1*9f20bfa6SDavid van Moolenbroek /* $NetBSD: bpf-filter.h,v 1.9 2014/11/07 20:51:02 roy Exp $ */ 2*9f20bfa6SDavid van Moolenbroek 3*9f20bfa6SDavid van Moolenbroek /* 4*9f20bfa6SDavid van Moolenbroek * dhcpcd - DHCP client daemon 5*9f20bfa6SDavid van Moolenbroek * Copyright (c) 2006-2008 Roy Marples <roy@marples.name> 6*9f20bfa6SDavid van Moolenbroek * 7*9f20bfa6SDavid van Moolenbroek * Redistribution and use in source and binary forms, with or without 8*9f20bfa6SDavid van Moolenbroek * modification, are permitted provided that the following conditions 9*9f20bfa6SDavid van Moolenbroek * are met: 10*9f20bfa6SDavid van Moolenbroek * 1. Redistributions of source code must retain the above copyright 11*9f20bfa6SDavid van Moolenbroek * notice, this list of conditions and the following disclaimer. 12*9f20bfa6SDavid van Moolenbroek * 2. Redistributions in binary form must reproduce the above copyright 13*9f20bfa6SDavid van Moolenbroek * notice, this list of conditions and the following disclaimer in the 14*9f20bfa6SDavid van Moolenbroek * documentation and/or other materials provided with the distribution. 15*9f20bfa6SDavid van Moolenbroek * 16*9f20bfa6SDavid van Moolenbroek * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17*9f20bfa6SDavid van Moolenbroek * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18*9f20bfa6SDavid van Moolenbroek * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19*9f20bfa6SDavid van Moolenbroek * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20*9f20bfa6SDavid van Moolenbroek * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21*9f20bfa6SDavid van Moolenbroek * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22*9f20bfa6SDavid van Moolenbroek * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23*9f20bfa6SDavid van Moolenbroek * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24*9f20bfa6SDavid van Moolenbroek * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25*9f20bfa6SDavid van Moolenbroek * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26*9f20bfa6SDavid van Moolenbroek * SUCH DAMAGE. 27*9f20bfa6SDavid van Moolenbroek */ 28*9f20bfa6SDavid van Moolenbroek 29*9f20bfa6SDavid van Moolenbroek #ifndef BPF_ETHCOOK 30*9f20bfa6SDavid van Moolenbroek # define BPF_ETHCOOK 0 31*9f20bfa6SDavid van Moolenbroek #endif 32*9f20bfa6SDavid van Moolenbroek #ifndef BPF_WHOLEPACKET 33*9f20bfa6SDavid van Moolenbroek # define BPF_WHOLEPACKET ~0U 34*9f20bfa6SDavid van Moolenbroek #endif 35*9f20bfa6SDavid van Moolenbroek static const struct bpf_insn arp_bpf_filter [] = { 36*9f20bfa6SDavid van Moolenbroek #ifndef BPF_SKIPTYPE 37*9f20bfa6SDavid van Moolenbroek /* Make sure this is an ARP packet... */ 38*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12), 39*9f20bfa6SDavid van Moolenbroek BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_ARP, 0, 3), 40*9f20bfa6SDavid van Moolenbroek #endif 41*9f20bfa6SDavid van Moolenbroek /* Make sure this is an ARP REQUEST... */ 42*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20 + BPF_ETHCOOK), 43*9f20bfa6SDavid van Moolenbroek BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REQUEST, 2, 0), 44*9f20bfa6SDavid van Moolenbroek /* or ARP REPLY... */ 45*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20 + BPF_ETHCOOK), 46*9f20bfa6SDavid van Moolenbroek BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ARPOP_REPLY, 0, 1), 47*9f20bfa6SDavid van Moolenbroek /* If we passed all the tests, ask for the whole packet. */ 48*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_RET + BPF_K, BPF_WHOLEPACKET), 49*9f20bfa6SDavid van Moolenbroek /* Otherwise, drop it. */ 50*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_RET + BPF_K, 0), 51*9f20bfa6SDavid van Moolenbroek }; 52*9f20bfa6SDavid van Moolenbroek #define arp_bpf_filter_len sizeof(arp_bpf_filter) / sizeof(arp_bpf_filter[0]) 53*9f20bfa6SDavid van Moolenbroek 54*9f20bfa6SDavid van Moolenbroek 55*9f20bfa6SDavid van Moolenbroek /* dhcp_bpf_filter taken from bpf.c in dhcp-3.1.0 56*9f20bfa6SDavid van Moolenbroek * 57*9f20bfa6SDavid van Moolenbroek * Copyright (c) 2004,2007 by Internet Systems Consortium, Inc. ("ISC") 58*9f20bfa6SDavid van Moolenbroek * Copyright (c) 1996-2003 by Internet Software Consortium 59*9f20bfa6SDavid van Moolenbroek * 60*9f20bfa6SDavid van Moolenbroek * Permission to use, copy, modify, and distribute this software for any 61*9f20bfa6SDavid van Moolenbroek * purpose with or without fee is hereby granted, provided that the above 62*9f20bfa6SDavid van Moolenbroek * copyright notice and this permission notice appear in all copies. 63*9f20bfa6SDavid van Moolenbroek * 64*9f20bfa6SDavid van Moolenbroek * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES 65*9f20bfa6SDavid van Moolenbroek * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 66*9f20bfa6SDavid van Moolenbroek * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR 67*9f20bfa6SDavid van Moolenbroek * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 68*9f20bfa6SDavid van Moolenbroek * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 69*9f20bfa6SDavid van Moolenbroek * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 70*9f20bfa6SDavid van Moolenbroek * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 71*9f20bfa6SDavid van Moolenbroek * 72*9f20bfa6SDavid van Moolenbroek * Internet Systems Consortium, Inc. 73*9f20bfa6SDavid van Moolenbroek * 950 Charter Street 74*9f20bfa6SDavid van Moolenbroek * Redwood City, CA 94063 75*9f20bfa6SDavid van Moolenbroek * <info@isc.org> 76*9f20bfa6SDavid van Moolenbroek * http://www.isc.org/ 77*9f20bfa6SDavid van Moolenbroek */ 78*9f20bfa6SDavid van Moolenbroek 79*9f20bfa6SDavid van Moolenbroek static const struct bpf_insn dhcp_bpf_filter [] = { 80*9f20bfa6SDavid van Moolenbroek #ifndef BPF_SKIPTYPE 81*9f20bfa6SDavid van Moolenbroek /* Make sure this is an IP packet... */ 82*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 12), 83*9f20bfa6SDavid van Moolenbroek BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, ETHERTYPE_IP, 0, 8), 84*9f20bfa6SDavid van Moolenbroek #endif 85*9f20bfa6SDavid van Moolenbroek /* Make sure it's a UDP packet... */ 86*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_LD + BPF_B + BPF_ABS, 23 + BPF_ETHCOOK), 87*9f20bfa6SDavid van Moolenbroek BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6), 88*9f20bfa6SDavid van Moolenbroek /* Make sure this isn't a fragment... */ 89*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 20 + BPF_ETHCOOK), 90*9f20bfa6SDavid van Moolenbroek BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0), 91*9f20bfa6SDavid van Moolenbroek /* Get the IP header length... */ 92*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_LDX + BPF_B + BPF_MSH, 14 + BPF_ETHCOOK), 93*9f20bfa6SDavid van Moolenbroek /* Make sure it's to the right port... */ 94*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_LD + BPF_H + BPF_IND, 16 + BPF_ETHCOOK), 95*9f20bfa6SDavid van Moolenbroek BPF_JUMP(BPF_JMP + BPF_JEQ + BPF_K, DHCP_CLIENT_PORT, 0, 1), 96*9f20bfa6SDavid van Moolenbroek /* If we passed all the tests, ask for the whole packet. */ 97*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_RET + BPF_K, BPF_WHOLEPACKET), 98*9f20bfa6SDavid van Moolenbroek /* Otherwise, drop it. */ 99*9f20bfa6SDavid van Moolenbroek BPF_STMT(BPF_RET + BPF_K, 0), 100*9f20bfa6SDavid van Moolenbroek }; 101*9f20bfa6SDavid van Moolenbroek #define dhcp_bpf_filter_len sizeof(dhcp_bpf_filter) / sizeof(dhcp_bpf_filter[0]) 102