1 /* $OpenBSD: gencode.c,v 1.13 2001/06/25 23:03:32 provos Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 #ifndef lint 24 static const char rcsid[] = 25 "@(#) $Header: /home/cvs/src/lib/libpcap/gencode.c,v 1.13 2001/06/25 23:03:32 provos Exp $ (LBL)"; 26 #endif 27 28 #include <sys/types.h> 29 #include <sys/socket.h> 30 #include <sys/time.h> 31 32 #ifdef __STDC__ 33 struct mbuf; 34 struct rtentry; 35 #endif 36 37 #include <net/if.h> 38 39 #include <netinet/in.h> 40 #include <netinet/if_ether.h> 41 #include <netinet/if_arc.h> 42 43 #include <stdlib.h> 44 #include <memory.h> 45 #include <setjmp.h> 46 #ifdef __STDC__ 47 #include <stdarg.h> 48 #else 49 #include <varargs.h> 50 #endif 51 52 #include "pcap-int.h" 53 54 #include "ethertype.h" 55 #include "gencode.h" 56 #include "ppp.h" 57 #include <pcap-namedb.h> 58 #ifdef INET6 59 #include <netdb.h> 60 #include <sys/socket.h> 61 #endif /*INET6*/ 62 63 #ifdef HAVE_OS_PROTO_H 64 #include "os-proto.h" 65 #endif 66 67 #define JMP(c) ((c)|BPF_JMP|BPF_K) 68 69 /* Locals */ 70 static jmp_buf top_ctx; 71 static pcap_t *bpf_pcap; 72 73 /* XXX */ 74 #ifdef PCAP_FDDIPAD 75 int pcap_fddipad = PCAP_FDDIPAD; 76 #else 77 int pcap_fddipad; 78 #endif 79 80 /* VARARGS */ 81 __dead void 82 #ifdef __STDC__ 83 bpf_error(const char *fmt, ...) 84 #else 85 bpf_error(fmt, va_alist) 86 const char *fmt; 87 va_dcl 88 #endif 89 { 90 va_list ap; 91 92 #ifdef __STDC__ 93 va_start(ap, fmt); 94 #else 95 va_start(ap); 96 #endif 97 if (bpf_pcap != NULL) 98 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 99 fmt, ap); 100 va_end(ap); 101 longjmp(top_ctx, 1); 102 /* NOTREACHED */ 103 } 104 105 static void init_linktype(int); 106 107 static int alloc_reg(void); 108 static void free_reg(int); 109 110 static struct block *root; 111 112 /* 113 * We divy out chunks of memory rather than call malloc each time so 114 * we don't have to worry about leaking memory. It's probably 115 * not a big deal if all this memory was wasted but it this ever 116 * goes into a library that would probably not be a good idea. 117 */ 118 #define NCHUNKS 16 119 #define CHUNK0SIZE 1024 120 struct chunk { 121 u_int n_left; 122 void *m; 123 }; 124 125 static struct chunk chunks[NCHUNKS]; 126 static int cur_chunk; 127 128 static void *newchunk(u_int); 129 static void freechunks(void); 130 static __inline struct block *new_block(int); 131 static __inline struct slist *new_stmt(int); 132 static struct block *gen_retblk(int); 133 static __inline void syntax(void); 134 135 static void backpatch(struct block *, struct block *); 136 static void merge(struct block *, struct block *); 137 static struct block *gen_cmp(u_int, u_int, bpf_int32); 138 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 139 static struct block *gen_bcmp(u_int, u_int, const u_char *); 140 static struct block *gen_uncond(int); 141 static __inline struct block *gen_true(void); 142 static __inline struct block *gen_false(void); 143 static struct block *gen_linktype(int); 144 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 145 #ifdef INET6 146 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 147 #endif 148 static struct block *gen_ahostop(const u_char *, int); 149 static struct block *gen_ehostop(const u_char *, int); 150 static struct block *gen_fhostop(const u_char *, int); 151 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 152 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 153 #ifdef INET6 154 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 155 #endif 156 #ifndef INET6 157 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 158 #endif 159 static struct block *gen_ipfrag(void); 160 static struct block *gen_portatom(int, bpf_int32); 161 #ifdef INET6 162 static struct block *gen_portatom6(int, bpf_int32); 163 #endif 164 struct block *gen_portop(int, int, int); 165 static struct block *gen_port(int, int, int); 166 #ifdef INET6 167 struct block *gen_portop6(int, int, int); 168 static struct block *gen_port6(int, int, int); 169 #endif 170 static int lookup_proto(const char *, int); 171 static struct block *gen_protochain(int, int, int); 172 static struct block *gen_proto(int, int, int); 173 static struct slist *xfer_to_x(struct arth *); 174 static struct slist *xfer_to_a(struct arth *); 175 static struct block *gen_len(int, int); 176 177 static void * 178 newchunk(n) 179 u_int n; 180 { 181 struct chunk *cp; 182 int k, size; 183 184 /* XXX Round to structure boundary. */ 185 n = ALIGN(n); 186 187 cp = &chunks[cur_chunk]; 188 if (n > cp->n_left) { 189 ++cp, k = ++cur_chunk; 190 if (k >= NCHUNKS) 191 bpf_error("out of memory"); 192 size = CHUNK0SIZE << k; 193 cp->m = (void *)malloc(size); 194 memset((char *)cp->m, 0, size); 195 cp->n_left = size; 196 if (n > size) 197 bpf_error("out of memory"); 198 } 199 cp->n_left -= n; 200 return (void *)((char *)cp->m + cp->n_left); 201 } 202 203 static void 204 freechunks() 205 { 206 int i; 207 208 cur_chunk = 0; 209 for (i = 0; i < NCHUNKS; ++i) 210 if (chunks[i].m != NULL) { 211 free(chunks[i].m); 212 chunks[i].m = NULL; 213 } 214 } 215 216 /* 217 * A strdup whose allocations are freed after code generation is over. 218 */ 219 char * 220 sdup(s) 221 register const char *s; 222 { 223 int n = strlen(s) + 1; 224 char *cp = newchunk(n); 225 226 strlcpy(cp, s, n); 227 return (cp); 228 } 229 230 static __inline struct block * 231 new_block(code) 232 int code; 233 { 234 struct block *p; 235 236 p = (struct block *)newchunk(sizeof(*p)); 237 p->s.code = code; 238 p->head = p; 239 240 return p; 241 } 242 243 static __inline struct slist * 244 new_stmt(code) 245 int code; 246 { 247 struct slist *p; 248 249 p = (struct slist *)newchunk(sizeof(*p)); 250 p->s.code = code; 251 252 return p; 253 } 254 255 static struct block * 256 gen_retblk(v) 257 int v; 258 { 259 struct block *b = new_block(BPF_RET|BPF_K); 260 261 b->s.k = v; 262 return b; 263 } 264 265 static __inline void 266 syntax() 267 { 268 bpf_error("syntax error in filter expression"); 269 } 270 271 static bpf_u_int32 netmask; 272 static int snaplen; 273 int no_optimize; 274 275 int 276 pcap_compile(pcap_t *p, struct bpf_program *program, 277 char *buf, int optimize, bpf_u_int32 mask) 278 { 279 extern int n_errors; 280 int len; 281 282 no_optimize = 0; 283 n_errors = 0; 284 root = NULL; 285 bpf_pcap = p; 286 if (setjmp(top_ctx)) { 287 freechunks(); 288 return (-1); 289 } 290 291 netmask = mask; 292 snaplen = pcap_snapshot(p); 293 294 lex_init(buf ? buf : ""); 295 init_linktype(pcap_datalink(p)); 296 (void)pcap_parse(); 297 298 if (n_errors) 299 syntax(); 300 301 if (root == NULL) 302 root = gen_retblk(snaplen); 303 304 if (optimize && !no_optimize) { 305 bpf_optimize(&root); 306 if (root == NULL || 307 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 308 bpf_error("expression rejects all packets"); 309 } 310 program->bf_insns = icode_to_fcode(root, &len); 311 program->bf_len = len; 312 313 freechunks(); 314 return (0); 315 } 316 317 /* 318 * entry point for using the compiler with no pcap open 319 * pass in all the stuff that is needed explicitly instead. 320 */ 321 int 322 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 323 struct bpf_program *program, 324 char *buf, int optimize, bpf_u_int32 mask) 325 { 326 extern int n_errors; 327 int len; 328 329 n_errors = 0; 330 root = NULL; 331 bpf_pcap = NULL; 332 if (setjmp(top_ctx)) { 333 freechunks(); 334 return (-1); 335 } 336 337 netmask = mask; 338 339 /* XXX needed? I don't grok the use of globals here. */ 340 snaplen = snaplen_arg; 341 342 lex_init(buf ? buf : ""); 343 init_linktype(linktype_arg); 344 (void)pcap_parse(); 345 346 if (n_errors) 347 syntax(); 348 349 if (root == NULL) 350 root = gen_retblk(snaplen_arg); 351 352 if (optimize) { 353 bpf_optimize(&root); 354 if (root == NULL || 355 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 356 bpf_error("expression rejects all packets"); 357 } 358 program->bf_insns = icode_to_fcode(root, &len); 359 program->bf_len = len; 360 361 freechunks(); 362 return (0); 363 } 364 365 /* 366 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 367 * which of the jt and jf fields has been resolved and which is a pointer 368 * back to another unresolved block (or nil). At least one of the fields 369 * in each block is already resolved. 370 */ 371 static void 372 backpatch(list, target) 373 struct block *list, *target; 374 { 375 struct block *next; 376 377 while (list) { 378 if (!list->sense) { 379 next = JT(list); 380 JT(list) = target; 381 } else { 382 next = JF(list); 383 JF(list) = target; 384 } 385 list = next; 386 } 387 } 388 389 /* 390 * Merge the lists in b0 and b1, using the 'sense' field to indicate 391 * which of jt and jf is the link. 392 */ 393 static void 394 merge(b0, b1) 395 struct block *b0, *b1; 396 { 397 register struct block **p = &b0; 398 399 /* Find end of list. */ 400 while (*p) 401 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 402 403 /* Concatenate the lists. */ 404 *p = b1; 405 } 406 407 void 408 finish_parse(p) 409 struct block *p; 410 { 411 backpatch(p, gen_retblk(snaplen)); 412 p->sense = !p->sense; 413 backpatch(p, gen_retblk(0)); 414 root = p->head; 415 } 416 417 void 418 gen_and(b0, b1) 419 struct block *b0, *b1; 420 { 421 backpatch(b0, b1->head); 422 b0->sense = !b0->sense; 423 b1->sense = !b1->sense; 424 merge(b1, b0); 425 b1->sense = !b1->sense; 426 b1->head = b0->head; 427 } 428 429 void 430 gen_or(b0, b1) 431 struct block *b0, *b1; 432 { 433 b0->sense = !b0->sense; 434 backpatch(b0, b1->head); 435 b0->sense = !b0->sense; 436 merge(b1, b0); 437 b1->head = b0->head; 438 } 439 440 void 441 gen_not(b) 442 struct block *b; 443 { 444 b->sense = !b->sense; 445 } 446 447 static struct block * 448 gen_cmp(offset, size, v) 449 u_int offset, size; 450 bpf_int32 v; 451 { 452 struct slist *s; 453 struct block *b; 454 455 s = new_stmt(BPF_LD|BPF_ABS|size); 456 s->s.k = offset; 457 458 b = new_block(JMP(BPF_JEQ)); 459 b->stmts = s; 460 b->s.k = v; 461 462 return b; 463 } 464 465 static struct block * 466 gen_mcmp(offset, size, v, mask) 467 u_int offset, size; 468 bpf_int32 v; 469 bpf_u_int32 mask; 470 { 471 struct block *b = gen_cmp(offset, size, v); 472 struct slist *s; 473 474 if (mask != 0xffffffff) { 475 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 476 s->s.k = mask; 477 b->stmts->next = s; 478 } 479 return b; 480 } 481 482 static struct block * 483 gen_bcmp(offset, size, v) 484 register u_int offset, size; 485 register const u_char *v; 486 { 487 register struct block *b, *tmp; 488 489 b = NULL; 490 while (size >= 4) { 491 register const u_char *p = &v[size - 4]; 492 bpf_int32 w = ((bpf_int32)p[0] << 24) | 493 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 494 495 tmp = gen_cmp(offset + size - 4, BPF_W, w); 496 if (b != NULL) 497 gen_and(b, tmp); 498 b = tmp; 499 size -= 4; 500 } 501 while (size >= 2) { 502 register const u_char *p = &v[size - 2]; 503 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 504 505 tmp = gen_cmp(offset + size - 2, BPF_H, w); 506 if (b != NULL) 507 gen_and(b, tmp); 508 b = tmp; 509 size -= 2; 510 } 511 if (size > 0) { 512 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 513 if (b != NULL) 514 gen_and(b, tmp); 515 b = tmp; 516 } 517 return b; 518 } 519 520 /* 521 * Various code constructs need to know the layout of the data link 522 * layer. These variables give the necessary offsets. off_linktype 523 * is set to -1 for no encapsulation, in which case, IP is assumed. 524 */ 525 static u_int off_linktype; 526 static u_int off_nl; 527 static int linktype; 528 529 static void 530 init_linktype(type) 531 int type; 532 { 533 linktype = type; 534 535 switch (type) { 536 537 case DLT_ARCNET: 538 off_linktype = 2; 539 off_nl = 6; /* XXX in reality, variable! */ 540 return; 541 542 case DLT_EN10MB: 543 off_linktype = 12; 544 off_nl = 14; 545 return; 546 547 case DLT_SLIP: 548 /* 549 * SLIP doesn't have a link level type. The 16 byte 550 * header is hacked into our SLIP driver. 551 */ 552 off_linktype = -1; 553 off_nl = 16; 554 return; 555 556 case DLT_SLIP_BSDOS: 557 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 558 off_linktype = -1; 559 /* XXX end */ 560 off_nl = 24; 561 return; 562 563 case DLT_NULL: 564 off_linktype = 0; 565 off_nl = 4; 566 return; 567 568 case DLT_PPP: 569 off_linktype = 2; 570 off_nl = 4; 571 return; 572 573 case DLT_PPP_BSDOS: 574 off_linktype = 5; 575 off_nl = 24; 576 return; 577 578 case DLT_FDDI: 579 /* 580 * FDDI doesn't really have a link-level type field. 581 * We assume that SSAP = SNAP is being used and pick 582 * out the encapsulated Ethernet type. 583 */ 584 off_linktype = 19; 585 #ifdef PCAP_FDDIPAD 586 off_linktype += pcap_fddipad; 587 #endif 588 off_nl = 21; 589 #ifdef PCAP_FDDIPAD 590 off_nl += pcap_fddipad; 591 #endif 592 return; 593 594 case DLT_IEEE802: 595 off_linktype = 20; 596 off_nl = 22; 597 return; 598 599 case DLT_ATM_RFC1483: 600 /* 601 * assume routed, non-ISO PDUs 602 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 603 */ 604 off_linktype = 6; 605 off_nl = 8; 606 return; 607 608 case DLT_LOOP: 609 off_linktype = -1; 610 off_nl = 4; 611 return; 612 613 case DLT_ENC: 614 off_linktype = -1; 615 off_nl = 12; 616 return; 617 618 case DLT_PFLOG: 619 off_linktype = -1; 620 off_nl = 28; 621 return; 622 623 case DLT_RAW: 624 off_linktype = -1; 625 off_nl = 0; 626 return; 627 } 628 bpf_error("unknown data link type 0x%x", linktype); 629 /* NOTREACHED */ 630 } 631 632 static struct block * 633 gen_uncond(rsense) 634 int rsense; 635 { 636 struct block *b; 637 struct slist *s; 638 639 s = new_stmt(BPF_LD|BPF_IMM); 640 s->s.k = !rsense; 641 b = new_block(JMP(BPF_JEQ)); 642 b->stmts = s; 643 644 return b; 645 } 646 647 static __inline struct block * 648 gen_true() 649 { 650 return gen_uncond(1); 651 } 652 653 static __inline struct block * 654 gen_false() 655 { 656 return gen_uncond(0); 657 } 658 659 static struct block * 660 gen_linktype(proto) 661 register int proto; 662 { 663 struct block *b0, *b1; 664 665 /* If we're not using encapsulation and checking for IP, we're done */ 666 if (off_linktype == -1 && proto == ETHERTYPE_IP) 667 return gen_true(); 668 #ifdef INET6 669 /* this isn't the right thing to do, but sometimes necessary */ 670 if (off_linktype == -1 && proto == ETHERTYPE_IPV6) 671 return gen_true(); 672 #endif 673 674 switch (linktype) { 675 676 case DLT_SLIP: 677 return gen_false(); 678 679 case DLT_PPP: 680 if (proto == ETHERTYPE_IP) 681 proto = PPP_IP; /* XXX was 0x21 */ 682 #ifdef INET6 683 else if (proto == ETHERTYPE_IPV6) 684 proto = PPP_IPV6; 685 #endif 686 break; 687 688 case DLT_PPP_BSDOS: 689 switch (proto) { 690 691 case ETHERTYPE_IP: 692 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 693 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 694 gen_or(b0, b1); 695 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 696 gen_or(b1, b0); 697 return b0; 698 699 #ifdef INET6 700 case ETHERTYPE_IPV6: 701 proto = PPP_IPV6; 702 /* more to go? */ 703 break; 704 #endif /* INET6 */ 705 706 case ETHERTYPE_DN: 707 proto = PPP_DECNET; 708 break; 709 710 case ETHERTYPE_ATALK: 711 proto = PPP_APPLE; 712 break; 713 714 case ETHERTYPE_NS: 715 proto = PPP_NS; 716 break; 717 } 718 break; 719 720 case DLT_LOOP: 721 case DLT_ENC: 722 case DLT_PFLOG: 723 case DLT_NULL: 724 /* XXX */ 725 if (proto == ETHERTYPE_IP) 726 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 727 #ifdef INET6 728 else if (proto == ETHERTYPE_IPV6) 729 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 730 #endif /* INET6 */ 731 else 732 return gen_false(); 733 break; 734 case DLT_ARCNET: 735 /* 736 * XXX should we check for first fragment if the protocol 737 * uses PHDS? 738 */ 739 switch(proto) { 740 default: 741 return gen_false(); 742 #ifdef INET6 743 case ETHERTYPE_IPV6: 744 return(gen_cmp(2, BPF_B, 745 (bpf_int32)htonl(ARCTYPE_INET6))); 746 #endif /* INET6 */ 747 case ETHERTYPE_IP: 748 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_IP)); 749 b1 = gen_cmp(2, BPF_B, 750 (bpf_int32)htonl(ARCTYPE_IP_OLD)); 751 gen_or(b0, b1); 752 return(b1); 753 case ETHERTYPE_ARP: 754 b0 = gen_cmp(2, BPF_B, (bpf_int32)htonl(ARCTYPE_ARP)); 755 b1 = gen_cmp(2, BPF_B, 756 (bpf_int32)htonl(ARCTYPE_ARP_OLD)); 757 gen_or(b0, b1); 758 return(b1); 759 case ETHERTYPE_REVARP: 760 return(gen_cmp(2, BPF_B, 761 (bpf_int32)htonl(ARCTYPE_REVARP))); 762 case ETHERTYPE_ATALK: 763 return(gen_cmp(2, BPF_B, 764 (bpf_int32)htonl(ARCTYPE_ATALK))); 765 } 766 } 767 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 768 } 769 770 static struct block * 771 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 772 bpf_u_int32 addr; 773 bpf_u_int32 mask; 774 int dir, proto; 775 u_int src_off, dst_off; 776 { 777 struct block *b0, *b1; 778 u_int offset; 779 780 switch (dir) { 781 782 case Q_SRC: 783 offset = src_off; 784 break; 785 786 case Q_DST: 787 offset = dst_off; 788 break; 789 790 case Q_AND: 791 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 792 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 793 gen_and(b0, b1); 794 return b1; 795 796 case Q_OR: 797 case Q_DEFAULT: 798 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 799 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 800 gen_or(b0, b1); 801 return b1; 802 803 default: 804 abort(); 805 } 806 b0 = gen_linktype(proto); 807 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 808 gen_and(b0, b1); 809 return b1; 810 } 811 812 #ifdef INET6 813 static struct block * 814 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 815 struct in6_addr *addr; 816 struct in6_addr *mask; 817 int dir, proto; 818 u_int src_off, dst_off; 819 { 820 struct block *b0, *b1; 821 u_int offset; 822 u_int32_t *a, *m; 823 824 switch (dir) { 825 826 case Q_SRC: 827 offset = src_off; 828 break; 829 830 case Q_DST: 831 offset = dst_off; 832 break; 833 834 case Q_AND: 835 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 836 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 837 gen_and(b0, b1); 838 return b1; 839 840 case Q_OR: 841 case Q_DEFAULT: 842 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 843 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 844 gen_or(b0, b1); 845 return b1; 846 847 default: 848 abort(); 849 } 850 /* this order is important */ 851 a = (u_int32_t *)addr; 852 m = (u_int32_t *)mask; 853 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 854 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 855 gen_and(b0, b1); 856 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 857 gen_and(b0, b1); 858 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 859 gen_and(b0, b1); 860 b0 = gen_linktype(proto); 861 gen_and(b0, b1); 862 return b1; 863 } 864 #endif /*INET6*/ 865 866 static struct block * 867 gen_ehostop(eaddr, dir) 868 register const u_char *eaddr; 869 register int dir; 870 { 871 struct block *b0, *b1; 872 873 switch (dir) { 874 case Q_SRC: 875 return gen_bcmp(6, 6, eaddr); 876 877 case Q_DST: 878 return gen_bcmp(0, 6, eaddr); 879 880 case Q_AND: 881 b0 = gen_ehostop(eaddr, Q_SRC); 882 b1 = gen_ehostop(eaddr, Q_DST); 883 gen_and(b0, b1); 884 return b1; 885 886 case Q_DEFAULT: 887 case Q_OR: 888 b0 = gen_ehostop(eaddr, Q_SRC); 889 b1 = gen_ehostop(eaddr, Q_DST); 890 gen_or(b0, b1); 891 return b1; 892 } 893 abort(); 894 /* NOTREACHED */ 895 } 896 897 /* 898 * Like gen_ehostop, but for DLT_FDDI 899 */ 900 static struct block * 901 gen_fhostop(eaddr, dir) 902 register const u_char *eaddr; 903 register int dir; 904 { 905 struct block *b0, *b1; 906 907 switch (dir) { 908 case Q_SRC: 909 #ifdef PCAP_FDDIPAD 910 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 911 #else 912 return gen_bcmp(6 + 1, 6, eaddr); 913 #endif 914 915 case Q_DST: 916 #ifdef PCAP_FDDIPAD 917 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 918 #else 919 return gen_bcmp(0 + 1, 6, eaddr); 920 #endif 921 922 case Q_AND: 923 b0 = gen_fhostop(eaddr, Q_SRC); 924 b1 = gen_fhostop(eaddr, Q_DST); 925 gen_and(b0, b1); 926 return b1; 927 928 case Q_DEFAULT: 929 case Q_OR: 930 b0 = gen_fhostop(eaddr, Q_SRC); 931 b1 = gen_fhostop(eaddr, Q_DST); 932 gen_or(b0, b1); 933 return b1; 934 } 935 abort(); 936 /* NOTREACHED */ 937 } 938 939 /* 940 * This is quite tricky because there may be pad bytes in front of the 941 * DECNET header, and then there are two possible data packet formats that 942 * carry both src and dst addresses, plus 5 packet types in a format that 943 * carries only the src node, plus 2 types that use a different format and 944 * also carry just the src node. 945 * 946 * Yuck. 947 * 948 * Instead of doing those all right, we just look for data packets with 949 * 0 or 1 bytes of padding. If you want to look at other packets, that 950 * will require a lot more hacking. 951 * 952 * To add support for filtering on DECNET "areas" (network numbers) 953 * one would want to add a "mask" argument to this routine. That would 954 * make the filter even more inefficient, although one could be clever 955 * and not generate masking instructions if the mask is 0xFFFF. 956 */ 957 static struct block * 958 gen_dnhostop(addr, dir, base_off) 959 bpf_u_int32 addr; 960 int dir; 961 u_int base_off; 962 { 963 struct block *b0, *b1, *b2, *tmp; 964 u_int offset_lh; /* offset if long header is received */ 965 u_int offset_sh; /* offset if short header is received */ 966 967 switch (dir) { 968 969 case Q_DST: 970 offset_sh = 1; /* follows flags */ 971 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 972 break; 973 974 case Q_SRC: 975 offset_sh = 3; /* follows flags, dstnode */ 976 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 977 break; 978 979 case Q_AND: 980 /* Inefficient because we do our Calvinball dance twice */ 981 b0 = gen_dnhostop(addr, Q_SRC, base_off); 982 b1 = gen_dnhostop(addr, Q_DST, base_off); 983 gen_and(b0, b1); 984 return b1; 985 986 case Q_OR: 987 case Q_DEFAULT: 988 /* Inefficient because we do our Calvinball dance twice */ 989 b0 = gen_dnhostop(addr, Q_SRC, base_off); 990 b1 = gen_dnhostop(addr, Q_DST, base_off); 991 gen_or(b0, b1); 992 return b1; 993 994 default: 995 abort(); 996 } 997 b0 = gen_linktype(ETHERTYPE_DN); 998 /* Check for pad = 1, long header case */ 999 tmp = gen_mcmp(base_off + 2, BPF_H, 1000 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1001 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 1002 BPF_H, (bpf_int32)ntohs(addr)); 1003 gen_and(tmp, b1); 1004 /* Check for pad = 0, long header case */ 1005 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1006 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1007 gen_and(tmp, b2); 1008 gen_or(b2, b1); 1009 /* Check for pad = 1, short header case */ 1010 tmp = gen_mcmp(base_off + 2, BPF_H, 1011 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1012 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 1013 BPF_H, (bpf_int32)ntohs(addr)); 1014 gen_and(tmp, b2); 1015 gen_or(b2, b1); 1016 /* Check for pad = 0, short header case */ 1017 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1018 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1019 gen_and(tmp, b2); 1020 gen_or(b2, b1); 1021 1022 /* Combine with test for linktype */ 1023 gen_and(b0, b1); 1024 return b1; 1025 } 1026 1027 static struct block * 1028 gen_host(addr, mask, proto, dir) 1029 bpf_u_int32 addr; 1030 bpf_u_int32 mask; 1031 int proto; 1032 int dir; 1033 { 1034 struct block *b0, *b1; 1035 1036 switch (proto) { 1037 1038 case Q_DEFAULT: 1039 b0 = gen_host(addr, mask, Q_IP, dir); 1040 b1 = gen_host(addr, mask, Q_ARP, dir); 1041 gen_or(b0, b1); 1042 b0 = gen_host(addr, mask, Q_RARP, dir); 1043 gen_or(b1, b0); 1044 return b0; 1045 1046 case Q_IP: 1047 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1048 off_nl + 12, off_nl + 16); 1049 1050 case Q_RARP: 1051 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1052 off_nl + 14, off_nl + 24); 1053 1054 case Q_ARP: 1055 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1056 off_nl + 14, off_nl + 24); 1057 1058 case Q_TCP: 1059 bpf_error("'tcp' modifier applied to host"); 1060 1061 case Q_UDP: 1062 bpf_error("'udp' modifier applied to host"); 1063 1064 case Q_ICMP: 1065 bpf_error("'icmp' modifier applied to host"); 1066 1067 case Q_IGMP: 1068 bpf_error("'igmp' modifier applied to host"); 1069 1070 case Q_IGRP: 1071 bpf_error("'igrp' modifier applied to host"); 1072 1073 case Q_PIM: 1074 bpf_error("'pim' modifier applied to host"); 1075 1076 case Q_ATALK: 1077 bpf_error("ATALK host filtering not implemented"); 1078 1079 case Q_DECNET: 1080 return gen_dnhostop(addr, dir, off_nl); 1081 1082 case Q_SCA: 1083 bpf_error("SCA host filtering not implemented"); 1084 1085 case Q_LAT: 1086 bpf_error("LAT host filtering not implemented"); 1087 1088 case Q_MOPDL: 1089 bpf_error("MOPDL host filtering not implemented"); 1090 1091 case Q_MOPRC: 1092 bpf_error("MOPRC host filtering not implemented"); 1093 1094 #ifdef INET6 1095 case Q_IPV6: 1096 bpf_error("'ip6' modifier applied to ip host"); 1097 1098 case Q_ICMPV6: 1099 bpf_error("'icmp6' modifier applied to host"); 1100 #endif /* INET6 */ 1101 1102 case Q_AH: 1103 bpf_error("'ah' modifier applied to host"); 1104 1105 case Q_ESP: 1106 bpf_error("'esp' modifier applied to host"); 1107 1108 default: 1109 abort(); 1110 } 1111 /* NOTREACHED */ 1112 } 1113 1114 #ifdef INET6 1115 static struct block * 1116 gen_host6(addr, mask, proto, dir) 1117 struct in6_addr *addr; 1118 struct in6_addr *mask; 1119 int proto; 1120 int dir; 1121 { 1122 switch (proto) { 1123 1124 case Q_DEFAULT: 1125 return gen_host6(addr, mask, Q_IPV6, dir); 1126 1127 case Q_IP: 1128 bpf_error("'ip' modifier applied to ip6 host"); 1129 1130 case Q_RARP: 1131 bpf_error("'rarp' modifier applied to ip6 host"); 1132 1133 case Q_ARP: 1134 bpf_error("'arp' modifier applied to ip6 host"); 1135 1136 case Q_TCP: 1137 bpf_error("'tcp' modifier applied to host"); 1138 1139 case Q_UDP: 1140 bpf_error("'udp' modifier applied to host"); 1141 1142 case Q_ICMP: 1143 bpf_error("'icmp' modifier applied to host"); 1144 1145 case Q_IGMP: 1146 bpf_error("'igmp' modifier applied to host"); 1147 1148 case Q_IGRP: 1149 bpf_error("'igrp' modifier applied to host"); 1150 1151 case Q_PIM: 1152 bpf_error("'pim' modifier applied to host"); 1153 1154 case Q_ATALK: 1155 bpf_error("ATALK host filtering not implemented"); 1156 1157 case Q_DECNET: 1158 bpf_error("'decnet' modifier applied to ip6 host"); 1159 1160 case Q_SCA: 1161 bpf_error("SCA host filtering not implemented"); 1162 1163 case Q_LAT: 1164 bpf_error("LAT host filtering not implemented"); 1165 1166 case Q_MOPDL: 1167 bpf_error("MOPDL host filtering not implemented"); 1168 1169 case Q_MOPRC: 1170 bpf_error("MOPRC host filtering not implemented"); 1171 1172 case Q_IPV6: 1173 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1174 off_nl + 8, off_nl + 24); 1175 1176 case Q_ICMPV6: 1177 bpf_error("'icmp6' modifier applied to host"); 1178 1179 case Q_AH: 1180 bpf_error("'ah' modifier applied to host"); 1181 1182 case Q_ESP: 1183 bpf_error("'esp' modifier applied to host"); 1184 1185 default: 1186 abort(); 1187 } 1188 /* NOTREACHED */ 1189 } 1190 #endif /*INET6*/ 1191 1192 #ifndef INET6 1193 static struct block * 1194 gen_gateway(eaddr, alist, proto, dir) 1195 const u_char *eaddr; 1196 bpf_u_int32 **alist; 1197 int proto; 1198 int dir; 1199 { 1200 struct block *b0, *b1, *tmp; 1201 1202 if (dir != 0) 1203 bpf_error("direction applied to 'gateway'"); 1204 1205 switch (proto) { 1206 case Q_DEFAULT: 1207 case Q_IP: 1208 case Q_ARP: 1209 case Q_RARP: 1210 if (linktype == DLT_EN10MB) 1211 b0 = gen_ehostop(eaddr, Q_OR); 1212 else if (linktype == DLT_FDDI) 1213 b0 = gen_fhostop(eaddr, Q_OR); 1214 else 1215 bpf_error( 1216 "'gateway' supported only on ethernet or FDDI"); 1217 1218 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1219 while (*alist) { 1220 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1221 gen_or(b1, tmp); 1222 b1 = tmp; 1223 } 1224 gen_not(b1); 1225 gen_and(b0, b1); 1226 return b1; 1227 } 1228 bpf_error("illegal modifier of 'gateway'"); 1229 /* NOTREACHED */ 1230 } 1231 #endif /*INET6*/ 1232 1233 struct block * 1234 gen_proto_abbrev(proto) 1235 int proto; 1236 { 1237 struct block *b0 = NULL, *b1; 1238 1239 switch (proto) { 1240 1241 case Q_TCP: 1242 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1243 #ifdef INET6 1244 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1245 gen_or(b0, b1); 1246 #endif 1247 break; 1248 1249 case Q_UDP: 1250 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1251 #ifdef INET6 1252 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1253 gen_or(b0, b1); 1254 #endif 1255 break; 1256 1257 case Q_ICMP: 1258 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1259 break; 1260 1261 #ifndef IPPROTO_IGMP 1262 #define IPPROTO_IGMP 2 1263 #endif 1264 1265 case Q_IGMP: 1266 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1267 break; 1268 1269 #ifndef IPPROTO_IGRP 1270 #define IPPROTO_IGRP 9 1271 #endif 1272 case Q_IGRP: 1273 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1274 break; 1275 1276 #ifndef IPPROTO_PIM 1277 #define IPPROTO_PIM 103 1278 #endif 1279 1280 case Q_PIM: 1281 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1282 #ifdef INET6 1283 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1284 gen_or(b0, b1); 1285 #endif 1286 break; 1287 1288 case Q_IP: 1289 b1 = gen_linktype(ETHERTYPE_IP); 1290 break; 1291 1292 case Q_ARP: 1293 b1 = gen_linktype(ETHERTYPE_ARP); 1294 break; 1295 1296 case Q_RARP: 1297 b1 = gen_linktype(ETHERTYPE_REVARP); 1298 break; 1299 1300 case Q_LINK: 1301 bpf_error("link layer applied in wrong context"); 1302 1303 case Q_ATALK: 1304 b1 = gen_linktype(ETHERTYPE_ATALK); 1305 break; 1306 1307 case Q_DECNET: 1308 b1 = gen_linktype(ETHERTYPE_DN); 1309 break; 1310 1311 case Q_SCA: 1312 b1 = gen_linktype(ETHERTYPE_SCA); 1313 break; 1314 1315 case Q_LAT: 1316 b1 = gen_linktype(ETHERTYPE_LAT); 1317 break; 1318 1319 case Q_MOPDL: 1320 b1 = gen_linktype(ETHERTYPE_MOPDL); 1321 break; 1322 1323 case Q_MOPRC: 1324 b1 = gen_linktype(ETHERTYPE_MOPRC); 1325 break; 1326 1327 #ifdef INET6 1328 case Q_IPV6: 1329 b1 = gen_linktype(ETHERTYPE_IPV6); 1330 break; 1331 1332 #ifndef IPPROTO_ICMPV6 1333 #define IPPROTO_ICMPV6 58 1334 #endif 1335 case Q_ICMPV6: 1336 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1337 break; 1338 #endif /* INET6 */ 1339 1340 #ifndef IPPROTO_AH 1341 #define IPPROTO_AH 51 1342 #endif 1343 case Q_AH: 1344 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1345 #ifdef INET6 1346 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1347 gen_or(b0, b1); 1348 #endif 1349 break; 1350 1351 #ifndef IPPROTO_ESP 1352 #define IPPROTO_ESP 50 1353 #endif 1354 case Q_ESP: 1355 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1356 #ifdef INET6 1357 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1358 gen_or(b0, b1); 1359 #endif 1360 break; 1361 1362 default: 1363 abort(); 1364 } 1365 return b1; 1366 } 1367 1368 static struct block * 1369 gen_ipfrag() 1370 { 1371 struct slist *s; 1372 struct block *b; 1373 1374 /* not ip frag */ 1375 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1376 s->s.k = off_nl + 6; 1377 b = new_block(JMP(BPF_JSET)); 1378 b->s.k = 0x1fff; 1379 b->stmts = s; 1380 gen_not(b); 1381 1382 return b; 1383 } 1384 1385 static struct block * 1386 gen_portatom(off, v) 1387 int off; 1388 bpf_int32 v; 1389 { 1390 struct slist *s; 1391 struct block *b; 1392 1393 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1394 s->s.k = off_nl; 1395 1396 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 1397 s->next->s.k = off_nl + off; 1398 1399 b = new_block(JMP(BPF_JEQ)); 1400 b->stmts = s; 1401 b->s.k = v; 1402 1403 return b; 1404 } 1405 1406 #ifdef INET6 1407 static struct block * 1408 gen_portatom6(off, v) 1409 int off; 1410 bpf_int32 v; 1411 { 1412 return gen_cmp(off_nl + 40 + off, BPF_H, v); 1413 } 1414 #endif/*INET6*/ 1415 1416 struct block * 1417 gen_portop(port, proto, dir) 1418 int port, proto, dir; 1419 { 1420 struct block *b0, *b1, *tmp; 1421 1422 /* ip proto 'proto' */ 1423 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 1424 b0 = gen_ipfrag(); 1425 gen_and(tmp, b0); 1426 1427 switch (dir) { 1428 case Q_SRC: 1429 b1 = gen_portatom(0, (bpf_int32)port); 1430 break; 1431 1432 case Q_DST: 1433 b1 = gen_portatom(2, (bpf_int32)port); 1434 break; 1435 1436 case Q_OR: 1437 case Q_DEFAULT: 1438 tmp = gen_portatom(0, (bpf_int32)port); 1439 b1 = gen_portatom(2, (bpf_int32)port); 1440 gen_or(tmp, b1); 1441 break; 1442 1443 case Q_AND: 1444 tmp = gen_portatom(0, (bpf_int32)port); 1445 b1 = gen_portatom(2, (bpf_int32)port); 1446 gen_and(tmp, b1); 1447 break; 1448 1449 default: 1450 abort(); 1451 } 1452 gen_and(b0, b1); 1453 1454 return b1; 1455 } 1456 1457 static struct block * 1458 gen_port(port, ip_proto, dir) 1459 int port; 1460 int ip_proto; 1461 int dir; 1462 { 1463 struct block *b0, *b1, *tmp; 1464 1465 /* ether proto ip */ 1466 b0 = gen_linktype(ETHERTYPE_IP); 1467 1468 switch (ip_proto) { 1469 case IPPROTO_UDP: 1470 case IPPROTO_TCP: 1471 b1 = gen_portop(port, ip_proto, dir); 1472 break; 1473 1474 case PROTO_UNDEF: 1475 tmp = gen_portop(port, IPPROTO_TCP, dir); 1476 b1 = gen_portop(port, IPPROTO_UDP, dir); 1477 gen_or(tmp, b1); 1478 break; 1479 1480 default: 1481 abort(); 1482 } 1483 gen_and(b0, b1); 1484 return b1; 1485 } 1486 1487 #ifdef INET6 1488 struct block * 1489 gen_portop6(port, proto, dir) 1490 int port, proto, dir; 1491 { 1492 struct block *b0, *b1, *tmp; 1493 1494 /* ip proto 'proto' */ 1495 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 1496 1497 switch (dir) { 1498 case Q_SRC: 1499 b1 = gen_portatom6(0, (bpf_int32)port); 1500 break; 1501 1502 case Q_DST: 1503 b1 = gen_portatom6(2, (bpf_int32)port); 1504 break; 1505 1506 case Q_OR: 1507 case Q_DEFAULT: 1508 tmp = gen_portatom6(0, (bpf_int32)port); 1509 b1 = gen_portatom6(2, (bpf_int32)port); 1510 gen_or(tmp, b1); 1511 break; 1512 1513 case Q_AND: 1514 tmp = gen_portatom6(0, (bpf_int32)port); 1515 b1 = gen_portatom6(2, (bpf_int32)port); 1516 gen_and(tmp, b1); 1517 break; 1518 1519 default: 1520 abort(); 1521 } 1522 gen_and(b0, b1); 1523 1524 return b1; 1525 } 1526 1527 static struct block * 1528 gen_port6(port, ip_proto, dir) 1529 int port; 1530 int ip_proto; 1531 int dir; 1532 { 1533 struct block *b0, *b1, *tmp; 1534 1535 /* ether proto ip */ 1536 b0 = gen_linktype(ETHERTYPE_IPV6); 1537 1538 switch (ip_proto) { 1539 case IPPROTO_UDP: 1540 case IPPROTO_TCP: 1541 b1 = gen_portop6(port, ip_proto, dir); 1542 break; 1543 1544 case PROTO_UNDEF: 1545 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1546 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1547 gen_or(tmp, b1); 1548 break; 1549 1550 default: 1551 abort(); 1552 } 1553 gen_and(b0, b1); 1554 return b1; 1555 } 1556 #endif /* INET6 */ 1557 1558 static int 1559 lookup_proto(name, proto) 1560 register const char *name; 1561 register int proto; 1562 { 1563 register int v; 1564 1565 switch (proto) { 1566 1567 case Q_DEFAULT: 1568 case Q_IP: 1569 v = pcap_nametoproto(name); 1570 if (v == PROTO_UNDEF) 1571 bpf_error("unknown ip proto '%s'", name); 1572 break; 1573 1574 case Q_LINK: 1575 /* XXX should look up h/w protocol type based on linktype */ 1576 v = pcap_nametoeproto(name); 1577 if (v == PROTO_UNDEF) 1578 bpf_error("unknown ether proto '%s'", name); 1579 break; 1580 1581 default: 1582 v = PROTO_UNDEF; 1583 break; 1584 } 1585 return v; 1586 } 1587 1588 static struct block * 1589 gen_protochain(v, proto, dir) 1590 int v; 1591 int proto; 1592 int dir; 1593 { 1594 struct block *b0, *b; 1595 struct slist *s[100]; 1596 int fix2, fix3, fix4, fix5; 1597 int ahcheck, again, end; 1598 int i, max; 1599 int reg1 = alloc_reg(); 1600 int reg2 = alloc_reg(); 1601 1602 memset(s, 0, sizeof(s)); 1603 fix2 = fix3 = fix4 = fix5 = 0; 1604 1605 switch (proto) { 1606 case Q_IP: 1607 case Q_IPV6: 1608 break; 1609 case Q_DEFAULT: 1610 b0 = gen_protochain(v, Q_IP, dir); 1611 b = gen_protochain(v, Q_IPV6, dir); 1612 gen_or(b0, b); 1613 return b; 1614 default: 1615 bpf_error("bad protocol applied for 'protochain'"); 1616 /*NOTREACHED*/ 1617 } 1618 1619 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1620 1621 /* 1622 * s[0] is a dummy entry to protect other BPF insn from damaged 1623 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1624 * hard to find interdependency made by jump table fixup. 1625 */ 1626 i = 0; 1627 s[i] = new_stmt(0); /*dummy*/ 1628 i++; 1629 1630 switch (proto) { 1631 case Q_IP: 1632 b0 = gen_linktype(ETHERTYPE_IP); 1633 1634 /* A = ip->ip_p */ 1635 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1636 s[i]->s.k = off_nl + 9; 1637 i++; 1638 /* X = ip->ip_hl << 2 */ 1639 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1640 s[i]->s.k = off_nl; 1641 i++; 1642 break; 1643 case Q_IPV6: 1644 b0 = gen_linktype(ETHERTYPE_IPV6); 1645 1646 /* A = ip6->ip_nxt */ 1647 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1648 s[i]->s.k = off_nl + 6; 1649 i++; 1650 /* X = sizeof(struct ip6_hdr) */ 1651 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1652 s[i]->s.k = 40; 1653 i++; 1654 break; 1655 default: 1656 bpf_error("unsupported proto to gen_protochain"); 1657 /*NOTREACHED*/ 1658 } 1659 1660 /* again: if (A == v) goto end; else fall through; */ 1661 again = i; 1662 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1663 s[i]->s.k = v; 1664 s[i]->s.jt = NULL; /*later*/ 1665 s[i]->s.jf = NULL; /*update in next stmt*/ 1666 fix5 = i; 1667 i++; 1668 1669 /* if (A == IPPROTO_NONE) goto end */ 1670 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1671 s[i]->s.jt = NULL; /*later*/ 1672 s[i]->s.jf = NULL; /*update in next stmt*/ 1673 s[i]->s.k = IPPROTO_NONE; 1674 s[fix5]->s.jf = s[i]; 1675 fix2 = i; 1676 i++; 1677 1678 if (proto == Q_IPV6) { 1679 int v6start, v6end, v6advance, j; 1680 1681 v6start = i; 1682 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1683 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1684 s[i]->s.jt = NULL; /*later*/ 1685 s[i]->s.jf = NULL; /*update in next stmt*/ 1686 s[i]->s.k = IPPROTO_HOPOPTS; 1687 s[fix2]->s.jf = s[i]; 1688 i++; 1689 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1690 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1691 s[i]->s.jt = NULL; /*later*/ 1692 s[i]->s.jf = NULL; /*update in next stmt*/ 1693 s[i]->s.k = IPPROTO_DSTOPTS; 1694 i++; 1695 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1696 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1697 s[i]->s.jt = NULL; /*later*/ 1698 s[i]->s.jf = NULL; /*update in next stmt*/ 1699 s[i]->s.k = IPPROTO_ROUTING; 1700 i++; 1701 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1702 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1703 s[i]->s.jt = NULL; /*later*/ 1704 s[i]->s.jf = NULL; /*later*/ 1705 s[i]->s.k = IPPROTO_FRAGMENT; 1706 fix3 = i; 1707 v6end = i; 1708 i++; 1709 1710 /* v6advance: */ 1711 v6advance = i; 1712 1713 /* 1714 * in short, 1715 * A = P[X + 1]; 1716 * X = X + (P[X] + 1) * 8; 1717 */ 1718 /* A = X */ 1719 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1720 i++; 1721 /* MEM[reg1] = A */ 1722 s[i] = new_stmt(BPF_ST); 1723 s[i]->s.k = reg1; 1724 i++; 1725 /* A += 1 */ 1726 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1727 s[i]->s.k = 1; 1728 i++; 1729 /* X = A */ 1730 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1731 i++; 1732 /* A = P[X + packet head]; */ 1733 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1734 s[i]->s.k = off_nl; 1735 i++; 1736 /* MEM[reg2] = A */ 1737 s[i] = new_stmt(BPF_ST); 1738 s[i]->s.k = reg2; 1739 i++; 1740 /* X = MEM[reg1] */ 1741 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1742 s[i]->s.k = reg1; 1743 i++; 1744 /* A = P[X + packet head] */ 1745 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1746 s[i]->s.k = off_nl; 1747 i++; 1748 /* A += 1 */ 1749 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1750 s[i]->s.k = 1; 1751 i++; 1752 /* A *= 8 */ 1753 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1754 s[i]->s.k = 8; 1755 i++; 1756 /* X = A; */ 1757 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1758 i++; 1759 /* A = MEM[reg2] */ 1760 s[i] = new_stmt(BPF_LD|BPF_MEM); 1761 s[i]->s.k = reg2; 1762 i++; 1763 1764 /* goto again; (must use BPF_JA for backward jump) */ 1765 s[i] = new_stmt(BPF_JMP|BPF_JA); 1766 s[i]->s.k = again - i - 1; 1767 s[i - 1]->s.jf = s[i]; 1768 i++; 1769 1770 /* fixup */ 1771 for (j = v6start; j <= v6end; j++) 1772 s[j]->s.jt = s[v6advance]; 1773 } else { 1774 /* nop */ 1775 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1776 s[i]->s.k = 0; 1777 s[fix2]->s.jf = s[i]; 1778 i++; 1779 } 1780 1781 /* ahcheck: */ 1782 ahcheck = i; 1783 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 1784 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1785 s[i]->s.jt = NULL; /*later*/ 1786 s[i]->s.jf = NULL; /*later*/ 1787 s[i]->s.k = IPPROTO_AH; 1788 if (fix3) 1789 s[fix3]->s.jf = s[ahcheck]; 1790 fix4 = i; 1791 i++; 1792 1793 /* 1794 * in short, 1795 * A = P[X + 1]; 1796 * X = X + (P[X] + 2) * 4; 1797 */ 1798 /* A = X */ 1799 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 1800 i++; 1801 /* MEM[reg1] = A */ 1802 s[i] = new_stmt(BPF_ST); 1803 s[i]->s.k = reg1; 1804 i++; 1805 /* A += 1 */ 1806 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1807 s[i]->s.k = 1; 1808 i++; 1809 /* X = A */ 1810 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1811 i++; 1812 /* A = P[X + packet head]; */ 1813 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1814 s[i]->s.k = off_nl; 1815 i++; 1816 /* MEM[reg2] = A */ 1817 s[i] = new_stmt(BPF_ST); 1818 s[i]->s.k = reg2; 1819 i++; 1820 /* X = MEM[reg1] */ 1821 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1822 s[i]->s.k = reg1; 1823 i++; 1824 /* A = P[X + packet head] */ 1825 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1826 s[i]->s.k = off_nl; 1827 i++; 1828 /* A += 2 */ 1829 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1830 s[i]->s.k = 2; 1831 i++; 1832 /* A *= 4 */ 1833 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1834 s[i]->s.k = 4; 1835 i++; 1836 /* X = A; */ 1837 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1838 i++; 1839 /* A = MEM[reg2] */ 1840 s[i] = new_stmt(BPF_LD|BPF_MEM); 1841 s[i]->s.k = reg2; 1842 i++; 1843 1844 /* goto again; (must use BPF_JA for backward jump) */ 1845 s[i] = new_stmt(BPF_JMP|BPF_JA); 1846 s[i]->s.k = again - i - 1; 1847 i++; 1848 1849 /* end: nop */ 1850 end = i; 1851 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1852 s[i]->s.k = 0; 1853 s[fix2]->s.jt = s[end]; 1854 s[fix4]->s.jf = s[end]; 1855 s[fix5]->s.jt = s[end]; 1856 i++; 1857 1858 /* 1859 * make slist chain 1860 */ 1861 max = i; 1862 for (i = 0; i < max - 1; i++) 1863 s[i]->next = s[i + 1]; 1864 s[max - 1]->next = NULL; 1865 1866 /* 1867 * emit final check 1868 */ 1869 b = new_block(JMP(BPF_JEQ)); 1870 b->stmts = s[1]; /*remember, s[0] is dummy*/ 1871 b->s.k = v; 1872 1873 free_reg(reg1); 1874 free_reg(reg2); 1875 1876 gen_and(b0, b); 1877 return b; 1878 } 1879 1880 static struct block * 1881 gen_proto(v, proto, dir) 1882 int v; 1883 int proto; 1884 int dir; 1885 { 1886 struct block *b0, *b1; 1887 1888 if (dir != Q_DEFAULT) 1889 bpf_error("direction applied to 'proto'"); 1890 1891 switch (proto) { 1892 case Q_DEFAULT: 1893 #ifdef INET6 1894 b0 = gen_proto(v, Q_IP, dir); 1895 b1 = gen_proto(v, Q_IPV6, dir); 1896 gen_or(b0, b1); 1897 return b1; 1898 #else 1899 /*FALLTHROUGH*/ 1900 #endif 1901 case Q_IP: 1902 b0 = gen_linktype(ETHERTYPE_IP); 1903 #ifndef CHASE_CHAIN 1904 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 1905 #else 1906 b1 = gen_protochain(v, Q_IP); 1907 #endif 1908 gen_and(b0, b1); 1909 return b1; 1910 1911 case Q_ARP: 1912 bpf_error("arp does not encapsulate another protocol"); 1913 /* NOTREACHED */ 1914 1915 case Q_RARP: 1916 bpf_error("rarp does not encapsulate another protocol"); 1917 /* NOTREACHED */ 1918 1919 case Q_ATALK: 1920 bpf_error("atalk encapsulation is not specifiable"); 1921 /* NOTREACHED */ 1922 1923 case Q_DECNET: 1924 bpf_error("decnet encapsulation is not specifiable"); 1925 /* NOTREACHED */ 1926 1927 case Q_SCA: 1928 bpf_error("sca does not encapsulate another protocol"); 1929 /* NOTREACHED */ 1930 1931 case Q_LAT: 1932 bpf_error("lat does not encapsulate another protocol"); 1933 /* NOTREACHED */ 1934 1935 case Q_MOPRC: 1936 bpf_error("moprc does not encapsulate another protocol"); 1937 /* NOTREACHED */ 1938 1939 case Q_MOPDL: 1940 bpf_error("mopdl does not encapsulate another protocol"); 1941 /* NOTREACHED */ 1942 1943 case Q_LINK: 1944 return gen_linktype(v); 1945 1946 case Q_UDP: 1947 bpf_error("'udp proto' is bogus"); 1948 /* NOTREACHED */ 1949 1950 case Q_TCP: 1951 bpf_error("'tcp proto' is bogus"); 1952 /* NOTREACHED */ 1953 1954 case Q_ICMP: 1955 bpf_error("'icmp proto' is bogus"); 1956 /* NOTREACHED */ 1957 1958 case Q_IGMP: 1959 bpf_error("'igmp proto' is bogus"); 1960 /* NOTREACHED */ 1961 1962 case Q_IGRP: 1963 bpf_error("'igrp proto' is bogus"); 1964 /* NOTREACHED */ 1965 1966 case Q_PIM: 1967 bpf_error("'pim proto' is bogus"); 1968 /* NOTREACHED */ 1969 1970 #ifdef INET6 1971 case Q_IPV6: 1972 b0 = gen_linktype(ETHERTYPE_IPV6); 1973 #ifndef CHASE_CHAIN 1974 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 1975 #else 1976 b1 = gen_protochain(v, Q_IPV6); 1977 #endif 1978 gen_and(b0, b1); 1979 return b1; 1980 1981 case Q_ICMPV6: 1982 bpf_error("'icmp6 proto' is bogus"); 1983 #endif /* INET6 */ 1984 1985 case Q_AH: 1986 bpf_error("'ah proto' is bogus"); 1987 1988 case Q_ESP: 1989 bpf_error("'ah proto' is bogus"); 1990 1991 default: 1992 abort(); 1993 /* NOTREACHED */ 1994 } 1995 /* NOTREACHED */ 1996 } 1997 1998 struct block * 1999 gen_scode(name, q) 2000 register const char *name; 2001 struct qual q; 2002 { 2003 int proto = q.proto; 2004 int dir = q.dir; 2005 int tproto; 2006 u_char *eaddr; 2007 bpf_u_int32 mask, addr; 2008 #ifndef INET6 2009 bpf_u_int32 **alist; 2010 #else 2011 int tproto6; 2012 struct sockaddr_in *sin; 2013 struct sockaddr_in6 *sin6; 2014 struct addrinfo *res, *res0; 2015 struct in6_addr mask128; 2016 #endif /*INET6*/ 2017 struct block *b, *tmp; 2018 int port, real_proto; 2019 2020 switch (q.addr) { 2021 2022 case Q_NET: 2023 addr = pcap_nametonetaddr(name); 2024 if (addr == 0) 2025 bpf_error("unknown network '%s'", name); 2026 /* Left justify network addr and calculate its network mask */ 2027 mask = 0xffffffff; 2028 while (addr && (addr & 0xff000000) == 0) { 2029 addr <<= 8; 2030 mask <<= 8; 2031 } 2032 return gen_host(addr, mask, proto, dir); 2033 2034 case Q_DEFAULT: 2035 case Q_HOST: 2036 if (proto == Q_LINK) { 2037 switch (linktype) { 2038 2039 case DLT_EN10MB: 2040 eaddr = pcap_ether_hostton(name); 2041 if (eaddr == NULL) 2042 bpf_error( 2043 "unknown ether host '%s'", name); 2044 return gen_ehostop(eaddr, dir); 2045 2046 case DLT_FDDI: 2047 eaddr = pcap_ether_hostton(name); 2048 if (eaddr == NULL) 2049 bpf_error( 2050 "unknown FDDI host '%s'", name); 2051 return gen_fhostop(eaddr, dir); 2052 2053 default: 2054 bpf_error( 2055 "only ethernet/FDDI supports link-level host name"); 2056 break; 2057 } 2058 } else if (proto == Q_DECNET) { 2059 unsigned short dn_addr = __pcap_nametodnaddr(name); 2060 /* 2061 * I don't think DECNET hosts can be multihomed, so 2062 * there is no need to build up a list of addresses 2063 */ 2064 return (gen_host(dn_addr, 0, proto, dir)); 2065 } else { 2066 #ifndef INET6 2067 alist = pcap_nametoaddr(name); 2068 if (alist == NULL || *alist == NULL) 2069 bpf_error("unknown host '%s'", name); 2070 tproto = proto; 2071 if (off_linktype == -1 && tproto == Q_DEFAULT) 2072 tproto = Q_IP; 2073 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2074 while (*alist) { 2075 tmp = gen_host(**alist++, 0xffffffff, 2076 tproto, dir); 2077 gen_or(b, tmp); 2078 b = tmp; 2079 } 2080 return b; 2081 #else 2082 memset(&mask128, 0xff, sizeof(mask128)); 2083 res0 = res = pcap_nametoaddrinfo(name); 2084 if (res == NULL) 2085 bpf_error("unknown host '%s'", name); 2086 b = tmp = NULL; 2087 tproto = tproto6 = proto; 2088 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2089 tproto = Q_IP; 2090 tproto6 = Q_IPV6; 2091 } 2092 for (res = res0; res; res = res->ai_next) { 2093 switch (res->ai_family) { 2094 case AF_INET: 2095 if (tproto == Q_IPV6) 2096 continue; 2097 2098 sin = (struct sockaddr_in *) 2099 res->ai_addr; 2100 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2101 0xffffffff, tproto, dir); 2102 break; 2103 case AF_INET6: 2104 if (tproto6 == Q_IP) 2105 continue; 2106 2107 sin6 = (struct sockaddr_in6 *) 2108 res->ai_addr; 2109 tmp = gen_host6(&sin6->sin6_addr, 2110 &mask128, tproto6, dir); 2111 break; 2112 } 2113 if (b) 2114 gen_or(b, tmp); 2115 b = tmp; 2116 } 2117 freeaddrinfo(res0); 2118 if (b == NULL) { 2119 bpf_error("unknown host '%s'%s", name, 2120 (proto == Q_DEFAULT) 2121 ? "" 2122 : " for specified address family"); 2123 } 2124 return b; 2125 #endif /*INET6*/ 2126 } 2127 2128 case Q_PORT: 2129 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2130 bpf_error("illegal qualifier of 'port'"); 2131 if (pcap_nametoport(name, &port, &real_proto) == 0) 2132 bpf_error("unknown port '%s'", name); 2133 if (proto == Q_UDP) { 2134 if (real_proto == IPPROTO_TCP) 2135 bpf_error("port '%s' is tcp", name); 2136 else 2137 /* override PROTO_UNDEF */ 2138 real_proto = IPPROTO_UDP; 2139 } 2140 if (proto == Q_TCP) { 2141 if (real_proto == IPPROTO_UDP) 2142 bpf_error("port '%s' is udp", name); 2143 else 2144 /* override PROTO_UNDEF */ 2145 real_proto = IPPROTO_TCP; 2146 } 2147 #ifndef INET6 2148 return gen_port(port, real_proto, dir); 2149 #else 2150 { 2151 struct block *b; 2152 b = gen_port(port, real_proto, dir); 2153 gen_or(gen_port6(port, real_proto, dir), b); 2154 return b; 2155 } 2156 #endif /* INET6 */ 2157 2158 case Q_GATEWAY: 2159 #ifndef INET6 2160 eaddr = pcap_ether_hostton(name); 2161 if (eaddr == NULL) 2162 bpf_error("unknown ether host: %s", name); 2163 2164 alist = pcap_nametoaddr(name); 2165 if (alist == NULL || *alist == NULL) 2166 bpf_error("unknown host '%s'", name); 2167 return gen_gateway(eaddr, alist, proto, dir); 2168 #else 2169 bpf_error("'gateway' not supported in this configuration"); 2170 #endif /*INET6*/ 2171 2172 case Q_PROTO: 2173 real_proto = lookup_proto(name, proto); 2174 if (real_proto >= 0) 2175 return gen_proto(real_proto, proto, dir); 2176 else 2177 bpf_error("unknown protocol: %s", name); 2178 2179 case Q_PROTOCHAIN: 2180 real_proto = lookup_proto(name, proto); 2181 if (real_proto >= 0) 2182 return gen_protochain(real_proto, proto, dir); 2183 else 2184 bpf_error("unknown protocol: %s", name); 2185 2186 2187 case Q_UNDEF: 2188 syntax(); 2189 /* NOTREACHED */ 2190 } 2191 abort(); 2192 /* NOTREACHED */ 2193 } 2194 2195 struct block * 2196 gen_mcode(s1, s2, masklen, q) 2197 register const char *s1, *s2; 2198 register int masklen; 2199 struct qual q; 2200 { 2201 register int nlen, mlen; 2202 bpf_u_int32 n, m; 2203 2204 nlen = __pcap_atoin(s1, &n); 2205 /* Promote short ipaddr */ 2206 n <<= 32 - nlen; 2207 2208 if (s2 != NULL) { 2209 mlen = __pcap_atoin(s2, &m); 2210 /* Promote short ipaddr */ 2211 m <<= 32 - mlen; 2212 if ((n & ~m) != 0) 2213 bpf_error("non-network bits set in \"%s mask %s\"", 2214 s1, s2); 2215 } else { 2216 /* Convert mask len to mask */ 2217 if (masklen > 32) 2218 bpf_error("mask length must be <= 32"); 2219 m = 0xffffffff << (32 - masklen); 2220 if ((n & ~m) != 0) 2221 bpf_error("non-network bits set in \"%s/%d\"", 2222 s1, masklen); 2223 } 2224 2225 switch (q.addr) { 2226 2227 case Q_NET: 2228 return gen_host(n, m, q.proto, q.dir); 2229 2230 default: 2231 bpf_error("Mask syntax for networks only"); 2232 /* NOTREACHED */ 2233 } 2234 } 2235 2236 struct block * 2237 gen_ncode(s, v, q) 2238 register const char *s; 2239 bpf_u_int32 v; 2240 struct qual q; 2241 { 2242 bpf_u_int32 mask; 2243 int proto = q.proto; 2244 int dir = q.dir; 2245 register int vlen; 2246 2247 if (s == NULL) 2248 vlen = 32; 2249 else if (q.proto == Q_DECNET) 2250 vlen = __pcap_atodn(s, &v); 2251 else 2252 vlen = __pcap_atoin(s, &v); 2253 2254 switch (q.addr) { 2255 2256 case Q_DEFAULT: 2257 case Q_HOST: 2258 case Q_NET: 2259 if (proto == Q_DECNET) 2260 return gen_host(v, 0, proto, dir); 2261 else if (proto == Q_LINK) { 2262 bpf_error("illegal link layer address"); 2263 } else { 2264 mask = 0xffffffff; 2265 if (s == NULL && q.addr == Q_NET) { 2266 /* Promote short net number */ 2267 while (v && (v & 0xff000000) == 0) { 2268 v <<= 8; 2269 mask <<= 8; 2270 } 2271 } else { 2272 /* Promote short ipaddr */ 2273 v <<= 32 - vlen; 2274 mask <<= 32 - vlen; 2275 } 2276 return gen_host(v, mask, proto, dir); 2277 } 2278 2279 case Q_PORT: 2280 if (proto == Q_UDP) 2281 proto = IPPROTO_UDP; 2282 else if (proto == Q_TCP) 2283 proto = IPPROTO_TCP; 2284 else if (proto == Q_DEFAULT) 2285 proto = PROTO_UNDEF; 2286 else 2287 bpf_error("illegal qualifier of 'port'"); 2288 2289 #ifndef INET6 2290 return gen_port((int)v, proto, dir); 2291 #else 2292 { 2293 struct block *b; 2294 b = gen_port((int)v, proto, dir); 2295 gen_or(gen_port6((int)v, proto, dir), b); 2296 return b; 2297 } 2298 #endif /* INET6 */ 2299 2300 case Q_GATEWAY: 2301 bpf_error("'gateway' requires a name"); 2302 /* NOTREACHED */ 2303 2304 case Q_PROTO: 2305 return gen_proto((int)v, proto, dir); 2306 2307 case Q_PROTOCHAIN: 2308 return gen_protochain((int)v, proto, dir); 2309 2310 case Q_UNDEF: 2311 syntax(); 2312 /* NOTREACHED */ 2313 2314 default: 2315 abort(); 2316 /* NOTREACHED */ 2317 } 2318 /* NOTREACHED */ 2319 } 2320 2321 #ifdef INET6 2322 struct block * 2323 gen_mcode6(s1, s2, masklen, q) 2324 register const char *s1, *s2; 2325 register int masklen; 2326 struct qual q; 2327 { 2328 struct addrinfo *res; 2329 struct in6_addr *addr; 2330 struct in6_addr mask; 2331 struct block *b; 2332 u_int32_t *a, *m; 2333 2334 if (s2) 2335 bpf_error("no mask %s supported", s2); 2336 2337 res = pcap_nametoaddrinfo(s1); 2338 if (!res) 2339 bpf_error("invalid ip6 address %s", s1); 2340 if (res->ai_next) 2341 bpf_error("%s resolved to multiple address", s1); 2342 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2343 2344 if (sizeof(mask) * 8 < masklen) 2345 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2346 memset(&mask, 0xff, masklen / 8); 2347 if (masklen % 8) { 2348 mask.s6_addr[masklen / 8] = 2349 (0xff << (8 - masklen % 8)) & 0xff; 2350 } 2351 2352 a = (u_int32_t *)addr; 2353 m = (u_int32_t *)&mask; 2354 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2355 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2356 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2357 } 2358 2359 switch (q.addr) { 2360 2361 case Q_DEFAULT: 2362 case Q_HOST: 2363 if (masklen != 128) 2364 bpf_error("Mask syntax for networks only"); 2365 /* FALLTHROUGH */ 2366 2367 case Q_NET: 2368 b = gen_host6(addr, &mask, q.proto, q.dir); 2369 freeaddrinfo(res); 2370 return b; 2371 2372 default: 2373 bpf_error("invalid qualifier against IPv6 address"); 2374 /* NOTREACHED */ 2375 } 2376 } 2377 #endif /*INET6*/ 2378 2379 struct block * 2380 gen_ecode(eaddr, q) 2381 register const u_char *eaddr; 2382 struct qual q; 2383 { 2384 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2385 if (linktype == DLT_EN10MB) 2386 return gen_ehostop(eaddr, (int)q.dir); 2387 if (linktype == DLT_FDDI) 2388 return gen_fhostop(eaddr, (int)q.dir); 2389 } 2390 bpf_error("ethernet address used in non-ether expression"); 2391 /* NOTREACHED */ 2392 } 2393 2394 void 2395 sappend(s0, s1) 2396 struct slist *s0, *s1; 2397 { 2398 /* 2399 * This is definitely not the best way to do this, but the 2400 * lists will rarely get long. 2401 */ 2402 while (s0->next) 2403 s0 = s0->next; 2404 s0->next = s1; 2405 } 2406 2407 static struct slist * 2408 xfer_to_x(a) 2409 struct arth *a; 2410 { 2411 struct slist *s; 2412 2413 s = new_stmt(BPF_LDX|BPF_MEM); 2414 s->s.k = a->regno; 2415 return s; 2416 } 2417 2418 static struct slist * 2419 xfer_to_a(a) 2420 struct arth *a; 2421 { 2422 struct slist *s; 2423 2424 s = new_stmt(BPF_LD|BPF_MEM); 2425 s->s.k = a->regno; 2426 return s; 2427 } 2428 2429 struct arth * 2430 gen_load(proto, index, size) 2431 int proto; 2432 struct arth *index; 2433 int size; 2434 { 2435 struct slist *s, *tmp; 2436 struct block *b; 2437 int regno = alloc_reg(); 2438 2439 free_reg(index->regno); 2440 switch (size) { 2441 2442 default: 2443 bpf_error("data size must be 1, 2, or 4"); 2444 2445 case 1: 2446 size = BPF_B; 2447 break; 2448 2449 case 2: 2450 size = BPF_H; 2451 break; 2452 2453 case 4: 2454 size = BPF_W; 2455 break; 2456 } 2457 switch (proto) { 2458 default: 2459 bpf_error("unsupported index operation"); 2460 2461 case Q_LINK: 2462 s = xfer_to_x(index); 2463 tmp = new_stmt(BPF_LD|BPF_IND|size); 2464 sappend(s, tmp); 2465 sappend(index->s, s); 2466 break; 2467 2468 case Q_IP: 2469 case Q_ARP: 2470 case Q_RARP: 2471 case Q_ATALK: 2472 case Q_DECNET: 2473 case Q_SCA: 2474 case Q_LAT: 2475 case Q_MOPRC: 2476 case Q_MOPDL: 2477 #ifdef INET6 2478 case Q_IPV6: 2479 #endif 2480 /* XXX Note that we assume a fixed link header here. */ 2481 s = xfer_to_x(index); 2482 tmp = new_stmt(BPF_LD|BPF_IND|size); 2483 tmp->s.k = off_nl; 2484 sappend(s, tmp); 2485 sappend(index->s, s); 2486 2487 b = gen_proto_abbrev(proto); 2488 if (index->b) 2489 gen_and(index->b, b); 2490 index->b = b; 2491 break; 2492 2493 case Q_TCP: 2494 case Q_UDP: 2495 case Q_ICMP: 2496 case Q_IGMP: 2497 case Q_IGRP: 2498 case Q_PIM: 2499 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2500 s->s.k = off_nl; 2501 sappend(s, xfer_to_a(index)); 2502 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2503 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2504 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2505 tmp->s.k = off_nl; 2506 sappend(index->s, s); 2507 2508 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2509 if (index->b) 2510 gen_and(index->b, b); 2511 #ifdef INET6 2512 gen_and(gen_proto_abbrev(Q_IP), b); 2513 #endif 2514 index->b = b; 2515 break; 2516 #ifdef INET6 2517 case Q_ICMPV6: 2518 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2519 /*NOTREACHED*/ 2520 #endif 2521 } 2522 index->regno = regno; 2523 s = new_stmt(BPF_ST); 2524 s->s.k = regno; 2525 sappend(index->s, s); 2526 2527 return index; 2528 } 2529 2530 struct block * 2531 gen_relation(code, a0, a1, reversed) 2532 int code; 2533 struct arth *a0, *a1; 2534 int reversed; 2535 { 2536 struct slist *s0, *s1, *s2; 2537 struct block *b, *tmp; 2538 2539 s0 = xfer_to_x(a1); 2540 s1 = xfer_to_a(a0); 2541 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2542 b = new_block(JMP(code)); 2543 if (code == BPF_JGT || code == BPF_JGE) { 2544 reversed = !reversed; 2545 b->s.k = 0x80000000; 2546 } 2547 if (reversed) 2548 gen_not(b); 2549 2550 sappend(s1, s2); 2551 sappend(s0, s1); 2552 sappend(a1->s, s0); 2553 sappend(a0->s, a1->s); 2554 2555 b->stmts = a0->s; 2556 2557 free_reg(a0->regno); 2558 free_reg(a1->regno); 2559 2560 /* 'and' together protocol checks */ 2561 if (a0->b) { 2562 if (a1->b) { 2563 gen_and(a0->b, tmp = a1->b); 2564 } 2565 else 2566 tmp = a0->b; 2567 } else 2568 tmp = a1->b; 2569 2570 if (tmp) 2571 gen_and(tmp, b); 2572 2573 return b; 2574 } 2575 2576 struct arth * 2577 gen_loadlen() 2578 { 2579 int regno = alloc_reg(); 2580 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2581 struct slist *s; 2582 2583 s = new_stmt(BPF_LD|BPF_LEN); 2584 s->next = new_stmt(BPF_ST); 2585 s->next->s.k = regno; 2586 a->s = s; 2587 a->regno = regno; 2588 2589 return a; 2590 } 2591 2592 struct arth * 2593 gen_loadi(val) 2594 int val; 2595 { 2596 struct arth *a; 2597 struct slist *s; 2598 int reg; 2599 2600 a = (struct arth *)newchunk(sizeof(*a)); 2601 2602 reg = alloc_reg(); 2603 2604 s = new_stmt(BPF_LD|BPF_IMM); 2605 s->s.k = val; 2606 s->next = new_stmt(BPF_ST); 2607 s->next->s.k = reg; 2608 a->s = s; 2609 a->regno = reg; 2610 2611 return a; 2612 } 2613 2614 struct arth * 2615 gen_neg(a) 2616 struct arth *a; 2617 { 2618 struct slist *s; 2619 2620 s = xfer_to_a(a); 2621 sappend(a->s, s); 2622 s = new_stmt(BPF_ALU|BPF_NEG); 2623 s->s.k = 0; 2624 sappend(a->s, s); 2625 s = new_stmt(BPF_ST); 2626 s->s.k = a->regno; 2627 sappend(a->s, s); 2628 2629 return a; 2630 } 2631 2632 struct arth * 2633 gen_arth(code, a0, a1) 2634 int code; 2635 struct arth *a0, *a1; 2636 { 2637 struct slist *s0, *s1, *s2; 2638 2639 s0 = xfer_to_x(a1); 2640 s1 = xfer_to_a(a0); 2641 s2 = new_stmt(BPF_ALU|BPF_X|code); 2642 2643 sappend(s1, s2); 2644 sappend(s0, s1); 2645 sappend(a1->s, s0); 2646 sappend(a0->s, a1->s); 2647 2648 free_reg(a1->regno); 2649 2650 s0 = new_stmt(BPF_ST); 2651 a0->regno = s0->s.k = alloc_reg(); 2652 sappend(a0->s, s0); 2653 2654 return a0; 2655 } 2656 2657 /* 2658 * Here we handle simple allocation of the scratch registers. 2659 * If too many registers are alloc'd, the allocator punts. 2660 */ 2661 static int regused[BPF_MEMWORDS]; 2662 static int curreg; 2663 2664 /* 2665 * Return the next free register. 2666 */ 2667 static int 2668 alloc_reg() 2669 { 2670 int n = BPF_MEMWORDS; 2671 2672 while (--n >= 0) { 2673 if (regused[curreg]) 2674 curreg = (curreg + 1) % BPF_MEMWORDS; 2675 else { 2676 regused[curreg] = 1; 2677 return curreg; 2678 } 2679 } 2680 bpf_error("too many registers needed to evaluate expression"); 2681 /* NOTREACHED */ 2682 } 2683 2684 /* 2685 * Return a register to the table so it can 2686 * be used later. 2687 */ 2688 static void 2689 free_reg(n) 2690 int n; 2691 { 2692 regused[n] = 0; 2693 } 2694 2695 static struct block * 2696 gen_len(jmp, n) 2697 int jmp, n; 2698 { 2699 struct slist *s; 2700 struct block *b; 2701 2702 s = new_stmt(BPF_LD|BPF_LEN); 2703 b = new_block(JMP(jmp)); 2704 b->stmts = s; 2705 b->s.k = n; 2706 2707 return b; 2708 } 2709 2710 struct block * 2711 gen_greater(n) 2712 int n; 2713 { 2714 return gen_len(BPF_JGE, n); 2715 } 2716 2717 struct block * 2718 gen_less(n) 2719 int n; 2720 { 2721 struct block *b; 2722 2723 b = gen_len(BPF_JGT, n); 2724 gen_not(b); 2725 2726 return b; 2727 } 2728 2729 struct block * 2730 gen_byteop(op, idx, val) 2731 int op, idx, val; 2732 { 2733 struct block *b; 2734 struct slist *s; 2735 2736 switch (op) { 2737 default: 2738 abort(); 2739 2740 case '=': 2741 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2742 2743 case '<': 2744 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2745 b->s.code = JMP(BPF_JGE); 2746 gen_not(b); 2747 return b; 2748 2749 case '>': 2750 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2751 b->s.code = JMP(BPF_JGT); 2752 return b; 2753 2754 case '|': 2755 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 2756 break; 2757 2758 case '&': 2759 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 2760 break; 2761 } 2762 s->s.k = val; 2763 b = new_block(JMP(BPF_JEQ)); 2764 b->stmts = s; 2765 gen_not(b); 2766 2767 return b; 2768 } 2769 2770 static u_char abroadcast[] = { 0x0 }; 2771 2772 struct block * 2773 gen_broadcast(proto) 2774 int proto; 2775 { 2776 bpf_u_int32 hostmask; 2777 struct block *b0, *b1, *b2; 2778 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 2779 2780 switch (proto) { 2781 2782 case Q_DEFAULT: 2783 case Q_LINK: 2784 if (linktype == DLT_ARCNET) 2785 return gen_ahostop(abroadcast, Q_DST); 2786 if (linktype == DLT_EN10MB) 2787 return gen_ehostop(ebroadcast, Q_DST); 2788 if (linktype == DLT_FDDI) 2789 return gen_fhostop(ebroadcast, Q_DST); 2790 bpf_error("not a broadcast link"); 2791 break; 2792 2793 case Q_IP: 2794 b0 = gen_linktype(ETHERTYPE_IP); 2795 hostmask = ~netmask; 2796 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 2797 b2 = gen_mcmp(off_nl + 16, BPF_W, 2798 (bpf_int32)(~0 & hostmask), hostmask); 2799 gen_or(b1, b2); 2800 gen_and(b0, b2); 2801 return b2; 2802 } 2803 bpf_error("only ether/ip broadcast filters supported"); 2804 } 2805 2806 struct block * 2807 gen_multicast(proto) 2808 int proto; 2809 { 2810 register struct block *b0, *b1; 2811 register struct slist *s; 2812 2813 switch (proto) { 2814 2815 case Q_DEFAULT: 2816 case Q_LINK: 2817 if (linktype == DLT_ARCNET) 2818 /* all ARCnet multicasts use the same address */ 2819 return gen_ahostop(abroadcast, Q_DST); 2820 2821 if (linktype == DLT_EN10MB) { 2822 /* ether[0] & 1 != 0 */ 2823 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2824 s->s.k = 0; 2825 b0 = new_block(JMP(BPF_JSET)); 2826 b0->s.k = 1; 2827 b0->stmts = s; 2828 return b0; 2829 } 2830 2831 if (linktype == DLT_FDDI) { 2832 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 2833 /* fddi[1] & 1 != 0 */ 2834 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2835 s->s.k = 1; 2836 b0 = new_block(JMP(BPF_JSET)); 2837 b0->s.k = 1; 2838 b0->stmts = s; 2839 return b0; 2840 } 2841 /* Link not known to support multicasts */ 2842 break; 2843 2844 case Q_IP: 2845 b0 = gen_linktype(ETHERTYPE_IP); 2846 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 2847 b1->s.code = JMP(BPF_JGE); 2848 gen_and(b0, b1); 2849 return b1; 2850 2851 #ifdef INET6 2852 case Q_IPV6: 2853 b0 = gen_linktype(ETHERTYPE_IPV6); 2854 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 2855 gen_and(b0, b1); 2856 return b1; 2857 #endif /* INET6 */ 2858 } 2859 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 2860 } 2861 2862 /* 2863 * generate command for inbound/outbound. It's here so we can 2864 * make it link-type specific. 'dir' = 0 implies "inbound", 2865 * = 1 implies "outbound". 2866 */ 2867 struct block * 2868 gen_inbound(dir) 2869 int dir; 2870 { 2871 register struct block *b0; 2872 2873 /* 2874 * Only SLIP and old-style PPP data link types support 2875 * inbound/outbound qualifiers. 2876 */ 2877 switch (linktype) { 2878 case DLT_SLIP: 2879 case DLT_PPP: 2880 /* These are okay. */ 2881 break; 2882 2883 default: 2884 bpf_error("inbound/outbound not supported on linktype 0x%x\n", 2885 linktype); 2886 /* NOTREACHED */ 2887 } 2888 2889 b0 = gen_relation(BPF_JEQ, 2890 gen_load(Q_LINK, gen_loadi(0), 1), 2891 gen_loadi(0), 2892 dir); 2893 return (b0); 2894 } 2895 2896 struct block * 2897 gen_acode(eaddr, q) 2898 register const u_char *eaddr; 2899 struct qual q; 2900 { 2901 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2902 if (linktype == DLT_ARCNET) 2903 return gen_ahostop(eaddr, (int)q.dir); 2904 } 2905 bpf_error("ARCnet address used in non-arc expression"); 2906 /* NOTREACHED */ 2907 } 2908 2909 static struct block * 2910 gen_ahostop(eaddr, dir) 2911 register const u_char *eaddr; 2912 register int dir; 2913 { 2914 register struct block *b0, *b1; 2915 2916 switch (dir) { 2917 /* src comes first, different from Ethernet */ 2918 case Q_SRC: 2919 return gen_bcmp(0, 1, eaddr); 2920 2921 case Q_DST: 2922 return gen_bcmp(1, 1, eaddr); 2923 2924 case Q_AND: 2925 b0 = gen_ahostop(eaddr, Q_SRC); 2926 b1 = gen_ahostop(eaddr, Q_DST); 2927 gen_and(b0, b1); 2928 return b1; 2929 2930 case Q_DEFAULT: 2931 case Q_OR: 2932 b0 = gen_ahostop(eaddr, Q_SRC); 2933 b1 = gen_ahostop(eaddr, Q_DST); 2934 gen_or(b0, b1); 2935 return b1; 2936 } 2937 abort(); 2938 /* NOTREACHED */ 2939 } 2940