1 /* $OpenBSD: gencode.c,v 1.36 2010/10/09 08:14:36 canacar Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/time.h> 27 28 struct mbuf; 29 struct rtentry; 30 31 #include <net/if.h> 32 33 #include <netinet/in.h> 34 #include <netinet/if_ether.h> 35 36 #include <net/if_pflog.h> 37 #include <net/pfvar.h> 38 39 #include <net80211/ieee80211.h> 40 #include <net80211/ieee80211_radiotap.h> 41 42 #include <stdlib.h> 43 #include <stddef.h> 44 #include <memory.h> 45 #include <setjmp.h> 46 #include <stdarg.h> 47 48 #include "pcap-int.h" 49 50 #include "ethertype.h" 51 #include "llc.h" 52 #include "gencode.h" 53 #include "ppp.h" 54 #include <pcap-namedb.h> 55 #ifdef INET6 56 #include <netdb.h> 57 #include <sys/socket.h> 58 #endif /*INET6*/ 59 60 #ifdef HAVE_OS_PROTO_H 61 #include "os-proto.h" 62 #endif 63 64 #define JMP(c) ((c)|BPF_JMP|BPF_K) 65 66 /* Locals */ 67 static jmp_buf top_ctx; 68 static pcap_t *bpf_pcap; 69 70 /* Hack for updating VLAN offsets. */ 71 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 72 73 /* XXX */ 74 #ifdef PCAP_FDDIPAD 75 int pcap_fddipad = PCAP_FDDIPAD; 76 #else 77 int pcap_fddipad; 78 #endif 79 80 /* VARARGS */ 81 __dead void 82 bpf_error(const char *fmt, ...) 83 { 84 va_list ap; 85 86 va_start(ap, fmt); 87 if (bpf_pcap != NULL) 88 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 89 fmt, ap); 90 va_end(ap); 91 longjmp(top_ctx, 1); 92 /* NOTREACHED */ 93 } 94 95 static void init_linktype(int); 96 97 static int alloc_reg(void); 98 static void free_reg(int); 99 100 static struct block *root; 101 102 /* initialization code used for variable link header */ 103 static struct slist *init_code = NULL; 104 105 /* Flags and registers for variable link type handling */ 106 static int variable_nl; 107 static int nl_reg, iphl_reg; 108 109 /* 110 * We divy out chunks of memory rather than call malloc each time so 111 * we don't have to worry about leaking memory. It's probably 112 * not a big deal if all this memory was wasted but it this ever 113 * goes into a library that would probably not be a good idea. 114 */ 115 #define NCHUNKS 16 116 #define CHUNK0SIZE 1024 117 struct chunk { 118 u_int n_left; 119 void *m; 120 }; 121 122 static struct chunk chunks[NCHUNKS]; 123 static int cur_chunk; 124 125 static void *newchunk(u_int); 126 static void freechunks(void); 127 static __inline struct block *new_block(int); 128 static __inline struct slist *new_stmt(int); 129 static struct block *gen_retblk(int); 130 static __inline void syntax(void); 131 132 static void backpatch(struct block *, struct block *); 133 static void merge(struct block *, struct block *); 134 static struct block *gen_cmp(u_int, u_int, bpf_int32); 135 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 136 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 137 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 138 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 139 static struct block *gen_bcmp(u_int, u_int, const u_char *); 140 static struct block *gen_uncond(int); 141 static __inline struct block *gen_true(void); 142 static __inline struct block *gen_false(void); 143 static struct block *gen_linktype(int); 144 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 145 #ifdef INET6 146 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 147 #endif 148 static struct block *gen_ehostop(const u_char *, int); 149 static struct block *gen_fhostop(const u_char *, int); 150 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 151 static struct block *gen_p80211_hostop(const u_char *, int); 152 static struct block *gen_p80211_addr(int, u_int, const u_char *); 153 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 154 #ifdef INET6 155 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 156 #endif 157 #ifndef INET6 158 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 159 #endif 160 static struct block *gen_ipfrag(void); 161 static struct block *gen_portatom(int, bpf_int32); 162 #ifdef INET6 163 static struct block *gen_portatom6(int, bpf_int32); 164 #endif 165 struct block *gen_portop(int, int, int); 166 static struct block *gen_port(int, int, int); 167 #ifdef INET6 168 struct block *gen_portop6(int, int, int); 169 static struct block *gen_port6(int, int, int); 170 #endif 171 static int lookup_proto(const char *, int); 172 static struct block *gen_protochain(int, int, int); 173 static struct block *gen_proto(int, int, int); 174 static struct slist *xfer_to_x(struct arth *); 175 static struct slist *xfer_to_a(struct arth *); 176 static struct block *gen_len(int, int); 177 178 static void * 179 newchunk(n) 180 u_int n; 181 { 182 struct chunk *cp; 183 int k, size; 184 185 /* XXX Round to structure boundary. */ 186 n = ALIGN(n); 187 188 cp = &chunks[cur_chunk]; 189 if (n > cp->n_left) { 190 ++cp, k = ++cur_chunk; 191 if (k >= NCHUNKS) 192 bpf_error("out of memory"); 193 size = CHUNK0SIZE << k; 194 cp->m = (void *)malloc(size); 195 if (cp->m == NULL) 196 bpf_error("out of memory"); 197 198 memset((char *)cp->m, 0, size); 199 cp->n_left = size; 200 if (n > size) 201 bpf_error("out of memory"); 202 } 203 cp->n_left -= n; 204 return (void *)((char *)cp->m + cp->n_left); 205 } 206 207 static void 208 freechunks() 209 { 210 int i; 211 212 cur_chunk = 0; 213 for (i = 0; i < NCHUNKS; ++i) 214 if (chunks[i].m != NULL) { 215 free(chunks[i].m); 216 chunks[i].m = NULL; 217 } 218 } 219 220 /* 221 * A strdup whose allocations are freed after code generation is over. 222 */ 223 char * 224 sdup(s) 225 register const char *s; 226 { 227 int n = strlen(s) + 1; 228 char *cp = newchunk(n); 229 230 strlcpy(cp, s, n); 231 return (cp); 232 } 233 234 static __inline struct block * 235 new_block(code) 236 int code; 237 { 238 struct block *p; 239 240 p = (struct block *)newchunk(sizeof(*p)); 241 p->s.code = code; 242 p->head = p; 243 244 return p; 245 } 246 247 static __inline struct slist * 248 new_stmt(code) 249 int code; 250 { 251 struct slist *p; 252 253 p = (struct slist *)newchunk(sizeof(*p)); 254 p->s.code = code; 255 256 return p; 257 } 258 259 static struct block * 260 gen_retblk(v) 261 int v; 262 { 263 struct block *b = new_block(BPF_RET|BPF_K); 264 265 b->s.k = v; 266 return b; 267 } 268 269 static __inline void 270 syntax() 271 { 272 bpf_error("syntax error in filter expression"); 273 } 274 275 static bpf_u_int32 netmask; 276 static int snaplen; 277 int no_optimize; 278 279 int 280 pcap_compile(pcap_t *p, struct bpf_program *program, 281 char *buf, int optimize, bpf_u_int32 mask) 282 { 283 extern int n_errors; 284 int len; 285 286 no_optimize = 0; 287 n_errors = 0; 288 root = NULL; 289 bpf_pcap = p; 290 if (setjmp(top_ctx)) { 291 freechunks(); 292 return (-1); 293 } 294 295 netmask = mask; 296 snaplen = pcap_snapshot(p); 297 298 lex_init(buf ? buf : ""); 299 init_linktype(pcap_datalink(p)); 300 (void)pcap_parse(); 301 302 if (n_errors) 303 syntax(); 304 305 if (root == NULL) 306 root = gen_retblk(snaplen); 307 308 if (optimize && !no_optimize) { 309 bpf_optimize(&root); 310 if (root == NULL || 311 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 312 bpf_error("expression rejects all packets"); 313 } 314 program->bf_insns = icode_to_fcode(root, &len); 315 program->bf_len = len; 316 317 freechunks(); 318 return (0); 319 } 320 321 /* 322 * entry point for using the compiler with no pcap open 323 * pass in all the stuff that is needed explicitly instead. 324 */ 325 int 326 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 327 struct bpf_program *program, 328 char *buf, int optimize, bpf_u_int32 mask) 329 { 330 extern int n_errors; 331 int len; 332 333 n_errors = 0; 334 root = NULL; 335 bpf_pcap = NULL; 336 if (setjmp(top_ctx)) { 337 freechunks(); 338 return (-1); 339 } 340 341 netmask = mask; 342 343 /* XXX needed? I don't grok the use of globals here. */ 344 snaplen = snaplen_arg; 345 346 lex_init(buf ? buf : ""); 347 init_linktype(linktype_arg); 348 (void)pcap_parse(); 349 350 if (n_errors) 351 syntax(); 352 353 if (root == NULL) 354 root = gen_retblk(snaplen_arg); 355 356 if (optimize) { 357 bpf_optimize(&root); 358 if (root == NULL || 359 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 360 bpf_error("expression rejects all packets"); 361 } 362 program->bf_insns = icode_to_fcode(root, &len); 363 program->bf_len = len; 364 365 freechunks(); 366 return (0); 367 } 368 369 /* 370 * Clean up a "struct bpf_program" by freeing all the memory allocated 371 * in it. 372 */ 373 void 374 pcap_freecode(struct bpf_program *program) 375 { 376 program->bf_len = 0; 377 if (program->bf_insns != NULL) { 378 free((char *)program->bf_insns); 379 program->bf_insns = NULL; 380 } 381 } 382 383 /* 384 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 385 * which of the jt and jf fields has been resolved and which is a pointer 386 * back to another unresolved block (or nil). At least one of the fields 387 * in each block is already resolved. 388 */ 389 static void 390 backpatch(list, target) 391 struct block *list, *target; 392 { 393 struct block *next; 394 395 while (list) { 396 if (!list->sense) { 397 next = JT(list); 398 JT(list) = target; 399 } else { 400 next = JF(list); 401 JF(list) = target; 402 } 403 list = next; 404 } 405 } 406 407 /* 408 * Merge the lists in b0 and b1, using the 'sense' field to indicate 409 * which of jt and jf is the link. 410 */ 411 static void 412 merge(b0, b1) 413 struct block *b0, *b1; 414 { 415 register struct block **p = &b0; 416 417 /* Find end of list. */ 418 while (*p) 419 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 420 421 /* Concatenate the lists. */ 422 *p = b1; 423 } 424 425 void 426 finish_parse(p) 427 struct block *p; 428 { 429 backpatch(p, gen_retblk(snaplen)); 430 p->sense = !p->sense; 431 backpatch(p, gen_retblk(0)); 432 root = p->head; 433 434 /* prepend initialization code to root */ 435 if (init_code != NULL && root != NULL) { 436 sappend(init_code, root->stmts); 437 root->stmts = init_code; 438 init_code = NULL; 439 } 440 441 if (iphl_reg != -1) { 442 free_reg(iphl_reg); 443 iphl_reg = -1; 444 } 445 if (nl_reg != -1) { 446 free_reg(nl_reg); 447 nl_reg = -1; 448 } 449 } 450 451 void 452 gen_and(b0, b1) 453 struct block *b0, *b1; 454 { 455 backpatch(b0, b1->head); 456 b0->sense = !b0->sense; 457 b1->sense = !b1->sense; 458 merge(b1, b0); 459 b1->sense = !b1->sense; 460 b1->head = b0->head; 461 } 462 463 void 464 gen_or(b0, b1) 465 struct block *b0, *b1; 466 { 467 b0->sense = !b0->sense; 468 backpatch(b0, b1->head); 469 b0->sense = !b0->sense; 470 merge(b1, b0); 471 b1->head = b0->head; 472 } 473 474 void 475 gen_not(b) 476 struct block *b; 477 { 478 b->sense = !b->sense; 479 } 480 481 static struct block * 482 gen_cmp(offset, size, v) 483 u_int offset, size; 484 bpf_int32 v; 485 { 486 struct slist *s; 487 struct block *b; 488 489 s = new_stmt(BPF_LD|BPF_ABS|size); 490 s->s.k = offset; 491 492 b = new_block(JMP(BPF_JEQ)); 493 b->stmts = s; 494 b->s.k = v; 495 496 return b; 497 } 498 499 static struct block * 500 gen_cmp_gt(offset, size, v) 501 u_int offset, size; 502 bpf_int32 v; 503 { 504 struct slist *s; 505 struct block *b; 506 507 s = new_stmt(BPF_LD|BPF_ABS|size); 508 s->s.k = offset; 509 510 b = new_block(JMP(BPF_JGT)); 511 b->stmts = s; 512 b->s.k = v; 513 514 return b; 515 } 516 517 static struct block * 518 gen_mcmp(offset, size, v, mask) 519 u_int offset, size; 520 bpf_int32 v; 521 bpf_u_int32 mask; 522 { 523 struct block *b = gen_cmp(offset, size, v); 524 struct slist *s; 525 526 if (mask != 0xffffffff) { 527 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 528 s->s.k = mask; 529 sappend(b->stmts, s); 530 } 531 return b; 532 } 533 534 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 535 static struct block * 536 gen_mcmp_nl(offset, size, v, mask) 537 u_int offset, size; 538 bpf_int32 v; 539 bpf_u_int32 mask; 540 { 541 struct block *b = gen_cmp_nl(offset, size, v); 542 struct slist *s; 543 544 if (mask != 0xffffffff) { 545 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 546 s->s.k = mask; 547 sappend(b->stmts, s); 548 } 549 return b; 550 } 551 552 static struct block * 553 gen_bcmp(offset, size, v) 554 register u_int offset, size; 555 register const u_char *v; 556 { 557 register struct block *b, *tmp; 558 559 b = NULL; 560 while (size >= 4) { 561 register const u_char *p = &v[size - 4]; 562 bpf_int32 w = ((bpf_int32)p[0] << 24) | 563 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 564 565 tmp = gen_cmp(offset + size - 4, BPF_W, w); 566 if (b != NULL) 567 gen_and(b, tmp); 568 b = tmp; 569 size -= 4; 570 } 571 while (size >= 2) { 572 register const u_char *p = &v[size - 2]; 573 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 574 575 tmp = gen_cmp(offset + size - 2, BPF_H, w); 576 if (b != NULL) 577 gen_and(b, tmp); 578 b = tmp; 579 size -= 2; 580 } 581 if (size > 0) { 582 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 583 if (b != NULL) 584 gen_and(b, tmp); 585 b = tmp; 586 } 587 return b; 588 } 589 590 /* 591 * Various code constructs need to know the layout of the data link 592 * layer. These variables give the necessary offsets. off_linktype 593 * is set to -1 for no encapsulation, in which case, IP is assumed. 594 */ 595 static u_int off_linktype; 596 static u_int off_nl; 597 static u_int off_nl_nosnap; 598 599 static int linktype; 600 601 /* Generate code to load the dynamic 'off_nl' to the X register */ 602 static struct slist * 603 nl2X_stmt(void) 604 { 605 struct slist *s, *tmp; 606 607 if (nl_reg == -1) { 608 switch (linktype) { 609 case DLT_PFLOG: 610 /* The pflog header contains PFLOG_REAL_HDRLEN 611 which does NOT include the padding. Round 612 up to the nearest dword boundary */ 613 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 614 s->s.k = 0; 615 616 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 617 tmp->s.k = 3; 618 sappend(s, tmp); 619 620 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 621 tmp->s.k = 0xfc; 622 sappend(s, tmp); 623 624 nl_reg = alloc_reg(); 625 tmp = new_stmt(BPF_ST); 626 tmp->s.k = nl_reg; 627 sappend(s, tmp); 628 629 break; 630 default: 631 bpf_error("Unknown header size for link type 0x%x", 632 linktype); 633 } 634 635 if (init_code == NULL) 636 init_code = s; 637 else 638 sappend(init_code, s); 639 } 640 641 s = new_stmt(BPF_LDX|BPF_MEM); 642 s->s.k = nl_reg; 643 644 return s; 645 } 646 647 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 648 static struct block * 649 gen_cmp_nl(offset, size, v) 650 u_int offset, size; 651 bpf_int32 v; 652 { 653 struct slist *s, *tmp; 654 struct block *b; 655 656 if (variable_nl) { 657 s = nl2X_stmt(); 658 tmp = new_stmt(BPF_LD|BPF_IND|size); 659 tmp->s.k = offset; 660 sappend(s, tmp); 661 } else { 662 s = new_stmt(BPF_LD|BPF_ABS|size); 663 s->s.k = offset + off_nl; 664 } 665 b = new_block(JMP(BPF_JEQ)); 666 b->stmts = s; 667 b->s.k = v; 668 669 return b; 670 } 671 672 static void 673 init_linktype(type) 674 int type; 675 { 676 linktype = type; 677 init_code = NULL; 678 nl_reg = iphl_reg = -1; 679 680 switch (type) { 681 682 case DLT_EN10MB: 683 off_linktype = 12; 684 off_nl = 14; 685 return; 686 687 case DLT_SLIP: 688 /* 689 * SLIP doesn't have a link level type. The 16 byte 690 * header is hacked into our SLIP driver. 691 */ 692 off_linktype = -1; 693 off_nl = 16; 694 return; 695 696 case DLT_SLIP_BSDOS: 697 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 698 off_linktype = -1; 699 /* XXX end */ 700 off_nl = 24; 701 return; 702 703 case DLT_NULL: 704 off_linktype = 0; 705 off_nl = 4; 706 return; 707 708 case DLT_PPP: 709 off_linktype = 2; 710 off_nl = 4; 711 return; 712 713 case DLT_PPP_ETHER: 714 /* 715 * This does not include the Ethernet header, and 716 * only covers session state. 717 */ 718 off_linktype = 6; 719 off_nl = 8; 720 return; 721 722 case DLT_PPP_BSDOS: 723 off_linktype = 5; 724 off_nl = 24; 725 return; 726 727 case DLT_FDDI: 728 /* 729 * FDDI doesn't really have a link-level type field. 730 * We assume that SSAP = SNAP is being used and pick 731 * out the encapsulated Ethernet type. 732 */ 733 off_linktype = 19; 734 #ifdef PCAP_FDDIPAD 735 off_linktype += pcap_fddipad; 736 #endif 737 off_nl = 21; 738 #ifdef PCAP_FDDIPAD 739 off_nl += pcap_fddipad; 740 #endif 741 return; 742 743 case DLT_IEEE802: 744 off_linktype = 20; 745 off_nl = 22; 746 return; 747 748 case DLT_IEEE802_11: 749 off_linktype = 30; /* XXX variable */ 750 off_nl = 32; 751 return; 752 753 case DLT_IEEE802_11_RADIO: /* XXX variable */ 754 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 755 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 756 return; 757 758 case DLT_ATM_RFC1483: 759 /* 760 * assume routed, non-ISO PDUs 761 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 762 */ 763 off_linktype = 6; 764 off_nl = 8; 765 return; 766 767 case DLT_LOOP: 768 off_linktype = -1; 769 off_nl = 4; 770 return; 771 772 case DLT_ENC: 773 off_linktype = -1; 774 off_nl = 12; 775 return; 776 777 case DLT_PFLOG: 778 off_linktype = 0; 779 variable_nl = 1; 780 off_nl = 0; 781 return; 782 783 case DLT_PFSYNC: 784 off_linktype = -1; 785 off_nl = 4; 786 return; 787 788 case DLT_RAW: 789 off_linktype = -1; 790 off_nl = 0; 791 return; 792 } 793 bpf_error("unknown data link type 0x%x", linktype); 794 /* NOTREACHED */ 795 } 796 797 static struct block * 798 gen_uncond(rsense) 799 int rsense; 800 { 801 struct block *b; 802 struct slist *s; 803 804 s = new_stmt(BPF_LD|BPF_IMM); 805 s->s.k = !rsense; 806 b = new_block(JMP(BPF_JEQ)); 807 b->stmts = s; 808 809 return b; 810 } 811 812 static __inline struct block * 813 gen_true() 814 { 815 return gen_uncond(1); 816 } 817 818 static __inline struct block * 819 gen_false() 820 { 821 return gen_uncond(0); 822 } 823 824 static struct block * 825 gen_linktype(proto) 826 register int proto; 827 { 828 struct block *b0, *b1; 829 830 /* If we're not using encapsulation and checking for IP, we're done */ 831 if (off_linktype == -1 && proto == ETHERTYPE_IP) 832 return gen_true(); 833 #ifdef INET6 834 /* this isn't the right thing to do, but sometimes necessary */ 835 if (off_linktype == -1 && proto == ETHERTYPE_IPV6) 836 return gen_true(); 837 #endif 838 839 switch (linktype) { 840 841 case DLT_EN10MB: 842 if (proto <= ETHERMTU) { 843 /* This is an LLC SAP value */ 844 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 845 gen_not(b0); 846 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 847 gen_and(b0, b1); 848 return b1; 849 } else { 850 /* This is an Ethernet type */ 851 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 852 } 853 break; 854 855 case DLT_SLIP: 856 return gen_false(); 857 858 case DLT_PPP: 859 case DLT_PPP_ETHER: 860 if (proto == ETHERTYPE_IP) 861 proto = PPP_IP; /* XXX was 0x21 */ 862 #ifdef INET6 863 else if (proto == ETHERTYPE_IPV6) 864 proto = PPP_IPV6; 865 #endif 866 break; 867 868 case DLT_PPP_BSDOS: 869 switch (proto) { 870 871 case ETHERTYPE_IP: 872 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 873 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 874 gen_or(b0, b1); 875 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 876 gen_or(b1, b0); 877 return b0; 878 879 #ifdef INET6 880 case ETHERTYPE_IPV6: 881 proto = PPP_IPV6; 882 /* more to go? */ 883 break; 884 #endif /* INET6 */ 885 886 case ETHERTYPE_DN: 887 proto = PPP_DECNET; 888 break; 889 890 case ETHERTYPE_ATALK: 891 proto = PPP_APPLE; 892 break; 893 894 case ETHERTYPE_NS: 895 proto = PPP_NS; 896 break; 897 } 898 break; 899 900 case DLT_LOOP: 901 case DLT_ENC: 902 case DLT_NULL: 903 /* XXX */ 904 if (proto == ETHERTYPE_IP) 905 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 906 #ifdef INET6 907 else if (proto == ETHERTYPE_IPV6) 908 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 909 #endif /* INET6 */ 910 else 911 return gen_false(); 912 break; 913 case DLT_PFLOG: 914 if (proto == ETHERTYPE_IP) 915 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 916 (bpf_int32)AF_INET)); 917 #ifdef INET6 918 else if (proto == ETHERTYPE_IPV6) 919 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 920 (bpf_int32)AF_INET6)); 921 #endif /* INET6 */ 922 else 923 return gen_false(); 924 break; 925 926 } 927 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 928 } 929 930 static struct block * 931 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 932 bpf_u_int32 addr; 933 bpf_u_int32 mask; 934 int dir, proto; 935 u_int src_off, dst_off; 936 { 937 struct block *b0, *b1; 938 u_int offset; 939 940 switch (dir) { 941 942 case Q_SRC: 943 offset = src_off; 944 break; 945 946 case Q_DST: 947 offset = dst_off; 948 break; 949 950 case Q_AND: 951 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 952 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 953 gen_and(b0, b1); 954 return b1; 955 956 case Q_OR: 957 case Q_DEFAULT: 958 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 959 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 960 gen_or(b0, b1); 961 return b1; 962 963 default: 964 bpf_error("direction not supported on linktype 0x%x", 965 linktype); 966 } 967 b0 = gen_linktype(proto); 968 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 969 gen_and(b0, b1); 970 return b1; 971 } 972 973 #ifdef INET6 974 static struct block * 975 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 976 struct in6_addr *addr; 977 struct in6_addr *mask; 978 int dir, proto; 979 u_int src_off, dst_off; 980 { 981 struct block *b0, *b1; 982 u_int offset; 983 u_int32_t *a, *m; 984 985 switch (dir) { 986 987 case Q_SRC: 988 offset = src_off; 989 break; 990 991 case Q_DST: 992 offset = dst_off; 993 break; 994 995 case Q_AND: 996 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 997 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 998 gen_and(b0, b1); 999 return b1; 1000 1001 case Q_OR: 1002 case Q_DEFAULT: 1003 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1004 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1005 gen_or(b0, b1); 1006 return b1; 1007 1008 default: 1009 bpf_error("direction not supported on linktype 0x%x", 1010 linktype); 1011 } 1012 /* this order is important */ 1013 a = (u_int32_t *)addr; 1014 m = (u_int32_t *)mask; 1015 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1016 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1017 gen_and(b0, b1); 1018 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1019 gen_and(b0, b1); 1020 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1021 gen_and(b0, b1); 1022 b0 = gen_linktype(proto); 1023 gen_and(b0, b1); 1024 return b1; 1025 } 1026 #endif /*INET6*/ 1027 1028 static struct block * 1029 gen_ehostop(eaddr, dir) 1030 register const u_char *eaddr; 1031 register int dir; 1032 { 1033 struct block *b0, *b1; 1034 1035 switch (dir) { 1036 case Q_SRC: 1037 return gen_bcmp(6, 6, eaddr); 1038 1039 case Q_DST: 1040 return gen_bcmp(0, 6, eaddr); 1041 1042 case Q_AND: 1043 b0 = gen_ehostop(eaddr, Q_SRC); 1044 b1 = gen_ehostop(eaddr, Q_DST); 1045 gen_and(b0, b1); 1046 return b1; 1047 1048 case Q_DEFAULT: 1049 case Q_OR: 1050 b0 = gen_ehostop(eaddr, Q_SRC); 1051 b1 = gen_ehostop(eaddr, Q_DST); 1052 gen_or(b0, b1); 1053 return b1; 1054 default: 1055 bpf_error("direction not supported on linktype 0x%x", 1056 linktype); 1057 } 1058 /* NOTREACHED */ 1059 } 1060 1061 /* 1062 * Like gen_ehostop, but for DLT_FDDI 1063 */ 1064 static struct block * 1065 gen_fhostop(eaddr, dir) 1066 register const u_char *eaddr; 1067 register int dir; 1068 { 1069 struct block *b0, *b1; 1070 1071 switch (dir) { 1072 case Q_SRC: 1073 #ifdef PCAP_FDDIPAD 1074 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1075 #else 1076 return gen_bcmp(6 + 1, 6, eaddr); 1077 #endif 1078 1079 case Q_DST: 1080 #ifdef PCAP_FDDIPAD 1081 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1082 #else 1083 return gen_bcmp(0 + 1, 6, eaddr); 1084 #endif 1085 1086 case Q_AND: 1087 b0 = gen_fhostop(eaddr, Q_SRC); 1088 b1 = gen_fhostop(eaddr, Q_DST); 1089 gen_and(b0, b1); 1090 return b1; 1091 1092 case Q_DEFAULT: 1093 case Q_OR: 1094 b0 = gen_fhostop(eaddr, Q_SRC); 1095 b1 = gen_fhostop(eaddr, Q_DST); 1096 gen_or(b0, b1); 1097 return b1; 1098 default: 1099 bpf_error("direction not supported on linktype 0x%x", 1100 linktype); 1101 } 1102 /* NOTREACHED */ 1103 } 1104 1105 /* 1106 * This is quite tricky because there may be pad bytes in front of the 1107 * DECNET header, and then there are two possible data packet formats that 1108 * carry both src and dst addresses, plus 5 packet types in a format that 1109 * carries only the src node, plus 2 types that use a different format and 1110 * also carry just the src node. 1111 * 1112 * Yuck. 1113 * 1114 * Instead of doing those all right, we just look for data packets with 1115 * 0 or 1 bytes of padding. If you want to look at other packets, that 1116 * will require a lot more hacking. 1117 * 1118 * To add support for filtering on DECNET "areas" (network numbers) 1119 * one would want to add a "mask" argument to this routine. That would 1120 * make the filter even more inefficient, although one could be clever 1121 * and not generate masking instructions if the mask is 0xFFFF. 1122 */ 1123 static struct block * 1124 gen_dnhostop(addr, dir, base_off) 1125 bpf_u_int32 addr; 1126 int dir; 1127 u_int base_off; 1128 { 1129 struct block *b0, *b1, *b2, *tmp; 1130 u_int offset_lh; /* offset if long header is received */ 1131 u_int offset_sh; /* offset if short header is received */ 1132 1133 switch (dir) { 1134 1135 case Q_DST: 1136 offset_sh = 1; /* follows flags */ 1137 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1138 break; 1139 1140 case Q_SRC: 1141 offset_sh = 3; /* follows flags, dstnode */ 1142 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1143 break; 1144 1145 case Q_AND: 1146 /* Inefficient because we do our Calvinball dance twice */ 1147 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1148 b1 = gen_dnhostop(addr, Q_DST, base_off); 1149 gen_and(b0, b1); 1150 return b1; 1151 1152 case Q_OR: 1153 case Q_DEFAULT: 1154 /* Inefficient because we do our Calvinball dance twice */ 1155 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1156 b1 = gen_dnhostop(addr, Q_DST, base_off); 1157 gen_or(b0, b1); 1158 return b1; 1159 1160 default: 1161 bpf_error("direction not supported on linktype 0x%x", 1162 linktype); 1163 } 1164 b0 = gen_linktype(ETHERTYPE_DN); 1165 /* Check for pad = 1, long header case */ 1166 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1167 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1168 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1169 BPF_H, (bpf_int32)ntohs(addr)); 1170 gen_and(tmp, b1); 1171 /* Check for pad = 0, long header case */ 1172 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1173 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1174 gen_and(tmp, b2); 1175 gen_or(b2, b1); 1176 /* Check for pad = 1, short header case */ 1177 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1178 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1179 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1180 BPF_H, (bpf_int32)ntohs(addr)); 1181 gen_and(tmp, b2); 1182 gen_or(b2, b1); 1183 /* Check for pad = 0, short header case */ 1184 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1185 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1186 gen_and(tmp, b2); 1187 gen_or(b2, b1); 1188 1189 /* Combine with test for linktype */ 1190 gen_and(b0, b1); 1191 return b1; 1192 } 1193 1194 static struct block * 1195 gen_host(addr, mask, proto, dir) 1196 bpf_u_int32 addr; 1197 bpf_u_int32 mask; 1198 int proto; 1199 int dir; 1200 { 1201 struct block *b0, *b1; 1202 1203 switch (proto) { 1204 1205 case Q_DEFAULT: 1206 b0 = gen_host(addr, mask, Q_IP, dir); 1207 b1 = gen_host(addr, mask, Q_ARP, dir); 1208 gen_or(b0, b1); 1209 b0 = gen_host(addr, mask, Q_RARP, dir); 1210 gen_or(b1, b0); 1211 return b0; 1212 1213 case Q_IP: 1214 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1215 12, 16); 1216 1217 case Q_RARP: 1218 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1219 14, 24); 1220 1221 case Q_ARP: 1222 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1223 14, 24); 1224 1225 case Q_TCP: 1226 bpf_error("'tcp' modifier applied to host"); 1227 1228 case Q_UDP: 1229 bpf_error("'udp' modifier applied to host"); 1230 1231 case Q_ICMP: 1232 bpf_error("'icmp' modifier applied to host"); 1233 1234 case Q_IGMP: 1235 bpf_error("'igmp' modifier applied to host"); 1236 1237 case Q_IGRP: 1238 bpf_error("'igrp' modifier applied to host"); 1239 1240 case Q_PIM: 1241 bpf_error("'pim' modifier applied to host"); 1242 1243 case Q_STP: 1244 bpf_error("'stp' modifier applied to host"); 1245 1246 case Q_ATALK: 1247 bpf_error("ATALK host filtering not implemented"); 1248 1249 case Q_DECNET: 1250 return gen_dnhostop(addr, dir, 0); 1251 1252 case Q_SCA: 1253 bpf_error("SCA host filtering not implemented"); 1254 1255 case Q_LAT: 1256 bpf_error("LAT host filtering not implemented"); 1257 1258 case Q_MOPDL: 1259 bpf_error("MOPDL host filtering not implemented"); 1260 1261 case Q_MOPRC: 1262 bpf_error("MOPRC host filtering not implemented"); 1263 1264 #ifdef INET6 1265 case Q_IPV6: 1266 bpf_error("'ip6' modifier applied to ip host"); 1267 1268 case Q_ICMPV6: 1269 bpf_error("'icmp6' modifier applied to host"); 1270 #endif /* INET6 */ 1271 1272 case Q_AH: 1273 bpf_error("'ah' modifier applied to host"); 1274 1275 case Q_ESP: 1276 bpf_error("'esp' modifier applied to host"); 1277 1278 default: 1279 bpf_error("direction not supported on linktype 0x%x", 1280 linktype); 1281 } 1282 /* NOTREACHED */ 1283 } 1284 1285 #ifdef INET6 1286 static struct block * 1287 gen_host6(addr, mask, proto, dir) 1288 struct in6_addr *addr; 1289 struct in6_addr *mask; 1290 int proto; 1291 int dir; 1292 { 1293 switch (proto) { 1294 1295 case Q_DEFAULT: 1296 return gen_host6(addr, mask, Q_IPV6, dir); 1297 1298 case Q_IP: 1299 bpf_error("'ip' modifier applied to ip6 host"); 1300 1301 case Q_RARP: 1302 bpf_error("'rarp' modifier applied to ip6 host"); 1303 1304 case Q_ARP: 1305 bpf_error("'arp' modifier applied to ip6 host"); 1306 1307 case Q_TCP: 1308 bpf_error("'tcp' modifier applied to host"); 1309 1310 case Q_UDP: 1311 bpf_error("'udp' modifier applied to host"); 1312 1313 case Q_ICMP: 1314 bpf_error("'icmp' modifier applied to host"); 1315 1316 case Q_IGMP: 1317 bpf_error("'igmp' modifier applied to host"); 1318 1319 case Q_IGRP: 1320 bpf_error("'igrp' modifier applied to host"); 1321 1322 case Q_PIM: 1323 bpf_error("'pim' modifier applied to host"); 1324 1325 case Q_STP: 1326 bpf_error("'stp' modifier applied to host"); 1327 1328 case Q_ATALK: 1329 bpf_error("ATALK host filtering not implemented"); 1330 1331 case Q_DECNET: 1332 bpf_error("'decnet' modifier applied to ip6 host"); 1333 1334 case Q_SCA: 1335 bpf_error("SCA host filtering not implemented"); 1336 1337 case Q_LAT: 1338 bpf_error("LAT host filtering not implemented"); 1339 1340 case Q_MOPDL: 1341 bpf_error("MOPDL host filtering not implemented"); 1342 1343 case Q_MOPRC: 1344 bpf_error("MOPRC host filtering not implemented"); 1345 1346 case Q_IPV6: 1347 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1348 8, 24); 1349 1350 case Q_ICMPV6: 1351 bpf_error("'icmp6' modifier applied to host"); 1352 1353 case Q_AH: 1354 bpf_error("'ah' modifier applied to host"); 1355 1356 case Q_ESP: 1357 bpf_error("'esp' modifier applied to host"); 1358 1359 default: 1360 abort(); 1361 } 1362 /* NOTREACHED */ 1363 } 1364 #endif /*INET6*/ 1365 1366 #ifndef INET6 1367 static struct block * 1368 gen_gateway(eaddr, alist, proto, dir) 1369 const u_char *eaddr; 1370 bpf_u_int32 **alist; 1371 int proto; 1372 int dir; 1373 { 1374 struct block *b0, *b1, *tmp; 1375 1376 if (dir != 0) 1377 bpf_error("direction applied to 'gateway'"); 1378 1379 switch (proto) { 1380 case Q_DEFAULT: 1381 case Q_IP: 1382 case Q_ARP: 1383 case Q_RARP: 1384 if (linktype == DLT_EN10MB) 1385 b0 = gen_ehostop(eaddr, Q_OR); 1386 else if (linktype == DLT_FDDI) 1387 b0 = gen_fhostop(eaddr, Q_OR); 1388 else 1389 bpf_error( 1390 "'gateway' supported only on ethernet or FDDI"); 1391 1392 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1393 while (*alist) { 1394 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1395 gen_or(b1, tmp); 1396 b1 = tmp; 1397 } 1398 gen_not(b1); 1399 gen_and(b0, b1); 1400 return b1; 1401 } 1402 bpf_error("illegal modifier of 'gateway'"); 1403 /* NOTREACHED */ 1404 } 1405 #endif /*INET6*/ 1406 1407 struct block * 1408 gen_proto_abbrev(proto) 1409 int proto; 1410 { 1411 struct block *b0 = NULL, *b1; 1412 1413 switch (proto) { 1414 1415 case Q_TCP: 1416 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1417 #ifdef INET6 1418 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1419 gen_or(b0, b1); 1420 #endif 1421 break; 1422 1423 case Q_UDP: 1424 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1425 #ifdef INET6 1426 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1427 gen_or(b0, b1); 1428 #endif 1429 break; 1430 1431 case Q_ICMP: 1432 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1433 break; 1434 1435 #ifndef IPPROTO_IGMP 1436 #define IPPROTO_IGMP 2 1437 #endif 1438 1439 case Q_IGMP: 1440 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1441 break; 1442 1443 #ifndef IPPROTO_IGRP 1444 #define IPPROTO_IGRP 9 1445 #endif 1446 case Q_IGRP: 1447 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1448 break; 1449 1450 #ifndef IPPROTO_PIM 1451 #define IPPROTO_PIM 103 1452 #endif 1453 1454 case Q_PIM: 1455 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1456 #ifdef INET6 1457 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1458 gen_or(b0, b1); 1459 #endif 1460 break; 1461 1462 case Q_IP: 1463 b1 = gen_linktype(ETHERTYPE_IP); 1464 break; 1465 1466 case Q_ARP: 1467 b1 = gen_linktype(ETHERTYPE_ARP); 1468 break; 1469 1470 case Q_RARP: 1471 b1 = gen_linktype(ETHERTYPE_REVARP); 1472 break; 1473 1474 case Q_LINK: 1475 bpf_error("link layer applied in wrong context"); 1476 1477 case Q_ATALK: 1478 b1 = gen_linktype(ETHERTYPE_ATALK); 1479 break; 1480 1481 case Q_DECNET: 1482 b1 = gen_linktype(ETHERTYPE_DN); 1483 break; 1484 1485 case Q_SCA: 1486 b1 = gen_linktype(ETHERTYPE_SCA); 1487 break; 1488 1489 case Q_LAT: 1490 b1 = gen_linktype(ETHERTYPE_LAT); 1491 break; 1492 1493 case Q_MOPDL: 1494 b1 = gen_linktype(ETHERTYPE_MOPDL); 1495 break; 1496 1497 case Q_MOPRC: 1498 b1 = gen_linktype(ETHERTYPE_MOPRC); 1499 break; 1500 1501 case Q_STP: 1502 b1 = gen_linktype(LLCSAP_8021D); 1503 break; 1504 1505 #ifdef INET6 1506 case Q_IPV6: 1507 b1 = gen_linktype(ETHERTYPE_IPV6); 1508 break; 1509 1510 #ifndef IPPROTO_ICMPV6 1511 #define IPPROTO_ICMPV6 58 1512 #endif 1513 case Q_ICMPV6: 1514 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1515 break; 1516 #endif /* INET6 */ 1517 1518 #ifndef IPPROTO_AH 1519 #define IPPROTO_AH 51 1520 #endif 1521 case Q_AH: 1522 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1523 #ifdef INET6 1524 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1525 gen_or(b0, b1); 1526 #endif 1527 break; 1528 1529 #ifndef IPPROTO_ESP 1530 #define IPPROTO_ESP 50 1531 #endif 1532 case Q_ESP: 1533 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1534 #ifdef INET6 1535 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1536 gen_or(b0, b1); 1537 #endif 1538 break; 1539 1540 default: 1541 abort(); 1542 } 1543 return b1; 1544 } 1545 1546 static struct block * 1547 gen_ipfrag() 1548 { 1549 struct slist *s, *tmp; 1550 struct block *b; 1551 1552 /* not ip frag */ 1553 if (variable_nl) { 1554 s = nl2X_stmt(); 1555 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1556 tmp->s.k = 6; 1557 sappend(s, tmp); 1558 } else { 1559 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1560 s->s.k = off_nl + 6; 1561 } 1562 b = new_block(JMP(BPF_JSET)); 1563 b->s.k = 0x1fff; 1564 b->stmts = s; 1565 gen_not(b); 1566 1567 return b; 1568 } 1569 1570 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1571 This function generates code to set X to the start of the IP payload 1572 X = off_nl + IP header_len. 1573 */ 1574 static struct slist * 1575 iphl_to_x(void) 1576 { 1577 struct slist *s, *tmp; 1578 1579 /* XXX clobbers A if variable_nl*/ 1580 if (variable_nl) { 1581 if (iphl_reg == -1) { 1582 /* X <- off_nl */ 1583 s = nl2X_stmt(); 1584 1585 /* A = p[X+0] */ 1586 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1587 tmp->s.k = 0; 1588 sappend(s, tmp); 1589 1590 /* A = A & 0x0f */ 1591 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1592 tmp->s.k = 0x0f; 1593 sappend(s, tmp); 1594 1595 /* A = A << 2 */ 1596 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1597 tmp->s.k = 2; 1598 sappend(s, tmp); 1599 1600 /* A = A + X (add off_nl again to compansate) */ 1601 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1602 1603 /* MEM[iphl_reg] = A */ 1604 iphl_reg = alloc_reg(); 1605 tmp = new_stmt(BPF_ST); 1606 tmp->s.k = iphl_reg; 1607 sappend(s, tmp); 1608 1609 sappend(init_code, s); 1610 } 1611 s = new_stmt(BPF_LDX|BPF_MEM); 1612 s->s.k = iphl_reg; 1613 1614 } else { 1615 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1616 s->s.k = off_nl; 1617 } 1618 1619 return s; 1620 } 1621 1622 static struct block * 1623 gen_portatom(off, v) 1624 int off; 1625 bpf_int32 v; 1626 { 1627 struct slist *s, *tmp; 1628 struct block *b; 1629 1630 s = iphl_to_x(); 1631 1632 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1633 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1634 sappend(s, tmp); 1635 1636 b = new_block(JMP(BPF_JEQ)); 1637 b->stmts = s; 1638 b->s.k = v; 1639 1640 return b; 1641 } 1642 1643 #ifdef INET6 1644 static struct block * 1645 gen_portatom6(off, v) 1646 int off; 1647 bpf_int32 v; 1648 { 1649 return gen_cmp_nl(40 + off, BPF_H, v); 1650 } 1651 #endif/*INET6*/ 1652 1653 struct block * 1654 gen_portop(port, proto, dir) 1655 int port, proto, dir; 1656 { 1657 struct block *b0, *b1, *tmp; 1658 1659 /* ip proto 'proto' */ 1660 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1661 b0 = gen_ipfrag(); 1662 gen_and(tmp, b0); 1663 1664 switch (dir) { 1665 case Q_SRC: 1666 b1 = gen_portatom(0, (bpf_int32)port); 1667 break; 1668 1669 case Q_DST: 1670 b1 = gen_portatom(2, (bpf_int32)port); 1671 break; 1672 1673 case Q_OR: 1674 case Q_DEFAULT: 1675 tmp = gen_portatom(0, (bpf_int32)port); 1676 b1 = gen_portatom(2, (bpf_int32)port); 1677 gen_or(tmp, b1); 1678 break; 1679 1680 case Q_AND: 1681 tmp = gen_portatom(0, (bpf_int32)port); 1682 b1 = gen_portatom(2, (bpf_int32)port); 1683 gen_and(tmp, b1); 1684 break; 1685 1686 default: 1687 abort(); 1688 } 1689 gen_and(b0, b1); 1690 1691 return b1; 1692 } 1693 1694 static struct block * 1695 gen_port(port, ip_proto, dir) 1696 int port; 1697 int ip_proto; 1698 int dir; 1699 { 1700 struct block *b0, *b1, *tmp; 1701 1702 /* ether proto ip */ 1703 b0 = gen_linktype(ETHERTYPE_IP); 1704 1705 switch (ip_proto) { 1706 case IPPROTO_UDP: 1707 case IPPROTO_TCP: 1708 b1 = gen_portop(port, ip_proto, dir); 1709 break; 1710 1711 case PROTO_UNDEF: 1712 tmp = gen_portop(port, IPPROTO_TCP, dir); 1713 b1 = gen_portop(port, IPPROTO_UDP, dir); 1714 gen_or(tmp, b1); 1715 break; 1716 1717 default: 1718 abort(); 1719 } 1720 gen_and(b0, b1); 1721 return b1; 1722 } 1723 1724 #ifdef INET6 1725 struct block * 1726 gen_portop6(port, proto, dir) 1727 int port, proto, dir; 1728 { 1729 struct block *b0, *b1, *tmp; 1730 1731 /* ip proto 'proto' */ 1732 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1733 1734 switch (dir) { 1735 case Q_SRC: 1736 b1 = gen_portatom6(0, (bpf_int32)port); 1737 break; 1738 1739 case Q_DST: 1740 b1 = gen_portatom6(2, (bpf_int32)port); 1741 break; 1742 1743 case Q_OR: 1744 case Q_DEFAULT: 1745 tmp = gen_portatom6(0, (bpf_int32)port); 1746 b1 = gen_portatom6(2, (bpf_int32)port); 1747 gen_or(tmp, b1); 1748 break; 1749 1750 case Q_AND: 1751 tmp = gen_portatom6(0, (bpf_int32)port); 1752 b1 = gen_portatom6(2, (bpf_int32)port); 1753 gen_and(tmp, b1); 1754 break; 1755 1756 default: 1757 abort(); 1758 } 1759 gen_and(b0, b1); 1760 1761 return b1; 1762 } 1763 1764 static struct block * 1765 gen_port6(port, ip_proto, dir) 1766 int port; 1767 int ip_proto; 1768 int dir; 1769 { 1770 struct block *b0, *b1, *tmp; 1771 1772 /* ether proto ip */ 1773 b0 = gen_linktype(ETHERTYPE_IPV6); 1774 1775 switch (ip_proto) { 1776 case IPPROTO_UDP: 1777 case IPPROTO_TCP: 1778 b1 = gen_portop6(port, ip_proto, dir); 1779 break; 1780 1781 case PROTO_UNDEF: 1782 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1783 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1784 gen_or(tmp, b1); 1785 break; 1786 1787 default: 1788 abort(); 1789 } 1790 gen_and(b0, b1); 1791 return b1; 1792 } 1793 #endif /* INET6 */ 1794 1795 static int 1796 lookup_proto(name, proto) 1797 register const char *name; 1798 register int proto; 1799 { 1800 register int v; 1801 1802 switch (proto) { 1803 1804 case Q_DEFAULT: 1805 case Q_IP: 1806 v = pcap_nametoproto(name); 1807 if (v == PROTO_UNDEF) 1808 bpf_error("unknown ip proto '%s'", name); 1809 break; 1810 1811 case Q_LINK: 1812 /* XXX should look up h/w protocol type based on linktype */ 1813 v = pcap_nametoeproto(name); 1814 if (v == PROTO_UNDEF) { 1815 v = pcap_nametollc(name); 1816 if (v == PROTO_UNDEF) 1817 bpf_error("unknown ether proto '%s'", name); 1818 } 1819 break; 1820 1821 default: 1822 v = PROTO_UNDEF; 1823 break; 1824 } 1825 return v; 1826 } 1827 1828 static struct block * 1829 gen_protochain(v, proto, dir) 1830 int v; 1831 int proto; 1832 int dir; 1833 { 1834 struct block *b0, *b; 1835 struct slist *s[100]; 1836 int fix2, fix3, fix4, fix5; 1837 int ahcheck, again, end; 1838 int i, max; 1839 int reg1 = alloc_reg(); 1840 int reg2 = alloc_reg(); 1841 1842 memset(s, 0, sizeof(s)); 1843 fix2 = fix3 = fix4 = fix5 = 0; 1844 1845 if (variable_nl) { 1846 bpf_error("'gen_protochain' not supported for variable DLTs"); 1847 /*NOTREACHED*/ 1848 } 1849 1850 switch (proto) { 1851 case Q_IP: 1852 case Q_IPV6: 1853 break; 1854 case Q_DEFAULT: 1855 b0 = gen_protochain(v, Q_IP, dir); 1856 b = gen_protochain(v, Q_IPV6, dir); 1857 gen_or(b0, b); 1858 return b; 1859 default: 1860 bpf_error("bad protocol applied for 'protochain'"); 1861 /*NOTREACHED*/ 1862 } 1863 1864 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1865 1866 /* 1867 * s[0] is a dummy entry to protect other BPF insn from damaged 1868 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1869 * hard to find interdependency made by jump table fixup. 1870 */ 1871 i = 0; 1872 s[i] = new_stmt(0); /*dummy*/ 1873 i++; 1874 1875 switch (proto) { 1876 case Q_IP: 1877 b0 = gen_linktype(ETHERTYPE_IP); 1878 1879 /* A = ip->ip_p */ 1880 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1881 s[i]->s.k = off_nl + 9; 1882 i++; 1883 /* X = ip->ip_hl << 2 */ 1884 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1885 s[i]->s.k = off_nl; 1886 i++; 1887 break; 1888 case Q_IPV6: 1889 b0 = gen_linktype(ETHERTYPE_IPV6); 1890 1891 /* A = ip6->ip_nxt */ 1892 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1893 s[i]->s.k = off_nl + 6; 1894 i++; 1895 /* X = sizeof(struct ip6_hdr) */ 1896 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1897 s[i]->s.k = 40; 1898 i++; 1899 break; 1900 default: 1901 bpf_error("unsupported proto to gen_protochain"); 1902 /*NOTREACHED*/ 1903 } 1904 1905 /* again: if (A == v) goto end; else fall through; */ 1906 again = i; 1907 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1908 s[i]->s.k = v; 1909 s[i]->s.jt = NULL; /*later*/ 1910 s[i]->s.jf = NULL; /*update in next stmt*/ 1911 fix5 = i; 1912 i++; 1913 1914 /* if (A == IPPROTO_NONE) goto end */ 1915 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1916 s[i]->s.jt = NULL; /*later*/ 1917 s[i]->s.jf = NULL; /*update in next stmt*/ 1918 s[i]->s.k = IPPROTO_NONE; 1919 s[fix5]->s.jf = s[i]; 1920 fix2 = i; 1921 i++; 1922 1923 if (proto == Q_IPV6) { 1924 int v6start, v6end, v6advance, j; 1925 1926 v6start = i; 1927 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1928 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1929 s[i]->s.jt = NULL; /*later*/ 1930 s[i]->s.jf = NULL; /*update in next stmt*/ 1931 s[i]->s.k = IPPROTO_HOPOPTS; 1932 s[fix2]->s.jf = s[i]; 1933 i++; 1934 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1935 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1936 s[i]->s.jt = NULL; /*later*/ 1937 s[i]->s.jf = NULL; /*update in next stmt*/ 1938 s[i]->s.k = IPPROTO_DSTOPTS; 1939 i++; 1940 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1941 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1942 s[i]->s.jt = NULL; /*later*/ 1943 s[i]->s.jf = NULL; /*update in next stmt*/ 1944 s[i]->s.k = IPPROTO_ROUTING; 1945 i++; 1946 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1947 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1948 s[i]->s.jt = NULL; /*later*/ 1949 s[i]->s.jf = NULL; /*later*/ 1950 s[i]->s.k = IPPROTO_FRAGMENT; 1951 fix3 = i; 1952 v6end = i; 1953 i++; 1954 1955 /* v6advance: */ 1956 v6advance = i; 1957 1958 /* 1959 * in short, 1960 * A = P[X + 1]; 1961 * X = X + (P[X] + 1) * 8; 1962 */ 1963 /* A = X */ 1964 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1965 i++; 1966 /* MEM[reg1] = A */ 1967 s[i] = new_stmt(BPF_ST); 1968 s[i]->s.k = reg1; 1969 i++; 1970 /* A += 1 */ 1971 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1972 s[i]->s.k = 1; 1973 i++; 1974 /* X = A */ 1975 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1976 i++; 1977 /* A = P[X + packet head]; */ 1978 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1979 s[i]->s.k = off_nl; 1980 i++; 1981 /* MEM[reg2] = A */ 1982 s[i] = new_stmt(BPF_ST); 1983 s[i]->s.k = reg2; 1984 i++; 1985 /* X = MEM[reg1] */ 1986 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1987 s[i]->s.k = reg1; 1988 i++; 1989 /* A = P[X + packet head] */ 1990 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1991 s[i]->s.k = off_nl; 1992 i++; 1993 /* A += 1 */ 1994 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1995 s[i]->s.k = 1; 1996 i++; 1997 /* A *= 8 */ 1998 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1999 s[i]->s.k = 8; 2000 i++; 2001 /* X = A; */ 2002 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2003 i++; 2004 /* A = MEM[reg2] */ 2005 s[i] = new_stmt(BPF_LD|BPF_MEM); 2006 s[i]->s.k = reg2; 2007 i++; 2008 2009 /* goto again; (must use BPF_JA for backward jump) */ 2010 s[i] = new_stmt(BPF_JMP|BPF_JA); 2011 s[i]->s.k = again - i - 1; 2012 s[i - 1]->s.jf = s[i]; 2013 i++; 2014 2015 /* fixup */ 2016 for (j = v6start; j <= v6end; j++) 2017 s[j]->s.jt = s[v6advance]; 2018 } else { 2019 /* nop */ 2020 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2021 s[i]->s.k = 0; 2022 s[fix2]->s.jf = s[i]; 2023 i++; 2024 } 2025 2026 /* ahcheck: */ 2027 ahcheck = i; 2028 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2029 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2030 s[i]->s.jt = NULL; /*later*/ 2031 s[i]->s.jf = NULL; /*later*/ 2032 s[i]->s.k = IPPROTO_AH; 2033 if (fix3) 2034 s[fix3]->s.jf = s[ahcheck]; 2035 fix4 = i; 2036 i++; 2037 2038 /* 2039 * in short, 2040 * A = P[X + 1]; 2041 * X = X + (P[X] + 2) * 4; 2042 */ 2043 /* A = X */ 2044 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2045 i++; 2046 /* MEM[reg1] = A */ 2047 s[i] = new_stmt(BPF_ST); 2048 s[i]->s.k = reg1; 2049 i++; 2050 /* A += 1 */ 2051 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2052 s[i]->s.k = 1; 2053 i++; 2054 /* X = A */ 2055 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2056 i++; 2057 /* A = P[X + packet head]; */ 2058 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2059 s[i]->s.k = off_nl; 2060 i++; 2061 /* MEM[reg2] = A */ 2062 s[i] = new_stmt(BPF_ST); 2063 s[i]->s.k = reg2; 2064 i++; 2065 /* X = MEM[reg1] */ 2066 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2067 s[i]->s.k = reg1; 2068 i++; 2069 /* A = P[X + packet head] */ 2070 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2071 s[i]->s.k = off_nl; 2072 i++; 2073 /* A += 2 */ 2074 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2075 s[i]->s.k = 2; 2076 i++; 2077 /* A *= 4 */ 2078 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2079 s[i]->s.k = 4; 2080 i++; 2081 /* X = A; */ 2082 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2083 i++; 2084 /* A = MEM[reg2] */ 2085 s[i] = new_stmt(BPF_LD|BPF_MEM); 2086 s[i]->s.k = reg2; 2087 i++; 2088 2089 /* goto again; (must use BPF_JA for backward jump) */ 2090 s[i] = new_stmt(BPF_JMP|BPF_JA); 2091 s[i]->s.k = again - i - 1; 2092 i++; 2093 2094 /* end: nop */ 2095 end = i; 2096 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2097 s[i]->s.k = 0; 2098 s[fix2]->s.jt = s[end]; 2099 s[fix4]->s.jf = s[end]; 2100 s[fix5]->s.jt = s[end]; 2101 i++; 2102 2103 /* 2104 * make slist chain 2105 */ 2106 max = i; 2107 for (i = 0; i < max - 1; i++) 2108 s[i]->next = s[i + 1]; 2109 s[max - 1]->next = NULL; 2110 2111 /* 2112 * emit final check 2113 */ 2114 b = new_block(JMP(BPF_JEQ)); 2115 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2116 b->s.k = v; 2117 2118 free_reg(reg1); 2119 free_reg(reg2); 2120 2121 gen_and(b0, b); 2122 return b; 2123 } 2124 2125 static struct block * 2126 gen_proto(v, proto, dir) 2127 int v; 2128 int proto; 2129 int dir; 2130 { 2131 struct block *b0, *b1; 2132 2133 if (dir != Q_DEFAULT) 2134 bpf_error("direction applied to 'proto'"); 2135 2136 switch (proto) { 2137 case Q_DEFAULT: 2138 #ifdef INET6 2139 b0 = gen_proto(v, Q_IP, dir); 2140 b1 = gen_proto(v, Q_IPV6, dir); 2141 gen_or(b0, b1); 2142 return b1; 2143 #else 2144 /*FALLTHROUGH*/ 2145 #endif 2146 case Q_IP: 2147 b0 = gen_linktype(ETHERTYPE_IP); 2148 #ifndef CHASE_CHAIN 2149 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2150 #else 2151 b1 = gen_protochain(v, Q_IP); 2152 #endif 2153 gen_and(b0, b1); 2154 return b1; 2155 2156 case Q_ARP: 2157 bpf_error("arp does not encapsulate another protocol"); 2158 /* NOTREACHED */ 2159 2160 case Q_RARP: 2161 bpf_error("rarp does not encapsulate another protocol"); 2162 /* NOTREACHED */ 2163 2164 case Q_ATALK: 2165 bpf_error("atalk encapsulation is not specifiable"); 2166 /* NOTREACHED */ 2167 2168 case Q_DECNET: 2169 bpf_error("decnet encapsulation is not specifiable"); 2170 /* NOTREACHED */ 2171 2172 case Q_SCA: 2173 bpf_error("sca does not encapsulate another protocol"); 2174 /* NOTREACHED */ 2175 2176 case Q_LAT: 2177 bpf_error("lat does not encapsulate another protocol"); 2178 /* NOTREACHED */ 2179 2180 case Q_MOPRC: 2181 bpf_error("moprc does not encapsulate another protocol"); 2182 /* NOTREACHED */ 2183 2184 case Q_MOPDL: 2185 bpf_error("mopdl does not encapsulate another protocol"); 2186 /* NOTREACHED */ 2187 2188 case Q_LINK: 2189 return gen_linktype(v); 2190 2191 case Q_UDP: 2192 bpf_error("'udp proto' is bogus"); 2193 /* NOTREACHED */ 2194 2195 case Q_TCP: 2196 bpf_error("'tcp proto' is bogus"); 2197 /* NOTREACHED */ 2198 2199 case Q_ICMP: 2200 bpf_error("'icmp proto' is bogus"); 2201 /* NOTREACHED */ 2202 2203 case Q_IGMP: 2204 bpf_error("'igmp proto' is bogus"); 2205 /* NOTREACHED */ 2206 2207 case Q_IGRP: 2208 bpf_error("'igrp proto' is bogus"); 2209 /* NOTREACHED */ 2210 2211 case Q_PIM: 2212 bpf_error("'pim proto' is bogus"); 2213 /* NOTREACHED */ 2214 2215 case Q_STP: 2216 bpf_error("'stp proto' is bogus"); 2217 /* NOTREACHED */ 2218 2219 #ifdef INET6 2220 case Q_IPV6: 2221 b0 = gen_linktype(ETHERTYPE_IPV6); 2222 #ifndef CHASE_CHAIN 2223 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2224 #else 2225 b1 = gen_protochain(v, Q_IPV6); 2226 #endif 2227 gen_and(b0, b1); 2228 return b1; 2229 2230 case Q_ICMPV6: 2231 bpf_error("'icmp6 proto' is bogus"); 2232 #endif /* INET6 */ 2233 2234 case Q_AH: 2235 bpf_error("'ah proto' is bogus"); 2236 2237 case Q_ESP: 2238 bpf_error("'ah proto' is bogus"); 2239 2240 default: 2241 abort(); 2242 /* NOTREACHED */ 2243 } 2244 /* NOTREACHED */ 2245 } 2246 2247 struct block * 2248 gen_scode(name, q) 2249 register const char *name; 2250 struct qual q; 2251 { 2252 int proto = q.proto; 2253 int dir = q.dir; 2254 int tproto; 2255 u_char *eaddr; 2256 bpf_u_int32 mask, addr; 2257 #ifndef INET6 2258 bpf_u_int32 **alist; 2259 #else 2260 int tproto6; 2261 struct sockaddr_in *sin; 2262 struct sockaddr_in6 *sin6; 2263 struct addrinfo *res, *res0; 2264 struct in6_addr mask128; 2265 #endif /*INET6*/ 2266 struct block *b, *tmp; 2267 int port, real_proto; 2268 2269 switch (q.addr) { 2270 2271 case Q_NET: 2272 addr = pcap_nametonetaddr(name); 2273 if (addr == 0) 2274 bpf_error("unknown network '%s'", name); 2275 /* Left justify network addr and calculate its network mask */ 2276 mask = 0xffffffff; 2277 while (addr && (addr & 0xff000000) == 0) { 2278 addr <<= 8; 2279 mask <<= 8; 2280 } 2281 return gen_host(addr, mask, proto, dir); 2282 2283 case Q_DEFAULT: 2284 case Q_HOST: 2285 if (proto == Q_LINK) { 2286 switch (linktype) { 2287 2288 case DLT_EN10MB: 2289 eaddr = pcap_ether_hostton(name); 2290 if (eaddr == NULL) 2291 bpf_error( 2292 "unknown ether host '%s'", name); 2293 return gen_ehostop(eaddr, dir); 2294 2295 case DLT_FDDI: 2296 eaddr = pcap_ether_hostton(name); 2297 if (eaddr == NULL) 2298 bpf_error( 2299 "unknown FDDI host '%s'", name); 2300 return gen_fhostop(eaddr, dir); 2301 2302 case DLT_IEEE802_11: 2303 case DLT_IEEE802_11_RADIO: 2304 eaddr = pcap_ether_hostton(name); 2305 if (eaddr == NULL) 2306 bpf_error( 2307 "unknown 802.11 host '%s'", name); 2308 2309 return gen_p80211_hostop(eaddr, dir); 2310 2311 default: 2312 bpf_error( 2313 "only ethernet/FDDI supports link-level host name"); 2314 break; 2315 } 2316 } else if (proto == Q_DECNET) { 2317 unsigned short dn_addr = __pcap_nametodnaddr(name); 2318 /* 2319 * I don't think DECNET hosts can be multihomed, so 2320 * there is no need to build up a list of addresses 2321 */ 2322 return (gen_host(dn_addr, 0, proto, dir)); 2323 } else { 2324 #ifndef INET6 2325 alist = pcap_nametoaddr(name); 2326 if (alist == NULL || *alist == NULL) 2327 bpf_error("unknown host '%s'", name); 2328 tproto = proto; 2329 if (off_linktype == -1 && tproto == Q_DEFAULT) 2330 tproto = Q_IP; 2331 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2332 while (*alist) { 2333 tmp = gen_host(**alist++, 0xffffffff, 2334 tproto, dir); 2335 gen_or(b, tmp); 2336 b = tmp; 2337 } 2338 return b; 2339 #else 2340 memset(&mask128, 0xff, sizeof(mask128)); 2341 res0 = res = pcap_nametoaddrinfo(name); 2342 if (res == NULL) 2343 bpf_error("unknown host '%s'", name); 2344 b = tmp = NULL; 2345 tproto = tproto6 = proto; 2346 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2347 tproto = Q_IP; 2348 tproto6 = Q_IPV6; 2349 } 2350 for (res = res0; res; res = res->ai_next) { 2351 switch (res->ai_family) { 2352 case AF_INET: 2353 if (tproto == Q_IPV6) 2354 continue; 2355 2356 sin = (struct sockaddr_in *) 2357 res->ai_addr; 2358 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2359 0xffffffff, tproto, dir); 2360 break; 2361 case AF_INET6: 2362 if (tproto6 == Q_IP) 2363 continue; 2364 2365 sin6 = (struct sockaddr_in6 *) 2366 res->ai_addr; 2367 tmp = gen_host6(&sin6->sin6_addr, 2368 &mask128, tproto6, dir); 2369 break; 2370 } 2371 if (b) 2372 gen_or(b, tmp); 2373 b = tmp; 2374 } 2375 freeaddrinfo(res0); 2376 if (b == NULL) { 2377 bpf_error("unknown host '%s'%s", name, 2378 (proto == Q_DEFAULT) 2379 ? "" 2380 : " for specified address family"); 2381 } 2382 return b; 2383 #endif /*INET6*/ 2384 } 2385 2386 case Q_PORT: 2387 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2388 bpf_error("illegal qualifier of 'port'"); 2389 if (pcap_nametoport(name, &port, &real_proto) == 0) 2390 bpf_error("unknown port '%s'", name); 2391 if (proto == Q_UDP) { 2392 if (real_proto == IPPROTO_TCP) 2393 bpf_error("port '%s' is tcp", name); 2394 else 2395 /* override PROTO_UNDEF */ 2396 real_proto = IPPROTO_UDP; 2397 } 2398 if (proto == Q_TCP) { 2399 if (real_proto == IPPROTO_UDP) 2400 bpf_error("port '%s' is udp", name); 2401 else 2402 /* override PROTO_UNDEF */ 2403 real_proto = IPPROTO_TCP; 2404 } 2405 #ifndef INET6 2406 return gen_port(port, real_proto, dir); 2407 #else 2408 { 2409 struct block *b; 2410 b = gen_port(port, real_proto, dir); 2411 gen_or(gen_port6(port, real_proto, dir), b); 2412 return b; 2413 } 2414 #endif /* INET6 */ 2415 2416 case Q_GATEWAY: 2417 #ifndef INET6 2418 eaddr = pcap_ether_hostton(name); 2419 if (eaddr == NULL) 2420 bpf_error("unknown ether host: %s", name); 2421 2422 alist = pcap_nametoaddr(name); 2423 if (alist == NULL || *alist == NULL) 2424 bpf_error("unknown host '%s'", name); 2425 return gen_gateway(eaddr, alist, proto, dir); 2426 #else 2427 bpf_error("'gateway' not supported in this configuration"); 2428 #endif /*INET6*/ 2429 2430 case Q_PROTO: 2431 real_proto = lookup_proto(name, proto); 2432 if (real_proto >= 0) 2433 return gen_proto(real_proto, proto, dir); 2434 else 2435 bpf_error("unknown protocol: %s", name); 2436 2437 case Q_PROTOCHAIN: 2438 real_proto = lookup_proto(name, proto); 2439 if (real_proto >= 0) 2440 return gen_protochain(real_proto, proto, dir); 2441 else 2442 bpf_error("unknown protocol: %s", name); 2443 2444 2445 case Q_UNDEF: 2446 syntax(); 2447 /* NOTREACHED */ 2448 } 2449 abort(); 2450 /* NOTREACHED */ 2451 } 2452 2453 struct block * 2454 gen_mcode(s1, s2, masklen, q) 2455 register const char *s1, *s2; 2456 register int masklen; 2457 struct qual q; 2458 { 2459 register int nlen, mlen; 2460 bpf_u_int32 n, m; 2461 2462 nlen = __pcap_atoin(s1, &n); 2463 /* Promote short ipaddr */ 2464 n <<= 32 - nlen; 2465 2466 if (s2 != NULL) { 2467 mlen = __pcap_atoin(s2, &m); 2468 /* Promote short ipaddr */ 2469 m <<= 32 - mlen; 2470 if ((n & ~m) != 0) 2471 bpf_error("non-network bits set in \"%s mask %s\"", 2472 s1, s2); 2473 } else { 2474 /* Convert mask len to mask */ 2475 if (masklen > 32) 2476 bpf_error("mask length must be <= 32"); 2477 m = 0xffffffff << (32 - masklen); 2478 if ((n & ~m) != 0) 2479 bpf_error("non-network bits set in \"%s/%d\"", 2480 s1, masklen); 2481 } 2482 2483 switch (q.addr) { 2484 2485 case Q_NET: 2486 return gen_host(n, m, q.proto, q.dir); 2487 2488 default: 2489 bpf_error("Mask syntax for networks only"); 2490 /* NOTREACHED */ 2491 } 2492 } 2493 2494 struct block * 2495 gen_ncode(s, v, q) 2496 register const char *s; 2497 bpf_u_int32 v; 2498 struct qual q; 2499 { 2500 bpf_u_int32 mask; 2501 int proto = q.proto; 2502 int dir = q.dir; 2503 register int vlen; 2504 2505 if (s == NULL) 2506 vlen = 32; 2507 else if (q.proto == Q_DECNET) 2508 vlen = __pcap_atodn(s, &v); 2509 else 2510 vlen = __pcap_atoin(s, &v); 2511 2512 switch (q.addr) { 2513 2514 case Q_DEFAULT: 2515 case Q_HOST: 2516 case Q_NET: 2517 if (proto == Q_DECNET) 2518 return gen_host(v, 0, proto, dir); 2519 else if (proto == Q_LINK) { 2520 bpf_error("illegal link layer address"); 2521 } else { 2522 mask = 0xffffffff; 2523 if (s == NULL && q.addr == Q_NET) { 2524 /* Promote short net number */ 2525 while (v && (v & 0xff000000) == 0) { 2526 v <<= 8; 2527 mask <<= 8; 2528 } 2529 } else { 2530 /* Promote short ipaddr */ 2531 v <<= 32 - vlen; 2532 mask <<= 32 - vlen; 2533 } 2534 return gen_host(v, mask, proto, dir); 2535 } 2536 2537 case Q_PORT: 2538 if (proto == Q_UDP) 2539 proto = IPPROTO_UDP; 2540 else if (proto == Q_TCP) 2541 proto = IPPROTO_TCP; 2542 else if (proto == Q_DEFAULT) 2543 proto = PROTO_UNDEF; 2544 else 2545 bpf_error("illegal qualifier of 'port'"); 2546 2547 #ifndef INET6 2548 return gen_port((int)v, proto, dir); 2549 #else 2550 { 2551 struct block *b; 2552 b = gen_port((int)v, proto, dir); 2553 gen_or(gen_port6((int)v, proto, dir), b); 2554 return b; 2555 } 2556 #endif /* INET6 */ 2557 2558 case Q_GATEWAY: 2559 bpf_error("'gateway' requires a name"); 2560 /* NOTREACHED */ 2561 2562 case Q_PROTO: 2563 return gen_proto((int)v, proto, dir); 2564 2565 case Q_PROTOCHAIN: 2566 return gen_protochain((int)v, proto, dir); 2567 2568 case Q_UNDEF: 2569 syntax(); 2570 /* NOTREACHED */ 2571 2572 default: 2573 abort(); 2574 /* NOTREACHED */ 2575 } 2576 /* NOTREACHED */ 2577 } 2578 2579 #ifdef INET6 2580 struct block * 2581 gen_mcode6(s1, s2, masklen, q) 2582 register const char *s1, *s2; 2583 register int masklen; 2584 struct qual q; 2585 { 2586 struct addrinfo *res; 2587 struct in6_addr *addr; 2588 struct in6_addr mask; 2589 struct block *b; 2590 u_int32_t *a, *m; 2591 2592 if (s2) 2593 bpf_error("no mask %s supported", s2); 2594 2595 res = pcap_nametoaddrinfo(s1); 2596 if (!res) 2597 bpf_error("invalid ip6 address %s", s1); 2598 if (res->ai_next) 2599 bpf_error("%s resolved to multiple address", s1); 2600 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2601 2602 if (sizeof(mask) * 8 < masklen) 2603 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2604 memset(&mask, 0, sizeof(mask)); 2605 memset(&mask, 0xff, masklen / 8); 2606 if (masklen % 8) { 2607 mask.s6_addr[masklen / 8] = 2608 (0xff << (8 - masklen % 8)) & 0xff; 2609 } 2610 2611 a = (u_int32_t *)addr; 2612 m = (u_int32_t *)&mask; 2613 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2614 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2615 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2616 } 2617 2618 switch (q.addr) { 2619 2620 case Q_DEFAULT: 2621 case Q_HOST: 2622 if (masklen != 128) 2623 bpf_error("Mask syntax for networks only"); 2624 /* FALLTHROUGH */ 2625 2626 case Q_NET: 2627 b = gen_host6(addr, &mask, q.proto, q.dir); 2628 freeaddrinfo(res); 2629 return b; 2630 2631 default: 2632 bpf_error("invalid qualifier against IPv6 address"); 2633 /* NOTREACHED */ 2634 } 2635 } 2636 #endif /*INET6*/ 2637 2638 struct block * 2639 gen_ecode(eaddr, q) 2640 register const u_char *eaddr; 2641 struct qual q; 2642 { 2643 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2644 if (linktype == DLT_EN10MB) 2645 return gen_ehostop(eaddr, (int)q.dir); 2646 if (linktype == DLT_FDDI) 2647 return gen_fhostop(eaddr, (int)q.dir); 2648 if (linktype == DLT_IEEE802_11 || 2649 linktype == DLT_IEEE802_11_RADIO) 2650 return gen_p80211_hostop(eaddr, (int)q.dir); 2651 } 2652 bpf_error("ethernet address used in non-ether expression"); 2653 /* NOTREACHED */ 2654 } 2655 2656 void 2657 sappend(s0, s1) 2658 struct slist *s0, *s1; 2659 { 2660 /* 2661 * This is definitely not the best way to do this, but the 2662 * lists will rarely get long. 2663 */ 2664 while (s0->next) 2665 s0 = s0->next; 2666 s0->next = s1; 2667 } 2668 2669 static struct slist * 2670 xfer_to_x(a) 2671 struct arth *a; 2672 { 2673 struct slist *s; 2674 2675 s = new_stmt(BPF_LDX|BPF_MEM); 2676 s->s.k = a->regno; 2677 return s; 2678 } 2679 2680 static struct slist * 2681 xfer_to_a(a) 2682 struct arth *a; 2683 { 2684 struct slist *s; 2685 2686 s = new_stmt(BPF_LD|BPF_MEM); 2687 s->s.k = a->regno; 2688 return s; 2689 } 2690 2691 struct arth * 2692 gen_load(proto, index, size) 2693 int proto; 2694 struct arth *index; 2695 int size; 2696 { 2697 struct slist *s, *tmp; 2698 struct block *b; 2699 int regno = alloc_reg(); 2700 2701 free_reg(index->regno); 2702 switch (size) { 2703 2704 default: 2705 bpf_error("data size must be 1, 2, or 4"); 2706 2707 case 1: 2708 size = BPF_B; 2709 break; 2710 2711 case 2: 2712 size = BPF_H; 2713 break; 2714 2715 case 4: 2716 size = BPF_W; 2717 break; 2718 } 2719 switch (proto) { 2720 default: 2721 bpf_error("unsupported index operation"); 2722 2723 case Q_LINK: 2724 s = xfer_to_x(index); 2725 tmp = new_stmt(BPF_LD|BPF_IND|size); 2726 sappend(s, tmp); 2727 sappend(index->s, s); 2728 break; 2729 2730 case Q_IP: 2731 case Q_ARP: 2732 case Q_RARP: 2733 case Q_ATALK: 2734 case Q_DECNET: 2735 case Q_SCA: 2736 case Q_LAT: 2737 case Q_MOPRC: 2738 case Q_MOPDL: 2739 #ifdef INET6 2740 case Q_IPV6: 2741 #endif 2742 /* XXX Note that we assume a fixed link header here. */ 2743 if (variable_nl) { 2744 s = nl2X_stmt(); 2745 sappend(s, xfer_to_a(index)); 2746 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2747 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2748 } else { 2749 s = xfer_to_x(index); 2750 } 2751 tmp = new_stmt(BPF_LD|BPF_IND|size); 2752 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2753 sappend(s, tmp); 2754 sappend(index->s, s); 2755 2756 b = gen_proto_abbrev(proto); 2757 if (index->b) 2758 gen_and(index->b, b); 2759 index->b = b; 2760 break; 2761 2762 case Q_TCP: 2763 case Q_UDP: 2764 case Q_ICMP: 2765 case Q_IGMP: 2766 case Q_IGRP: 2767 case Q_PIM: 2768 s = iphl_to_x(); 2769 sappend(s, xfer_to_a(index)); 2770 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2771 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2772 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2773 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2774 sappend(index->s, s); 2775 2776 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2777 if (index->b) 2778 gen_and(index->b, b); 2779 #ifdef INET6 2780 gen_and(gen_proto_abbrev(Q_IP), b); 2781 #endif 2782 index->b = b; 2783 break; 2784 #ifdef INET6 2785 case Q_ICMPV6: 2786 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2787 /*NOTREACHED*/ 2788 #endif 2789 } 2790 index->regno = regno; 2791 s = new_stmt(BPF_ST); 2792 s->s.k = regno; 2793 sappend(index->s, s); 2794 2795 return index; 2796 } 2797 2798 struct block * 2799 gen_relation(code, a0, a1, reversed) 2800 int code; 2801 struct arth *a0, *a1; 2802 int reversed; 2803 { 2804 struct slist *s0, *s1, *s2; 2805 struct block *b, *tmp; 2806 2807 s0 = xfer_to_x(a1); 2808 s1 = xfer_to_a(a0); 2809 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2810 b = new_block(JMP(code)); 2811 if (code == BPF_JGT || code == BPF_JGE) { 2812 reversed = !reversed; 2813 b->s.k = 0x80000000; 2814 } 2815 if (reversed) 2816 gen_not(b); 2817 2818 sappend(s1, s2); 2819 sappend(s0, s1); 2820 sappend(a1->s, s0); 2821 sappend(a0->s, a1->s); 2822 2823 b->stmts = a0->s; 2824 2825 free_reg(a0->regno); 2826 free_reg(a1->regno); 2827 2828 /* 'and' together protocol checks */ 2829 if (a0->b) { 2830 if (a1->b) { 2831 gen_and(a0->b, tmp = a1->b); 2832 } 2833 else 2834 tmp = a0->b; 2835 } else 2836 tmp = a1->b; 2837 2838 if (tmp) 2839 gen_and(tmp, b); 2840 2841 return b; 2842 } 2843 2844 struct arth * 2845 gen_loadlen() 2846 { 2847 int regno = alloc_reg(); 2848 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2849 struct slist *s; 2850 2851 s = new_stmt(BPF_LD|BPF_LEN); 2852 s->next = new_stmt(BPF_ST); 2853 s->next->s.k = regno; 2854 a->s = s; 2855 a->regno = regno; 2856 2857 return a; 2858 } 2859 2860 struct arth * 2861 gen_loadi(val) 2862 int val; 2863 { 2864 struct arth *a; 2865 struct slist *s; 2866 int reg; 2867 2868 a = (struct arth *)newchunk(sizeof(*a)); 2869 2870 reg = alloc_reg(); 2871 2872 s = new_stmt(BPF_LD|BPF_IMM); 2873 s->s.k = val; 2874 s->next = new_stmt(BPF_ST); 2875 s->next->s.k = reg; 2876 a->s = s; 2877 a->regno = reg; 2878 2879 return a; 2880 } 2881 2882 struct arth * 2883 gen_neg(a) 2884 struct arth *a; 2885 { 2886 struct slist *s; 2887 2888 s = xfer_to_a(a); 2889 sappend(a->s, s); 2890 s = new_stmt(BPF_ALU|BPF_NEG); 2891 s->s.k = 0; 2892 sappend(a->s, s); 2893 s = new_stmt(BPF_ST); 2894 s->s.k = a->regno; 2895 sappend(a->s, s); 2896 2897 return a; 2898 } 2899 2900 struct arth * 2901 gen_arth(code, a0, a1) 2902 int code; 2903 struct arth *a0, *a1; 2904 { 2905 struct slist *s0, *s1, *s2; 2906 2907 s0 = xfer_to_x(a1); 2908 s1 = xfer_to_a(a0); 2909 s2 = new_stmt(BPF_ALU|BPF_X|code); 2910 2911 sappend(s1, s2); 2912 sappend(s0, s1); 2913 sappend(a1->s, s0); 2914 sappend(a0->s, a1->s); 2915 2916 free_reg(a1->regno); 2917 2918 s0 = new_stmt(BPF_ST); 2919 a0->regno = s0->s.k = alloc_reg(); 2920 sappend(a0->s, s0); 2921 2922 return a0; 2923 } 2924 2925 /* 2926 * Here we handle simple allocation of the scratch registers. 2927 * If too many registers are alloc'd, the allocator punts. 2928 */ 2929 static int regused[BPF_MEMWORDS]; 2930 static int curreg; 2931 2932 /* 2933 * Return the next free register. 2934 */ 2935 static int 2936 alloc_reg() 2937 { 2938 int n = BPF_MEMWORDS; 2939 2940 while (--n >= 0) { 2941 if (regused[curreg]) 2942 curreg = (curreg + 1) % BPF_MEMWORDS; 2943 else { 2944 regused[curreg] = 1; 2945 return curreg; 2946 } 2947 } 2948 bpf_error("too many registers needed to evaluate expression"); 2949 /* NOTREACHED */ 2950 } 2951 2952 /* 2953 * Return a register to the table so it can 2954 * be used later. 2955 */ 2956 static void 2957 free_reg(n) 2958 int n; 2959 { 2960 regused[n] = 0; 2961 } 2962 2963 static struct block * 2964 gen_len(jmp, n) 2965 int jmp, n; 2966 { 2967 struct slist *s; 2968 struct block *b; 2969 2970 s = new_stmt(BPF_LD|BPF_LEN); 2971 b = new_block(JMP(jmp)); 2972 b->stmts = s; 2973 b->s.k = n; 2974 2975 return b; 2976 } 2977 2978 struct block * 2979 gen_greater(n) 2980 int n; 2981 { 2982 return gen_len(BPF_JGE, n); 2983 } 2984 2985 struct block * 2986 gen_less(n) 2987 int n; 2988 { 2989 struct block *b; 2990 2991 b = gen_len(BPF_JGT, n); 2992 gen_not(b); 2993 2994 return b; 2995 } 2996 2997 struct block * 2998 gen_byteop(op, idx, val) 2999 int op, idx, val; 3000 { 3001 struct block *b; 3002 struct slist *s; 3003 3004 switch (op) { 3005 default: 3006 abort(); 3007 3008 case '=': 3009 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3010 3011 case '<': 3012 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3013 b->s.code = JMP(BPF_JGE); 3014 gen_not(b); 3015 return b; 3016 3017 case '>': 3018 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3019 b->s.code = JMP(BPF_JGT); 3020 return b; 3021 3022 case '|': 3023 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3024 break; 3025 3026 case '&': 3027 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3028 break; 3029 } 3030 s->s.k = val; 3031 b = new_block(JMP(BPF_JEQ)); 3032 b->stmts = s; 3033 gen_not(b); 3034 3035 return b; 3036 } 3037 3038 struct block * 3039 gen_broadcast(proto) 3040 int proto; 3041 { 3042 bpf_u_int32 hostmask; 3043 struct block *b0, *b1, *b2; 3044 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3045 3046 switch (proto) { 3047 3048 case Q_DEFAULT: 3049 case Q_LINK: 3050 if (linktype == DLT_EN10MB) 3051 return gen_ehostop(ebroadcast, Q_DST); 3052 if (linktype == DLT_FDDI) 3053 return gen_fhostop(ebroadcast, Q_DST); 3054 if (linktype == DLT_IEEE802_11 || 3055 linktype == DLT_IEEE802_11_RADIO) 3056 return gen_p80211_hostop(ebroadcast, Q_DST); 3057 bpf_error("not a broadcast link"); 3058 break; 3059 3060 case Q_IP: 3061 b0 = gen_linktype(ETHERTYPE_IP); 3062 hostmask = ~netmask; 3063 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3064 b2 = gen_mcmp_nl(16, BPF_W, 3065 (bpf_int32)(~0 & hostmask), hostmask); 3066 gen_or(b1, b2); 3067 gen_and(b0, b2); 3068 return b2; 3069 } 3070 bpf_error("only ether/ip broadcast filters supported"); 3071 } 3072 3073 struct block * 3074 gen_multicast(proto) 3075 int proto; 3076 { 3077 register struct block *b0, *b1; 3078 register struct slist *s; 3079 3080 switch (proto) { 3081 3082 case Q_DEFAULT: 3083 case Q_LINK: 3084 if (linktype == DLT_EN10MB) { 3085 /* ether[0] & 1 != 0 */ 3086 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3087 s->s.k = 0; 3088 b0 = new_block(JMP(BPF_JSET)); 3089 b0->s.k = 1; 3090 b0->stmts = s; 3091 return b0; 3092 } 3093 3094 if (linktype == DLT_FDDI) { 3095 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3096 /* fddi[1] & 1 != 0 */ 3097 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3098 s->s.k = 1; 3099 b0 = new_block(JMP(BPF_JSET)); 3100 b0->s.k = 1; 3101 b0->stmts = s; 3102 return b0; 3103 } 3104 /* Link not known to support multicasts */ 3105 break; 3106 3107 case Q_IP: 3108 b0 = gen_linktype(ETHERTYPE_IP); 3109 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3110 b1->s.code = JMP(BPF_JGE); 3111 gen_and(b0, b1); 3112 return b1; 3113 3114 #ifdef INET6 3115 case Q_IPV6: 3116 b0 = gen_linktype(ETHERTYPE_IPV6); 3117 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3118 gen_and(b0, b1); 3119 return b1; 3120 #endif /* INET6 */ 3121 } 3122 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3123 } 3124 3125 /* 3126 * generate command for inbound/outbound. It's here so we can 3127 * make it link-type specific. 'dir' = 0 implies "inbound", 3128 * = 1 implies "outbound". 3129 */ 3130 struct block * 3131 gen_inbound(dir) 3132 int dir; 3133 { 3134 register struct block *b0; 3135 3136 /* 3137 * Only SLIP and old-style PPP data link types support 3138 * inbound/outbound qualifiers. 3139 */ 3140 switch (linktype) { 3141 case DLT_SLIP: 3142 case DLT_PPP: 3143 b0 = gen_relation(BPF_JEQ, 3144 gen_load(Q_LINK, gen_loadi(0), 1), 3145 gen_loadi(0), 3146 dir); 3147 break; 3148 3149 case DLT_PFLOG: 3150 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3151 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3152 break; 3153 3154 default: 3155 bpf_error("inbound/outbound not supported on linktype 0x%x", 3156 linktype); 3157 /* NOTREACHED */ 3158 } 3159 3160 return (b0); 3161 } 3162 3163 3164 /* PF firewall log matched interface */ 3165 struct block * 3166 gen_pf_ifname(char *ifname) 3167 { 3168 struct block *b0; 3169 u_int len, off; 3170 3171 if (linktype == DLT_PFLOG) { 3172 len = sizeof(((struct pfloghdr *)0)->ifname); 3173 off = offsetof(struct pfloghdr, ifname); 3174 } else { 3175 bpf_error("ifname not supported on linktype 0x%x", linktype); 3176 /* NOTREACHED */ 3177 } 3178 if (strlen(ifname) >= len) { 3179 bpf_error("ifname interface names can only be %d characters", 3180 len - 1); 3181 /* NOTREACHED */ 3182 } 3183 b0 = gen_bcmp(off, strlen(ifname), ifname); 3184 return (b0); 3185 } 3186 3187 3188 /* PF firewall log ruleset name */ 3189 struct block * 3190 gen_pf_ruleset(char *ruleset) 3191 { 3192 struct block *b0; 3193 3194 if (linktype != DLT_PFLOG) { 3195 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3196 /* NOTREACHED */ 3197 } 3198 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3199 bpf_error("ruleset names can only be %zu characters", 3200 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3201 /* NOTREACHED */ 3202 } 3203 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3204 strlen(ruleset), ruleset); 3205 return (b0); 3206 } 3207 3208 3209 /* PF firewall log rule number */ 3210 struct block * 3211 gen_pf_rnr(int rnr) 3212 { 3213 struct block *b0; 3214 3215 if (linktype == DLT_PFLOG) { 3216 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3217 (bpf_int32)rnr); 3218 } else { 3219 bpf_error("rnr not supported on linktype 0x%x", linktype); 3220 /* NOTREACHED */ 3221 } 3222 3223 return (b0); 3224 } 3225 3226 3227 /* PF firewall log sub-rule number */ 3228 struct block * 3229 gen_pf_srnr(int srnr) 3230 { 3231 struct block *b0; 3232 3233 if (linktype != DLT_PFLOG) { 3234 bpf_error("srnr not supported on linktype 0x%x", linktype); 3235 /* NOTREACHED */ 3236 } 3237 3238 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3239 (bpf_int32)srnr); 3240 return (b0); 3241 } 3242 3243 /* PF firewall log reason code */ 3244 struct block * 3245 gen_pf_reason(int reason) 3246 { 3247 struct block *b0; 3248 3249 if (linktype == DLT_PFLOG) { 3250 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3251 (bpf_int32)reason); 3252 } else { 3253 bpf_error("reason not supported on linktype 0x%x", linktype); 3254 /* NOTREACHED */ 3255 } 3256 3257 return (b0); 3258 } 3259 3260 /* PF firewall log action */ 3261 struct block * 3262 gen_pf_action(int action) 3263 { 3264 struct block *b0; 3265 3266 if (linktype == DLT_PFLOG) { 3267 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3268 (bpf_int32)action); 3269 } else { 3270 bpf_error("action not supported on linktype 0x%x", linktype); 3271 /* NOTREACHED */ 3272 } 3273 3274 return (b0); 3275 } 3276 3277 /* IEEE 802.11 wireless header */ 3278 struct block * 3279 gen_p80211_type(int type, int mask) 3280 { 3281 struct block *b0; 3282 u_int offset; 3283 3284 if (!(linktype == DLT_IEEE802_11 || 3285 linktype == DLT_IEEE802_11_RADIO)) { 3286 bpf_error("type not supported on linktype 0x%x", 3287 linktype); 3288 /* NOTREACHED */ 3289 } 3290 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3291 if (linktype == DLT_IEEE802_11_RADIO) 3292 offset += IEEE80211_RADIOTAP_HDRLEN; 3293 3294 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3295 3296 return (b0); 3297 } 3298 3299 static struct block * 3300 gen_ahostop(eaddr, dir) 3301 register const u_char *eaddr; 3302 register int dir; 3303 { 3304 register struct block *b0, *b1; 3305 3306 switch (dir) { 3307 /* src comes first, different from Ethernet */ 3308 case Q_SRC: 3309 return gen_bcmp(0, 1, eaddr); 3310 3311 case Q_DST: 3312 return gen_bcmp(1, 1, eaddr); 3313 3314 case Q_AND: 3315 b0 = gen_ahostop(eaddr, Q_SRC); 3316 b1 = gen_ahostop(eaddr, Q_DST); 3317 gen_and(b0, b1); 3318 return b1; 3319 3320 case Q_DEFAULT: 3321 case Q_OR: 3322 b0 = gen_ahostop(eaddr, Q_SRC); 3323 b1 = gen_ahostop(eaddr, Q_DST); 3324 gen_or(b0, b1); 3325 return b1; 3326 } 3327 abort(); 3328 /* NOTREACHED */ 3329 } 3330 3331 struct block * 3332 gen_acode(eaddr, q) 3333 register const u_char *eaddr; 3334 struct qual q; 3335 { 3336 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3337 if (linktype == DLT_ARCNET) 3338 return gen_ahostop(eaddr, (int)q.dir); 3339 } 3340 bpf_error("ARCnet address used in non-arc expression"); 3341 /* NOTREACHED */ 3342 } 3343 3344 /* 3345 * support IEEE 802.1Q VLAN trunk over ethernet 3346 */ 3347 struct block * 3348 gen_vlan(vlan_num) 3349 int vlan_num; 3350 { 3351 struct block *b0; 3352 3353 if (variable_nl) { 3354 bpf_error("'vlan' not supported for variable DLTs"); 3355 /*NOTREACHED*/ 3356 } 3357 3358 /* 3359 * Change the offsets to point to the type and data fields within 3360 * the VLAN packet. This is somewhat of a kludge. 3361 */ 3362 if (orig_nl == (u_int)-1) { 3363 orig_linktype = off_linktype; /* save original values */ 3364 orig_nl = off_nl; 3365 orig_nl_nosnap = off_nl_nosnap; 3366 3367 switch (linktype) { 3368 3369 case DLT_EN10MB: 3370 off_linktype = 16; 3371 off_nl_nosnap = 18; 3372 off_nl = 18; 3373 break; 3374 3375 default: 3376 bpf_error("no VLAN support for data link type %d", 3377 linktype); 3378 /*NOTREACHED*/ 3379 } 3380 } 3381 3382 /* check for VLAN */ 3383 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3384 3385 /* If a specific VLAN is requested, check VLAN id */ 3386 if (vlan_num >= 0) { 3387 struct block *b1; 3388 3389 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3390 gen_and(b0, b1); 3391 b0 = b1; 3392 } 3393 3394 return (b0); 3395 } 3396 3397 struct block * 3398 gen_p80211_fcdir(int fcdir) 3399 { 3400 struct block *b0; 3401 u_int offset; 3402 3403 if (!(linktype == DLT_IEEE802_11 || 3404 linktype == DLT_IEEE802_11_RADIO)) { 3405 bpf_error("frame direction not supported on linktype 0x%x", 3406 linktype); 3407 /* NOTREACHED */ 3408 } 3409 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3410 if (linktype == DLT_IEEE802_11_RADIO) 3411 offset += IEEE80211_RADIOTAP_HDRLEN; 3412 3413 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3414 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3415 3416 return (b0); 3417 } 3418 3419 static struct block * 3420 gen_p80211_hostop(const u_char *lladdr, int dir) 3421 { 3422 struct block *b0, *b1, *b2, *b3, *b4; 3423 u_int offset = 0; 3424 3425 if (linktype == DLT_IEEE802_11_RADIO) 3426 offset = IEEE80211_RADIOTAP_HDRLEN; 3427 3428 switch (dir) { 3429 case Q_SRC: 3430 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3431 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3432 lladdr); 3433 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3434 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3435 lladdr); 3436 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3437 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3438 lladdr); 3439 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3440 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3441 lladdr); 3442 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3443 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3444 lladdr); 3445 3446 gen_or(b0, b1); 3447 gen_or(b1, b2); 3448 gen_or(b2, b3); 3449 gen_or(b3, b4); 3450 return (b4); 3451 3452 case Q_DST: 3453 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3454 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3455 lladdr); 3456 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3457 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3458 lladdr); 3459 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3460 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3461 lladdr); 3462 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3463 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3464 lladdr); 3465 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3466 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3467 lladdr); 3468 3469 gen_or(b0, b1); 3470 gen_or(b1, b2); 3471 gen_or(b2, b3); 3472 gen_or(b3, b4); 3473 return (b4); 3474 3475 case Q_ADDR1: 3476 return (gen_bcmp(offset + 3477 (u_int)offsetof(struct ieee80211_frame, 3478 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3479 3480 case Q_ADDR2: 3481 return (gen_bcmp(offset + 3482 (u_int)offsetof(struct ieee80211_frame, 3483 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3484 3485 case Q_ADDR3: 3486 return (gen_bcmp(offset + 3487 (u_int)offsetof(struct ieee80211_frame, 3488 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3489 3490 case Q_ADDR4: 3491 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3492 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3493 lladdr)); 3494 3495 case Q_AND: 3496 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3497 b1 = gen_p80211_hostop(lladdr, Q_DST); 3498 gen_and(b0, b1); 3499 return (b1); 3500 3501 case Q_DEFAULT: 3502 case Q_OR: 3503 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3504 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3505 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3506 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3507 gen_or(b0, b1); 3508 gen_or(b1, b2); 3509 gen_or(b2, b3); 3510 return (b3); 3511 3512 default: 3513 bpf_error("direction not supported on linktype 0x%x", 3514 linktype); 3515 } 3516 /* NOTREACHED */ 3517 } 3518 3519 static struct block * 3520 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3521 { 3522 struct block *b0, *b1; 3523 3524 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3525 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3526 gen_and(b0, b1); 3527 3528 return (b1); 3529 } 3530