1 /* $OpenBSD: gencode.c,v 1.33 2010/06/26 16:47:07 henning Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/time.h> 27 28 struct mbuf; 29 struct rtentry; 30 31 #include <net/if.h> 32 33 #include <netinet/in.h> 34 #include <netinet/if_ether.h> 35 36 #include <net/if_pflog.h> 37 #include <net/pfvar.h> 38 39 #include <net80211/ieee80211.h> 40 #include <net80211/ieee80211_radiotap.h> 41 42 #include <stdlib.h> 43 #include <stddef.h> 44 #include <memory.h> 45 #include <setjmp.h> 46 #include <stdarg.h> 47 48 #include "pcap-int.h" 49 50 #include "ethertype.h" 51 #include "llc.h" 52 #include "gencode.h" 53 #include "ppp.h" 54 #include <pcap-namedb.h> 55 #ifdef INET6 56 #include <netdb.h> 57 #include <sys/socket.h> 58 #endif /*INET6*/ 59 60 #ifdef HAVE_OS_PROTO_H 61 #include "os-proto.h" 62 #endif 63 64 #define JMP(c) ((c)|BPF_JMP|BPF_K) 65 66 /* Locals */ 67 static jmp_buf top_ctx; 68 static pcap_t *bpf_pcap; 69 70 /* Hack for updating VLAN offsets. */ 71 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 72 73 /* XXX */ 74 #ifdef PCAP_FDDIPAD 75 int pcap_fddipad = PCAP_FDDIPAD; 76 #else 77 int pcap_fddipad; 78 #endif 79 80 /* VARARGS */ 81 __dead void 82 bpf_error(const char *fmt, ...) 83 { 84 va_list ap; 85 86 va_start(ap, fmt); 87 if (bpf_pcap != NULL) 88 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 89 fmt, ap); 90 va_end(ap); 91 longjmp(top_ctx, 1); 92 /* NOTREACHED */ 93 } 94 95 static void init_linktype(int); 96 97 static int alloc_reg(void); 98 static void free_reg(int); 99 100 static struct block *root; 101 102 /* 103 * We divy out chunks of memory rather than call malloc each time so 104 * we don't have to worry about leaking memory. It's probably 105 * not a big deal if all this memory was wasted but it this ever 106 * goes into a library that would probably not be a good idea. 107 */ 108 #define NCHUNKS 16 109 #define CHUNK0SIZE 1024 110 struct chunk { 111 u_int n_left; 112 void *m; 113 }; 114 115 static struct chunk chunks[NCHUNKS]; 116 static int cur_chunk; 117 118 static void *newchunk(u_int); 119 static void freechunks(void); 120 static __inline struct block *new_block(int); 121 static __inline struct slist *new_stmt(int); 122 static struct block *gen_retblk(int); 123 static __inline void syntax(void); 124 125 static void backpatch(struct block *, struct block *); 126 static void merge(struct block *, struct block *); 127 static struct block *gen_cmp(u_int, u_int, bpf_int32); 128 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 129 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 130 static struct block *gen_bcmp(u_int, u_int, const u_char *); 131 static struct block *gen_uncond(int); 132 static __inline struct block *gen_true(void); 133 static __inline struct block *gen_false(void); 134 static struct block *gen_linktype(int); 135 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 136 #ifdef INET6 137 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 138 #endif 139 static struct block *gen_ehostop(const u_char *, int); 140 static struct block *gen_fhostop(const u_char *, int); 141 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 142 static struct block *gen_p80211_hostop(const u_char *, int); 143 static struct block *gen_p80211_addr(int, u_int, const u_char *); 144 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 145 #ifdef INET6 146 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 147 #endif 148 #ifndef INET6 149 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 150 #endif 151 static struct block *gen_ipfrag(void); 152 static struct block *gen_portatom(int, bpf_int32); 153 #ifdef INET6 154 static struct block *gen_portatom6(int, bpf_int32); 155 #endif 156 struct block *gen_portop(int, int, int); 157 static struct block *gen_port(int, int, int); 158 #ifdef INET6 159 struct block *gen_portop6(int, int, int); 160 static struct block *gen_port6(int, int, int); 161 #endif 162 static int lookup_proto(const char *, int); 163 static struct block *gen_protochain(int, int, int); 164 static struct block *gen_proto(int, int, int); 165 static struct slist *xfer_to_x(struct arth *); 166 static struct slist *xfer_to_a(struct arth *); 167 static struct block *gen_len(int, int); 168 169 static void * 170 newchunk(n) 171 u_int n; 172 { 173 struct chunk *cp; 174 int k, size; 175 176 /* XXX Round to structure boundary. */ 177 n = ALIGN(n); 178 179 cp = &chunks[cur_chunk]; 180 if (n > cp->n_left) { 181 ++cp, k = ++cur_chunk; 182 if (k >= NCHUNKS) 183 bpf_error("out of memory"); 184 size = CHUNK0SIZE << k; 185 cp->m = (void *)malloc(size); 186 if (cp->m == NULL) 187 bpf_error("out of memory"); 188 189 memset((char *)cp->m, 0, size); 190 cp->n_left = size; 191 if (n > size) 192 bpf_error("out of memory"); 193 } 194 cp->n_left -= n; 195 return (void *)((char *)cp->m + cp->n_left); 196 } 197 198 static void 199 freechunks() 200 { 201 int i; 202 203 cur_chunk = 0; 204 for (i = 0; i < NCHUNKS; ++i) 205 if (chunks[i].m != NULL) { 206 free(chunks[i].m); 207 chunks[i].m = NULL; 208 } 209 } 210 211 /* 212 * A strdup whose allocations are freed after code generation is over. 213 */ 214 char * 215 sdup(s) 216 register const char *s; 217 { 218 int n = strlen(s) + 1; 219 char *cp = newchunk(n); 220 221 strlcpy(cp, s, n); 222 return (cp); 223 } 224 225 static __inline struct block * 226 new_block(code) 227 int code; 228 { 229 struct block *p; 230 231 p = (struct block *)newchunk(sizeof(*p)); 232 p->s.code = code; 233 p->head = p; 234 235 return p; 236 } 237 238 static __inline struct slist * 239 new_stmt(code) 240 int code; 241 { 242 struct slist *p; 243 244 p = (struct slist *)newchunk(sizeof(*p)); 245 p->s.code = code; 246 247 return p; 248 } 249 250 static struct block * 251 gen_retblk(v) 252 int v; 253 { 254 struct block *b = new_block(BPF_RET|BPF_K); 255 256 b->s.k = v; 257 return b; 258 } 259 260 static __inline void 261 syntax() 262 { 263 bpf_error("syntax error in filter expression"); 264 } 265 266 static bpf_u_int32 netmask; 267 static int snaplen; 268 int no_optimize; 269 270 int 271 pcap_compile(pcap_t *p, struct bpf_program *program, 272 char *buf, int optimize, bpf_u_int32 mask) 273 { 274 extern int n_errors; 275 int len; 276 277 no_optimize = 0; 278 n_errors = 0; 279 root = NULL; 280 bpf_pcap = p; 281 if (setjmp(top_ctx)) { 282 freechunks(); 283 return (-1); 284 } 285 286 netmask = mask; 287 snaplen = pcap_snapshot(p); 288 289 lex_init(buf ? buf : ""); 290 init_linktype(pcap_datalink(p)); 291 (void)pcap_parse(); 292 293 if (n_errors) 294 syntax(); 295 296 if (root == NULL) 297 root = gen_retblk(snaplen); 298 299 if (optimize && !no_optimize) { 300 bpf_optimize(&root); 301 if (root == NULL || 302 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 303 bpf_error("expression rejects all packets"); 304 } 305 program->bf_insns = icode_to_fcode(root, &len); 306 program->bf_len = len; 307 308 freechunks(); 309 return (0); 310 } 311 312 /* 313 * entry point for using the compiler with no pcap open 314 * pass in all the stuff that is needed explicitly instead. 315 */ 316 int 317 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 318 struct bpf_program *program, 319 char *buf, int optimize, bpf_u_int32 mask) 320 { 321 extern int n_errors; 322 int len; 323 324 n_errors = 0; 325 root = NULL; 326 bpf_pcap = NULL; 327 if (setjmp(top_ctx)) { 328 freechunks(); 329 return (-1); 330 } 331 332 netmask = mask; 333 334 /* XXX needed? I don't grok the use of globals here. */ 335 snaplen = snaplen_arg; 336 337 lex_init(buf ? buf : ""); 338 init_linktype(linktype_arg); 339 (void)pcap_parse(); 340 341 if (n_errors) 342 syntax(); 343 344 if (root == NULL) 345 root = gen_retblk(snaplen_arg); 346 347 if (optimize) { 348 bpf_optimize(&root); 349 if (root == NULL || 350 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 351 bpf_error("expression rejects all packets"); 352 } 353 program->bf_insns = icode_to_fcode(root, &len); 354 program->bf_len = len; 355 356 freechunks(); 357 return (0); 358 } 359 360 /* 361 * Clean up a "struct bpf_program" by freeing all the memory allocated 362 * in it. 363 */ 364 void 365 pcap_freecode(struct bpf_program *program) 366 { 367 program->bf_len = 0; 368 if (program->bf_insns != NULL) { 369 free((char *)program->bf_insns); 370 program->bf_insns = NULL; 371 } 372 } 373 374 /* 375 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 376 * which of the jt and jf fields has been resolved and which is a pointer 377 * back to another unresolved block (or nil). At least one of the fields 378 * in each block is already resolved. 379 */ 380 static void 381 backpatch(list, target) 382 struct block *list, *target; 383 { 384 struct block *next; 385 386 while (list) { 387 if (!list->sense) { 388 next = JT(list); 389 JT(list) = target; 390 } else { 391 next = JF(list); 392 JF(list) = target; 393 } 394 list = next; 395 } 396 } 397 398 /* 399 * Merge the lists in b0 and b1, using the 'sense' field to indicate 400 * which of jt and jf is the link. 401 */ 402 static void 403 merge(b0, b1) 404 struct block *b0, *b1; 405 { 406 register struct block **p = &b0; 407 408 /* Find end of list. */ 409 while (*p) 410 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 411 412 /* Concatenate the lists. */ 413 *p = b1; 414 } 415 416 void 417 finish_parse(p) 418 struct block *p; 419 { 420 backpatch(p, gen_retblk(snaplen)); 421 p->sense = !p->sense; 422 backpatch(p, gen_retblk(0)); 423 root = p->head; 424 } 425 426 void 427 gen_and(b0, b1) 428 struct block *b0, *b1; 429 { 430 backpatch(b0, b1->head); 431 b0->sense = !b0->sense; 432 b1->sense = !b1->sense; 433 merge(b1, b0); 434 b1->sense = !b1->sense; 435 b1->head = b0->head; 436 } 437 438 void 439 gen_or(b0, b1) 440 struct block *b0, *b1; 441 { 442 b0->sense = !b0->sense; 443 backpatch(b0, b1->head); 444 b0->sense = !b0->sense; 445 merge(b1, b0); 446 b1->head = b0->head; 447 } 448 449 void 450 gen_not(b) 451 struct block *b; 452 { 453 b->sense = !b->sense; 454 } 455 456 static struct block * 457 gen_cmp(offset, size, v) 458 u_int offset, size; 459 bpf_int32 v; 460 { 461 struct slist *s; 462 struct block *b; 463 464 s = new_stmt(BPF_LD|BPF_ABS|size); 465 s->s.k = offset; 466 467 b = new_block(JMP(BPF_JEQ)); 468 b->stmts = s; 469 b->s.k = v; 470 471 return b; 472 } 473 474 static struct block * 475 gen_cmp_gt(offset, size, v) 476 u_int offset, size; 477 bpf_int32 v; 478 { 479 struct slist *s; 480 struct block *b; 481 482 s = new_stmt(BPF_LD|BPF_ABS|size); 483 s->s.k = offset; 484 485 b = new_block(JMP(BPF_JGT)); 486 b->stmts = s; 487 b->s.k = v; 488 489 return b; 490 } 491 492 static struct block * 493 gen_mcmp(offset, size, v, mask) 494 u_int offset, size; 495 bpf_int32 v; 496 bpf_u_int32 mask; 497 { 498 struct block *b = gen_cmp(offset, size, v); 499 struct slist *s; 500 501 if (mask != 0xffffffff) { 502 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 503 s->s.k = mask; 504 b->stmts->next = s; 505 } 506 return b; 507 } 508 509 static struct block * 510 gen_bcmp(offset, size, v) 511 register u_int offset, size; 512 register const u_char *v; 513 { 514 register struct block *b, *tmp; 515 516 b = NULL; 517 while (size >= 4) { 518 register const u_char *p = &v[size - 4]; 519 bpf_int32 w = ((bpf_int32)p[0] << 24) | 520 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 521 522 tmp = gen_cmp(offset + size - 4, BPF_W, w); 523 if (b != NULL) 524 gen_and(b, tmp); 525 b = tmp; 526 size -= 4; 527 } 528 while (size >= 2) { 529 register const u_char *p = &v[size - 2]; 530 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 531 532 tmp = gen_cmp(offset + size - 2, BPF_H, w); 533 if (b != NULL) 534 gen_and(b, tmp); 535 b = tmp; 536 size -= 2; 537 } 538 if (size > 0) { 539 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 540 if (b != NULL) 541 gen_and(b, tmp); 542 b = tmp; 543 } 544 return b; 545 } 546 547 /* 548 * Various code constructs need to know the layout of the data link 549 * layer. These variables give the necessary offsets. off_linktype 550 * is set to -1 for no encapsulation, in which case, IP is assumed. 551 */ 552 static u_int off_linktype; 553 static u_int off_nl; 554 static u_int off_nl_nosnap; 555 556 static int linktype; 557 558 static void 559 init_linktype(type) 560 int type; 561 { 562 linktype = type; 563 564 switch (type) { 565 566 case DLT_EN10MB: 567 off_linktype = 12; 568 off_nl = 14; 569 return; 570 571 case DLT_SLIP: 572 /* 573 * SLIP doesn't have a link level type. The 16 byte 574 * header is hacked into our SLIP driver. 575 */ 576 off_linktype = -1; 577 off_nl = 16; 578 return; 579 580 case DLT_SLIP_BSDOS: 581 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 582 off_linktype = -1; 583 /* XXX end */ 584 off_nl = 24; 585 return; 586 587 case DLT_NULL: 588 off_linktype = 0; 589 off_nl = 4; 590 return; 591 592 case DLT_PPP: 593 off_linktype = 2; 594 off_nl = 4; 595 return; 596 597 case DLT_PPP_ETHER: 598 /* 599 * This does not include the Ethernet header, and 600 * only covers session state. 601 */ 602 off_linktype = 6; 603 off_nl = 8; 604 return; 605 606 case DLT_PPP_BSDOS: 607 off_linktype = 5; 608 off_nl = 24; 609 return; 610 611 case DLT_FDDI: 612 /* 613 * FDDI doesn't really have a link-level type field. 614 * We assume that SSAP = SNAP is being used and pick 615 * out the encapsulated Ethernet type. 616 */ 617 off_linktype = 19; 618 #ifdef PCAP_FDDIPAD 619 off_linktype += pcap_fddipad; 620 #endif 621 off_nl = 21; 622 #ifdef PCAP_FDDIPAD 623 off_nl += pcap_fddipad; 624 #endif 625 return; 626 627 case DLT_IEEE802: 628 off_linktype = 20; 629 off_nl = 22; 630 return; 631 632 case DLT_IEEE802_11: 633 off_linktype = 30; /* XXX variable */ 634 off_nl = 32; 635 return; 636 637 case DLT_IEEE802_11_RADIO: /* XXX variable */ 638 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 639 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 640 return; 641 642 case DLT_ATM_RFC1483: 643 /* 644 * assume routed, non-ISO PDUs 645 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 646 */ 647 off_linktype = 6; 648 off_nl = 8; 649 return; 650 651 case DLT_LOOP: 652 off_linktype = -1; 653 off_nl = 4; 654 return; 655 656 case DLT_ENC: 657 off_linktype = -1; 658 off_nl = 12; 659 return; 660 661 case DLT_PFLOG: 662 off_linktype = 0; 663 /* XXX read from header? */ 664 off_nl = PFLOG_HDRLEN; 665 return; 666 667 case DLT_PFSYNC: 668 off_linktype = -1; 669 off_nl = 4; 670 return; 671 672 case DLT_RAW: 673 off_linktype = -1; 674 off_nl = 0; 675 return; 676 } 677 bpf_error("unknown data link type 0x%x", linktype); 678 /* NOTREACHED */ 679 } 680 681 static struct block * 682 gen_uncond(rsense) 683 int rsense; 684 { 685 struct block *b; 686 struct slist *s; 687 688 s = new_stmt(BPF_LD|BPF_IMM); 689 s->s.k = !rsense; 690 b = new_block(JMP(BPF_JEQ)); 691 b->stmts = s; 692 693 return b; 694 } 695 696 static __inline struct block * 697 gen_true() 698 { 699 return gen_uncond(1); 700 } 701 702 static __inline struct block * 703 gen_false() 704 { 705 return gen_uncond(0); 706 } 707 708 static struct block * 709 gen_linktype(proto) 710 register int proto; 711 { 712 struct block *b0, *b1; 713 714 /* If we're not using encapsulation and checking for IP, we're done */ 715 if (off_linktype == -1 && proto == ETHERTYPE_IP) 716 return gen_true(); 717 #ifdef INET6 718 /* this isn't the right thing to do, but sometimes necessary */ 719 if (off_linktype == -1 && proto == ETHERTYPE_IPV6) 720 return gen_true(); 721 #endif 722 723 switch (linktype) { 724 725 case DLT_EN10MB: 726 if (proto <= ETHERMTU) { 727 /* This is an LLC SAP value */ 728 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 729 gen_not(b0); 730 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 731 gen_and(b0, b1); 732 return b1; 733 } else { 734 /* This is an Ethernet type */ 735 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 736 } 737 break; 738 739 case DLT_SLIP: 740 return gen_false(); 741 742 case DLT_PPP: 743 case DLT_PPP_ETHER: 744 if (proto == ETHERTYPE_IP) 745 proto = PPP_IP; /* XXX was 0x21 */ 746 #ifdef INET6 747 else if (proto == ETHERTYPE_IPV6) 748 proto = PPP_IPV6; 749 #endif 750 break; 751 752 case DLT_PPP_BSDOS: 753 switch (proto) { 754 755 case ETHERTYPE_IP: 756 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 757 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 758 gen_or(b0, b1); 759 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 760 gen_or(b1, b0); 761 return b0; 762 763 #ifdef INET6 764 case ETHERTYPE_IPV6: 765 proto = PPP_IPV6; 766 /* more to go? */ 767 break; 768 #endif /* INET6 */ 769 770 case ETHERTYPE_DN: 771 proto = PPP_DECNET; 772 break; 773 774 case ETHERTYPE_ATALK: 775 proto = PPP_APPLE; 776 break; 777 778 case ETHERTYPE_NS: 779 proto = PPP_NS; 780 break; 781 } 782 break; 783 784 case DLT_LOOP: 785 case DLT_ENC: 786 case DLT_NULL: 787 /* XXX */ 788 if (proto == ETHERTYPE_IP) 789 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 790 #ifdef INET6 791 else if (proto == ETHERTYPE_IPV6) 792 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 793 #endif /* INET6 */ 794 else 795 return gen_false(); 796 break; 797 case DLT_PFLOG: 798 if (proto == ETHERTYPE_IP) 799 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 800 (bpf_int32)AF_INET)); 801 #ifdef INET6 802 else if (proto == ETHERTYPE_IPV6) 803 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 804 (bpf_int32)AF_INET6)); 805 #endif /* INET6 */ 806 else 807 return gen_false(); 808 break; 809 810 } 811 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 812 } 813 814 static struct block * 815 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 816 bpf_u_int32 addr; 817 bpf_u_int32 mask; 818 int dir, proto; 819 u_int src_off, dst_off; 820 { 821 struct block *b0, *b1; 822 u_int offset; 823 824 switch (dir) { 825 826 case Q_SRC: 827 offset = src_off; 828 break; 829 830 case Q_DST: 831 offset = dst_off; 832 break; 833 834 case Q_AND: 835 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 836 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 837 gen_and(b0, b1); 838 return b1; 839 840 case Q_OR: 841 case Q_DEFAULT: 842 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 843 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 844 gen_or(b0, b1); 845 return b1; 846 847 default: 848 bpf_error("direction not supported on linktype 0x%x", 849 linktype); 850 } 851 b0 = gen_linktype(proto); 852 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 853 gen_and(b0, b1); 854 return b1; 855 } 856 857 #ifdef INET6 858 static struct block * 859 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 860 struct in6_addr *addr; 861 struct in6_addr *mask; 862 int dir, proto; 863 u_int src_off, dst_off; 864 { 865 struct block *b0, *b1; 866 u_int offset; 867 u_int32_t *a, *m; 868 869 switch (dir) { 870 871 case Q_SRC: 872 offset = src_off; 873 break; 874 875 case Q_DST: 876 offset = dst_off; 877 break; 878 879 case Q_AND: 880 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 881 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 882 gen_and(b0, b1); 883 return b1; 884 885 case Q_OR: 886 case Q_DEFAULT: 887 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 888 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 889 gen_or(b0, b1); 890 return b1; 891 892 default: 893 bpf_error("direction not supported on linktype 0x%x", 894 linktype); 895 } 896 /* this order is important */ 897 a = (u_int32_t *)addr; 898 m = (u_int32_t *)mask; 899 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 900 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 901 gen_and(b0, b1); 902 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 903 gen_and(b0, b1); 904 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 905 gen_and(b0, b1); 906 b0 = gen_linktype(proto); 907 gen_and(b0, b1); 908 return b1; 909 } 910 #endif /*INET6*/ 911 912 static struct block * 913 gen_ehostop(eaddr, dir) 914 register const u_char *eaddr; 915 register int dir; 916 { 917 struct block *b0, *b1; 918 919 switch (dir) { 920 case Q_SRC: 921 return gen_bcmp(6, 6, eaddr); 922 923 case Q_DST: 924 return gen_bcmp(0, 6, eaddr); 925 926 case Q_AND: 927 b0 = gen_ehostop(eaddr, Q_SRC); 928 b1 = gen_ehostop(eaddr, Q_DST); 929 gen_and(b0, b1); 930 return b1; 931 932 case Q_DEFAULT: 933 case Q_OR: 934 b0 = gen_ehostop(eaddr, Q_SRC); 935 b1 = gen_ehostop(eaddr, Q_DST); 936 gen_or(b0, b1); 937 return b1; 938 default: 939 bpf_error("direction not supported on linktype 0x%x", 940 linktype); 941 } 942 /* NOTREACHED */ 943 } 944 945 /* 946 * Like gen_ehostop, but for DLT_FDDI 947 */ 948 static struct block * 949 gen_fhostop(eaddr, dir) 950 register const u_char *eaddr; 951 register int dir; 952 { 953 struct block *b0, *b1; 954 955 switch (dir) { 956 case Q_SRC: 957 #ifdef PCAP_FDDIPAD 958 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 959 #else 960 return gen_bcmp(6 + 1, 6, eaddr); 961 #endif 962 963 case Q_DST: 964 #ifdef PCAP_FDDIPAD 965 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 966 #else 967 return gen_bcmp(0 + 1, 6, eaddr); 968 #endif 969 970 case Q_AND: 971 b0 = gen_fhostop(eaddr, Q_SRC); 972 b1 = gen_fhostop(eaddr, Q_DST); 973 gen_and(b0, b1); 974 return b1; 975 976 case Q_DEFAULT: 977 case Q_OR: 978 b0 = gen_fhostop(eaddr, Q_SRC); 979 b1 = gen_fhostop(eaddr, Q_DST); 980 gen_or(b0, b1); 981 return b1; 982 default: 983 bpf_error("direction not supported on linktype 0x%x", 984 linktype); 985 } 986 /* NOTREACHED */ 987 } 988 989 /* 990 * This is quite tricky because there may be pad bytes in front of the 991 * DECNET header, and then there are two possible data packet formats that 992 * carry both src and dst addresses, plus 5 packet types in a format that 993 * carries only the src node, plus 2 types that use a different format and 994 * also carry just the src node. 995 * 996 * Yuck. 997 * 998 * Instead of doing those all right, we just look for data packets with 999 * 0 or 1 bytes of padding. If you want to look at other packets, that 1000 * will require a lot more hacking. 1001 * 1002 * To add support for filtering on DECNET "areas" (network numbers) 1003 * one would want to add a "mask" argument to this routine. That would 1004 * make the filter even more inefficient, although one could be clever 1005 * and not generate masking instructions if the mask is 0xFFFF. 1006 */ 1007 static struct block * 1008 gen_dnhostop(addr, dir, base_off) 1009 bpf_u_int32 addr; 1010 int dir; 1011 u_int base_off; 1012 { 1013 struct block *b0, *b1, *b2, *tmp; 1014 u_int offset_lh; /* offset if long header is received */ 1015 u_int offset_sh; /* offset if short header is received */ 1016 1017 switch (dir) { 1018 1019 case Q_DST: 1020 offset_sh = 1; /* follows flags */ 1021 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1022 break; 1023 1024 case Q_SRC: 1025 offset_sh = 3; /* follows flags, dstnode */ 1026 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1027 break; 1028 1029 case Q_AND: 1030 /* Inefficient because we do our Calvinball dance twice */ 1031 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1032 b1 = gen_dnhostop(addr, Q_DST, base_off); 1033 gen_and(b0, b1); 1034 return b1; 1035 1036 case Q_OR: 1037 case Q_DEFAULT: 1038 /* Inefficient because we do our Calvinball dance twice */ 1039 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1040 b1 = gen_dnhostop(addr, Q_DST, base_off); 1041 gen_or(b0, b1); 1042 return b1; 1043 1044 default: 1045 bpf_error("direction not supported on linktype 0x%x", 1046 linktype); 1047 } 1048 b0 = gen_linktype(ETHERTYPE_DN); 1049 /* Check for pad = 1, long header case */ 1050 tmp = gen_mcmp(base_off + 2, BPF_H, 1051 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1052 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 1053 BPF_H, (bpf_int32)ntohs(addr)); 1054 gen_and(tmp, b1); 1055 /* Check for pad = 0, long header case */ 1056 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1057 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1058 gen_and(tmp, b2); 1059 gen_or(b2, b1); 1060 /* Check for pad = 1, short header case */ 1061 tmp = gen_mcmp(base_off + 2, BPF_H, 1062 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1063 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 1064 BPF_H, (bpf_int32)ntohs(addr)); 1065 gen_and(tmp, b2); 1066 gen_or(b2, b1); 1067 /* Check for pad = 0, short header case */ 1068 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1069 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1070 gen_and(tmp, b2); 1071 gen_or(b2, b1); 1072 1073 /* Combine with test for linktype */ 1074 gen_and(b0, b1); 1075 return b1; 1076 } 1077 1078 static struct block * 1079 gen_host(addr, mask, proto, dir) 1080 bpf_u_int32 addr; 1081 bpf_u_int32 mask; 1082 int proto; 1083 int dir; 1084 { 1085 struct block *b0, *b1; 1086 1087 switch (proto) { 1088 1089 case Q_DEFAULT: 1090 b0 = gen_host(addr, mask, Q_IP, dir); 1091 b1 = gen_host(addr, mask, Q_ARP, dir); 1092 gen_or(b0, b1); 1093 b0 = gen_host(addr, mask, Q_RARP, dir); 1094 gen_or(b1, b0); 1095 return b0; 1096 1097 case Q_IP: 1098 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1099 off_nl + 12, off_nl + 16); 1100 1101 case Q_RARP: 1102 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1103 off_nl + 14, off_nl + 24); 1104 1105 case Q_ARP: 1106 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1107 off_nl + 14, off_nl + 24); 1108 1109 case Q_TCP: 1110 bpf_error("'tcp' modifier applied to host"); 1111 1112 case Q_UDP: 1113 bpf_error("'udp' modifier applied to host"); 1114 1115 case Q_ICMP: 1116 bpf_error("'icmp' modifier applied to host"); 1117 1118 case Q_IGMP: 1119 bpf_error("'igmp' modifier applied to host"); 1120 1121 case Q_IGRP: 1122 bpf_error("'igrp' modifier applied to host"); 1123 1124 case Q_PIM: 1125 bpf_error("'pim' modifier applied to host"); 1126 1127 case Q_STP: 1128 bpf_error("'stp' modifier applied to host"); 1129 1130 case Q_ATALK: 1131 bpf_error("ATALK host filtering not implemented"); 1132 1133 case Q_DECNET: 1134 return gen_dnhostop(addr, dir, off_nl); 1135 1136 case Q_SCA: 1137 bpf_error("SCA host filtering not implemented"); 1138 1139 case Q_LAT: 1140 bpf_error("LAT host filtering not implemented"); 1141 1142 case Q_MOPDL: 1143 bpf_error("MOPDL host filtering not implemented"); 1144 1145 case Q_MOPRC: 1146 bpf_error("MOPRC host filtering not implemented"); 1147 1148 #ifdef INET6 1149 case Q_IPV6: 1150 bpf_error("'ip6' modifier applied to ip host"); 1151 1152 case Q_ICMPV6: 1153 bpf_error("'icmp6' modifier applied to host"); 1154 #endif /* INET6 */ 1155 1156 case Q_AH: 1157 bpf_error("'ah' modifier applied to host"); 1158 1159 case Q_ESP: 1160 bpf_error("'esp' modifier applied to host"); 1161 1162 default: 1163 bpf_error("direction not supported on linktype 0x%x", 1164 linktype); 1165 } 1166 /* NOTREACHED */ 1167 } 1168 1169 #ifdef INET6 1170 static struct block * 1171 gen_host6(addr, mask, proto, dir) 1172 struct in6_addr *addr; 1173 struct in6_addr *mask; 1174 int proto; 1175 int dir; 1176 { 1177 switch (proto) { 1178 1179 case Q_DEFAULT: 1180 return gen_host6(addr, mask, Q_IPV6, dir); 1181 1182 case Q_IP: 1183 bpf_error("'ip' modifier applied to ip6 host"); 1184 1185 case Q_RARP: 1186 bpf_error("'rarp' modifier applied to ip6 host"); 1187 1188 case Q_ARP: 1189 bpf_error("'arp' modifier applied to ip6 host"); 1190 1191 case Q_TCP: 1192 bpf_error("'tcp' modifier applied to host"); 1193 1194 case Q_UDP: 1195 bpf_error("'udp' modifier applied to host"); 1196 1197 case Q_ICMP: 1198 bpf_error("'icmp' modifier applied to host"); 1199 1200 case Q_IGMP: 1201 bpf_error("'igmp' modifier applied to host"); 1202 1203 case Q_IGRP: 1204 bpf_error("'igrp' modifier applied to host"); 1205 1206 case Q_PIM: 1207 bpf_error("'pim' modifier applied to host"); 1208 1209 case Q_STP: 1210 bpf_error("'stp' modifier applied to host"); 1211 1212 case Q_ATALK: 1213 bpf_error("ATALK host filtering not implemented"); 1214 1215 case Q_DECNET: 1216 bpf_error("'decnet' modifier applied to ip6 host"); 1217 1218 case Q_SCA: 1219 bpf_error("SCA host filtering not implemented"); 1220 1221 case Q_LAT: 1222 bpf_error("LAT host filtering not implemented"); 1223 1224 case Q_MOPDL: 1225 bpf_error("MOPDL host filtering not implemented"); 1226 1227 case Q_MOPRC: 1228 bpf_error("MOPRC host filtering not implemented"); 1229 1230 case Q_IPV6: 1231 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1232 off_nl + 8, off_nl + 24); 1233 1234 case Q_ICMPV6: 1235 bpf_error("'icmp6' modifier applied to host"); 1236 1237 case Q_AH: 1238 bpf_error("'ah' modifier applied to host"); 1239 1240 case Q_ESP: 1241 bpf_error("'esp' modifier applied to host"); 1242 1243 default: 1244 abort(); 1245 } 1246 /* NOTREACHED */ 1247 } 1248 #endif /*INET6*/ 1249 1250 #ifndef INET6 1251 static struct block * 1252 gen_gateway(eaddr, alist, proto, dir) 1253 const u_char *eaddr; 1254 bpf_u_int32 **alist; 1255 int proto; 1256 int dir; 1257 { 1258 struct block *b0, *b1, *tmp; 1259 1260 if (dir != 0) 1261 bpf_error("direction applied to 'gateway'"); 1262 1263 switch (proto) { 1264 case Q_DEFAULT: 1265 case Q_IP: 1266 case Q_ARP: 1267 case Q_RARP: 1268 if (linktype == DLT_EN10MB) 1269 b0 = gen_ehostop(eaddr, Q_OR); 1270 else if (linktype == DLT_FDDI) 1271 b0 = gen_fhostop(eaddr, Q_OR); 1272 else 1273 bpf_error( 1274 "'gateway' supported only on ethernet or FDDI"); 1275 1276 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1277 while (*alist) { 1278 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1279 gen_or(b1, tmp); 1280 b1 = tmp; 1281 } 1282 gen_not(b1); 1283 gen_and(b0, b1); 1284 return b1; 1285 } 1286 bpf_error("illegal modifier of 'gateway'"); 1287 /* NOTREACHED */ 1288 } 1289 #endif /*INET6*/ 1290 1291 struct block * 1292 gen_proto_abbrev(proto) 1293 int proto; 1294 { 1295 struct block *b0 = NULL, *b1; 1296 1297 switch (proto) { 1298 1299 case Q_TCP: 1300 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1301 #ifdef INET6 1302 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1303 gen_or(b0, b1); 1304 #endif 1305 break; 1306 1307 case Q_UDP: 1308 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1309 #ifdef INET6 1310 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1311 gen_or(b0, b1); 1312 #endif 1313 break; 1314 1315 case Q_ICMP: 1316 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1317 break; 1318 1319 #ifndef IPPROTO_IGMP 1320 #define IPPROTO_IGMP 2 1321 #endif 1322 1323 case Q_IGMP: 1324 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1325 break; 1326 1327 #ifndef IPPROTO_IGRP 1328 #define IPPROTO_IGRP 9 1329 #endif 1330 case Q_IGRP: 1331 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1332 break; 1333 1334 #ifndef IPPROTO_PIM 1335 #define IPPROTO_PIM 103 1336 #endif 1337 1338 case Q_PIM: 1339 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1340 #ifdef INET6 1341 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1342 gen_or(b0, b1); 1343 #endif 1344 break; 1345 1346 case Q_IP: 1347 b1 = gen_linktype(ETHERTYPE_IP); 1348 break; 1349 1350 case Q_ARP: 1351 b1 = gen_linktype(ETHERTYPE_ARP); 1352 break; 1353 1354 case Q_RARP: 1355 b1 = gen_linktype(ETHERTYPE_REVARP); 1356 break; 1357 1358 case Q_LINK: 1359 bpf_error("link layer applied in wrong context"); 1360 1361 case Q_ATALK: 1362 b1 = gen_linktype(ETHERTYPE_ATALK); 1363 break; 1364 1365 case Q_DECNET: 1366 b1 = gen_linktype(ETHERTYPE_DN); 1367 break; 1368 1369 case Q_SCA: 1370 b1 = gen_linktype(ETHERTYPE_SCA); 1371 break; 1372 1373 case Q_LAT: 1374 b1 = gen_linktype(ETHERTYPE_LAT); 1375 break; 1376 1377 case Q_MOPDL: 1378 b1 = gen_linktype(ETHERTYPE_MOPDL); 1379 break; 1380 1381 case Q_MOPRC: 1382 b1 = gen_linktype(ETHERTYPE_MOPRC); 1383 break; 1384 1385 case Q_STP: 1386 b1 = gen_linktype(LLCSAP_8021D); 1387 break; 1388 1389 #ifdef INET6 1390 case Q_IPV6: 1391 b1 = gen_linktype(ETHERTYPE_IPV6); 1392 break; 1393 1394 #ifndef IPPROTO_ICMPV6 1395 #define IPPROTO_ICMPV6 58 1396 #endif 1397 case Q_ICMPV6: 1398 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1399 break; 1400 #endif /* INET6 */ 1401 1402 #ifndef IPPROTO_AH 1403 #define IPPROTO_AH 51 1404 #endif 1405 case Q_AH: 1406 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1407 #ifdef INET6 1408 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1409 gen_or(b0, b1); 1410 #endif 1411 break; 1412 1413 #ifndef IPPROTO_ESP 1414 #define IPPROTO_ESP 50 1415 #endif 1416 case Q_ESP: 1417 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1418 #ifdef INET6 1419 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1420 gen_or(b0, b1); 1421 #endif 1422 break; 1423 1424 default: 1425 abort(); 1426 } 1427 return b1; 1428 } 1429 1430 static struct block * 1431 gen_ipfrag() 1432 { 1433 struct slist *s; 1434 struct block *b; 1435 1436 /* not ip frag */ 1437 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1438 s->s.k = off_nl + 6; 1439 b = new_block(JMP(BPF_JSET)); 1440 b->s.k = 0x1fff; 1441 b->stmts = s; 1442 gen_not(b); 1443 1444 return b; 1445 } 1446 1447 static struct block * 1448 gen_portatom(off, v) 1449 int off; 1450 bpf_int32 v; 1451 { 1452 struct slist *s; 1453 struct block *b; 1454 1455 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1456 s->s.k = off_nl; 1457 1458 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 1459 s->next->s.k = off_nl + off; 1460 1461 b = new_block(JMP(BPF_JEQ)); 1462 b->stmts = s; 1463 b->s.k = v; 1464 1465 return b; 1466 } 1467 1468 #ifdef INET6 1469 static struct block * 1470 gen_portatom6(off, v) 1471 int off; 1472 bpf_int32 v; 1473 { 1474 return gen_cmp(off_nl + 40 + off, BPF_H, v); 1475 } 1476 #endif/*INET6*/ 1477 1478 struct block * 1479 gen_portop(port, proto, dir) 1480 int port, proto, dir; 1481 { 1482 struct block *b0, *b1, *tmp; 1483 1484 /* ip proto 'proto' */ 1485 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 1486 b0 = gen_ipfrag(); 1487 gen_and(tmp, b0); 1488 1489 switch (dir) { 1490 case Q_SRC: 1491 b1 = gen_portatom(0, (bpf_int32)port); 1492 break; 1493 1494 case Q_DST: 1495 b1 = gen_portatom(2, (bpf_int32)port); 1496 break; 1497 1498 case Q_OR: 1499 case Q_DEFAULT: 1500 tmp = gen_portatom(0, (bpf_int32)port); 1501 b1 = gen_portatom(2, (bpf_int32)port); 1502 gen_or(tmp, b1); 1503 break; 1504 1505 case Q_AND: 1506 tmp = gen_portatom(0, (bpf_int32)port); 1507 b1 = gen_portatom(2, (bpf_int32)port); 1508 gen_and(tmp, b1); 1509 break; 1510 1511 default: 1512 abort(); 1513 } 1514 gen_and(b0, b1); 1515 1516 return b1; 1517 } 1518 1519 static struct block * 1520 gen_port(port, ip_proto, dir) 1521 int port; 1522 int ip_proto; 1523 int dir; 1524 { 1525 struct block *b0, *b1, *tmp; 1526 1527 /* ether proto ip */ 1528 b0 = gen_linktype(ETHERTYPE_IP); 1529 1530 switch (ip_proto) { 1531 case IPPROTO_UDP: 1532 case IPPROTO_TCP: 1533 b1 = gen_portop(port, ip_proto, dir); 1534 break; 1535 1536 case PROTO_UNDEF: 1537 tmp = gen_portop(port, IPPROTO_TCP, dir); 1538 b1 = gen_portop(port, IPPROTO_UDP, dir); 1539 gen_or(tmp, b1); 1540 break; 1541 1542 default: 1543 abort(); 1544 } 1545 gen_and(b0, b1); 1546 return b1; 1547 } 1548 1549 #ifdef INET6 1550 struct block * 1551 gen_portop6(port, proto, dir) 1552 int port, proto, dir; 1553 { 1554 struct block *b0, *b1, *tmp; 1555 1556 /* ip proto 'proto' */ 1557 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 1558 1559 switch (dir) { 1560 case Q_SRC: 1561 b1 = gen_portatom6(0, (bpf_int32)port); 1562 break; 1563 1564 case Q_DST: 1565 b1 = gen_portatom6(2, (bpf_int32)port); 1566 break; 1567 1568 case Q_OR: 1569 case Q_DEFAULT: 1570 tmp = gen_portatom6(0, (bpf_int32)port); 1571 b1 = gen_portatom6(2, (bpf_int32)port); 1572 gen_or(tmp, b1); 1573 break; 1574 1575 case Q_AND: 1576 tmp = gen_portatom6(0, (bpf_int32)port); 1577 b1 = gen_portatom6(2, (bpf_int32)port); 1578 gen_and(tmp, b1); 1579 break; 1580 1581 default: 1582 abort(); 1583 } 1584 gen_and(b0, b1); 1585 1586 return b1; 1587 } 1588 1589 static struct block * 1590 gen_port6(port, ip_proto, dir) 1591 int port; 1592 int ip_proto; 1593 int dir; 1594 { 1595 struct block *b0, *b1, *tmp; 1596 1597 /* ether proto ip */ 1598 b0 = gen_linktype(ETHERTYPE_IPV6); 1599 1600 switch (ip_proto) { 1601 case IPPROTO_UDP: 1602 case IPPROTO_TCP: 1603 b1 = gen_portop6(port, ip_proto, dir); 1604 break; 1605 1606 case PROTO_UNDEF: 1607 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1608 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1609 gen_or(tmp, b1); 1610 break; 1611 1612 default: 1613 abort(); 1614 } 1615 gen_and(b0, b1); 1616 return b1; 1617 } 1618 #endif /* INET6 */ 1619 1620 static int 1621 lookup_proto(name, proto) 1622 register const char *name; 1623 register int proto; 1624 { 1625 register int v; 1626 1627 switch (proto) { 1628 1629 case Q_DEFAULT: 1630 case Q_IP: 1631 v = pcap_nametoproto(name); 1632 if (v == PROTO_UNDEF) 1633 bpf_error("unknown ip proto '%s'", name); 1634 break; 1635 1636 case Q_LINK: 1637 /* XXX should look up h/w protocol type based on linktype */ 1638 v = pcap_nametoeproto(name); 1639 if (v == PROTO_UNDEF) { 1640 v = pcap_nametollc(name); 1641 if (v == PROTO_UNDEF) 1642 bpf_error("unknown ether proto '%s'", name); 1643 } 1644 break; 1645 1646 default: 1647 v = PROTO_UNDEF; 1648 break; 1649 } 1650 return v; 1651 } 1652 1653 static struct block * 1654 gen_protochain(v, proto, dir) 1655 int v; 1656 int proto; 1657 int dir; 1658 { 1659 struct block *b0, *b; 1660 struct slist *s[100]; 1661 int fix2, fix3, fix4, fix5; 1662 int ahcheck, again, end; 1663 int i, max; 1664 int reg1 = alloc_reg(); 1665 int reg2 = alloc_reg(); 1666 1667 memset(s, 0, sizeof(s)); 1668 fix2 = fix3 = fix4 = fix5 = 0; 1669 1670 switch (proto) { 1671 case Q_IP: 1672 case Q_IPV6: 1673 break; 1674 case Q_DEFAULT: 1675 b0 = gen_protochain(v, Q_IP, dir); 1676 b = gen_protochain(v, Q_IPV6, dir); 1677 gen_or(b0, b); 1678 return b; 1679 default: 1680 bpf_error("bad protocol applied for 'protochain'"); 1681 /*NOTREACHED*/ 1682 } 1683 1684 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1685 1686 /* 1687 * s[0] is a dummy entry to protect other BPF insn from damaged 1688 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1689 * hard to find interdependency made by jump table fixup. 1690 */ 1691 i = 0; 1692 s[i] = new_stmt(0); /*dummy*/ 1693 i++; 1694 1695 switch (proto) { 1696 case Q_IP: 1697 b0 = gen_linktype(ETHERTYPE_IP); 1698 1699 /* A = ip->ip_p */ 1700 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1701 s[i]->s.k = off_nl + 9; 1702 i++; 1703 /* X = ip->ip_hl << 2 */ 1704 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1705 s[i]->s.k = off_nl; 1706 i++; 1707 break; 1708 case Q_IPV6: 1709 b0 = gen_linktype(ETHERTYPE_IPV6); 1710 1711 /* A = ip6->ip_nxt */ 1712 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1713 s[i]->s.k = off_nl + 6; 1714 i++; 1715 /* X = sizeof(struct ip6_hdr) */ 1716 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1717 s[i]->s.k = 40; 1718 i++; 1719 break; 1720 default: 1721 bpf_error("unsupported proto to gen_protochain"); 1722 /*NOTREACHED*/ 1723 } 1724 1725 /* again: if (A == v) goto end; else fall through; */ 1726 again = i; 1727 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1728 s[i]->s.k = v; 1729 s[i]->s.jt = NULL; /*later*/ 1730 s[i]->s.jf = NULL; /*update in next stmt*/ 1731 fix5 = i; 1732 i++; 1733 1734 /* if (A == IPPROTO_NONE) goto end */ 1735 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1736 s[i]->s.jt = NULL; /*later*/ 1737 s[i]->s.jf = NULL; /*update in next stmt*/ 1738 s[i]->s.k = IPPROTO_NONE; 1739 s[fix5]->s.jf = s[i]; 1740 fix2 = i; 1741 i++; 1742 1743 if (proto == Q_IPV6) { 1744 int v6start, v6end, v6advance, j; 1745 1746 v6start = i; 1747 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1748 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1749 s[i]->s.jt = NULL; /*later*/ 1750 s[i]->s.jf = NULL; /*update in next stmt*/ 1751 s[i]->s.k = IPPROTO_HOPOPTS; 1752 s[fix2]->s.jf = s[i]; 1753 i++; 1754 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1755 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1756 s[i]->s.jt = NULL; /*later*/ 1757 s[i]->s.jf = NULL; /*update in next stmt*/ 1758 s[i]->s.k = IPPROTO_DSTOPTS; 1759 i++; 1760 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1761 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1762 s[i]->s.jt = NULL; /*later*/ 1763 s[i]->s.jf = NULL; /*update in next stmt*/ 1764 s[i]->s.k = IPPROTO_ROUTING; 1765 i++; 1766 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1767 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1768 s[i]->s.jt = NULL; /*later*/ 1769 s[i]->s.jf = NULL; /*later*/ 1770 s[i]->s.k = IPPROTO_FRAGMENT; 1771 fix3 = i; 1772 v6end = i; 1773 i++; 1774 1775 /* v6advance: */ 1776 v6advance = i; 1777 1778 /* 1779 * in short, 1780 * A = P[X + 1]; 1781 * X = X + (P[X] + 1) * 8; 1782 */ 1783 /* A = X */ 1784 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1785 i++; 1786 /* MEM[reg1] = A */ 1787 s[i] = new_stmt(BPF_ST); 1788 s[i]->s.k = reg1; 1789 i++; 1790 /* A += 1 */ 1791 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1792 s[i]->s.k = 1; 1793 i++; 1794 /* X = A */ 1795 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1796 i++; 1797 /* A = P[X + packet head]; */ 1798 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1799 s[i]->s.k = off_nl; 1800 i++; 1801 /* MEM[reg2] = A */ 1802 s[i] = new_stmt(BPF_ST); 1803 s[i]->s.k = reg2; 1804 i++; 1805 /* X = MEM[reg1] */ 1806 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1807 s[i]->s.k = reg1; 1808 i++; 1809 /* A = P[X + packet head] */ 1810 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1811 s[i]->s.k = off_nl; 1812 i++; 1813 /* A += 1 */ 1814 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1815 s[i]->s.k = 1; 1816 i++; 1817 /* A *= 8 */ 1818 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1819 s[i]->s.k = 8; 1820 i++; 1821 /* X = A; */ 1822 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1823 i++; 1824 /* A = MEM[reg2] */ 1825 s[i] = new_stmt(BPF_LD|BPF_MEM); 1826 s[i]->s.k = reg2; 1827 i++; 1828 1829 /* goto again; (must use BPF_JA for backward jump) */ 1830 s[i] = new_stmt(BPF_JMP|BPF_JA); 1831 s[i]->s.k = again - i - 1; 1832 s[i - 1]->s.jf = s[i]; 1833 i++; 1834 1835 /* fixup */ 1836 for (j = v6start; j <= v6end; j++) 1837 s[j]->s.jt = s[v6advance]; 1838 } else { 1839 /* nop */ 1840 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1841 s[i]->s.k = 0; 1842 s[fix2]->s.jf = s[i]; 1843 i++; 1844 } 1845 1846 /* ahcheck: */ 1847 ahcheck = i; 1848 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 1849 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1850 s[i]->s.jt = NULL; /*later*/ 1851 s[i]->s.jf = NULL; /*later*/ 1852 s[i]->s.k = IPPROTO_AH; 1853 if (fix3) 1854 s[fix3]->s.jf = s[ahcheck]; 1855 fix4 = i; 1856 i++; 1857 1858 /* 1859 * in short, 1860 * A = P[X + 1]; 1861 * X = X + (P[X] + 2) * 4; 1862 */ 1863 /* A = X */ 1864 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 1865 i++; 1866 /* MEM[reg1] = A */ 1867 s[i] = new_stmt(BPF_ST); 1868 s[i]->s.k = reg1; 1869 i++; 1870 /* A += 1 */ 1871 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1872 s[i]->s.k = 1; 1873 i++; 1874 /* X = A */ 1875 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1876 i++; 1877 /* A = P[X + packet head]; */ 1878 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1879 s[i]->s.k = off_nl; 1880 i++; 1881 /* MEM[reg2] = A */ 1882 s[i] = new_stmt(BPF_ST); 1883 s[i]->s.k = reg2; 1884 i++; 1885 /* X = MEM[reg1] */ 1886 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1887 s[i]->s.k = reg1; 1888 i++; 1889 /* A = P[X + packet head] */ 1890 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1891 s[i]->s.k = off_nl; 1892 i++; 1893 /* A += 2 */ 1894 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1895 s[i]->s.k = 2; 1896 i++; 1897 /* A *= 4 */ 1898 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1899 s[i]->s.k = 4; 1900 i++; 1901 /* X = A; */ 1902 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1903 i++; 1904 /* A = MEM[reg2] */ 1905 s[i] = new_stmt(BPF_LD|BPF_MEM); 1906 s[i]->s.k = reg2; 1907 i++; 1908 1909 /* goto again; (must use BPF_JA for backward jump) */ 1910 s[i] = new_stmt(BPF_JMP|BPF_JA); 1911 s[i]->s.k = again - i - 1; 1912 i++; 1913 1914 /* end: nop */ 1915 end = i; 1916 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1917 s[i]->s.k = 0; 1918 s[fix2]->s.jt = s[end]; 1919 s[fix4]->s.jf = s[end]; 1920 s[fix5]->s.jt = s[end]; 1921 i++; 1922 1923 /* 1924 * make slist chain 1925 */ 1926 max = i; 1927 for (i = 0; i < max - 1; i++) 1928 s[i]->next = s[i + 1]; 1929 s[max - 1]->next = NULL; 1930 1931 /* 1932 * emit final check 1933 */ 1934 b = new_block(JMP(BPF_JEQ)); 1935 b->stmts = s[1]; /*remember, s[0] is dummy*/ 1936 b->s.k = v; 1937 1938 free_reg(reg1); 1939 free_reg(reg2); 1940 1941 gen_and(b0, b); 1942 return b; 1943 } 1944 1945 static struct block * 1946 gen_proto(v, proto, dir) 1947 int v; 1948 int proto; 1949 int dir; 1950 { 1951 struct block *b0, *b1; 1952 1953 if (dir != Q_DEFAULT) 1954 bpf_error("direction applied to 'proto'"); 1955 1956 switch (proto) { 1957 case Q_DEFAULT: 1958 #ifdef INET6 1959 b0 = gen_proto(v, Q_IP, dir); 1960 b1 = gen_proto(v, Q_IPV6, dir); 1961 gen_or(b0, b1); 1962 return b1; 1963 #else 1964 /*FALLTHROUGH*/ 1965 #endif 1966 case Q_IP: 1967 b0 = gen_linktype(ETHERTYPE_IP); 1968 #ifndef CHASE_CHAIN 1969 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 1970 #else 1971 b1 = gen_protochain(v, Q_IP); 1972 #endif 1973 gen_and(b0, b1); 1974 return b1; 1975 1976 case Q_ARP: 1977 bpf_error("arp does not encapsulate another protocol"); 1978 /* NOTREACHED */ 1979 1980 case Q_RARP: 1981 bpf_error("rarp does not encapsulate another protocol"); 1982 /* NOTREACHED */ 1983 1984 case Q_ATALK: 1985 bpf_error("atalk encapsulation is not specifiable"); 1986 /* NOTREACHED */ 1987 1988 case Q_DECNET: 1989 bpf_error("decnet encapsulation is not specifiable"); 1990 /* NOTREACHED */ 1991 1992 case Q_SCA: 1993 bpf_error("sca does not encapsulate another protocol"); 1994 /* NOTREACHED */ 1995 1996 case Q_LAT: 1997 bpf_error("lat does not encapsulate another protocol"); 1998 /* NOTREACHED */ 1999 2000 case Q_MOPRC: 2001 bpf_error("moprc does not encapsulate another protocol"); 2002 /* NOTREACHED */ 2003 2004 case Q_MOPDL: 2005 bpf_error("mopdl does not encapsulate another protocol"); 2006 /* NOTREACHED */ 2007 2008 case Q_LINK: 2009 return gen_linktype(v); 2010 2011 case Q_UDP: 2012 bpf_error("'udp proto' is bogus"); 2013 /* NOTREACHED */ 2014 2015 case Q_TCP: 2016 bpf_error("'tcp proto' is bogus"); 2017 /* NOTREACHED */ 2018 2019 case Q_ICMP: 2020 bpf_error("'icmp proto' is bogus"); 2021 /* NOTREACHED */ 2022 2023 case Q_IGMP: 2024 bpf_error("'igmp proto' is bogus"); 2025 /* NOTREACHED */ 2026 2027 case Q_IGRP: 2028 bpf_error("'igrp proto' is bogus"); 2029 /* NOTREACHED */ 2030 2031 case Q_PIM: 2032 bpf_error("'pim proto' is bogus"); 2033 /* NOTREACHED */ 2034 2035 case Q_STP: 2036 bpf_error("'stp proto' is bogus"); 2037 /* NOTREACHED */ 2038 2039 #ifdef INET6 2040 case Q_IPV6: 2041 b0 = gen_linktype(ETHERTYPE_IPV6); 2042 #ifndef CHASE_CHAIN 2043 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 2044 #else 2045 b1 = gen_protochain(v, Q_IPV6); 2046 #endif 2047 gen_and(b0, b1); 2048 return b1; 2049 2050 case Q_ICMPV6: 2051 bpf_error("'icmp6 proto' is bogus"); 2052 #endif /* INET6 */ 2053 2054 case Q_AH: 2055 bpf_error("'ah proto' is bogus"); 2056 2057 case Q_ESP: 2058 bpf_error("'ah proto' is bogus"); 2059 2060 default: 2061 abort(); 2062 /* NOTREACHED */ 2063 } 2064 /* NOTREACHED */ 2065 } 2066 2067 struct block * 2068 gen_scode(name, q) 2069 register const char *name; 2070 struct qual q; 2071 { 2072 int proto = q.proto; 2073 int dir = q.dir; 2074 int tproto; 2075 u_char *eaddr; 2076 bpf_u_int32 mask, addr; 2077 #ifndef INET6 2078 bpf_u_int32 **alist; 2079 #else 2080 int tproto6; 2081 struct sockaddr_in *sin; 2082 struct sockaddr_in6 *sin6; 2083 struct addrinfo *res, *res0; 2084 struct in6_addr mask128; 2085 #endif /*INET6*/ 2086 struct block *b, *tmp; 2087 int port, real_proto; 2088 2089 switch (q.addr) { 2090 2091 case Q_NET: 2092 addr = pcap_nametonetaddr(name); 2093 if (addr == 0) 2094 bpf_error("unknown network '%s'", name); 2095 /* Left justify network addr and calculate its network mask */ 2096 mask = 0xffffffff; 2097 while (addr && (addr & 0xff000000) == 0) { 2098 addr <<= 8; 2099 mask <<= 8; 2100 } 2101 return gen_host(addr, mask, proto, dir); 2102 2103 case Q_DEFAULT: 2104 case Q_HOST: 2105 if (proto == Q_LINK) { 2106 switch (linktype) { 2107 2108 case DLT_EN10MB: 2109 eaddr = pcap_ether_hostton(name); 2110 if (eaddr == NULL) 2111 bpf_error( 2112 "unknown ether host '%s'", name); 2113 return gen_ehostop(eaddr, dir); 2114 2115 case DLT_FDDI: 2116 eaddr = pcap_ether_hostton(name); 2117 if (eaddr == NULL) 2118 bpf_error( 2119 "unknown FDDI host '%s'", name); 2120 return gen_fhostop(eaddr, dir); 2121 2122 case DLT_IEEE802_11: 2123 case DLT_IEEE802_11_RADIO: 2124 eaddr = pcap_ether_hostton(name); 2125 if (eaddr == NULL) 2126 bpf_error( 2127 "unknown 802.11 host '%s'", name); 2128 2129 return gen_p80211_hostop(eaddr, dir); 2130 2131 default: 2132 bpf_error( 2133 "only ethernet/FDDI supports link-level host name"); 2134 break; 2135 } 2136 } else if (proto == Q_DECNET) { 2137 unsigned short dn_addr = __pcap_nametodnaddr(name); 2138 /* 2139 * I don't think DECNET hosts can be multihomed, so 2140 * there is no need to build up a list of addresses 2141 */ 2142 return (gen_host(dn_addr, 0, proto, dir)); 2143 } else { 2144 #ifndef INET6 2145 alist = pcap_nametoaddr(name); 2146 if (alist == NULL || *alist == NULL) 2147 bpf_error("unknown host '%s'", name); 2148 tproto = proto; 2149 if (off_linktype == -1 && tproto == Q_DEFAULT) 2150 tproto = Q_IP; 2151 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2152 while (*alist) { 2153 tmp = gen_host(**alist++, 0xffffffff, 2154 tproto, dir); 2155 gen_or(b, tmp); 2156 b = tmp; 2157 } 2158 return b; 2159 #else 2160 memset(&mask128, 0xff, sizeof(mask128)); 2161 res0 = res = pcap_nametoaddrinfo(name); 2162 if (res == NULL) 2163 bpf_error("unknown host '%s'", name); 2164 b = tmp = NULL; 2165 tproto = tproto6 = proto; 2166 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2167 tproto = Q_IP; 2168 tproto6 = Q_IPV6; 2169 } 2170 for (res = res0; res; res = res->ai_next) { 2171 switch (res->ai_family) { 2172 case AF_INET: 2173 if (tproto == Q_IPV6) 2174 continue; 2175 2176 sin = (struct sockaddr_in *) 2177 res->ai_addr; 2178 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2179 0xffffffff, tproto, dir); 2180 break; 2181 case AF_INET6: 2182 if (tproto6 == Q_IP) 2183 continue; 2184 2185 sin6 = (struct sockaddr_in6 *) 2186 res->ai_addr; 2187 tmp = gen_host6(&sin6->sin6_addr, 2188 &mask128, tproto6, dir); 2189 break; 2190 } 2191 if (b) 2192 gen_or(b, tmp); 2193 b = tmp; 2194 } 2195 freeaddrinfo(res0); 2196 if (b == NULL) { 2197 bpf_error("unknown host '%s'%s", name, 2198 (proto == Q_DEFAULT) 2199 ? "" 2200 : " for specified address family"); 2201 } 2202 return b; 2203 #endif /*INET6*/ 2204 } 2205 2206 case Q_PORT: 2207 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2208 bpf_error("illegal qualifier of 'port'"); 2209 if (pcap_nametoport(name, &port, &real_proto) == 0) 2210 bpf_error("unknown port '%s'", name); 2211 if (proto == Q_UDP) { 2212 if (real_proto == IPPROTO_TCP) 2213 bpf_error("port '%s' is tcp", name); 2214 else 2215 /* override PROTO_UNDEF */ 2216 real_proto = IPPROTO_UDP; 2217 } 2218 if (proto == Q_TCP) { 2219 if (real_proto == IPPROTO_UDP) 2220 bpf_error("port '%s' is udp", name); 2221 else 2222 /* override PROTO_UNDEF */ 2223 real_proto = IPPROTO_TCP; 2224 } 2225 #ifndef INET6 2226 return gen_port(port, real_proto, dir); 2227 #else 2228 { 2229 struct block *b; 2230 b = gen_port(port, real_proto, dir); 2231 gen_or(gen_port6(port, real_proto, dir), b); 2232 return b; 2233 } 2234 #endif /* INET6 */ 2235 2236 case Q_GATEWAY: 2237 #ifndef INET6 2238 eaddr = pcap_ether_hostton(name); 2239 if (eaddr == NULL) 2240 bpf_error("unknown ether host: %s", name); 2241 2242 alist = pcap_nametoaddr(name); 2243 if (alist == NULL || *alist == NULL) 2244 bpf_error("unknown host '%s'", name); 2245 return gen_gateway(eaddr, alist, proto, dir); 2246 #else 2247 bpf_error("'gateway' not supported in this configuration"); 2248 #endif /*INET6*/ 2249 2250 case Q_PROTO: 2251 real_proto = lookup_proto(name, proto); 2252 if (real_proto >= 0) 2253 return gen_proto(real_proto, proto, dir); 2254 else 2255 bpf_error("unknown protocol: %s", name); 2256 2257 case Q_PROTOCHAIN: 2258 real_proto = lookup_proto(name, proto); 2259 if (real_proto >= 0) 2260 return gen_protochain(real_proto, proto, dir); 2261 else 2262 bpf_error("unknown protocol: %s", name); 2263 2264 2265 case Q_UNDEF: 2266 syntax(); 2267 /* NOTREACHED */ 2268 } 2269 abort(); 2270 /* NOTREACHED */ 2271 } 2272 2273 struct block * 2274 gen_mcode(s1, s2, masklen, q) 2275 register const char *s1, *s2; 2276 register int masklen; 2277 struct qual q; 2278 { 2279 register int nlen, mlen; 2280 bpf_u_int32 n, m; 2281 2282 nlen = __pcap_atoin(s1, &n); 2283 /* Promote short ipaddr */ 2284 n <<= 32 - nlen; 2285 2286 if (s2 != NULL) { 2287 mlen = __pcap_atoin(s2, &m); 2288 /* Promote short ipaddr */ 2289 m <<= 32 - mlen; 2290 if ((n & ~m) != 0) 2291 bpf_error("non-network bits set in \"%s mask %s\"", 2292 s1, s2); 2293 } else { 2294 /* Convert mask len to mask */ 2295 if (masklen > 32) 2296 bpf_error("mask length must be <= 32"); 2297 m = 0xffffffff << (32 - masklen); 2298 if ((n & ~m) != 0) 2299 bpf_error("non-network bits set in \"%s/%d\"", 2300 s1, masklen); 2301 } 2302 2303 switch (q.addr) { 2304 2305 case Q_NET: 2306 return gen_host(n, m, q.proto, q.dir); 2307 2308 default: 2309 bpf_error("Mask syntax for networks only"); 2310 /* NOTREACHED */ 2311 } 2312 } 2313 2314 struct block * 2315 gen_ncode(s, v, q) 2316 register const char *s; 2317 bpf_u_int32 v; 2318 struct qual q; 2319 { 2320 bpf_u_int32 mask; 2321 int proto = q.proto; 2322 int dir = q.dir; 2323 register int vlen; 2324 2325 if (s == NULL) 2326 vlen = 32; 2327 else if (q.proto == Q_DECNET) 2328 vlen = __pcap_atodn(s, &v); 2329 else 2330 vlen = __pcap_atoin(s, &v); 2331 2332 switch (q.addr) { 2333 2334 case Q_DEFAULT: 2335 case Q_HOST: 2336 case Q_NET: 2337 if (proto == Q_DECNET) 2338 return gen_host(v, 0, proto, dir); 2339 else if (proto == Q_LINK) { 2340 bpf_error("illegal link layer address"); 2341 } else { 2342 mask = 0xffffffff; 2343 if (s == NULL && q.addr == Q_NET) { 2344 /* Promote short net number */ 2345 while (v && (v & 0xff000000) == 0) { 2346 v <<= 8; 2347 mask <<= 8; 2348 } 2349 } else { 2350 /* Promote short ipaddr */ 2351 v <<= 32 - vlen; 2352 mask <<= 32 - vlen; 2353 } 2354 return gen_host(v, mask, proto, dir); 2355 } 2356 2357 case Q_PORT: 2358 if (proto == Q_UDP) 2359 proto = IPPROTO_UDP; 2360 else if (proto == Q_TCP) 2361 proto = IPPROTO_TCP; 2362 else if (proto == Q_DEFAULT) 2363 proto = PROTO_UNDEF; 2364 else 2365 bpf_error("illegal qualifier of 'port'"); 2366 2367 #ifndef INET6 2368 return gen_port((int)v, proto, dir); 2369 #else 2370 { 2371 struct block *b; 2372 b = gen_port((int)v, proto, dir); 2373 gen_or(gen_port6((int)v, proto, dir), b); 2374 return b; 2375 } 2376 #endif /* INET6 */ 2377 2378 case Q_GATEWAY: 2379 bpf_error("'gateway' requires a name"); 2380 /* NOTREACHED */ 2381 2382 case Q_PROTO: 2383 return gen_proto((int)v, proto, dir); 2384 2385 case Q_PROTOCHAIN: 2386 return gen_protochain((int)v, proto, dir); 2387 2388 case Q_UNDEF: 2389 syntax(); 2390 /* NOTREACHED */ 2391 2392 default: 2393 abort(); 2394 /* NOTREACHED */ 2395 } 2396 /* NOTREACHED */ 2397 } 2398 2399 #ifdef INET6 2400 struct block * 2401 gen_mcode6(s1, s2, masklen, q) 2402 register const char *s1, *s2; 2403 register int masklen; 2404 struct qual q; 2405 { 2406 struct addrinfo *res; 2407 struct in6_addr *addr; 2408 struct in6_addr mask; 2409 struct block *b; 2410 u_int32_t *a, *m; 2411 2412 if (s2) 2413 bpf_error("no mask %s supported", s2); 2414 2415 res = pcap_nametoaddrinfo(s1); 2416 if (!res) 2417 bpf_error("invalid ip6 address %s", s1); 2418 if (res->ai_next) 2419 bpf_error("%s resolved to multiple address", s1); 2420 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2421 2422 if (sizeof(mask) * 8 < masklen) 2423 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2424 memset(&mask, 0, sizeof(mask)); 2425 memset(&mask, 0xff, masklen / 8); 2426 if (masklen % 8) { 2427 mask.s6_addr[masklen / 8] = 2428 (0xff << (8 - masklen % 8)) & 0xff; 2429 } 2430 2431 a = (u_int32_t *)addr; 2432 m = (u_int32_t *)&mask; 2433 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2434 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2435 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2436 } 2437 2438 switch (q.addr) { 2439 2440 case Q_DEFAULT: 2441 case Q_HOST: 2442 if (masklen != 128) 2443 bpf_error("Mask syntax for networks only"); 2444 /* FALLTHROUGH */ 2445 2446 case Q_NET: 2447 b = gen_host6(addr, &mask, q.proto, q.dir); 2448 freeaddrinfo(res); 2449 return b; 2450 2451 default: 2452 bpf_error("invalid qualifier against IPv6 address"); 2453 /* NOTREACHED */ 2454 } 2455 } 2456 #endif /*INET6*/ 2457 2458 struct block * 2459 gen_ecode(eaddr, q) 2460 register const u_char *eaddr; 2461 struct qual q; 2462 { 2463 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2464 if (linktype == DLT_EN10MB) 2465 return gen_ehostop(eaddr, (int)q.dir); 2466 if (linktype == DLT_FDDI) 2467 return gen_fhostop(eaddr, (int)q.dir); 2468 if (linktype == DLT_IEEE802_11 || 2469 linktype == DLT_IEEE802_11_RADIO) 2470 return gen_p80211_hostop(eaddr, (int)q.dir); 2471 } 2472 bpf_error("ethernet address used in non-ether expression"); 2473 /* NOTREACHED */ 2474 } 2475 2476 void 2477 sappend(s0, s1) 2478 struct slist *s0, *s1; 2479 { 2480 /* 2481 * This is definitely not the best way to do this, but the 2482 * lists will rarely get long. 2483 */ 2484 while (s0->next) 2485 s0 = s0->next; 2486 s0->next = s1; 2487 } 2488 2489 static struct slist * 2490 xfer_to_x(a) 2491 struct arth *a; 2492 { 2493 struct slist *s; 2494 2495 s = new_stmt(BPF_LDX|BPF_MEM); 2496 s->s.k = a->regno; 2497 return s; 2498 } 2499 2500 static struct slist * 2501 xfer_to_a(a) 2502 struct arth *a; 2503 { 2504 struct slist *s; 2505 2506 s = new_stmt(BPF_LD|BPF_MEM); 2507 s->s.k = a->regno; 2508 return s; 2509 } 2510 2511 struct arth * 2512 gen_load(proto, index, size) 2513 int proto; 2514 struct arth *index; 2515 int size; 2516 { 2517 struct slist *s, *tmp; 2518 struct block *b; 2519 int regno = alloc_reg(); 2520 2521 free_reg(index->regno); 2522 switch (size) { 2523 2524 default: 2525 bpf_error("data size must be 1, 2, or 4"); 2526 2527 case 1: 2528 size = BPF_B; 2529 break; 2530 2531 case 2: 2532 size = BPF_H; 2533 break; 2534 2535 case 4: 2536 size = BPF_W; 2537 break; 2538 } 2539 switch (proto) { 2540 default: 2541 bpf_error("unsupported index operation"); 2542 2543 case Q_LINK: 2544 s = xfer_to_x(index); 2545 tmp = new_stmt(BPF_LD|BPF_IND|size); 2546 sappend(s, tmp); 2547 sappend(index->s, s); 2548 break; 2549 2550 case Q_IP: 2551 case Q_ARP: 2552 case Q_RARP: 2553 case Q_ATALK: 2554 case Q_DECNET: 2555 case Q_SCA: 2556 case Q_LAT: 2557 case Q_MOPRC: 2558 case Q_MOPDL: 2559 #ifdef INET6 2560 case Q_IPV6: 2561 #endif 2562 /* XXX Note that we assume a fixed link header here. */ 2563 s = xfer_to_x(index); 2564 tmp = new_stmt(BPF_LD|BPF_IND|size); 2565 tmp->s.k = off_nl; 2566 sappend(s, tmp); 2567 sappend(index->s, s); 2568 2569 b = gen_proto_abbrev(proto); 2570 if (index->b) 2571 gen_and(index->b, b); 2572 index->b = b; 2573 break; 2574 2575 case Q_TCP: 2576 case Q_UDP: 2577 case Q_ICMP: 2578 case Q_IGMP: 2579 case Q_IGRP: 2580 case Q_PIM: 2581 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2582 s->s.k = off_nl; 2583 sappend(s, xfer_to_a(index)); 2584 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2585 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2586 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2587 tmp->s.k = off_nl; 2588 sappend(index->s, s); 2589 2590 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2591 if (index->b) 2592 gen_and(index->b, b); 2593 #ifdef INET6 2594 gen_and(gen_proto_abbrev(Q_IP), b); 2595 #endif 2596 index->b = b; 2597 break; 2598 #ifdef INET6 2599 case Q_ICMPV6: 2600 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2601 /*NOTREACHED*/ 2602 #endif 2603 } 2604 index->regno = regno; 2605 s = new_stmt(BPF_ST); 2606 s->s.k = regno; 2607 sappend(index->s, s); 2608 2609 return index; 2610 } 2611 2612 struct block * 2613 gen_relation(code, a0, a1, reversed) 2614 int code; 2615 struct arth *a0, *a1; 2616 int reversed; 2617 { 2618 struct slist *s0, *s1, *s2; 2619 struct block *b, *tmp; 2620 2621 s0 = xfer_to_x(a1); 2622 s1 = xfer_to_a(a0); 2623 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2624 b = new_block(JMP(code)); 2625 if (code == BPF_JGT || code == BPF_JGE) { 2626 reversed = !reversed; 2627 b->s.k = 0x80000000; 2628 } 2629 if (reversed) 2630 gen_not(b); 2631 2632 sappend(s1, s2); 2633 sappend(s0, s1); 2634 sappend(a1->s, s0); 2635 sappend(a0->s, a1->s); 2636 2637 b->stmts = a0->s; 2638 2639 free_reg(a0->regno); 2640 free_reg(a1->regno); 2641 2642 /* 'and' together protocol checks */ 2643 if (a0->b) { 2644 if (a1->b) { 2645 gen_and(a0->b, tmp = a1->b); 2646 } 2647 else 2648 tmp = a0->b; 2649 } else 2650 tmp = a1->b; 2651 2652 if (tmp) 2653 gen_and(tmp, b); 2654 2655 return b; 2656 } 2657 2658 struct arth * 2659 gen_loadlen() 2660 { 2661 int regno = alloc_reg(); 2662 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2663 struct slist *s; 2664 2665 s = new_stmt(BPF_LD|BPF_LEN); 2666 s->next = new_stmt(BPF_ST); 2667 s->next->s.k = regno; 2668 a->s = s; 2669 a->regno = regno; 2670 2671 return a; 2672 } 2673 2674 struct arth * 2675 gen_loadi(val) 2676 int val; 2677 { 2678 struct arth *a; 2679 struct slist *s; 2680 int reg; 2681 2682 a = (struct arth *)newchunk(sizeof(*a)); 2683 2684 reg = alloc_reg(); 2685 2686 s = new_stmt(BPF_LD|BPF_IMM); 2687 s->s.k = val; 2688 s->next = new_stmt(BPF_ST); 2689 s->next->s.k = reg; 2690 a->s = s; 2691 a->regno = reg; 2692 2693 return a; 2694 } 2695 2696 struct arth * 2697 gen_neg(a) 2698 struct arth *a; 2699 { 2700 struct slist *s; 2701 2702 s = xfer_to_a(a); 2703 sappend(a->s, s); 2704 s = new_stmt(BPF_ALU|BPF_NEG); 2705 s->s.k = 0; 2706 sappend(a->s, s); 2707 s = new_stmt(BPF_ST); 2708 s->s.k = a->regno; 2709 sappend(a->s, s); 2710 2711 return a; 2712 } 2713 2714 struct arth * 2715 gen_arth(code, a0, a1) 2716 int code; 2717 struct arth *a0, *a1; 2718 { 2719 struct slist *s0, *s1, *s2; 2720 2721 s0 = xfer_to_x(a1); 2722 s1 = xfer_to_a(a0); 2723 s2 = new_stmt(BPF_ALU|BPF_X|code); 2724 2725 sappend(s1, s2); 2726 sappend(s0, s1); 2727 sappend(a1->s, s0); 2728 sappend(a0->s, a1->s); 2729 2730 free_reg(a1->regno); 2731 2732 s0 = new_stmt(BPF_ST); 2733 a0->regno = s0->s.k = alloc_reg(); 2734 sappend(a0->s, s0); 2735 2736 return a0; 2737 } 2738 2739 /* 2740 * Here we handle simple allocation of the scratch registers. 2741 * If too many registers are alloc'd, the allocator punts. 2742 */ 2743 static int regused[BPF_MEMWORDS]; 2744 static int curreg; 2745 2746 /* 2747 * Return the next free register. 2748 */ 2749 static int 2750 alloc_reg() 2751 { 2752 int n = BPF_MEMWORDS; 2753 2754 while (--n >= 0) { 2755 if (regused[curreg]) 2756 curreg = (curreg + 1) % BPF_MEMWORDS; 2757 else { 2758 regused[curreg] = 1; 2759 return curreg; 2760 } 2761 } 2762 bpf_error("too many registers needed to evaluate expression"); 2763 /* NOTREACHED */ 2764 } 2765 2766 /* 2767 * Return a register to the table so it can 2768 * be used later. 2769 */ 2770 static void 2771 free_reg(n) 2772 int n; 2773 { 2774 regused[n] = 0; 2775 } 2776 2777 static struct block * 2778 gen_len(jmp, n) 2779 int jmp, n; 2780 { 2781 struct slist *s; 2782 struct block *b; 2783 2784 s = new_stmt(BPF_LD|BPF_LEN); 2785 b = new_block(JMP(jmp)); 2786 b->stmts = s; 2787 b->s.k = n; 2788 2789 return b; 2790 } 2791 2792 struct block * 2793 gen_greater(n) 2794 int n; 2795 { 2796 return gen_len(BPF_JGE, n); 2797 } 2798 2799 struct block * 2800 gen_less(n) 2801 int n; 2802 { 2803 struct block *b; 2804 2805 b = gen_len(BPF_JGT, n); 2806 gen_not(b); 2807 2808 return b; 2809 } 2810 2811 struct block * 2812 gen_byteop(op, idx, val) 2813 int op, idx, val; 2814 { 2815 struct block *b; 2816 struct slist *s; 2817 2818 switch (op) { 2819 default: 2820 abort(); 2821 2822 case '=': 2823 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2824 2825 case '<': 2826 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2827 b->s.code = JMP(BPF_JGE); 2828 gen_not(b); 2829 return b; 2830 2831 case '>': 2832 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2833 b->s.code = JMP(BPF_JGT); 2834 return b; 2835 2836 case '|': 2837 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 2838 break; 2839 2840 case '&': 2841 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 2842 break; 2843 } 2844 s->s.k = val; 2845 b = new_block(JMP(BPF_JEQ)); 2846 b->stmts = s; 2847 gen_not(b); 2848 2849 return b; 2850 } 2851 2852 struct block * 2853 gen_broadcast(proto) 2854 int proto; 2855 { 2856 bpf_u_int32 hostmask; 2857 struct block *b0, *b1, *b2; 2858 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 2859 2860 switch (proto) { 2861 2862 case Q_DEFAULT: 2863 case Q_LINK: 2864 if (linktype == DLT_EN10MB) 2865 return gen_ehostop(ebroadcast, Q_DST); 2866 if (linktype == DLT_FDDI) 2867 return gen_fhostop(ebroadcast, Q_DST); 2868 if (linktype == DLT_IEEE802_11 || 2869 linktype == DLT_IEEE802_11_RADIO) 2870 return gen_p80211_hostop(ebroadcast, Q_DST); 2871 bpf_error("not a broadcast link"); 2872 break; 2873 2874 case Q_IP: 2875 b0 = gen_linktype(ETHERTYPE_IP); 2876 hostmask = ~netmask; 2877 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 2878 b2 = gen_mcmp(off_nl + 16, BPF_W, 2879 (bpf_int32)(~0 & hostmask), hostmask); 2880 gen_or(b1, b2); 2881 gen_and(b0, b2); 2882 return b2; 2883 } 2884 bpf_error("only ether/ip broadcast filters supported"); 2885 } 2886 2887 struct block * 2888 gen_multicast(proto) 2889 int proto; 2890 { 2891 register struct block *b0, *b1; 2892 register struct slist *s; 2893 2894 switch (proto) { 2895 2896 case Q_DEFAULT: 2897 case Q_LINK: 2898 if (linktype == DLT_EN10MB) { 2899 /* ether[0] & 1 != 0 */ 2900 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2901 s->s.k = 0; 2902 b0 = new_block(JMP(BPF_JSET)); 2903 b0->s.k = 1; 2904 b0->stmts = s; 2905 return b0; 2906 } 2907 2908 if (linktype == DLT_FDDI) { 2909 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 2910 /* fddi[1] & 1 != 0 */ 2911 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2912 s->s.k = 1; 2913 b0 = new_block(JMP(BPF_JSET)); 2914 b0->s.k = 1; 2915 b0->stmts = s; 2916 return b0; 2917 } 2918 /* Link not known to support multicasts */ 2919 break; 2920 2921 case Q_IP: 2922 b0 = gen_linktype(ETHERTYPE_IP); 2923 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 2924 b1->s.code = JMP(BPF_JGE); 2925 gen_and(b0, b1); 2926 return b1; 2927 2928 #ifdef INET6 2929 case Q_IPV6: 2930 b0 = gen_linktype(ETHERTYPE_IPV6); 2931 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 2932 gen_and(b0, b1); 2933 return b1; 2934 #endif /* INET6 */ 2935 } 2936 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 2937 } 2938 2939 /* 2940 * generate command for inbound/outbound. It's here so we can 2941 * make it link-type specific. 'dir' = 0 implies "inbound", 2942 * = 1 implies "outbound". 2943 */ 2944 struct block * 2945 gen_inbound(dir) 2946 int dir; 2947 { 2948 register struct block *b0; 2949 2950 /* 2951 * Only SLIP and old-style PPP data link types support 2952 * inbound/outbound qualifiers. 2953 */ 2954 switch (linktype) { 2955 case DLT_SLIP: 2956 case DLT_PPP: 2957 b0 = gen_relation(BPF_JEQ, 2958 gen_load(Q_LINK, gen_loadi(0), 1), 2959 gen_loadi(0), 2960 dir); 2961 break; 2962 2963 case DLT_PFLOG: 2964 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 2965 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 2966 break; 2967 2968 default: 2969 bpf_error("inbound/outbound not supported on linktype 0x%x", 2970 linktype); 2971 /* NOTREACHED */ 2972 } 2973 2974 return (b0); 2975 } 2976 2977 2978 /* PF firewall log matched interface */ 2979 struct block * 2980 gen_pf_ifname(char *ifname) 2981 { 2982 struct block *b0; 2983 u_int len, off; 2984 2985 if (linktype == DLT_PFLOG) { 2986 len = sizeof(((struct pfloghdr *)0)->ifname); 2987 off = offsetof(struct pfloghdr, ifname); 2988 } else { 2989 bpf_error("ifname not supported on linktype 0x%x", linktype); 2990 /* NOTREACHED */ 2991 } 2992 if (strlen(ifname) >= len) { 2993 bpf_error("ifname interface names can only be %d characters", 2994 len - 1); 2995 /* NOTREACHED */ 2996 } 2997 b0 = gen_bcmp(off, strlen(ifname), ifname); 2998 return (b0); 2999 } 3000 3001 3002 /* PF firewall log ruleset name */ 3003 struct block * 3004 gen_pf_ruleset(char *ruleset) 3005 { 3006 struct block *b0; 3007 3008 if (linktype != DLT_PFLOG) { 3009 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3010 /* NOTREACHED */ 3011 } 3012 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3013 bpf_error("ruleset names can only be %zu characters", 3014 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3015 /* NOTREACHED */ 3016 } 3017 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3018 strlen(ruleset), ruleset); 3019 return (b0); 3020 } 3021 3022 3023 /* PF firewall log rule number */ 3024 struct block * 3025 gen_pf_rnr(int rnr) 3026 { 3027 struct block *b0; 3028 3029 if (linktype == DLT_PFLOG) { 3030 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3031 (bpf_int32)rnr); 3032 } else { 3033 bpf_error("rnr not supported on linktype 0x%x", linktype); 3034 /* NOTREACHED */ 3035 } 3036 3037 return (b0); 3038 } 3039 3040 3041 /* PF firewall log sub-rule number */ 3042 struct block * 3043 gen_pf_srnr(int srnr) 3044 { 3045 struct block *b0; 3046 3047 if (linktype != DLT_PFLOG) { 3048 bpf_error("srnr not supported on linktype 0x%x", linktype); 3049 /* NOTREACHED */ 3050 } 3051 3052 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3053 (bpf_int32)srnr); 3054 return (b0); 3055 } 3056 3057 /* PF firewall log reason code */ 3058 struct block * 3059 gen_pf_reason(int reason) 3060 { 3061 struct block *b0; 3062 3063 if (linktype == DLT_PFLOG) { 3064 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3065 (bpf_int32)reason); 3066 } else { 3067 bpf_error("reason not supported on linktype 0x%x", linktype); 3068 /* NOTREACHED */ 3069 } 3070 3071 return (b0); 3072 } 3073 3074 /* PF firewall log action */ 3075 struct block * 3076 gen_pf_action(int action) 3077 { 3078 struct block *b0; 3079 3080 if (linktype == DLT_PFLOG) { 3081 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3082 (bpf_int32)action); 3083 } else { 3084 bpf_error("action not supported on linktype 0x%x", linktype); 3085 /* NOTREACHED */ 3086 } 3087 3088 return (b0); 3089 } 3090 3091 /* IEEE 802.11 wireless header */ 3092 struct block * 3093 gen_p80211_type(int type, int mask) 3094 { 3095 struct block *b0; 3096 u_int offset; 3097 3098 if (!(linktype == DLT_IEEE802_11 || 3099 linktype == DLT_IEEE802_11_RADIO)) { 3100 bpf_error("type not supported on linktype 0x%x", 3101 linktype); 3102 /* NOTREACHED */ 3103 } 3104 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3105 if (linktype == DLT_IEEE802_11_RADIO) 3106 offset += IEEE80211_RADIOTAP_HDRLEN; 3107 3108 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3109 3110 return (b0); 3111 } 3112 3113 static struct block * 3114 gen_ahostop(eaddr, dir) 3115 register const u_char *eaddr; 3116 register int dir; 3117 { 3118 register struct block *b0, *b1; 3119 3120 switch (dir) { 3121 /* src comes first, different from Ethernet */ 3122 case Q_SRC: 3123 return gen_bcmp(0, 1, eaddr); 3124 3125 case Q_DST: 3126 return gen_bcmp(1, 1, eaddr); 3127 3128 case Q_AND: 3129 b0 = gen_ahostop(eaddr, Q_SRC); 3130 b1 = gen_ahostop(eaddr, Q_DST); 3131 gen_and(b0, b1); 3132 return b1; 3133 3134 case Q_DEFAULT: 3135 case Q_OR: 3136 b0 = gen_ahostop(eaddr, Q_SRC); 3137 b1 = gen_ahostop(eaddr, Q_DST); 3138 gen_or(b0, b1); 3139 return b1; 3140 } 3141 abort(); 3142 /* NOTREACHED */ 3143 } 3144 3145 struct block * 3146 gen_acode(eaddr, q) 3147 register const u_char *eaddr; 3148 struct qual q; 3149 { 3150 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3151 if (linktype == DLT_ARCNET) 3152 return gen_ahostop(eaddr, (int)q.dir); 3153 } 3154 bpf_error("ARCnet address used in non-arc expression"); 3155 /* NOTREACHED */ 3156 } 3157 3158 /* 3159 * support IEEE 802.1Q VLAN trunk over ethernet 3160 */ 3161 struct block * 3162 gen_vlan(vlan_num) 3163 int vlan_num; 3164 { 3165 struct block *b0; 3166 3167 /* 3168 * Change the offsets to point to the type and data fields within 3169 * the VLAN packet. This is somewhat of a kludge. 3170 */ 3171 if (orig_nl == (u_int)-1) { 3172 orig_linktype = off_linktype; /* save original values */ 3173 orig_nl = off_nl; 3174 orig_nl_nosnap = off_nl_nosnap; 3175 3176 switch (linktype) { 3177 3178 case DLT_EN10MB: 3179 off_linktype = 16; 3180 off_nl_nosnap = 18; 3181 off_nl = 18; 3182 break; 3183 3184 default: 3185 bpf_error("no VLAN support for data link type %d", 3186 linktype); 3187 /*NOTREACHED*/ 3188 } 3189 } 3190 3191 /* check for VLAN */ 3192 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3193 3194 /* If a specific VLAN is requested, check VLAN id */ 3195 if (vlan_num >= 0) { 3196 struct block *b1; 3197 3198 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3199 gen_and(b0, b1); 3200 b0 = b1; 3201 } 3202 3203 return (b0); 3204 } 3205 3206 struct block * 3207 gen_p80211_fcdir(int fcdir) 3208 { 3209 struct block *b0; 3210 u_int offset; 3211 3212 if (!(linktype == DLT_IEEE802_11 || 3213 linktype == DLT_IEEE802_11_RADIO)) { 3214 bpf_error("frame direction not supported on linktype 0x%x", 3215 linktype); 3216 /* NOTREACHED */ 3217 } 3218 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3219 if (linktype == DLT_IEEE802_11_RADIO) 3220 offset += IEEE80211_RADIOTAP_HDRLEN; 3221 3222 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3223 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3224 3225 return (b0); 3226 } 3227 3228 static struct block * 3229 gen_p80211_hostop(const u_char *lladdr, int dir) 3230 { 3231 struct block *b0, *b1, *b2, *b3, *b4; 3232 u_int offset = 0; 3233 3234 if (linktype == DLT_IEEE802_11_RADIO) 3235 offset = IEEE80211_RADIOTAP_HDRLEN; 3236 3237 switch (dir) { 3238 case Q_SRC: 3239 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3240 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3241 lladdr); 3242 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3243 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3244 lladdr); 3245 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3246 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3247 lladdr); 3248 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3249 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3250 lladdr); 3251 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3252 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3253 lladdr); 3254 3255 gen_or(b0, b1); 3256 gen_or(b1, b2); 3257 gen_or(b2, b3); 3258 gen_or(b3, b4); 3259 return (b4); 3260 3261 case Q_DST: 3262 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3263 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3264 lladdr); 3265 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3266 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3267 lladdr); 3268 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3269 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3270 lladdr); 3271 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3272 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3273 lladdr); 3274 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3275 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3276 lladdr); 3277 3278 gen_or(b0, b1); 3279 gen_or(b1, b2); 3280 gen_or(b2, b3); 3281 gen_or(b3, b4); 3282 return (b4); 3283 3284 case Q_ADDR1: 3285 return (gen_bcmp(offset + 3286 (u_int)offsetof(struct ieee80211_frame, 3287 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3288 3289 case Q_ADDR2: 3290 return (gen_bcmp(offset + 3291 (u_int)offsetof(struct ieee80211_frame, 3292 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3293 3294 case Q_ADDR3: 3295 return (gen_bcmp(offset + 3296 (u_int)offsetof(struct ieee80211_frame, 3297 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3298 3299 case Q_ADDR4: 3300 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3301 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3302 lladdr)); 3303 3304 case Q_AND: 3305 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3306 b1 = gen_p80211_hostop(lladdr, Q_DST); 3307 gen_and(b0, b1); 3308 return (b1); 3309 3310 case Q_DEFAULT: 3311 case Q_OR: 3312 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3313 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3314 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3315 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3316 gen_or(b0, b1); 3317 gen_or(b1, b2); 3318 gen_or(b2, b3); 3319 return (b3); 3320 3321 default: 3322 bpf_error("direction not supported on linktype 0x%x", 3323 linktype); 3324 } 3325 /* NOTREACHED */ 3326 } 3327 3328 static struct block * 3329 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3330 { 3331 struct block *b0, *b1; 3332 3333 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3334 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3335 gen_and(b0, b1); 3336 3337 return (b1); 3338 } 3339