1 /* $OpenBSD: gencode.c,v 1.63 2022/05/28 03:20:33 deraadt Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/time.h> 27 28 #include <net/if.h> 29 30 #include <netinet/in.h> 31 #include <netinet/if_ether.h> 32 33 #include <net/if_pflog.h> 34 #include <net/pfvar.h> 35 36 #include <netmpls/mpls.h> 37 38 #include <net80211/ieee80211.h> 39 #include <net80211/ieee80211_radiotap.h> 40 41 #include <stdlib.h> 42 #include <stddef.h> 43 #include <setjmp.h> 44 #include <stdarg.h> 45 #include <string.h> 46 47 #include "pcap-int.h" 48 49 #include "ethertype.h" 50 #include "llc.h" 51 #include "gencode.h" 52 #include "ppp.h" 53 #include <pcap-namedb.h> 54 #ifdef INET6 55 #include <netdb.h> 56 #endif /*INET6*/ 57 58 #ifdef HAVE_OS_PROTO_H 59 #include "os-proto.h" 60 #endif 61 62 #define JMP(c) ((c)|BPF_JMP|BPF_K) 63 64 /* Locals */ 65 static jmp_buf top_ctx; 66 static pcap_t *bpf_pcap; 67 68 /* Hack for updating VLAN offsets. */ 69 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 70 static u_int mpls_stack = 0; 71 72 /* XXX */ 73 #ifdef PCAP_FDDIPAD 74 int pcap_fddipad = PCAP_FDDIPAD; 75 #else 76 int pcap_fddipad; 77 #endif 78 79 __dead void 80 bpf_error(const char *fmt, ...) 81 { 82 va_list ap; 83 84 va_start(ap, fmt); 85 if (bpf_pcap != NULL) 86 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 87 fmt, ap); 88 va_end(ap); 89 longjmp(top_ctx, 1); 90 /* NOTREACHED */ 91 } 92 93 static void init_linktype(int); 94 95 static int alloc_reg(void); 96 static void free_reg(int); 97 98 static struct block *root; 99 100 /* initialization code used for variable link header */ 101 static struct slist *init_code = NULL; 102 103 /* Flags and registers for variable link type handling */ 104 static int variable_nl; 105 static int nl_reg, iphl_reg; 106 107 /* 108 * Track memory allocations, for bulk freeing at the end 109 */ 110 #define NMEMBAG 16 111 #define MEMBAG0SIZE (4096 / sizeof (void *)) 112 struct membag { 113 u_int total; 114 u_int slot; 115 void **ptrs; /* allocated array[total] to each malloc */ 116 }; 117 118 static struct membag membag[NMEMBAG]; 119 static int cur_membag; 120 121 static void *newchunk(size_t); 122 static void freechunks(void); 123 static __inline struct block *new_block(int); 124 static __inline struct slist *new_stmt(int); 125 static struct block *gen_retblk(int); 126 static __inline void syntax(void); 127 128 static void backpatch(struct block *, struct block *); 129 static void merge(struct block *, struct block *); 130 static struct block *gen_cmp(u_int, u_int, bpf_int32); 131 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 132 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 134 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 135 static struct block *gen_bcmp(u_int, u_int, const u_char *); 136 static struct block *gen_uncond(int); 137 static __inline struct block *gen_true(void); 138 static __inline struct block *gen_false(void); 139 static struct block *gen_linktype(int); 140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 141 #ifdef INET6 142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 143 #endif 144 static struct block *gen_ehostop(const u_char *, int); 145 static struct block *gen_fhostop(const u_char *, int); 146 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 147 static struct block *gen_p80211_hostop(const u_char *, int); 148 static struct block *gen_p80211_addr(int, u_int, const u_char *); 149 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 150 #ifdef INET6 151 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 152 #endif 153 #ifndef INET6 154 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 155 #endif 156 static struct block *gen_ipfrag(void); 157 static struct block *gen_portatom(int, bpf_int32); 158 #ifdef INET6 159 static struct block *gen_portatom6(int, bpf_int32); 160 #endif 161 struct block *gen_portop(int, int, int); 162 static struct block *gen_port(int, int, int); 163 #ifdef INET6 164 struct block *gen_portop6(int, int, int); 165 static struct block *gen_port6(int, int, int); 166 #endif 167 static int lookup_proto(const char *, int); 168 static struct block *gen_protochain(int, int, int); 169 static struct block *gen_proto(int, int, int); 170 static struct slist *xfer_to_x(struct arth *); 171 static struct slist *xfer_to_a(struct arth *); 172 static struct block *gen_len(int, int); 173 174 static void * 175 newchunk(size_t n) 176 { 177 struct membag *m; 178 int k, size; 179 void *p; 180 181 m = &membag[cur_membag]; 182 if (m->total != 0 && m->total - m->slot == 0) { 183 if (++cur_membag == NMEMBAG) 184 bpf_error("out of memory"); 185 m = &membag[cur_membag]; 186 } 187 if (m->total - m->slot == 0) { 188 m->ptrs = calloc(sizeof (char *), MEMBAG0SIZE << cur_membag); 189 if (m->ptrs == NULL) 190 bpf_error("out of memory"); 191 m->total = MEMBAG0SIZE << cur_membag; 192 m->slot = 0; 193 } 194 195 p = calloc(1, n); 196 if (p == NULL) 197 bpf_error("out of memory"); 198 m->ptrs[m->slot++] = p; 199 return (p); 200 } 201 202 static void 203 freechunks(void) 204 { 205 int i, j; 206 207 for (i = 0; i <= cur_membag; i++) { 208 if (membag[i].ptrs == NULL) 209 continue; 210 for (j = 0; j < membag[i].slot; j++) 211 free(membag[i].ptrs[j]); 212 free(membag[i].ptrs); 213 membag[i].ptrs = NULL; 214 membag[i].slot = membag[i].total = 0; 215 } 216 cur_membag = 0; 217 } 218 219 /* 220 * A strdup whose allocations are freed after code generation is over. 221 */ 222 char * 223 sdup(s) 224 const char *s; 225 { 226 int n = strlen(s) + 1; 227 char *cp = newchunk(n); 228 229 strlcpy(cp, s, n); 230 return (cp); 231 } 232 233 static __inline struct block * 234 new_block(code) 235 int code; 236 { 237 struct block *p; 238 239 p = (struct block *)newchunk(sizeof(*p)); 240 p->s.code = code; 241 p->head = p; 242 243 return p; 244 } 245 246 static __inline struct slist * 247 new_stmt(code) 248 int code; 249 { 250 struct slist *p; 251 252 p = (struct slist *)newchunk(sizeof(*p)); 253 p->s.code = code; 254 255 return p; 256 } 257 258 static struct block * 259 gen_retblk(v) 260 int v; 261 { 262 struct block *b = new_block(BPF_RET|BPF_K); 263 264 b->s.k = v; 265 return b; 266 } 267 268 static __inline void 269 syntax() 270 { 271 bpf_error("syntax error in filter expression"); 272 } 273 274 static bpf_u_int32 netmask; 275 static int snaplen; 276 int no_optimize; 277 278 int 279 pcap_compile(pcap_t *p, struct bpf_program *program, 280 const char *buf, int optimize, bpf_u_int32 mask) 281 { 282 extern int n_errors; 283 int len; 284 285 no_optimize = 0; 286 n_errors = 0; 287 root = NULL; 288 bpf_pcap = p; 289 if (setjmp(top_ctx)) { 290 freechunks(); 291 return (-1); 292 } 293 294 netmask = mask; 295 snaplen = pcap_snapshot(p); 296 297 lex_init(buf ? buf : ""); 298 init_linktype(pcap_datalink(p)); 299 (void)pcap_parse(); 300 301 if (n_errors) 302 syntax(); 303 304 if (root == NULL) 305 root = gen_retblk(snaplen); 306 307 if (optimize && !no_optimize) { 308 bpf_optimize(&root); 309 if (root == NULL || 310 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 311 bpf_error("expression rejects all packets"); 312 } 313 program->bf_insns = icode_to_fcode(root, &len); 314 program->bf_len = len; 315 316 freechunks(); 317 return (0); 318 } 319 320 /* 321 * entry point for using the compiler with no pcap open 322 * pass in all the stuff that is needed explicitly instead. 323 */ 324 int 325 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 326 struct bpf_program *program, 327 const char *buf, int optimize, bpf_u_int32 mask) 328 { 329 extern int n_errors; 330 int len; 331 332 n_errors = 0; 333 root = NULL; 334 bpf_pcap = NULL; 335 if (setjmp(top_ctx)) { 336 freechunks(); 337 return (-1); 338 } 339 340 netmask = mask; 341 342 /* XXX needed? I don't grok the use of globals here. */ 343 snaplen = snaplen_arg; 344 345 lex_init(buf ? buf : ""); 346 init_linktype(linktype_arg); 347 (void)pcap_parse(); 348 349 if (n_errors) 350 syntax(); 351 352 if (root == NULL) 353 root = gen_retblk(snaplen_arg); 354 355 if (optimize) { 356 bpf_optimize(&root); 357 if (root == NULL || 358 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 359 bpf_error("expression rejects all packets"); 360 } 361 program->bf_insns = icode_to_fcode(root, &len); 362 program->bf_len = len; 363 364 freechunks(); 365 return (0); 366 } 367 368 /* 369 * Clean up a "struct bpf_program" by freeing all the memory allocated 370 * in it. 371 */ 372 void 373 pcap_freecode(struct bpf_program *program) 374 { 375 program->bf_len = 0; 376 if (program->bf_insns != NULL) { 377 free((char *)program->bf_insns); 378 program->bf_insns = NULL; 379 } 380 } 381 382 /* 383 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 384 * which of the jt and jf fields has been resolved and which is a pointer 385 * back to another unresolved block (or nil). At least one of the fields 386 * in each block is already resolved. 387 */ 388 static void 389 backpatch(list, target) 390 struct block *list, *target; 391 { 392 struct block *next; 393 394 while (list) { 395 if (!list->sense) { 396 next = JT(list); 397 JT(list) = target; 398 } else { 399 next = JF(list); 400 JF(list) = target; 401 } 402 list = next; 403 } 404 } 405 406 /* 407 * Merge the lists in b0 and b1, using the 'sense' field to indicate 408 * which of jt and jf is the link. 409 */ 410 static void 411 merge(b0, b1) 412 struct block *b0, *b1; 413 { 414 struct block **p = &b0; 415 416 /* Find end of list. */ 417 while (*p) 418 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 419 420 /* Concatenate the lists. */ 421 *p = b1; 422 } 423 424 void 425 finish_parse(p) 426 struct block *p; 427 { 428 backpatch(p, gen_retblk(snaplen)); 429 p->sense = !p->sense; 430 backpatch(p, gen_retblk(0)); 431 root = p->head; 432 433 /* prepend initialization code to root */ 434 if (init_code != NULL && root != NULL) { 435 sappend(init_code, root->stmts); 436 root->stmts = init_code; 437 init_code = NULL; 438 } 439 440 if (iphl_reg != -1) { 441 free_reg(iphl_reg); 442 iphl_reg = -1; 443 } 444 if (nl_reg != -1) { 445 free_reg(nl_reg); 446 nl_reg = -1; 447 } 448 } 449 450 void 451 gen_and(b0, b1) 452 struct block *b0, *b1; 453 { 454 backpatch(b0, b1->head); 455 b0->sense = !b0->sense; 456 b1->sense = !b1->sense; 457 merge(b1, b0); 458 b1->sense = !b1->sense; 459 b1->head = b0->head; 460 } 461 462 void 463 gen_or(b0, b1) 464 struct block *b0, *b1; 465 { 466 b0->sense = !b0->sense; 467 backpatch(b0, b1->head); 468 b0->sense = !b0->sense; 469 merge(b1, b0); 470 b1->head = b0->head; 471 } 472 473 void 474 gen_not(b) 475 struct block *b; 476 { 477 b->sense = !b->sense; 478 } 479 480 static struct block * 481 gen_cmp(offset, size, v) 482 u_int offset, size; 483 bpf_int32 v; 484 { 485 struct slist *s; 486 struct block *b; 487 488 s = new_stmt(BPF_LD|BPF_ABS|size); 489 s->s.k = offset; 490 491 b = new_block(JMP(BPF_JEQ)); 492 b->stmts = s; 493 b->s.k = v; 494 495 return b; 496 } 497 498 static struct block * 499 gen_cmp_gt(offset, size, v) 500 u_int offset, size; 501 bpf_int32 v; 502 { 503 struct slist *s; 504 struct block *b; 505 506 s = new_stmt(BPF_LD|BPF_ABS|size); 507 s->s.k = offset; 508 509 b = new_block(JMP(BPF_JGT)); 510 b->stmts = s; 511 b->s.k = v; 512 513 return b; 514 } 515 516 static struct block * 517 gen_mcmp(offset, size, v, mask) 518 u_int offset, size; 519 bpf_int32 v; 520 bpf_u_int32 mask; 521 { 522 struct block *b = gen_cmp(offset, size, v); 523 struct slist *s; 524 525 if (mask != 0xffffffff) { 526 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 527 s->s.k = mask; 528 sappend(b->stmts, s); 529 } 530 return b; 531 } 532 533 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 534 static struct block * 535 gen_mcmp_nl(offset, size, v, mask) 536 u_int offset, size; 537 bpf_int32 v; 538 bpf_u_int32 mask; 539 { 540 struct block *b = gen_cmp_nl(offset, size, v); 541 struct slist *s; 542 543 if (mask != 0xffffffff) { 544 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 545 s->s.k = mask; 546 sappend(b->stmts, s); 547 } 548 return b; 549 } 550 551 static struct block * 552 gen_bcmp(offset, size, v) 553 u_int offset, size; 554 const u_char *v; 555 { 556 struct block *b, *tmp; 557 558 b = NULL; 559 while (size >= 4) { 560 const u_char *p = &v[size - 4]; 561 bpf_int32 w = ((bpf_int32)p[0] << 24) | 562 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 563 564 tmp = gen_cmp(offset + size - 4, BPF_W, w); 565 if (b != NULL) 566 gen_and(b, tmp); 567 b = tmp; 568 size -= 4; 569 } 570 while (size >= 2) { 571 const u_char *p = &v[size - 2]; 572 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 573 574 tmp = gen_cmp(offset + size - 2, BPF_H, w); 575 if (b != NULL) 576 gen_and(b, tmp); 577 b = tmp; 578 size -= 2; 579 } 580 if (size > 0) { 581 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 582 if (b != NULL) 583 gen_and(b, tmp); 584 b = tmp; 585 } 586 return b; 587 } 588 589 /* 590 * Various code constructs need to know the layout of the data link 591 * layer. These variables give the necessary offsets. off_linktype 592 * is set to -1 for no encapsulation, in which case, IP is assumed. 593 */ 594 static u_int off_linktype; 595 static u_int off_nl; 596 static u_int off_nl_nosnap; 597 598 static int linktype; 599 600 /* Generate code to load the dynamic 'off_nl' to the X register */ 601 static struct slist * 602 nl2X_stmt(void) 603 { 604 struct slist *s, *tmp; 605 606 if (nl_reg == -1) { 607 switch (linktype) { 608 case DLT_PFLOG: 609 /* The pflog header contains PFLOG_REAL_HDRLEN 610 which does NOT include the padding. Round 611 up to the nearest dword boundary */ 612 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 613 s->s.k = 0; 614 615 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 616 tmp->s.k = 3; 617 sappend(s, tmp); 618 619 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 620 tmp->s.k = 0xfc; 621 sappend(s, tmp); 622 623 nl_reg = alloc_reg(); 624 tmp = new_stmt(BPF_ST); 625 tmp->s.k = nl_reg; 626 sappend(s, tmp); 627 628 break; 629 default: 630 bpf_error("Unknown header size for link type 0x%x", 631 linktype); 632 } 633 634 if (init_code == NULL) 635 init_code = s; 636 else 637 sappend(init_code, s); 638 } 639 640 s = new_stmt(BPF_LDX|BPF_MEM); 641 s->s.k = nl_reg; 642 643 return s; 644 } 645 646 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 647 static struct block * 648 gen_cmp_nl(offset, size, v) 649 u_int offset, size; 650 bpf_int32 v; 651 { 652 struct slist *s, *tmp; 653 struct block *b; 654 655 if (variable_nl) { 656 s = nl2X_stmt(); 657 tmp = new_stmt(BPF_LD|BPF_IND|size); 658 tmp->s.k = offset; 659 sappend(s, tmp); 660 } else { 661 s = new_stmt(BPF_LD|BPF_ABS|size); 662 s->s.k = offset + off_nl; 663 } 664 b = new_block(JMP(BPF_JEQ)); 665 b->stmts = s; 666 b->s.k = v; 667 668 return b; 669 } 670 671 static void 672 init_linktype(type) 673 int type; 674 { 675 linktype = type; 676 init_code = NULL; 677 nl_reg = iphl_reg = -1; 678 679 switch (type) { 680 681 case DLT_EN10MB: 682 off_linktype = 12; 683 off_nl = 14; 684 return; 685 686 case DLT_SLIP: 687 /* 688 * SLIP doesn't have a link level type. The 16 byte 689 * header is hacked into our SLIP driver. 690 */ 691 off_linktype = -1; 692 off_nl = 16; 693 return; 694 695 case DLT_SLIP_BSDOS: 696 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 697 off_linktype = -1; 698 /* XXX end */ 699 off_nl = 24; 700 return; 701 702 case DLT_NULL: 703 off_linktype = 0; 704 off_nl = 4; 705 return; 706 707 case DLT_PPP: 708 off_linktype = 2; 709 off_nl = 4; 710 return; 711 712 case DLT_PPP_SERIAL: 713 off_linktype = -1; 714 off_nl = 2; 715 return; 716 717 case DLT_PPP_ETHER: 718 /* 719 * This does not include the Ethernet header, and 720 * only covers session state. 721 */ 722 off_linktype = 6; 723 off_nl = 8; 724 return; 725 726 case DLT_PPP_BSDOS: 727 off_linktype = 5; 728 off_nl = 24; 729 return; 730 731 case DLT_FDDI: 732 /* 733 * FDDI doesn't really have a link-level type field. 734 * We assume that SSAP = SNAP is being used and pick 735 * out the encapsulated Ethernet type. 736 */ 737 off_linktype = 19; 738 #ifdef PCAP_FDDIPAD 739 off_linktype += pcap_fddipad; 740 #endif 741 off_nl = 21; 742 #ifdef PCAP_FDDIPAD 743 off_nl += pcap_fddipad; 744 #endif 745 return; 746 747 case DLT_IEEE802: 748 off_linktype = 20; 749 off_nl = 22; 750 return; 751 752 case DLT_IEEE802_11: 753 off_linktype = 30; /* XXX variable */ 754 off_nl = 32; 755 return; 756 757 case DLT_IEEE802_11_RADIO: /* XXX variable */ 758 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 759 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 760 return; 761 762 case DLT_ATM_RFC1483: 763 /* 764 * assume routed, non-ISO PDUs 765 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 766 */ 767 off_linktype = 6; 768 off_nl = 8; 769 return; 770 771 case DLT_LOOP: 772 off_linktype = 0; 773 off_nl = 4; 774 return; 775 776 case DLT_ENC: 777 off_linktype = -1; 778 off_nl = 12; 779 return; 780 781 case DLT_PFLOG: 782 off_linktype = 0; 783 variable_nl = 1; 784 off_nl = 0; 785 return; 786 787 case DLT_PFSYNC: 788 off_linktype = -1; 789 off_nl = 4; 790 return; 791 792 case DLT_OPENFLOW: 793 off_linktype = -1; 794 off_nl = 12; 795 return; 796 797 case DLT_USBPCAP: 798 /* FALLTHROUGH */ 799 case DLT_RAW: 800 off_linktype = -1; 801 off_nl = 0; 802 return; 803 } 804 bpf_error("unknown data link type 0x%x", linktype); 805 /* NOTREACHED */ 806 } 807 808 static struct block * 809 gen_uncond(rsense) 810 int rsense; 811 { 812 struct block *b; 813 struct slist *s; 814 815 s = new_stmt(BPF_LD|BPF_IMM); 816 s->s.k = !rsense; 817 b = new_block(JMP(BPF_JEQ)); 818 b->stmts = s; 819 820 return b; 821 } 822 823 static __inline struct block * 824 gen_true() 825 { 826 return gen_uncond(1); 827 } 828 829 static __inline struct block * 830 gen_false() 831 { 832 return gen_uncond(0); 833 } 834 835 static struct block * 836 gen_linktype(proto) 837 int proto; 838 { 839 struct block *b0, *b1; 840 841 /* If we're not using encapsulation and checking for IP, we're done */ 842 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP) 843 return gen_true(); 844 #ifdef INET6 845 /* this isn't the right thing to do, but sometimes necessary */ 846 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6) 847 return gen_true(); 848 #endif 849 850 switch (linktype) { 851 852 case DLT_EN10MB: 853 if (proto <= ETHERMTU) { 854 /* This is an LLC SAP value */ 855 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 856 gen_not(b0); 857 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 858 gen_and(b0, b1); 859 return b1; 860 } else { 861 /* This is an Ethernet type */ 862 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 863 } 864 break; 865 866 case DLT_SLIP: 867 return gen_false(); 868 869 case DLT_PPP: 870 case DLT_PPP_ETHER: 871 if (proto == ETHERTYPE_IP) 872 proto = PPP_IP; /* XXX was 0x21 */ 873 #ifdef INET6 874 else if (proto == ETHERTYPE_IPV6) 875 proto = PPP_IPV6; 876 #endif 877 break; 878 879 case DLT_PPP_BSDOS: 880 switch (proto) { 881 882 case ETHERTYPE_IP: 883 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 884 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 885 gen_or(b0, b1); 886 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 887 gen_or(b1, b0); 888 return b0; 889 890 #ifdef INET6 891 case ETHERTYPE_IPV6: 892 proto = PPP_IPV6; 893 /* more to go? */ 894 break; 895 #endif /* INET6 */ 896 897 case ETHERTYPE_DN: 898 proto = PPP_DECNET; 899 break; 900 901 case ETHERTYPE_ATALK: 902 proto = PPP_APPLE; 903 break; 904 905 case ETHERTYPE_NS: 906 proto = PPP_NS; 907 break; 908 } 909 break; 910 911 case DLT_LOOP: 912 case DLT_ENC: 913 case DLT_NULL: 914 { 915 int v; 916 917 if (proto == ETHERTYPE_IP) 918 v = AF_INET; 919 #ifdef INET6 920 else if (proto == ETHERTYPE_IPV6) 921 v = AF_INET6; 922 #endif /* INET6 */ 923 else 924 return gen_false(); 925 926 /* 927 * For DLT_NULL, the link-layer header is a 32-bit word 928 * containing an AF_ value in *host* byte order, and for 929 * DLT_ENC, the link-layer header begins with a 32-bit 930 * word containing an AF_ value in host byte order. 931 * 932 * For DLT_LOOP, the link-layer header is a 32-bit 933 * word containing an AF_ value in *network* byte order. 934 */ 935 if (linktype != DLT_LOOP) 936 v = htonl(v); 937 938 return (gen_cmp(0, BPF_W, (bpf_int32)v)); 939 break; 940 } 941 case DLT_PFLOG: 942 if (proto == ETHERTYPE_IP) 943 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 944 (bpf_int32)AF_INET)); 945 #ifdef INET6 946 else if (proto == ETHERTYPE_IPV6) 947 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 948 (bpf_int32)AF_INET6)); 949 #endif /* INET6 */ 950 else 951 return gen_false(); 952 break; 953 954 } 955 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 956 } 957 958 static struct block * 959 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 960 bpf_u_int32 addr; 961 bpf_u_int32 mask; 962 int dir, proto; 963 u_int src_off, dst_off; 964 { 965 struct block *b0, *b1; 966 u_int offset; 967 968 switch (dir) { 969 970 case Q_SRC: 971 offset = src_off; 972 break; 973 974 case Q_DST: 975 offset = dst_off; 976 break; 977 978 case Q_AND: 979 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 980 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 981 gen_and(b0, b1); 982 return b1; 983 984 case Q_OR: 985 case Q_DEFAULT: 986 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 987 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 988 gen_or(b0, b1); 989 return b1; 990 991 default: 992 bpf_error("direction not supported on linktype 0x%x", 993 linktype); 994 } 995 b0 = gen_linktype(proto); 996 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 997 gen_and(b0, b1); 998 return b1; 999 } 1000 1001 #ifdef INET6 1002 static struct block * 1003 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 1004 struct in6_addr *addr; 1005 struct in6_addr *mask; 1006 int dir, proto; 1007 u_int src_off, dst_off; 1008 { 1009 struct block *b0, *b1; 1010 u_int offset; 1011 u_int32_t *a, *m; 1012 1013 switch (dir) { 1014 1015 case Q_SRC: 1016 offset = src_off; 1017 break; 1018 1019 case Q_DST: 1020 offset = dst_off; 1021 break; 1022 1023 case Q_AND: 1024 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1025 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1026 gen_and(b0, b1); 1027 return b1; 1028 1029 case Q_OR: 1030 case Q_DEFAULT: 1031 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1032 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1033 gen_or(b0, b1); 1034 return b1; 1035 1036 default: 1037 bpf_error("direction not supported on linktype 0x%x", 1038 linktype); 1039 } 1040 /* this order is important */ 1041 a = (u_int32_t *)addr; 1042 m = (u_int32_t *)mask; 1043 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1044 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1045 gen_and(b0, b1); 1046 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1047 gen_and(b0, b1); 1048 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1049 gen_and(b0, b1); 1050 b0 = gen_linktype(proto); 1051 gen_and(b0, b1); 1052 return b1; 1053 } 1054 #endif /*INET6*/ 1055 1056 static struct block * 1057 gen_ehostop(eaddr, dir) 1058 const u_char *eaddr; 1059 int dir; 1060 { 1061 struct block *b0, *b1; 1062 1063 switch (dir) { 1064 case Q_SRC: 1065 return gen_bcmp(6, 6, eaddr); 1066 1067 case Q_DST: 1068 return gen_bcmp(0, 6, eaddr); 1069 1070 case Q_AND: 1071 b0 = gen_ehostop(eaddr, Q_SRC); 1072 b1 = gen_ehostop(eaddr, Q_DST); 1073 gen_and(b0, b1); 1074 return b1; 1075 1076 case Q_DEFAULT: 1077 case Q_OR: 1078 b0 = gen_ehostop(eaddr, Q_SRC); 1079 b1 = gen_ehostop(eaddr, Q_DST); 1080 gen_or(b0, b1); 1081 return b1; 1082 default: 1083 bpf_error("direction not supported on linktype 0x%x", 1084 linktype); 1085 } 1086 /* NOTREACHED */ 1087 } 1088 1089 /* 1090 * Like gen_ehostop, but for DLT_FDDI 1091 */ 1092 static struct block * 1093 gen_fhostop(eaddr, dir) 1094 const u_char *eaddr; 1095 int dir; 1096 { 1097 struct block *b0, *b1; 1098 1099 switch (dir) { 1100 case Q_SRC: 1101 #ifdef PCAP_FDDIPAD 1102 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1103 #else 1104 return gen_bcmp(6 + 1, 6, eaddr); 1105 #endif 1106 1107 case Q_DST: 1108 #ifdef PCAP_FDDIPAD 1109 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1110 #else 1111 return gen_bcmp(0 + 1, 6, eaddr); 1112 #endif 1113 1114 case Q_AND: 1115 b0 = gen_fhostop(eaddr, Q_SRC); 1116 b1 = gen_fhostop(eaddr, Q_DST); 1117 gen_and(b0, b1); 1118 return b1; 1119 1120 case Q_DEFAULT: 1121 case Q_OR: 1122 b0 = gen_fhostop(eaddr, Q_SRC); 1123 b1 = gen_fhostop(eaddr, Q_DST); 1124 gen_or(b0, b1); 1125 return b1; 1126 default: 1127 bpf_error("direction not supported on linktype 0x%x", 1128 linktype); 1129 } 1130 /* NOTREACHED */ 1131 } 1132 1133 /* 1134 * This is quite tricky because there may be pad bytes in front of the 1135 * DECNET header, and then there are two possible data packet formats that 1136 * carry both src and dst addresses, plus 5 packet types in a format that 1137 * carries only the src node, plus 2 types that use a different format and 1138 * also carry just the src node. 1139 * 1140 * Yuck. 1141 * 1142 * Instead of doing those all right, we just look for data packets with 1143 * 0 or 1 bytes of padding. If you want to look at other packets, that 1144 * will require a lot more hacking. 1145 * 1146 * To add support for filtering on DECNET "areas" (network numbers) 1147 * one would want to add a "mask" argument to this routine. That would 1148 * make the filter even more inefficient, although one could be clever 1149 * and not generate masking instructions if the mask is 0xFFFF. 1150 */ 1151 static struct block * 1152 gen_dnhostop(addr, dir, base_off) 1153 bpf_u_int32 addr; 1154 int dir; 1155 u_int base_off; 1156 { 1157 struct block *b0, *b1, *b2, *tmp; 1158 u_int offset_lh; /* offset if long header is received */ 1159 u_int offset_sh; /* offset if short header is received */ 1160 1161 switch (dir) { 1162 1163 case Q_DST: 1164 offset_sh = 1; /* follows flags */ 1165 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1166 break; 1167 1168 case Q_SRC: 1169 offset_sh = 3; /* follows flags, dstnode */ 1170 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1171 break; 1172 1173 case Q_AND: 1174 /* Inefficient because we do our Calvinball dance twice */ 1175 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1176 b1 = gen_dnhostop(addr, Q_DST, base_off); 1177 gen_and(b0, b1); 1178 return b1; 1179 1180 case Q_OR: 1181 case Q_DEFAULT: 1182 /* Inefficient because we do our Calvinball dance twice */ 1183 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1184 b1 = gen_dnhostop(addr, Q_DST, base_off); 1185 gen_or(b0, b1); 1186 return b1; 1187 1188 default: 1189 bpf_error("direction not supported on linktype 0x%x", 1190 linktype); 1191 } 1192 b0 = gen_linktype(ETHERTYPE_DN); 1193 /* Check for pad = 1, long header case */ 1194 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1195 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1196 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1197 BPF_H, (bpf_int32)ntohs(addr)); 1198 gen_and(tmp, b1); 1199 /* Check for pad = 0, long header case */ 1200 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1201 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1202 gen_and(tmp, b2); 1203 gen_or(b2, b1); 1204 /* Check for pad = 1, short header case */ 1205 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1206 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1207 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1208 BPF_H, (bpf_int32)ntohs(addr)); 1209 gen_and(tmp, b2); 1210 gen_or(b2, b1); 1211 /* Check for pad = 0, short header case */ 1212 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1213 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1214 gen_and(tmp, b2); 1215 gen_or(b2, b1); 1216 1217 /* Combine with test for linktype */ 1218 gen_and(b0, b1); 1219 return b1; 1220 } 1221 1222 static struct block * 1223 gen_host(addr, mask, proto, dir) 1224 bpf_u_int32 addr; 1225 bpf_u_int32 mask; 1226 int proto; 1227 int dir; 1228 { 1229 struct block *b0, *b1; 1230 1231 switch (proto) { 1232 1233 case Q_DEFAULT: 1234 b0 = gen_host(addr, mask, Q_IP, dir); 1235 b1 = gen_host(addr, mask, Q_ARP, dir); 1236 gen_or(b0, b1); 1237 b0 = gen_host(addr, mask, Q_RARP, dir); 1238 gen_or(b1, b0); 1239 return b0; 1240 1241 case Q_IP: 1242 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1243 12, 16); 1244 1245 case Q_RARP: 1246 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1247 14, 24); 1248 1249 case Q_ARP: 1250 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1251 14, 24); 1252 1253 case Q_TCP: 1254 bpf_error("'tcp' modifier applied to host"); 1255 1256 case Q_UDP: 1257 bpf_error("'udp' modifier applied to host"); 1258 1259 case Q_ICMP: 1260 bpf_error("'icmp' modifier applied to host"); 1261 1262 case Q_IGMP: 1263 bpf_error("'igmp' modifier applied to host"); 1264 1265 case Q_IGRP: 1266 bpf_error("'igrp' modifier applied to host"); 1267 1268 case Q_PIM: 1269 bpf_error("'pim' modifier applied to host"); 1270 1271 case Q_STP: 1272 bpf_error("'stp' modifier applied to host"); 1273 1274 case Q_ATALK: 1275 bpf_error("ATALK host filtering not implemented"); 1276 1277 case Q_DECNET: 1278 return gen_dnhostop(addr, dir, 0); 1279 1280 case Q_SCA: 1281 bpf_error("SCA host filtering not implemented"); 1282 1283 case Q_LAT: 1284 bpf_error("LAT host filtering not implemented"); 1285 1286 case Q_MOPDL: 1287 bpf_error("MOPDL host filtering not implemented"); 1288 1289 case Q_MOPRC: 1290 bpf_error("MOPRC host filtering not implemented"); 1291 1292 #ifdef INET6 1293 case Q_IPV6: 1294 bpf_error("'ip6' modifier applied to ip host"); 1295 1296 case Q_ICMPV6: 1297 bpf_error("'icmp6' modifier applied to host"); 1298 #endif /* INET6 */ 1299 1300 case Q_AH: 1301 bpf_error("'ah' modifier applied to host"); 1302 1303 case Q_ESP: 1304 bpf_error("'esp' modifier applied to host"); 1305 1306 default: 1307 bpf_error("direction not supported on linktype 0x%x", 1308 linktype); 1309 } 1310 /* NOTREACHED */ 1311 } 1312 1313 #ifdef INET6 1314 static struct block * 1315 gen_host6(addr, mask, proto, dir) 1316 struct in6_addr *addr; 1317 struct in6_addr *mask; 1318 int proto; 1319 int dir; 1320 { 1321 switch (proto) { 1322 1323 case Q_DEFAULT: 1324 return gen_host6(addr, mask, Q_IPV6, dir); 1325 1326 case Q_IP: 1327 bpf_error("'ip' modifier applied to ip6 host"); 1328 1329 case Q_RARP: 1330 bpf_error("'rarp' modifier applied to ip6 host"); 1331 1332 case Q_ARP: 1333 bpf_error("'arp' modifier applied to ip6 host"); 1334 1335 case Q_TCP: 1336 bpf_error("'tcp' modifier applied to host"); 1337 1338 case Q_UDP: 1339 bpf_error("'udp' modifier applied to host"); 1340 1341 case Q_ICMP: 1342 bpf_error("'icmp' modifier applied to host"); 1343 1344 case Q_IGMP: 1345 bpf_error("'igmp' modifier applied to host"); 1346 1347 case Q_IGRP: 1348 bpf_error("'igrp' modifier applied to host"); 1349 1350 case Q_PIM: 1351 bpf_error("'pim' modifier applied to host"); 1352 1353 case Q_STP: 1354 bpf_error("'stp' modifier applied to host"); 1355 1356 case Q_ATALK: 1357 bpf_error("ATALK host filtering not implemented"); 1358 1359 case Q_DECNET: 1360 bpf_error("'decnet' modifier applied to ip6 host"); 1361 1362 case Q_SCA: 1363 bpf_error("SCA host filtering not implemented"); 1364 1365 case Q_LAT: 1366 bpf_error("LAT host filtering not implemented"); 1367 1368 case Q_MOPDL: 1369 bpf_error("MOPDL host filtering not implemented"); 1370 1371 case Q_MOPRC: 1372 bpf_error("MOPRC host filtering not implemented"); 1373 1374 case Q_IPV6: 1375 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1376 8, 24); 1377 1378 case Q_ICMPV6: 1379 bpf_error("'icmp6' modifier applied to host"); 1380 1381 case Q_AH: 1382 bpf_error("'ah' modifier applied to host"); 1383 1384 case Q_ESP: 1385 bpf_error("'esp' modifier applied to host"); 1386 1387 default: 1388 abort(); 1389 } 1390 /* NOTREACHED */ 1391 } 1392 #endif /*INET6*/ 1393 1394 #ifndef INET6 1395 static struct block * 1396 gen_gateway(eaddr, alist, proto, dir) 1397 const u_char *eaddr; 1398 bpf_u_int32 **alist; 1399 int proto; 1400 int dir; 1401 { 1402 struct block *b0, *b1, *tmp; 1403 1404 if (dir != 0) 1405 bpf_error("direction applied to 'gateway'"); 1406 1407 switch (proto) { 1408 case Q_DEFAULT: 1409 case Q_IP: 1410 case Q_ARP: 1411 case Q_RARP: 1412 if (linktype == DLT_EN10MB) 1413 b0 = gen_ehostop(eaddr, Q_OR); 1414 else if (linktype == DLT_FDDI) 1415 b0 = gen_fhostop(eaddr, Q_OR); 1416 else 1417 bpf_error( 1418 "'gateway' supported only on ethernet or FDDI"); 1419 1420 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1421 while (*alist) { 1422 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1423 gen_or(b1, tmp); 1424 b1 = tmp; 1425 } 1426 gen_not(b1); 1427 gen_and(b0, b1); 1428 return b1; 1429 } 1430 bpf_error("illegal modifier of 'gateway'"); 1431 /* NOTREACHED */ 1432 } 1433 #endif /*INET6*/ 1434 1435 struct block * 1436 gen_proto_abbrev(proto) 1437 int proto; 1438 { 1439 struct block *b0 = NULL, *b1; 1440 1441 switch (proto) { 1442 1443 case Q_TCP: 1444 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1445 #ifdef INET6 1446 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1447 gen_or(b0, b1); 1448 #endif 1449 break; 1450 1451 case Q_UDP: 1452 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1453 #ifdef INET6 1454 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1455 gen_or(b0, b1); 1456 #endif 1457 break; 1458 1459 case Q_ICMP: 1460 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1461 break; 1462 1463 #ifndef IPPROTO_IGMP 1464 #define IPPROTO_IGMP 2 1465 #endif 1466 1467 case Q_IGMP: 1468 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1469 break; 1470 1471 #ifndef IPPROTO_IGRP 1472 #define IPPROTO_IGRP 9 1473 #endif 1474 case Q_IGRP: 1475 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1476 break; 1477 1478 #ifndef IPPROTO_PIM 1479 #define IPPROTO_PIM 103 1480 #endif 1481 1482 case Q_PIM: 1483 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1484 #ifdef INET6 1485 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1486 gen_or(b0, b1); 1487 #endif 1488 break; 1489 1490 case Q_IP: 1491 b1 = gen_linktype(ETHERTYPE_IP); 1492 break; 1493 1494 case Q_ARP: 1495 b1 = gen_linktype(ETHERTYPE_ARP); 1496 break; 1497 1498 case Q_RARP: 1499 b1 = gen_linktype(ETHERTYPE_REVARP); 1500 break; 1501 1502 case Q_LINK: 1503 bpf_error("link layer applied in wrong context"); 1504 1505 case Q_ATALK: 1506 b1 = gen_linktype(ETHERTYPE_ATALK); 1507 break; 1508 1509 case Q_DECNET: 1510 b1 = gen_linktype(ETHERTYPE_DN); 1511 break; 1512 1513 case Q_SCA: 1514 b1 = gen_linktype(ETHERTYPE_SCA); 1515 break; 1516 1517 case Q_LAT: 1518 b1 = gen_linktype(ETHERTYPE_LAT); 1519 break; 1520 1521 case Q_MOPDL: 1522 b1 = gen_linktype(ETHERTYPE_MOPDL); 1523 break; 1524 1525 case Q_MOPRC: 1526 b1 = gen_linktype(ETHERTYPE_MOPRC); 1527 break; 1528 1529 case Q_STP: 1530 b1 = gen_linktype(LLCSAP_8021D); 1531 break; 1532 1533 #ifdef INET6 1534 case Q_IPV6: 1535 b1 = gen_linktype(ETHERTYPE_IPV6); 1536 break; 1537 1538 #ifndef IPPROTO_ICMPV6 1539 #define IPPROTO_ICMPV6 58 1540 #endif 1541 case Q_ICMPV6: 1542 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1543 break; 1544 #endif /* INET6 */ 1545 1546 #ifndef IPPROTO_AH 1547 #define IPPROTO_AH 51 1548 #endif 1549 case Q_AH: 1550 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1551 #ifdef INET6 1552 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1553 gen_or(b0, b1); 1554 #endif 1555 break; 1556 1557 #ifndef IPPROTO_ESP 1558 #define IPPROTO_ESP 50 1559 #endif 1560 case Q_ESP: 1561 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1562 #ifdef INET6 1563 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1564 gen_or(b0, b1); 1565 #endif 1566 break; 1567 1568 default: 1569 abort(); 1570 } 1571 return b1; 1572 } 1573 1574 static struct block * 1575 gen_ipfrag() 1576 { 1577 struct slist *s, *tmp; 1578 struct block *b; 1579 1580 /* not ip frag */ 1581 if (variable_nl) { 1582 s = nl2X_stmt(); 1583 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1584 tmp->s.k = 6; 1585 sappend(s, tmp); 1586 } else { 1587 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1588 s->s.k = off_nl + 6; 1589 } 1590 b = new_block(JMP(BPF_JSET)); 1591 b->s.k = 0x1fff; 1592 b->stmts = s; 1593 gen_not(b); 1594 1595 return b; 1596 } 1597 1598 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1599 This function generates code to set X to the start of the IP payload 1600 X = off_nl + IP header_len. 1601 */ 1602 static struct slist * 1603 iphl_to_x(void) 1604 { 1605 struct slist *s, *tmp; 1606 1607 /* XXX clobbers A if variable_nl*/ 1608 if (variable_nl) { 1609 if (iphl_reg == -1) { 1610 /* X <- off_nl */ 1611 s = nl2X_stmt(); 1612 1613 /* A = p[X+0] */ 1614 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1615 tmp->s.k = 0; 1616 sappend(s, tmp); 1617 1618 /* A = A & 0x0f */ 1619 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1620 tmp->s.k = 0x0f; 1621 sappend(s, tmp); 1622 1623 /* A = A << 2 */ 1624 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1625 tmp->s.k = 2; 1626 sappend(s, tmp); 1627 1628 /* A = A + X (add off_nl again to compansate) */ 1629 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1630 1631 /* MEM[iphl_reg] = A */ 1632 iphl_reg = alloc_reg(); 1633 tmp = new_stmt(BPF_ST); 1634 tmp->s.k = iphl_reg; 1635 sappend(s, tmp); 1636 1637 sappend(init_code, s); 1638 } 1639 s = new_stmt(BPF_LDX|BPF_MEM); 1640 s->s.k = iphl_reg; 1641 1642 } else { 1643 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1644 s->s.k = off_nl; 1645 } 1646 1647 return s; 1648 } 1649 1650 static struct block * 1651 gen_portatom(off, v) 1652 int off; 1653 bpf_int32 v; 1654 { 1655 struct slist *s, *tmp; 1656 struct block *b; 1657 1658 s = iphl_to_x(); 1659 1660 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1661 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1662 sappend(s, tmp); 1663 1664 b = new_block(JMP(BPF_JEQ)); 1665 b->stmts = s; 1666 b->s.k = v; 1667 1668 return b; 1669 } 1670 1671 #ifdef INET6 1672 static struct block * 1673 gen_portatom6(off, v) 1674 int off; 1675 bpf_int32 v; 1676 { 1677 return gen_cmp_nl(40 + off, BPF_H, v); 1678 } 1679 #endif/*INET6*/ 1680 1681 struct block * 1682 gen_portop(port, proto, dir) 1683 int port, proto, dir; 1684 { 1685 struct block *b0, *b1, *tmp; 1686 1687 /* ip proto 'proto' */ 1688 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1689 b0 = gen_ipfrag(); 1690 gen_and(tmp, b0); 1691 1692 switch (dir) { 1693 case Q_SRC: 1694 b1 = gen_portatom(0, (bpf_int32)port); 1695 break; 1696 1697 case Q_DST: 1698 b1 = gen_portatom(2, (bpf_int32)port); 1699 break; 1700 1701 case Q_OR: 1702 case Q_DEFAULT: 1703 tmp = gen_portatom(0, (bpf_int32)port); 1704 b1 = gen_portatom(2, (bpf_int32)port); 1705 gen_or(tmp, b1); 1706 break; 1707 1708 case Q_AND: 1709 tmp = gen_portatom(0, (bpf_int32)port); 1710 b1 = gen_portatom(2, (bpf_int32)port); 1711 gen_and(tmp, b1); 1712 break; 1713 1714 default: 1715 abort(); 1716 } 1717 gen_and(b0, b1); 1718 1719 return b1; 1720 } 1721 1722 static struct block * 1723 gen_port(port, ip_proto, dir) 1724 int port; 1725 int ip_proto; 1726 int dir; 1727 { 1728 struct block *b0, *b1, *tmp; 1729 1730 /* ether proto ip */ 1731 b0 = gen_linktype(ETHERTYPE_IP); 1732 1733 switch (ip_proto) { 1734 case IPPROTO_UDP: 1735 case IPPROTO_TCP: 1736 b1 = gen_portop(port, ip_proto, dir); 1737 break; 1738 1739 case PROTO_UNDEF: 1740 tmp = gen_portop(port, IPPROTO_TCP, dir); 1741 b1 = gen_portop(port, IPPROTO_UDP, dir); 1742 gen_or(tmp, b1); 1743 break; 1744 1745 default: 1746 abort(); 1747 } 1748 gen_and(b0, b1); 1749 return b1; 1750 } 1751 1752 #ifdef INET6 1753 struct block * 1754 gen_portop6(port, proto, dir) 1755 int port, proto, dir; 1756 { 1757 struct block *b0, *b1, *tmp; 1758 1759 /* ip proto 'proto' */ 1760 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1761 1762 switch (dir) { 1763 case Q_SRC: 1764 b1 = gen_portatom6(0, (bpf_int32)port); 1765 break; 1766 1767 case Q_DST: 1768 b1 = gen_portatom6(2, (bpf_int32)port); 1769 break; 1770 1771 case Q_OR: 1772 case Q_DEFAULT: 1773 tmp = gen_portatom6(0, (bpf_int32)port); 1774 b1 = gen_portatom6(2, (bpf_int32)port); 1775 gen_or(tmp, b1); 1776 break; 1777 1778 case Q_AND: 1779 tmp = gen_portatom6(0, (bpf_int32)port); 1780 b1 = gen_portatom6(2, (bpf_int32)port); 1781 gen_and(tmp, b1); 1782 break; 1783 1784 default: 1785 abort(); 1786 } 1787 gen_and(b0, b1); 1788 1789 return b1; 1790 } 1791 1792 static struct block * 1793 gen_port6(port, ip_proto, dir) 1794 int port; 1795 int ip_proto; 1796 int dir; 1797 { 1798 struct block *b0, *b1, *tmp; 1799 1800 /* ether proto ip */ 1801 b0 = gen_linktype(ETHERTYPE_IPV6); 1802 1803 switch (ip_proto) { 1804 case IPPROTO_UDP: 1805 case IPPROTO_TCP: 1806 b1 = gen_portop6(port, ip_proto, dir); 1807 break; 1808 1809 case PROTO_UNDEF: 1810 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1811 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1812 gen_or(tmp, b1); 1813 break; 1814 1815 default: 1816 abort(); 1817 } 1818 gen_and(b0, b1); 1819 return b1; 1820 } 1821 #endif /* INET6 */ 1822 1823 static int 1824 lookup_proto(name, proto) 1825 const char *name; 1826 int proto; 1827 { 1828 int v; 1829 1830 switch (proto) { 1831 1832 case Q_DEFAULT: 1833 case Q_IP: 1834 v = pcap_nametoproto(name); 1835 if (v == PROTO_UNDEF) 1836 bpf_error("unknown ip proto '%s'", name); 1837 break; 1838 1839 case Q_LINK: 1840 /* XXX should look up h/w protocol type based on linktype */ 1841 v = pcap_nametoeproto(name); 1842 if (v == PROTO_UNDEF) { 1843 v = pcap_nametollc(name); 1844 if (v == PROTO_UNDEF) 1845 bpf_error("unknown ether proto '%s'", name); 1846 } 1847 break; 1848 1849 default: 1850 v = PROTO_UNDEF; 1851 break; 1852 } 1853 return v; 1854 } 1855 1856 static struct block * 1857 gen_protochain(v, proto, dir) 1858 int v; 1859 int proto; 1860 int dir; 1861 { 1862 struct block *b0, *b; 1863 struct slist *s[100]; 1864 int fix2, fix3, fix4, fix5; 1865 int ahcheck, again, end; 1866 int i, max; 1867 int reg1 = alloc_reg(); 1868 int reg2 = alloc_reg(); 1869 1870 memset(s, 0, sizeof(s)); 1871 fix2 = fix3 = fix4 = fix5 = 0; 1872 1873 if (variable_nl) { 1874 bpf_error("'gen_protochain' not supported for variable DLTs"); 1875 /*NOTREACHED*/ 1876 } 1877 1878 switch (proto) { 1879 case Q_IP: 1880 case Q_IPV6: 1881 break; 1882 case Q_DEFAULT: 1883 b0 = gen_protochain(v, Q_IP, dir); 1884 b = gen_protochain(v, Q_IPV6, dir); 1885 gen_or(b0, b); 1886 return b; 1887 default: 1888 bpf_error("bad protocol applied for 'protochain'"); 1889 /*NOTREACHED*/ 1890 } 1891 1892 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1893 1894 /* 1895 * s[0] is a dummy entry to protect other BPF insn from damaged 1896 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1897 * hard to find interdependency made by jump table fixup. 1898 */ 1899 i = 0; 1900 s[i] = new_stmt(0); /*dummy*/ 1901 i++; 1902 1903 switch (proto) { 1904 case Q_IP: 1905 b0 = gen_linktype(ETHERTYPE_IP); 1906 1907 /* A = ip->ip_p */ 1908 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1909 s[i]->s.k = off_nl + 9; 1910 i++; 1911 /* X = ip->ip_hl << 2 */ 1912 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1913 s[i]->s.k = off_nl; 1914 i++; 1915 break; 1916 case Q_IPV6: 1917 b0 = gen_linktype(ETHERTYPE_IPV6); 1918 1919 /* A = ip6->ip_nxt */ 1920 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1921 s[i]->s.k = off_nl + 6; 1922 i++; 1923 /* X = sizeof(struct ip6_hdr) */ 1924 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1925 s[i]->s.k = 40; 1926 i++; 1927 break; 1928 default: 1929 bpf_error("unsupported proto to gen_protochain"); 1930 /*NOTREACHED*/ 1931 } 1932 1933 /* again: if (A == v) goto end; else fall through; */ 1934 again = i; 1935 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1936 s[i]->s.k = v; 1937 s[i]->s.jt = NULL; /*later*/ 1938 s[i]->s.jf = NULL; /*update in next stmt*/ 1939 fix5 = i; 1940 i++; 1941 1942 /* if (A == IPPROTO_NONE) goto end */ 1943 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1944 s[i]->s.jt = NULL; /*later*/ 1945 s[i]->s.jf = NULL; /*update in next stmt*/ 1946 s[i]->s.k = IPPROTO_NONE; 1947 s[fix5]->s.jf = s[i]; 1948 fix2 = i; 1949 i++; 1950 1951 if (proto == Q_IPV6) { 1952 int v6start, v6end, v6advance, j; 1953 1954 v6start = i; 1955 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1956 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1957 s[i]->s.jt = NULL; /*later*/ 1958 s[i]->s.jf = NULL; /*update in next stmt*/ 1959 s[i]->s.k = IPPROTO_HOPOPTS; 1960 s[fix2]->s.jf = s[i]; 1961 i++; 1962 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1963 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1964 s[i]->s.jt = NULL; /*later*/ 1965 s[i]->s.jf = NULL; /*update in next stmt*/ 1966 s[i]->s.k = IPPROTO_DSTOPTS; 1967 i++; 1968 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1969 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1970 s[i]->s.jt = NULL; /*later*/ 1971 s[i]->s.jf = NULL; /*update in next stmt*/ 1972 s[i]->s.k = IPPROTO_ROUTING; 1973 i++; 1974 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1975 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1976 s[i]->s.jt = NULL; /*later*/ 1977 s[i]->s.jf = NULL; /*later*/ 1978 s[i]->s.k = IPPROTO_FRAGMENT; 1979 fix3 = i; 1980 v6end = i; 1981 i++; 1982 1983 /* v6advance: */ 1984 v6advance = i; 1985 1986 /* 1987 * in short, 1988 * A = P[X + 1]; 1989 * X = X + (P[X] + 1) * 8; 1990 */ 1991 /* A = X */ 1992 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1993 i++; 1994 /* MEM[reg1] = A */ 1995 s[i] = new_stmt(BPF_ST); 1996 s[i]->s.k = reg1; 1997 i++; 1998 /* A += 1 */ 1999 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2000 s[i]->s.k = 1; 2001 i++; 2002 /* X = A */ 2003 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2004 i++; 2005 /* A = P[X + packet head]; */ 2006 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2007 s[i]->s.k = off_nl; 2008 i++; 2009 /* MEM[reg2] = A */ 2010 s[i] = new_stmt(BPF_ST); 2011 s[i]->s.k = reg2; 2012 i++; 2013 /* X = MEM[reg1] */ 2014 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2015 s[i]->s.k = reg1; 2016 i++; 2017 /* A = P[X + packet head] */ 2018 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2019 s[i]->s.k = off_nl; 2020 i++; 2021 /* A += 1 */ 2022 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2023 s[i]->s.k = 1; 2024 i++; 2025 /* A *= 8 */ 2026 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2027 s[i]->s.k = 8; 2028 i++; 2029 /* X = A; */ 2030 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2031 i++; 2032 /* A = MEM[reg2] */ 2033 s[i] = new_stmt(BPF_LD|BPF_MEM); 2034 s[i]->s.k = reg2; 2035 i++; 2036 2037 /* goto again; (must use BPF_JA for backward jump) */ 2038 s[i] = new_stmt(BPF_JMP|BPF_JA); 2039 s[i]->s.k = again - i - 1; 2040 s[i - 1]->s.jf = s[i]; 2041 i++; 2042 2043 /* fixup */ 2044 for (j = v6start; j <= v6end; j++) 2045 s[j]->s.jt = s[v6advance]; 2046 } else { 2047 /* nop */ 2048 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2049 s[i]->s.k = 0; 2050 s[fix2]->s.jf = s[i]; 2051 i++; 2052 } 2053 2054 /* ahcheck: */ 2055 ahcheck = i; 2056 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2057 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2058 s[i]->s.jt = NULL; /*later*/ 2059 s[i]->s.jf = NULL; /*later*/ 2060 s[i]->s.k = IPPROTO_AH; 2061 if (fix3) 2062 s[fix3]->s.jf = s[ahcheck]; 2063 fix4 = i; 2064 i++; 2065 2066 /* 2067 * in short, 2068 * A = P[X + 1]; 2069 * X = X + (P[X] + 2) * 4; 2070 */ 2071 /* A = X */ 2072 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2073 i++; 2074 /* MEM[reg1] = A */ 2075 s[i] = new_stmt(BPF_ST); 2076 s[i]->s.k = reg1; 2077 i++; 2078 /* A += 1 */ 2079 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2080 s[i]->s.k = 1; 2081 i++; 2082 /* X = A */ 2083 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2084 i++; 2085 /* A = P[X + packet head]; */ 2086 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2087 s[i]->s.k = off_nl; 2088 i++; 2089 /* MEM[reg2] = A */ 2090 s[i] = new_stmt(BPF_ST); 2091 s[i]->s.k = reg2; 2092 i++; 2093 /* X = MEM[reg1] */ 2094 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2095 s[i]->s.k = reg1; 2096 i++; 2097 /* A = P[X + packet head] */ 2098 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2099 s[i]->s.k = off_nl; 2100 i++; 2101 /* A += 2 */ 2102 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2103 s[i]->s.k = 2; 2104 i++; 2105 /* A *= 4 */ 2106 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2107 s[i]->s.k = 4; 2108 i++; 2109 /* X = A; */ 2110 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2111 i++; 2112 /* A = MEM[reg2] */ 2113 s[i] = new_stmt(BPF_LD|BPF_MEM); 2114 s[i]->s.k = reg2; 2115 i++; 2116 2117 /* goto again; (must use BPF_JA for backward jump) */ 2118 s[i] = new_stmt(BPF_JMP|BPF_JA); 2119 s[i]->s.k = again - i - 1; 2120 i++; 2121 2122 /* end: nop */ 2123 end = i; 2124 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2125 s[i]->s.k = 0; 2126 s[fix2]->s.jt = s[end]; 2127 s[fix4]->s.jf = s[end]; 2128 s[fix5]->s.jt = s[end]; 2129 i++; 2130 2131 /* 2132 * make slist chain 2133 */ 2134 max = i; 2135 for (i = 0; i < max - 1; i++) 2136 s[i]->next = s[i + 1]; 2137 s[max - 1]->next = NULL; 2138 2139 /* 2140 * emit final check 2141 */ 2142 b = new_block(JMP(BPF_JEQ)); 2143 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2144 b->s.k = v; 2145 2146 free_reg(reg1); 2147 free_reg(reg2); 2148 2149 gen_and(b0, b); 2150 return b; 2151 } 2152 2153 static struct block * 2154 gen_proto(v, proto, dir) 2155 int v; 2156 int proto; 2157 int dir; 2158 { 2159 struct block *b0, *b1; 2160 2161 if (dir != Q_DEFAULT) 2162 bpf_error("direction applied to 'proto'"); 2163 2164 switch (proto) { 2165 case Q_DEFAULT: 2166 #ifdef INET6 2167 b0 = gen_proto(v, Q_IP, dir); 2168 b1 = gen_proto(v, Q_IPV6, dir); 2169 gen_or(b0, b1); 2170 return b1; 2171 #else 2172 /*FALLTHROUGH*/ 2173 #endif 2174 case Q_IP: 2175 b0 = gen_linktype(ETHERTYPE_IP); 2176 #ifndef CHASE_CHAIN 2177 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2178 #else 2179 b1 = gen_protochain(v, Q_IP); 2180 #endif 2181 gen_and(b0, b1); 2182 return b1; 2183 2184 case Q_ARP: 2185 bpf_error("arp does not encapsulate another protocol"); 2186 /* NOTREACHED */ 2187 2188 case Q_RARP: 2189 bpf_error("rarp does not encapsulate another protocol"); 2190 /* NOTREACHED */ 2191 2192 case Q_ATALK: 2193 bpf_error("atalk encapsulation is not specifiable"); 2194 /* NOTREACHED */ 2195 2196 case Q_DECNET: 2197 bpf_error("decnet encapsulation is not specifiable"); 2198 /* NOTREACHED */ 2199 2200 case Q_SCA: 2201 bpf_error("sca does not encapsulate another protocol"); 2202 /* NOTREACHED */ 2203 2204 case Q_LAT: 2205 bpf_error("lat does not encapsulate another protocol"); 2206 /* NOTREACHED */ 2207 2208 case Q_MOPRC: 2209 bpf_error("moprc does not encapsulate another protocol"); 2210 /* NOTREACHED */ 2211 2212 case Q_MOPDL: 2213 bpf_error("mopdl does not encapsulate another protocol"); 2214 /* NOTREACHED */ 2215 2216 case Q_LINK: 2217 return gen_linktype(v); 2218 2219 case Q_UDP: 2220 bpf_error("'udp proto' is bogus"); 2221 /* NOTREACHED */ 2222 2223 case Q_TCP: 2224 bpf_error("'tcp proto' is bogus"); 2225 /* NOTREACHED */ 2226 2227 case Q_ICMP: 2228 bpf_error("'icmp proto' is bogus"); 2229 /* NOTREACHED */ 2230 2231 case Q_IGMP: 2232 bpf_error("'igmp proto' is bogus"); 2233 /* NOTREACHED */ 2234 2235 case Q_IGRP: 2236 bpf_error("'igrp proto' is bogus"); 2237 /* NOTREACHED */ 2238 2239 case Q_PIM: 2240 bpf_error("'pim proto' is bogus"); 2241 /* NOTREACHED */ 2242 2243 case Q_STP: 2244 bpf_error("'stp proto' is bogus"); 2245 /* NOTREACHED */ 2246 2247 #ifdef INET6 2248 case Q_IPV6: 2249 b0 = gen_linktype(ETHERTYPE_IPV6); 2250 #ifndef CHASE_CHAIN 2251 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2252 #else 2253 b1 = gen_protochain(v, Q_IPV6); 2254 #endif 2255 gen_and(b0, b1); 2256 return b1; 2257 2258 case Q_ICMPV6: 2259 bpf_error("'icmp6 proto' is bogus"); 2260 #endif /* INET6 */ 2261 2262 case Q_AH: 2263 bpf_error("'ah proto' is bogus"); 2264 2265 case Q_ESP: 2266 bpf_error("'esp proto' is bogus"); 2267 2268 default: 2269 abort(); 2270 /* NOTREACHED */ 2271 } 2272 /* NOTREACHED */ 2273 } 2274 2275 struct block * 2276 gen_scode(name, q) 2277 const char *name; 2278 struct qual q; 2279 { 2280 int proto = q.proto; 2281 int dir = q.dir; 2282 int tproto; 2283 u_char *eaddr; 2284 bpf_u_int32 mask, addr; 2285 #ifndef INET6 2286 bpf_u_int32 **alist; 2287 #else 2288 int tproto6; 2289 struct sockaddr_in *sin; 2290 struct sockaddr_in6 *sin6; 2291 struct addrinfo *res, *res0; 2292 struct in6_addr mask128; 2293 #endif /*INET6*/ 2294 struct block *b, *tmp; 2295 int port, real_proto; 2296 2297 switch (q.addr) { 2298 2299 case Q_NET: 2300 addr = pcap_nametonetaddr(name); 2301 if (addr == 0) 2302 bpf_error("unknown network '%s'", name); 2303 /* Left justify network addr and calculate its network mask */ 2304 mask = 0xffffffff; 2305 while (addr && (addr & 0xff000000) == 0) { 2306 addr <<= 8; 2307 mask <<= 8; 2308 } 2309 return gen_host(addr, mask, proto, dir); 2310 2311 case Q_DEFAULT: 2312 case Q_HOST: 2313 if (proto == Q_LINK) { 2314 switch (linktype) { 2315 2316 case DLT_EN10MB: 2317 eaddr = pcap_ether_hostton(name); 2318 if (eaddr == NULL) 2319 bpf_error( 2320 "unknown ether host '%s'", name); 2321 return gen_ehostop(eaddr, dir); 2322 2323 case DLT_FDDI: 2324 eaddr = pcap_ether_hostton(name); 2325 if (eaddr == NULL) 2326 bpf_error( 2327 "unknown FDDI host '%s'", name); 2328 return gen_fhostop(eaddr, dir); 2329 2330 case DLT_IEEE802_11: 2331 case DLT_IEEE802_11_RADIO: 2332 eaddr = pcap_ether_hostton(name); 2333 if (eaddr == NULL) 2334 bpf_error( 2335 "unknown 802.11 host '%s'", name); 2336 2337 return gen_p80211_hostop(eaddr, dir); 2338 2339 default: 2340 bpf_error( 2341 "only ethernet/FDDI supports link-level host name"); 2342 break; 2343 } 2344 } else if (proto == Q_DECNET) { 2345 unsigned short dn_addr = __pcap_nametodnaddr(name); 2346 /* 2347 * I don't think DECNET hosts can be multihomed, so 2348 * there is no need to build up a list of addresses 2349 */ 2350 return (gen_host(dn_addr, 0, proto, dir)); 2351 } else { 2352 #ifndef INET6 2353 alist = pcap_nametoaddr(name); 2354 if (alist == NULL || *alist == NULL) 2355 bpf_error("unknown host '%s'", name); 2356 tproto = proto; 2357 if (off_linktype == -1 && tproto == Q_DEFAULT) 2358 tproto = Q_IP; 2359 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2360 while (*alist) { 2361 tmp = gen_host(**alist++, 0xffffffff, 2362 tproto, dir); 2363 gen_or(b, tmp); 2364 b = tmp; 2365 } 2366 return b; 2367 #else 2368 memset(&mask128, 0xff, sizeof(mask128)); 2369 res0 = res = pcap_nametoaddrinfo(name); 2370 if (res == NULL) 2371 bpf_error("unknown host '%s'", name); 2372 b = tmp = NULL; 2373 tproto = tproto6 = proto; 2374 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2375 tproto = Q_IP; 2376 tproto6 = Q_IPV6; 2377 } 2378 for (res = res0; res; res = res->ai_next) { 2379 switch (res->ai_family) { 2380 case AF_INET: 2381 if (tproto == Q_IPV6) 2382 continue; 2383 2384 sin = (struct sockaddr_in *) 2385 res->ai_addr; 2386 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2387 0xffffffff, tproto, dir); 2388 break; 2389 case AF_INET6: 2390 if (tproto6 == Q_IP) 2391 continue; 2392 2393 sin6 = (struct sockaddr_in6 *) 2394 res->ai_addr; 2395 tmp = gen_host6(&sin6->sin6_addr, 2396 &mask128, tproto6, dir); 2397 break; 2398 } 2399 if (b) 2400 gen_or(b, tmp); 2401 b = tmp; 2402 } 2403 freeaddrinfo(res0); 2404 if (b == NULL) { 2405 bpf_error("unknown host '%s'%s", name, 2406 (proto == Q_DEFAULT) 2407 ? "" 2408 : " for specified address family"); 2409 } 2410 return b; 2411 #endif /*INET6*/ 2412 } 2413 2414 case Q_PORT: 2415 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2416 bpf_error("illegal qualifier of 'port'"); 2417 if (pcap_nametoport(name, &port, &real_proto) == 0) 2418 bpf_error("unknown port '%s'", name); 2419 if (proto == Q_UDP) { 2420 if (real_proto == IPPROTO_TCP) 2421 bpf_error("port '%s' is tcp", name); 2422 else 2423 /* override PROTO_UNDEF */ 2424 real_proto = IPPROTO_UDP; 2425 } 2426 if (proto == Q_TCP) { 2427 if (real_proto == IPPROTO_UDP) 2428 bpf_error("port '%s' is udp", name); 2429 else 2430 /* override PROTO_UNDEF */ 2431 real_proto = IPPROTO_TCP; 2432 } 2433 #ifndef INET6 2434 return gen_port(port, real_proto, dir); 2435 #else 2436 { 2437 struct block *b; 2438 b = gen_port(port, real_proto, dir); 2439 gen_or(gen_port6(port, real_proto, dir), b); 2440 return b; 2441 } 2442 #endif /* INET6 */ 2443 2444 case Q_GATEWAY: 2445 #ifndef INET6 2446 eaddr = pcap_ether_hostton(name); 2447 if (eaddr == NULL) 2448 bpf_error("unknown ether host: %s", name); 2449 2450 alist = pcap_nametoaddr(name); 2451 if (alist == NULL || *alist == NULL) 2452 bpf_error("unknown host '%s'", name); 2453 return gen_gateway(eaddr, alist, proto, dir); 2454 #else 2455 bpf_error("'gateway' not supported in this configuration"); 2456 #endif /*INET6*/ 2457 2458 case Q_PROTO: 2459 real_proto = lookup_proto(name, proto); 2460 if (real_proto >= 0) 2461 return gen_proto(real_proto, proto, dir); 2462 else 2463 bpf_error("unknown protocol: %s", name); 2464 2465 case Q_PROTOCHAIN: 2466 real_proto = lookup_proto(name, proto); 2467 if (real_proto >= 0) 2468 return gen_protochain(real_proto, proto, dir); 2469 else 2470 bpf_error("unknown protocol: %s", name); 2471 2472 2473 case Q_UNDEF: 2474 syntax(); 2475 /* NOTREACHED */ 2476 } 2477 abort(); 2478 /* NOTREACHED */ 2479 } 2480 2481 struct block * 2482 gen_mcode(s1, s2, masklen, q) 2483 const char *s1, *s2; 2484 int masklen; 2485 struct qual q; 2486 { 2487 int nlen, mlen; 2488 bpf_u_int32 n, m; 2489 2490 nlen = __pcap_atoin(s1, &n); 2491 /* Promote short ipaddr */ 2492 n <<= 32 - nlen; 2493 2494 if (s2 != NULL) { 2495 mlen = __pcap_atoin(s2, &m); 2496 /* Promote short ipaddr */ 2497 m <<= 32 - mlen; 2498 if ((n & ~m) != 0) 2499 bpf_error("non-network bits set in \"%s mask %s\"", 2500 s1, s2); 2501 } else { 2502 /* Convert mask len to mask */ 2503 if (masklen > 32) 2504 bpf_error("mask length must be <= 32"); 2505 m = 0xffffffff << (32 - masklen); 2506 if ((n & ~m) != 0) 2507 bpf_error("non-network bits set in \"%s/%d\"", 2508 s1, masklen); 2509 } 2510 2511 switch (q.addr) { 2512 2513 case Q_NET: 2514 return gen_host(n, m, q.proto, q.dir); 2515 2516 default: 2517 bpf_error("Mask syntax for networks only"); 2518 /* NOTREACHED */ 2519 } 2520 } 2521 2522 struct block * 2523 gen_ncode(s, v, q) 2524 const char *s; 2525 bpf_u_int32 v; 2526 struct qual q; 2527 { 2528 bpf_u_int32 mask; 2529 int proto = q.proto; 2530 int dir = q.dir; 2531 int vlen; 2532 2533 if (s == NULL) 2534 vlen = 32; 2535 else if (q.proto == Q_DECNET) 2536 vlen = __pcap_atodn(s, &v); 2537 else 2538 vlen = __pcap_atoin(s, &v); 2539 2540 switch (q.addr) { 2541 2542 case Q_DEFAULT: 2543 case Q_HOST: 2544 case Q_NET: 2545 if (proto == Q_DECNET) 2546 return gen_host(v, 0, proto, dir); 2547 else if (proto == Q_LINK) { 2548 bpf_error("illegal link layer address"); 2549 } else { 2550 mask = 0xffffffff; 2551 if (s == NULL && q.addr == Q_NET) { 2552 /* Promote short net number */ 2553 while (v && (v & 0xff000000) == 0) { 2554 v <<= 8; 2555 mask <<= 8; 2556 } 2557 } else { 2558 /* Promote short ipaddr */ 2559 v <<= 32 - vlen; 2560 mask <<= 32 - vlen; 2561 } 2562 return gen_host(v, mask, proto, dir); 2563 } 2564 2565 case Q_PORT: 2566 if (proto == Q_UDP) 2567 proto = IPPROTO_UDP; 2568 else if (proto == Q_TCP) 2569 proto = IPPROTO_TCP; 2570 else if (proto == Q_DEFAULT) 2571 proto = PROTO_UNDEF; 2572 else 2573 bpf_error("illegal qualifier of 'port'"); 2574 2575 #ifndef INET6 2576 return gen_port((int)v, proto, dir); 2577 #else 2578 { 2579 struct block *b; 2580 b = gen_port((int)v, proto, dir); 2581 gen_or(gen_port6((int)v, proto, dir), b); 2582 return b; 2583 } 2584 #endif /* INET6 */ 2585 2586 case Q_GATEWAY: 2587 bpf_error("'gateway' requires a name"); 2588 /* NOTREACHED */ 2589 2590 case Q_PROTO: 2591 return gen_proto((int)v, proto, dir); 2592 2593 case Q_PROTOCHAIN: 2594 return gen_protochain((int)v, proto, dir); 2595 2596 case Q_UNDEF: 2597 syntax(); 2598 /* NOTREACHED */ 2599 2600 default: 2601 abort(); 2602 /* NOTREACHED */ 2603 } 2604 /* NOTREACHED */ 2605 } 2606 2607 #ifdef INET6 2608 struct block * 2609 gen_mcode6(s1, s2, masklen, q) 2610 const char *s1, *s2; 2611 int masklen; 2612 struct qual q; 2613 { 2614 struct addrinfo *res; 2615 struct in6_addr *addr; 2616 struct in6_addr mask; 2617 struct block *b; 2618 u_int32_t *a, *m; 2619 2620 if (s2) 2621 bpf_error("no mask %s supported", s2); 2622 2623 res = pcap_nametoaddrinfo(s1); 2624 if (!res) 2625 bpf_error("invalid ip6 address %s", s1); 2626 if (res->ai_next) 2627 bpf_error("%s resolved to multiple address", s1); 2628 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2629 2630 if (sizeof(mask) * 8 < masklen) 2631 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2632 memset(&mask, 0, sizeof(mask)); 2633 memset(&mask, 0xff, masklen / 8); 2634 if (masklen % 8) { 2635 mask.s6_addr[masklen / 8] = 2636 (0xff << (8 - masklen % 8)) & 0xff; 2637 } 2638 2639 a = (u_int32_t *)addr; 2640 m = (u_int32_t *)&mask; 2641 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2642 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2643 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2644 } 2645 2646 switch (q.addr) { 2647 2648 case Q_DEFAULT: 2649 case Q_HOST: 2650 if (masklen != 128) 2651 bpf_error("Mask syntax for networks only"); 2652 /* FALLTHROUGH */ 2653 2654 case Q_NET: 2655 b = gen_host6(addr, &mask, q.proto, q.dir); 2656 freeaddrinfo(res); 2657 return b; 2658 2659 default: 2660 bpf_error("invalid qualifier against IPv6 address"); 2661 /* NOTREACHED */ 2662 } 2663 } 2664 #endif /*INET6*/ 2665 2666 struct block * 2667 gen_ecode(eaddr, q) 2668 const u_char *eaddr; 2669 struct qual q; 2670 { 2671 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2672 if (linktype == DLT_EN10MB) 2673 return gen_ehostop(eaddr, (int)q.dir); 2674 if (linktype == DLT_FDDI) 2675 return gen_fhostop(eaddr, (int)q.dir); 2676 if (linktype == DLT_IEEE802_11 || 2677 linktype == DLT_IEEE802_11_RADIO) 2678 return gen_p80211_hostop(eaddr, (int)q.dir); 2679 } 2680 bpf_error("ethernet address used in non-ether expression"); 2681 /* NOTREACHED */ 2682 } 2683 2684 void 2685 sappend(s0, s1) 2686 struct slist *s0, *s1; 2687 { 2688 /* 2689 * This is definitely not the best way to do this, but the 2690 * lists will rarely get long. 2691 */ 2692 while (s0->next) 2693 s0 = s0->next; 2694 s0->next = s1; 2695 } 2696 2697 static struct slist * 2698 xfer_to_x(a) 2699 struct arth *a; 2700 { 2701 struct slist *s; 2702 2703 s = new_stmt(BPF_LDX|BPF_MEM); 2704 s->s.k = a->regno; 2705 return s; 2706 } 2707 2708 static struct slist * 2709 xfer_to_a(a) 2710 struct arth *a; 2711 { 2712 struct slist *s; 2713 2714 s = new_stmt(BPF_LD|BPF_MEM); 2715 s->s.k = a->regno; 2716 return s; 2717 } 2718 2719 struct arth * 2720 gen_load(proto, index, size) 2721 int proto; 2722 struct arth *index; 2723 int size; 2724 { 2725 struct slist *s, *tmp; 2726 struct block *b; 2727 int regno = alloc_reg(); 2728 2729 free_reg(index->regno); 2730 switch (size) { 2731 2732 default: 2733 bpf_error("data size must be 1, 2, or 4"); 2734 2735 case 1: 2736 size = BPF_B; 2737 break; 2738 2739 case 2: 2740 size = BPF_H; 2741 break; 2742 2743 case 4: 2744 size = BPF_W; 2745 break; 2746 } 2747 switch (proto) { 2748 default: 2749 bpf_error("unsupported index operation"); 2750 2751 case Q_LINK: 2752 s = xfer_to_x(index); 2753 tmp = new_stmt(BPF_LD|BPF_IND|size); 2754 sappend(s, tmp); 2755 sappend(index->s, s); 2756 break; 2757 2758 case Q_IP: 2759 case Q_ARP: 2760 case Q_RARP: 2761 case Q_ATALK: 2762 case Q_DECNET: 2763 case Q_SCA: 2764 case Q_LAT: 2765 case Q_MOPRC: 2766 case Q_MOPDL: 2767 #ifdef INET6 2768 case Q_IPV6: 2769 #endif 2770 /* XXX Note that we assume a fixed link header here. */ 2771 if (variable_nl) { 2772 s = nl2X_stmt(); 2773 sappend(s, xfer_to_a(index)); 2774 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2775 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2776 } else { 2777 s = xfer_to_x(index); 2778 } 2779 tmp = new_stmt(BPF_LD|BPF_IND|size); 2780 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2781 sappend(s, tmp); 2782 sappend(index->s, s); 2783 2784 b = gen_proto_abbrev(proto); 2785 if (index->b) 2786 gen_and(index->b, b); 2787 index->b = b; 2788 break; 2789 2790 case Q_TCP: 2791 case Q_UDP: 2792 case Q_ICMP: 2793 case Q_IGMP: 2794 case Q_IGRP: 2795 case Q_PIM: 2796 s = iphl_to_x(); 2797 sappend(s, xfer_to_a(index)); 2798 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2799 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2800 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2801 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2802 sappend(index->s, s); 2803 2804 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2805 if (index->b) 2806 gen_and(index->b, b); 2807 #ifdef INET6 2808 gen_and(gen_proto_abbrev(Q_IP), b); 2809 #endif 2810 index->b = b; 2811 break; 2812 #ifdef INET6 2813 case Q_ICMPV6: 2814 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2815 /*NOTREACHED*/ 2816 #endif 2817 } 2818 index->regno = regno; 2819 s = new_stmt(BPF_ST); 2820 s->s.k = regno; 2821 sappend(index->s, s); 2822 2823 return index; 2824 } 2825 2826 struct block * 2827 gen_relation(code, a0, a1, reversed) 2828 int code; 2829 struct arth *a0, *a1; 2830 int reversed; 2831 { 2832 struct slist *s0, *s1, *s2; 2833 struct block *b, *tmp; 2834 2835 s0 = xfer_to_x(a1); 2836 s1 = xfer_to_a(a0); 2837 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2838 b = new_block(JMP(code)); 2839 if (code == BPF_JGT || code == BPF_JGE) { 2840 reversed = !reversed; 2841 b->s.k = 0x80000000; 2842 } 2843 if (reversed) 2844 gen_not(b); 2845 2846 sappend(s1, s2); 2847 sappend(s0, s1); 2848 sappend(a1->s, s0); 2849 sappend(a0->s, a1->s); 2850 2851 b->stmts = a0->s; 2852 2853 free_reg(a0->regno); 2854 free_reg(a1->regno); 2855 2856 /* 'and' together protocol checks */ 2857 if (a0->b) { 2858 if (a1->b) { 2859 gen_and(a0->b, tmp = a1->b); 2860 } 2861 else 2862 tmp = a0->b; 2863 } else 2864 tmp = a1->b; 2865 2866 if (tmp) 2867 gen_and(tmp, b); 2868 2869 return b; 2870 } 2871 2872 struct arth * 2873 gen_loadlen() 2874 { 2875 int regno = alloc_reg(); 2876 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2877 struct slist *s; 2878 2879 s = new_stmt(BPF_LD|BPF_LEN); 2880 s->next = new_stmt(BPF_ST); 2881 s->next->s.k = regno; 2882 a->s = s; 2883 a->regno = regno; 2884 2885 return a; 2886 } 2887 2888 struct arth * 2889 gen_loadrnd() 2890 { 2891 int regno = alloc_reg(); 2892 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2893 struct slist *s; 2894 2895 s = new_stmt(BPF_LD|BPF_RND); 2896 s->next = new_stmt(BPF_ST); 2897 s->next->s.k = regno; 2898 a->s = s; 2899 a->regno = regno; 2900 2901 return a; 2902 } 2903 2904 struct arth * 2905 gen_loadi(val) 2906 int val; 2907 { 2908 struct arth *a; 2909 struct slist *s; 2910 int reg; 2911 2912 a = (struct arth *)newchunk(sizeof(*a)); 2913 2914 reg = alloc_reg(); 2915 2916 s = new_stmt(BPF_LD|BPF_IMM); 2917 s->s.k = val; 2918 s->next = new_stmt(BPF_ST); 2919 s->next->s.k = reg; 2920 a->s = s; 2921 a->regno = reg; 2922 2923 return a; 2924 } 2925 2926 struct arth * 2927 gen_neg(a) 2928 struct arth *a; 2929 { 2930 struct slist *s; 2931 2932 s = xfer_to_a(a); 2933 sappend(a->s, s); 2934 s = new_stmt(BPF_ALU|BPF_NEG); 2935 s->s.k = 0; 2936 sappend(a->s, s); 2937 s = new_stmt(BPF_ST); 2938 s->s.k = a->regno; 2939 sappend(a->s, s); 2940 2941 return a; 2942 } 2943 2944 struct arth * 2945 gen_arth(code, a0, a1) 2946 int code; 2947 struct arth *a0, *a1; 2948 { 2949 struct slist *s0, *s1, *s2; 2950 2951 s0 = xfer_to_x(a1); 2952 s1 = xfer_to_a(a0); 2953 s2 = new_stmt(BPF_ALU|BPF_X|code); 2954 2955 sappend(s1, s2); 2956 sappend(s0, s1); 2957 sappend(a1->s, s0); 2958 sappend(a0->s, a1->s); 2959 2960 free_reg(a1->regno); 2961 2962 s0 = new_stmt(BPF_ST); 2963 a0->regno = s0->s.k = alloc_reg(); 2964 sappend(a0->s, s0); 2965 2966 return a0; 2967 } 2968 2969 /* 2970 * Here we handle simple allocation of the scratch registers. 2971 * If too many registers are alloc'd, the allocator punts. 2972 */ 2973 static int regused[BPF_MEMWORDS]; 2974 static int curreg; 2975 2976 /* 2977 * Return the next free register. 2978 */ 2979 static int 2980 alloc_reg() 2981 { 2982 int n = BPF_MEMWORDS; 2983 2984 while (--n >= 0) { 2985 if (regused[curreg]) 2986 curreg = (curreg + 1) % BPF_MEMWORDS; 2987 else { 2988 regused[curreg] = 1; 2989 return curreg; 2990 } 2991 } 2992 bpf_error("too many registers needed to evaluate expression"); 2993 /* NOTREACHED */ 2994 } 2995 2996 /* 2997 * Return a register to the table so it can 2998 * be used later. 2999 */ 3000 static void 3001 free_reg(n) 3002 int n; 3003 { 3004 regused[n] = 0; 3005 } 3006 3007 static struct block * 3008 gen_len(jmp, n) 3009 int jmp, n; 3010 { 3011 struct slist *s; 3012 struct block *b; 3013 3014 s = new_stmt(BPF_LD|BPF_LEN); 3015 b = new_block(JMP(jmp)); 3016 b->stmts = s; 3017 b->s.k = n; 3018 3019 return b; 3020 } 3021 3022 struct block * 3023 gen_greater(n) 3024 int n; 3025 { 3026 return gen_len(BPF_JGE, n); 3027 } 3028 3029 struct block * 3030 gen_less(n) 3031 int n; 3032 { 3033 struct block *b; 3034 3035 b = gen_len(BPF_JGT, n); 3036 gen_not(b); 3037 3038 return b; 3039 } 3040 3041 struct block * 3042 gen_byteop(op, idx, val) 3043 int op, idx, val; 3044 { 3045 struct block *b; 3046 struct slist *s; 3047 3048 switch (op) { 3049 default: 3050 abort(); 3051 3052 case '=': 3053 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3054 3055 case '<': 3056 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3057 b->s.code = JMP(BPF_JGE); 3058 gen_not(b); 3059 return b; 3060 3061 case '>': 3062 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3063 b->s.code = JMP(BPF_JGT); 3064 return b; 3065 3066 case '|': 3067 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3068 break; 3069 3070 case '&': 3071 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3072 break; 3073 } 3074 s->s.k = val; 3075 b = new_block(JMP(BPF_JEQ)); 3076 b->stmts = s; 3077 gen_not(b); 3078 3079 return b; 3080 } 3081 3082 struct block * 3083 gen_broadcast(proto) 3084 int proto; 3085 { 3086 bpf_u_int32 hostmask; 3087 struct block *b0, *b1, *b2; 3088 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3089 3090 switch (proto) { 3091 3092 case Q_DEFAULT: 3093 case Q_LINK: 3094 if (linktype == DLT_EN10MB) 3095 return gen_ehostop(ebroadcast, Q_DST); 3096 if (linktype == DLT_FDDI) 3097 return gen_fhostop(ebroadcast, Q_DST); 3098 if (linktype == DLT_IEEE802_11 || 3099 linktype == DLT_IEEE802_11_RADIO) 3100 return gen_p80211_hostop(ebroadcast, Q_DST); 3101 bpf_error("not a broadcast link"); 3102 break; 3103 3104 case Q_IP: 3105 /* 3106 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff) 3107 * as an indication that we don't know the netmask, and fail 3108 * in that case. 3109 */ 3110 if (netmask == PCAP_NETMASK_UNKNOWN) 3111 bpf_error("netmask not known, so 'ip broadcast' not supported"); 3112 b0 = gen_linktype(ETHERTYPE_IP); 3113 hostmask = ~netmask; 3114 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3115 b2 = gen_mcmp_nl(16, BPF_W, 3116 (bpf_int32)(~0 & hostmask), hostmask); 3117 gen_or(b1, b2); 3118 gen_and(b0, b2); 3119 return b2; 3120 } 3121 bpf_error("only ether/ip broadcast filters supported"); 3122 } 3123 3124 struct block * 3125 gen_multicast(proto) 3126 int proto; 3127 { 3128 struct block *b0, *b1; 3129 struct slist *s; 3130 3131 switch (proto) { 3132 3133 case Q_DEFAULT: 3134 case Q_LINK: 3135 if (linktype == DLT_EN10MB) { 3136 /* ether[0] & 1 != 0 */ 3137 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3138 s->s.k = 0; 3139 b0 = new_block(JMP(BPF_JSET)); 3140 b0->s.k = 1; 3141 b0->stmts = s; 3142 return b0; 3143 } 3144 3145 if (linktype == DLT_FDDI) { 3146 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3147 /* fddi[1] & 1 != 0 */ 3148 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3149 s->s.k = 1; 3150 b0 = new_block(JMP(BPF_JSET)); 3151 b0->s.k = 1; 3152 b0->stmts = s; 3153 return b0; 3154 } 3155 /* Link not known to support multicasts */ 3156 break; 3157 3158 case Q_IP: 3159 b0 = gen_linktype(ETHERTYPE_IP); 3160 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3161 b1->s.code = JMP(BPF_JGE); 3162 gen_and(b0, b1); 3163 return b1; 3164 3165 #ifdef INET6 3166 case Q_IPV6: 3167 b0 = gen_linktype(ETHERTYPE_IPV6); 3168 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3169 gen_and(b0, b1); 3170 return b1; 3171 #endif /* INET6 */ 3172 } 3173 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3174 } 3175 3176 /* 3177 * generate command for inbound/outbound. It's here so we can 3178 * make it link-type specific. 'dir' = 0 implies "inbound", 3179 * = 1 implies "outbound". 3180 */ 3181 struct block * 3182 gen_inbound(dir) 3183 int dir; 3184 { 3185 struct block *b0; 3186 3187 /* 3188 * Only SLIP and old-style PPP data link types support 3189 * inbound/outbound qualifiers. 3190 */ 3191 switch (linktype) { 3192 case DLT_SLIP: 3193 case DLT_PPP: 3194 b0 = gen_relation(BPF_JEQ, 3195 gen_load(Q_LINK, gen_loadi(0), 1), 3196 gen_loadi(0), 3197 dir); 3198 break; 3199 3200 case DLT_PFLOG: 3201 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3202 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3203 break; 3204 3205 default: 3206 bpf_error("inbound/outbound not supported on linktype 0x%x", 3207 linktype); 3208 /* NOTREACHED */ 3209 } 3210 3211 return (b0); 3212 } 3213 3214 3215 /* PF firewall log matched interface */ 3216 struct block * 3217 gen_pf_ifname(char *ifname) 3218 { 3219 struct block *b0; 3220 u_int len, off; 3221 3222 if (linktype == DLT_PFLOG) { 3223 len = sizeof(((struct pfloghdr *)0)->ifname); 3224 off = offsetof(struct pfloghdr, ifname); 3225 } else { 3226 bpf_error("ifname not supported on linktype 0x%x", linktype); 3227 /* NOTREACHED */ 3228 } 3229 if (strlen(ifname) >= len) { 3230 bpf_error("ifname interface names can only be %d characters", 3231 len - 1); 3232 /* NOTREACHED */ 3233 } 3234 b0 = gen_bcmp(off, strlen(ifname) + 1, ifname); 3235 return (b0); 3236 } 3237 3238 3239 /* PF firewall log ruleset name */ 3240 struct block * 3241 gen_pf_ruleset(char *ruleset) 3242 { 3243 struct block *b0; 3244 3245 if (linktype != DLT_PFLOG) { 3246 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3247 /* NOTREACHED */ 3248 } 3249 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3250 bpf_error("ruleset names can only be %zu characters", 3251 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3252 /* NOTREACHED */ 3253 } 3254 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3255 strlen(ruleset), ruleset); 3256 return (b0); 3257 } 3258 3259 3260 /* PF firewall log rule number */ 3261 struct block * 3262 gen_pf_rnr(int rnr) 3263 { 3264 struct block *b0; 3265 3266 if (linktype == DLT_PFLOG) { 3267 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3268 (bpf_int32)rnr); 3269 } else { 3270 bpf_error("rnr not supported on linktype 0x%x", linktype); 3271 /* NOTREACHED */ 3272 } 3273 3274 return (b0); 3275 } 3276 3277 3278 /* PF firewall log sub-rule number */ 3279 struct block * 3280 gen_pf_srnr(int srnr) 3281 { 3282 struct block *b0; 3283 3284 if (linktype != DLT_PFLOG) { 3285 bpf_error("srnr not supported on linktype 0x%x", linktype); 3286 /* NOTREACHED */ 3287 } 3288 3289 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3290 (bpf_int32)srnr); 3291 return (b0); 3292 } 3293 3294 /* PF firewall log reason code */ 3295 struct block * 3296 gen_pf_reason(int reason) 3297 { 3298 struct block *b0; 3299 3300 if (linktype == DLT_PFLOG) { 3301 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3302 (bpf_int32)reason); 3303 } else { 3304 bpf_error("reason not supported on linktype 0x%x", linktype); 3305 /* NOTREACHED */ 3306 } 3307 3308 return (b0); 3309 } 3310 3311 /* PF firewall log action */ 3312 struct block * 3313 gen_pf_action(int action) 3314 { 3315 struct block *b0; 3316 3317 if (linktype == DLT_PFLOG) { 3318 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3319 (bpf_int32)action); 3320 } else { 3321 bpf_error("action not supported on linktype 0x%x", linktype); 3322 /* NOTREACHED */ 3323 } 3324 3325 return (b0); 3326 } 3327 3328 /* IEEE 802.11 wireless header */ 3329 struct block * 3330 gen_p80211_type(int type, int mask) 3331 { 3332 struct block *b0; 3333 u_int offset; 3334 3335 if (!(linktype == DLT_IEEE802_11 || 3336 linktype == DLT_IEEE802_11_RADIO)) { 3337 bpf_error("type not supported on linktype 0x%x", 3338 linktype); 3339 /* NOTREACHED */ 3340 } 3341 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3342 if (linktype == DLT_IEEE802_11_RADIO) 3343 offset += IEEE80211_RADIOTAP_HDRLEN; 3344 3345 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3346 3347 return (b0); 3348 } 3349 3350 static struct block * 3351 gen_ahostop(eaddr, dir) 3352 const u_char *eaddr; 3353 int dir; 3354 { 3355 struct block *b0, *b1; 3356 3357 switch (dir) { 3358 /* src comes first, different from Ethernet */ 3359 case Q_SRC: 3360 return gen_bcmp(0, 1, eaddr); 3361 3362 case Q_DST: 3363 return gen_bcmp(1, 1, eaddr); 3364 3365 case Q_AND: 3366 b0 = gen_ahostop(eaddr, Q_SRC); 3367 b1 = gen_ahostop(eaddr, Q_DST); 3368 gen_and(b0, b1); 3369 return b1; 3370 3371 case Q_DEFAULT: 3372 case Q_OR: 3373 b0 = gen_ahostop(eaddr, Q_SRC); 3374 b1 = gen_ahostop(eaddr, Q_DST); 3375 gen_or(b0, b1); 3376 return b1; 3377 } 3378 abort(); 3379 /* NOTREACHED */ 3380 } 3381 3382 struct block * 3383 gen_acode(eaddr, q) 3384 const u_char *eaddr; 3385 struct qual q; 3386 { 3387 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3388 if (linktype == DLT_ARCNET) 3389 return gen_ahostop(eaddr, (int)q.dir); 3390 } 3391 bpf_error("ARCnet address used in non-arc expression"); 3392 /* NOTREACHED */ 3393 } 3394 3395 struct block * 3396 gen_mpls(label) 3397 int label; 3398 { 3399 struct block *b0; 3400 3401 if (label > MPLS_LABEL_MAX) 3402 bpf_error("invalid MPLS label : %d", label); 3403 3404 if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */ 3405 b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1); 3406 else 3407 b0 = gen_linktype(ETHERTYPE_MPLS); 3408 3409 if (label >= 0) { 3410 struct block *b1; 3411 3412 b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12), 3413 MPLS_LABEL_MASK); 3414 gen_and(b0, b1); 3415 b0 = b1; 3416 } 3417 off_nl += 4; 3418 off_linktype += 4; 3419 mpls_stack++; 3420 return (b0); 3421 } 3422 3423 /* 3424 * support IEEE 802.1Q VLAN trunk over ethernet 3425 */ 3426 struct block * 3427 gen_vlan(vlan_num) 3428 int vlan_num; 3429 { 3430 struct block *b0; 3431 3432 if (variable_nl) { 3433 bpf_error("'vlan' not supported for variable DLTs"); 3434 /*NOTREACHED*/ 3435 } 3436 3437 if (vlan_num > 4095) { 3438 bpf_error("invalid VLAN number : %d", vlan_num); 3439 /*NOTREACHED*/ 3440 } 3441 3442 /* 3443 * Change the offsets to point to the type and data fields within 3444 * the VLAN packet. This is somewhat of a kludge. 3445 */ 3446 if (orig_nl == (u_int)-1) { 3447 orig_linktype = off_linktype; /* save original values */ 3448 orig_nl = off_nl; 3449 orig_nl_nosnap = off_nl_nosnap; 3450 3451 switch (linktype) { 3452 3453 case DLT_EN10MB: 3454 off_linktype = 16; 3455 off_nl_nosnap = 18; 3456 off_nl = 18; 3457 break; 3458 3459 default: 3460 bpf_error("no VLAN support for data link type %d", 3461 linktype); 3462 /*NOTREACHED*/ 3463 } 3464 } 3465 3466 /* check for VLAN */ 3467 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3468 3469 /* If a specific VLAN is requested, check VLAN id */ 3470 if (vlan_num >= 0) { 3471 struct block *b1; 3472 3473 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF); 3474 gen_and(b0, b1); 3475 b0 = b1; 3476 } 3477 3478 return (b0); 3479 } 3480 3481 struct block * 3482 gen_sample(int rate) 3483 { 3484 struct block *b0; 3485 long long threshold = 0x100000000LL; /* 0xffffffff + 1 */ 3486 3487 if (rate < 2) { 3488 bpf_error("sample %d is too low", rate); 3489 /*NOTREACHED*/ 3490 } 3491 if (rate > (1 << 20)) { 3492 bpf_error("sample %d is too high", rate); 3493 /*NOTREACHED*/ 3494 } 3495 3496 threshold /= rate; 3497 b0 = gen_relation(BPF_JGT, gen_loadrnd(), gen_loadi(threshold), 1); 3498 3499 return (b0); 3500 } 3501 3502 struct block * 3503 gen_p80211_fcdir(int fcdir) 3504 { 3505 struct block *b0; 3506 u_int offset; 3507 3508 if (!(linktype == DLT_IEEE802_11 || 3509 linktype == DLT_IEEE802_11_RADIO)) { 3510 bpf_error("frame direction not supported on linktype 0x%x", 3511 linktype); 3512 /* NOTREACHED */ 3513 } 3514 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3515 if (linktype == DLT_IEEE802_11_RADIO) 3516 offset += IEEE80211_RADIOTAP_HDRLEN; 3517 3518 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3519 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3520 3521 return (b0); 3522 } 3523 3524 static struct block * 3525 gen_p80211_hostop(const u_char *lladdr, int dir) 3526 { 3527 struct block *b0, *b1, *b2, *b3, *b4; 3528 u_int offset = 0; 3529 3530 if (linktype == DLT_IEEE802_11_RADIO) 3531 offset = IEEE80211_RADIOTAP_HDRLEN; 3532 3533 switch (dir) { 3534 case Q_SRC: 3535 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3536 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3537 lladdr); 3538 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3539 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3540 lladdr); 3541 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3542 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3543 lladdr); 3544 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3545 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3546 lladdr); 3547 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3548 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3549 lladdr); 3550 3551 gen_or(b0, b1); 3552 gen_or(b1, b2); 3553 gen_or(b2, b3); 3554 gen_or(b3, b4); 3555 return (b4); 3556 3557 case Q_DST: 3558 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3559 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3560 lladdr); 3561 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3562 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3563 lladdr); 3564 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3565 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3566 lladdr); 3567 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3568 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3569 lladdr); 3570 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3571 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3572 lladdr); 3573 3574 gen_or(b0, b1); 3575 gen_or(b1, b2); 3576 gen_or(b2, b3); 3577 gen_or(b3, b4); 3578 return (b4); 3579 3580 case Q_ADDR1: 3581 return (gen_bcmp(offset + 3582 (u_int)offsetof(struct ieee80211_frame, 3583 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3584 3585 case Q_ADDR2: 3586 return (gen_bcmp(offset + 3587 (u_int)offsetof(struct ieee80211_frame, 3588 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3589 3590 case Q_ADDR3: 3591 return (gen_bcmp(offset + 3592 (u_int)offsetof(struct ieee80211_frame, 3593 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3594 3595 case Q_ADDR4: 3596 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3597 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3598 lladdr)); 3599 3600 case Q_AND: 3601 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3602 b1 = gen_p80211_hostop(lladdr, Q_DST); 3603 gen_and(b0, b1); 3604 return (b1); 3605 3606 case Q_DEFAULT: 3607 case Q_OR: 3608 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3609 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3610 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3611 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3612 gen_or(b0, b1); 3613 gen_or(b1, b2); 3614 gen_or(b2, b3); 3615 return (b3); 3616 3617 default: 3618 bpf_error("direction not supported on linktype 0x%x", 3619 linktype); 3620 } 3621 /* NOTREACHED */ 3622 } 3623 3624 static struct block * 3625 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3626 { 3627 struct block *b0, *b1; 3628 3629 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3630 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3631 gen_and(b0, b1); 3632 3633 return (b1); 3634 } 3635