1 /* $OpenBSD: gencode.c,v 1.61 2022/03/28 02:58:06 dlg Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/time.h> 27 28 #include <net/if.h> 29 30 #include <netinet/in.h> 31 #include <netinet/if_ether.h> 32 33 #include <net/if_pflog.h> 34 #include <net/pfvar.h> 35 36 #include <netmpls/mpls.h> 37 38 #include <net80211/ieee80211.h> 39 #include <net80211/ieee80211_radiotap.h> 40 41 #include <stdlib.h> 42 #include <stddef.h> 43 #include <setjmp.h> 44 #include <stdarg.h> 45 #include <string.h> 46 47 #include "pcap-int.h" 48 49 #include "ethertype.h" 50 #include "llc.h" 51 #include "gencode.h" 52 #include "ppp.h" 53 #include <pcap-namedb.h> 54 #ifdef INET6 55 #include <netdb.h> 56 #endif /*INET6*/ 57 58 #ifdef HAVE_OS_PROTO_H 59 #include "os-proto.h" 60 #endif 61 62 #define JMP(c) ((c)|BPF_JMP|BPF_K) 63 64 /* Locals */ 65 static jmp_buf top_ctx; 66 static pcap_t *bpf_pcap; 67 68 /* Hack for updating VLAN offsets. */ 69 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 70 static u_int mpls_stack = 0; 71 72 /* XXX */ 73 #ifdef PCAP_FDDIPAD 74 int pcap_fddipad = PCAP_FDDIPAD; 75 #else 76 int pcap_fddipad; 77 #endif 78 79 __dead void 80 bpf_error(const char *fmt, ...) 81 { 82 va_list ap; 83 84 va_start(ap, fmt); 85 if (bpf_pcap != NULL) 86 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 87 fmt, ap); 88 va_end(ap); 89 longjmp(top_ctx, 1); 90 /* NOTREACHED */ 91 } 92 93 static void init_linktype(int); 94 95 static int alloc_reg(void); 96 static void free_reg(int); 97 98 static struct block *root; 99 100 /* initialization code used for variable link header */ 101 static struct slist *init_code = NULL; 102 103 /* Flags and registers for variable link type handling */ 104 static int variable_nl; 105 static int nl_reg, iphl_reg; 106 107 /* 108 * Track memory allocations, for bulk freeing at the end 109 */ 110 #define NMEMBAG 16 111 #define MEMBAG0SIZE (4096 / sizeof (void *)) 112 struct membag { 113 u_int total; 114 u_int slot; 115 void **ptrs; /* allocated array[total] to each malloc */ 116 }; 117 118 static struct membag membag[NMEMBAG]; 119 static int cur_membag; 120 121 static void *newchunk(size_t); 122 static void freechunks(void); 123 static __inline struct block *new_block(int); 124 static __inline struct slist *new_stmt(int); 125 static struct block *gen_retblk(int); 126 static __inline void syntax(void); 127 128 static void backpatch(struct block *, struct block *); 129 static void merge(struct block *, struct block *); 130 static struct block *gen_cmp(u_int, u_int, bpf_int32); 131 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 132 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 134 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 135 static struct block *gen_bcmp(u_int, u_int, const u_char *); 136 static struct block *gen_uncond(int); 137 static __inline struct block *gen_true(void); 138 static __inline struct block *gen_false(void); 139 static struct block *gen_linktype(int); 140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 141 #ifdef INET6 142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 143 #endif 144 static struct block *gen_ehostop(const u_char *, int); 145 static struct block *gen_fhostop(const u_char *, int); 146 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 147 static struct block *gen_p80211_hostop(const u_char *, int); 148 static struct block *gen_p80211_addr(int, u_int, const u_char *); 149 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 150 #ifdef INET6 151 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 152 #endif 153 #ifndef INET6 154 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 155 #endif 156 static struct block *gen_ipfrag(void); 157 static struct block *gen_portatom(int, bpf_int32); 158 #ifdef INET6 159 static struct block *gen_portatom6(int, bpf_int32); 160 #endif 161 struct block *gen_portop(int, int, int); 162 static struct block *gen_port(int, int, int); 163 #ifdef INET6 164 struct block *gen_portop6(int, int, int); 165 static struct block *gen_port6(int, int, int); 166 #endif 167 static int lookup_proto(const char *, int); 168 static struct block *gen_protochain(int, int, int); 169 static struct block *gen_proto(int, int, int); 170 static struct slist *xfer_to_x(struct arth *); 171 static struct slist *xfer_to_a(struct arth *); 172 static struct block *gen_len(int, int); 173 174 static void * 175 newchunk(size_t n) 176 { 177 struct membag *m; 178 int k, size; 179 void *p; 180 181 m = &membag[cur_membag]; 182 if (m->total != 0 && m->total - m->slot == 0) { 183 if (++cur_membag == NMEMBAG) 184 bpf_error("out of memory"); 185 m = &membag[cur_membag]; 186 } 187 if (m->total - m->slot == 0) { 188 m->ptrs = calloc(sizeof (char *), MEMBAG0SIZE << cur_membag); 189 if (m->ptrs == NULL) 190 bpf_error("out of memory"); 191 m->total = MEMBAG0SIZE << cur_membag; 192 m->slot = 0; 193 } 194 195 p = calloc(1, n); 196 if (p == NULL) 197 bpf_error("out of memory"); 198 m->ptrs[m->slot++] = p; 199 return (p); 200 } 201 202 static void 203 freechunks(void) 204 { 205 int i, j; 206 207 for (i = 0; i <= cur_membag; i++) { 208 if (membag[i].ptrs == NULL) 209 continue; 210 for (j = 0; j <= membag[i].slot; j++) 211 free(membag[i].ptrs[j]); 212 free(membag[i].ptrs); 213 membag[i].ptrs = NULL; 214 membag[i].slot = membag[i].total = 0; 215 } 216 } 217 218 /* 219 * A strdup whose allocations are freed after code generation is over. 220 */ 221 char * 222 sdup(s) 223 const char *s; 224 { 225 int n = strlen(s) + 1; 226 char *cp = newchunk(n); 227 228 strlcpy(cp, s, n); 229 return (cp); 230 } 231 232 static __inline struct block * 233 new_block(code) 234 int code; 235 { 236 struct block *p; 237 238 p = (struct block *)newchunk(sizeof(*p)); 239 p->s.code = code; 240 p->head = p; 241 242 return p; 243 } 244 245 static __inline struct slist * 246 new_stmt(code) 247 int code; 248 { 249 struct slist *p; 250 251 p = (struct slist *)newchunk(sizeof(*p)); 252 p->s.code = code; 253 254 return p; 255 } 256 257 static struct block * 258 gen_retblk(v) 259 int v; 260 { 261 struct block *b = new_block(BPF_RET|BPF_K); 262 263 b->s.k = v; 264 return b; 265 } 266 267 static __inline void 268 syntax() 269 { 270 bpf_error("syntax error in filter expression"); 271 } 272 273 static bpf_u_int32 netmask; 274 static int snaplen; 275 int no_optimize; 276 277 int 278 pcap_compile(pcap_t *p, struct bpf_program *program, 279 const char *buf, int optimize, bpf_u_int32 mask) 280 { 281 extern int n_errors; 282 int len; 283 284 no_optimize = 0; 285 n_errors = 0; 286 root = NULL; 287 bpf_pcap = p; 288 if (setjmp(top_ctx)) { 289 freechunks(); 290 return (-1); 291 } 292 293 netmask = mask; 294 snaplen = pcap_snapshot(p); 295 296 lex_init(buf ? buf : ""); 297 init_linktype(pcap_datalink(p)); 298 (void)pcap_parse(); 299 300 if (n_errors) 301 syntax(); 302 303 if (root == NULL) 304 root = gen_retblk(snaplen); 305 306 if (optimize && !no_optimize) { 307 bpf_optimize(&root); 308 if (root == NULL || 309 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 310 bpf_error("expression rejects all packets"); 311 } 312 program->bf_insns = icode_to_fcode(root, &len); 313 program->bf_len = len; 314 315 freechunks(); 316 return (0); 317 } 318 319 /* 320 * entry point for using the compiler with no pcap open 321 * pass in all the stuff that is needed explicitly instead. 322 */ 323 int 324 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 325 struct bpf_program *program, 326 const char *buf, int optimize, bpf_u_int32 mask) 327 { 328 extern int n_errors; 329 int len; 330 331 n_errors = 0; 332 root = NULL; 333 bpf_pcap = NULL; 334 if (setjmp(top_ctx)) { 335 freechunks(); 336 return (-1); 337 } 338 339 netmask = mask; 340 341 /* XXX needed? I don't grok the use of globals here. */ 342 snaplen = snaplen_arg; 343 344 lex_init(buf ? buf : ""); 345 init_linktype(linktype_arg); 346 (void)pcap_parse(); 347 348 if (n_errors) 349 syntax(); 350 351 if (root == NULL) 352 root = gen_retblk(snaplen_arg); 353 354 if (optimize) { 355 bpf_optimize(&root); 356 if (root == NULL || 357 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 358 bpf_error("expression rejects all packets"); 359 } 360 program->bf_insns = icode_to_fcode(root, &len); 361 program->bf_len = len; 362 363 freechunks(); 364 return (0); 365 } 366 367 /* 368 * Clean up a "struct bpf_program" by freeing all the memory allocated 369 * in it. 370 */ 371 void 372 pcap_freecode(struct bpf_program *program) 373 { 374 program->bf_len = 0; 375 if (program->bf_insns != NULL) { 376 free((char *)program->bf_insns); 377 program->bf_insns = NULL; 378 } 379 } 380 381 /* 382 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 383 * which of the jt and jf fields has been resolved and which is a pointer 384 * back to another unresolved block (or nil). At least one of the fields 385 * in each block is already resolved. 386 */ 387 static void 388 backpatch(list, target) 389 struct block *list, *target; 390 { 391 struct block *next; 392 393 while (list) { 394 if (!list->sense) { 395 next = JT(list); 396 JT(list) = target; 397 } else { 398 next = JF(list); 399 JF(list) = target; 400 } 401 list = next; 402 } 403 } 404 405 /* 406 * Merge the lists in b0 and b1, using the 'sense' field to indicate 407 * which of jt and jf is the link. 408 */ 409 static void 410 merge(b0, b1) 411 struct block *b0, *b1; 412 { 413 struct block **p = &b0; 414 415 /* Find end of list. */ 416 while (*p) 417 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 418 419 /* Concatenate the lists. */ 420 *p = b1; 421 } 422 423 void 424 finish_parse(p) 425 struct block *p; 426 { 427 backpatch(p, gen_retblk(snaplen)); 428 p->sense = !p->sense; 429 backpatch(p, gen_retblk(0)); 430 root = p->head; 431 432 /* prepend initialization code to root */ 433 if (init_code != NULL && root != NULL) { 434 sappend(init_code, root->stmts); 435 root->stmts = init_code; 436 init_code = NULL; 437 } 438 439 if (iphl_reg != -1) { 440 free_reg(iphl_reg); 441 iphl_reg = -1; 442 } 443 if (nl_reg != -1) { 444 free_reg(nl_reg); 445 nl_reg = -1; 446 } 447 } 448 449 void 450 gen_and(b0, b1) 451 struct block *b0, *b1; 452 { 453 backpatch(b0, b1->head); 454 b0->sense = !b0->sense; 455 b1->sense = !b1->sense; 456 merge(b1, b0); 457 b1->sense = !b1->sense; 458 b1->head = b0->head; 459 } 460 461 void 462 gen_or(b0, b1) 463 struct block *b0, *b1; 464 { 465 b0->sense = !b0->sense; 466 backpatch(b0, b1->head); 467 b0->sense = !b0->sense; 468 merge(b1, b0); 469 b1->head = b0->head; 470 } 471 472 void 473 gen_not(b) 474 struct block *b; 475 { 476 b->sense = !b->sense; 477 } 478 479 static struct block * 480 gen_cmp(offset, size, v) 481 u_int offset, size; 482 bpf_int32 v; 483 { 484 struct slist *s; 485 struct block *b; 486 487 s = new_stmt(BPF_LD|BPF_ABS|size); 488 s->s.k = offset; 489 490 b = new_block(JMP(BPF_JEQ)); 491 b->stmts = s; 492 b->s.k = v; 493 494 return b; 495 } 496 497 static struct block * 498 gen_cmp_gt(offset, size, v) 499 u_int offset, size; 500 bpf_int32 v; 501 { 502 struct slist *s; 503 struct block *b; 504 505 s = new_stmt(BPF_LD|BPF_ABS|size); 506 s->s.k = offset; 507 508 b = new_block(JMP(BPF_JGT)); 509 b->stmts = s; 510 b->s.k = v; 511 512 return b; 513 } 514 515 static struct block * 516 gen_mcmp(offset, size, v, mask) 517 u_int offset, size; 518 bpf_int32 v; 519 bpf_u_int32 mask; 520 { 521 struct block *b = gen_cmp(offset, size, v); 522 struct slist *s; 523 524 if (mask != 0xffffffff) { 525 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 526 s->s.k = mask; 527 sappend(b->stmts, s); 528 } 529 return b; 530 } 531 532 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 533 static struct block * 534 gen_mcmp_nl(offset, size, v, mask) 535 u_int offset, size; 536 bpf_int32 v; 537 bpf_u_int32 mask; 538 { 539 struct block *b = gen_cmp_nl(offset, size, v); 540 struct slist *s; 541 542 if (mask != 0xffffffff) { 543 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 544 s->s.k = mask; 545 sappend(b->stmts, s); 546 } 547 return b; 548 } 549 550 static struct block * 551 gen_bcmp(offset, size, v) 552 u_int offset, size; 553 const u_char *v; 554 { 555 struct block *b, *tmp; 556 557 b = NULL; 558 while (size >= 4) { 559 const u_char *p = &v[size - 4]; 560 bpf_int32 w = ((bpf_int32)p[0] << 24) | 561 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 562 563 tmp = gen_cmp(offset + size - 4, BPF_W, w); 564 if (b != NULL) 565 gen_and(b, tmp); 566 b = tmp; 567 size -= 4; 568 } 569 while (size >= 2) { 570 const u_char *p = &v[size - 2]; 571 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 572 573 tmp = gen_cmp(offset + size - 2, BPF_H, w); 574 if (b != NULL) 575 gen_and(b, tmp); 576 b = tmp; 577 size -= 2; 578 } 579 if (size > 0) { 580 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 581 if (b != NULL) 582 gen_and(b, tmp); 583 b = tmp; 584 } 585 return b; 586 } 587 588 /* 589 * Various code constructs need to know the layout of the data link 590 * layer. These variables give the necessary offsets. off_linktype 591 * is set to -1 for no encapsulation, in which case, IP is assumed. 592 */ 593 static u_int off_linktype; 594 static u_int off_nl; 595 static u_int off_nl_nosnap; 596 597 static int linktype; 598 599 /* Generate code to load the dynamic 'off_nl' to the X register */ 600 static struct slist * 601 nl2X_stmt(void) 602 { 603 struct slist *s, *tmp; 604 605 if (nl_reg == -1) { 606 switch (linktype) { 607 case DLT_PFLOG: 608 /* The pflog header contains PFLOG_REAL_HDRLEN 609 which does NOT include the padding. Round 610 up to the nearest dword boundary */ 611 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 612 s->s.k = 0; 613 614 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 615 tmp->s.k = 3; 616 sappend(s, tmp); 617 618 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 619 tmp->s.k = 0xfc; 620 sappend(s, tmp); 621 622 nl_reg = alloc_reg(); 623 tmp = new_stmt(BPF_ST); 624 tmp->s.k = nl_reg; 625 sappend(s, tmp); 626 627 break; 628 default: 629 bpf_error("Unknown header size for link type 0x%x", 630 linktype); 631 } 632 633 if (init_code == NULL) 634 init_code = s; 635 else 636 sappend(init_code, s); 637 } 638 639 s = new_stmt(BPF_LDX|BPF_MEM); 640 s->s.k = nl_reg; 641 642 return s; 643 } 644 645 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 646 static struct block * 647 gen_cmp_nl(offset, size, v) 648 u_int offset, size; 649 bpf_int32 v; 650 { 651 struct slist *s, *tmp; 652 struct block *b; 653 654 if (variable_nl) { 655 s = nl2X_stmt(); 656 tmp = new_stmt(BPF_LD|BPF_IND|size); 657 tmp->s.k = offset; 658 sappend(s, tmp); 659 } else { 660 s = new_stmt(BPF_LD|BPF_ABS|size); 661 s->s.k = offset + off_nl; 662 } 663 b = new_block(JMP(BPF_JEQ)); 664 b->stmts = s; 665 b->s.k = v; 666 667 return b; 668 } 669 670 static void 671 init_linktype(type) 672 int type; 673 { 674 linktype = type; 675 init_code = NULL; 676 nl_reg = iphl_reg = -1; 677 678 switch (type) { 679 680 case DLT_EN10MB: 681 off_linktype = 12; 682 off_nl = 14; 683 return; 684 685 case DLT_SLIP: 686 /* 687 * SLIP doesn't have a link level type. The 16 byte 688 * header is hacked into our SLIP driver. 689 */ 690 off_linktype = -1; 691 off_nl = 16; 692 return; 693 694 case DLT_SLIP_BSDOS: 695 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 696 off_linktype = -1; 697 /* XXX end */ 698 off_nl = 24; 699 return; 700 701 case DLT_NULL: 702 off_linktype = 0; 703 off_nl = 4; 704 return; 705 706 case DLT_PPP: 707 off_linktype = 2; 708 off_nl = 4; 709 return; 710 711 case DLT_PPP_SERIAL: 712 off_linktype = -1; 713 off_nl = 2; 714 return; 715 716 case DLT_PPP_ETHER: 717 /* 718 * This does not include the Ethernet header, and 719 * only covers session state. 720 */ 721 off_linktype = 6; 722 off_nl = 8; 723 return; 724 725 case DLT_PPP_BSDOS: 726 off_linktype = 5; 727 off_nl = 24; 728 return; 729 730 case DLT_FDDI: 731 /* 732 * FDDI doesn't really have a link-level type field. 733 * We assume that SSAP = SNAP is being used and pick 734 * out the encapsulated Ethernet type. 735 */ 736 off_linktype = 19; 737 #ifdef PCAP_FDDIPAD 738 off_linktype += pcap_fddipad; 739 #endif 740 off_nl = 21; 741 #ifdef PCAP_FDDIPAD 742 off_nl += pcap_fddipad; 743 #endif 744 return; 745 746 case DLT_IEEE802: 747 off_linktype = 20; 748 off_nl = 22; 749 return; 750 751 case DLT_IEEE802_11: 752 off_linktype = 30; /* XXX variable */ 753 off_nl = 32; 754 return; 755 756 case DLT_IEEE802_11_RADIO: /* XXX variable */ 757 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 758 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 759 return; 760 761 case DLT_ATM_RFC1483: 762 /* 763 * assume routed, non-ISO PDUs 764 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 765 */ 766 off_linktype = 6; 767 off_nl = 8; 768 return; 769 770 case DLT_LOOP: 771 off_linktype = 0; 772 off_nl = 4; 773 return; 774 775 case DLT_ENC: 776 off_linktype = -1; 777 off_nl = 12; 778 return; 779 780 case DLT_PFLOG: 781 off_linktype = 0; 782 variable_nl = 1; 783 off_nl = 0; 784 return; 785 786 case DLT_PFSYNC: 787 off_linktype = -1; 788 off_nl = 4; 789 return; 790 791 case DLT_OPENFLOW: 792 off_linktype = -1; 793 off_nl = 12; 794 return; 795 796 case DLT_USBPCAP: 797 /* FALLTHROUGH */ 798 case DLT_RAW: 799 off_linktype = -1; 800 off_nl = 0; 801 return; 802 } 803 bpf_error("unknown data link type 0x%x", linktype); 804 /* NOTREACHED */ 805 } 806 807 static struct block * 808 gen_uncond(rsense) 809 int rsense; 810 { 811 struct block *b; 812 struct slist *s; 813 814 s = new_stmt(BPF_LD|BPF_IMM); 815 s->s.k = !rsense; 816 b = new_block(JMP(BPF_JEQ)); 817 b->stmts = s; 818 819 return b; 820 } 821 822 static __inline struct block * 823 gen_true() 824 { 825 return gen_uncond(1); 826 } 827 828 static __inline struct block * 829 gen_false() 830 { 831 return gen_uncond(0); 832 } 833 834 static struct block * 835 gen_linktype(proto) 836 int proto; 837 { 838 struct block *b0, *b1; 839 840 /* If we're not using encapsulation and checking for IP, we're done */ 841 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP) 842 return gen_true(); 843 #ifdef INET6 844 /* this isn't the right thing to do, but sometimes necessary */ 845 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6) 846 return gen_true(); 847 #endif 848 849 switch (linktype) { 850 851 case DLT_EN10MB: 852 if (proto <= ETHERMTU) { 853 /* This is an LLC SAP value */ 854 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 855 gen_not(b0); 856 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 857 gen_and(b0, b1); 858 return b1; 859 } else { 860 /* This is an Ethernet type */ 861 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 862 } 863 break; 864 865 case DLT_SLIP: 866 return gen_false(); 867 868 case DLT_PPP: 869 case DLT_PPP_ETHER: 870 if (proto == ETHERTYPE_IP) 871 proto = PPP_IP; /* XXX was 0x21 */ 872 #ifdef INET6 873 else if (proto == ETHERTYPE_IPV6) 874 proto = PPP_IPV6; 875 #endif 876 break; 877 878 case DLT_PPP_BSDOS: 879 switch (proto) { 880 881 case ETHERTYPE_IP: 882 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 883 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 884 gen_or(b0, b1); 885 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 886 gen_or(b1, b0); 887 return b0; 888 889 #ifdef INET6 890 case ETHERTYPE_IPV6: 891 proto = PPP_IPV6; 892 /* more to go? */ 893 break; 894 #endif /* INET6 */ 895 896 case ETHERTYPE_DN: 897 proto = PPP_DECNET; 898 break; 899 900 case ETHERTYPE_ATALK: 901 proto = PPP_APPLE; 902 break; 903 904 case ETHERTYPE_NS: 905 proto = PPP_NS; 906 break; 907 } 908 break; 909 910 case DLT_LOOP: 911 case DLT_ENC: 912 case DLT_NULL: 913 { 914 int v; 915 916 if (proto == ETHERTYPE_IP) 917 v = AF_INET; 918 #ifdef INET6 919 else if (proto == ETHERTYPE_IPV6) 920 v = AF_INET6; 921 #endif /* INET6 */ 922 else 923 return gen_false(); 924 925 /* 926 * For DLT_NULL, the link-layer header is a 32-bit word 927 * containing an AF_ value in *host* byte order, and for 928 * DLT_ENC, the link-layer header begins with a 32-bit 929 * word containing an AF_ value in host byte order. 930 * 931 * For DLT_LOOP, the link-layer header is a 32-bit 932 * word containing an AF_ value in *network* byte order. 933 */ 934 if (linktype != DLT_LOOP) 935 v = htonl(v); 936 937 return (gen_cmp(0, BPF_W, (bpf_int32)v)); 938 break; 939 } 940 case DLT_PFLOG: 941 if (proto == ETHERTYPE_IP) 942 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 943 (bpf_int32)AF_INET)); 944 #ifdef INET6 945 else if (proto == ETHERTYPE_IPV6) 946 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 947 (bpf_int32)AF_INET6)); 948 #endif /* INET6 */ 949 else 950 return gen_false(); 951 break; 952 953 } 954 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 955 } 956 957 static struct block * 958 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 959 bpf_u_int32 addr; 960 bpf_u_int32 mask; 961 int dir, proto; 962 u_int src_off, dst_off; 963 { 964 struct block *b0, *b1; 965 u_int offset; 966 967 switch (dir) { 968 969 case Q_SRC: 970 offset = src_off; 971 break; 972 973 case Q_DST: 974 offset = dst_off; 975 break; 976 977 case Q_AND: 978 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 979 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 980 gen_and(b0, b1); 981 return b1; 982 983 case Q_OR: 984 case Q_DEFAULT: 985 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 986 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 987 gen_or(b0, b1); 988 return b1; 989 990 default: 991 bpf_error("direction not supported on linktype 0x%x", 992 linktype); 993 } 994 b0 = gen_linktype(proto); 995 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 996 gen_and(b0, b1); 997 return b1; 998 } 999 1000 #ifdef INET6 1001 static struct block * 1002 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 1003 struct in6_addr *addr; 1004 struct in6_addr *mask; 1005 int dir, proto; 1006 u_int src_off, dst_off; 1007 { 1008 struct block *b0, *b1; 1009 u_int offset; 1010 u_int32_t *a, *m; 1011 1012 switch (dir) { 1013 1014 case Q_SRC: 1015 offset = src_off; 1016 break; 1017 1018 case Q_DST: 1019 offset = dst_off; 1020 break; 1021 1022 case Q_AND: 1023 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1024 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1025 gen_and(b0, b1); 1026 return b1; 1027 1028 case Q_OR: 1029 case Q_DEFAULT: 1030 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1031 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1032 gen_or(b0, b1); 1033 return b1; 1034 1035 default: 1036 bpf_error("direction not supported on linktype 0x%x", 1037 linktype); 1038 } 1039 /* this order is important */ 1040 a = (u_int32_t *)addr; 1041 m = (u_int32_t *)mask; 1042 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1043 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1044 gen_and(b0, b1); 1045 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1046 gen_and(b0, b1); 1047 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1048 gen_and(b0, b1); 1049 b0 = gen_linktype(proto); 1050 gen_and(b0, b1); 1051 return b1; 1052 } 1053 #endif /*INET6*/ 1054 1055 static struct block * 1056 gen_ehostop(eaddr, dir) 1057 const u_char *eaddr; 1058 int dir; 1059 { 1060 struct block *b0, *b1; 1061 1062 switch (dir) { 1063 case Q_SRC: 1064 return gen_bcmp(6, 6, eaddr); 1065 1066 case Q_DST: 1067 return gen_bcmp(0, 6, eaddr); 1068 1069 case Q_AND: 1070 b0 = gen_ehostop(eaddr, Q_SRC); 1071 b1 = gen_ehostop(eaddr, Q_DST); 1072 gen_and(b0, b1); 1073 return b1; 1074 1075 case Q_DEFAULT: 1076 case Q_OR: 1077 b0 = gen_ehostop(eaddr, Q_SRC); 1078 b1 = gen_ehostop(eaddr, Q_DST); 1079 gen_or(b0, b1); 1080 return b1; 1081 default: 1082 bpf_error("direction not supported on linktype 0x%x", 1083 linktype); 1084 } 1085 /* NOTREACHED */ 1086 } 1087 1088 /* 1089 * Like gen_ehostop, but for DLT_FDDI 1090 */ 1091 static struct block * 1092 gen_fhostop(eaddr, dir) 1093 const u_char *eaddr; 1094 int dir; 1095 { 1096 struct block *b0, *b1; 1097 1098 switch (dir) { 1099 case Q_SRC: 1100 #ifdef PCAP_FDDIPAD 1101 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1102 #else 1103 return gen_bcmp(6 + 1, 6, eaddr); 1104 #endif 1105 1106 case Q_DST: 1107 #ifdef PCAP_FDDIPAD 1108 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1109 #else 1110 return gen_bcmp(0 + 1, 6, eaddr); 1111 #endif 1112 1113 case Q_AND: 1114 b0 = gen_fhostop(eaddr, Q_SRC); 1115 b1 = gen_fhostop(eaddr, Q_DST); 1116 gen_and(b0, b1); 1117 return b1; 1118 1119 case Q_DEFAULT: 1120 case Q_OR: 1121 b0 = gen_fhostop(eaddr, Q_SRC); 1122 b1 = gen_fhostop(eaddr, Q_DST); 1123 gen_or(b0, b1); 1124 return b1; 1125 default: 1126 bpf_error("direction not supported on linktype 0x%x", 1127 linktype); 1128 } 1129 /* NOTREACHED */ 1130 } 1131 1132 /* 1133 * This is quite tricky because there may be pad bytes in front of the 1134 * DECNET header, and then there are two possible data packet formats that 1135 * carry both src and dst addresses, plus 5 packet types in a format that 1136 * carries only the src node, plus 2 types that use a different format and 1137 * also carry just the src node. 1138 * 1139 * Yuck. 1140 * 1141 * Instead of doing those all right, we just look for data packets with 1142 * 0 or 1 bytes of padding. If you want to look at other packets, that 1143 * will require a lot more hacking. 1144 * 1145 * To add support for filtering on DECNET "areas" (network numbers) 1146 * one would want to add a "mask" argument to this routine. That would 1147 * make the filter even more inefficient, although one could be clever 1148 * and not generate masking instructions if the mask is 0xFFFF. 1149 */ 1150 static struct block * 1151 gen_dnhostop(addr, dir, base_off) 1152 bpf_u_int32 addr; 1153 int dir; 1154 u_int base_off; 1155 { 1156 struct block *b0, *b1, *b2, *tmp; 1157 u_int offset_lh; /* offset if long header is received */ 1158 u_int offset_sh; /* offset if short header is received */ 1159 1160 switch (dir) { 1161 1162 case Q_DST: 1163 offset_sh = 1; /* follows flags */ 1164 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1165 break; 1166 1167 case Q_SRC: 1168 offset_sh = 3; /* follows flags, dstnode */ 1169 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1170 break; 1171 1172 case Q_AND: 1173 /* Inefficient because we do our Calvinball dance twice */ 1174 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1175 b1 = gen_dnhostop(addr, Q_DST, base_off); 1176 gen_and(b0, b1); 1177 return b1; 1178 1179 case Q_OR: 1180 case Q_DEFAULT: 1181 /* Inefficient because we do our Calvinball dance twice */ 1182 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1183 b1 = gen_dnhostop(addr, Q_DST, base_off); 1184 gen_or(b0, b1); 1185 return b1; 1186 1187 default: 1188 bpf_error("direction not supported on linktype 0x%x", 1189 linktype); 1190 } 1191 b0 = gen_linktype(ETHERTYPE_DN); 1192 /* Check for pad = 1, long header case */ 1193 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1194 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1195 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1196 BPF_H, (bpf_int32)ntohs(addr)); 1197 gen_and(tmp, b1); 1198 /* Check for pad = 0, long header case */ 1199 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1200 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1201 gen_and(tmp, b2); 1202 gen_or(b2, b1); 1203 /* Check for pad = 1, short header case */ 1204 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1205 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1206 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1207 BPF_H, (bpf_int32)ntohs(addr)); 1208 gen_and(tmp, b2); 1209 gen_or(b2, b1); 1210 /* Check for pad = 0, short header case */ 1211 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1212 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1213 gen_and(tmp, b2); 1214 gen_or(b2, b1); 1215 1216 /* Combine with test for linktype */ 1217 gen_and(b0, b1); 1218 return b1; 1219 } 1220 1221 static struct block * 1222 gen_host(addr, mask, proto, dir) 1223 bpf_u_int32 addr; 1224 bpf_u_int32 mask; 1225 int proto; 1226 int dir; 1227 { 1228 struct block *b0, *b1; 1229 1230 switch (proto) { 1231 1232 case Q_DEFAULT: 1233 b0 = gen_host(addr, mask, Q_IP, dir); 1234 b1 = gen_host(addr, mask, Q_ARP, dir); 1235 gen_or(b0, b1); 1236 b0 = gen_host(addr, mask, Q_RARP, dir); 1237 gen_or(b1, b0); 1238 return b0; 1239 1240 case Q_IP: 1241 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1242 12, 16); 1243 1244 case Q_RARP: 1245 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1246 14, 24); 1247 1248 case Q_ARP: 1249 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1250 14, 24); 1251 1252 case Q_TCP: 1253 bpf_error("'tcp' modifier applied to host"); 1254 1255 case Q_UDP: 1256 bpf_error("'udp' modifier applied to host"); 1257 1258 case Q_ICMP: 1259 bpf_error("'icmp' modifier applied to host"); 1260 1261 case Q_IGMP: 1262 bpf_error("'igmp' modifier applied to host"); 1263 1264 case Q_IGRP: 1265 bpf_error("'igrp' modifier applied to host"); 1266 1267 case Q_PIM: 1268 bpf_error("'pim' modifier applied to host"); 1269 1270 case Q_STP: 1271 bpf_error("'stp' modifier applied to host"); 1272 1273 case Q_ATALK: 1274 bpf_error("ATALK host filtering not implemented"); 1275 1276 case Q_DECNET: 1277 return gen_dnhostop(addr, dir, 0); 1278 1279 case Q_SCA: 1280 bpf_error("SCA host filtering not implemented"); 1281 1282 case Q_LAT: 1283 bpf_error("LAT host filtering not implemented"); 1284 1285 case Q_MOPDL: 1286 bpf_error("MOPDL host filtering not implemented"); 1287 1288 case Q_MOPRC: 1289 bpf_error("MOPRC host filtering not implemented"); 1290 1291 #ifdef INET6 1292 case Q_IPV6: 1293 bpf_error("'ip6' modifier applied to ip host"); 1294 1295 case Q_ICMPV6: 1296 bpf_error("'icmp6' modifier applied to host"); 1297 #endif /* INET6 */ 1298 1299 case Q_AH: 1300 bpf_error("'ah' modifier applied to host"); 1301 1302 case Q_ESP: 1303 bpf_error("'esp' modifier applied to host"); 1304 1305 default: 1306 bpf_error("direction not supported on linktype 0x%x", 1307 linktype); 1308 } 1309 /* NOTREACHED */ 1310 } 1311 1312 #ifdef INET6 1313 static struct block * 1314 gen_host6(addr, mask, proto, dir) 1315 struct in6_addr *addr; 1316 struct in6_addr *mask; 1317 int proto; 1318 int dir; 1319 { 1320 switch (proto) { 1321 1322 case Q_DEFAULT: 1323 return gen_host6(addr, mask, Q_IPV6, dir); 1324 1325 case Q_IP: 1326 bpf_error("'ip' modifier applied to ip6 host"); 1327 1328 case Q_RARP: 1329 bpf_error("'rarp' modifier applied to ip6 host"); 1330 1331 case Q_ARP: 1332 bpf_error("'arp' modifier applied to ip6 host"); 1333 1334 case Q_TCP: 1335 bpf_error("'tcp' modifier applied to host"); 1336 1337 case Q_UDP: 1338 bpf_error("'udp' modifier applied to host"); 1339 1340 case Q_ICMP: 1341 bpf_error("'icmp' modifier applied to host"); 1342 1343 case Q_IGMP: 1344 bpf_error("'igmp' modifier applied to host"); 1345 1346 case Q_IGRP: 1347 bpf_error("'igrp' modifier applied to host"); 1348 1349 case Q_PIM: 1350 bpf_error("'pim' modifier applied to host"); 1351 1352 case Q_STP: 1353 bpf_error("'stp' modifier applied to host"); 1354 1355 case Q_ATALK: 1356 bpf_error("ATALK host filtering not implemented"); 1357 1358 case Q_DECNET: 1359 bpf_error("'decnet' modifier applied to ip6 host"); 1360 1361 case Q_SCA: 1362 bpf_error("SCA host filtering not implemented"); 1363 1364 case Q_LAT: 1365 bpf_error("LAT host filtering not implemented"); 1366 1367 case Q_MOPDL: 1368 bpf_error("MOPDL host filtering not implemented"); 1369 1370 case Q_MOPRC: 1371 bpf_error("MOPRC host filtering not implemented"); 1372 1373 case Q_IPV6: 1374 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1375 8, 24); 1376 1377 case Q_ICMPV6: 1378 bpf_error("'icmp6' modifier applied to host"); 1379 1380 case Q_AH: 1381 bpf_error("'ah' modifier applied to host"); 1382 1383 case Q_ESP: 1384 bpf_error("'esp' modifier applied to host"); 1385 1386 default: 1387 abort(); 1388 } 1389 /* NOTREACHED */ 1390 } 1391 #endif /*INET6*/ 1392 1393 #ifndef INET6 1394 static struct block * 1395 gen_gateway(eaddr, alist, proto, dir) 1396 const u_char *eaddr; 1397 bpf_u_int32 **alist; 1398 int proto; 1399 int dir; 1400 { 1401 struct block *b0, *b1, *tmp; 1402 1403 if (dir != 0) 1404 bpf_error("direction applied to 'gateway'"); 1405 1406 switch (proto) { 1407 case Q_DEFAULT: 1408 case Q_IP: 1409 case Q_ARP: 1410 case Q_RARP: 1411 if (linktype == DLT_EN10MB) 1412 b0 = gen_ehostop(eaddr, Q_OR); 1413 else if (linktype == DLT_FDDI) 1414 b0 = gen_fhostop(eaddr, Q_OR); 1415 else 1416 bpf_error( 1417 "'gateway' supported only on ethernet or FDDI"); 1418 1419 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1420 while (*alist) { 1421 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1422 gen_or(b1, tmp); 1423 b1 = tmp; 1424 } 1425 gen_not(b1); 1426 gen_and(b0, b1); 1427 return b1; 1428 } 1429 bpf_error("illegal modifier of 'gateway'"); 1430 /* NOTREACHED */ 1431 } 1432 #endif /*INET6*/ 1433 1434 struct block * 1435 gen_proto_abbrev(proto) 1436 int proto; 1437 { 1438 struct block *b0 = NULL, *b1; 1439 1440 switch (proto) { 1441 1442 case Q_TCP: 1443 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1444 #ifdef INET6 1445 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1446 gen_or(b0, b1); 1447 #endif 1448 break; 1449 1450 case Q_UDP: 1451 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1452 #ifdef INET6 1453 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1454 gen_or(b0, b1); 1455 #endif 1456 break; 1457 1458 case Q_ICMP: 1459 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1460 break; 1461 1462 #ifndef IPPROTO_IGMP 1463 #define IPPROTO_IGMP 2 1464 #endif 1465 1466 case Q_IGMP: 1467 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1468 break; 1469 1470 #ifndef IPPROTO_IGRP 1471 #define IPPROTO_IGRP 9 1472 #endif 1473 case Q_IGRP: 1474 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1475 break; 1476 1477 #ifndef IPPROTO_PIM 1478 #define IPPROTO_PIM 103 1479 #endif 1480 1481 case Q_PIM: 1482 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1483 #ifdef INET6 1484 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1485 gen_or(b0, b1); 1486 #endif 1487 break; 1488 1489 case Q_IP: 1490 b1 = gen_linktype(ETHERTYPE_IP); 1491 break; 1492 1493 case Q_ARP: 1494 b1 = gen_linktype(ETHERTYPE_ARP); 1495 break; 1496 1497 case Q_RARP: 1498 b1 = gen_linktype(ETHERTYPE_REVARP); 1499 break; 1500 1501 case Q_LINK: 1502 bpf_error("link layer applied in wrong context"); 1503 1504 case Q_ATALK: 1505 b1 = gen_linktype(ETHERTYPE_ATALK); 1506 break; 1507 1508 case Q_DECNET: 1509 b1 = gen_linktype(ETHERTYPE_DN); 1510 break; 1511 1512 case Q_SCA: 1513 b1 = gen_linktype(ETHERTYPE_SCA); 1514 break; 1515 1516 case Q_LAT: 1517 b1 = gen_linktype(ETHERTYPE_LAT); 1518 break; 1519 1520 case Q_MOPDL: 1521 b1 = gen_linktype(ETHERTYPE_MOPDL); 1522 break; 1523 1524 case Q_MOPRC: 1525 b1 = gen_linktype(ETHERTYPE_MOPRC); 1526 break; 1527 1528 case Q_STP: 1529 b1 = gen_linktype(LLCSAP_8021D); 1530 break; 1531 1532 #ifdef INET6 1533 case Q_IPV6: 1534 b1 = gen_linktype(ETHERTYPE_IPV6); 1535 break; 1536 1537 #ifndef IPPROTO_ICMPV6 1538 #define IPPROTO_ICMPV6 58 1539 #endif 1540 case Q_ICMPV6: 1541 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1542 break; 1543 #endif /* INET6 */ 1544 1545 #ifndef IPPROTO_AH 1546 #define IPPROTO_AH 51 1547 #endif 1548 case Q_AH: 1549 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1550 #ifdef INET6 1551 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1552 gen_or(b0, b1); 1553 #endif 1554 break; 1555 1556 #ifndef IPPROTO_ESP 1557 #define IPPROTO_ESP 50 1558 #endif 1559 case Q_ESP: 1560 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1561 #ifdef INET6 1562 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1563 gen_or(b0, b1); 1564 #endif 1565 break; 1566 1567 default: 1568 abort(); 1569 } 1570 return b1; 1571 } 1572 1573 static struct block * 1574 gen_ipfrag() 1575 { 1576 struct slist *s, *tmp; 1577 struct block *b; 1578 1579 /* not ip frag */ 1580 if (variable_nl) { 1581 s = nl2X_stmt(); 1582 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1583 tmp->s.k = 6; 1584 sappend(s, tmp); 1585 } else { 1586 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1587 s->s.k = off_nl + 6; 1588 } 1589 b = new_block(JMP(BPF_JSET)); 1590 b->s.k = 0x1fff; 1591 b->stmts = s; 1592 gen_not(b); 1593 1594 return b; 1595 } 1596 1597 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1598 This function generates code to set X to the start of the IP payload 1599 X = off_nl + IP header_len. 1600 */ 1601 static struct slist * 1602 iphl_to_x(void) 1603 { 1604 struct slist *s, *tmp; 1605 1606 /* XXX clobbers A if variable_nl*/ 1607 if (variable_nl) { 1608 if (iphl_reg == -1) { 1609 /* X <- off_nl */ 1610 s = nl2X_stmt(); 1611 1612 /* A = p[X+0] */ 1613 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1614 tmp->s.k = 0; 1615 sappend(s, tmp); 1616 1617 /* A = A & 0x0f */ 1618 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1619 tmp->s.k = 0x0f; 1620 sappend(s, tmp); 1621 1622 /* A = A << 2 */ 1623 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1624 tmp->s.k = 2; 1625 sappend(s, tmp); 1626 1627 /* A = A + X (add off_nl again to compansate) */ 1628 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1629 1630 /* MEM[iphl_reg] = A */ 1631 iphl_reg = alloc_reg(); 1632 tmp = new_stmt(BPF_ST); 1633 tmp->s.k = iphl_reg; 1634 sappend(s, tmp); 1635 1636 sappend(init_code, s); 1637 } 1638 s = new_stmt(BPF_LDX|BPF_MEM); 1639 s->s.k = iphl_reg; 1640 1641 } else { 1642 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1643 s->s.k = off_nl; 1644 } 1645 1646 return s; 1647 } 1648 1649 static struct block * 1650 gen_portatom(off, v) 1651 int off; 1652 bpf_int32 v; 1653 { 1654 struct slist *s, *tmp; 1655 struct block *b; 1656 1657 s = iphl_to_x(); 1658 1659 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1660 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1661 sappend(s, tmp); 1662 1663 b = new_block(JMP(BPF_JEQ)); 1664 b->stmts = s; 1665 b->s.k = v; 1666 1667 return b; 1668 } 1669 1670 #ifdef INET6 1671 static struct block * 1672 gen_portatom6(off, v) 1673 int off; 1674 bpf_int32 v; 1675 { 1676 return gen_cmp_nl(40 + off, BPF_H, v); 1677 } 1678 #endif/*INET6*/ 1679 1680 struct block * 1681 gen_portop(port, proto, dir) 1682 int port, proto, dir; 1683 { 1684 struct block *b0, *b1, *tmp; 1685 1686 /* ip proto 'proto' */ 1687 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1688 b0 = gen_ipfrag(); 1689 gen_and(tmp, b0); 1690 1691 switch (dir) { 1692 case Q_SRC: 1693 b1 = gen_portatom(0, (bpf_int32)port); 1694 break; 1695 1696 case Q_DST: 1697 b1 = gen_portatom(2, (bpf_int32)port); 1698 break; 1699 1700 case Q_OR: 1701 case Q_DEFAULT: 1702 tmp = gen_portatom(0, (bpf_int32)port); 1703 b1 = gen_portatom(2, (bpf_int32)port); 1704 gen_or(tmp, b1); 1705 break; 1706 1707 case Q_AND: 1708 tmp = gen_portatom(0, (bpf_int32)port); 1709 b1 = gen_portatom(2, (bpf_int32)port); 1710 gen_and(tmp, b1); 1711 break; 1712 1713 default: 1714 abort(); 1715 } 1716 gen_and(b0, b1); 1717 1718 return b1; 1719 } 1720 1721 static struct block * 1722 gen_port(port, ip_proto, dir) 1723 int port; 1724 int ip_proto; 1725 int dir; 1726 { 1727 struct block *b0, *b1, *tmp; 1728 1729 /* ether proto ip */ 1730 b0 = gen_linktype(ETHERTYPE_IP); 1731 1732 switch (ip_proto) { 1733 case IPPROTO_UDP: 1734 case IPPROTO_TCP: 1735 b1 = gen_portop(port, ip_proto, dir); 1736 break; 1737 1738 case PROTO_UNDEF: 1739 tmp = gen_portop(port, IPPROTO_TCP, dir); 1740 b1 = gen_portop(port, IPPROTO_UDP, dir); 1741 gen_or(tmp, b1); 1742 break; 1743 1744 default: 1745 abort(); 1746 } 1747 gen_and(b0, b1); 1748 return b1; 1749 } 1750 1751 #ifdef INET6 1752 struct block * 1753 gen_portop6(port, proto, dir) 1754 int port, proto, dir; 1755 { 1756 struct block *b0, *b1, *tmp; 1757 1758 /* ip proto 'proto' */ 1759 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1760 1761 switch (dir) { 1762 case Q_SRC: 1763 b1 = gen_portatom6(0, (bpf_int32)port); 1764 break; 1765 1766 case Q_DST: 1767 b1 = gen_portatom6(2, (bpf_int32)port); 1768 break; 1769 1770 case Q_OR: 1771 case Q_DEFAULT: 1772 tmp = gen_portatom6(0, (bpf_int32)port); 1773 b1 = gen_portatom6(2, (bpf_int32)port); 1774 gen_or(tmp, b1); 1775 break; 1776 1777 case Q_AND: 1778 tmp = gen_portatom6(0, (bpf_int32)port); 1779 b1 = gen_portatom6(2, (bpf_int32)port); 1780 gen_and(tmp, b1); 1781 break; 1782 1783 default: 1784 abort(); 1785 } 1786 gen_and(b0, b1); 1787 1788 return b1; 1789 } 1790 1791 static struct block * 1792 gen_port6(port, ip_proto, dir) 1793 int port; 1794 int ip_proto; 1795 int dir; 1796 { 1797 struct block *b0, *b1, *tmp; 1798 1799 /* ether proto ip */ 1800 b0 = gen_linktype(ETHERTYPE_IPV6); 1801 1802 switch (ip_proto) { 1803 case IPPROTO_UDP: 1804 case IPPROTO_TCP: 1805 b1 = gen_portop6(port, ip_proto, dir); 1806 break; 1807 1808 case PROTO_UNDEF: 1809 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1810 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1811 gen_or(tmp, b1); 1812 break; 1813 1814 default: 1815 abort(); 1816 } 1817 gen_and(b0, b1); 1818 return b1; 1819 } 1820 #endif /* INET6 */ 1821 1822 static int 1823 lookup_proto(name, proto) 1824 const char *name; 1825 int proto; 1826 { 1827 int v; 1828 1829 switch (proto) { 1830 1831 case Q_DEFAULT: 1832 case Q_IP: 1833 v = pcap_nametoproto(name); 1834 if (v == PROTO_UNDEF) 1835 bpf_error("unknown ip proto '%s'", name); 1836 break; 1837 1838 case Q_LINK: 1839 /* XXX should look up h/w protocol type based on linktype */ 1840 v = pcap_nametoeproto(name); 1841 if (v == PROTO_UNDEF) { 1842 v = pcap_nametollc(name); 1843 if (v == PROTO_UNDEF) 1844 bpf_error("unknown ether proto '%s'", name); 1845 } 1846 break; 1847 1848 default: 1849 v = PROTO_UNDEF; 1850 break; 1851 } 1852 return v; 1853 } 1854 1855 static struct block * 1856 gen_protochain(v, proto, dir) 1857 int v; 1858 int proto; 1859 int dir; 1860 { 1861 struct block *b0, *b; 1862 struct slist *s[100]; 1863 int fix2, fix3, fix4, fix5; 1864 int ahcheck, again, end; 1865 int i, max; 1866 int reg1 = alloc_reg(); 1867 int reg2 = alloc_reg(); 1868 1869 memset(s, 0, sizeof(s)); 1870 fix2 = fix3 = fix4 = fix5 = 0; 1871 1872 if (variable_nl) { 1873 bpf_error("'gen_protochain' not supported for variable DLTs"); 1874 /*NOTREACHED*/ 1875 } 1876 1877 switch (proto) { 1878 case Q_IP: 1879 case Q_IPV6: 1880 break; 1881 case Q_DEFAULT: 1882 b0 = gen_protochain(v, Q_IP, dir); 1883 b = gen_protochain(v, Q_IPV6, dir); 1884 gen_or(b0, b); 1885 return b; 1886 default: 1887 bpf_error("bad protocol applied for 'protochain'"); 1888 /*NOTREACHED*/ 1889 } 1890 1891 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1892 1893 /* 1894 * s[0] is a dummy entry to protect other BPF insn from damaged 1895 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1896 * hard to find interdependency made by jump table fixup. 1897 */ 1898 i = 0; 1899 s[i] = new_stmt(0); /*dummy*/ 1900 i++; 1901 1902 switch (proto) { 1903 case Q_IP: 1904 b0 = gen_linktype(ETHERTYPE_IP); 1905 1906 /* A = ip->ip_p */ 1907 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1908 s[i]->s.k = off_nl + 9; 1909 i++; 1910 /* X = ip->ip_hl << 2 */ 1911 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1912 s[i]->s.k = off_nl; 1913 i++; 1914 break; 1915 case Q_IPV6: 1916 b0 = gen_linktype(ETHERTYPE_IPV6); 1917 1918 /* A = ip6->ip_nxt */ 1919 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1920 s[i]->s.k = off_nl + 6; 1921 i++; 1922 /* X = sizeof(struct ip6_hdr) */ 1923 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1924 s[i]->s.k = 40; 1925 i++; 1926 break; 1927 default: 1928 bpf_error("unsupported proto to gen_protochain"); 1929 /*NOTREACHED*/ 1930 } 1931 1932 /* again: if (A == v) goto end; else fall through; */ 1933 again = i; 1934 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1935 s[i]->s.k = v; 1936 s[i]->s.jt = NULL; /*later*/ 1937 s[i]->s.jf = NULL; /*update in next stmt*/ 1938 fix5 = i; 1939 i++; 1940 1941 /* if (A == IPPROTO_NONE) goto end */ 1942 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1943 s[i]->s.jt = NULL; /*later*/ 1944 s[i]->s.jf = NULL; /*update in next stmt*/ 1945 s[i]->s.k = IPPROTO_NONE; 1946 s[fix5]->s.jf = s[i]; 1947 fix2 = i; 1948 i++; 1949 1950 if (proto == Q_IPV6) { 1951 int v6start, v6end, v6advance, j; 1952 1953 v6start = i; 1954 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1955 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1956 s[i]->s.jt = NULL; /*later*/ 1957 s[i]->s.jf = NULL; /*update in next stmt*/ 1958 s[i]->s.k = IPPROTO_HOPOPTS; 1959 s[fix2]->s.jf = s[i]; 1960 i++; 1961 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1962 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1963 s[i]->s.jt = NULL; /*later*/ 1964 s[i]->s.jf = NULL; /*update in next stmt*/ 1965 s[i]->s.k = IPPROTO_DSTOPTS; 1966 i++; 1967 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1968 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1969 s[i]->s.jt = NULL; /*later*/ 1970 s[i]->s.jf = NULL; /*update in next stmt*/ 1971 s[i]->s.k = IPPROTO_ROUTING; 1972 i++; 1973 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1974 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1975 s[i]->s.jt = NULL; /*later*/ 1976 s[i]->s.jf = NULL; /*later*/ 1977 s[i]->s.k = IPPROTO_FRAGMENT; 1978 fix3 = i; 1979 v6end = i; 1980 i++; 1981 1982 /* v6advance: */ 1983 v6advance = i; 1984 1985 /* 1986 * in short, 1987 * A = P[X + 1]; 1988 * X = X + (P[X] + 1) * 8; 1989 */ 1990 /* A = X */ 1991 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1992 i++; 1993 /* MEM[reg1] = A */ 1994 s[i] = new_stmt(BPF_ST); 1995 s[i]->s.k = reg1; 1996 i++; 1997 /* A += 1 */ 1998 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1999 s[i]->s.k = 1; 2000 i++; 2001 /* X = A */ 2002 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2003 i++; 2004 /* A = P[X + packet head]; */ 2005 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2006 s[i]->s.k = off_nl; 2007 i++; 2008 /* MEM[reg2] = A */ 2009 s[i] = new_stmt(BPF_ST); 2010 s[i]->s.k = reg2; 2011 i++; 2012 /* X = MEM[reg1] */ 2013 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2014 s[i]->s.k = reg1; 2015 i++; 2016 /* A = P[X + packet head] */ 2017 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2018 s[i]->s.k = off_nl; 2019 i++; 2020 /* A += 1 */ 2021 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2022 s[i]->s.k = 1; 2023 i++; 2024 /* A *= 8 */ 2025 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2026 s[i]->s.k = 8; 2027 i++; 2028 /* X = A; */ 2029 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2030 i++; 2031 /* A = MEM[reg2] */ 2032 s[i] = new_stmt(BPF_LD|BPF_MEM); 2033 s[i]->s.k = reg2; 2034 i++; 2035 2036 /* goto again; (must use BPF_JA for backward jump) */ 2037 s[i] = new_stmt(BPF_JMP|BPF_JA); 2038 s[i]->s.k = again - i - 1; 2039 s[i - 1]->s.jf = s[i]; 2040 i++; 2041 2042 /* fixup */ 2043 for (j = v6start; j <= v6end; j++) 2044 s[j]->s.jt = s[v6advance]; 2045 } else { 2046 /* nop */ 2047 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2048 s[i]->s.k = 0; 2049 s[fix2]->s.jf = s[i]; 2050 i++; 2051 } 2052 2053 /* ahcheck: */ 2054 ahcheck = i; 2055 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2056 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2057 s[i]->s.jt = NULL; /*later*/ 2058 s[i]->s.jf = NULL; /*later*/ 2059 s[i]->s.k = IPPROTO_AH; 2060 if (fix3) 2061 s[fix3]->s.jf = s[ahcheck]; 2062 fix4 = i; 2063 i++; 2064 2065 /* 2066 * in short, 2067 * A = P[X + 1]; 2068 * X = X + (P[X] + 2) * 4; 2069 */ 2070 /* A = X */ 2071 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2072 i++; 2073 /* MEM[reg1] = A */ 2074 s[i] = new_stmt(BPF_ST); 2075 s[i]->s.k = reg1; 2076 i++; 2077 /* A += 1 */ 2078 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2079 s[i]->s.k = 1; 2080 i++; 2081 /* X = A */ 2082 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2083 i++; 2084 /* A = P[X + packet head]; */ 2085 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2086 s[i]->s.k = off_nl; 2087 i++; 2088 /* MEM[reg2] = A */ 2089 s[i] = new_stmt(BPF_ST); 2090 s[i]->s.k = reg2; 2091 i++; 2092 /* X = MEM[reg1] */ 2093 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2094 s[i]->s.k = reg1; 2095 i++; 2096 /* A = P[X + packet head] */ 2097 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2098 s[i]->s.k = off_nl; 2099 i++; 2100 /* A += 2 */ 2101 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2102 s[i]->s.k = 2; 2103 i++; 2104 /* A *= 4 */ 2105 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2106 s[i]->s.k = 4; 2107 i++; 2108 /* X = A; */ 2109 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2110 i++; 2111 /* A = MEM[reg2] */ 2112 s[i] = new_stmt(BPF_LD|BPF_MEM); 2113 s[i]->s.k = reg2; 2114 i++; 2115 2116 /* goto again; (must use BPF_JA for backward jump) */ 2117 s[i] = new_stmt(BPF_JMP|BPF_JA); 2118 s[i]->s.k = again - i - 1; 2119 i++; 2120 2121 /* end: nop */ 2122 end = i; 2123 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2124 s[i]->s.k = 0; 2125 s[fix2]->s.jt = s[end]; 2126 s[fix4]->s.jf = s[end]; 2127 s[fix5]->s.jt = s[end]; 2128 i++; 2129 2130 /* 2131 * make slist chain 2132 */ 2133 max = i; 2134 for (i = 0; i < max - 1; i++) 2135 s[i]->next = s[i + 1]; 2136 s[max - 1]->next = NULL; 2137 2138 /* 2139 * emit final check 2140 */ 2141 b = new_block(JMP(BPF_JEQ)); 2142 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2143 b->s.k = v; 2144 2145 free_reg(reg1); 2146 free_reg(reg2); 2147 2148 gen_and(b0, b); 2149 return b; 2150 } 2151 2152 static struct block * 2153 gen_proto(v, proto, dir) 2154 int v; 2155 int proto; 2156 int dir; 2157 { 2158 struct block *b0, *b1; 2159 2160 if (dir != Q_DEFAULT) 2161 bpf_error("direction applied to 'proto'"); 2162 2163 switch (proto) { 2164 case Q_DEFAULT: 2165 #ifdef INET6 2166 b0 = gen_proto(v, Q_IP, dir); 2167 b1 = gen_proto(v, Q_IPV6, dir); 2168 gen_or(b0, b1); 2169 return b1; 2170 #else 2171 /*FALLTHROUGH*/ 2172 #endif 2173 case Q_IP: 2174 b0 = gen_linktype(ETHERTYPE_IP); 2175 #ifndef CHASE_CHAIN 2176 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2177 #else 2178 b1 = gen_protochain(v, Q_IP); 2179 #endif 2180 gen_and(b0, b1); 2181 return b1; 2182 2183 case Q_ARP: 2184 bpf_error("arp does not encapsulate another protocol"); 2185 /* NOTREACHED */ 2186 2187 case Q_RARP: 2188 bpf_error("rarp does not encapsulate another protocol"); 2189 /* NOTREACHED */ 2190 2191 case Q_ATALK: 2192 bpf_error("atalk encapsulation is not specifiable"); 2193 /* NOTREACHED */ 2194 2195 case Q_DECNET: 2196 bpf_error("decnet encapsulation is not specifiable"); 2197 /* NOTREACHED */ 2198 2199 case Q_SCA: 2200 bpf_error("sca does not encapsulate another protocol"); 2201 /* NOTREACHED */ 2202 2203 case Q_LAT: 2204 bpf_error("lat does not encapsulate another protocol"); 2205 /* NOTREACHED */ 2206 2207 case Q_MOPRC: 2208 bpf_error("moprc does not encapsulate another protocol"); 2209 /* NOTREACHED */ 2210 2211 case Q_MOPDL: 2212 bpf_error("mopdl does not encapsulate another protocol"); 2213 /* NOTREACHED */ 2214 2215 case Q_LINK: 2216 return gen_linktype(v); 2217 2218 case Q_UDP: 2219 bpf_error("'udp proto' is bogus"); 2220 /* NOTREACHED */ 2221 2222 case Q_TCP: 2223 bpf_error("'tcp proto' is bogus"); 2224 /* NOTREACHED */ 2225 2226 case Q_ICMP: 2227 bpf_error("'icmp proto' is bogus"); 2228 /* NOTREACHED */ 2229 2230 case Q_IGMP: 2231 bpf_error("'igmp proto' is bogus"); 2232 /* NOTREACHED */ 2233 2234 case Q_IGRP: 2235 bpf_error("'igrp proto' is bogus"); 2236 /* NOTREACHED */ 2237 2238 case Q_PIM: 2239 bpf_error("'pim proto' is bogus"); 2240 /* NOTREACHED */ 2241 2242 case Q_STP: 2243 bpf_error("'stp proto' is bogus"); 2244 /* NOTREACHED */ 2245 2246 #ifdef INET6 2247 case Q_IPV6: 2248 b0 = gen_linktype(ETHERTYPE_IPV6); 2249 #ifndef CHASE_CHAIN 2250 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2251 #else 2252 b1 = gen_protochain(v, Q_IPV6); 2253 #endif 2254 gen_and(b0, b1); 2255 return b1; 2256 2257 case Q_ICMPV6: 2258 bpf_error("'icmp6 proto' is bogus"); 2259 #endif /* INET6 */ 2260 2261 case Q_AH: 2262 bpf_error("'ah proto' is bogus"); 2263 2264 case Q_ESP: 2265 bpf_error("'esp proto' is bogus"); 2266 2267 default: 2268 abort(); 2269 /* NOTREACHED */ 2270 } 2271 /* NOTREACHED */ 2272 } 2273 2274 struct block * 2275 gen_scode(name, q) 2276 const char *name; 2277 struct qual q; 2278 { 2279 int proto = q.proto; 2280 int dir = q.dir; 2281 int tproto; 2282 u_char *eaddr; 2283 bpf_u_int32 mask, addr; 2284 #ifndef INET6 2285 bpf_u_int32 **alist; 2286 #else 2287 int tproto6; 2288 struct sockaddr_in *sin; 2289 struct sockaddr_in6 *sin6; 2290 struct addrinfo *res, *res0; 2291 struct in6_addr mask128; 2292 #endif /*INET6*/ 2293 struct block *b, *tmp; 2294 int port, real_proto; 2295 2296 switch (q.addr) { 2297 2298 case Q_NET: 2299 addr = pcap_nametonetaddr(name); 2300 if (addr == 0) 2301 bpf_error("unknown network '%s'", name); 2302 /* Left justify network addr and calculate its network mask */ 2303 mask = 0xffffffff; 2304 while (addr && (addr & 0xff000000) == 0) { 2305 addr <<= 8; 2306 mask <<= 8; 2307 } 2308 return gen_host(addr, mask, proto, dir); 2309 2310 case Q_DEFAULT: 2311 case Q_HOST: 2312 if (proto == Q_LINK) { 2313 switch (linktype) { 2314 2315 case DLT_EN10MB: 2316 eaddr = pcap_ether_hostton(name); 2317 if (eaddr == NULL) 2318 bpf_error( 2319 "unknown ether host '%s'", name); 2320 return gen_ehostop(eaddr, dir); 2321 2322 case DLT_FDDI: 2323 eaddr = pcap_ether_hostton(name); 2324 if (eaddr == NULL) 2325 bpf_error( 2326 "unknown FDDI host '%s'", name); 2327 return gen_fhostop(eaddr, dir); 2328 2329 case DLT_IEEE802_11: 2330 case DLT_IEEE802_11_RADIO: 2331 eaddr = pcap_ether_hostton(name); 2332 if (eaddr == NULL) 2333 bpf_error( 2334 "unknown 802.11 host '%s'", name); 2335 2336 return gen_p80211_hostop(eaddr, dir); 2337 2338 default: 2339 bpf_error( 2340 "only ethernet/FDDI supports link-level host name"); 2341 break; 2342 } 2343 } else if (proto == Q_DECNET) { 2344 unsigned short dn_addr = __pcap_nametodnaddr(name); 2345 /* 2346 * I don't think DECNET hosts can be multihomed, so 2347 * there is no need to build up a list of addresses 2348 */ 2349 return (gen_host(dn_addr, 0, proto, dir)); 2350 } else { 2351 #ifndef INET6 2352 alist = pcap_nametoaddr(name); 2353 if (alist == NULL || *alist == NULL) 2354 bpf_error("unknown host '%s'", name); 2355 tproto = proto; 2356 if (off_linktype == -1 && tproto == Q_DEFAULT) 2357 tproto = Q_IP; 2358 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2359 while (*alist) { 2360 tmp = gen_host(**alist++, 0xffffffff, 2361 tproto, dir); 2362 gen_or(b, tmp); 2363 b = tmp; 2364 } 2365 return b; 2366 #else 2367 memset(&mask128, 0xff, sizeof(mask128)); 2368 res0 = res = pcap_nametoaddrinfo(name); 2369 if (res == NULL) 2370 bpf_error("unknown host '%s'", name); 2371 b = tmp = NULL; 2372 tproto = tproto6 = proto; 2373 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2374 tproto = Q_IP; 2375 tproto6 = Q_IPV6; 2376 } 2377 for (res = res0; res; res = res->ai_next) { 2378 switch (res->ai_family) { 2379 case AF_INET: 2380 if (tproto == Q_IPV6) 2381 continue; 2382 2383 sin = (struct sockaddr_in *) 2384 res->ai_addr; 2385 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2386 0xffffffff, tproto, dir); 2387 break; 2388 case AF_INET6: 2389 if (tproto6 == Q_IP) 2390 continue; 2391 2392 sin6 = (struct sockaddr_in6 *) 2393 res->ai_addr; 2394 tmp = gen_host6(&sin6->sin6_addr, 2395 &mask128, tproto6, dir); 2396 break; 2397 } 2398 if (b) 2399 gen_or(b, tmp); 2400 b = tmp; 2401 } 2402 freeaddrinfo(res0); 2403 if (b == NULL) { 2404 bpf_error("unknown host '%s'%s", name, 2405 (proto == Q_DEFAULT) 2406 ? "" 2407 : " for specified address family"); 2408 } 2409 return b; 2410 #endif /*INET6*/ 2411 } 2412 2413 case Q_PORT: 2414 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2415 bpf_error("illegal qualifier of 'port'"); 2416 if (pcap_nametoport(name, &port, &real_proto) == 0) 2417 bpf_error("unknown port '%s'", name); 2418 if (proto == Q_UDP) { 2419 if (real_proto == IPPROTO_TCP) 2420 bpf_error("port '%s' is tcp", name); 2421 else 2422 /* override PROTO_UNDEF */ 2423 real_proto = IPPROTO_UDP; 2424 } 2425 if (proto == Q_TCP) { 2426 if (real_proto == IPPROTO_UDP) 2427 bpf_error("port '%s' is udp", name); 2428 else 2429 /* override PROTO_UNDEF */ 2430 real_proto = IPPROTO_TCP; 2431 } 2432 #ifndef INET6 2433 return gen_port(port, real_proto, dir); 2434 #else 2435 { 2436 struct block *b; 2437 b = gen_port(port, real_proto, dir); 2438 gen_or(gen_port6(port, real_proto, dir), b); 2439 return b; 2440 } 2441 #endif /* INET6 */ 2442 2443 case Q_GATEWAY: 2444 #ifndef INET6 2445 eaddr = pcap_ether_hostton(name); 2446 if (eaddr == NULL) 2447 bpf_error("unknown ether host: %s", name); 2448 2449 alist = pcap_nametoaddr(name); 2450 if (alist == NULL || *alist == NULL) 2451 bpf_error("unknown host '%s'", name); 2452 return gen_gateway(eaddr, alist, proto, dir); 2453 #else 2454 bpf_error("'gateway' not supported in this configuration"); 2455 #endif /*INET6*/ 2456 2457 case Q_PROTO: 2458 real_proto = lookup_proto(name, proto); 2459 if (real_proto >= 0) 2460 return gen_proto(real_proto, proto, dir); 2461 else 2462 bpf_error("unknown protocol: %s", name); 2463 2464 case Q_PROTOCHAIN: 2465 real_proto = lookup_proto(name, proto); 2466 if (real_proto >= 0) 2467 return gen_protochain(real_proto, proto, dir); 2468 else 2469 bpf_error("unknown protocol: %s", name); 2470 2471 2472 case Q_UNDEF: 2473 syntax(); 2474 /* NOTREACHED */ 2475 } 2476 abort(); 2477 /* NOTREACHED */ 2478 } 2479 2480 struct block * 2481 gen_mcode(s1, s2, masklen, q) 2482 const char *s1, *s2; 2483 int masklen; 2484 struct qual q; 2485 { 2486 int nlen, mlen; 2487 bpf_u_int32 n, m; 2488 2489 nlen = __pcap_atoin(s1, &n); 2490 /* Promote short ipaddr */ 2491 n <<= 32 - nlen; 2492 2493 if (s2 != NULL) { 2494 mlen = __pcap_atoin(s2, &m); 2495 /* Promote short ipaddr */ 2496 m <<= 32 - mlen; 2497 if ((n & ~m) != 0) 2498 bpf_error("non-network bits set in \"%s mask %s\"", 2499 s1, s2); 2500 } else { 2501 /* Convert mask len to mask */ 2502 if (masklen > 32) 2503 bpf_error("mask length must be <= 32"); 2504 m = 0xffffffff << (32 - masklen); 2505 if ((n & ~m) != 0) 2506 bpf_error("non-network bits set in \"%s/%d\"", 2507 s1, masklen); 2508 } 2509 2510 switch (q.addr) { 2511 2512 case Q_NET: 2513 return gen_host(n, m, q.proto, q.dir); 2514 2515 default: 2516 bpf_error("Mask syntax for networks only"); 2517 /* NOTREACHED */ 2518 } 2519 } 2520 2521 struct block * 2522 gen_ncode(s, v, q) 2523 const char *s; 2524 bpf_u_int32 v; 2525 struct qual q; 2526 { 2527 bpf_u_int32 mask; 2528 int proto = q.proto; 2529 int dir = q.dir; 2530 int vlen; 2531 2532 if (s == NULL) 2533 vlen = 32; 2534 else if (q.proto == Q_DECNET) 2535 vlen = __pcap_atodn(s, &v); 2536 else 2537 vlen = __pcap_atoin(s, &v); 2538 2539 switch (q.addr) { 2540 2541 case Q_DEFAULT: 2542 case Q_HOST: 2543 case Q_NET: 2544 if (proto == Q_DECNET) 2545 return gen_host(v, 0, proto, dir); 2546 else if (proto == Q_LINK) { 2547 bpf_error("illegal link layer address"); 2548 } else { 2549 mask = 0xffffffff; 2550 if (s == NULL && q.addr == Q_NET) { 2551 /* Promote short net number */ 2552 while (v && (v & 0xff000000) == 0) { 2553 v <<= 8; 2554 mask <<= 8; 2555 } 2556 } else { 2557 /* Promote short ipaddr */ 2558 v <<= 32 - vlen; 2559 mask <<= 32 - vlen; 2560 } 2561 return gen_host(v, mask, proto, dir); 2562 } 2563 2564 case Q_PORT: 2565 if (proto == Q_UDP) 2566 proto = IPPROTO_UDP; 2567 else if (proto == Q_TCP) 2568 proto = IPPROTO_TCP; 2569 else if (proto == Q_DEFAULT) 2570 proto = PROTO_UNDEF; 2571 else 2572 bpf_error("illegal qualifier of 'port'"); 2573 2574 #ifndef INET6 2575 return gen_port((int)v, proto, dir); 2576 #else 2577 { 2578 struct block *b; 2579 b = gen_port((int)v, proto, dir); 2580 gen_or(gen_port6((int)v, proto, dir), b); 2581 return b; 2582 } 2583 #endif /* INET6 */ 2584 2585 case Q_GATEWAY: 2586 bpf_error("'gateway' requires a name"); 2587 /* NOTREACHED */ 2588 2589 case Q_PROTO: 2590 return gen_proto((int)v, proto, dir); 2591 2592 case Q_PROTOCHAIN: 2593 return gen_protochain((int)v, proto, dir); 2594 2595 case Q_UNDEF: 2596 syntax(); 2597 /* NOTREACHED */ 2598 2599 default: 2600 abort(); 2601 /* NOTREACHED */ 2602 } 2603 /* NOTREACHED */ 2604 } 2605 2606 #ifdef INET6 2607 struct block * 2608 gen_mcode6(s1, s2, masklen, q) 2609 const char *s1, *s2; 2610 int masklen; 2611 struct qual q; 2612 { 2613 struct addrinfo *res; 2614 struct in6_addr *addr; 2615 struct in6_addr mask; 2616 struct block *b; 2617 u_int32_t *a, *m; 2618 2619 if (s2) 2620 bpf_error("no mask %s supported", s2); 2621 2622 res = pcap_nametoaddrinfo(s1); 2623 if (!res) 2624 bpf_error("invalid ip6 address %s", s1); 2625 if (res->ai_next) 2626 bpf_error("%s resolved to multiple address", s1); 2627 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2628 2629 if (sizeof(mask) * 8 < masklen) 2630 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2631 memset(&mask, 0, sizeof(mask)); 2632 memset(&mask, 0xff, masklen / 8); 2633 if (masklen % 8) { 2634 mask.s6_addr[masklen / 8] = 2635 (0xff << (8 - masklen % 8)) & 0xff; 2636 } 2637 2638 a = (u_int32_t *)addr; 2639 m = (u_int32_t *)&mask; 2640 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2641 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2642 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2643 } 2644 2645 switch (q.addr) { 2646 2647 case Q_DEFAULT: 2648 case Q_HOST: 2649 if (masklen != 128) 2650 bpf_error("Mask syntax for networks only"); 2651 /* FALLTHROUGH */ 2652 2653 case Q_NET: 2654 b = gen_host6(addr, &mask, q.proto, q.dir); 2655 freeaddrinfo(res); 2656 return b; 2657 2658 default: 2659 bpf_error("invalid qualifier against IPv6 address"); 2660 /* NOTREACHED */ 2661 } 2662 } 2663 #endif /*INET6*/ 2664 2665 struct block * 2666 gen_ecode(eaddr, q) 2667 const u_char *eaddr; 2668 struct qual q; 2669 { 2670 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2671 if (linktype == DLT_EN10MB) 2672 return gen_ehostop(eaddr, (int)q.dir); 2673 if (linktype == DLT_FDDI) 2674 return gen_fhostop(eaddr, (int)q.dir); 2675 if (linktype == DLT_IEEE802_11 || 2676 linktype == DLT_IEEE802_11_RADIO) 2677 return gen_p80211_hostop(eaddr, (int)q.dir); 2678 } 2679 bpf_error("ethernet address used in non-ether expression"); 2680 /* NOTREACHED */ 2681 } 2682 2683 void 2684 sappend(s0, s1) 2685 struct slist *s0, *s1; 2686 { 2687 /* 2688 * This is definitely not the best way to do this, but the 2689 * lists will rarely get long. 2690 */ 2691 while (s0->next) 2692 s0 = s0->next; 2693 s0->next = s1; 2694 } 2695 2696 static struct slist * 2697 xfer_to_x(a) 2698 struct arth *a; 2699 { 2700 struct slist *s; 2701 2702 s = new_stmt(BPF_LDX|BPF_MEM); 2703 s->s.k = a->regno; 2704 return s; 2705 } 2706 2707 static struct slist * 2708 xfer_to_a(a) 2709 struct arth *a; 2710 { 2711 struct slist *s; 2712 2713 s = new_stmt(BPF_LD|BPF_MEM); 2714 s->s.k = a->regno; 2715 return s; 2716 } 2717 2718 struct arth * 2719 gen_load(proto, index, size) 2720 int proto; 2721 struct arth *index; 2722 int size; 2723 { 2724 struct slist *s, *tmp; 2725 struct block *b; 2726 int regno = alloc_reg(); 2727 2728 free_reg(index->regno); 2729 switch (size) { 2730 2731 default: 2732 bpf_error("data size must be 1, 2, or 4"); 2733 2734 case 1: 2735 size = BPF_B; 2736 break; 2737 2738 case 2: 2739 size = BPF_H; 2740 break; 2741 2742 case 4: 2743 size = BPF_W; 2744 break; 2745 } 2746 switch (proto) { 2747 default: 2748 bpf_error("unsupported index operation"); 2749 2750 case Q_LINK: 2751 s = xfer_to_x(index); 2752 tmp = new_stmt(BPF_LD|BPF_IND|size); 2753 sappend(s, tmp); 2754 sappend(index->s, s); 2755 break; 2756 2757 case Q_IP: 2758 case Q_ARP: 2759 case Q_RARP: 2760 case Q_ATALK: 2761 case Q_DECNET: 2762 case Q_SCA: 2763 case Q_LAT: 2764 case Q_MOPRC: 2765 case Q_MOPDL: 2766 #ifdef INET6 2767 case Q_IPV6: 2768 #endif 2769 /* XXX Note that we assume a fixed link header here. */ 2770 if (variable_nl) { 2771 s = nl2X_stmt(); 2772 sappend(s, xfer_to_a(index)); 2773 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2774 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2775 } else { 2776 s = xfer_to_x(index); 2777 } 2778 tmp = new_stmt(BPF_LD|BPF_IND|size); 2779 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2780 sappend(s, tmp); 2781 sappend(index->s, s); 2782 2783 b = gen_proto_abbrev(proto); 2784 if (index->b) 2785 gen_and(index->b, b); 2786 index->b = b; 2787 break; 2788 2789 case Q_TCP: 2790 case Q_UDP: 2791 case Q_ICMP: 2792 case Q_IGMP: 2793 case Q_IGRP: 2794 case Q_PIM: 2795 s = iphl_to_x(); 2796 sappend(s, xfer_to_a(index)); 2797 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2798 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2799 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2800 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2801 sappend(index->s, s); 2802 2803 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2804 if (index->b) 2805 gen_and(index->b, b); 2806 #ifdef INET6 2807 gen_and(gen_proto_abbrev(Q_IP), b); 2808 #endif 2809 index->b = b; 2810 break; 2811 #ifdef INET6 2812 case Q_ICMPV6: 2813 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2814 /*NOTREACHED*/ 2815 #endif 2816 } 2817 index->regno = regno; 2818 s = new_stmt(BPF_ST); 2819 s->s.k = regno; 2820 sappend(index->s, s); 2821 2822 return index; 2823 } 2824 2825 struct block * 2826 gen_relation(code, a0, a1, reversed) 2827 int code; 2828 struct arth *a0, *a1; 2829 int reversed; 2830 { 2831 struct slist *s0, *s1, *s2; 2832 struct block *b, *tmp; 2833 2834 s0 = xfer_to_x(a1); 2835 s1 = xfer_to_a(a0); 2836 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2837 b = new_block(JMP(code)); 2838 if (code == BPF_JGT || code == BPF_JGE) { 2839 reversed = !reversed; 2840 b->s.k = 0x80000000; 2841 } 2842 if (reversed) 2843 gen_not(b); 2844 2845 sappend(s1, s2); 2846 sappend(s0, s1); 2847 sappend(a1->s, s0); 2848 sappend(a0->s, a1->s); 2849 2850 b->stmts = a0->s; 2851 2852 free_reg(a0->regno); 2853 free_reg(a1->regno); 2854 2855 /* 'and' together protocol checks */ 2856 if (a0->b) { 2857 if (a1->b) { 2858 gen_and(a0->b, tmp = a1->b); 2859 } 2860 else 2861 tmp = a0->b; 2862 } else 2863 tmp = a1->b; 2864 2865 if (tmp) 2866 gen_and(tmp, b); 2867 2868 return b; 2869 } 2870 2871 struct arth * 2872 gen_loadlen() 2873 { 2874 int regno = alloc_reg(); 2875 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2876 struct slist *s; 2877 2878 s = new_stmt(BPF_LD|BPF_LEN); 2879 s->next = new_stmt(BPF_ST); 2880 s->next->s.k = regno; 2881 a->s = s; 2882 a->regno = regno; 2883 2884 return a; 2885 } 2886 2887 struct arth * 2888 gen_loadrnd() 2889 { 2890 int regno = alloc_reg(); 2891 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2892 struct slist *s; 2893 2894 s = new_stmt(BPF_LD|BPF_RND); 2895 s->next = new_stmt(BPF_ST); 2896 s->next->s.k = regno; 2897 a->s = s; 2898 a->regno = regno; 2899 2900 return a; 2901 } 2902 2903 struct arth * 2904 gen_loadi(val) 2905 int val; 2906 { 2907 struct arth *a; 2908 struct slist *s; 2909 int reg; 2910 2911 a = (struct arth *)newchunk(sizeof(*a)); 2912 2913 reg = alloc_reg(); 2914 2915 s = new_stmt(BPF_LD|BPF_IMM); 2916 s->s.k = val; 2917 s->next = new_stmt(BPF_ST); 2918 s->next->s.k = reg; 2919 a->s = s; 2920 a->regno = reg; 2921 2922 return a; 2923 } 2924 2925 struct arth * 2926 gen_neg(a) 2927 struct arth *a; 2928 { 2929 struct slist *s; 2930 2931 s = xfer_to_a(a); 2932 sappend(a->s, s); 2933 s = new_stmt(BPF_ALU|BPF_NEG); 2934 s->s.k = 0; 2935 sappend(a->s, s); 2936 s = new_stmt(BPF_ST); 2937 s->s.k = a->regno; 2938 sappend(a->s, s); 2939 2940 return a; 2941 } 2942 2943 struct arth * 2944 gen_arth(code, a0, a1) 2945 int code; 2946 struct arth *a0, *a1; 2947 { 2948 struct slist *s0, *s1, *s2; 2949 2950 s0 = xfer_to_x(a1); 2951 s1 = xfer_to_a(a0); 2952 s2 = new_stmt(BPF_ALU|BPF_X|code); 2953 2954 sappend(s1, s2); 2955 sappend(s0, s1); 2956 sappend(a1->s, s0); 2957 sappend(a0->s, a1->s); 2958 2959 free_reg(a1->regno); 2960 2961 s0 = new_stmt(BPF_ST); 2962 a0->regno = s0->s.k = alloc_reg(); 2963 sappend(a0->s, s0); 2964 2965 return a0; 2966 } 2967 2968 /* 2969 * Here we handle simple allocation of the scratch registers. 2970 * If too many registers are alloc'd, the allocator punts. 2971 */ 2972 static int regused[BPF_MEMWORDS]; 2973 static int curreg; 2974 2975 /* 2976 * Return the next free register. 2977 */ 2978 static int 2979 alloc_reg() 2980 { 2981 int n = BPF_MEMWORDS; 2982 2983 while (--n >= 0) { 2984 if (regused[curreg]) 2985 curreg = (curreg + 1) % BPF_MEMWORDS; 2986 else { 2987 regused[curreg] = 1; 2988 return curreg; 2989 } 2990 } 2991 bpf_error("too many registers needed to evaluate expression"); 2992 /* NOTREACHED */ 2993 } 2994 2995 /* 2996 * Return a register to the table so it can 2997 * be used later. 2998 */ 2999 static void 3000 free_reg(n) 3001 int n; 3002 { 3003 regused[n] = 0; 3004 } 3005 3006 static struct block * 3007 gen_len(jmp, n) 3008 int jmp, n; 3009 { 3010 struct slist *s; 3011 struct block *b; 3012 3013 s = new_stmt(BPF_LD|BPF_LEN); 3014 b = new_block(JMP(jmp)); 3015 b->stmts = s; 3016 b->s.k = n; 3017 3018 return b; 3019 } 3020 3021 struct block * 3022 gen_greater(n) 3023 int n; 3024 { 3025 return gen_len(BPF_JGE, n); 3026 } 3027 3028 struct block * 3029 gen_less(n) 3030 int n; 3031 { 3032 struct block *b; 3033 3034 b = gen_len(BPF_JGT, n); 3035 gen_not(b); 3036 3037 return b; 3038 } 3039 3040 struct block * 3041 gen_byteop(op, idx, val) 3042 int op, idx, val; 3043 { 3044 struct block *b; 3045 struct slist *s; 3046 3047 switch (op) { 3048 default: 3049 abort(); 3050 3051 case '=': 3052 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3053 3054 case '<': 3055 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3056 b->s.code = JMP(BPF_JGE); 3057 gen_not(b); 3058 return b; 3059 3060 case '>': 3061 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3062 b->s.code = JMP(BPF_JGT); 3063 return b; 3064 3065 case '|': 3066 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3067 break; 3068 3069 case '&': 3070 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3071 break; 3072 } 3073 s->s.k = val; 3074 b = new_block(JMP(BPF_JEQ)); 3075 b->stmts = s; 3076 gen_not(b); 3077 3078 return b; 3079 } 3080 3081 struct block * 3082 gen_broadcast(proto) 3083 int proto; 3084 { 3085 bpf_u_int32 hostmask; 3086 struct block *b0, *b1, *b2; 3087 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3088 3089 switch (proto) { 3090 3091 case Q_DEFAULT: 3092 case Q_LINK: 3093 if (linktype == DLT_EN10MB) 3094 return gen_ehostop(ebroadcast, Q_DST); 3095 if (linktype == DLT_FDDI) 3096 return gen_fhostop(ebroadcast, Q_DST); 3097 if (linktype == DLT_IEEE802_11 || 3098 linktype == DLT_IEEE802_11_RADIO) 3099 return gen_p80211_hostop(ebroadcast, Q_DST); 3100 bpf_error("not a broadcast link"); 3101 break; 3102 3103 case Q_IP: 3104 /* 3105 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff) 3106 * as an indication that we don't know the netmask, and fail 3107 * in that case. 3108 */ 3109 if (netmask == PCAP_NETMASK_UNKNOWN) 3110 bpf_error("netmask not known, so 'ip broadcast' not supported"); 3111 b0 = gen_linktype(ETHERTYPE_IP); 3112 hostmask = ~netmask; 3113 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3114 b2 = gen_mcmp_nl(16, BPF_W, 3115 (bpf_int32)(~0 & hostmask), hostmask); 3116 gen_or(b1, b2); 3117 gen_and(b0, b2); 3118 return b2; 3119 } 3120 bpf_error("only ether/ip broadcast filters supported"); 3121 } 3122 3123 struct block * 3124 gen_multicast(proto) 3125 int proto; 3126 { 3127 struct block *b0, *b1; 3128 struct slist *s; 3129 3130 switch (proto) { 3131 3132 case Q_DEFAULT: 3133 case Q_LINK: 3134 if (linktype == DLT_EN10MB) { 3135 /* ether[0] & 1 != 0 */ 3136 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3137 s->s.k = 0; 3138 b0 = new_block(JMP(BPF_JSET)); 3139 b0->s.k = 1; 3140 b0->stmts = s; 3141 return b0; 3142 } 3143 3144 if (linktype == DLT_FDDI) { 3145 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3146 /* fddi[1] & 1 != 0 */ 3147 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3148 s->s.k = 1; 3149 b0 = new_block(JMP(BPF_JSET)); 3150 b0->s.k = 1; 3151 b0->stmts = s; 3152 return b0; 3153 } 3154 /* Link not known to support multicasts */ 3155 break; 3156 3157 case Q_IP: 3158 b0 = gen_linktype(ETHERTYPE_IP); 3159 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3160 b1->s.code = JMP(BPF_JGE); 3161 gen_and(b0, b1); 3162 return b1; 3163 3164 #ifdef INET6 3165 case Q_IPV6: 3166 b0 = gen_linktype(ETHERTYPE_IPV6); 3167 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3168 gen_and(b0, b1); 3169 return b1; 3170 #endif /* INET6 */ 3171 } 3172 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3173 } 3174 3175 /* 3176 * generate command for inbound/outbound. It's here so we can 3177 * make it link-type specific. 'dir' = 0 implies "inbound", 3178 * = 1 implies "outbound". 3179 */ 3180 struct block * 3181 gen_inbound(dir) 3182 int dir; 3183 { 3184 struct block *b0; 3185 3186 /* 3187 * Only SLIP and old-style PPP data link types support 3188 * inbound/outbound qualifiers. 3189 */ 3190 switch (linktype) { 3191 case DLT_SLIP: 3192 case DLT_PPP: 3193 b0 = gen_relation(BPF_JEQ, 3194 gen_load(Q_LINK, gen_loadi(0), 1), 3195 gen_loadi(0), 3196 dir); 3197 break; 3198 3199 case DLT_PFLOG: 3200 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3201 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3202 break; 3203 3204 default: 3205 bpf_error("inbound/outbound not supported on linktype 0x%x", 3206 linktype); 3207 /* NOTREACHED */ 3208 } 3209 3210 return (b0); 3211 } 3212 3213 3214 /* PF firewall log matched interface */ 3215 struct block * 3216 gen_pf_ifname(char *ifname) 3217 { 3218 struct block *b0; 3219 u_int len, off; 3220 3221 if (linktype == DLT_PFLOG) { 3222 len = sizeof(((struct pfloghdr *)0)->ifname); 3223 off = offsetof(struct pfloghdr, ifname); 3224 } else { 3225 bpf_error("ifname not supported on linktype 0x%x", linktype); 3226 /* NOTREACHED */ 3227 } 3228 if (strlen(ifname) >= len) { 3229 bpf_error("ifname interface names can only be %d characters", 3230 len - 1); 3231 /* NOTREACHED */ 3232 } 3233 b0 = gen_bcmp(off, strlen(ifname) + 1, ifname); 3234 return (b0); 3235 } 3236 3237 3238 /* PF firewall log ruleset name */ 3239 struct block * 3240 gen_pf_ruleset(char *ruleset) 3241 { 3242 struct block *b0; 3243 3244 if (linktype != DLT_PFLOG) { 3245 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3246 /* NOTREACHED */ 3247 } 3248 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3249 bpf_error("ruleset names can only be %zu characters", 3250 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3251 /* NOTREACHED */ 3252 } 3253 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3254 strlen(ruleset), ruleset); 3255 return (b0); 3256 } 3257 3258 3259 /* PF firewall log rule number */ 3260 struct block * 3261 gen_pf_rnr(int rnr) 3262 { 3263 struct block *b0; 3264 3265 if (linktype == DLT_PFLOG) { 3266 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3267 (bpf_int32)rnr); 3268 } else { 3269 bpf_error("rnr not supported on linktype 0x%x", linktype); 3270 /* NOTREACHED */ 3271 } 3272 3273 return (b0); 3274 } 3275 3276 3277 /* PF firewall log sub-rule number */ 3278 struct block * 3279 gen_pf_srnr(int srnr) 3280 { 3281 struct block *b0; 3282 3283 if (linktype != DLT_PFLOG) { 3284 bpf_error("srnr not supported on linktype 0x%x", linktype); 3285 /* NOTREACHED */ 3286 } 3287 3288 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3289 (bpf_int32)srnr); 3290 return (b0); 3291 } 3292 3293 /* PF firewall log reason code */ 3294 struct block * 3295 gen_pf_reason(int reason) 3296 { 3297 struct block *b0; 3298 3299 if (linktype == DLT_PFLOG) { 3300 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3301 (bpf_int32)reason); 3302 } else { 3303 bpf_error("reason not supported on linktype 0x%x", linktype); 3304 /* NOTREACHED */ 3305 } 3306 3307 return (b0); 3308 } 3309 3310 /* PF firewall log action */ 3311 struct block * 3312 gen_pf_action(int action) 3313 { 3314 struct block *b0; 3315 3316 if (linktype == DLT_PFLOG) { 3317 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3318 (bpf_int32)action); 3319 } else { 3320 bpf_error("action not supported on linktype 0x%x", linktype); 3321 /* NOTREACHED */ 3322 } 3323 3324 return (b0); 3325 } 3326 3327 /* IEEE 802.11 wireless header */ 3328 struct block * 3329 gen_p80211_type(int type, int mask) 3330 { 3331 struct block *b0; 3332 u_int offset; 3333 3334 if (!(linktype == DLT_IEEE802_11 || 3335 linktype == DLT_IEEE802_11_RADIO)) { 3336 bpf_error("type not supported on linktype 0x%x", 3337 linktype); 3338 /* NOTREACHED */ 3339 } 3340 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3341 if (linktype == DLT_IEEE802_11_RADIO) 3342 offset += IEEE80211_RADIOTAP_HDRLEN; 3343 3344 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3345 3346 return (b0); 3347 } 3348 3349 static struct block * 3350 gen_ahostop(eaddr, dir) 3351 const u_char *eaddr; 3352 int dir; 3353 { 3354 struct block *b0, *b1; 3355 3356 switch (dir) { 3357 /* src comes first, different from Ethernet */ 3358 case Q_SRC: 3359 return gen_bcmp(0, 1, eaddr); 3360 3361 case Q_DST: 3362 return gen_bcmp(1, 1, eaddr); 3363 3364 case Q_AND: 3365 b0 = gen_ahostop(eaddr, Q_SRC); 3366 b1 = gen_ahostop(eaddr, Q_DST); 3367 gen_and(b0, b1); 3368 return b1; 3369 3370 case Q_DEFAULT: 3371 case Q_OR: 3372 b0 = gen_ahostop(eaddr, Q_SRC); 3373 b1 = gen_ahostop(eaddr, Q_DST); 3374 gen_or(b0, b1); 3375 return b1; 3376 } 3377 abort(); 3378 /* NOTREACHED */ 3379 } 3380 3381 struct block * 3382 gen_acode(eaddr, q) 3383 const u_char *eaddr; 3384 struct qual q; 3385 { 3386 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3387 if (linktype == DLT_ARCNET) 3388 return gen_ahostop(eaddr, (int)q.dir); 3389 } 3390 bpf_error("ARCnet address used in non-arc expression"); 3391 /* NOTREACHED */ 3392 } 3393 3394 struct block * 3395 gen_mpls(label) 3396 int label; 3397 { 3398 struct block *b0; 3399 3400 if (label > MPLS_LABEL_MAX) 3401 bpf_error("invalid MPLS label : %d", label); 3402 3403 if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */ 3404 b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1); 3405 else 3406 b0 = gen_linktype(ETHERTYPE_MPLS); 3407 3408 if (label >= 0) { 3409 struct block *b1; 3410 3411 b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12), 3412 MPLS_LABEL_MASK); 3413 gen_and(b0, b1); 3414 b0 = b1; 3415 } 3416 off_nl += 4; 3417 off_linktype += 4; 3418 mpls_stack++; 3419 return (b0); 3420 } 3421 3422 /* 3423 * support IEEE 802.1Q VLAN trunk over ethernet 3424 */ 3425 struct block * 3426 gen_vlan(vlan_num) 3427 int vlan_num; 3428 { 3429 struct block *b0; 3430 3431 if (variable_nl) { 3432 bpf_error("'vlan' not supported for variable DLTs"); 3433 /*NOTREACHED*/ 3434 } 3435 3436 if (vlan_num > 4095) { 3437 bpf_error("invalid VLAN number : %d", vlan_num); 3438 /*NOTREACHED*/ 3439 } 3440 3441 /* 3442 * Change the offsets to point to the type and data fields within 3443 * the VLAN packet. This is somewhat of a kludge. 3444 */ 3445 if (orig_nl == (u_int)-1) { 3446 orig_linktype = off_linktype; /* save original values */ 3447 orig_nl = off_nl; 3448 orig_nl_nosnap = off_nl_nosnap; 3449 3450 switch (linktype) { 3451 3452 case DLT_EN10MB: 3453 off_linktype = 16; 3454 off_nl_nosnap = 18; 3455 off_nl = 18; 3456 break; 3457 3458 default: 3459 bpf_error("no VLAN support for data link type %d", 3460 linktype); 3461 /*NOTREACHED*/ 3462 } 3463 } 3464 3465 /* check for VLAN */ 3466 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3467 3468 /* If a specific VLAN is requested, check VLAN id */ 3469 if (vlan_num >= 0) { 3470 struct block *b1; 3471 3472 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF); 3473 gen_and(b0, b1); 3474 b0 = b1; 3475 } 3476 3477 return (b0); 3478 } 3479 3480 struct block * 3481 gen_sample(int rate) 3482 { 3483 struct block *b0; 3484 long long threshold = 0x100000000LL; /* 0xffffffff + 1 */ 3485 3486 if (rate < 2) { 3487 bpf_error("sample %d is too low", rate); 3488 /*NOTREACHED*/ 3489 } 3490 if (rate > (1 << 20)) { 3491 bpf_error("sample %d is too high", rate); 3492 /*NOTREACHED*/ 3493 } 3494 3495 threshold /= rate; 3496 b0 = gen_relation(BPF_JGT, gen_loadrnd(), gen_loadi(threshold), 1); 3497 3498 return (b0); 3499 } 3500 3501 struct block * 3502 gen_p80211_fcdir(int fcdir) 3503 { 3504 struct block *b0; 3505 u_int offset; 3506 3507 if (!(linktype == DLT_IEEE802_11 || 3508 linktype == DLT_IEEE802_11_RADIO)) { 3509 bpf_error("frame direction not supported on linktype 0x%x", 3510 linktype); 3511 /* NOTREACHED */ 3512 } 3513 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3514 if (linktype == DLT_IEEE802_11_RADIO) 3515 offset += IEEE80211_RADIOTAP_HDRLEN; 3516 3517 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3518 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3519 3520 return (b0); 3521 } 3522 3523 static struct block * 3524 gen_p80211_hostop(const u_char *lladdr, int dir) 3525 { 3526 struct block *b0, *b1, *b2, *b3, *b4; 3527 u_int offset = 0; 3528 3529 if (linktype == DLT_IEEE802_11_RADIO) 3530 offset = IEEE80211_RADIOTAP_HDRLEN; 3531 3532 switch (dir) { 3533 case Q_SRC: 3534 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3535 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3536 lladdr); 3537 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3538 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3539 lladdr); 3540 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3541 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3542 lladdr); 3543 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3544 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3545 lladdr); 3546 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3547 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3548 lladdr); 3549 3550 gen_or(b0, b1); 3551 gen_or(b1, b2); 3552 gen_or(b2, b3); 3553 gen_or(b3, b4); 3554 return (b4); 3555 3556 case Q_DST: 3557 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3558 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3559 lladdr); 3560 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3561 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3562 lladdr); 3563 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3564 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3565 lladdr); 3566 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3567 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3568 lladdr); 3569 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3570 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3571 lladdr); 3572 3573 gen_or(b0, b1); 3574 gen_or(b1, b2); 3575 gen_or(b2, b3); 3576 gen_or(b3, b4); 3577 return (b4); 3578 3579 case Q_ADDR1: 3580 return (gen_bcmp(offset + 3581 (u_int)offsetof(struct ieee80211_frame, 3582 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3583 3584 case Q_ADDR2: 3585 return (gen_bcmp(offset + 3586 (u_int)offsetof(struct ieee80211_frame, 3587 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3588 3589 case Q_ADDR3: 3590 return (gen_bcmp(offset + 3591 (u_int)offsetof(struct ieee80211_frame, 3592 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3593 3594 case Q_ADDR4: 3595 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3596 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3597 lladdr)); 3598 3599 case Q_AND: 3600 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3601 b1 = gen_p80211_hostop(lladdr, Q_DST); 3602 gen_and(b0, b1); 3603 return (b1); 3604 3605 case Q_DEFAULT: 3606 case Q_OR: 3607 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3608 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3609 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3610 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3611 gen_or(b0, b1); 3612 gen_or(b1, b2); 3613 gen_or(b2, b3); 3614 return (b3); 3615 3616 default: 3617 bpf_error("direction not supported on linktype 0x%x", 3618 linktype); 3619 } 3620 /* NOTREACHED */ 3621 } 3622 3623 static struct block * 3624 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3625 { 3626 struct block *b0, *b1; 3627 3628 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3629 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3630 gen_and(b0, b1); 3631 3632 return (b1); 3633 } 3634