1 /* $OpenBSD: gencode.c,v 1.67 2024/09/15 07:14:58 jsg Exp $ */
2
3 /*
4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that: (1) source code distributions
9 * retain the above copyright notice and this paragraph in its entirety, (2)
10 * distributions including binary code include the above copyright notice and
11 * this paragraph in its entirety in the documentation or other materials
12 * provided with the distribution, and (3) all advertising materials mentioning
13 * features or use of this software display the following acknowledgement:
14 * ``This product includes software developed by the University of California,
15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16 * the University nor the names of its contributors may be used to endorse
17 * or promote products derived from this software without specific prior
18 * written permission.
19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22 */
23
24 #include <sys/types.h>
25 #include <sys/socket.h>
26 #include <sys/time.h>
27
28 #include <net/if.h>
29
30 #include <netinet/in.h>
31 #include <netinet/if_ether.h>
32
33 #include <net/if_pflog.h>
34 #include <net/pfvar.h>
35
36 #include <netmpls/mpls.h>
37
38 #include <net80211/ieee80211.h>
39 #include <net80211/ieee80211_radiotap.h>
40
41 #include <stdlib.h>
42 #include <stddef.h>
43 #include <setjmp.h>
44 #include <stdarg.h>
45 #include <string.h>
46
47 #include "pcap-int.h"
48
49 #include "ethertype.h"
50 #include "llc.h"
51 #include "gencode.h"
52 #include "ppp.h"
53 #include <pcap-namedb.h>
54 #ifdef INET6
55 #include <netdb.h>
56 #endif /*INET6*/
57
58 #ifdef HAVE_OS_PROTO_H
59 #include "os-proto.h"
60 #endif
61
62 #define JMP(c) ((c)|BPF_JMP|BPF_K)
63
64 /* Locals */
65 static jmp_buf top_ctx;
66 static pcap_t *bpf_pcap;
67
68 /* Hack for updating VLAN offsets. */
69 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1;
70 static u_int mpls_stack = 0;
71
72 /* XXX */
73 #ifdef PCAP_FDDIPAD
74 int pcap_fddipad = PCAP_FDDIPAD;
75 #else
76 int pcap_fddipad;
77 #endif
78
79 __dead void
bpf_error(const char * fmt,...)80 bpf_error(const char *fmt, ...)
81 {
82 va_list ap;
83
84 va_start(ap, fmt);
85 if (bpf_pcap != NULL)
86 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE,
87 fmt, ap);
88 va_end(ap);
89 longjmp(top_ctx, 1);
90 /* NOTREACHED */
91 }
92
93 static void init_linktype(int);
94
95 static int alloc_reg(void);
96 static void free_reg(int);
97
98 static struct block *root;
99
100 /* initialization code used for variable link header */
101 static struct slist *init_code = NULL;
102
103 /* Flags and registers for variable link type handling */
104 static int variable_nl;
105 static int nl_reg, iphl_reg;
106
107 /*
108 * Track memory allocations, for bulk freeing at the end
109 */
110 #define NMEMBAG 16
111 #define MEMBAG0SIZE (4096 / sizeof (void *))
112 struct membag {
113 u_int total;
114 u_int slot;
115 void **ptrs; /* allocated array[total] to each malloc */
116 };
117
118 static struct membag membag[NMEMBAG];
119 static int cur_membag;
120
121 static void *newchunk(size_t);
122 static void freechunks(void);
123 static __inline struct block *new_block(int);
124 static __inline struct slist *new_stmt(int);
125 static struct block *gen_retblk(int);
126 static __inline void syntax(void);
127
128 static void backpatch(struct block *, struct block *);
129 static void merge(struct block *, struct block *);
130 static struct block *gen_cmp(u_int, u_int, bpf_int32);
131 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32);
132 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32);
133 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32);
134 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32);
135 static struct block *gen_bcmp(u_int, u_int, const u_char *);
136 static struct block *gen_uncond(int);
137 static __inline struct block *gen_true(void);
138 static __inline struct block *gen_false(void);
139 static struct block *gen_linktype(int);
140 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
141 #ifdef INET6
142 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
143 #endif
144 static struct block *gen_ehostop(const u_char *, int);
145 static struct block *gen_fhostop(const u_char *, int);
146 static struct block *gen_dnhostop(bpf_u_int32, int, u_int);
147 static struct block *gen_p80211_hostop(const u_char *, int);
148 static struct block *gen_p80211_addr(int, u_int, const u_char *);
149 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int);
150 #ifdef INET6
151 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int);
152 #endif
153 #ifndef INET6
154 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
155 #endif
156 static struct block *gen_ipfrag(void);
157 static struct block *gen_portatom(int, bpf_int32);
158 #ifdef INET6
159 static struct block *gen_portatom6(int, bpf_int32);
160 #endif
161 struct block *gen_portop(int, int, int);
162 static struct block *gen_port(int, int, int);
163 #ifdef INET6
164 struct block *gen_portop6(int, int, int);
165 static struct block *gen_port6(int, int, int);
166 #endif
167 static int lookup_proto(const char *, int);
168 static struct block *gen_protochain(int, int, int);
169 static struct block *gen_proto(int, int, int);
170 static struct slist *xfer_to_x(struct arth *);
171 static struct slist *xfer_to_a(struct arth *);
172 static struct block *gen_len(int, int);
173
174 static void *
newchunk(size_t n)175 newchunk(size_t n)
176 {
177 struct membag *m;
178 void *p;
179
180 m = &membag[cur_membag];
181 if (m->total != 0 && m->total - m->slot == 0) {
182 if (++cur_membag == NMEMBAG)
183 bpf_error("out of memory");
184 m = &membag[cur_membag];
185 }
186 if (m->total - m->slot == 0) {
187 m->ptrs = calloc(sizeof (char *), MEMBAG0SIZE << cur_membag);
188 if (m->ptrs == NULL)
189 bpf_error("out of memory");
190 m->total = MEMBAG0SIZE << cur_membag;
191 m->slot = 0;
192 }
193
194 p = calloc(1, n);
195 if (p == NULL)
196 bpf_error("out of memory");
197 m->ptrs[m->slot++] = p;
198 return (p);
199 }
200
201 static void
freechunks(void)202 freechunks(void)
203 {
204 int i, j;
205
206 for (i = 0; i <= cur_membag; i++) {
207 if (membag[i].ptrs == NULL)
208 continue;
209 for (j = 0; j < membag[i].slot; j++)
210 free(membag[i].ptrs[j]);
211 free(membag[i].ptrs);
212 membag[i].ptrs = NULL;
213 membag[i].slot = membag[i].total = 0;
214 }
215 cur_membag = 0;
216 }
217
218 /*
219 * A strdup whose allocations are freed after code generation is over.
220 */
221 char *
sdup(const char * s)222 sdup(const char *s)
223 {
224 int n = strlen(s) + 1;
225 char *cp = newchunk(n);
226
227 strlcpy(cp, s, n);
228 return (cp);
229 }
230
231 static __inline struct block *
new_block(int code)232 new_block(int code)
233 {
234 struct block *p;
235
236 p = (struct block *)newchunk(sizeof(*p));
237 p->s.code = code;
238 p->head = p;
239
240 return p;
241 }
242
243 static __inline struct slist *
new_stmt(int code)244 new_stmt(int code)
245 {
246 struct slist *p;
247
248 p = (struct slist *)newchunk(sizeof(*p));
249 p->s.code = code;
250
251 return p;
252 }
253
254 static struct block *
gen_retblk(int v)255 gen_retblk(int v)
256 {
257 struct block *b = new_block(BPF_RET|BPF_K);
258
259 b->s.k = v;
260 return b;
261 }
262
263 static __inline void
syntax(void)264 syntax(void)
265 {
266 bpf_error("syntax error in filter expression");
267 }
268
269 static bpf_u_int32 netmask;
270 static int snaplen;
271 int no_optimize;
272
273 int
pcap_compile(pcap_t * p,struct bpf_program * program,const char * buf,int optimize,bpf_u_int32 mask)274 pcap_compile(pcap_t *p, struct bpf_program *program,
275 const char *buf, int optimize, bpf_u_int32 mask)
276 {
277 extern int n_errors;
278 int len;
279
280 no_optimize = 0;
281 n_errors = 0;
282 root = NULL;
283 bpf_pcap = p;
284 if (setjmp(top_ctx)) {
285 freechunks();
286 return (-1);
287 }
288
289 netmask = mask;
290 snaplen = pcap_snapshot(p);
291
292 lex_init(buf ? buf : "");
293 init_linktype(pcap_datalink(p));
294 (void)pcap_parse();
295
296 if (n_errors)
297 syntax();
298
299 if (root == NULL)
300 root = gen_retblk(snaplen);
301
302 if (optimize && !no_optimize) {
303 bpf_optimize(&root);
304 if (root == NULL ||
305 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
306 bpf_error("expression rejects all packets");
307 }
308 program->bf_insns = icode_to_fcode(root, &len);
309 program->bf_len = len;
310
311 freechunks();
312 return (0);
313 }
314
315 /*
316 * entry point for using the compiler with no pcap open
317 * pass in all the stuff that is needed explicitly instead.
318 */
319 int
pcap_compile_nopcap(int snaplen_arg,int linktype_arg,struct bpf_program * program,const char * buf,int optimize,bpf_u_int32 mask)320 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
321 struct bpf_program *program,
322 const char *buf, int optimize, bpf_u_int32 mask)
323 {
324 extern int n_errors;
325 int len;
326
327 n_errors = 0;
328 root = NULL;
329 bpf_pcap = NULL;
330 if (setjmp(top_ctx)) {
331 freechunks();
332 return (-1);
333 }
334
335 netmask = mask;
336
337 /* XXX needed? I don't grok the use of globals here. */
338 snaplen = snaplen_arg;
339
340 lex_init(buf ? buf : "");
341 init_linktype(linktype_arg);
342 (void)pcap_parse();
343
344 if (n_errors)
345 syntax();
346
347 if (root == NULL)
348 root = gen_retblk(snaplen_arg);
349
350 if (optimize) {
351 bpf_optimize(&root);
352 if (root == NULL ||
353 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0))
354 bpf_error("expression rejects all packets");
355 }
356 program->bf_insns = icode_to_fcode(root, &len);
357 program->bf_len = len;
358
359 freechunks();
360 return (0);
361 }
362
363 /*
364 * Clean up a "struct bpf_program" by freeing all the memory allocated
365 * in it.
366 */
367 void
pcap_freecode(struct bpf_program * program)368 pcap_freecode(struct bpf_program *program)
369 {
370 program->bf_len = 0;
371 if (program->bf_insns != NULL) {
372 free((char *)program->bf_insns);
373 program->bf_insns = NULL;
374 }
375 }
376
377 /*
378 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates
379 * which of the jt and jf fields has been resolved and which is a pointer
380 * back to another unresolved block (or nil). At least one of the fields
381 * in each block is already resolved.
382 */
383 static void
backpatch(struct block * list,struct block * target)384 backpatch(struct block *list, struct block *target)
385 {
386 struct block *next;
387
388 while (list) {
389 if (!list->sense) {
390 next = JT(list);
391 JT(list) = target;
392 } else {
393 next = JF(list);
394 JF(list) = target;
395 }
396 list = next;
397 }
398 }
399
400 /*
401 * Merge the lists in b0 and b1, using the 'sense' field to indicate
402 * which of jt and jf is the link.
403 */
404 static void
merge(struct block * b0,struct block * b1)405 merge(struct block *b0, struct block *b1)
406 {
407 struct block **p = &b0;
408
409 /* Find end of list. */
410 while (*p)
411 p = !((*p)->sense) ? &JT(*p) : &JF(*p);
412
413 /* Concatenate the lists. */
414 *p = b1;
415 }
416
417 void
finish_parse(struct block * p)418 finish_parse(struct block *p)
419 {
420 backpatch(p, gen_retblk(snaplen));
421 p->sense = !p->sense;
422 backpatch(p, gen_retblk(0));
423 root = p->head;
424
425 /* prepend initialization code to root */
426 if (init_code != NULL && root != NULL) {
427 sappend(init_code, root->stmts);
428 root->stmts = init_code;
429 init_code = NULL;
430 }
431
432 if (iphl_reg != -1) {
433 free_reg(iphl_reg);
434 iphl_reg = -1;
435 }
436 if (nl_reg != -1) {
437 free_reg(nl_reg);
438 nl_reg = -1;
439 }
440 }
441
442 void
gen_and(struct block * b0,struct block * b1)443 gen_and(struct block *b0, struct block *b1)
444 {
445 backpatch(b0, b1->head);
446 b0->sense = !b0->sense;
447 b1->sense = !b1->sense;
448 merge(b1, b0);
449 b1->sense = !b1->sense;
450 b1->head = b0->head;
451 }
452
453 void
gen_or(struct block * b0,struct block * b1)454 gen_or(struct block *b0, struct block *b1)
455 {
456 b0->sense = !b0->sense;
457 backpatch(b0, b1->head);
458 b0->sense = !b0->sense;
459 merge(b1, b0);
460 b1->head = b0->head;
461 }
462
463 void
gen_not(struct block * b)464 gen_not(struct block *b)
465 {
466 b->sense = !b->sense;
467 }
468
469 static struct block *
gen_cmp(u_int offset,u_int size,bpf_int32 v)470 gen_cmp(u_int offset, u_int size, bpf_int32 v)
471 {
472 struct slist *s;
473 struct block *b;
474
475 s = new_stmt(BPF_LD|BPF_ABS|size);
476 s->s.k = offset;
477
478 b = new_block(JMP(BPF_JEQ));
479 b->stmts = s;
480 b->s.k = v;
481
482 return b;
483 }
484
485 static struct block *
gen_cmp_gt(u_int offset,u_int size,bpf_int32 v)486 gen_cmp_gt(u_int offset, u_int size, bpf_int32 v)
487 {
488 struct slist *s;
489 struct block *b;
490
491 s = new_stmt(BPF_LD|BPF_ABS|size);
492 s->s.k = offset;
493
494 b = new_block(JMP(BPF_JGT));
495 b->stmts = s;
496 b->s.k = v;
497
498 return b;
499 }
500
501 static struct block *
gen_mcmp(u_int offset,u_int size,bpf_int32 v,bpf_u_int32 mask)502 gen_mcmp(u_int offset, u_int size, bpf_int32 v, bpf_u_int32 mask)
503 {
504 struct block *b = gen_cmp(offset, size, v);
505 struct slist *s;
506
507 if (mask != 0xffffffff) {
508 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
509 s->s.k = mask;
510 sappend(b->stmts, s);
511 }
512 return b;
513 }
514
515 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */
516 static struct block *
gen_mcmp_nl(u_int offset,u_int size,bpf_int32 v,bpf_u_int32 mask)517 gen_mcmp_nl(u_int offset, u_int size, bpf_int32 v, bpf_u_int32 mask)
518 {
519 struct block *b = gen_cmp_nl(offset, size, v);
520 struct slist *s;
521
522 if (mask != 0xffffffff) {
523 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
524 s->s.k = mask;
525 sappend(b->stmts, s);
526 }
527 return b;
528 }
529
530 static struct block *
gen_bcmp(u_int offset,u_int size,const u_char * v)531 gen_bcmp(u_int offset, u_int size, const u_char *v)
532 {
533 struct block *b, *tmp;
534
535 b = NULL;
536 while (size >= 4) {
537 const u_char *p = &v[size - 4];
538 bpf_int32 w = ((bpf_int32)p[0] << 24) |
539 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3];
540
541 tmp = gen_cmp(offset + size - 4, BPF_W, w);
542 if (b != NULL)
543 gen_and(b, tmp);
544 b = tmp;
545 size -= 4;
546 }
547 while (size >= 2) {
548 const u_char *p = &v[size - 2];
549 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1];
550
551 tmp = gen_cmp(offset + size - 2, BPF_H, w);
552 if (b != NULL)
553 gen_and(b, tmp);
554 b = tmp;
555 size -= 2;
556 }
557 if (size > 0) {
558 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]);
559 if (b != NULL)
560 gen_and(b, tmp);
561 b = tmp;
562 }
563 return b;
564 }
565
566 /*
567 * Various code constructs need to know the layout of the data link
568 * layer. These variables give the necessary offsets. off_linktype
569 * is set to -1 for no encapsulation, in which case, IP is assumed.
570 */
571 static u_int off_linktype;
572 static u_int off_nl;
573 static u_int off_nl_nosnap;
574
575 static int linktype;
576
577 /* Generate code to load the dynamic 'off_nl' to the X register */
578 static struct slist *
nl2X_stmt(void)579 nl2X_stmt(void)
580 {
581 struct slist *s, *tmp;
582
583 if (nl_reg == -1) {
584 switch (linktype) {
585 case DLT_PFLOG:
586 /* The pflog header contains PFLOG_REAL_HDRLEN
587 which does NOT include the padding. Round
588 up to the nearest dword boundary */
589 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
590 s->s.k = 0;
591
592 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
593 tmp->s.k = 3;
594 sappend(s, tmp);
595
596 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K);
597 tmp->s.k = 0xfc;
598 sappend(s, tmp);
599
600 nl_reg = alloc_reg();
601 tmp = new_stmt(BPF_ST);
602 tmp->s.k = nl_reg;
603 sappend(s, tmp);
604
605 break;
606 default:
607 bpf_error("Unknown header size for link type 0x%x",
608 linktype);
609 }
610
611 if (init_code == NULL)
612 init_code = s;
613 else
614 sappend(init_code, s);
615 }
616
617 s = new_stmt(BPF_LDX|BPF_MEM);
618 s->s.k = nl_reg;
619
620 return s;
621 }
622
623 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */
624 static struct block *
gen_cmp_nl(u_int offset,u_int size,bpf_int32 v)625 gen_cmp_nl(u_int offset, u_int size, bpf_int32 v)
626 {
627 struct slist *s, *tmp;
628 struct block *b;
629
630 if (variable_nl) {
631 s = nl2X_stmt();
632 tmp = new_stmt(BPF_LD|BPF_IND|size);
633 tmp->s.k = offset;
634 sappend(s, tmp);
635 } else {
636 s = new_stmt(BPF_LD|BPF_ABS|size);
637 s->s.k = offset + off_nl;
638 }
639 b = new_block(JMP(BPF_JEQ));
640 b->stmts = s;
641 b->s.k = v;
642
643 return b;
644 }
645
646 static void
init_linktype(int type)647 init_linktype(int type)
648 {
649 linktype = type;
650 init_code = NULL;
651 nl_reg = iphl_reg = -1;
652
653 switch (type) {
654
655 case DLT_EN10MB:
656 off_linktype = 12;
657 off_nl = 14;
658 return;
659
660 case DLT_SLIP:
661 /*
662 * SLIP doesn't have a link level type. The 16 byte
663 * header is hacked into our SLIP driver.
664 */
665 off_linktype = -1;
666 off_nl = 16;
667 return;
668
669 case DLT_SLIP_BSDOS:
670 /* XXX this may be the same as the DLT_PPP_BSDOS case */
671 off_linktype = -1;
672 /* XXX end */
673 off_nl = 24;
674 return;
675
676 case DLT_NULL:
677 off_linktype = 0;
678 off_nl = 4;
679 return;
680
681 case DLT_PPP:
682 off_linktype = 2;
683 off_nl = 4;
684 return;
685
686 case DLT_PPP_SERIAL:
687 off_linktype = -1;
688 off_nl = 2;
689 return;
690
691 case DLT_PPP_ETHER:
692 /*
693 * This does not include the Ethernet header, and
694 * only covers session state.
695 */
696 off_linktype = 6;
697 off_nl = 8;
698 return;
699
700 case DLT_PPP_BSDOS:
701 off_linktype = 5;
702 off_nl = 24;
703 return;
704
705 case DLT_FDDI:
706 /*
707 * FDDI doesn't really have a link-level type field.
708 * We assume that SSAP = SNAP is being used and pick
709 * out the encapsulated Ethernet type.
710 */
711 off_linktype = 19;
712 #ifdef PCAP_FDDIPAD
713 off_linktype += pcap_fddipad;
714 #endif
715 off_nl = 21;
716 #ifdef PCAP_FDDIPAD
717 off_nl += pcap_fddipad;
718 #endif
719 return;
720
721 case DLT_IEEE802:
722 off_linktype = 20;
723 off_nl = 22;
724 return;
725
726 case DLT_IEEE802_11:
727 off_linktype = 30; /* XXX variable */
728 off_nl = 32;
729 return;
730
731 case DLT_IEEE802_11_RADIO: /* XXX variable */
732 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN;
733 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN;
734 return;
735
736 case DLT_ATM_RFC1483:
737 /*
738 * assume routed, non-ISO PDUs
739 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
740 */
741 off_linktype = 6;
742 off_nl = 8;
743 return;
744
745 case DLT_LOOP:
746 off_linktype = 0;
747 off_nl = 4;
748 return;
749
750 case DLT_ENC:
751 off_linktype = -1;
752 off_nl = 12;
753 return;
754
755 case DLT_PFLOG:
756 off_linktype = 0;
757 variable_nl = 1;
758 off_nl = 0;
759 return;
760
761 case DLT_PFSYNC:
762 off_linktype = -1;
763 off_nl = 4;
764 return;
765
766 case DLT_OPENFLOW:
767 off_linktype = -1;
768 off_nl = 12;
769 return;
770
771 case DLT_USBPCAP:
772 /* FALLTHROUGH */
773 case DLT_RAW:
774 off_linktype = -1;
775 off_nl = 0;
776 return;
777 }
778 bpf_error("unknown data link type 0x%x", linktype);
779 /* NOTREACHED */
780 }
781
782 static struct block *
gen_uncond(int rsense)783 gen_uncond(int rsense)
784 {
785 struct block *b;
786 struct slist *s;
787
788 s = new_stmt(BPF_LD|BPF_IMM);
789 s->s.k = !rsense;
790 b = new_block(JMP(BPF_JEQ));
791 b->stmts = s;
792
793 return b;
794 }
795
796 static __inline struct block *
gen_true(void)797 gen_true(void)
798 {
799 return gen_uncond(1);
800 }
801
802 static __inline struct block *
gen_false(void)803 gen_false(void)
804 {
805 return gen_uncond(0);
806 }
807
808 static struct block *
gen_linktype(int proto)809 gen_linktype(int proto)
810 {
811 struct block *b0, *b1;
812
813 /* If we're not using encapsulation and checking for IP, we're done */
814 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP)
815 return gen_true();
816 #ifdef INET6
817 /* this isn't the right thing to do, but sometimes necessary */
818 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6)
819 return gen_true();
820 #endif
821
822 switch (linktype) {
823
824 case DLT_EN10MB:
825 if (proto <= ETHERMTU) {
826 /* This is an LLC SAP value */
827 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU);
828 gen_not(b0);
829 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto);
830 gen_and(b0, b1);
831 return b1;
832 } else {
833 /* This is an Ethernet type */
834 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
835 }
836 break;
837
838 case DLT_SLIP:
839 return gen_false();
840
841 case DLT_PPP:
842 case DLT_PPP_ETHER:
843 if (proto == ETHERTYPE_IP)
844 proto = PPP_IP; /* XXX was 0x21 */
845 #ifdef INET6
846 else if (proto == ETHERTYPE_IPV6)
847 proto = PPP_IPV6;
848 #endif
849 break;
850
851 case DLT_PPP_BSDOS:
852 switch (proto) {
853
854 case ETHERTYPE_IP:
855 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP);
856 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC);
857 gen_or(b0, b1);
858 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC);
859 gen_or(b1, b0);
860 return b0;
861
862 #ifdef INET6
863 case ETHERTYPE_IPV6:
864 proto = PPP_IPV6;
865 /* more to go? */
866 break;
867 #endif /* INET6 */
868
869 case ETHERTYPE_DN:
870 proto = PPP_DECNET;
871 break;
872
873 case ETHERTYPE_ATALK:
874 proto = PPP_APPLE;
875 break;
876
877 case ETHERTYPE_NS:
878 proto = PPP_NS;
879 break;
880 }
881 break;
882
883 case DLT_LOOP:
884 case DLT_ENC:
885 case DLT_NULL:
886 {
887 int v;
888
889 if (proto == ETHERTYPE_IP)
890 v = AF_INET;
891 #ifdef INET6
892 else if (proto == ETHERTYPE_IPV6)
893 v = AF_INET6;
894 #endif /* INET6 */
895 else
896 return gen_false();
897
898 /*
899 * For DLT_NULL, the link-layer header is a 32-bit word
900 * containing an AF_ value in *host* byte order, and for
901 * DLT_ENC, the link-layer header begins with a 32-bit
902 * word containing an AF_ value in host byte order.
903 *
904 * For DLT_LOOP, the link-layer header is a 32-bit
905 * word containing an AF_ value in *network* byte order.
906 */
907 if (linktype != DLT_LOOP)
908 v = htonl(v);
909
910 return (gen_cmp(0, BPF_W, (bpf_int32)v));
911 break;
912 }
913 case DLT_PFLOG:
914 if (proto == ETHERTYPE_IP)
915 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
916 (bpf_int32)AF_INET));
917 #ifdef INET6
918 else if (proto == ETHERTYPE_IPV6)
919 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B,
920 (bpf_int32)AF_INET6));
921 #endif /* INET6 */
922 else
923 return gen_false();
924 break;
925
926 }
927 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto);
928 }
929
930 static struct block *
gen_hostop(bpf_u_int32 addr,bpf_u_int32 mask,int dir,int proto,u_int src_off,u_int dst_off)931 gen_hostop(bpf_u_int32 addr, bpf_u_int32 mask, int dir, int proto,
932 u_int src_off, u_int dst_off)
933 {
934 struct block *b0, *b1;
935 u_int offset;
936
937 switch (dir) {
938
939 case Q_SRC:
940 offset = src_off;
941 break;
942
943 case Q_DST:
944 offset = dst_off;
945 break;
946
947 case Q_AND:
948 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
949 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
950 gen_and(b0, b1);
951 return b1;
952
953 case Q_OR:
954 case Q_DEFAULT:
955 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off);
956 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off);
957 gen_or(b0, b1);
958 return b1;
959
960 default:
961 bpf_error("direction not supported on linktype 0x%x",
962 linktype);
963 }
964 b0 = gen_linktype(proto);
965 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask);
966 gen_and(b0, b1);
967 return b1;
968 }
969
970 #ifdef INET6
971 static struct block *
gen_hostop6(struct in6_addr * addr,struct in6_addr * mask,int dir,int proto,u_int src_off,u_int dst_off)972 gen_hostop6(struct in6_addr *addr, struct in6_addr *mask, int dir, int proto,
973 u_int src_off, u_int dst_off)
974 {
975 struct block *b0, *b1;
976 u_int offset;
977 u_int32_t *a, *m;
978
979 switch (dir) {
980
981 case Q_SRC:
982 offset = src_off;
983 break;
984
985 case Q_DST:
986 offset = dst_off;
987 break;
988
989 case Q_AND:
990 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
991 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
992 gen_and(b0, b1);
993 return b1;
994
995 case Q_OR:
996 case Q_DEFAULT:
997 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off);
998 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off);
999 gen_or(b0, b1);
1000 return b1;
1001
1002 default:
1003 bpf_error("direction not supported on linktype 0x%x",
1004 linktype);
1005 }
1006 /* this order is important */
1007 a = (u_int32_t *)addr;
1008 m = (u_int32_t *)mask;
1009 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
1010 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
1011 gen_and(b0, b1);
1012 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
1013 gen_and(b0, b1);
1014 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
1015 gen_and(b0, b1);
1016 b0 = gen_linktype(proto);
1017 gen_and(b0, b1);
1018 return b1;
1019 }
1020 #endif /*INET6*/
1021
1022 static struct block *
gen_ehostop(const u_char * eaddr,int dir)1023 gen_ehostop(const u_char *eaddr, int dir)
1024 {
1025 struct block *b0, *b1;
1026
1027 switch (dir) {
1028 case Q_SRC:
1029 return gen_bcmp(6, 6, eaddr);
1030
1031 case Q_DST:
1032 return gen_bcmp(0, 6, eaddr);
1033
1034 case Q_AND:
1035 b0 = gen_ehostop(eaddr, Q_SRC);
1036 b1 = gen_ehostop(eaddr, Q_DST);
1037 gen_and(b0, b1);
1038 return b1;
1039
1040 case Q_DEFAULT:
1041 case Q_OR:
1042 b0 = gen_ehostop(eaddr, Q_SRC);
1043 b1 = gen_ehostop(eaddr, Q_DST);
1044 gen_or(b0, b1);
1045 return b1;
1046 default:
1047 bpf_error("direction not supported on linktype 0x%x",
1048 linktype);
1049 }
1050 /* NOTREACHED */
1051 }
1052
1053 /*
1054 * Like gen_ehostop, but for DLT_FDDI
1055 */
1056 static struct block *
gen_fhostop(const u_char * eaddr,int dir)1057 gen_fhostop(const u_char *eaddr, int dir)
1058 {
1059 struct block *b0, *b1;
1060
1061 switch (dir) {
1062 case Q_SRC:
1063 #ifdef PCAP_FDDIPAD
1064 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr);
1065 #else
1066 return gen_bcmp(6 + 1, 6, eaddr);
1067 #endif
1068
1069 case Q_DST:
1070 #ifdef PCAP_FDDIPAD
1071 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr);
1072 #else
1073 return gen_bcmp(0 + 1, 6, eaddr);
1074 #endif
1075
1076 case Q_AND:
1077 b0 = gen_fhostop(eaddr, Q_SRC);
1078 b1 = gen_fhostop(eaddr, Q_DST);
1079 gen_and(b0, b1);
1080 return b1;
1081
1082 case Q_DEFAULT:
1083 case Q_OR:
1084 b0 = gen_fhostop(eaddr, Q_SRC);
1085 b1 = gen_fhostop(eaddr, Q_DST);
1086 gen_or(b0, b1);
1087 return b1;
1088 default:
1089 bpf_error("direction not supported on linktype 0x%x",
1090 linktype);
1091 }
1092 /* NOTREACHED */
1093 }
1094
1095 /*
1096 * This is quite tricky because there may be pad bytes in front of the
1097 * DECNET header, and then there are two possible data packet formats that
1098 * carry both src and dst addresses, plus 5 packet types in a format that
1099 * carries only the src node, plus 2 types that use a different format and
1100 * also carry just the src node.
1101 *
1102 * Yuck.
1103 *
1104 * Instead of doing those all right, we just look for data packets with
1105 * 0 or 1 bytes of padding. If you want to look at other packets, that
1106 * will require a lot more hacking.
1107 *
1108 * To add support for filtering on DECNET "areas" (network numbers)
1109 * one would want to add a "mask" argument to this routine. That would
1110 * make the filter even more inefficient, although one could be clever
1111 * and not generate masking instructions if the mask is 0xFFFF.
1112 */
1113 static struct block *
gen_dnhostop(bpf_u_int32 addr,int dir,u_int base_off)1114 gen_dnhostop(bpf_u_int32 addr, int dir, u_int base_off)
1115 {
1116 struct block *b0, *b1, *b2, *tmp;
1117 u_int offset_lh; /* offset if long header is received */
1118 u_int offset_sh; /* offset if short header is received */
1119
1120 switch (dir) {
1121
1122 case Q_DST:
1123 offset_sh = 1; /* follows flags */
1124 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */
1125 break;
1126
1127 case Q_SRC:
1128 offset_sh = 3; /* follows flags, dstnode */
1129 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
1130 break;
1131
1132 case Q_AND:
1133 /* Inefficient because we do our Calvinball dance twice */
1134 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1135 b1 = gen_dnhostop(addr, Q_DST, base_off);
1136 gen_and(b0, b1);
1137 return b1;
1138
1139 case Q_OR:
1140 case Q_DEFAULT:
1141 /* Inefficient because we do our Calvinball dance twice */
1142 b0 = gen_dnhostop(addr, Q_SRC, base_off);
1143 b1 = gen_dnhostop(addr, Q_DST, base_off);
1144 gen_or(b0, b1);
1145 return b1;
1146
1147 default:
1148 bpf_error("direction not supported on linktype 0x%x",
1149 linktype);
1150 }
1151 b0 = gen_linktype(ETHERTYPE_DN);
1152 /* Check for pad = 1, long header case */
1153 tmp = gen_mcmp_nl(base_off + 2, BPF_H,
1154 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF));
1155 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh,
1156 BPF_H, (bpf_int32)ntohs(addr));
1157 gen_and(tmp, b1);
1158 /* Check for pad = 0, long header case */
1159 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7);
1160 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr));
1161 gen_and(tmp, b2);
1162 gen_or(b2, b1);
1163 /* Check for pad = 1, short header case */
1164 tmp = gen_mcmp_nl(base_off + 2, BPF_H,
1165 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF));
1166 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh,
1167 BPF_H, (bpf_int32)ntohs(addr));
1168 gen_and(tmp, b2);
1169 gen_or(b2, b1);
1170 /* Check for pad = 0, short header case */
1171 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7);
1172 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr));
1173 gen_and(tmp, b2);
1174 gen_or(b2, b1);
1175
1176 /* Combine with test for linktype */
1177 gen_and(b0, b1);
1178 return b1;
1179 }
1180
1181 static struct block *
gen_host(bpf_u_int32 addr,bpf_u_int32 mask,int proto,int dir)1182 gen_host(bpf_u_int32 addr, bpf_u_int32 mask, int proto, int dir)
1183 {
1184 struct block *b0, *b1;
1185
1186 switch (proto) {
1187
1188 case Q_DEFAULT:
1189 b0 = gen_host(addr, mask, Q_IP, dir);
1190 b1 = gen_host(addr, mask, Q_ARP, dir);
1191 gen_or(b0, b1);
1192 b0 = gen_host(addr, mask, Q_RARP, dir);
1193 gen_or(b1, b0);
1194 return b0;
1195
1196 case Q_IP:
1197 return gen_hostop(addr, mask, dir, ETHERTYPE_IP,
1198 12, 16);
1199
1200 case Q_RARP:
1201 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP,
1202 14, 24);
1203
1204 case Q_ARP:
1205 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP,
1206 14, 24);
1207
1208 case Q_TCP:
1209 bpf_error("'tcp' modifier applied to host");
1210
1211 case Q_UDP:
1212 bpf_error("'udp' modifier applied to host");
1213
1214 case Q_ICMP:
1215 bpf_error("'icmp' modifier applied to host");
1216
1217 case Q_IGMP:
1218 bpf_error("'igmp' modifier applied to host");
1219
1220 case Q_IGRP:
1221 bpf_error("'igrp' modifier applied to host");
1222
1223 case Q_PIM:
1224 bpf_error("'pim' modifier applied to host");
1225
1226 case Q_STP:
1227 bpf_error("'stp' modifier applied to host");
1228
1229 case Q_ATALK:
1230 bpf_error("ATALK host filtering not implemented");
1231
1232 case Q_DECNET:
1233 return gen_dnhostop(addr, dir, 0);
1234
1235 case Q_SCA:
1236 bpf_error("SCA host filtering not implemented");
1237
1238 case Q_LAT:
1239 bpf_error("LAT host filtering not implemented");
1240
1241 case Q_MOPDL:
1242 bpf_error("MOPDL host filtering not implemented");
1243
1244 case Q_MOPRC:
1245 bpf_error("MOPRC host filtering not implemented");
1246
1247 #ifdef INET6
1248 case Q_IPV6:
1249 bpf_error("'ip6' modifier applied to ip host");
1250
1251 case Q_ICMPV6:
1252 bpf_error("'icmp6' modifier applied to host");
1253 #endif /* INET6 */
1254
1255 case Q_AH:
1256 bpf_error("'ah' modifier applied to host");
1257
1258 case Q_ESP:
1259 bpf_error("'esp' modifier applied to host");
1260
1261 default:
1262 bpf_error("direction not supported on linktype 0x%x",
1263 linktype);
1264 }
1265 /* NOTREACHED */
1266 }
1267
1268 #ifdef INET6
1269 static struct block *
gen_host6(struct in6_addr * addr,struct in6_addr * mask,int proto,int dir)1270 gen_host6(struct in6_addr *addr, struct in6_addr *mask, int proto, int dir)
1271 {
1272 switch (proto) {
1273
1274 case Q_DEFAULT:
1275 return gen_host6(addr, mask, Q_IPV6, dir);
1276
1277 case Q_IP:
1278 bpf_error("'ip' modifier applied to ip6 host");
1279
1280 case Q_RARP:
1281 bpf_error("'rarp' modifier applied to ip6 host");
1282
1283 case Q_ARP:
1284 bpf_error("'arp' modifier applied to ip6 host");
1285
1286 case Q_TCP:
1287 bpf_error("'tcp' modifier applied to host");
1288
1289 case Q_UDP:
1290 bpf_error("'udp' modifier applied to host");
1291
1292 case Q_ICMP:
1293 bpf_error("'icmp' modifier applied to host");
1294
1295 case Q_IGMP:
1296 bpf_error("'igmp' modifier applied to host");
1297
1298 case Q_IGRP:
1299 bpf_error("'igrp' modifier applied to host");
1300
1301 case Q_PIM:
1302 bpf_error("'pim' modifier applied to host");
1303
1304 case Q_STP:
1305 bpf_error("'stp' modifier applied to host");
1306
1307 case Q_ATALK:
1308 bpf_error("ATALK host filtering not implemented");
1309
1310 case Q_DECNET:
1311 bpf_error("'decnet' modifier applied to ip6 host");
1312
1313 case Q_SCA:
1314 bpf_error("SCA host filtering not implemented");
1315
1316 case Q_LAT:
1317 bpf_error("LAT host filtering not implemented");
1318
1319 case Q_MOPDL:
1320 bpf_error("MOPDL host filtering not implemented");
1321
1322 case Q_MOPRC:
1323 bpf_error("MOPRC host filtering not implemented");
1324
1325 case Q_IPV6:
1326 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6,
1327 8, 24);
1328
1329 case Q_ICMPV6:
1330 bpf_error("'icmp6' modifier applied to host");
1331
1332 case Q_AH:
1333 bpf_error("'ah' modifier applied to host");
1334
1335 case Q_ESP:
1336 bpf_error("'esp' modifier applied to host");
1337
1338 default:
1339 abort();
1340 }
1341 /* NOTREACHED */
1342 }
1343 #endif /*INET6*/
1344
1345 #ifndef INET6
1346 static struct block *
gen_gateway(const u_char * eaddr,bpf_u_int32 ** alist,int proto,int dir)1347 gen_gateway(const u_char *eaddr, bpf_u_int32 **alist, int proto, int dir)
1348 {
1349 struct block *b0, *b1, *tmp;
1350
1351 if (dir != 0)
1352 bpf_error("direction applied to 'gateway'");
1353
1354 switch (proto) {
1355 case Q_DEFAULT:
1356 case Q_IP:
1357 case Q_ARP:
1358 case Q_RARP:
1359 if (linktype == DLT_EN10MB)
1360 b0 = gen_ehostop(eaddr, Q_OR);
1361 else if (linktype == DLT_FDDI)
1362 b0 = gen_fhostop(eaddr, Q_OR);
1363 else
1364 bpf_error(
1365 "'gateway' supported only on ethernet or FDDI");
1366
1367 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1368 while (*alist) {
1369 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR);
1370 gen_or(b1, tmp);
1371 b1 = tmp;
1372 }
1373 gen_not(b1);
1374 gen_and(b0, b1);
1375 return b1;
1376 }
1377 bpf_error("illegal modifier of 'gateway'");
1378 /* NOTREACHED */
1379 }
1380 #endif /*INET6*/
1381
1382 struct block *
gen_proto_abbrev(int proto)1383 gen_proto_abbrev(int proto)
1384 {
1385 struct block *b0 = NULL, *b1;
1386
1387 switch (proto) {
1388
1389 case Q_TCP:
1390 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
1391 #ifdef INET6
1392 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
1393 gen_or(b0, b1);
1394 #endif
1395 break;
1396
1397 case Q_UDP:
1398 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
1399 #ifdef INET6
1400 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
1401 gen_or(b0, b1);
1402 #endif
1403 break;
1404
1405 case Q_ICMP:
1406 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT);
1407 break;
1408
1409 #ifndef IPPROTO_IGMP
1410 #define IPPROTO_IGMP 2
1411 #endif
1412
1413 case Q_IGMP:
1414 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT);
1415 break;
1416
1417 #ifndef IPPROTO_IGRP
1418 #define IPPROTO_IGRP 9
1419 #endif
1420 case Q_IGRP:
1421 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT);
1422 break;
1423
1424 #ifndef IPPROTO_PIM
1425 #define IPPROTO_PIM 103
1426 #endif
1427
1428 case Q_PIM:
1429 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
1430 #ifdef INET6
1431 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
1432 gen_or(b0, b1);
1433 #endif
1434 break;
1435
1436 case Q_IP:
1437 b1 = gen_linktype(ETHERTYPE_IP);
1438 break;
1439
1440 case Q_ARP:
1441 b1 = gen_linktype(ETHERTYPE_ARP);
1442 break;
1443
1444 case Q_RARP:
1445 b1 = gen_linktype(ETHERTYPE_REVARP);
1446 break;
1447
1448 case Q_LINK:
1449 bpf_error("link layer applied in wrong context");
1450
1451 case Q_ATALK:
1452 b1 = gen_linktype(ETHERTYPE_ATALK);
1453 break;
1454
1455 case Q_DECNET:
1456 b1 = gen_linktype(ETHERTYPE_DN);
1457 break;
1458
1459 case Q_SCA:
1460 b1 = gen_linktype(ETHERTYPE_SCA);
1461 break;
1462
1463 case Q_LAT:
1464 b1 = gen_linktype(ETHERTYPE_LAT);
1465 break;
1466
1467 case Q_MOPDL:
1468 b1 = gen_linktype(ETHERTYPE_MOPDL);
1469 break;
1470
1471 case Q_MOPRC:
1472 b1 = gen_linktype(ETHERTYPE_MOPRC);
1473 break;
1474
1475 case Q_STP:
1476 b1 = gen_linktype(LLCSAP_8021D);
1477 break;
1478
1479 #ifdef INET6
1480 case Q_IPV6:
1481 b1 = gen_linktype(ETHERTYPE_IPV6);
1482 break;
1483
1484 #ifndef IPPROTO_ICMPV6
1485 #define IPPROTO_ICMPV6 58
1486 #endif
1487 case Q_ICMPV6:
1488 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
1489 break;
1490 #endif /* INET6 */
1491
1492 #ifndef IPPROTO_AH
1493 #define IPPROTO_AH 51
1494 #endif
1495 case Q_AH:
1496 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
1497 #ifdef INET6
1498 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
1499 gen_or(b0, b1);
1500 #endif
1501 break;
1502
1503 #ifndef IPPROTO_ESP
1504 #define IPPROTO_ESP 50
1505 #endif
1506 case Q_ESP:
1507 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
1508 #ifdef INET6
1509 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
1510 gen_or(b0, b1);
1511 #endif
1512 break;
1513
1514 default:
1515 abort();
1516 }
1517 return b1;
1518 }
1519
1520 static struct block *
gen_ipfrag(void)1521 gen_ipfrag(void)
1522 {
1523 struct slist *s, *tmp;
1524 struct block *b;
1525
1526 /* not ip frag */
1527 if (variable_nl) {
1528 s = nl2X_stmt();
1529 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND);
1530 tmp->s.k = 6;
1531 sappend(s, tmp);
1532 } else {
1533 s = new_stmt(BPF_LD|BPF_H|BPF_ABS);
1534 s->s.k = off_nl + 6;
1535 }
1536 b = new_block(JMP(BPF_JSET));
1537 b->s.k = 0x1fff;
1538 b->stmts = s;
1539 gen_not(b);
1540
1541 return b;
1542 }
1543
1544 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work
1545 This function generates code to set X to the start of the IP payload
1546 X = off_nl + IP header_len.
1547 */
1548 static struct slist *
iphl_to_x(void)1549 iphl_to_x(void)
1550 {
1551 struct slist *s, *tmp;
1552
1553 /* XXX clobbers A if variable_nl*/
1554 if (variable_nl) {
1555 if (iphl_reg == -1) {
1556 /* X <- off_nl */
1557 s = nl2X_stmt();
1558
1559 /* A = p[X+0] */
1560 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND);
1561 tmp->s.k = 0;
1562 sappend(s, tmp);
1563
1564 /* A = A & 0x0f */
1565 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K);
1566 tmp->s.k = 0x0f;
1567 sappend(s, tmp);
1568
1569 /* A = A << 2 */
1570 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K);
1571 tmp->s.k = 2;
1572 sappend(s, tmp);
1573
1574 /* A = A + X (add off_nl again to compensate) */
1575 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
1576
1577 /* MEM[iphl_reg] = A */
1578 iphl_reg = alloc_reg();
1579 tmp = new_stmt(BPF_ST);
1580 tmp->s.k = iphl_reg;
1581 sappend(s, tmp);
1582
1583 sappend(init_code, s);
1584 }
1585 s = new_stmt(BPF_LDX|BPF_MEM);
1586 s->s.k = iphl_reg;
1587
1588 } else {
1589 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1590 s->s.k = off_nl;
1591 }
1592
1593 return s;
1594 }
1595
1596 static struct block *
gen_portatom(int off,bpf_int32 v)1597 gen_portatom(int off, bpf_int32 v)
1598 {
1599 struct slist *s, *tmp;
1600 struct block *b;
1601
1602 s = iphl_to_x();
1603
1604 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H);
1605 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */
1606 sappend(s, tmp);
1607
1608 b = new_block(JMP(BPF_JEQ));
1609 b->stmts = s;
1610 b->s.k = v;
1611
1612 return b;
1613 }
1614
1615 #ifdef INET6
1616 static struct block *
gen_portatom6(int off,bpf_int32 v)1617 gen_portatom6(int off, bpf_int32 v)
1618 {
1619 return gen_cmp_nl(40 + off, BPF_H, v);
1620 }
1621 #endif/*INET6*/
1622
1623 struct block *
gen_portop(int port,int proto,int dir)1624 gen_portop(int port, int proto, int dir)
1625 {
1626 struct block *b0, *b1, *tmp;
1627
1628 /* ip proto 'proto' */
1629 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto);
1630 b0 = gen_ipfrag();
1631 gen_and(tmp, b0);
1632
1633 switch (dir) {
1634 case Q_SRC:
1635 b1 = gen_portatom(0, (bpf_int32)port);
1636 break;
1637
1638 case Q_DST:
1639 b1 = gen_portatom(2, (bpf_int32)port);
1640 break;
1641
1642 case Q_OR:
1643 case Q_DEFAULT:
1644 tmp = gen_portatom(0, (bpf_int32)port);
1645 b1 = gen_portatom(2, (bpf_int32)port);
1646 gen_or(tmp, b1);
1647 break;
1648
1649 case Q_AND:
1650 tmp = gen_portatom(0, (bpf_int32)port);
1651 b1 = gen_portatom(2, (bpf_int32)port);
1652 gen_and(tmp, b1);
1653 break;
1654
1655 default:
1656 abort();
1657 }
1658 gen_and(b0, b1);
1659
1660 return b1;
1661 }
1662
1663 static struct block *
gen_port(int port,int ip_proto,int dir)1664 gen_port(int port, int ip_proto, int dir)
1665 {
1666 struct block *b0, *b1, *tmp;
1667
1668 /* ether proto ip */
1669 b0 = gen_linktype(ETHERTYPE_IP);
1670
1671 switch (ip_proto) {
1672 case IPPROTO_UDP:
1673 case IPPROTO_TCP:
1674 b1 = gen_portop(port, ip_proto, dir);
1675 break;
1676
1677 case PROTO_UNDEF:
1678 tmp = gen_portop(port, IPPROTO_TCP, dir);
1679 b1 = gen_portop(port, IPPROTO_UDP, dir);
1680 gen_or(tmp, b1);
1681 break;
1682
1683 default:
1684 abort();
1685 }
1686 gen_and(b0, b1);
1687 return b1;
1688 }
1689
1690 #ifdef INET6
1691 struct block *
gen_portop6(int port,int proto,int dir)1692 gen_portop6(int port, int proto, int dir)
1693 {
1694 struct block *b0, *b1, *tmp;
1695
1696 /* ip proto 'proto' */
1697 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto);
1698
1699 switch (dir) {
1700 case Q_SRC:
1701 b1 = gen_portatom6(0, (bpf_int32)port);
1702 break;
1703
1704 case Q_DST:
1705 b1 = gen_portatom6(2, (bpf_int32)port);
1706 break;
1707
1708 case Q_OR:
1709 case Q_DEFAULT:
1710 tmp = gen_portatom6(0, (bpf_int32)port);
1711 b1 = gen_portatom6(2, (bpf_int32)port);
1712 gen_or(tmp, b1);
1713 break;
1714
1715 case Q_AND:
1716 tmp = gen_portatom6(0, (bpf_int32)port);
1717 b1 = gen_portatom6(2, (bpf_int32)port);
1718 gen_and(tmp, b1);
1719 break;
1720
1721 default:
1722 abort();
1723 }
1724 gen_and(b0, b1);
1725
1726 return b1;
1727 }
1728
1729 static struct block *
gen_port6(int port,int ip_proto,int dir)1730 gen_port6(int port, int ip_proto, int dir)
1731 {
1732 struct block *b0, *b1, *tmp;
1733
1734 /* ether proto ip */
1735 b0 = gen_linktype(ETHERTYPE_IPV6);
1736
1737 switch (ip_proto) {
1738 case IPPROTO_UDP:
1739 case IPPROTO_TCP:
1740 b1 = gen_portop6(port, ip_proto, dir);
1741 break;
1742
1743 case PROTO_UNDEF:
1744 tmp = gen_portop6(port, IPPROTO_TCP, dir);
1745 b1 = gen_portop6(port, IPPROTO_UDP, dir);
1746 gen_or(tmp, b1);
1747 break;
1748
1749 default:
1750 abort();
1751 }
1752 gen_and(b0, b1);
1753 return b1;
1754 }
1755 #endif /* INET6 */
1756
1757 static int
lookup_proto(const char * name,int proto)1758 lookup_proto(const char *name, int proto)
1759 {
1760 int v;
1761
1762 switch (proto) {
1763
1764 case Q_DEFAULT:
1765 case Q_IP:
1766 v = pcap_nametoproto(name);
1767 if (v == PROTO_UNDEF)
1768 bpf_error("unknown ip proto '%s'", name);
1769 break;
1770
1771 case Q_LINK:
1772 /* XXX should look up h/w protocol type based on linktype */
1773 v = pcap_nametoeproto(name);
1774 if (v == PROTO_UNDEF) {
1775 v = pcap_nametollc(name);
1776 if (v == PROTO_UNDEF)
1777 bpf_error("unknown ether proto '%s'", name);
1778 }
1779 break;
1780
1781 default:
1782 v = PROTO_UNDEF;
1783 break;
1784 }
1785 return v;
1786 }
1787
1788 static struct block *
gen_protochain(int v,int proto,int dir)1789 gen_protochain(int v, int proto, int dir)
1790 {
1791 struct block *b0, *b;
1792 struct slist *s[100];
1793 int fix2, fix3, fix4, fix5;
1794 int ahcheck, again, end;
1795 int i, max;
1796 int reg1 = alloc_reg();
1797 int reg2 = alloc_reg();
1798
1799 memset(s, 0, sizeof(s));
1800 fix2 = fix3 = fix4 = fix5 = 0;
1801
1802 if (variable_nl) {
1803 bpf_error("'gen_protochain' not supported for variable DLTs");
1804 /*NOTREACHED*/
1805 }
1806
1807 switch (proto) {
1808 case Q_IP:
1809 case Q_IPV6:
1810 break;
1811 case Q_DEFAULT:
1812 b0 = gen_protochain(v, Q_IP, dir);
1813 b = gen_protochain(v, Q_IPV6, dir);
1814 gen_or(b0, b);
1815 return b;
1816 default:
1817 bpf_error("bad protocol applied for 'protochain'");
1818 /*NOTREACHED*/
1819 }
1820
1821 no_optimize = 1; /*this code is not compatible with optimzer yet */
1822
1823 /*
1824 * s[0] is a dummy entry to protect other BPF insn from damaged
1825 * by s[fix] = foo with uninitialized variable "fix". It is somewhat
1826 * hard to find interdependency made by jump table fixup.
1827 */
1828 i = 0;
1829 s[i] = new_stmt(0); /*dummy*/
1830 i++;
1831
1832 switch (proto) {
1833 case Q_IP:
1834 b0 = gen_linktype(ETHERTYPE_IP);
1835
1836 /* A = ip->ip_p */
1837 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1838 s[i]->s.k = off_nl + 9;
1839 i++;
1840 /* X = ip->ip_hl << 2 */
1841 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B);
1842 s[i]->s.k = off_nl;
1843 i++;
1844 break;
1845 case Q_IPV6:
1846 b0 = gen_linktype(ETHERTYPE_IPV6);
1847
1848 /* A = ip6->ip_nxt */
1849 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B);
1850 s[i]->s.k = off_nl + 6;
1851 i++;
1852 /* X = sizeof(struct ip6_hdr) */
1853 s[i] = new_stmt(BPF_LDX|BPF_IMM);
1854 s[i]->s.k = 40;
1855 i++;
1856 break;
1857 default:
1858 bpf_error("unsupported proto to gen_protochain");
1859 /*NOTREACHED*/
1860 }
1861
1862 /* again: if (A == v) goto end; else fall through; */
1863 again = i;
1864 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1865 s[i]->s.k = v;
1866 s[i]->s.jt = NULL; /*later*/
1867 s[i]->s.jf = NULL; /*update in next stmt*/
1868 fix5 = i;
1869 i++;
1870
1871 /* if (A == IPPROTO_NONE) goto end */
1872 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1873 s[i]->s.jt = NULL; /*later*/
1874 s[i]->s.jf = NULL; /*update in next stmt*/
1875 s[i]->s.k = IPPROTO_NONE;
1876 s[fix5]->s.jf = s[i];
1877 fix2 = i;
1878 i++;
1879
1880 if (proto == Q_IPV6) {
1881 int v6start, v6end, v6advance, j;
1882
1883 v6start = i;
1884 /* if (A == IPPROTO_HOPOPTS) goto v6advance */
1885 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1886 s[i]->s.jt = NULL; /*later*/
1887 s[i]->s.jf = NULL; /*update in next stmt*/
1888 s[i]->s.k = IPPROTO_HOPOPTS;
1889 s[fix2]->s.jf = s[i];
1890 i++;
1891 /* if (A == IPPROTO_DSTOPTS) goto v6advance */
1892 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1893 s[i]->s.jt = NULL; /*later*/
1894 s[i]->s.jf = NULL; /*update in next stmt*/
1895 s[i]->s.k = IPPROTO_DSTOPTS;
1896 i++;
1897 /* if (A == IPPROTO_ROUTING) goto v6advance */
1898 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1899 s[i]->s.jt = NULL; /*later*/
1900 s[i]->s.jf = NULL; /*update in next stmt*/
1901 s[i]->s.k = IPPROTO_ROUTING;
1902 i++;
1903 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
1904 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1905 s[i]->s.jt = NULL; /*later*/
1906 s[i]->s.jf = NULL; /*later*/
1907 s[i]->s.k = IPPROTO_FRAGMENT;
1908 fix3 = i;
1909 v6end = i;
1910 i++;
1911
1912 /* v6advance: */
1913 v6advance = i;
1914
1915 /*
1916 * in short,
1917 * A = P[X + 1];
1918 * X = X + (P[X] + 1) * 8;
1919 */
1920 /* A = X */
1921 s[i] = new_stmt(BPF_MISC|BPF_TXA);
1922 i++;
1923 /* MEM[reg1] = A */
1924 s[i] = new_stmt(BPF_ST);
1925 s[i]->s.k = reg1;
1926 i++;
1927 /* A += 1 */
1928 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1929 s[i]->s.k = 1;
1930 i++;
1931 /* X = A */
1932 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1933 i++;
1934 /* A = P[X + packet head]; */
1935 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1936 s[i]->s.k = off_nl;
1937 i++;
1938 /* MEM[reg2] = A */
1939 s[i] = new_stmt(BPF_ST);
1940 s[i]->s.k = reg2;
1941 i++;
1942 /* X = MEM[reg1] */
1943 s[i] = new_stmt(BPF_LDX|BPF_MEM);
1944 s[i]->s.k = reg1;
1945 i++;
1946 /* A = P[X + packet head] */
1947 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
1948 s[i]->s.k = off_nl;
1949 i++;
1950 /* A += 1 */
1951 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1952 s[i]->s.k = 1;
1953 i++;
1954 /* A *= 8 */
1955 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
1956 s[i]->s.k = 8;
1957 i++;
1958 /* X = A; */
1959 s[i] = new_stmt(BPF_MISC|BPF_TAX);
1960 i++;
1961 /* A = MEM[reg2] */
1962 s[i] = new_stmt(BPF_LD|BPF_MEM);
1963 s[i]->s.k = reg2;
1964 i++;
1965
1966 /* goto again; (must use BPF_JA for backward jump) */
1967 s[i] = new_stmt(BPF_JMP|BPF_JA);
1968 s[i]->s.k = again - i - 1;
1969 s[i - 1]->s.jf = s[i];
1970 i++;
1971
1972 /* fixup */
1973 for (j = v6start; j <= v6end; j++)
1974 s[j]->s.jt = s[v6advance];
1975 } else {
1976 /* nop */
1977 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
1978 s[i]->s.k = 0;
1979 s[fix2]->s.jf = s[i];
1980 i++;
1981 }
1982
1983 /* ahcheck: */
1984 ahcheck = i;
1985 /* if (A == IPPROTO_AH) then fall through; else goto end; */
1986 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K);
1987 s[i]->s.jt = NULL; /*later*/
1988 s[i]->s.jf = NULL; /*later*/
1989 s[i]->s.k = IPPROTO_AH;
1990 if (fix3)
1991 s[fix3]->s.jf = s[ahcheck];
1992 fix4 = i;
1993 i++;
1994
1995 /*
1996 * in short,
1997 * A = P[X + 1];
1998 * X = X + (P[X] + 2) * 4;
1999 */
2000 /* A = X */
2001 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA);
2002 i++;
2003 /* MEM[reg1] = A */
2004 s[i] = new_stmt(BPF_ST);
2005 s[i]->s.k = reg1;
2006 i++;
2007 /* A += 1 */
2008 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2009 s[i]->s.k = 1;
2010 i++;
2011 /* X = A */
2012 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2013 i++;
2014 /* A = P[X + packet head]; */
2015 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2016 s[i]->s.k = off_nl;
2017 i++;
2018 /* MEM[reg2] = A */
2019 s[i] = new_stmt(BPF_ST);
2020 s[i]->s.k = reg2;
2021 i++;
2022 /* X = MEM[reg1] */
2023 s[i] = new_stmt(BPF_LDX|BPF_MEM);
2024 s[i]->s.k = reg1;
2025 i++;
2026 /* A = P[X + packet head] */
2027 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B);
2028 s[i]->s.k = off_nl;
2029 i++;
2030 /* A += 2 */
2031 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2032 s[i]->s.k = 2;
2033 i++;
2034 /* A *= 4 */
2035 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K);
2036 s[i]->s.k = 4;
2037 i++;
2038 /* X = A; */
2039 s[i] = new_stmt(BPF_MISC|BPF_TAX);
2040 i++;
2041 /* A = MEM[reg2] */
2042 s[i] = new_stmt(BPF_LD|BPF_MEM);
2043 s[i]->s.k = reg2;
2044 i++;
2045
2046 /* goto again; (must use BPF_JA for backward jump) */
2047 s[i] = new_stmt(BPF_JMP|BPF_JA);
2048 s[i]->s.k = again - i - 1;
2049 i++;
2050
2051 /* end: nop */
2052 end = i;
2053 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
2054 s[i]->s.k = 0;
2055 s[fix2]->s.jt = s[end];
2056 s[fix4]->s.jf = s[end];
2057 s[fix5]->s.jt = s[end];
2058 i++;
2059
2060 /*
2061 * make slist chain
2062 */
2063 max = i;
2064 for (i = 0; i < max - 1; i++)
2065 s[i]->next = s[i + 1];
2066 s[max - 1]->next = NULL;
2067
2068 /*
2069 * emit final check
2070 */
2071 b = new_block(JMP(BPF_JEQ));
2072 b->stmts = s[1]; /*remember, s[0] is dummy*/
2073 b->s.k = v;
2074
2075 free_reg(reg1);
2076 free_reg(reg2);
2077
2078 gen_and(b0, b);
2079 return b;
2080 }
2081
2082 static struct block *
gen_proto(int v,int proto,int dir)2083 gen_proto(int v, int proto, int dir)
2084 {
2085 struct block *b0, *b1;
2086
2087 if (dir != Q_DEFAULT)
2088 bpf_error("direction applied to 'proto'");
2089
2090 switch (proto) {
2091 case Q_DEFAULT:
2092 #ifdef INET6
2093 b0 = gen_proto(v, Q_IP, dir);
2094 b1 = gen_proto(v, Q_IPV6, dir);
2095 gen_or(b0, b1);
2096 return b1;
2097 #else
2098 /*FALLTHROUGH*/
2099 #endif
2100 case Q_IP:
2101 b0 = gen_linktype(ETHERTYPE_IP);
2102 #ifndef CHASE_CHAIN
2103 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v);
2104 #else
2105 b1 = gen_protochain(v, Q_IP);
2106 #endif
2107 gen_and(b0, b1);
2108 return b1;
2109
2110 case Q_ARP:
2111 bpf_error("arp does not encapsulate another protocol");
2112 /* NOTREACHED */
2113
2114 case Q_RARP:
2115 bpf_error("rarp does not encapsulate another protocol");
2116 /* NOTREACHED */
2117
2118 case Q_ATALK:
2119 bpf_error("atalk encapsulation is not specifiable");
2120 /* NOTREACHED */
2121
2122 case Q_DECNET:
2123 bpf_error("decnet encapsulation is not specifiable");
2124 /* NOTREACHED */
2125
2126 case Q_SCA:
2127 bpf_error("sca does not encapsulate another protocol");
2128 /* NOTREACHED */
2129
2130 case Q_LAT:
2131 bpf_error("lat does not encapsulate another protocol");
2132 /* NOTREACHED */
2133
2134 case Q_MOPRC:
2135 bpf_error("moprc does not encapsulate another protocol");
2136 /* NOTREACHED */
2137
2138 case Q_MOPDL:
2139 bpf_error("mopdl does not encapsulate another protocol");
2140 /* NOTREACHED */
2141
2142 case Q_LINK:
2143 return gen_linktype(v);
2144
2145 case Q_UDP:
2146 bpf_error("'udp proto' is bogus");
2147 /* NOTREACHED */
2148
2149 case Q_TCP:
2150 bpf_error("'tcp proto' is bogus");
2151 /* NOTREACHED */
2152
2153 case Q_ICMP:
2154 bpf_error("'icmp proto' is bogus");
2155 /* NOTREACHED */
2156
2157 case Q_IGMP:
2158 bpf_error("'igmp proto' is bogus");
2159 /* NOTREACHED */
2160
2161 case Q_IGRP:
2162 bpf_error("'igrp proto' is bogus");
2163 /* NOTREACHED */
2164
2165 case Q_PIM:
2166 bpf_error("'pim proto' is bogus");
2167 /* NOTREACHED */
2168
2169 case Q_STP:
2170 bpf_error("'stp proto' is bogus");
2171 /* NOTREACHED */
2172
2173 #ifdef INET6
2174 case Q_IPV6:
2175 b0 = gen_linktype(ETHERTYPE_IPV6);
2176 #ifndef CHASE_CHAIN
2177 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v);
2178 #else
2179 b1 = gen_protochain(v, Q_IPV6);
2180 #endif
2181 gen_and(b0, b1);
2182 return b1;
2183
2184 case Q_ICMPV6:
2185 bpf_error("'icmp6 proto' is bogus");
2186 #endif /* INET6 */
2187
2188 case Q_AH:
2189 bpf_error("'ah proto' is bogus");
2190
2191 case Q_ESP:
2192 bpf_error("'esp proto' is bogus");
2193
2194 default:
2195 abort();
2196 /* NOTREACHED */
2197 }
2198 /* NOTREACHED */
2199 }
2200
2201 struct block *
gen_scode(const char * name,struct qual q)2202 gen_scode(const char *name, struct qual q)
2203 {
2204 int proto = q.proto;
2205 int dir = q.dir;
2206 int tproto;
2207 u_char *eaddr;
2208 bpf_u_int32 mask, addr;
2209 #ifndef INET6
2210 bpf_u_int32 **alist;
2211 #else
2212 int tproto6;
2213 struct sockaddr_in *sin;
2214 struct sockaddr_in6 *sin6;
2215 struct addrinfo *res, *res0;
2216 struct in6_addr mask128;
2217 #endif /*INET6*/
2218 struct block *b, *tmp;
2219 int port, real_proto;
2220
2221 switch (q.addr) {
2222
2223 case Q_NET:
2224 addr = pcap_nametonetaddr(name);
2225 if (addr == 0)
2226 bpf_error("unknown network '%s'", name);
2227 /* Left justify network addr and calculate its network mask */
2228 mask = 0xffffffff;
2229 while (addr && (addr & 0xff000000) == 0) {
2230 addr <<= 8;
2231 mask <<= 8;
2232 }
2233 return gen_host(addr, mask, proto, dir);
2234
2235 case Q_DEFAULT:
2236 case Q_HOST:
2237 if (proto == Q_LINK) {
2238 switch (linktype) {
2239
2240 case DLT_EN10MB:
2241 eaddr = pcap_ether_hostton(name);
2242 if (eaddr == NULL)
2243 bpf_error(
2244 "unknown ether host '%s'", name);
2245 return gen_ehostop(eaddr, dir);
2246
2247 case DLT_FDDI:
2248 eaddr = pcap_ether_hostton(name);
2249 if (eaddr == NULL)
2250 bpf_error(
2251 "unknown FDDI host '%s'", name);
2252 return gen_fhostop(eaddr, dir);
2253
2254 case DLT_IEEE802_11:
2255 case DLT_IEEE802_11_RADIO:
2256 eaddr = pcap_ether_hostton(name);
2257 if (eaddr == NULL)
2258 bpf_error(
2259 "unknown 802.11 host '%s'", name);
2260
2261 return gen_p80211_hostop(eaddr, dir);
2262
2263 default:
2264 bpf_error(
2265 "only ethernet/FDDI supports link-level host name");
2266 break;
2267 }
2268 } else if (proto == Q_DECNET) {
2269 unsigned short dn_addr = __pcap_nametodnaddr(name);
2270 /*
2271 * I don't think DECNET hosts can be multihomed, so
2272 * there is no need to build up a list of addresses
2273 */
2274 return (gen_host(dn_addr, 0, proto, dir));
2275 } else {
2276 #ifndef INET6
2277 alist = pcap_nametoaddr(name);
2278 if (alist == NULL || *alist == NULL)
2279 bpf_error("unknown host '%s'", name);
2280 tproto = proto;
2281 if (off_linktype == -1 && tproto == Q_DEFAULT)
2282 tproto = Q_IP;
2283 b = gen_host(**alist++, 0xffffffff, tproto, dir);
2284 while (*alist) {
2285 tmp = gen_host(**alist++, 0xffffffff,
2286 tproto, dir);
2287 gen_or(b, tmp);
2288 b = tmp;
2289 }
2290 return b;
2291 #else
2292 memset(&mask128, 0xff, sizeof(mask128));
2293 res0 = res = pcap_nametoaddrinfo(name);
2294 if (res == NULL)
2295 bpf_error("unknown host '%s'", name);
2296 b = tmp = NULL;
2297 tproto = tproto6 = proto;
2298 if (off_linktype == -1 && tproto == Q_DEFAULT) {
2299 tproto = Q_IP;
2300 tproto6 = Q_IPV6;
2301 }
2302 for (res = res0; res; res = res->ai_next) {
2303 switch (res->ai_family) {
2304 case AF_INET:
2305 if (tproto == Q_IPV6)
2306 continue;
2307
2308 sin = (struct sockaddr_in *)
2309 res->ai_addr;
2310 tmp = gen_host(ntohl(sin->sin_addr.s_addr),
2311 0xffffffff, tproto, dir);
2312 break;
2313 case AF_INET6:
2314 if (tproto6 == Q_IP)
2315 continue;
2316
2317 sin6 = (struct sockaddr_in6 *)
2318 res->ai_addr;
2319 tmp = gen_host6(&sin6->sin6_addr,
2320 &mask128, tproto6, dir);
2321 break;
2322 }
2323 if (b)
2324 gen_or(b, tmp);
2325 b = tmp;
2326 }
2327 freeaddrinfo(res0);
2328 if (b == NULL) {
2329 bpf_error("unknown host '%s'%s", name,
2330 (proto == Q_DEFAULT)
2331 ? ""
2332 : " for specified address family");
2333 }
2334 return b;
2335 #endif /*INET6*/
2336 }
2337
2338 case Q_PORT:
2339 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP)
2340 bpf_error("illegal qualifier of 'port'");
2341 if (pcap_nametoport(name, &port, &real_proto) == 0)
2342 bpf_error("unknown port '%s'", name);
2343 if (proto == Q_UDP) {
2344 if (real_proto == IPPROTO_TCP)
2345 bpf_error("port '%s' is tcp", name);
2346 else
2347 /* override PROTO_UNDEF */
2348 real_proto = IPPROTO_UDP;
2349 }
2350 if (proto == Q_TCP) {
2351 if (real_proto == IPPROTO_UDP)
2352 bpf_error("port '%s' is udp", name);
2353 else
2354 /* override PROTO_UNDEF */
2355 real_proto = IPPROTO_TCP;
2356 }
2357 #ifndef INET6
2358 return gen_port(port, real_proto, dir);
2359 #else
2360 {
2361 struct block *b;
2362 b = gen_port(port, real_proto, dir);
2363 gen_or(gen_port6(port, real_proto, dir), b);
2364 return b;
2365 }
2366 #endif /* INET6 */
2367
2368 case Q_GATEWAY:
2369 #ifndef INET6
2370 eaddr = pcap_ether_hostton(name);
2371 if (eaddr == NULL)
2372 bpf_error("unknown ether host: %s", name);
2373
2374 alist = pcap_nametoaddr(name);
2375 if (alist == NULL || *alist == NULL)
2376 bpf_error("unknown host '%s'", name);
2377 return gen_gateway(eaddr, alist, proto, dir);
2378 #else
2379 bpf_error("'gateway' not supported in this configuration");
2380 #endif /*INET6*/
2381
2382 case Q_PROTO:
2383 real_proto = lookup_proto(name, proto);
2384 if (real_proto >= 0)
2385 return gen_proto(real_proto, proto, dir);
2386 else
2387 bpf_error("unknown protocol: %s", name);
2388
2389 case Q_PROTOCHAIN:
2390 real_proto = lookup_proto(name, proto);
2391 if (real_proto >= 0)
2392 return gen_protochain(real_proto, proto, dir);
2393 else
2394 bpf_error("unknown protocol: %s", name);
2395
2396
2397 case Q_UNDEF:
2398 syntax();
2399 /* NOTREACHED */
2400 }
2401 abort();
2402 /* NOTREACHED */
2403 }
2404
2405 struct block *
gen_mcode(const char * s1,const char * s2,int masklen,struct qual q)2406 gen_mcode(const char *s1, const char *s2, int masklen, struct qual q)
2407 {
2408 int nlen, mlen;
2409 bpf_u_int32 n, m;
2410
2411 nlen = __pcap_atoin(s1, &n);
2412 /* Promote short ipaddr */
2413 n <<= 32 - nlen;
2414
2415 if (s2 != NULL) {
2416 mlen = __pcap_atoin(s2, &m);
2417 /* Promote short ipaddr */
2418 m <<= 32 - mlen;
2419 if ((n & ~m) != 0)
2420 bpf_error("non-network bits set in \"%s mask %s\"",
2421 s1, s2);
2422 } else {
2423 /* Convert mask len to mask */
2424 if (masklen > 32)
2425 bpf_error("mask length must be <= 32");
2426 m = 0xffffffff << (32 - masklen);
2427 if ((n & ~m) != 0)
2428 bpf_error("non-network bits set in \"%s/%d\"",
2429 s1, masklen);
2430 }
2431
2432 switch (q.addr) {
2433
2434 case Q_NET:
2435 return gen_host(n, m, q.proto, q.dir);
2436
2437 default:
2438 bpf_error("Mask syntax for networks only");
2439 /* NOTREACHED */
2440 }
2441 }
2442
2443 struct block *
gen_ncode(const char * s,bpf_u_int32 v,struct qual q)2444 gen_ncode(const char *s, bpf_u_int32 v, struct qual q)
2445 {
2446 bpf_u_int32 mask;
2447 int proto = q.proto;
2448 int dir = q.dir;
2449 int vlen;
2450
2451 if (s == NULL)
2452 vlen = 32;
2453 else if (q.proto == Q_DECNET)
2454 vlen = __pcap_atodn(s, &v);
2455 else
2456 vlen = __pcap_atoin(s, &v);
2457
2458 switch (q.addr) {
2459
2460 case Q_DEFAULT:
2461 case Q_HOST:
2462 case Q_NET:
2463 if (proto == Q_DECNET)
2464 return gen_host(v, 0, proto, dir);
2465 else if (proto == Q_LINK) {
2466 bpf_error("illegal link layer address");
2467 } else {
2468 mask = 0xffffffff;
2469 if (s == NULL && q.addr == Q_NET) {
2470 /* Promote short net number */
2471 while (v && (v & 0xff000000) == 0) {
2472 v <<= 8;
2473 mask <<= 8;
2474 }
2475 } else {
2476 /* Promote short ipaddr */
2477 v <<= 32 - vlen;
2478 mask <<= 32 - vlen;
2479 }
2480 return gen_host(v, mask, proto, dir);
2481 }
2482
2483 case Q_PORT:
2484 if (proto == Q_UDP)
2485 proto = IPPROTO_UDP;
2486 else if (proto == Q_TCP)
2487 proto = IPPROTO_TCP;
2488 else if (proto == Q_DEFAULT)
2489 proto = PROTO_UNDEF;
2490 else
2491 bpf_error("illegal qualifier of 'port'");
2492
2493 #ifndef INET6
2494 return gen_port((int)v, proto, dir);
2495 #else
2496 {
2497 struct block *b;
2498 b = gen_port((int)v, proto, dir);
2499 gen_or(gen_port6((int)v, proto, dir), b);
2500 return b;
2501 }
2502 #endif /* INET6 */
2503
2504 case Q_GATEWAY:
2505 bpf_error("'gateway' requires a name");
2506 /* NOTREACHED */
2507
2508 case Q_PROTO:
2509 return gen_proto((int)v, proto, dir);
2510
2511 case Q_PROTOCHAIN:
2512 return gen_protochain((int)v, proto, dir);
2513
2514 case Q_UNDEF:
2515 syntax();
2516 /* NOTREACHED */
2517
2518 default:
2519 abort();
2520 /* NOTREACHED */
2521 }
2522 /* NOTREACHED */
2523 }
2524
2525 #ifdef INET6
2526 struct block *
gen_mcode6(const char * s1,const char * s2,int masklen,struct qual q)2527 gen_mcode6(const char *s1, const char *s2, int masklen, struct qual q)
2528 {
2529 struct addrinfo *res;
2530 struct in6_addr *addr;
2531 struct in6_addr mask;
2532 struct block *b;
2533 u_int32_t *a, *m;
2534
2535 if (s2)
2536 bpf_error("no mask %s supported", s2);
2537
2538 res = pcap_nametoaddrinfo(s1);
2539 if (!res)
2540 bpf_error("invalid ip6 address %s", s1);
2541 if (res->ai_next)
2542 bpf_error("%s resolved to multiple address", s1);
2543 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
2544
2545 if (sizeof(mask) * 8 < masklen)
2546 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8));
2547 memset(&mask, 0, sizeof(mask));
2548 memset(&mask, 0xff, masklen / 8);
2549 if (masklen % 8) {
2550 mask.s6_addr[masklen / 8] =
2551 (0xff << (8 - masklen % 8)) & 0xff;
2552 }
2553
2554 a = (u_int32_t *)addr;
2555 m = (u_int32_t *)&mask;
2556 if ((a[0] & ~m[0]) || (a[1] & ~m[1])
2557 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
2558 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen);
2559 }
2560
2561 switch (q.addr) {
2562
2563 case Q_DEFAULT:
2564 case Q_HOST:
2565 if (masklen != 128)
2566 bpf_error("Mask syntax for networks only");
2567 /* FALLTHROUGH */
2568
2569 case Q_NET:
2570 b = gen_host6(addr, &mask, q.proto, q.dir);
2571 freeaddrinfo(res);
2572 return b;
2573
2574 default:
2575 bpf_error("invalid qualifier against IPv6 address");
2576 /* NOTREACHED */
2577 }
2578 }
2579 #endif /*INET6*/
2580
2581 struct block *
gen_ecode(const u_char * eaddr,struct qual q)2582 gen_ecode(const u_char *eaddr, struct qual q)
2583 {
2584 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
2585 if (linktype == DLT_EN10MB)
2586 return gen_ehostop(eaddr, (int)q.dir);
2587 if (linktype == DLT_FDDI)
2588 return gen_fhostop(eaddr, (int)q.dir);
2589 if (linktype == DLT_IEEE802_11 ||
2590 linktype == DLT_IEEE802_11_RADIO)
2591 return gen_p80211_hostop(eaddr, (int)q.dir);
2592 }
2593 bpf_error("ethernet address used in non-ether expression");
2594 /* NOTREACHED */
2595 }
2596
2597 void
sappend(struct slist * s0,struct slist * s1)2598 sappend(struct slist *s0, struct slist *s1)
2599 {
2600 /*
2601 * This is definitely not the best way to do this, but the
2602 * lists will rarely get long.
2603 */
2604 while (s0->next)
2605 s0 = s0->next;
2606 s0->next = s1;
2607 }
2608
2609 static struct slist *
xfer_to_x(struct arth * a)2610 xfer_to_x(struct arth *a)
2611 {
2612 struct slist *s;
2613
2614 s = new_stmt(BPF_LDX|BPF_MEM);
2615 s->s.k = a->regno;
2616 return s;
2617 }
2618
2619 static struct slist *
xfer_to_a(struct arth * a)2620 xfer_to_a(struct arth *a)
2621 {
2622 struct slist *s;
2623
2624 s = new_stmt(BPF_LD|BPF_MEM);
2625 s->s.k = a->regno;
2626 return s;
2627 }
2628
2629 struct arth *
gen_load(int proto,struct arth * index,int size)2630 gen_load(int proto, struct arth *index, int size)
2631 {
2632 struct slist *s, *tmp;
2633 struct block *b;
2634 int regno = alloc_reg();
2635
2636 free_reg(index->regno);
2637 switch (size) {
2638
2639 default:
2640 bpf_error("data size must be 1, 2, or 4");
2641
2642 case 1:
2643 size = BPF_B;
2644 break;
2645
2646 case 2:
2647 size = BPF_H;
2648 break;
2649
2650 case 4:
2651 size = BPF_W;
2652 break;
2653 }
2654 switch (proto) {
2655 default:
2656 bpf_error("unsupported index operation");
2657
2658 case Q_LINK:
2659 s = xfer_to_x(index);
2660 tmp = new_stmt(BPF_LD|BPF_IND|size);
2661 sappend(s, tmp);
2662 sappend(index->s, s);
2663 break;
2664
2665 case Q_IP:
2666 case Q_ARP:
2667 case Q_RARP:
2668 case Q_ATALK:
2669 case Q_DECNET:
2670 case Q_SCA:
2671 case Q_LAT:
2672 case Q_MOPRC:
2673 case Q_MOPDL:
2674 #ifdef INET6
2675 case Q_IPV6:
2676 #endif
2677 /* XXX Note that we assume a fixed link header here. */
2678 if (variable_nl) {
2679 s = nl2X_stmt();
2680 sappend(s, xfer_to_a(index));
2681 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2682 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2683 } else {
2684 s = xfer_to_x(index);
2685 }
2686 tmp = new_stmt(BPF_LD|BPF_IND|size);
2687 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */
2688 sappend(s, tmp);
2689 sappend(index->s, s);
2690
2691 b = gen_proto_abbrev(proto);
2692 if (index->b)
2693 gen_and(index->b, b);
2694 index->b = b;
2695 break;
2696
2697 case Q_TCP:
2698 case Q_UDP:
2699 case Q_ICMP:
2700 case Q_IGMP:
2701 case Q_IGRP:
2702 case Q_PIM:
2703 s = iphl_to_x();
2704 sappend(s, xfer_to_a(index));
2705 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X));
2706 sappend(s, new_stmt(BPF_MISC|BPF_TAX));
2707 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size));
2708 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */
2709 sappend(index->s, s);
2710
2711 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
2712 if (index->b)
2713 gen_and(index->b, b);
2714 #ifdef INET6
2715 gen_and(gen_proto_abbrev(Q_IP), b);
2716 #endif
2717 index->b = b;
2718 break;
2719 #ifdef INET6
2720 case Q_ICMPV6:
2721 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
2722 /*NOTREACHED*/
2723 #endif
2724 }
2725 index->regno = regno;
2726 s = new_stmt(BPF_ST);
2727 s->s.k = regno;
2728 sappend(index->s, s);
2729
2730 return index;
2731 }
2732
2733 struct block *
gen_relation(int code,struct arth * a0,struct arth * a1,int reversed)2734 gen_relation(int code, struct arth *a0, struct arth *a1, int reversed)
2735 {
2736 struct slist *s0, *s1, *s2;
2737 struct block *b, *tmp;
2738
2739 s0 = xfer_to_x(a1);
2740 s1 = xfer_to_a(a0);
2741 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X);
2742 b = new_block(JMP(code));
2743 if (code == BPF_JGT || code == BPF_JGE) {
2744 reversed = !reversed;
2745 b->s.k = 0x80000000;
2746 }
2747 if (reversed)
2748 gen_not(b);
2749
2750 sappend(s1, s2);
2751 sappend(s0, s1);
2752 sappend(a1->s, s0);
2753 sappend(a0->s, a1->s);
2754
2755 b->stmts = a0->s;
2756
2757 free_reg(a0->regno);
2758 free_reg(a1->regno);
2759
2760 /* 'and' together protocol checks */
2761 if (a0->b) {
2762 if (a1->b) {
2763 gen_and(a0->b, tmp = a1->b);
2764 }
2765 else
2766 tmp = a0->b;
2767 } else
2768 tmp = a1->b;
2769
2770 if (tmp)
2771 gen_and(tmp, b);
2772
2773 return b;
2774 }
2775
2776 struct arth *
gen_loadlen(void)2777 gen_loadlen(void)
2778 {
2779 int regno = alloc_reg();
2780 struct arth *a = (struct arth *)newchunk(sizeof(*a));
2781 struct slist *s;
2782
2783 s = new_stmt(BPF_LD|BPF_LEN);
2784 s->next = new_stmt(BPF_ST);
2785 s->next->s.k = regno;
2786 a->s = s;
2787 a->regno = regno;
2788
2789 return a;
2790 }
2791
2792 struct arth *
gen_loadrnd(void)2793 gen_loadrnd(void)
2794 {
2795 int regno = alloc_reg();
2796 struct arth *a = (struct arth *)newchunk(sizeof(*a));
2797 struct slist *s;
2798
2799 s = new_stmt(BPF_LD|BPF_RND);
2800 s->next = new_stmt(BPF_ST);
2801 s->next->s.k = regno;
2802 a->s = s;
2803 a->regno = regno;
2804
2805 return a;
2806 }
2807
2808 struct arth *
gen_loadi(int val)2809 gen_loadi(int val)
2810 {
2811 struct arth *a;
2812 struct slist *s;
2813 int reg;
2814
2815 a = (struct arth *)newchunk(sizeof(*a));
2816
2817 reg = alloc_reg();
2818
2819 s = new_stmt(BPF_LD|BPF_IMM);
2820 s->s.k = val;
2821 s->next = new_stmt(BPF_ST);
2822 s->next->s.k = reg;
2823 a->s = s;
2824 a->regno = reg;
2825
2826 return a;
2827 }
2828
2829 struct arth *
gen_neg(struct arth * a)2830 gen_neg(struct arth *a)
2831 {
2832 struct slist *s;
2833
2834 s = xfer_to_a(a);
2835 sappend(a->s, s);
2836 s = new_stmt(BPF_ALU|BPF_NEG);
2837 s->s.k = 0;
2838 sappend(a->s, s);
2839 s = new_stmt(BPF_ST);
2840 s->s.k = a->regno;
2841 sappend(a->s, s);
2842
2843 return a;
2844 }
2845
2846 struct arth *
gen_arth(int code,struct arth * a0,struct arth * a1)2847 gen_arth(int code, struct arth *a0, struct arth *a1)
2848 {
2849 struct slist *s0, *s1, *s2;
2850
2851 s0 = xfer_to_x(a1);
2852 s1 = xfer_to_a(a0);
2853 s2 = new_stmt(BPF_ALU|BPF_X|code);
2854
2855 sappend(s1, s2);
2856 sappend(s0, s1);
2857 sappend(a1->s, s0);
2858 sappend(a0->s, a1->s);
2859
2860 free_reg(a1->regno);
2861
2862 s0 = new_stmt(BPF_ST);
2863 a0->regno = s0->s.k = alloc_reg();
2864 sappend(a0->s, s0);
2865
2866 return a0;
2867 }
2868
2869 /*
2870 * Here we handle simple allocation of the scratch registers.
2871 * If too many registers are alloc'd, the allocator punts.
2872 */
2873 static int regused[BPF_MEMWORDS];
2874 static int curreg;
2875
2876 /*
2877 * Return the next free register.
2878 */
2879 static int
alloc_reg(void)2880 alloc_reg(void)
2881 {
2882 int n = BPF_MEMWORDS;
2883
2884 while (--n >= 0) {
2885 if (regused[curreg])
2886 curreg = (curreg + 1) % BPF_MEMWORDS;
2887 else {
2888 regused[curreg] = 1;
2889 return curreg;
2890 }
2891 }
2892 bpf_error("too many registers needed to evaluate expression");
2893 /* NOTREACHED */
2894 }
2895
2896 /*
2897 * Return a register to the table so it can
2898 * be used later.
2899 */
2900 static void
free_reg(int n)2901 free_reg(int n)
2902 {
2903 regused[n] = 0;
2904 }
2905
2906 static struct block *
gen_len(int jmp,int n)2907 gen_len(int jmp, int n)
2908 {
2909 struct slist *s;
2910 struct block *b;
2911
2912 s = new_stmt(BPF_LD|BPF_LEN);
2913 b = new_block(JMP(jmp));
2914 b->stmts = s;
2915 b->s.k = n;
2916
2917 return b;
2918 }
2919
2920 struct block *
gen_greater(int n)2921 gen_greater(int n)
2922 {
2923 return gen_len(BPF_JGE, n);
2924 }
2925
2926 struct block *
gen_less(int n)2927 gen_less(int n)
2928 {
2929 struct block *b;
2930
2931 b = gen_len(BPF_JGT, n);
2932 gen_not(b);
2933
2934 return b;
2935 }
2936
2937 struct block *
gen_byteop(int op,int idx,int val)2938 gen_byteop(int op, int idx, int val)
2939 {
2940 struct block *b;
2941 struct slist *s;
2942
2943 switch (op) {
2944 default:
2945 abort();
2946
2947 case '=':
2948 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2949
2950 case '<':
2951 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2952 b->s.code = JMP(BPF_JGE);
2953 gen_not(b);
2954 return b;
2955
2956 case '>':
2957 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val);
2958 b->s.code = JMP(BPF_JGT);
2959 return b;
2960
2961 case '|':
2962 s = new_stmt(BPF_ALU|BPF_OR|BPF_K);
2963 break;
2964
2965 case '&':
2966 s = new_stmt(BPF_ALU|BPF_AND|BPF_K);
2967 break;
2968 }
2969 s->s.k = val;
2970 b = new_block(JMP(BPF_JEQ));
2971 b->stmts = s;
2972 gen_not(b);
2973
2974 return b;
2975 }
2976
2977 struct block *
gen_broadcast(int proto)2978 gen_broadcast(int proto)
2979 {
2980 bpf_u_int32 hostmask;
2981 struct block *b0, *b1, *b2;
2982 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
2983
2984 switch (proto) {
2985
2986 case Q_DEFAULT:
2987 case Q_LINK:
2988 if (linktype == DLT_EN10MB)
2989 return gen_ehostop(ebroadcast, Q_DST);
2990 if (linktype == DLT_FDDI)
2991 return gen_fhostop(ebroadcast, Q_DST);
2992 if (linktype == DLT_IEEE802_11 ||
2993 linktype == DLT_IEEE802_11_RADIO)
2994 return gen_p80211_hostop(ebroadcast, Q_DST);
2995 bpf_error("not a broadcast link");
2996 break;
2997
2998 case Q_IP:
2999 /*
3000 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff)
3001 * as an indication that we don't know the netmask, and fail
3002 * in that case.
3003 */
3004 if (netmask == PCAP_NETMASK_UNKNOWN)
3005 bpf_error("netmask not known, so 'ip broadcast' not supported");
3006 b0 = gen_linktype(ETHERTYPE_IP);
3007 hostmask = ~netmask;
3008 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask);
3009 b2 = gen_mcmp_nl(16, BPF_W,
3010 (bpf_int32)(~0 & hostmask), hostmask);
3011 gen_or(b1, b2);
3012 gen_and(b0, b2);
3013 return b2;
3014 }
3015 bpf_error("only ether/ip broadcast filters supported");
3016 }
3017
3018 struct block *
gen_multicast(int proto)3019 gen_multicast(int proto)
3020 {
3021 struct block *b0, *b1;
3022 struct slist *s;
3023
3024 switch (proto) {
3025
3026 case Q_DEFAULT:
3027 case Q_LINK:
3028 if (linktype == DLT_EN10MB) {
3029 /* ether[0] & 1 != 0 */
3030 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3031 s->s.k = 0;
3032 b0 = new_block(JMP(BPF_JSET));
3033 b0->s.k = 1;
3034 b0->stmts = s;
3035 return b0;
3036 }
3037
3038 if (linktype == DLT_FDDI) {
3039 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */
3040 /* fddi[1] & 1 != 0 */
3041 s = new_stmt(BPF_LD|BPF_B|BPF_ABS);
3042 s->s.k = 1;
3043 b0 = new_block(JMP(BPF_JSET));
3044 b0->s.k = 1;
3045 b0->stmts = s;
3046 return b0;
3047 }
3048 /* Link not known to support multicasts */
3049 break;
3050
3051 case Q_IP:
3052 b0 = gen_linktype(ETHERTYPE_IP);
3053 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224);
3054 b1->s.code = JMP(BPF_JGE);
3055 gen_and(b0, b1);
3056 return b1;
3057
3058 #ifdef INET6
3059 case Q_IPV6:
3060 b0 = gen_linktype(ETHERTYPE_IPV6);
3061 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255);
3062 gen_and(b0, b1);
3063 return b1;
3064 #endif /* INET6 */
3065 }
3066 bpf_error("only IP multicast filters supported on ethernet/FDDI");
3067 }
3068
3069 /*
3070 * generate command for inbound/outbound. It's here so we can
3071 * make it link-type specific. 'dir' = 0 implies "inbound",
3072 * = 1 implies "outbound".
3073 */
3074 struct block *
gen_inbound(int dir)3075 gen_inbound(int dir)
3076 {
3077 struct block *b0;
3078
3079 /*
3080 * Only SLIP and old-style PPP data link types support
3081 * inbound/outbound qualifiers.
3082 */
3083 switch (linktype) {
3084 case DLT_SLIP:
3085 case DLT_PPP:
3086 b0 = gen_relation(BPF_JEQ,
3087 gen_load(Q_LINK, gen_loadi(0), 1),
3088 gen_loadi(0),
3089 dir);
3090 break;
3091
3092 case DLT_PFLOG:
3093 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B,
3094 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT));
3095 break;
3096
3097 default:
3098 bpf_error("inbound/outbound not supported on linktype 0x%x",
3099 linktype);
3100 /* NOTREACHED */
3101 }
3102
3103 return (b0);
3104 }
3105
3106
3107 /* PF firewall log matched interface */
3108 struct block *
gen_pf_ifname(char * ifname)3109 gen_pf_ifname(char *ifname)
3110 {
3111 struct block *b0;
3112 u_int len, off;
3113
3114 if (linktype == DLT_PFLOG) {
3115 len = sizeof(((struct pfloghdr *)0)->ifname);
3116 off = offsetof(struct pfloghdr, ifname);
3117 } else {
3118 bpf_error("ifname not supported on linktype 0x%x", linktype);
3119 /* NOTREACHED */
3120 }
3121 if (strlen(ifname) >= len) {
3122 bpf_error("ifname interface names can only be %d characters",
3123 len - 1);
3124 /* NOTREACHED */
3125 }
3126 b0 = gen_bcmp(off, strlen(ifname) + 1, ifname);
3127 return (b0);
3128 }
3129
3130
3131 /* PF firewall log ruleset name */
3132 struct block *
gen_pf_ruleset(char * ruleset)3133 gen_pf_ruleset(char *ruleset)
3134 {
3135 struct block *b0;
3136
3137 if (linktype != DLT_PFLOG) {
3138 bpf_error("ruleset not supported on linktype 0x%x", linktype);
3139 /* NOTREACHED */
3140 }
3141 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
3142 bpf_error("ruleset names can only be %zu characters",
3143 sizeof(((struct pfloghdr *)0)->ruleset) - 1);
3144 /* NOTREACHED */
3145 }
3146 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset),
3147 strlen(ruleset), ruleset);
3148 return (b0);
3149 }
3150
3151
3152 /* PF firewall log rule number */
3153 struct block *
gen_pf_rnr(int rnr)3154 gen_pf_rnr(int rnr)
3155 {
3156 struct block *b0;
3157
3158 if (linktype == DLT_PFLOG) {
3159 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W,
3160 (bpf_int32)rnr);
3161 } else {
3162 bpf_error("rnr not supported on linktype 0x%x", linktype);
3163 /* NOTREACHED */
3164 }
3165
3166 return (b0);
3167 }
3168
3169
3170 /* PF firewall log sub-rule number */
3171 struct block *
gen_pf_srnr(int srnr)3172 gen_pf_srnr(int srnr)
3173 {
3174 struct block *b0;
3175
3176 if (linktype != DLT_PFLOG) {
3177 bpf_error("srnr not supported on linktype 0x%x", linktype);
3178 /* NOTREACHED */
3179 }
3180
3181 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W,
3182 (bpf_int32)srnr);
3183 return (b0);
3184 }
3185
3186 /* PF firewall log reason code */
3187 struct block *
gen_pf_reason(int reason)3188 gen_pf_reason(int reason)
3189 {
3190 struct block *b0;
3191
3192 if (linktype == DLT_PFLOG) {
3193 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B,
3194 (bpf_int32)reason);
3195 } else {
3196 bpf_error("reason not supported on linktype 0x%x", linktype);
3197 /* NOTREACHED */
3198 }
3199
3200 return (b0);
3201 }
3202
3203 /* PF firewall log action */
3204 struct block *
gen_pf_action(int action)3205 gen_pf_action(int action)
3206 {
3207 struct block *b0;
3208
3209 if (linktype == DLT_PFLOG) {
3210 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B,
3211 (bpf_int32)action);
3212 } else {
3213 bpf_error("action not supported on linktype 0x%x", linktype);
3214 /* NOTREACHED */
3215 }
3216
3217 return (b0);
3218 }
3219
3220 /* IEEE 802.11 wireless header */
3221 struct block *
gen_p80211_type(int type,int mask)3222 gen_p80211_type(int type, int mask)
3223 {
3224 struct block *b0;
3225 u_int offset;
3226
3227 if (!(linktype == DLT_IEEE802_11 ||
3228 linktype == DLT_IEEE802_11_RADIO)) {
3229 bpf_error("type not supported on linktype 0x%x",
3230 linktype);
3231 /* NOTREACHED */
3232 }
3233 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]);
3234 if (linktype == DLT_IEEE802_11_RADIO)
3235 offset += IEEE80211_RADIOTAP_HDRLEN;
3236
3237 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask);
3238
3239 return (b0);
3240 }
3241
3242 static struct block *
gen_ahostop(const u_char * eaddr,int dir)3243 gen_ahostop(const u_char *eaddr, int dir)
3244 {
3245 struct block *b0, *b1;
3246
3247 switch (dir) {
3248 /* src comes first, different from Ethernet */
3249 case Q_SRC:
3250 return gen_bcmp(0, 1, eaddr);
3251
3252 case Q_DST:
3253 return gen_bcmp(1, 1, eaddr);
3254
3255 case Q_AND:
3256 b0 = gen_ahostop(eaddr, Q_SRC);
3257 b1 = gen_ahostop(eaddr, Q_DST);
3258 gen_and(b0, b1);
3259 return b1;
3260
3261 case Q_DEFAULT:
3262 case Q_OR:
3263 b0 = gen_ahostop(eaddr, Q_SRC);
3264 b1 = gen_ahostop(eaddr, Q_DST);
3265 gen_or(b0, b1);
3266 return b1;
3267 }
3268 abort();
3269 /* NOTREACHED */
3270 }
3271
3272 struct block *
gen_acode(const u_char * eaddr,struct qual q)3273 gen_acode(const u_char *eaddr, struct qual q)
3274 {
3275 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
3276 if (linktype == DLT_ARCNET)
3277 return gen_ahostop(eaddr, (int)q.dir);
3278 }
3279 bpf_error("ARCnet address used in non-arc expression");
3280 /* NOTREACHED */
3281 }
3282
3283 struct block *
gen_mpls(int label)3284 gen_mpls(int label)
3285 {
3286 struct block *b0;
3287
3288 if (label > MPLS_LABEL_MAX)
3289 bpf_error("invalid MPLS label : %d", label);
3290
3291 if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */
3292 b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1);
3293 else
3294 b0 = gen_linktype(ETHERTYPE_MPLS);
3295
3296 if (label >= 0) {
3297 struct block *b1;
3298
3299 b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12),
3300 MPLS_LABEL_MASK);
3301 gen_and(b0, b1);
3302 b0 = b1;
3303 }
3304 off_nl += 4;
3305 off_linktype += 4;
3306 mpls_stack++;
3307 return (b0);
3308 }
3309
3310 /*
3311 * support IEEE 802.1Q VLAN trunk over ethernet
3312 */
3313 struct block *
gen_vlan(int vlan_num)3314 gen_vlan(int vlan_num)
3315 {
3316 struct block *b0;
3317
3318 if (variable_nl) {
3319 bpf_error("'vlan' not supported for variable DLTs");
3320 /*NOTREACHED*/
3321 }
3322
3323 if (vlan_num > 4095) {
3324 bpf_error("invalid VLAN number : %d", vlan_num);
3325 /*NOTREACHED*/
3326 }
3327
3328 /*
3329 * Change the offsets to point to the type and data fields within
3330 * the VLAN packet. This is somewhat of a kludge.
3331 */
3332 if (orig_nl == (u_int)-1) {
3333 orig_linktype = off_linktype; /* save original values */
3334 orig_nl = off_nl;
3335 orig_nl_nosnap = off_nl_nosnap;
3336
3337 switch (linktype) {
3338
3339 case DLT_EN10MB:
3340 off_linktype = 16;
3341 off_nl_nosnap = 18;
3342 off_nl = 18;
3343 break;
3344
3345 default:
3346 bpf_error("no VLAN support for data link type %d",
3347 linktype);
3348 /*NOTREACHED*/
3349 }
3350 }
3351
3352 /* check for VLAN */
3353 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q);
3354
3355 /* If a specific VLAN is requested, check VLAN id */
3356 if (vlan_num >= 0) {
3357 struct block *b1;
3358
3359 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF);
3360 gen_and(b0, b1);
3361 b0 = b1;
3362 }
3363
3364 return (b0);
3365 }
3366
3367 struct block *
gen_sample(int rate)3368 gen_sample(int rate)
3369 {
3370 struct block *b0;
3371 long long threshold = 0x100000000LL; /* 0xffffffff + 1 */
3372
3373 if (rate < 2) {
3374 bpf_error("sample %d is too low", rate);
3375 /*NOTREACHED*/
3376 }
3377 if (rate > (1 << 20)) {
3378 bpf_error("sample %d is too high", rate);
3379 /*NOTREACHED*/
3380 }
3381
3382 threshold /= rate;
3383 b0 = gen_relation(BPF_JGT, gen_loadrnd(), gen_loadi(threshold), 1);
3384
3385 return (b0);
3386 }
3387
3388 struct block *
gen_p80211_fcdir(int fcdir)3389 gen_p80211_fcdir(int fcdir)
3390 {
3391 struct block *b0;
3392 u_int offset;
3393
3394 if (!(linktype == DLT_IEEE802_11 ||
3395 linktype == DLT_IEEE802_11_RADIO)) {
3396 bpf_error("frame direction not supported on linktype 0x%x",
3397 linktype);
3398 /* NOTREACHED */
3399 }
3400 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]);
3401 if (linktype == DLT_IEEE802_11_RADIO)
3402 offset += IEEE80211_RADIOTAP_HDRLEN;
3403
3404 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir,
3405 (bpf_u_int32)IEEE80211_FC1_DIR_MASK);
3406
3407 return (b0);
3408 }
3409
3410 static struct block *
gen_p80211_hostop(const u_char * lladdr,int dir)3411 gen_p80211_hostop(const u_char *lladdr, int dir)
3412 {
3413 struct block *b0, *b1, *b2, *b3, *b4;
3414 u_int offset = 0;
3415
3416 if (linktype == DLT_IEEE802_11_RADIO)
3417 offset = IEEE80211_RADIOTAP_HDRLEN;
3418
3419 switch (dir) {
3420 case Q_SRC:
3421 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset +
3422 (u_int)offsetof(struct ieee80211_frame, i_addr2),
3423 lladdr);
3424 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset +
3425 (u_int)offsetof(struct ieee80211_frame, i_addr2),
3426 lladdr);
3427 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset +
3428 (u_int)offsetof(struct ieee80211_frame, i_addr3),
3429 lladdr);
3430 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset +
3431 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4),
3432 lladdr);
3433 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset +
3434 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2),
3435 lladdr);
3436
3437 gen_or(b0, b1);
3438 gen_or(b1, b2);
3439 gen_or(b2, b3);
3440 gen_or(b3, b4);
3441 return (b4);
3442
3443 case Q_DST:
3444 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset +
3445 (u_int)offsetof(struct ieee80211_frame, i_addr1),
3446 lladdr);
3447 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset +
3448 (u_int)offsetof(struct ieee80211_frame, i_addr3),
3449 lladdr);
3450 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset +
3451 (u_int)offsetof(struct ieee80211_frame, i_addr1),
3452 lladdr);
3453 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset +
3454 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3),
3455 lladdr);
3456 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset +
3457 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1),
3458 lladdr);
3459
3460 gen_or(b0, b1);
3461 gen_or(b1, b2);
3462 gen_or(b2, b3);
3463 gen_or(b3, b4);
3464 return (b4);
3465
3466 case Q_ADDR1:
3467 return (gen_bcmp(offset +
3468 (u_int)offsetof(struct ieee80211_frame,
3469 i_addr1), IEEE80211_ADDR_LEN, lladdr));
3470
3471 case Q_ADDR2:
3472 return (gen_bcmp(offset +
3473 (u_int)offsetof(struct ieee80211_frame,
3474 i_addr2), IEEE80211_ADDR_LEN, lladdr));
3475
3476 case Q_ADDR3:
3477 return (gen_bcmp(offset +
3478 (u_int)offsetof(struct ieee80211_frame,
3479 i_addr3), IEEE80211_ADDR_LEN, lladdr));
3480
3481 case Q_ADDR4:
3482 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset +
3483 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4),
3484 lladdr));
3485
3486 case Q_AND:
3487 b0 = gen_p80211_hostop(lladdr, Q_SRC);
3488 b1 = gen_p80211_hostop(lladdr, Q_DST);
3489 gen_and(b0, b1);
3490 return (b1);
3491
3492 case Q_DEFAULT:
3493 case Q_OR:
3494 b0 = gen_p80211_hostop(lladdr, Q_ADDR1);
3495 b1 = gen_p80211_hostop(lladdr, Q_ADDR2);
3496 b2 = gen_p80211_hostop(lladdr, Q_ADDR3);
3497 b3 = gen_p80211_hostop(lladdr, Q_ADDR4);
3498 gen_or(b0, b1);
3499 gen_or(b1, b2);
3500 gen_or(b2, b3);
3501 return (b3);
3502
3503 default:
3504 bpf_error("direction not supported on linktype 0x%x",
3505 linktype);
3506 }
3507 /* NOTREACHED */
3508 }
3509
3510 static struct block *
gen_p80211_addr(int fcdir,u_int offset,const u_char * lladdr)3511 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr)
3512 {
3513 struct block *b0, *b1;
3514
3515 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK);
3516 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr);
3517 gen_and(b0, b1);
3518
3519 return (b1);
3520 }
3521