1 /* $OpenBSD: gencode.c,v 1.48 2018/02/06 02:55:48 dlg Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/param.h> /* ALIGN */ 25 #include <sys/types.h> 26 #include <sys/socket.h> 27 #include <sys/time.h> 28 29 struct mbuf; 30 struct rtentry; 31 32 #include <net/if.h> 33 34 #include <netinet/in.h> 35 #include <netinet/if_ether.h> 36 37 #include <net/if_pflog.h> 38 #include <net/pfvar.h> 39 40 #include <net80211/ieee80211.h> 41 #include <net80211/ieee80211_radiotap.h> 42 43 #include <stdlib.h> 44 #include <stddef.h> 45 #include <setjmp.h> 46 #include <stdarg.h> 47 #include <string.h> 48 49 #include "pcap-int.h" 50 51 #include "ethertype.h" 52 #include "llc.h" 53 #include "gencode.h" 54 #include "ppp.h" 55 #include <pcap-namedb.h> 56 #ifdef INET6 57 #include <netdb.h> 58 #endif /*INET6*/ 59 60 #ifdef HAVE_OS_PROTO_H 61 #include "os-proto.h" 62 #endif 63 64 #define JMP(c) ((c)|BPF_JMP|BPF_K) 65 66 /* Locals */ 67 static jmp_buf top_ctx; 68 static pcap_t *bpf_pcap; 69 70 /* Hack for updating VLAN offsets. */ 71 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 72 73 /* XXX */ 74 #ifdef PCAP_FDDIPAD 75 int pcap_fddipad = PCAP_FDDIPAD; 76 #else 77 int pcap_fddipad; 78 #endif 79 80 __dead void 81 bpf_error(const char *fmt, ...) 82 { 83 va_list ap; 84 85 va_start(ap, fmt); 86 if (bpf_pcap != NULL) 87 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 88 fmt, ap); 89 va_end(ap); 90 longjmp(top_ctx, 1); 91 /* NOTREACHED */ 92 } 93 94 static void init_linktype(int); 95 96 static int alloc_reg(void); 97 static void free_reg(int); 98 99 static struct block *root; 100 101 /* initialization code used for variable link header */ 102 static struct slist *init_code = NULL; 103 104 /* Flags and registers for variable link type handling */ 105 static int variable_nl; 106 static int nl_reg, iphl_reg; 107 108 /* 109 * We divy out chunks of memory rather than call malloc each time so 110 * we don't have to worry about leaking memory. It's probably 111 * not a big deal if all this memory was wasted but it this ever 112 * goes into a library that would probably not be a good idea. 113 */ 114 #define NCHUNKS 16 115 #define CHUNK0SIZE 1024 116 struct chunk { 117 u_int n_left; 118 void *m; 119 }; 120 121 static struct chunk chunks[NCHUNKS]; 122 static int cur_chunk; 123 124 static void *newchunk(u_int); 125 static void freechunks(void); 126 static __inline struct block *new_block(int); 127 static __inline struct slist *new_stmt(int); 128 static struct block *gen_retblk(int); 129 static __inline void syntax(void); 130 131 static void backpatch(struct block *, struct block *); 132 static void merge(struct block *, struct block *); 133 static struct block *gen_cmp(u_int, u_int, bpf_int32); 134 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 135 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 136 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 137 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 138 static struct block *gen_bcmp(u_int, u_int, const u_char *); 139 static struct block *gen_uncond(int); 140 static __inline struct block *gen_true(void); 141 static __inline struct block *gen_false(void); 142 static struct block *gen_linktype(int); 143 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 144 #ifdef INET6 145 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 146 #endif 147 static struct block *gen_ehostop(const u_char *, int); 148 static struct block *gen_fhostop(const u_char *, int); 149 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 150 static struct block *gen_p80211_hostop(const u_char *, int); 151 static struct block *gen_p80211_addr(int, u_int, const u_char *); 152 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 153 #ifdef INET6 154 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 155 #endif 156 #ifndef INET6 157 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 158 #endif 159 static struct block *gen_ipfrag(void); 160 static struct block *gen_portatom(int, bpf_int32); 161 #ifdef INET6 162 static struct block *gen_portatom6(int, bpf_int32); 163 #endif 164 struct block *gen_portop(int, int, int); 165 static struct block *gen_port(int, int, int); 166 #ifdef INET6 167 struct block *gen_portop6(int, int, int); 168 static struct block *gen_port6(int, int, int); 169 #endif 170 static int lookup_proto(const char *, int); 171 static struct block *gen_protochain(int, int, int); 172 static struct block *gen_proto(int, int, int); 173 static struct slist *xfer_to_x(struct arth *); 174 static struct slist *xfer_to_a(struct arth *); 175 static struct block *gen_len(int, int); 176 177 static void * 178 newchunk(n) 179 u_int n; 180 { 181 struct chunk *cp; 182 int k, size; 183 184 /* XXX Round to structure boundary. */ 185 n = ALIGN(n); 186 187 cp = &chunks[cur_chunk]; 188 if (n > cp->n_left) { 189 ++cp, k = ++cur_chunk; 190 if (k >= NCHUNKS) 191 bpf_error("out of memory"); 192 size = CHUNK0SIZE << k; 193 cp->m = calloc(1, size); 194 if (cp->m == NULL) 195 bpf_error("out of memory"); 196 197 cp->n_left = size; 198 if (n > size) 199 bpf_error("out of memory"); 200 } 201 cp->n_left -= n; 202 return (void *)((char *)cp->m + cp->n_left); 203 } 204 205 static void 206 freechunks() 207 { 208 int i; 209 210 cur_chunk = 0; 211 for (i = 0; i < NCHUNKS; ++i) { 212 free(chunks[i].m); 213 chunks[i].m = NULL; 214 } 215 } 216 217 /* 218 * A strdup whose allocations are freed after code generation is over. 219 */ 220 char * 221 sdup(s) 222 const char *s; 223 { 224 int n = strlen(s) + 1; 225 char *cp = newchunk(n); 226 227 strlcpy(cp, s, n); 228 return (cp); 229 } 230 231 static __inline struct block * 232 new_block(code) 233 int code; 234 { 235 struct block *p; 236 237 p = (struct block *)newchunk(sizeof(*p)); 238 p->s.code = code; 239 p->head = p; 240 241 return p; 242 } 243 244 static __inline struct slist * 245 new_stmt(code) 246 int code; 247 { 248 struct slist *p; 249 250 p = (struct slist *)newchunk(sizeof(*p)); 251 p->s.code = code; 252 253 return p; 254 } 255 256 static struct block * 257 gen_retblk(v) 258 int v; 259 { 260 struct block *b = new_block(BPF_RET|BPF_K); 261 262 b->s.k = v; 263 return b; 264 } 265 266 static __inline void 267 syntax() 268 { 269 bpf_error("syntax error in filter expression"); 270 } 271 272 static bpf_u_int32 netmask; 273 static int snaplen; 274 int no_optimize; 275 276 int 277 pcap_compile(pcap_t *p, struct bpf_program *program, 278 char *buf, int optimize, bpf_u_int32 mask) 279 { 280 extern int n_errors; 281 int len; 282 283 no_optimize = 0; 284 n_errors = 0; 285 root = NULL; 286 bpf_pcap = p; 287 if (setjmp(top_ctx)) { 288 freechunks(); 289 return (-1); 290 } 291 292 netmask = mask; 293 snaplen = pcap_snapshot(p); 294 295 lex_init(buf ? buf : ""); 296 init_linktype(pcap_datalink(p)); 297 (void)pcap_parse(); 298 299 if (n_errors) 300 syntax(); 301 302 if (root == NULL) 303 root = gen_retblk(snaplen); 304 305 if (optimize && !no_optimize) { 306 bpf_optimize(&root); 307 if (root == NULL || 308 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 309 bpf_error("expression rejects all packets"); 310 } 311 program->bf_insns = icode_to_fcode(root, &len); 312 program->bf_len = len; 313 314 freechunks(); 315 return (0); 316 } 317 318 /* 319 * entry point for using the compiler with no pcap open 320 * pass in all the stuff that is needed explicitly instead. 321 */ 322 int 323 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 324 struct bpf_program *program, 325 char *buf, int optimize, bpf_u_int32 mask) 326 { 327 extern int n_errors; 328 int len; 329 330 n_errors = 0; 331 root = NULL; 332 bpf_pcap = NULL; 333 if (setjmp(top_ctx)) { 334 freechunks(); 335 return (-1); 336 } 337 338 netmask = mask; 339 340 /* XXX needed? I don't grok the use of globals here. */ 341 snaplen = snaplen_arg; 342 343 lex_init(buf ? buf : ""); 344 init_linktype(linktype_arg); 345 (void)pcap_parse(); 346 347 if (n_errors) 348 syntax(); 349 350 if (root == NULL) 351 root = gen_retblk(snaplen_arg); 352 353 if (optimize) { 354 bpf_optimize(&root); 355 if (root == NULL || 356 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 357 bpf_error("expression rejects all packets"); 358 } 359 program->bf_insns = icode_to_fcode(root, &len); 360 program->bf_len = len; 361 362 freechunks(); 363 return (0); 364 } 365 366 /* 367 * Clean up a "struct bpf_program" by freeing all the memory allocated 368 * in it. 369 */ 370 void 371 pcap_freecode(struct bpf_program *program) 372 { 373 program->bf_len = 0; 374 if (program->bf_insns != NULL) { 375 free((char *)program->bf_insns); 376 program->bf_insns = NULL; 377 } 378 } 379 380 /* 381 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 382 * which of the jt and jf fields has been resolved and which is a pointer 383 * back to another unresolved block (or nil). At least one of the fields 384 * in each block is already resolved. 385 */ 386 static void 387 backpatch(list, target) 388 struct block *list, *target; 389 { 390 struct block *next; 391 392 while (list) { 393 if (!list->sense) { 394 next = JT(list); 395 JT(list) = target; 396 } else { 397 next = JF(list); 398 JF(list) = target; 399 } 400 list = next; 401 } 402 } 403 404 /* 405 * Merge the lists in b0 and b1, using the 'sense' field to indicate 406 * which of jt and jf is the link. 407 */ 408 static void 409 merge(b0, b1) 410 struct block *b0, *b1; 411 { 412 struct block **p = &b0; 413 414 /* Find end of list. */ 415 while (*p) 416 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 417 418 /* Concatenate the lists. */ 419 *p = b1; 420 } 421 422 void 423 finish_parse(p) 424 struct block *p; 425 { 426 backpatch(p, gen_retblk(snaplen)); 427 p->sense = !p->sense; 428 backpatch(p, gen_retblk(0)); 429 root = p->head; 430 431 /* prepend initialization code to root */ 432 if (init_code != NULL && root != NULL) { 433 sappend(init_code, root->stmts); 434 root->stmts = init_code; 435 init_code = NULL; 436 } 437 438 if (iphl_reg != -1) { 439 free_reg(iphl_reg); 440 iphl_reg = -1; 441 } 442 if (nl_reg != -1) { 443 free_reg(nl_reg); 444 nl_reg = -1; 445 } 446 } 447 448 void 449 gen_and(b0, b1) 450 struct block *b0, *b1; 451 { 452 backpatch(b0, b1->head); 453 b0->sense = !b0->sense; 454 b1->sense = !b1->sense; 455 merge(b1, b0); 456 b1->sense = !b1->sense; 457 b1->head = b0->head; 458 } 459 460 void 461 gen_or(b0, b1) 462 struct block *b0, *b1; 463 { 464 b0->sense = !b0->sense; 465 backpatch(b0, b1->head); 466 b0->sense = !b0->sense; 467 merge(b1, b0); 468 b1->head = b0->head; 469 } 470 471 void 472 gen_not(b) 473 struct block *b; 474 { 475 b->sense = !b->sense; 476 } 477 478 static struct block * 479 gen_cmp(offset, size, v) 480 u_int offset, size; 481 bpf_int32 v; 482 { 483 struct slist *s; 484 struct block *b; 485 486 s = new_stmt(BPF_LD|BPF_ABS|size); 487 s->s.k = offset; 488 489 b = new_block(JMP(BPF_JEQ)); 490 b->stmts = s; 491 b->s.k = v; 492 493 return b; 494 } 495 496 static struct block * 497 gen_cmp_gt(offset, size, v) 498 u_int offset, size; 499 bpf_int32 v; 500 { 501 struct slist *s; 502 struct block *b; 503 504 s = new_stmt(BPF_LD|BPF_ABS|size); 505 s->s.k = offset; 506 507 b = new_block(JMP(BPF_JGT)); 508 b->stmts = s; 509 b->s.k = v; 510 511 return b; 512 } 513 514 static struct block * 515 gen_mcmp(offset, size, v, mask) 516 u_int offset, size; 517 bpf_int32 v; 518 bpf_u_int32 mask; 519 { 520 struct block *b = gen_cmp(offset, size, v); 521 struct slist *s; 522 523 if (mask != 0xffffffff) { 524 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 525 s->s.k = mask; 526 sappend(b->stmts, s); 527 } 528 return b; 529 } 530 531 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 532 static struct block * 533 gen_mcmp_nl(offset, size, v, mask) 534 u_int offset, size; 535 bpf_int32 v; 536 bpf_u_int32 mask; 537 { 538 struct block *b = gen_cmp_nl(offset, size, v); 539 struct slist *s; 540 541 if (mask != 0xffffffff) { 542 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 543 s->s.k = mask; 544 sappend(b->stmts, s); 545 } 546 return b; 547 } 548 549 static struct block * 550 gen_bcmp(offset, size, v) 551 u_int offset, size; 552 const u_char *v; 553 { 554 struct block *b, *tmp; 555 556 b = NULL; 557 while (size >= 4) { 558 const u_char *p = &v[size - 4]; 559 bpf_int32 w = ((bpf_int32)p[0] << 24) | 560 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 561 562 tmp = gen_cmp(offset + size - 4, BPF_W, w); 563 if (b != NULL) 564 gen_and(b, tmp); 565 b = tmp; 566 size -= 4; 567 } 568 while (size >= 2) { 569 const u_char *p = &v[size - 2]; 570 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 571 572 tmp = gen_cmp(offset + size - 2, BPF_H, w); 573 if (b != NULL) 574 gen_and(b, tmp); 575 b = tmp; 576 size -= 2; 577 } 578 if (size > 0) { 579 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 580 if (b != NULL) 581 gen_and(b, tmp); 582 b = tmp; 583 } 584 return b; 585 } 586 587 /* 588 * Various code constructs need to know the layout of the data link 589 * layer. These variables give the necessary offsets. off_linktype 590 * is set to -1 for no encapsulation, in which case, IP is assumed. 591 */ 592 static u_int off_linktype; 593 static u_int off_nl; 594 static u_int off_nl_nosnap; 595 596 static int linktype; 597 598 /* Generate code to load the dynamic 'off_nl' to the X register */ 599 static struct slist * 600 nl2X_stmt(void) 601 { 602 struct slist *s, *tmp; 603 604 if (nl_reg == -1) { 605 switch (linktype) { 606 case DLT_PFLOG: 607 /* The pflog header contains PFLOG_REAL_HDRLEN 608 which does NOT include the padding. Round 609 up to the nearest dword boundary */ 610 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 611 s->s.k = 0; 612 613 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 614 tmp->s.k = 3; 615 sappend(s, tmp); 616 617 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 618 tmp->s.k = 0xfc; 619 sappend(s, tmp); 620 621 nl_reg = alloc_reg(); 622 tmp = new_stmt(BPF_ST); 623 tmp->s.k = nl_reg; 624 sappend(s, tmp); 625 626 break; 627 default: 628 bpf_error("Unknown header size for link type 0x%x", 629 linktype); 630 } 631 632 if (init_code == NULL) 633 init_code = s; 634 else 635 sappend(init_code, s); 636 } 637 638 s = new_stmt(BPF_LDX|BPF_MEM); 639 s->s.k = nl_reg; 640 641 return s; 642 } 643 644 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 645 static struct block * 646 gen_cmp_nl(offset, size, v) 647 u_int offset, size; 648 bpf_int32 v; 649 { 650 struct slist *s, *tmp; 651 struct block *b; 652 653 if (variable_nl) { 654 s = nl2X_stmt(); 655 tmp = new_stmt(BPF_LD|BPF_IND|size); 656 tmp->s.k = offset; 657 sappend(s, tmp); 658 } else { 659 s = new_stmt(BPF_LD|BPF_ABS|size); 660 s->s.k = offset + off_nl; 661 } 662 b = new_block(JMP(BPF_JEQ)); 663 b->stmts = s; 664 b->s.k = v; 665 666 return b; 667 } 668 669 static void 670 init_linktype(type) 671 int type; 672 { 673 linktype = type; 674 init_code = NULL; 675 nl_reg = iphl_reg = -1; 676 677 switch (type) { 678 679 case DLT_EN10MB: 680 off_linktype = 12; 681 off_nl = 14; 682 return; 683 684 case DLT_SLIP: 685 /* 686 * SLIP doesn't have a link level type. The 16 byte 687 * header is hacked into our SLIP driver. 688 */ 689 off_linktype = -1; 690 off_nl = 16; 691 return; 692 693 case DLT_SLIP_BSDOS: 694 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 695 off_linktype = -1; 696 /* XXX end */ 697 off_nl = 24; 698 return; 699 700 case DLT_NULL: 701 off_linktype = 0; 702 off_nl = 4; 703 return; 704 705 case DLT_PPP: 706 off_linktype = 2; 707 off_nl = 4; 708 return; 709 710 case DLT_PPP_SERIAL: 711 off_linktype = -1; 712 off_nl = 2; 713 return; 714 715 case DLT_PPP_ETHER: 716 /* 717 * This does not include the Ethernet header, and 718 * only covers session state. 719 */ 720 off_linktype = 6; 721 off_nl = 8; 722 return; 723 724 case DLT_PPP_BSDOS: 725 off_linktype = 5; 726 off_nl = 24; 727 return; 728 729 case DLT_FDDI: 730 /* 731 * FDDI doesn't really have a link-level type field. 732 * We assume that SSAP = SNAP is being used and pick 733 * out the encapsulated Ethernet type. 734 */ 735 off_linktype = 19; 736 #ifdef PCAP_FDDIPAD 737 off_linktype += pcap_fddipad; 738 #endif 739 off_nl = 21; 740 #ifdef PCAP_FDDIPAD 741 off_nl += pcap_fddipad; 742 #endif 743 return; 744 745 case DLT_IEEE802: 746 off_linktype = 20; 747 off_nl = 22; 748 return; 749 750 case DLT_IEEE802_11: 751 off_linktype = 30; /* XXX variable */ 752 off_nl = 32; 753 return; 754 755 case DLT_IEEE802_11_RADIO: /* XXX variable */ 756 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 757 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 758 return; 759 760 case DLT_ATM_RFC1483: 761 /* 762 * assume routed, non-ISO PDUs 763 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 764 */ 765 off_linktype = 6; 766 off_nl = 8; 767 return; 768 769 case DLT_LOOP: 770 off_linktype = -1; 771 off_nl = 4; 772 return; 773 774 case DLT_ENC: 775 off_linktype = -1; 776 off_nl = 12; 777 return; 778 779 case DLT_PFLOG: 780 off_linktype = 0; 781 variable_nl = 1; 782 off_nl = 0; 783 return; 784 785 case DLT_PFSYNC: 786 off_linktype = -1; 787 off_nl = 4; 788 return; 789 790 case DLT_OPENFLOW: 791 off_linktype = -1; 792 off_nl = 12; 793 return; 794 795 case DLT_USBPCAP: 796 /* FALLTHROUGH */ 797 case DLT_RAW: 798 off_linktype = -1; 799 off_nl = 0; 800 return; 801 } 802 bpf_error("unknown data link type 0x%x", linktype); 803 /* NOTREACHED */ 804 } 805 806 static struct block * 807 gen_uncond(rsense) 808 int rsense; 809 { 810 struct block *b; 811 struct slist *s; 812 813 s = new_stmt(BPF_LD|BPF_IMM); 814 s->s.k = !rsense; 815 b = new_block(JMP(BPF_JEQ)); 816 b->stmts = s; 817 818 return b; 819 } 820 821 static __inline struct block * 822 gen_true() 823 { 824 return gen_uncond(1); 825 } 826 827 static __inline struct block * 828 gen_false() 829 { 830 return gen_uncond(0); 831 } 832 833 static struct block * 834 gen_linktype(proto) 835 int proto; 836 { 837 struct block *b0, *b1; 838 839 /* If we're not using encapsulation and checking for IP, we're done */ 840 if (off_linktype == -1 && proto == ETHERTYPE_IP) 841 return gen_true(); 842 #ifdef INET6 843 /* this isn't the right thing to do, but sometimes necessary */ 844 if (off_linktype == -1 && proto == ETHERTYPE_IPV6) 845 return gen_true(); 846 #endif 847 848 switch (linktype) { 849 850 case DLT_EN10MB: 851 if (proto <= ETHERMTU) { 852 /* This is an LLC SAP value */ 853 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 854 gen_not(b0); 855 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 856 gen_and(b0, b1); 857 return b1; 858 } else { 859 /* This is an Ethernet type */ 860 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 861 } 862 break; 863 864 case DLT_SLIP: 865 return gen_false(); 866 867 case DLT_PPP: 868 case DLT_PPP_ETHER: 869 if (proto == ETHERTYPE_IP) 870 proto = PPP_IP; /* XXX was 0x21 */ 871 #ifdef INET6 872 else if (proto == ETHERTYPE_IPV6) 873 proto = PPP_IPV6; 874 #endif 875 break; 876 877 case DLT_PPP_BSDOS: 878 switch (proto) { 879 880 case ETHERTYPE_IP: 881 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 882 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 883 gen_or(b0, b1); 884 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 885 gen_or(b1, b0); 886 return b0; 887 888 #ifdef INET6 889 case ETHERTYPE_IPV6: 890 proto = PPP_IPV6; 891 /* more to go? */ 892 break; 893 #endif /* INET6 */ 894 895 case ETHERTYPE_DN: 896 proto = PPP_DECNET; 897 break; 898 899 case ETHERTYPE_ATALK: 900 proto = PPP_APPLE; 901 break; 902 903 case ETHERTYPE_NS: 904 proto = PPP_NS; 905 break; 906 } 907 break; 908 909 case DLT_LOOP: 910 case DLT_ENC: 911 case DLT_NULL: 912 /* XXX */ 913 if (proto == ETHERTYPE_IP) 914 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 915 #ifdef INET6 916 else if (proto == ETHERTYPE_IPV6) 917 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 918 #endif /* INET6 */ 919 else 920 return gen_false(); 921 break; 922 case DLT_PFLOG: 923 if (proto == ETHERTYPE_IP) 924 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 925 (bpf_int32)AF_INET)); 926 #ifdef INET6 927 else if (proto == ETHERTYPE_IPV6) 928 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 929 (bpf_int32)AF_INET6)); 930 #endif /* INET6 */ 931 else 932 return gen_false(); 933 break; 934 935 } 936 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 937 } 938 939 static struct block * 940 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 941 bpf_u_int32 addr; 942 bpf_u_int32 mask; 943 int dir, proto; 944 u_int src_off, dst_off; 945 { 946 struct block *b0, *b1; 947 u_int offset; 948 949 switch (dir) { 950 951 case Q_SRC: 952 offset = src_off; 953 break; 954 955 case Q_DST: 956 offset = dst_off; 957 break; 958 959 case Q_AND: 960 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 961 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 962 gen_and(b0, b1); 963 return b1; 964 965 case Q_OR: 966 case Q_DEFAULT: 967 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 968 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 969 gen_or(b0, b1); 970 return b1; 971 972 default: 973 bpf_error("direction not supported on linktype 0x%x", 974 linktype); 975 } 976 b0 = gen_linktype(proto); 977 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 978 gen_and(b0, b1); 979 return b1; 980 } 981 982 #ifdef INET6 983 static struct block * 984 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 985 struct in6_addr *addr; 986 struct in6_addr *mask; 987 int dir, proto; 988 u_int src_off, dst_off; 989 { 990 struct block *b0, *b1; 991 u_int offset; 992 u_int32_t *a, *m; 993 994 switch (dir) { 995 996 case Q_SRC: 997 offset = src_off; 998 break; 999 1000 case Q_DST: 1001 offset = dst_off; 1002 break; 1003 1004 case Q_AND: 1005 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1006 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1007 gen_and(b0, b1); 1008 return b1; 1009 1010 case Q_OR: 1011 case Q_DEFAULT: 1012 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1013 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1014 gen_or(b0, b1); 1015 return b1; 1016 1017 default: 1018 bpf_error("direction not supported on linktype 0x%x", 1019 linktype); 1020 } 1021 /* this order is important */ 1022 a = (u_int32_t *)addr; 1023 m = (u_int32_t *)mask; 1024 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1025 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1026 gen_and(b0, b1); 1027 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1028 gen_and(b0, b1); 1029 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1030 gen_and(b0, b1); 1031 b0 = gen_linktype(proto); 1032 gen_and(b0, b1); 1033 return b1; 1034 } 1035 #endif /*INET6*/ 1036 1037 static struct block * 1038 gen_ehostop(eaddr, dir) 1039 const u_char *eaddr; 1040 int dir; 1041 { 1042 struct block *b0, *b1; 1043 1044 switch (dir) { 1045 case Q_SRC: 1046 return gen_bcmp(6, 6, eaddr); 1047 1048 case Q_DST: 1049 return gen_bcmp(0, 6, eaddr); 1050 1051 case Q_AND: 1052 b0 = gen_ehostop(eaddr, Q_SRC); 1053 b1 = gen_ehostop(eaddr, Q_DST); 1054 gen_and(b0, b1); 1055 return b1; 1056 1057 case Q_DEFAULT: 1058 case Q_OR: 1059 b0 = gen_ehostop(eaddr, Q_SRC); 1060 b1 = gen_ehostop(eaddr, Q_DST); 1061 gen_or(b0, b1); 1062 return b1; 1063 default: 1064 bpf_error("direction not supported on linktype 0x%x", 1065 linktype); 1066 } 1067 /* NOTREACHED */ 1068 } 1069 1070 /* 1071 * Like gen_ehostop, but for DLT_FDDI 1072 */ 1073 static struct block * 1074 gen_fhostop(eaddr, dir) 1075 const u_char *eaddr; 1076 int dir; 1077 { 1078 struct block *b0, *b1; 1079 1080 switch (dir) { 1081 case Q_SRC: 1082 #ifdef PCAP_FDDIPAD 1083 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1084 #else 1085 return gen_bcmp(6 + 1, 6, eaddr); 1086 #endif 1087 1088 case Q_DST: 1089 #ifdef PCAP_FDDIPAD 1090 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1091 #else 1092 return gen_bcmp(0 + 1, 6, eaddr); 1093 #endif 1094 1095 case Q_AND: 1096 b0 = gen_fhostop(eaddr, Q_SRC); 1097 b1 = gen_fhostop(eaddr, Q_DST); 1098 gen_and(b0, b1); 1099 return b1; 1100 1101 case Q_DEFAULT: 1102 case Q_OR: 1103 b0 = gen_fhostop(eaddr, Q_SRC); 1104 b1 = gen_fhostop(eaddr, Q_DST); 1105 gen_or(b0, b1); 1106 return b1; 1107 default: 1108 bpf_error("direction not supported on linktype 0x%x", 1109 linktype); 1110 } 1111 /* NOTREACHED */ 1112 } 1113 1114 /* 1115 * This is quite tricky because there may be pad bytes in front of the 1116 * DECNET header, and then there are two possible data packet formats that 1117 * carry both src and dst addresses, plus 5 packet types in a format that 1118 * carries only the src node, plus 2 types that use a different format and 1119 * also carry just the src node. 1120 * 1121 * Yuck. 1122 * 1123 * Instead of doing those all right, we just look for data packets with 1124 * 0 or 1 bytes of padding. If you want to look at other packets, that 1125 * will require a lot more hacking. 1126 * 1127 * To add support for filtering on DECNET "areas" (network numbers) 1128 * one would want to add a "mask" argument to this routine. That would 1129 * make the filter even more inefficient, although one could be clever 1130 * and not generate masking instructions if the mask is 0xFFFF. 1131 */ 1132 static struct block * 1133 gen_dnhostop(addr, dir, base_off) 1134 bpf_u_int32 addr; 1135 int dir; 1136 u_int base_off; 1137 { 1138 struct block *b0, *b1, *b2, *tmp; 1139 u_int offset_lh; /* offset if long header is received */ 1140 u_int offset_sh; /* offset if short header is received */ 1141 1142 switch (dir) { 1143 1144 case Q_DST: 1145 offset_sh = 1; /* follows flags */ 1146 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1147 break; 1148 1149 case Q_SRC: 1150 offset_sh = 3; /* follows flags, dstnode */ 1151 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1152 break; 1153 1154 case Q_AND: 1155 /* Inefficient because we do our Calvinball dance twice */ 1156 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1157 b1 = gen_dnhostop(addr, Q_DST, base_off); 1158 gen_and(b0, b1); 1159 return b1; 1160 1161 case Q_OR: 1162 case Q_DEFAULT: 1163 /* Inefficient because we do our Calvinball dance twice */ 1164 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1165 b1 = gen_dnhostop(addr, Q_DST, base_off); 1166 gen_or(b0, b1); 1167 return b1; 1168 1169 default: 1170 bpf_error("direction not supported on linktype 0x%x", 1171 linktype); 1172 } 1173 b0 = gen_linktype(ETHERTYPE_DN); 1174 /* Check for pad = 1, long header case */ 1175 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1176 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1177 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1178 BPF_H, (bpf_int32)ntohs(addr)); 1179 gen_and(tmp, b1); 1180 /* Check for pad = 0, long header case */ 1181 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1182 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1183 gen_and(tmp, b2); 1184 gen_or(b2, b1); 1185 /* Check for pad = 1, short header case */ 1186 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1187 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1188 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1189 BPF_H, (bpf_int32)ntohs(addr)); 1190 gen_and(tmp, b2); 1191 gen_or(b2, b1); 1192 /* Check for pad = 0, short header case */ 1193 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1194 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1195 gen_and(tmp, b2); 1196 gen_or(b2, b1); 1197 1198 /* Combine with test for linktype */ 1199 gen_and(b0, b1); 1200 return b1; 1201 } 1202 1203 static struct block * 1204 gen_host(addr, mask, proto, dir) 1205 bpf_u_int32 addr; 1206 bpf_u_int32 mask; 1207 int proto; 1208 int dir; 1209 { 1210 struct block *b0, *b1; 1211 1212 switch (proto) { 1213 1214 case Q_DEFAULT: 1215 b0 = gen_host(addr, mask, Q_IP, dir); 1216 b1 = gen_host(addr, mask, Q_ARP, dir); 1217 gen_or(b0, b1); 1218 b0 = gen_host(addr, mask, Q_RARP, dir); 1219 gen_or(b1, b0); 1220 return b0; 1221 1222 case Q_IP: 1223 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1224 12, 16); 1225 1226 case Q_RARP: 1227 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1228 14, 24); 1229 1230 case Q_ARP: 1231 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1232 14, 24); 1233 1234 case Q_TCP: 1235 bpf_error("'tcp' modifier applied to host"); 1236 1237 case Q_UDP: 1238 bpf_error("'udp' modifier applied to host"); 1239 1240 case Q_ICMP: 1241 bpf_error("'icmp' modifier applied to host"); 1242 1243 case Q_IGMP: 1244 bpf_error("'igmp' modifier applied to host"); 1245 1246 case Q_IGRP: 1247 bpf_error("'igrp' modifier applied to host"); 1248 1249 case Q_PIM: 1250 bpf_error("'pim' modifier applied to host"); 1251 1252 case Q_STP: 1253 bpf_error("'stp' modifier applied to host"); 1254 1255 case Q_ATALK: 1256 bpf_error("ATALK host filtering not implemented"); 1257 1258 case Q_DECNET: 1259 return gen_dnhostop(addr, dir, 0); 1260 1261 case Q_SCA: 1262 bpf_error("SCA host filtering not implemented"); 1263 1264 case Q_LAT: 1265 bpf_error("LAT host filtering not implemented"); 1266 1267 case Q_MOPDL: 1268 bpf_error("MOPDL host filtering not implemented"); 1269 1270 case Q_MOPRC: 1271 bpf_error("MOPRC host filtering not implemented"); 1272 1273 #ifdef INET6 1274 case Q_IPV6: 1275 bpf_error("'ip6' modifier applied to ip host"); 1276 1277 case Q_ICMPV6: 1278 bpf_error("'icmp6' modifier applied to host"); 1279 #endif /* INET6 */ 1280 1281 case Q_AH: 1282 bpf_error("'ah' modifier applied to host"); 1283 1284 case Q_ESP: 1285 bpf_error("'esp' modifier applied to host"); 1286 1287 default: 1288 bpf_error("direction not supported on linktype 0x%x", 1289 linktype); 1290 } 1291 /* NOTREACHED */ 1292 } 1293 1294 #ifdef INET6 1295 static struct block * 1296 gen_host6(addr, mask, proto, dir) 1297 struct in6_addr *addr; 1298 struct in6_addr *mask; 1299 int proto; 1300 int dir; 1301 { 1302 switch (proto) { 1303 1304 case Q_DEFAULT: 1305 return gen_host6(addr, mask, Q_IPV6, dir); 1306 1307 case Q_IP: 1308 bpf_error("'ip' modifier applied to ip6 host"); 1309 1310 case Q_RARP: 1311 bpf_error("'rarp' modifier applied to ip6 host"); 1312 1313 case Q_ARP: 1314 bpf_error("'arp' modifier applied to ip6 host"); 1315 1316 case Q_TCP: 1317 bpf_error("'tcp' modifier applied to host"); 1318 1319 case Q_UDP: 1320 bpf_error("'udp' modifier applied to host"); 1321 1322 case Q_ICMP: 1323 bpf_error("'icmp' modifier applied to host"); 1324 1325 case Q_IGMP: 1326 bpf_error("'igmp' modifier applied to host"); 1327 1328 case Q_IGRP: 1329 bpf_error("'igrp' modifier applied to host"); 1330 1331 case Q_PIM: 1332 bpf_error("'pim' modifier applied to host"); 1333 1334 case Q_STP: 1335 bpf_error("'stp' modifier applied to host"); 1336 1337 case Q_ATALK: 1338 bpf_error("ATALK host filtering not implemented"); 1339 1340 case Q_DECNET: 1341 bpf_error("'decnet' modifier applied to ip6 host"); 1342 1343 case Q_SCA: 1344 bpf_error("SCA host filtering not implemented"); 1345 1346 case Q_LAT: 1347 bpf_error("LAT host filtering not implemented"); 1348 1349 case Q_MOPDL: 1350 bpf_error("MOPDL host filtering not implemented"); 1351 1352 case Q_MOPRC: 1353 bpf_error("MOPRC host filtering not implemented"); 1354 1355 case Q_IPV6: 1356 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1357 8, 24); 1358 1359 case Q_ICMPV6: 1360 bpf_error("'icmp6' modifier applied to host"); 1361 1362 case Q_AH: 1363 bpf_error("'ah' modifier applied to host"); 1364 1365 case Q_ESP: 1366 bpf_error("'esp' modifier applied to host"); 1367 1368 default: 1369 abort(); 1370 } 1371 /* NOTREACHED */ 1372 } 1373 #endif /*INET6*/ 1374 1375 #ifndef INET6 1376 static struct block * 1377 gen_gateway(eaddr, alist, proto, dir) 1378 const u_char *eaddr; 1379 bpf_u_int32 **alist; 1380 int proto; 1381 int dir; 1382 { 1383 struct block *b0, *b1, *tmp; 1384 1385 if (dir != 0) 1386 bpf_error("direction applied to 'gateway'"); 1387 1388 switch (proto) { 1389 case Q_DEFAULT: 1390 case Q_IP: 1391 case Q_ARP: 1392 case Q_RARP: 1393 if (linktype == DLT_EN10MB) 1394 b0 = gen_ehostop(eaddr, Q_OR); 1395 else if (linktype == DLT_FDDI) 1396 b0 = gen_fhostop(eaddr, Q_OR); 1397 else 1398 bpf_error( 1399 "'gateway' supported only on ethernet or FDDI"); 1400 1401 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1402 while (*alist) { 1403 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1404 gen_or(b1, tmp); 1405 b1 = tmp; 1406 } 1407 gen_not(b1); 1408 gen_and(b0, b1); 1409 return b1; 1410 } 1411 bpf_error("illegal modifier of 'gateway'"); 1412 /* NOTREACHED */ 1413 } 1414 #endif /*INET6*/ 1415 1416 struct block * 1417 gen_proto_abbrev(proto) 1418 int proto; 1419 { 1420 struct block *b0 = NULL, *b1; 1421 1422 switch (proto) { 1423 1424 case Q_TCP: 1425 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1426 #ifdef INET6 1427 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1428 gen_or(b0, b1); 1429 #endif 1430 break; 1431 1432 case Q_UDP: 1433 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1434 #ifdef INET6 1435 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1436 gen_or(b0, b1); 1437 #endif 1438 break; 1439 1440 case Q_ICMP: 1441 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1442 break; 1443 1444 #ifndef IPPROTO_IGMP 1445 #define IPPROTO_IGMP 2 1446 #endif 1447 1448 case Q_IGMP: 1449 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1450 break; 1451 1452 #ifndef IPPROTO_IGRP 1453 #define IPPROTO_IGRP 9 1454 #endif 1455 case Q_IGRP: 1456 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1457 break; 1458 1459 #ifndef IPPROTO_PIM 1460 #define IPPROTO_PIM 103 1461 #endif 1462 1463 case Q_PIM: 1464 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1465 #ifdef INET6 1466 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1467 gen_or(b0, b1); 1468 #endif 1469 break; 1470 1471 case Q_IP: 1472 b1 = gen_linktype(ETHERTYPE_IP); 1473 break; 1474 1475 case Q_ARP: 1476 b1 = gen_linktype(ETHERTYPE_ARP); 1477 break; 1478 1479 case Q_RARP: 1480 b1 = gen_linktype(ETHERTYPE_REVARP); 1481 break; 1482 1483 case Q_LINK: 1484 bpf_error("link layer applied in wrong context"); 1485 1486 case Q_ATALK: 1487 b1 = gen_linktype(ETHERTYPE_ATALK); 1488 break; 1489 1490 case Q_DECNET: 1491 b1 = gen_linktype(ETHERTYPE_DN); 1492 break; 1493 1494 case Q_SCA: 1495 b1 = gen_linktype(ETHERTYPE_SCA); 1496 break; 1497 1498 case Q_LAT: 1499 b1 = gen_linktype(ETHERTYPE_LAT); 1500 break; 1501 1502 case Q_MOPDL: 1503 b1 = gen_linktype(ETHERTYPE_MOPDL); 1504 break; 1505 1506 case Q_MOPRC: 1507 b1 = gen_linktype(ETHERTYPE_MOPRC); 1508 break; 1509 1510 case Q_STP: 1511 b1 = gen_linktype(LLCSAP_8021D); 1512 break; 1513 1514 #ifdef INET6 1515 case Q_IPV6: 1516 b1 = gen_linktype(ETHERTYPE_IPV6); 1517 break; 1518 1519 #ifndef IPPROTO_ICMPV6 1520 #define IPPROTO_ICMPV6 58 1521 #endif 1522 case Q_ICMPV6: 1523 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1524 break; 1525 #endif /* INET6 */ 1526 1527 #ifndef IPPROTO_AH 1528 #define IPPROTO_AH 51 1529 #endif 1530 case Q_AH: 1531 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1532 #ifdef INET6 1533 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1534 gen_or(b0, b1); 1535 #endif 1536 break; 1537 1538 #ifndef IPPROTO_ESP 1539 #define IPPROTO_ESP 50 1540 #endif 1541 case Q_ESP: 1542 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1543 #ifdef INET6 1544 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1545 gen_or(b0, b1); 1546 #endif 1547 break; 1548 1549 default: 1550 abort(); 1551 } 1552 return b1; 1553 } 1554 1555 static struct block * 1556 gen_ipfrag() 1557 { 1558 struct slist *s, *tmp; 1559 struct block *b; 1560 1561 /* not ip frag */ 1562 if (variable_nl) { 1563 s = nl2X_stmt(); 1564 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1565 tmp->s.k = 6; 1566 sappend(s, tmp); 1567 } else { 1568 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1569 s->s.k = off_nl + 6; 1570 } 1571 b = new_block(JMP(BPF_JSET)); 1572 b->s.k = 0x1fff; 1573 b->stmts = s; 1574 gen_not(b); 1575 1576 return b; 1577 } 1578 1579 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1580 This function generates code to set X to the start of the IP payload 1581 X = off_nl + IP header_len. 1582 */ 1583 static struct slist * 1584 iphl_to_x(void) 1585 { 1586 struct slist *s, *tmp; 1587 1588 /* XXX clobbers A if variable_nl*/ 1589 if (variable_nl) { 1590 if (iphl_reg == -1) { 1591 /* X <- off_nl */ 1592 s = nl2X_stmt(); 1593 1594 /* A = p[X+0] */ 1595 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1596 tmp->s.k = 0; 1597 sappend(s, tmp); 1598 1599 /* A = A & 0x0f */ 1600 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1601 tmp->s.k = 0x0f; 1602 sappend(s, tmp); 1603 1604 /* A = A << 2 */ 1605 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1606 tmp->s.k = 2; 1607 sappend(s, tmp); 1608 1609 /* A = A + X (add off_nl again to compansate) */ 1610 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1611 1612 /* MEM[iphl_reg] = A */ 1613 iphl_reg = alloc_reg(); 1614 tmp = new_stmt(BPF_ST); 1615 tmp->s.k = iphl_reg; 1616 sappend(s, tmp); 1617 1618 sappend(init_code, s); 1619 } 1620 s = new_stmt(BPF_LDX|BPF_MEM); 1621 s->s.k = iphl_reg; 1622 1623 } else { 1624 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1625 s->s.k = off_nl; 1626 } 1627 1628 return s; 1629 } 1630 1631 static struct block * 1632 gen_portatom(off, v) 1633 int off; 1634 bpf_int32 v; 1635 { 1636 struct slist *s, *tmp; 1637 struct block *b; 1638 1639 s = iphl_to_x(); 1640 1641 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1642 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1643 sappend(s, tmp); 1644 1645 b = new_block(JMP(BPF_JEQ)); 1646 b->stmts = s; 1647 b->s.k = v; 1648 1649 return b; 1650 } 1651 1652 #ifdef INET6 1653 static struct block * 1654 gen_portatom6(off, v) 1655 int off; 1656 bpf_int32 v; 1657 { 1658 return gen_cmp_nl(40 + off, BPF_H, v); 1659 } 1660 #endif/*INET6*/ 1661 1662 struct block * 1663 gen_portop(port, proto, dir) 1664 int port, proto, dir; 1665 { 1666 struct block *b0, *b1, *tmp; 1667 1668 /* ip proto 'proto' */ 1669 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1670 b0 = gen_ipfrag(); 1671 gen_and(tmp, b0); 1672 1673 switch (dir) { 1674 case Q_SRC: 1675 b1 = gen_portatom(0, (bpf_int32)port); 1676 break; 1677 1678 case Q_DST: 1679 b1 = gen_portatom(2, (bpf_int32)port); 1680 break; 1681 1682 case Q_OR: 1683 case Q_DEFAULT: 1684 tmp = gen_portatom(0, (bpf_int32)port); 1685 b1 = gen_portatom(2, (bpf_int32)port); 1686 gen_or(tmp, b1); 1687 break; 1688 1689 case Q_AND: 1690 tmp = gen_portatom(0, (bpf_int32)port); 1691 b1 = gen_portatom(2, (bpf_int32)port); 1692 gen_and(tmp, b1); 1693 break; 1694 1695 default: 1696 abort(); 1697 } 1698 gen_and(b0, b1); 1699 1700 return b1; 1701 } 1702 1703 static struct block * 1704 gen_port(port, ip_proto, dir) 1705 int port; 1706 int ip_proto; 1707 int dir; 1708 { 1709 struct block *b0, *b1, *tmp; 1710 1711 /* ether proto ip */ 1712 b0 = gen_linktype(ETHERTYPE_IP); 1713 1714 switch (ip_proto) { 1715 case IPPROTO_UDP: 1716 case IPPROTO_TCP: 1717 b1 = gen_portop(port, ip_proto, dir); 1718 break; 1719 1720 case PROTO_UNDEF: 1721 tmp = gen_portop(port, IPPROTO_TCP, dir); 1722 b1 = gen_portop(port, IPPROTO_UDP, dir); 1723 gen_or(tmp, b1); 1724 break; 1725 1726 default: 1727 abort(); 1728 } 1729 gen_and(b0, b1); 1730 return b1; 1731 } 1732 1733 #ifdef INET6 1734 struct block * 1735 gen_portop6(port, proto, dir) 1736 int port, proto, dir; 1737 { 1738 struct block *b0, *b1, *tmp; 1739 1740 /* ip proto 'proto' */ 1741 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1742 1743 switch (dir) { 1744 case Q_SRC: 1745 b1 = gen_portatom6(0, (bpf_int32)port); 1746 break; 1747 1748 case Q_DST: 1749 b1 = gen_portatom6(2, (bpf_int32)port); 1750 break; 1751 1752 case Q_OR: 1753 case Q_DEFAULT: 1754 tmp = gen_portatom6(0, (bpf_int32)port); 1755 b1 = gen_portatom6(2, (bpf_int32)port); 1756 gen_or(tmp, b1); 1757 break; 1758 1759 case Q_AND: 1760 tmp = gen_portatom6(0, (bpf_int32)port); 1761 b1 = gen_portatom6(2, (bpf_int32)port); 1762 gen_and(tmp, b1); 1763 break; 1764 1765 default: 1766 abort(); 1767 } 1768 gen_and(b0, b1); 1769 1770 return b1; 1771 } 1772 1773 static struct block * 1774 gen_port6(port, ip_proto, dir) 1775 int port; 1776 int ip_proto; 1777 int dir; 1778 { 1779 struct block *b0, *b1, *tmp; 1780 1781 /* ether proto ip */ 1782 b0 = gen_linktype(ETHERTYPE_IPV6); 1783 1784 switch (ip_proto) { 1785 case IPPROTO_UDP: 1786 case IPPROTO_TCP: 1787 b1 = gen_portop6(port, ip_proto, dir); 1788 break; 1789 1790 case PROTO_UNDEF: 1791 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1792 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1793 gen_or(tmp, b1); 1794 break; 1795 1796 default: 1797 abort(); 1798 } 1799 gen_and(b0, b1); 1800 return b1; 1801 } 1802 #endif /* INET6 */ 1803 1804 static int 1805 lookup_proto(name, proto) 1806 const char *name; 1807 int proto; 1808 { 1809 int v; 1810 1811 switch (proto) { 1812 1813 case Q_DEFAULT: 1814 case Q_IP: 1815 v = pcap_nametoproto(name); 1816 if (v == PROTO_UNDEF) 1817 bpf_error("unknown ip proto '%s'", name); 1818 break; 1819 1820 case Q_LINK: 1821 /* XXX should look up h/w protocol type based on linktype */ 1822 v = pcap_nametoeproto(name); 1823 if (v == PROTO_UNDEF) { 1824 v = pcap_nametollc(name); 1825 if (v == PROTO_UNDEF) 1826 bpf_error("unknown ether proto '%s'", name); 1827 } 1828 break; 1829 1830 default: 1831 v = PROTO_UNDEF; 1832 break; 1833 } 1834 return v; 1835 } 1836 1837 static struct block * 1838 gen_protochain(v, proto, dir) 1839 int v; 1840 int proto; 1841 int dir; 1842 { 1843 struct block *b0, *b; 1844 struct slist *s[100]; 1845 int fix2, fix3, fix4, fix5; 1846 int ahcheck, again, end; 1847 int i, max; 1848 int reg1 = alloc_reg(); 1849 int reg2 = alloc_reg(); 1850 1851 memset(s, 0, sizeof(s)); 1852 fix2 = fix3 = fix4 = fix5 = 0; 1853 1854 if (variable_nl) { 1855 bpf_error("'gen_protochain' not supported for variable DLTs"); 1856 /*NOTREACHED*/ 1857 } 1858 1859 switch (proto) { 1860 case Q_IP: 1861 case Q_IPV6: 1862 break; 1863 case Q_DEFAULT: 1864 b0 = gen_protochain(v, Q_IP, dir); 1865 b = gen_protochain(v, Q_IPV6, dir); 1866 gen_or(b0, b); 1867 return b; 1868 default: 1869 bpf_error("bad protocol applied for 'protochain'"); 1870 /*NOTREACHED*/ 1871 } 1872 1873 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1874 1875 /* 1876 * s[0] is a dummy entry to protect other BPF insn from damaged 1877 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1878 * hard to find interdependency made by jump table fixup. 1879 */ 1880 i = 0; 1881 s[i] = new_stmt(0); /*dummy*/ 1882 i++; 1883 1884 switch (proto) { 1885 case Q_IP: 1886 b0 = gen_linktype(ETHERTYPE_IP); 1887 1888 /* A = ip->ip_p */ 1889 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1890 s[i]->s.k = off_nl + 9; 1891 i++; 1892 /* X = ip->ip_hl << 2 */ 1893 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1894 s[i]->s.k = off_nl; 1895 i++; 1896 break; 1897 case Q_IPV6: 1898 b0 = gen_linktype(ETHERTYPE_IPV6); 1899 1900 /* A = ip6->ip_nxt */ 1901 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1902 s[i]->s.k = off_nl + 6; 1903 i++; 1904 /* X = sizeof(struct ip6_hdr) */ 1905 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1906 s[i]->s.k = 40; 1907 i++; 1908 break; 1909 default: 1910 bpf_error("unsupported proto to gen_protochain"); 1911 /*NOTREACHED*/ 1912 } 1913 1914 /* again: if (A == v) goto end; else fall through; */ 1915 again = i; 1916 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1917 s[i]->s.k = v; 1918 s[i]->s.jt = NULL; /*later*/ 1919 s[i]->s.jf = NULL; /*update in next stmt*/ 1920 fix5 = i; 1921 i++; 1922 1923 /* if (A == IPPROTO_NONE) goto end */ 1924 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1925 s[i]->s.jt = NULL; /*later*/ 1926 s[i]->s.jf = NULL; /*update in next stmt*/ 1927 s[i]->s.k = IPPROTO_NONE; 1928 s[fix5]->s.jf = s[i]; 1929 fix2 = i; 1930 i++; 1931 1932 if (proto == Q_IPV6) { 1933 int v6start, v6end, v6advance, j; 1934 1935 v6start = i; 1936 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1937 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1938 s[i]->s.jt = NULL; /*later*/ 1939 s[i]->s.jf = NULL; /*update in next stmt*/ 1940 s[i]->s.k = IPPROTO_HOPOPTS; 1941 s[fix2]->s.jf = s[i]; 1942 i++; 1943 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1944 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1945 s[i]->s.jt = NULL; /*later*/ 1946 s[i]->s.jf = NULL; /*update in next stmt*/ 1947 s[i]->s.k = IPPROTO_DSTOPTS; 1948 i++; 1949 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1950 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1951 s[i]->s.jt = NULL; /*later*/ 1952 s[i]->s.jf = NULL; /*update in next stmt*/ 1953 s[i]->s.k = IPPROTO_ROUTING; 1954 i++; 1955 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1956 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1957 s[i]->s.jt = NULL; /*later*/ 1958 s[i]->s.jf = NULL; /*later*/ 1959 s[i]->s.k = IPPROTO_FRAGMENT; 1960 fix3 = i; 1961 v6end = i; 1962 i++; 1963 1964 /* v6advance: */ 1965 v6advance = i; 1966 1967 /* 1968 * in short, 1969 * A = P[X + 1]; 1970 * X = X + (P[X] + 1) * 8; 1971 */ 1972 /* A = X */ 1973 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1974 i++; 1975 /* MEM[reg1] = A */ 1976 s[i] = new_stmt(BPF_ST); 1977 s[i]->s.k = reg1; 1978 i++; 1979 /* A += 1 */ 1980 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1981 s[i]->s.k = 1; 1982 i++; 1983 /* X = A */ 1984 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1985 i++; 1986 /* A = P[X + packet head]; */ 1987 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1988 s[i]->s.k = off_nl; 1989 i++; 1990 /* MEM[reg2] = A */ 1991 s[i] = new_stmt(BPF_ST); 1992 s[i]->s.k = reg2; 1993 i++; 1994 /* X = MEM[reg1] */ 1995 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1996 s[i]->s.k = reg1; 1997 i++; 1998 /* A = P[X + packet head] */ 1999 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2000 s[i]->s.k = off_nl; 2001 i++; 2002 /* A += 1 */ 2003 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2004 s[i]->s.k = 1; 2005 i++; 2006 /* A *= 8 */ 2007 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2008 s[i]->s.k = 8; 2009 i++; 2010 /* X = A; */ 2011 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2012 i++; 2013 /* A = MEM[reg2] */ 2014 s[i] = new_stmt(BPF_LD|BPF_MEM); 2015 s[i]->s.k = reg2; 2016 i++; 2017 2018 /* goto again; (must use BPF_JA for backward jump) */ 2019 s[i] = new_stmt(BPF_JMP|BPF_JA); 2020 s[i]->s.k = again - i - 1; 2021 s[i - 1]->s.jf = s[i]; 2022 i++; 2023 2024 /* fixup */ 2025 for (j = v6start; j <= v6end; j++) 2026 s[j]->s.jt = s[v6advance]; 2027 } else { 2028 /* nop */ 2029 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2030 s[i]->s.k = 0; 2031 s[fix2]->s.jf = s[i]; 2032 i++; 2033 } 2034 2035 /* ahcheck: */ 2036 ahcheck = i; 2037 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2038 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2039 s[i]->s.jt = NULL; /*later*/ 2040 s[i]->s.jf = NULL; /*later*/ 2041 s[i]->s.k = IPPROTO_AH; 2042 if (fix3) 2043 s[fix3]->s.jf = s[ahcheck]; 2044 fix4 = i; 2045 i++; 2046 2047 /* 2048 * in short, 2049 * A = P[X + 1]; 2050 * X = X + (P[X] + 2) * 4; 2051 */ 2052 /* A = X */ 2053 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2054 i++; 2055 /* MEM[reg1] = A */ 2056 s[i] = new_stmt(BPF_ST); 2057 s[i]->s.k = reg1; 2058 i++; 2059 /* A += 1 */ 2060 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2061 s[i]->s.k = 1; 2062 i++; 2063 /* X = A */ 2064 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2065 i++; 2066 /* A = P[X + packet head]; */ 2067 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2068 s[i]->s.k = off_nl; 2069 i++; 2070 /* MEM[reg2] = A */ 2071 s[i] = new_stmt(BPF_ST); 2072 s[i]->s.k = reg2; 2073 i++; 2074 /* X = MEM[reg1] */ 2075 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2076 s[i]->s.k = reg1; 2077 i++; 2078 /* A = P[X + packet head] */ 2079 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2080 s[i]->s.k = off_nl; 2081 i++; 2082 /* A += 2 */ 2083 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2084 s[i]->s.k = 2; 2085 i++; 2086 /* A *= 4 */ 2087 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2088 s[i]->s.k = 4; 2089 i++; 2090 /* X = A; */ 2091 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2092 i++; 2093 /* A = MEM[reg2] */ 2094 s[i] = new_stmt(BPF_LD|BPF_MEM); 2095 s[i]->s.k = reg2; 2096 i++; 2097 2098 /* goto again; (must use BPF_JA for backward jump) */ 2099 s[i] = new_stmt(BPF_JMP|BPF_JA); 2100 s[i]->s.k = again - i - 1; 2101 i++; 2102 2103 /* end: nop */ 2104 end = i; 2105 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2106 s[i]->s.k = 0; 2107 s[fix2]->s.jt = s[end]; 2108 s[fix4]->s.jf = s[end]; 2109 s[fix5]->s.jt = s[end]; 2110 i++; 2111 2112 /* 2113 * make slist chain 2114 */ 2115 max = i; 2116 for (i = 0; i < max - 1; i++) 2117 s[i]->next = s[i + 1]; 2118 s[max - 1]->next = NULL; 2119 2120 /* 2121 * emit final check 2122 */ 2123 b = new_block(JMP(BPF_JEQ)); 2124 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2125 b->s.k = v; 2126 2127 free_reg(reg1); 2128 free_reg(reg2); 2129 2130 gen_and(b0, b); 2131 return b; 2132 } 2133 2134 static struct block * 2135 gen_proto(v, proto, dir) 2136 int v; 2137 int proto; 2138 int dir; 2139 { 2140 struct block *b0, *b1; 2141 2142 if (dir != Q_DEFAULT) 2143 bpf_error("direction applied to 'proto'"); 2144 2145 switch (proto) { 2146 case Q_DEFAULT: 2147 #ifdef INET6 2148 b0 = gen_proto(v, Q_IP, dir); 2149 b1 = gen_proto(v, Q_IPV6, dir); 2150 gen_or(b0, b1); 2151 return b1; 2152 #else 2153 /*FALLTHROUGH*/ 2154 #endif 2155 case Q_IP: 2156 b0 = gen_linktype(ETHERTYPE_IP); 2157 #ifndef CHASE_CHAIN 2158 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2159 #else 2160 b1 = gen_protochain(v, Q_IP); 2161 #endif 2162 gen_and(b0, b1); 2163 return b1; 2164 2165 case Q_ARP: 2166 bpf_error("arp does not encapsulate another protocol"); 2167 /* NOTREACHED */ 2168 2169 case Q_RARP: 2170 bpf_error("rarp does not encapsulate another protocol"); 2171 /* NOTREACHED */ 2172 2173 case Q_ATALK: 2174 bpf_error("atalk encapsulation is not specifiable"); 2175 /* NOTREACHED */ 2176 2177 case Q_DECNET: 2178 bpf_error("decnet encapsulation is not specifiable"); 2179 /* NOTREACHED */ 2180 2181 case Q_SCA: 2182 bpf_error("sca does not encapsulate another protocol"); 2183 /* NOTREACHED */ 2184 2185 case Q_LAT: 2186 bpf_error("lat does not encapsulate another protocol"); 2187 /* NOTREACHED */ 2188 2189 case Q_MOPRC: 2190 bpf_error("moprc does not encapsulate another protocol"); 2191 /* NOTREACHED */ 2192 2193 case Q_MOPDL: 2194 bpf_error("mopdl does not encapsulate another protocol"); 2195 /* NOTREACHED */ 2196 2197 case Q_LINK: 2198 return gen_linktype(v); 2199 2200 case Q_UDP: 2201 bpf_error("'udp proto' is bogus"); 2202 /* NOTREACHED */ 2203 2204 case Q_TCP: 2205 bpf_error("'tcp proto' is bogus"); 2206 /* NOTREACHED */ 2207 2208 case Q_ICMP: 2209 bpf_error("'icmp proto' is bogus"); 2210 /* NOTREACHED */ 2211 2212 case Q_IGMP: 2213 bpf_error("'igmp proto' is bogus"); 2214 /* NOTREACHED */ 2215 2216 case Q_IGRP: 2217 bpf_error("'igrp proto' is bogus"); 2218 /* NOTREACHED */ 2219 2220 case Q_PIM: 2221 bpf_error("'pim proto' is bogus"); 2222 /* NOTREACHED */ 2223 2224 case Q_STP: 2225 bpf_error("'stp proto' is bogus"); 2226 /* NOTREACHED */ 2227 2228 #ifdef INET6 2229 case Q_IPV6: 2230 b0 = gen_linktype(ETHERTYPE_IPV6); 2231 #ifndef CHASE_CHAIN 2232 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2233 #else 2234 b1 = gen_protochain(v, Q_IPV6); 2235 #endif 2236 gen_and(b0, b1); 2237 return b1; 2238 2239 case Q_ICMPV6: 2240 bpf_error("'icmp6 proto' is bogus"); 2241 #endif /* INET6 */ 2242 2243 case Q_AH: 2244 bpf_error("'ah proto' is bogus"); 2245 2246 case Q_ESP: 2247 bpf_error("'ah proto' is bogus"); 2248 2249 default: 2250 abort(); 2251 /* NOTREACHED */ 2252 } 2253 /* NOTREACHED */ 2254 } 2255 2256 struct block * 2257 gen_scode(name, q) 2258 const char *name; 2259 struct qual q; 2260 { 2261 int proto = q.proto; 2262 int dir = q.dir; 2263 int tproto; 2264 u_char *eaddr; 2265 bpf_u_int32 mask, addr; 2266 #ifndef INET6 2267 bpf_u_int32 **alist; 2268 #else 2269 int tproto6; 2270 struct sockaddr_in *sin; 2271 struct sockaddr_in6 *sin6; 2272 struct addrinfo *res, *res0; 2273 struct in6_addr mask128; 2274 #endif /*INET6*/ 2275 struct block *b, *tmp; 2276 int port, real_proto; 2277 2278 switch (q.addr) { 2279 2280 case Q_NET: 2281 addr = pcap_nametonetaddr(name); 2282 if (addr == 0) 2283 bpf_error("unknown network '%s'", name); 2284 /* Left justify network addr and calculate its network mask */ 2285 mask = 0xffffffff; 2286 while (addr && (addr & 0xff000000) == 0) { 2287 addr <<= 8; 2288 mask <<= 8; 2289 } 2290 return gen_host(addr, mask, proto, dir); 2291 2292 case Q_DEFAULT: 2293 case Q_HOST: 2294 if (proto == Q_LINK) { 2295 switch (linktype) { 2296 2297 case DLT_EN10MB: 2298 eaddr = pcap_ether_hostton(name); 2299 if (eaddr == NULL) 2300 bpf_error( 2301 "unknown ether host '%s'", name); 2302 return gen_ehostop(eaddr, dir); 2303 2304 case DLT_FDDI: 2305 eaddr = pcap_ether_hostton(name); 2306 if (eaddr == NULL) 2307 bpf_error( 2308 "unknown FDDI host '%s'", name); 2309 return gen_fhostop(eaddr, dir); 2310 2311 case DLT_IEEE802_11: 2312 case DLT_IEEE802_11_RADIO: 2313 eaddr = pcap_ether_hostton(name); 2314 if (eaddr == NULL) 2315 bpf_error( 2316 "unknown 802.11 host '%s'", name); 2317 2318 return gen_p80211_hostop(eaddr, dir); 2319 2320 default: 2321 bpf_error( 2322 "only ethernet/FDDI supports link-level host name"); 2323 break; 2324 } 2325 } else if (proto == Q_DECNET) { 2326 unsigned short dn_addr = __pcap_nametodnaddr(name); 2327 /* 2328 * I don't think DECNET hosts can be multihomed, so 2329 * there is no need to build up a list of addresses 2330 */ 2331 return (gen_host(dn_addr, 0, proto, dir)); 2332 } else { 2333 #ifndef INET6 2334 alist = pcap_nametoaddr(name); 2335 if (alist == NULL || *alist == NULL) 2336 bpf_error("unknown host '%s'", name); 2337 tproto = proto; 2338 if (off_linktype == -1 && tproto == Q_DEFAULT) 2339 tproto = Q_IP; 2340 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2341 while (*alist) { 2342 tmp = gen_host(**alist++, 0xffffffff, 2343 tproto, dir); 2344 gen_or(b, tmp); 2345 b = tmp; 2346 } 2347 return b; 2348 #else 2349 memset(&mask128, 0xff, sizeof(mask128)); 2350 res0 = res = pcap_nametoaddrinfo(name); 2351 if (res == NULL) 2352 bpf_error("unknown host '%s'", name); 2353 b = tmp = NULL; 2354 tproto = tproto6 = proto; 2355 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2356 tproto = Q_IP; 2357 tproto6 = Q_IPV6; 2358 } 2359 for (res = res0; res; res = res->ai_next) { 2360 switch (res->ai_family) { 2361 case AF_INET: 2362 if (tproto == Q_IPV6) 2363 continue; 2364 2365 sin = (struct sockaddr_in *) 2366 res->ai_addr; 2367 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2368 0xffffffff, tproto, dir); 2369 break; 2370 case AF_INET6: 2371 if (tproto6 == Q_IP) 2372 continue; 2373 2374 sin6 = (struct sockaddr_in6 *) 2375 res->ai_addr; 2376 tmp = gen_host6(&sin6->sin6_addr, 2377 &mask128, tproto6, dir); 2378 break; 2379 } 2380 if (b) 2381 gen_or(b, tmp); 2382 b = tmp; 2383 } 2384 freeaddrinfo(res0); 2385 if (b == NULL) { 2386 bpf_error("unknown host '%s'%s", name, 2387 (proto == Q_DEFAULT) 2388 ? "" 2389 : " for specified address family"); 2390 } 2391 return b; 2392 #endif /*INET6*/ 2393 } 2394 2395 case Q_PORT: 2396 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2397 bpf_error("illegal qualifier of 'port'"); 2398 if (pcap_nametoport(name, &port, &real_proto) == 0) 2399 bpf_error("unknown port '%s'", name); 2400 if (proto == Q_UDP) { 2401 if (real_proto == IPPROTO_TCP) 2402 bpf_error("port '%s' is tcp", name); 2403 else 2404 /* override PROTO_UNDEF */ 2405 real_proto = IPPROTO_UDP; 2406 } 2407 if (proto == Q_TCP) { 2408 if (real_proto == IPPROTO_UDP) 2409 bpf_error("port '%s' is udp", name); 2410 else 2411 /* override PROTO_UNDEF */ 2412 real_proto = IPPROTO_TCP; 2413 } 2414 #ifndef INET6 2415 return gen_port(port, real_proto, dir); 2416 #else 2417 { 2418 struct block *b; 2419 b = gen_port(port, real_proto, dir); 2420 gen_or(gen_port6(port, real_proto, dir), b); 2421 return b; 2422 } 2423 #endif /* INET6 */ 2424 2425 case Q_GATEWAY: 2426 #ifndef INET6 2427 eaddr = pcap_ether_hostton(name); 2428 if (eaddr == NULL) 2429 bpf_error("unknown ether host: %s", name); 2430 2431 alist = pcap_nametoaddr(name); 2432 if (alist == NULL || *alist == NULL) 2433 bpf_error("unknown host '%s'", name); 2434 return gen_gateway(eaddr, alist, proto, dir); 2435 #else 2436 bpf_error("'gateway' not supported in this configuration"); 2437 #endif /*INET6*/ 2438 2439 case Q_PROTO: 2440 real_proto = lookup_proto(name, proto); 2441 if (real_proto >= 0) 2442 return gen_proto(real_proto, proto, dir); 2443 else 2444 bpf_error("unknown protocol: %s", name); 2445 2446 case Q_PROTOCHAIN: 2447 real_proto = lookup_proto(name, proto); 2448 if (real_proto >= 0) 2449 return gen_protochain(real_proto, proto, dir); 2450 else 2451 bpf_error("unknown protocol: %s", name); 2452 2453 2454 case Q_UNDEF: 2455 syntax(); 2456 /* NOTREACHED */ 2457 } 2458 abort(); 2459 /* NOTREACHED */ 2460 } 2461 2462 struct block * 2463 gen_mcode(s1, s2, masklen, q) 2464 const char *s1, *s2; 2465 int masklen; 2466 struct qual q; 2467 { 2468 int nlen, mlen; 2469 bpf_u_int32 n, m; 2470 2471 nlen = __pcap_atoin(s1, &n); 2472 /* Promote short ipaddr */ 2473 n <<= 32 - nlen; 2474 2475 if (s2 != NULL) { 2476 mlen = __pcap_atoin(s2, &m); 2477 /* Promote short ipaddr */ 2478 m <<= 32 - mlen; 2479 if ((n & ~m) != 0) 2480 bpf_error("non-network bits set in \"%s mask %s\"", 2481 s1, s2); 2482 } else { 2483 /* Convert mask len to mask */ 2484 if (masklen > 32) 2485 bpf_error("mask length must be <= 32"); 2486 m = 0xffffffff << (32 - masklen); 2487 if ((n & ~m) != 0) 2488 bpf_error("non-network bits set in \"%s/%d\"", 2489 s1, masklen); 2490 } 2491 2492 switch (q.addr) { 2493 2494 case Q_NET: 2495 return gen_host(n, m, q.proto, q.dir); 2496 2497 default: 2498 bpf_error("Mask syntax for networks only"); 2499 /* NOTREACHED */ 2500 } 2501 } 2502 2503 struct block * 2504 gen_ncode(s, v, q) 2505 const char *s; 2506 bpf_u_int32 v; 2507 struct qual q; 2508 { 2509 bpf_u_int32 mask; 2510 int proto = q.proto; 2511 int dir = q.dir; 2512 int vlen; 2513 2514 if (s == NULL) 2515 vlen = 32; 2516 else if (q.proto == Q_DECNET) 2517 vlen = __pcap_atodn(s, &v); 2518 else 2519 vlen = __pcap_atoin(s, &v); 2520 2521 switch (q.addr) { 2522 2523 case Q_DEFAULT: 2524 case Q_HOST: 2525 case Q_NET: 2526 if (proto == Q_DECNET) 2527 return gen_host(v, 0, proto, dir); 2528 else if (proto == Q_LINK) { 2529 bpf_error("illegal link layer address"); 2530 } else { 2531 mask = 0xffffffff; 2532 if (s == NULL && q.addr == Q_NET) { 2533 /* Promote short net number */ 2534 while (v && (v & 0xff000000) == 0) { 2535 v <<= 8; 2536 mask <<= 8; 2537 } 2538 } else { 2539 /* Promote short ipaddr */ 2540 v <<= 32 - vlen; 2541 mask <<= 32 - vlen; 2542 } 2543 return gen_host(v, mask, proto, dir); 2544 } 2545 2546 case Q_PORT: 2547 if (proto == Q_UDP) 2548 proto = IPPROTO_UDP; 2549 else if (proto == Q_TCP) 2550 proto = IPPROTO_TCP; 2551 else if (proto == Q_DEFAULT) 2552 proto = PROTO_UNDEF; 2553 else 2554 bpf_error("illegal qualifier of 'port'"); 2555 2556 #ifndef INET6 2557 return gen_port((int)v, proto, dir); 2558 #else 2559 { 2560 struct block *b; 2561 b = gen_port((int)v, proto, dir); 2562 gen_or(gen_port6((int)v, proto, dir), b); 2563 return b; 2564 } 2565 #endif /* INET6 */ 2566 2567 case Q_GATEWAY: 2568 bpf_error("'gateway' requires a name"); 2569 /* NOTREACHED */ 2570 2571 case Q_PROTO: 2572 return gen_proto((int)v, proto, dir); 2573 2574 case Q_PROTOCHAIN: 2575 return gen_protochain((int)v, proto, dir); 2576 2577 case Q_UNDEF: 2578 syntax(); 2579 /* NOTREACHED */ 2580 2581 default: 2582 abort(); 2583 /* NOTREACHED */ 2584 } 2585 /* NOTREACHED */ 2586 } 2587 2588 #ifdef INET6 2589 struct block * 2590 gen_mcode6(s1, s2, masklen, q) 2591 const char *s1, *s2; 2592 int masklen; 2593 struct qual q; 2594 { 2595 struct addrinfo *res; 2596 struct in6_addr *addr; 2597 struct in6_addr mask; 2598 struct block *b; 2599 u_int32_t *a, *m; 2600 2601 if (s2) 2602 bpf_error("no mask %s supported", s2); 2603 2604 res = pcap_nametoaddrinfo(s1); 2605 if (!res) 2606 bpf_error("invalid ip6 address %s", s1); 2607 if (res->ai_next) 2608 bpf_error("%s resolved to multiple address", s1); 2609 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2610 2611 if (sizeof(mask) * 8 < masklen) 2612 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2613 memset(&mask, 0, sizeof(mask)); 2614 memset(&mask, 0xff, masklen / 8); 2615 if (masklen % 8) { 2616 mask.s6_addr[masklen / 8] = 2617 (0xff << (8 - masklen % 8)) & 0xff; 2618 } 2619 2620 a = (u_int32_t *)addr; 2621 m = (u_int32_t *)&mask; 2622 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2623 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2624 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2625 } 2626 2627 switch (q.addr) { 2628 2629 case Q_DEFAULT: 2630 case Q_HOST: 2631 if (masklen != 128) 2632 bpf_error("Mask syntax for networks only"); 2633 /* FALLTHROUGH */ 2634 2635 case Q_NET: 2636 b = gen_host6(addr, &mask, q.proto, q.dir); 2637 freeaddrinfo(res); 2638 return b; 2639 2640 default: 2641 bpf_error("invalid qualifier against IPv6 address"); 2642 /* NOTREACHED */ 2643 } 2644 } 2645 #endif /*INET6*/ 2646 2647 struct block * 2648 gen_ecode(eaddr, q) 2649 const u_char *eaddr; 2650 struct qual q; 2651 { 2652 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2653 if (linktype == DLT_EN10MB) 2654 return gen_ehostop(eaddr, (int)q.dir); 2655 if (linktype == DLT_FDDI) 2656 return gen_fhostop(eaddr, (int)q.dir); 2657 if (linktype == DLT_IEEE802_11 || 2658 linktype == DLT_IEEE802_11_RADIO) 2659 return gen_p80211_hostop(eaddr, (int)q.dir); 2660 } 2661 bpf_error("ethernet address used in non-ether expression"); 2662 /* NOTREACHED */ 2663 } 2664 2665 void 2666 sappend(s0, s1) 2667 struct slist *s0, *s1; 2668 { 2669 /* 2670 * This is definitely not the best way to do this, but the 2671 * lists will rarely get long. 2672 */ 2673 while (s0->next) 2674 s0 = s0->next; 2675 s0->next = s1; 2676 } 2677 2678 static struct slist * 2679 xfer_to_x(a) 2680 struct arth *a; 2681 { 2682 struct slist *s; 2683 2684 s = new_stmt(BPF_LDX|BPF_MEM); 2685 s->s.k = a->regno; 2686 return s; 2687 } 2688 2689 static struct slist * 2690 xfer_to_a(a) 2691 struct arth *a; 2692 { 2693 struct slist *s; 2694 2695 s = new_stmt(BPF_LD|BPF_MEM); 2696 s->s.k = a->regno; 2697 return s; 2698 } 2699 2700 struct arth * 2701 gen_load(proto, index, size) 2702 int proto; 2703 struct arth *index; 2704 int size; 2705 { 2706 struct slist *s, *tmp; 2707 struct block *b; 2708 int regno = alloc_reg(); 2709 2710 free_reg(index->regno); 2711 switch (size) { 2712 2713 default: 2714 bpf_error("data size must be 1, 2, or 4"); 2715 2716 case 1: 2717 size = BPF_B; 2718 break; 2719 2720 case 2: 2721 size = BPF_H; 2722 break; 2723 2724 case 4: 2725 size = BPF_W; 2726 break; 2727 } 2728 switch (proto) { 2729 default: 2730 bpf_error("unsupported index operation"); 2731 2732 case Q_LINK: 2733 s = xfer_to_x(index); 2734 tmp = new_stmt(BPF_LD|BPF_IND|size); 2735 sappend(s, tmp); 2736 sappend(index->s, s); 2737 break; 2738 2739 case Q_IP: 2740 case Q_ARP: 2741 case Q_RARP: 2742 case Q_ATALK: 2743 case Q_DECNET: 2744 case Q_SCA: 2745 case Q_LAT: 2746 case Q_MOPRC: 2747 case Q_MOPDL: 2748 #ifdef INET6 2749 case Q_IPV6: 2750 #endif 2751 /* XXX Note that we assume a fixed link header here. */ 2752 if (variable_nl) { 2753 s = nl2X_stmt(); 2754 sappend(s, xfer_to_a(index)); 2755 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2756 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2757 } else { 2758 s = xfer_to_x(index); 2759 } 2760 tmp = new_stmt(BPF_LD|BPF_IND|size); 2761 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2762 sappend(s, tmp); 2763 sappend(index->s, s); 2764 2765 b = gen_proto_abbrev(proto); 2766 if (index->b) 2767 gen_and(index->b, b); 2768 index->b = b; 2769 break; 2770 2771 case Q_TCP: 2772 case Q_UDP: 2773 case Q_ICMP: 2774 case Q_IGMP: 2775 case Q_IGRP: 2776 case Q_PIM: 2777 s = iphl_to_x(); 2778 sappend(s, xfer_to_a(index)); 2779 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2780 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2781 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2782 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2783 sappend(index->s, s); 2784 2785 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2786 if (index->b) 2787 gen_and(index->b, b); 2788 #ifdef INET6 2789 gen_and(gen_proto_abbrev(Q_IP), b); 2790 #endif 2791 index->b = b; 2792 break; 2793 #ifdef INET6 2794 case Q_ICMPV6: 2795 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2796 /*NOTREACHED*/ 2797 #endif 2798 } 2799 index->regno = regno; 2800 s = new_stmt(BPF_ST); 2801 s->s.k = regno; 2802 sappend(index->s, s); 2803 2804 return index; 2805 } 2806 2807 struct block * 2808 gen_relation(code, a0, a1, reversed) 2809 int code; 2810 struct arth *a0, *a1; 2811 int reversed; 2812 { 2813 struct slist *s0, *s1, *s2; 2814 struct block *b, *tmp; 2815 2816 s0 = xfer_to_x(a1); 2817 s1 = xfer_to_a(a0); 2818 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2819 b = new_block(JMP(code)); 2820 if (code == BPF_JGT || code == BPF_JGE) { 2821 reversed = !reversed; 2822 b->s.k = 0x80000000; 2823 } 2824 if (reversed) 2825 gen_not(b); 2826 2827 sappend(s1, s2); 2828 sappend(s0, s1); 2829 sappend(a1->s, s0); 2830 sappend(a0->s, a1->s); 2831 2832 b->stmts = a0->s; 2833 2834 free_reg(a0->regno); 2835 free_reg(a1->regno); 2836 2837 /* 'and' together protocol checks */ 2838 if (a0->b) { 2839 if (a1->b) { 2840 gen_and(a0->b, tmp = a1->b); 2841 } 2842 else 2843 tmp = a0->b; 2844 } else 2845 tmp = a1->b; 2846 2847 if (tmp) 2848 gen_and(tmp, b); 2849 2850 return b; 2851 } 2852 2853 struct arth * 2854 gen_loadlen() 2855 { 2856 int regno = alloc_reg(); 2857 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2858 struct slist *s; 2859 2860 s = new_stmt(BPF_LD|BPF_LEN); 2861 s->next = new_stmt(BPF_ST); 2862 s->next->s.k = regno; 2863 a->s = s; 2864 a->regno = regno; 2865 2866 return a; 2867 } 2868 2869 struct arth * 2870 gen_loadi(val) 2871 int val; 2872 { 2873 struct arth *a; 2874 struct slist *s; 2875 int reg; 2876 2877 a = (struct arth *)newchunk(sizeof(*a)); 2878 2879 reg = alloc_reg(); 2880 2881 s = new_stmt(BPF_LD|BPF_IMM); 2882 s->s.k = val; 2883 s->next = new_stmt(BPF_ST); 2884 s->next->s.k = reg; 2885 a->s = s; 2886 a->regno = reg; 2887 2888 return a; 2889 } 2890 2891 struct arth * 2892 gen_neg(a) 2893 struct arth *a; 2894 { 2895 struct slist *s; 2896 2897 s = xfer_to_a(a); 2898 sappend(a->s, s); 2899 s = new_stmt(BPF_ALU|BPF_NEG); 2900 s->s.k = 0; 2901 sappend(a->s, s); 2902 s = new_stmt(BPF_ST); 2903 s->s.k = a->regno; 2904 sappend(a->s, s); 2905 2906 return a; 2907 } 2908 2909 struct arth * 2910 gen_arth(code, a0, a1) 2911 int code; 2912 struct arth *a0, *a1; 2913 { 2914 struct slist *s0, *s1, *s2; 2915 2916 s0 = xfer_to_x(a1); 2917 s1 = xfer_to_a(a0); 2918 s2 = new_stmt(BPF_ALU|BPF_X|code); 2919 2920 sappend(s1, s2); 2921 sappend(s0, s1); 2922 sappend(a1->s, s0); 2923 sappend(a0->s, a1->s); 2924 2925 free_reg(a1->regno); 2926 2927 s0 = new_stmt(BPF_ST); 2928 a0->regno = s0->s.k = alloc_reg(); 2929 sappend(a0->s, s0); 2930 2931 return a0; 2932 } 2933 2934 /* 2935 * Here we handle simple allocation of the scratch registers. 2936 * If too many registers are alloc'd, the allocator punts. 2937 */ 2938 static int regused[BPF_MEMWORDS]; 2939 static int curreg; 2940 2941 /* 2942 * Return the next free register. 2943 */ 2944 static int 2945 alloc_reg() 2946 { 2947 int n = BPF_MEMWORDS; 2948 2949 while (--n >= 0) { 2950 if (regused[curreg]) 2951 curreg = (curreg + 1) % BPF_MEMWORDS; 2952 else { 2953 regused[curreg] = 1; 2954 return curreg; 2955 } 2956 } 2957 bpf_error("too many registers needed to evaluate expression"); 2958 /* NOTREACHED */ 2959 } 2960 2961 /* 2962 * Return a register to the table so it can 2963 * be used later. 2964 */ 2965 static void 2966 free_reg(n) 2967 int n; 2968 { 2969 regused[n] = 0; 2970 } 2971 2972 static struct block * 2973 gen_len(jmp, n) 2974 int jmp, n; 2975 { 2976 struct slist *s; 2977 struct block *b; 2978 2979 s = new_stmt(BPF_LD|BPF_LEN); 2980 b = new_block(JMP(jmp)); 2981 b->stmts = s; 2982 b->s.k = n; 2983 2984 return b; 2985 } 2986 2987 struct block * 2988 gen_greater(n) 2989 int n; 2990 { 2991 return gen_len(BPF_JGE, n); 2992 } 2993 2994 struct block * 2995 gen_less(n) 2996 int n; 2997 { 2998 struct block *b; 2999 3000 b = gen_len(BPF_JGT, n); 3001 gen_not(b); 3002 3003 return b; 3004 } 3005 3006 struct block * 3007 gen_byteop(op, idx, val) 3008 int op, idx, val; 3009 { 3010 struct block *b; 3011 struct slist *s; 3012 3013 switch (op) { 3014 default: 3015 abort(); 3016 3017 case '=': 3018 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3019 3020 case '<': 3021 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3022 b->s.code = JMP(BPF_JGE); 3023 gen_not(b); 3024 return b; 3025 3026 case '>': 3027 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3028 b->s.code = JMP(BPF_JGT); 3029 return b; 3030 3031 case '|': 3032 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3033 break; 3034 3035 case '&': 3036 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3037 break; 3038 } 3039 s->s.k = val; 3040 b = new_block(JMP(BPF_JEQ)); 3041 b->stmts = s; 3042 gen_not(b); 3043 3044 return b; 3045 } 3046 3047 struct block * 3048 gen_broadcast(proto) 3049 int proto; 3050 { 3051 bpf_u_int32 hostmask; 3052 struct block *b0, *b1, *b2; 3053 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3054 3055 switch (proto) { 3056 3057 case Q_DEFAULT: 3058 case Q_LINK: 3059 if (linktype == DLT_EN10MB) 3060 return gen_ehostop(ebroadcast, Q_DST); 3061 if (linktype == DLT_FDDI) 3062 return gen_fhostop(ebroadcast, Q_DST); 3063 if (linktype == DLT_IEEE802_11 || 3064 linktype == DLT_IEEE802_11_RADIO) 3065 return gen_p80211_hostop(ebroadcast, Q_DST); 3066 bpf_error("not a broadcast link"); 3067 break; 3068 3069 case Q_IP: 3070 b0 = gen_linktype(ETHERTYPE_IP); 3071 hostmask = ~netmask; 3072 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3073 b2 = gen_mcmp_nl(16, BPF_W, 3074 (bpf_int32)(~0 & hostmask), hostmask); 3075 gen_or(b1, b2); 3076 gen_and(b0, b2); 3077 return b2; 3078 } 3079 bpf_error("only ether/ip broadcast filters supported"); 3080 } 3081 3082 struct block * 3083 gen_multicast(proto) 3084 int proto; 3085 { 3086 struct block *b0, *b1; 3087 struct slist *s; 3088 3089 switch (proto) { 3090 3091 case Q_DEFAULT: 3092 case Q_LINK: 3093 if (linktype == DLT_EN10MB) { 3094 /* ether[0] & 1 != 0 */ 3095 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3096 s->s.k = 0; 3097 b0 = new_block(JMP(BPF_JSET)); 3098 b0->s.k = 1; 3099 b0->stmts = s; 3100 return b0; 3101 } 3102 3103 if (linktype == DLT_FDDI) { 3104 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3105 /* fddi[1] & 1 != 0 */ 3106 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3107 s->s.k = 1; 3108 b0 = new_block(JMP(BPF_JSET)); 3109 b0->s.k = 1; 3110 b0->stmts = s; 3111 return b0; 3112 } 3113 /* Link not known to support multicasts */ 3114 break; 3115 3116 case Q_IP: 3117 b0 = gen_linktype(ETHERTYPE_IP); 3118 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3119 b1->s.code = JMP(BPF_JGE); 3120 gen_and(b0, b1); 3121 return b1; 3122 3123 #ifdef INET6 3124 case Q_IPV6: 3125 b0 = gen_linktype(ETHERTYPE_IPV6); 3126 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3127 gen_and(b0, b1); 3128 return b1; 3129 #endif /* INET6 */ 3130 } 3131 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3132 } 3133 3134 /* 3135 * generate command for inbound/outbound. It's here so we can 3136 * make it link-type specific. 'dir' = 0 implies "inbound", 3137 * = 1 implies "outbound". 3138 */ 3139 struct block * 3140 gen_inbound(dir) 3141 int dir; 3142 { 3143 struct block *b0; 3144 3145 /* 3146 * Only SLIP and old-style PPP data link types support 3147 * inbound/outbound qualifiers. 3148 */ 3149 switch (linktype) { 3150 case DLT_SLIP: 3151 case DLT_PPP: 3152 b0 = gen_relation(BPF_JEQ, 3153 gen_load(Q_LINK, gen_loadi(0), 1), 3154 gen_loadi(0), 3155 dir); 3156 break; 3157 3158 case DLT_PFLOG: 3159 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3160 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3161 break; 3162 3163 default: 3164 bpf_error("inbound/outbound not supported on linktype 0x%x", 3165 linktype); 3166 /* NOTREACHED */ 3167 } 3168 3169 return (b0); 3170 } 3171 3172 3173 /* PF firewall log matched interface */ 3174 struct block * 3175 gen_pf_ifname(char *ifname) 3176 { 3177 struct block *b0; 3178 u_int len, off; 3179 3180 if (linktype == DLT_PFLOG) { 3181 len = sizeof(((struct pfloghdr *)0)->ifname); 3182 off = offsetof(struct pfloghdr, ifname); 3183 } else { 3184 bpf_error("ifname not supported on linktype 0x%x", linktype); 3185 /* NOTREACHED */ 3186 } 3187 if (strlen(ifname) >= len) { 3188 bpf_error("ifname interface names can only be %d characters", 3189 len - 1); 3190 /* NOTREACHED */ 3191 } 3192 b0 = gen_bcmp(off, strlen(ifname), ifname); 3193 return (b0); 3194 } 3195 3196 3197 /* PF firewall log ruleset name */ 3198 struct block * 3199 gen_pf_ruleset(char *ruleset) 3200 { 3201 struct block *b0; 3202 3203 if (linktype != DLT_PFLOG) { 3204 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3205 /* NOTREACHED */ 3206 } 3207 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3208 bpf_error("ruleset names can only be %zu characters", 3209 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3210 /* NOTREACHED */ 3211 } 3212 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3213 strlen(ruleset), ruleset); 3214 return (b0); 3215 } 3216 3217 3218 /* PF firewall log rule number */ 3219 struct block * 3220 gen_pf_rnr(int rnr) 3221 { 3222 struct block *b0; 3223 3224 if (linktype == DLT_PFLOG) { 3225 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3226 (bpf_int32)rnr); 3227 } else { 3228 bpf_error("rnr not supported on linktype 0x%x", linktype); 3229 /* NOTREACHED */ 3230 } 3231 3232 return (b0); 3233 } 3234 3235 3236 /* PF firewall log sub-rule number */ 3237 struct block * 3238 gen_pf_srnr(int srnr) 3239 { 3240 struct block *b0; 3241 3242 if (linktype != DLT_PFLOG) { 3243 bpf_error("srnr not supported on linktype 0x%x", linktype); 3244 /* NOTREACHED */ 3245 } 3246 3247 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3248 (bpf_int32)srnr); 3249 return (b0); 3250 } 3251 3252 /* PF firewall log reason code */ 3253 struct block * 3254 gen_pf_reason(int reason) 3255 { 3256 struct block *b0; 3257 3258 if (linktype == DLT_PFLOG) { 3259 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3260 (bpf_int32)reason); 3261 } else { 3262 bpf_error("reason not supported on linktype 0x%x", linktype); 3263 /* NOTREACHED */ 3264 } 3265 3266 return (b0); 3267 } 3268 3269 /* PF firewall log action */ 3270 struct block * 3271 gen_pf_action(int action) 3272 { 3273 struct block *b0; 3274 3275 if (linktype == DLT_PFLOG) { 3276 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3277 (bpf_int32)action); 3278 } else { 3279 bpf_error("action not supported on linktype 0x%x", linktype); 3280 /* NOTREACHED */ 3281 } 3282 3283 return (b0); 3284 } 3285 3286 /* IEEE 802.11 wireless header */ 3287 struct block * 3288 gen_p80211_type(int type, int mask) 3289 { 3290 struct block *b0; 3291 u_int offset; 3292 3293 if (!(linktype == DLT_IEEE802_11 || 3294 linktype == DLT_IEEE802_11_RADIO)) { 3295 bpf_error("type not supported on linktype 0x%x", 3296 linktype); 3297 /* NOTREACHED */ 3298 } 3299 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3300 if (linktype == DLT_IEEE802_11_RADIO) 3301 offset += IEEE80211_RADIOTAP_HDRLEN; 3302 3303 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3304 3305 return (b0); 3306 } 3307 3308 static struct block * 3309 gen_ahostop(eaddr, dir) 3310 const u_char *eaddr; 3311 int dir; 3312 { 3313 struct block *b0, *b1; 3314 3315 switch (dir) { 3316 /* src comes first, different from Ethernet */ 3317 case Q_SRC: 3318 return gen_bcmp(0, 1, eaddr); 3319 3320 case Q_DST: 3321 return gen_bcmp(1, 1, eaddr); 3322 3323 case Q_AND: 3324 b0 = gen_ahostop(eaddr, Q_SRC); 3325 b1 = gen_ahostop(eaddr, Q_DST); 3326 gen_and(b0, b1); 3327 return b1; 3328 3329 case Q_DEFAULT: 3330 case Q_OR: 3331 b0 = gen_ahostop(eaddr, Q_SRC); 3332 b1 = gen_ahostop(eaddr, Q_DST); 3333 gen_or(b0, b1); 3334 return b1; 3335 } 3336 abort(); 3337 /* NOTREACHED */ 3338 } 3339 3340 struct block * 3341 gen_acode(eaddr, q) 3342 const u_char *eaddr; 3343 struct qual q; 3344 { 3345 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3346 if (linktype == DLT_ARCNET) 3347 return gen_ahostop(eaddr, (int)q.dir); 3348 } 3349 bpf_error("ARCnet address used in non-arc expression"); 3350 /* NOTREACHED */ 3351 } 3352 3353 /* 3354 * support IEEE 802.1Q VLAN trunk over ethernet 3355 */ 3356 struct block * 3357 gen_vlan(vlan_num) 3358 int vlan_num; 3359 { 3360 struct block *b0; 3361 3362 if (variable_nl) { 3363 bpf_error("'vlan' not supported for variable DLTs"); 3364 /*NOTREACHED*/ 3365 } 3366 3367 /* 3368 * Change the offsets to point to the type and data fields within 3369 * the VLAN packet. This is somewhat of a kludge. 3370 */ 3371 if (orig_nl == (u_int)-1) { 3372 orig_linktype = off_linktype; /* save original values */ 3373 orig_nl = off_nl; 3374 orig_nl_nosnap = off_nl_nosnap; 3375 3376 switch (linktype) { 3377 3378 case DLT_EN10MB: 3379 off_linktype = 16; 3380 off_nl_nosnap = 18; 3381 off_nl = 18; 3382 break; 3383 3384 default: 3385 bpf_error("no VLAN support for data link type %d", 3386 linktype); 3387 /*NOTREACHED*/ 3388 } 3389 } 3390 3391 /* check for VLAN */ 3392 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3393 3394 /* If a specific VLAN is requested, check VLAN id */ 3395 if (vlan_num >= 0) { 3396 struct block *b1; 3397 3398 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3399 gen_and(b0, b1); 3400 b0 = b1; 3401 } 3402 3403 return (b0); 3404 } 3405 3406 struct block * 3407 gen_p80211_fcdir(int fcdir) 3408 { 3409 struct block *b0; 3410 u_int offset; 3411 3412 if (!(linktype == DLT_IEEE802_11 || 3413 linktype == DLT_IEEE802_11_RADIO)) { 3414 bpf_error("frame direction not supported on linktype 0x%x", 3415 linktype); 3416 /* NOTREACHED */ 3417 } 3418 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3419 if (linktype == DLT_IEEE802_11_RADIO) 3420 offset += IEEE80211_RADIOTAP_HDRLEN; 3421 3422 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3423 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3424 3425 return (b0); 3426 } 3427 3428 static struct block * 3429 gen_p80211_hostop(const u_char *lladdr, int dir) 3430 { 3431 struct block *b0, *b1, *b2, *b3, *b4; 3432 u_int offset = 0; 3433 3434 if (linktype == DLT_IEEE802_11_RADIO) 3435 offset = IEEE80211_RADIOTAP_HDRLEN; 3436 3437 switch (dir) { 3438 case Q_SRC: 3439 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3440 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3441 lladdr); 3442 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3443 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3444 lladdr); 3445 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3446 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3447 lladdr); 3448 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3449 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3450 lladdr); 3451 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3452 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3453 lladdr); 3454 3455 gen_or(b0, b1); 3456 gen_or(b1, b2); 3457 gen_or(b2, b3); 3458 gen_or(b3, b4); 3459 return (b4); 3460 3461 case Q_DST: 3462 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3463 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3464 lladdr); 3465 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3466 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3467 lladdr); 3468 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3469 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3470 lladdr); 3471 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3472 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3473 lladdr); 3474 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3475 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3476 lladdr); 3477 3478 gen_or(b0, b1); 3479 gen_or(b1, b2); 3480 gen_or(b2, b3); 3481 gen_or(b3, b4); 3482 return (b4); 3483 3484 case Q_ADDR1: 3485 return (gen_bcmp(offset + 3486 (u_int)offsetof(struct ieee80211_frame, 3487 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3488 3489 case Q_ADDR2: 3490 return (gen_bcmp(offset + 3491 (u_int)offsetof(struct ieee80211_frame, 3492 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3493 3494 case Q_ADDR3: 3495 return (gen_bcmp(offset + 3496 (u_int)offsetof(struct ieee80211_frame, 3497 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3498 3499 case Q_ADDR4: 3500 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3501 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3502 lladdr)); 3503 3504 case Q_AND: 3505 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3506 b1 = gen_p80211_hostop(lladdr, Q_DST); 3507 gen_and(b0, b1); 3508 return (b1); 3509 3510 case Q_DEFAULT: 3511 case Q_OR: 3512 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3513 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3514 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3515 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3516 gen_or(b0, b1); 3517 gen_or(b1, b2); 3518 gen_or(b2, b3); 3519 return (b3); 3520 3521 default: 3522 bpf_error("direction not supported on linktype 0x%x", 3523 linktype); 3524 } 3525 /* NOTREACHED */ 3526 } 3527 3528 static struct block * 3529 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3530 { 3531 struct block *b0, *b1; 3532 3533 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3534 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3535 gen_and(b0, b1); 3536 3537 return (b1); 3538 } 3539