 } 2306 return gen_host(addr, mask, proto, dir); 2307 2308 case Q_DEFAULT: 2309 case Q_HOST: 2310 if (proto == Q_LINK) { 2311 switch (linktype) { 2312 2313 case DLT_EN10MB: 2314 eaddr = pcap_ether_hostton(name); 2315 if (eaddr == NULL) 2316 bpf_error( 2317 "unknown ether host '%s'", name); 2318 return gen_ehostop(eaddr, dir); 2319 2320 case DLT_FDDI: 2321 eaddr = pcap_ether_hostton(name); 2322 if (eaddr == NULL) 2323 bpf_error( 2324 "unknown FDDI host '%s'", name); 2325 return gen_fhostop(eaddr, dir); 2326 2327 case DLT_IEEE802_11: 2328 case DLT_IEEE802_11_RADIO: 2329 eaddr = pcap_ether_hostton(name); 2330 if (eaddr == NULL) 2331 bpf_error( 2332 "unknown 802.11 host '%s'", name); 2333 2334 return gen_p80211_hostop(eaddr, dir); 2335 2336 default: 2337 bpf_error( 2338 "only ethernet/FDDI supports link-level host name"); 2339 break; 2340 } 2341 } else if (proto == Q_DECNET) { 2342 unsigned short dn_addr = __pcap_nametodnaddr(name); 2343 /* 2344 * I don't think DECNET hosts can be multihomed, so 2345 * there is no need to build up a list of addresses 2346 */ 2347 return (gen_host(dn_addr, 0, proto, dir)); 2348 } else { 2349 #ifndef INET6 2350 alist = pcap_nametoaddr(name); 2351 if (alist == NULL || *alist == NULL) 2352 bpf_error("unknown host '%s'", name); 2353 tproto = proto; 2354 if (off_linktype == -1 && tproto == Q_DEFAULT) 2355 tproto = Q_IP; 2356 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2357 while (*alist) { 2358 tmp = gen_host(**alist++, 0xffffffff, 2359 tproto, dir); 2360 gen_or(b, tmp); 2361 b = tmp; 2362 } 2363 return b; 2364 #else 2365 memset(&mask128, 0xff, sizeof(mask128)); 2366 res0 = res = pcap_nametoaddrinfo(name); 2367 if (res == NULL) 2368 bpf_error("unknown host '%s'", name); 2369 b = tmp = NULL; 2370 tproto = tproto6 = proto; 2371 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2372 tproto = Q_IP; 2373 tproto6 = Q_IPV6; 2374 } 2375 for (res = res0; res; res = res->ai_next) { 2376 switch (res->ai_family) { 2377 case AF_INET: 2378 if (tproto == Q_IPV6) 2379 continue; 2380 2381 sin = (struct sockaddr_in *) 2382 res->ai_addr; 2383 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2384 0xffffffff, tproto, dir); 2385 break; 2386 case AF_INET6: 2387 if (tproto6 == Q_IP) 2388 continue; 2389 2390 sin6 = (struct sockaddr_in6 *) 2391 res->ai_addr; 2392 tmp = gen_host6(&sin6->sin6_addr, 2393 &mask128, tproto6, dir); 2394 break; 2395 } 2396 if (b) 2397 gen_or(b, tmp); 2398 b = tmp; 2399 } 2400 freeaddrinfo(res0); 2401 if (b == NULL) { 2402 bpf_error("unknown host '%s'%s", name, 2403 (proto == Q_DEFAULT) 2404 ? "" 2405 : " for specified address family"); 2406 } 2407 return b; 2408 #endif /*INET6*/ 2409 } 2410 2411 case Q_PORT: 2412 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2413 bpf_error("illegal qualifier of 'port'"); 2414 if (pcap_nametoport(name, &port, &real_proto) == 0) 2415 bpf_error("unknown port '%s'", name); 2416 if (proto == Q_UDP) { 2417 if (real_proto == IPPROTO_TCP) 2418 bpf_error("port '%s' is tcp", name); 2419 else 2420 /* override PROTO_UNDEF */ 2421 real_proto = IPPROTO_UDP; 2422 } 2423 if (proto == Q_TCP) { 2424 if (real_proto == IPPROTO_UDP) 2425 bpf_error("port '%s' is udp", name); 2426 else 2427 /* override PROTO_UNDEF */ 2428 real_proto = IPPROTO_TCP; 2429 } 2430 #ifndef INET6 2431 return gen_port(port, real_proto, dir); 2432 #else 2433 { 2434 struct block *b; 2435 b = gen_port(port, real_proto, dir); 2436 gen_or(gen_port6(port, real_proto, dir), b); 2437 return b; 2438 } 2439 #endif /* INET6 */ 2440 2441 case Q_GATEWAY: 2442 #ifndef INET6 2443 eaddr = pcap_ether_hostton(name); 2444 if (eaddr == NULL) 2445 bpf_error("unknown ether host: %s", name); 2446 2447 alist = pcap_nametoaddr(name); 2448 if (alist == NULL || *alist == NULL) 2449 bpf_error("unknown host '%s'", name); 2450 return gen_gateway(eaddr, alist, proto, dir); 2451 #else 2452 bpf_error("'gateway' not supported in this configuration"); 2453 #endif /*INET6*/ 2454 2455 case Q_PROTO: 2456 real_proto = lookup_proto(name, proto); 2457 if (real_proto >= 0) 2458 return gen_proto(real_proto, proto, dir); 2459 else 2460 bpf_error("unknown protocol: %s", name); 2461 2462 case Q_PROTOCHAIN: 2463 real_proto = lookup_proto(name, proto); 2464 if (real_proto >= 0) 2465 return gen_protochain(real_proto, proto, dir); 2466 else 2467 bpf_error("unknown protocol: %s", name); 2468 2469 2470 case Q_UNDEF: 2471 syntax(); 2472 /* NOTREACHED */ 2473 } 2474 abort(); 2475 /* NOTREACHED */ 2476 } 2477 2478 struct block * 2479 gen_mcode(s1, s2, masklen, q) 2480 const char *s1, *s2; 2481 int masklen; 2482 struct qual q; 2483 { 2484 int nlen, mlen; 2485 bpf_u_int32 n, m; 2486 2487 nlen = __pcap_atoin(s1, &n); 2488 /* Promote short ipaddr */ 2489 n <<= 32 - nlen; 2490 2491 if (s2 != NULL) { 2492 mlen = __pcap_atoin(s2, &m); 2493 /* Promote short ipaddr */ 2494 m <<= 32 - mlen; 2495 if ((n & ~m) != 0) 2496 bpf_error("non-network bits set in \"%s mask %s\"", 2497 s1, s2); 2498 } else { 2499 /* Convert mask len to mask */ 2500 if (masklen > 32) 2501 bpf_error("mask length must be <= 32"); 2502 m = 0xffffffff << (32 - masklen); 2503 if ((n & ~m) != 0) 2504 bpf_error("non-network bits set in \"%s/%d\"", 2505 s1, masklen); 2506 } 2507 2508 switch (q.addr) { 2509 2510 case Q_NET: 2511 return gen_host(n, m, q.proto, q.dir); 2512 2513 default: 2514 bpf_error("Mask syntax for networks only"); 2515 /* NOTREACHED */ 2516 } 2517 } 2518 2519 struct block * 2520 gen_ncode(s, v, q) 2521 const char *s; 2522 bpf_u_int32 v; 2523 struct qual q; 2524 { 2525 bpf_u_int32 mask; 2526 int proto = q.proto; 2527 int dir = q.dir; 2528 int vlen; 2529 2530 if (s == NULL) 2531 vlen = 32; 2532 else if (q.proto == Q_DECNET) 2533 vlen = __pcap_atodn(s, &v); 2534 else 2535 vlen = __pcap_atoin(s, &v); 2536 2537 switch (q.addr) { 2538 2539 case Q_DEFAULT: 2540 case Q_HOST: 2541 case Q_NET: 2542 if (proto == Q_DECNET) 2543 return gen_host(v, 0, proto, dir); 2544 else if (proto == Q_LINK) { 2545 bpf_error("illegal link layer address"); 2546 } else { 2547 mask = 0xffffffff; 2548 if (s == NULL && q.addr == Q_NET) { 2549 /* Promote short net number */ 2550 while (v && (v & 0xff000000) == 0) { 2551 v <<= 8; 2552 mask <<= 8; 2553 } 2554 } else { 2555 /* Promote short ipaddr */ 2556 v <<= 32 - vlen; 2557 mask <<= 32 - vlen; 2558 } 2559 return gen_host(v, mask, proto, dir); 2560 } 2561 2562 case Q_PORT: 2563 if (proto == Q_UDP) 2564 proto = IPPROTO_UDP; 2565 else if (proto == Q_TCP) 2566 proto = IPPROTO_TCP; 2567 else if (proto == Q_DEFAULT) 2568 proto = PROTO_UNDEF; 2569 else 2570 bpf_error("illegal qualifier of 'port'"); 2571 2572 #ifndef INET6 2573 return gen_port((int)v, proto, dir); 2574 #else 2575 { 2576 struct block *b; 2577 b = gen_port((int)v, proto, dir); 2578 gen_or(gen_port6((int)v, proto, dir), b); 2579 return b; 2580 } 2581 #endif /* INET6 */ 2582 2583 case Q_GATEWAY: 2584 bpf_error("'gateway' requires a name"); 2585 /* NOTREACHED */ 2586 2587 case Q_PROTO: 2588 return gen_proto((int)v, proto, dir); 2589 2590 case Q_PROTOCHAIN: 2591 return gen_protochain((int)v, proto, dir); 2592 2593 case Q_UNDEF: 2594 syntax(); 2595 /* NOTREACHED */ 2596 2597 default: 2598 abort(); 2599 /* NOTREACHED */ 2600 } 2601 /* NOTREACHED */ 2602 } 2603 2604 #ifdef INET6 2605 struct block * 2606 gen_mcode6(s1, s2, masklen, q) 2607 const char *s1, *s2; 2608 int masklen; 2609 struct qual q; 2610 { 2611 struct addrinfo *res; 2612 struct in6_addr *addr; 2613 struct in6_addr mask; 2614 struct block *b; 2615 u_int32_t *a, *m; 2616 2617 if (s2) 2618 bpf_error("no mask %s supported", s2); 2619 2620 res = pcap_nametoaddrinfo(s1); 2621 if (!res) 2622 bpf_error("invalid ip6 address %s", s1); 2623 if (res->ai_next) 2624 bpf_error("%s resolved to multiple address", s1); 2625 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2626 2627 if (sizeof(mask) * 8 < masklen) 2628 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2629 memset(&mask, 0, sizeof(mask)); 2630 memset(&mask, 0xff, masklen / 8); 2631 if (masklen % 8) { 2632 mask.s6_addr[masklen / 8] = 2633 (0xff << (8 - masklen % 8)) & 0xff; 2634 } 2635 2636 a = (u_int32_t *)addr; 2637 m = (u_int32_t *)&mask; 2638 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2639 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2640 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2641 } 2642 2643 switch (q.addr) { 2644 2645 case Q_DEFAULT: 2646 case Q_HOST: 2647 if (masklen != 128) 2648 bpf_error("Mask syntax for networks only"); 2649 /* FALLTHROUGH */ 2650 2651 case Q_NET: 2652 b = gen_host6(addr, &mask, q.proto, q.dir); 2653 freeaddrinfo(res); 2654 return b; 2655 2656 default: 2657 bpf_error("invalid qualifier against IPv6 address"); 2658 /* NOTREACHED */ 2659 } 2660 } 2661 #endif /*INET6*/ 2662 2663 struct block * 2664 gen_ecode(eaddr, q) 2665 const u_char *eaddr; 2666 struct qual q; 2667 { 2668 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2669 if (linktype == DLT_EN10MB) 2670 return gen_ehostop(eaddr, (int)q.dir); 2671 if (linktype == DLT_FDDI) 2672 return gen_fhostop(eaddr, (int)q.dir); 2673 if (linktype == DLT_IEEE802_11 || 2674 linktype == DLT_IEEE802_11_RADIO) 2675 return gen_p80211_hostop(eaddr, (int)q.dir); 2676 } 2677 bpf_error("ethernet address used in non-ether expression"); 2678 /* NOTREACHED */ 2679 } 2680 2681 void 2682 sappend(s0, s1) 2683 struct slist *s0, *s1; 2684 { 2685 /* 2686 * This is definitely not the best way to do this, but the 2687 * lists will rarely get long. 2688 */ 2689 while (s0->next) 2690 s0 = s0->next; 2691 s0->next = s1; 2692 } 2693 2694 static struct slist * 2695 xfer_to_x(a) 2696 struct arth *a; 2697 { 2698 struct slist *s; 2699 2700 s = new_stmt(BPF_LDX|BPF_MEM); 2701 s->s.k = a->regno; 2702 return s; 2703 } 2704 2705 static struct slist * 2706 xfer_to_a(a) 2707 struct arth *a; 2708 { 2709 struct slist *s; 2710 2711 s = new_stmt(BPF_LD|BPF_MEM); 2712 s->s.k = a->regno; 2713 return s; 2714 } 2715 2716 struct arth * 2717 gen_load(proto, index, size) 2718 int proto; 2719 struct arth *index; 2720 int size; 2721 { 2722 struct slist *s, *tmp; 2723 struct block *b; 2724 int regno = alloc_reg(); 2725 2726 free_reg(index->regno); 2727 switch (size) { 2728 2729 default: 2730 bpf_error("data size must be 1, 2, or 4"); 2731 2732 case 1: 2733 size = BPF_B; 2734 break; 2735 2736 case 2: 2737 size = BPF_H; 2738 break; 2739 2740 case 4: 2741 size = BPF_W; 2742 break; 2743 } 2744 switch (proto) { 2745 default: 2746 bpf_error("unsupported index operation"); 2747 2748 case Q_LINK: 2749 s = xfer_to_x(index); 2750 tmp = new_stmt(BPF_LD|BPF_IND|size); 2751 sappend(s, tmp); 2752 sappend(index->s, s); 2753 break; 2754 2755 case Q_IP: 2756 case Q_ARP: 2757 case Q_RARP: 2758 case Q_ATALK: 2759 case Q_DECNET: 2760 case Q_SCA: 2761 case Q_LAT: 2762 case Q_MOPRC: 2763 case Q_MOPDL: 2764 #ifdef INET6 2765 case Q_IPV6: 2766 #endif 2767 /* XXX Note that we assume a fixed link header here. */ 2768 if (variable_nl) { 2769 s = nl2X_stmt(); 2770 sappend(s, xfer_to_a(index)); 2771 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2772 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2773 } else { 2774 s = xfer_to_x(index); 2775 } 2776 tmp = new_stmt(BPF_LD|BPF_IND|size); 2777 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2778 sappend(s, tmp); 2779 sappend(index->s, s); 2780 2781 b = gen_proto_abbrev(proto); 2782 if (index->b) 2783 gen_and(index->b, b); 2784 index->b = b; 2785 break; 2786 2787 case Q_TCP: 2788 case Q_UDP: 2789 case Q_ICMP: 2790 case Q_IGMP: 2791 case Q_IGRP: 2792 case Q_PIM: 2793 s = iphl_to_x(); 2794 sappend(s, xfer_to_a(index)); 2795 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2796 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2797 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2798 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2799 sappend(index->s, s); 2800 2801 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2802 if (index->b) 2803 gen_and(index->b, b); 2804 #ifdef INET6 2805 gen_and(gen_proto_abbrev(Q_IP), b); 2806 #endif 2807 index->b = b; 2808 break; 2809 #ifdef INET6 2810 case Q_ICMPV6: 2811 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2812 /*NOTREACHED*/ 2813 #endif 2814 } 2815 index->regno = regno; 2816 s = new_stmt(BPF_ST); 2817 s->s.k = regno; 2818 sappend(index->s, s); 2819 2820 return index; 2821 } 2822 2823 struct block * 2824 gen_relation(code, a0, a1, reversed) 2825 int code; 2826 struct arth *a0, *a1; 2827 int reversed; 2828 { 2829 struct slist *s0, *s1, *s2; 2830 struct block *b, *tmp; 2831 2832 s0 = xfer_to_x(a1); 2833 s1 = xfer_to_a(a0); 2834 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2835 b = new_block(JMP(code)); 2836 if (code == BPF_JGT || code == BPF_JGE) { 2837 reversed = !reversed; 2838 b->s.k = 0x80000000; 2839 } 2840 if (reversed) 2841 gen_not(b); 2842 2843 sappend(s1, s2); 2844 sappend(s0, s1); 2845 sappend(a1->s, s0); 2846 sappend(a0->s, a1->s); 2847 2848 b->stmts = a0->s; 2849 2850 free_reg(a0->regno); 2851 free_reg(a1->regno); 2852 2853 /* 'and' together protocol checks */ 2854 if (a0->b) { 2855 if (a1->b) { 2856 gen_and(a0->b, tmp = a1->b); 2857 } 2858 else 2859 tmp = a0->b; 2860 } else 2861 tmp = a1->b; 2862 2863 if (tmp) 2864 gen_and(tmp, b); 2865 2866 return b; 2867 } 2868 2869 struct arth * 2870 gen_loadlen() 2871 { 2872 int regno = alloc_reg(); 2873 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2874 struct slist *s; 2875 2876 s = new_stmt(BPF_LD|BPF_LEN); 2877 s->next = new_stmt(BPF_ST); 2878 s->next->s.k = regno; 2879 a->s = s; 2880 a->regno = regno; 2881 2882 return a; 2883 } 2884 2885 struct arth * 2886 gen_loadrnd() 2887 { 2888 int regno = alloc_reg(); 2889 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2890 struct slist *s; 2891 2892 s = new_stmt(BPF_LD|BPF_RND); 2893 s->next = new_stmt(BPF_ST); 2894 s->next->s.k = regno; 2895 a->s = s; 2896 a->regno = regno; 2897 2898 return a; 2899 } 2900 2901 struct arth * 2902 gen_loadi(val) 2903 int val; 2904 { 2905 struct arth *a; 2906 struct slist *s; 2907 int reg; 2908 2909 a = (struct arth *)newchunk(sizeof(*a)); 2910 2911 reg = alloc_reg(); 2912 2913 s = new_stmt(BPF_LD|BPF_IMM); 2914 s->s.k = val; 2915 s->next = new_stmt(BPF_ST); 2916 s->next->s.k = reg; 2917 a->s = s; 2918 a->regno = reg; 2919 2920 return a; 2921 } 2922 2923 struct arth * 2924 gen_neg(a) 2925 struct arth *a; 2926 { 2927 struct slist *s; 2928 2929 s = xfer_to_a(a); 2930 sappend(a->s, s); 2931 s = new_stmt(BPF_ALU|BPF_NEG); 2932 s->s.k = 0; 2933 sappend(a->s, s); 2934 s = new_stmt(BPF_ST); 2935 s->s.k = a->regno; 2936 sappend(a->s, s); 2937 2938 return a; 2939 } 2940 2941 struct arth * 2942 gen_arth(code, a0, a1) 2943 int code; 2944 struct arth *a0, *a1; 2945 { 2946 struct slist *s0, *s1, *s2; 2947 2948 s0 = xfer_to_x(a1); 2949 s1 = xfer_to_a(a0); 2950 s2 = new_stmt(BPF_ALU|BPF_X|code); 2951 2952 sappend(s1, s2); 2953 sappend(s0, s1); 2954 sappend(a1->s, s0); 2955 sappend(a0->s, a1->s); 2956 2957 free_reg(a1->regno); 2958 2959 s0 = new_stmt(BPF_ST); 2960 a0->regno = s0->s.k = alloc_reg(); 2961 sappend(a0->s, s0); 2962 2963 return a0; 2964 } 2965 2966 /* 2967 * Here we handle simple allocation of the scratch registers. 2968 * If too many registers are alloc'd, the allocator punts. 2969 */ 2970 static int regused[BPF_MEMWORDS]; 2971 static int curreg; 2972 2973 /* 2974 * Return the next free register. 2975 */ 2976 static int 2977 alloc_reg() 2978 { 2979 int n = BPF_MEMWORDS; 2980 2981 while (--n >= 0) { 2982 if (regused[curreg]) 2983 curreg = (curreg + 1) % BPF_MEMWORDS; 2984 else { 2985 regused[curreg] = 1; 2986 return curreg; 2987 } 2988 } 2989 bpf_error("too many registers needed to evaluate expression"); 2990 /* NOTREACHED */ 2991 } 2992 2993 /* 2994 * Return a register to the table so it can 2995 * be used later. 2996 */ 2997 static void 2998 free_reg(n) 2999 int n; 3000 { 3001 regused[n] = 0; 3002 } 3003 3004 static struct block * 3005 gen_len(jmp, n) 3006 int jmp, n; 3007 { 3008 struct slist *s; 3009 struct block *b; 3010 3011 s = new_stmt(BPF_LD|BPF_LEN); 3012 b = new_block(JMP(jmp)); 3013 b->stmts = s; 3014 b->s.k = n; 3015 3016 return b; 3017 } 3018 3019 struct block * 3020 gen_greater(n) 3021 int n; 3022 { 3023 return gen_len(BPF_JGE, n); 3024 } 3025 3026 struct block * 3027 gen_less(n) 3028 int n; 3029 { 3030 struct block *b; 3031 3032 b = gen_len(BPF_JGT, n); 3033 gen_not(b); 3034 3035 return b; 3036 } 3037 3038 struct block * 3039 gen_byteop(op, idx, val) 3040 int op, idx, val; 3041 { 3042 struct block *b; 3043 struct slist *s; 3044 3045 switch (op) { 3046 default: 3047 abort(); 3048 3049 case '=': 3050 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3051 3052 case '<': 3053 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3054 b->s.code = JMP(BPF_JGE); 3055 gen_not(b); 3056 return b; 3057 3058 case '>': 3059 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3060 b->s.code = JMP(BPF_JGT); 3061 return b; 3062 3063 case '|': 3064 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3065 break; 3066 3067 case '&': 3068 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3069 break; 3070 } 3071 s->s.k = val; 3072 b = new_block(JMP(BPF_JEQ)); 3073 b->stmts = s; 3074 gen_not(b); 3075 3076 return b; 3077 } 3078 3079 struct block * 3080 gen_broadcast(proto) 3081 int proto; 3082 { 3083 bpf_u_int32 hostmask; 3084 struct block *b0, *b1, *b2; 3085 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3086 3087 switch (proto) { 3088 3089 case Q_DEFAULT: 3090 case Q_LINK: 3091 if (linktype == DLT_EN10MB) 3092 return gen_ehostop(ebroadcast, Q_DST); 3093 if (linktype == DLT_FDDI) 3094 return gen_fhostop(ebroadcast, Q_DST); 3095 if (linktype == DLT_IEEE802_11 || 3096 linktype == DLT_IEEE802_11_RADIO) 3097 return gen_p80211_hostop(ebroadcast, Q_DST); 3098 bpf_error("not a broadcast link"); 3099 break; 3100 3101 case Q_IP: 3102 /* 3103 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff) 3104 * as an indication that we don't know the netmask, and fail 3105 * in that case. 3106 */ 3107 if (netmask == PCAP_NETMASK_UNKNOWN) 3108 bpf_error("netmask not known, so 'ip broadcast' not supported"); 3109 b0 = gen_linktype(ETHERTYPE_IP); 3110 hostmask = ~netmask; 3111 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3112 b2 = gen_mcmp_nl(16, BPF_W, 3113 (bpf_int32)(~0 & hostmask), hostmask); 3114 gen_or(b1, b2); 3115 gen_and(b0, b2); 3116 return b2; 3117 } 3118 bpf_error("only ether/ip broadcast filters supported"); 3119 } 3120 3121 struct block * 3122 gen_multicast(proto) 3123 int proto; 3124 { 3125 struct block *b0, *b1; 3126 struct slist *s; 3127 3128 switch (proto) { 3129 3130 case Q_DEFAULT: 3131 case Q_LINK: 3132 if (linktype == DLT_EN10MB) { 3133 /* ether[0] & 1 != 0 */ 3134 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3135 s->s.k = 0; 3136 b0 = new_block(JMP(BPF_JSET)); 3137 b0->s.k = 1; 3138 b0->stmts = s; 3139 return b0; 3140 } 3141 3142 if (linktype == DLT_FDDI) { 3143 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3144 /* fddi[1] & 1 != 0 */ 3145 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3146 s->s.k = 1; 3147 b0 = new_block(JMP(BPF_JSET)); 3148 b0->s.k = 1; 3149 b0->stmts = s; 3150 return b0; 3151 } 3152 /* Link not known to support multicasts */ 3153 break; 3154 3155 case Q_IP: 3156 b0 = gen_linktype(ETHERTYPE_IP); 3157 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3158 b1->s.code = JMP(BPF_JGE); 3159 gen_and(b0, b1); 3160 return b1; 3161 3162 #ifdef INET6 3163 case Q_IPV6: 3164 b0 = gen_linktype(ETHERTYPE_IPV6); 3165 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3166 gen_and(b0, b1); 3167 return b1; 3168 #endif /* INET6 */ 3169 } 3170 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3171 } 3172 3173 /* 3174 * generate command for inbound/outbound. It's here so we can 3175 * make it link-type specific. 'dir' = 0 implies "inbound", 3176 * = 1 implies "outbound". 3177 */ 3178 struct block * 3179 gen_inbound(dir) 3180 int dir; 3181 { 3182 struct block *b0; 3183 3184 /* 3185 * Only SLIP and old-style PPP data link types support 3186 * inbound/outbound qualifiers. 3187 */ 3188 switch (linktype) { 3189 case DLT_SLIP: 3190 case DLT_PPP: 3191 b0 = gen_relation(BPF_JEQ, 3192 gen_load(Q_LINK, gen_loadi(0), 1), 3193 gen_loadi(0), 3194 dir); 3195 break; 3196 3197 case DLT_PFLOG: 3198 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3199 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3200 break; 3201 3202 default: 3203 bpf_error("inbound/outbound not supported on linktype 0x%x", 3204 linktype); 3205 /* NOTREACHED */ 3206 } 3207 3208 return (b0); 3209 } 3210 3211 3212 /* PF firewall log matched interface */ 3213 struct block * 3214 gen_pf_ifname(char *ifname) 3215 { 3216 struct block *b0; 3217 u_int len, off; 3218 3219 if (linktype == DLT_PFLOG) { 3220 len = sizeof(((struct pfloghdr *)0)->ifname); 3221 off = offsetof(struct pfloghdr, ifname); 3222 } else { 3223 bpf_error("ifname not supported on linktype 0x%x", linktype); 3224 /* NOTREACHED */ 3225 } 3226 if (strlen(ifname) >= len) { 3227 bpf_error("ifname interface names can only be %d characters", 3228 len - 1); 3229 /* NOTREACHED */ 3230 } 3231 b0 = gen_bcmp(off, strlen(ifname), ifname); 3232 return (b0); 3233 } 3234 3235 3236 /* PF firewall log ruleset name */ 3237 struct block * 3238 gen_pf_ruleset(char *ruleset) 3239 { 3240 struct block *b0; 3241 3242 if (linktype != DLT_PFLOG) { 3243 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3244 /* NOTREACHED */ 3245 } 3246 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3247 bpf_error("ruleset names can only be %zu characters", 3248 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3249 /* NOTREACHED */ 3250 } 3251 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3252 strlen(ruleset), ruleset); 3253 return (b0); 3254 } 3255 3256 3257 /* PF firewall log rule number */ 3258 struct block * 3259 gen_pf_rnr(int rnr) 3260 { 3261 struct block *b0; 3262 3263 if (linktype == DLT_PFLOG) { 3264 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3265 (bpf_int32)rnr); 3266 } else { 3267 bpf_error("rnr not supported on linktype 0x%x", linktype); 3268 /* NOTREACHED */ 3269 } 3270 3271 return (b0); 3272 } 3273 3274 3275 /* PF firewall log sub-rule number */ 3276 struct block * 3277 gen_pf_srnr(int srnr) 3278 { 3279 struct block *b0; 3280 3281 if (linktype != DLT_PFLOG) { 3282 bpf_error("srnr not supported on linktype 0x%x", linktype); 3283 /* NOTREACHED */ 3284 } 3285 3286 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3287 (bpf_int32)srnr); 3288 return (b0); 3289 } 3290 3291 /* PF firewall log reason code */ 3292 struct block * 3293 gen_pf_reason(int reason) 3294 { 3295 struct block *b0; 3296 3297 if (linktype == DLT_PFLOG) { 3298 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3299 (bpf_int32)reason); 3300 } else { 3301 bpf_error("reason not supported on linktype 0x%x", linktype); 3302 /* NOTREACHED */ 3303 } 3304 3305 return (b0); 3306 } 3307 3308 /* PF firewall log action */ 3309 struct block * 3310 gen_pf_action(int action) 3311 { 3312 struct block *b0; 3313 3314 if (linktype == DLT_PFLOG) { 3315 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3316 (bpf_int32)action); 3317 } else { 3318 bpf_error("action not supported on linktype 0x%x", linktype); 3319 /* NOTREACHED */ 3320 } 3321 3322 return (b0); 3323 } 3324 3325 /* IEEE 802.11 wireless header */ 3326 struct block * 3327 gen_p80211_type(int type, int mask) 3328 { 3329 struct block *b0; 3330 u_int offset; 3331 3332 if (!(linktype == DLT_IEEE802_11 || 3333 linktype == DLT_IEEE802_11_RADIO)) { 3334 bpf_error("type not supported on linktype 0x%x", 3335 linktype); 3336 /* NOTREACHED */ 3337 } 3338 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3339 if (linktype == DLT_IEEE802_11_RADIO) 3340 offset += IEEE80211_RADIOTAP_HDRLEN; 3341 3342 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3343 3344 return (b0); 3345 } 3346 3347 static struct block * 3348 gen_ahostop(eaddr, dir) 3349 const u_char *eaddr; 3350 int dir; 3351 { 3352 struct block *b0, *b1; 3353 3354 switch (dir) { 3355 /* src comes first, different from Ethernet */ 3356 case Q_SRC: 3357 return gen_bcmp(0, 1, eaddr); 3358 3359 case Q_DST: 3360 return gen_bcmp(1, 1, eaddr); 3361 3362 case Q_AND: 3363 b0 = gen_ahostop(eaddr, Q_SRC); 3364 b1 = gen_ahostop(eaddr, Q_DST); 3365 gen_and(b0, b1); 3366 return b1; 3367 3368 case Q_DEFAULT: 3369 case Q_OR: 3370 b0 = gen_ahostop(eaddr, Q_SRC); 3371 b1 = gen_ahostop(eaddr, Q_DST); 3372 gen_or(b0, b1); 3373 return b1; 3374 } 3375 abort(); 3376 /* NOTREACHED */ 3377 } 3378 3379 struct block * 3380 gen_acode(eaddr, q) 3381 const u_char *eaddr; 3382 struct qual q; 3383 { 3384 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3385 if (linktype == DLT_ARCNET) 3386 return gen_ahostop(eaddr, (int)q.dir); 3387 } 3388 bpf_error("ARCnet address used in non-arc expression"); 3389 /* NOTREACHED */ 3390 } 3391 3392 struct block * 3393 gen_mpls(label) 3394 int label; 3395 { 3396 struct block *b0; 3397 3398 if (label > MPLS_LABEL_MAX) 3399 bpf_error("invalid MPLS label : %d", label); 3400 3401 if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */ 3402 b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1); 3403 else 3404 b0 = gen_linktype(ETHERTYPE_MPLS); 3405 3406 if (label >= 0) { 3407 struct block *b1; 3408 3409 b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12), 3410 MPLS_LABEL_MASK); 3411 gen_and(b0, b1); 3412 b0 = b1; 3413 } 3414 off_nl += 4; 3415 off_linktype += 4; 3416 mpls_stack++; 3417 return (b0); 3418 } 3419 3420 /* 3421 * support IEEE 802.1Q VLAN trunk over ethernet 3422 */ 3423 struct block * 3424 gen_vlan(vlan_num) 3425 int vlan_num; 3426 { 3427 struct block *b0; 3428 3429 if (variable_nl) { 3430 bpf_error("'vlan' not supported for variable DLTs"); 3431 /*NOTREACHED*/ 3432 } 3433 3434 if (vlan_num > 4095) { 3435 bpf_error("invalid VLAN number : %d", vlan_num); 3436 /*NOTREACHED*/ 3437 } 3438 3439 /* 3440 * Change the offsets to point to the type and data fields within 3441 * the VLAN packet. This is somewhat of a kludge. 3442 */ 3443 if (orig_nl == (u_int)-1) { 3444 orig_linktype = off_linktype; /* save original values */ 3445 orig_nl = off_nl; 3446 orig_nl_nosnap = off_nl_nosnap; 3447 3448 switch (linktype) { 3449 3450 case DLT_EN10MB: 3451 off_linktype = 16; 3452 off_nl_nosnap = 18; 3453 off_nl = 18; 3454 break; 3455 3456 default: 3457 bpf_error("no VLAN support for data link type %d", 3458 linktype); 3459 /*NOTREACHED*/ 3460 } 3461 } 3462 3463 /* check for VLAN */ 3464 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3465 3466 /* If a specific VLAN is requested, check VLAN id */ 3467 if (vlan_num >= 0) { 3468 struct block *b1; 3469 3470 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF); 3471 gen_and(b0, b1); 3472 b0 = b1; 3473 } 3474 3475 return (b0); 3476 } 3477 3478 struct block * 3479 gen_sample(int rate) 3480 { 3481 struct block *b0; 3482 long long threshold = 0x100000000LL; /* 0xffffffff + 1 */ 3483 3484 if (rate < 2) { 3485 bpf_error("sample %d is too low", rate); 3486 /*NOTREACHED*/ 3487 } 3488 if (rate > (1 << 20)) { 3489 bpf_error("sample %d is too high", rate); 3490 /*NOTREACHED*/ 3491 } 3492 3493 threshold /= rate; 3494 b0 = gen_relation(BPF_JGT, gen_loadrnd(), gen_loadi(threshold), 1); 3495 3496 return (b0); 3497 } 3498 3499 struct block * 3500 gen_p80211_fcdir(int fcdir) 3501 { 3502 struct block *b0; 3503 u_int offset; 3504 3505 if (!(linktype == DLT_IEEE802_11 || 3506 linktype == DLT_IEEE802_11_RADIO)) { 3507 bpf_error("frame direction not supported on linktype 0x%x", 3508 linktype); 3509 /* NOTREACHED */ 3510 } 3511 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3512 if (linktype == DLT_IEEE802_11_RADIO) 3513 offset += IEEE80211_RADIOTAP_HDRLEN; 3514 3515 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3516 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3517 3518 return (b0); 3519 } 3520 3521 static struct block * 3522 gen_p80211_hostop(const u_char *lladdr, int dir) 3523 { 3524 struct block *b0, *b1, *b2, *b3, *b4; 3525 u_int offset = 0; 3526 3527 if (linktype == DLT_IEEE802_11_RADIO) 3528 offset = IEEE80211_RADIOTAP_HDRLEN; 3529 3530 switch (dir) { 3531 case Q_SRC: 3532 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3533 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3534 lladdr); 3535 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3536 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3537 lladdr); 3538 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3539 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3540 lladdr); 3541 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3542 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3543 lladdr); 3544 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3545 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3546 lladdr); 3547 3548 gen_or(b0, b1); 3549 gen_or(b1, b2); 3550 gen_or(b2, b3); 3551 gen_or(b3, b4); 3552 return (b4); 3553 3554 case Q_DST: 3555 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3556 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3557 lladdr); 3558 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3559 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3560 lladdr); 3561 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3562 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3563 lladdr); 3564 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3565 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3566 lladdr); 3567 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3568 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3569 lladdr); 3570 3571 gen_or(b0, b1); 3572 gen_or(b1, b2); 3573 gen_or(b2, b3); 3574 gen_or(b3, b4); 3575 return (b4); 3576 3577 case Q_ADDR1: 3578 return (gen_bcmp(offset + 3579 (u_int)offsetof(struct ieee80211_frame, 3580 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3581 3582 case Q_ADDR2: 3583 return (gen_bcmp(offset + 3584 (u_int)offsetof(struct ieee80211_frame, 3585 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3586 3587 case Q_ADDR3: 3588 return (gen_bcmp(offset + 3589 (u_int)offsetof(struct ieee80211_frame, 3590 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3591 3592 case Q_ADDR4: 3593 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3594 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3595 lladdr)); 3596 3597 case Q_AND: 3598 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3599 b1 = gen_p80211_hostop(lladdr, Q_DST); 3600 gen_and(b0, b1); 3601 return (b1); 3602 3603 case Q_DEFAULT: 3604 case Q_OR: 3605 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3606 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3607 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3608 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3609 gen_or(b0, b1); 3610 gen_or(b1, b2); 3611 gen_or(b2, b3); 3612 return (b3); 3613 3614 default: 3615 bpf_error("direction not supported on linktype 0x%x", 3616 linktype); 3617 } 3618 /* NOTREACHED */ 3619 } 3620 3621 static struct block * 3622 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3623 { 3624 struct block *b0, *b1; 3625 3626 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3627 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3628 gen_and(b0, b1); 3629 3630 return (b1); 3631 } 3632