1 /* $OpenBSD: gencode.c,v 1.31 2008/06/15 02:49:14 deraadt Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/types.h> 25 #include <sys/socket.h> 26 #include <sys/time.h> 27 28 struct mbuf; 29 struct rtentry; 30 31 #include <net/if.h> 32 33 #include <netinet/in.h> 34 #include <netinet/if_ether.h> 35 36 #include <net/if_pflog.h> 37 #include <net/pfvar.h> 38 39 #include <net80211/ieee80211.h> 40 #include <net80211/ieee80211_radiotap.h> 41 42 #include <stdlib.h> 43 #include <stddef.h> 44 #include <memory.h> 45 #include <setjmp.h> 46 #include <stdarg.h> 47 48 #include "pcap-int.h" 49 50 #include "ethertype.h" 51 #include "llc.h" 52 #include "gencode.h" 53 #include "ppp.h" 54 #include <pcap-namedb.h> 55 #ifdef INET6 56 #include <netdb.h> 57 #include <sys/socket.h> 58 #endif /*INET6*/ 59 60 #ifdef HAVE_OS_PROTO_H 61 #include "os-proto.h" 62 #endif 63 64 #define JMP(c) ((c)|BPF_JMP|BPF_K) 65 66 /* Locals */ 67 static jmp_buf top_ctx; 68 static pcap_t *bpf_pcap; 69 70 /* Hack for updating VLAN offsets. */ 71 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 72 73 /* XXX */ 74 #ifdef PCAP_FDDIPAD 75 int pcap_fddipad = PCAP_FDDIPAD; 76 #else 77 int pcap_fddipad; 78 #endif 79 80 /* VARARGS */ 81 __dead void 82 bpf_error(const char *fmt, ...) 83 { 84 va_list ap; 85 86 va_start(ap, fmt); 87 if (bpf_pcap != NULL) 88 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 89 fmt, ap); 90 va_end(ap); 91 longjmp(top_ctx, 1); 92 /* NOTREACHED */ 93 } 94 95 static void init_linktype(int); 96 97 static int alloc_reg(void); 98 static void free_reg(int); 99 100 static struct block *root; 101 102 /* 103 * We divy out chunks of memory rather than call malloc each time so 104 * we don't have to worry about leaking memory. It's probably 105 * not a big deal if all this memory was wasted but it this ever 106 * goes into a library that would probably not be a good idea. 107 */ 108 #define NCHUNKS 16 109 #define CHUNK0SIZE 1024 110 struct chunk { 111 u_int n_left; 112 void *m; 113 }; 114 115 static struct chunk chunks[NCHUNKS]; 116 static int cur_chunk; 117 118 static void *newchunk(u_int); 119 static void freechunks(void); 120 static __inline struct block *new_block(int); 121 static __inline struct slist *new_stmt(int); 122 static struct block *gen_retblk(int); 123 static __inline void syntax(void); 124 125 static void backpatch(struct block *, struct block *); 126 static void merge(struct block *, struct block *); 127 static struct block *gen_cmp(u_int, u_int, bpf_int32); 128 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 129 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 130 static struct block *gen_bcmp(u_int, u_int, const u_char *); 131 static struct block *gen_uncond(int); 132 static __inline struct block *gen_true(void); 133 static __inline struct block *gen_false(void); 134 static struct block *gen_linktype(int); 135 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 136 #ifdef INET6 137 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 138 #endif 139 static struct block *gen_ehostop(const u_char *, int); 140 static struct block *gen_fhostop(const u_char *, int); 141 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 142 static struct block *gen_p80211_hostop(const u_char *, int); 143 static struct block *gen_p80211_addr(int, u_int, const u_char *); 144 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 145 #ifdef INET6 146 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 147 #endif 148 #ifndef INET6 149 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 150 #endif 151 static struct block *gen_ipfrag(void); 152 static struct block *gen_portatom(int, bpf_int32); 153 #ifdef INET6 154 static struct block *gen_portatom6(int, bpf_int32); 155 #endif 156 struct block *gen_portop(int, int, int); 157 static struct block *gen_port(int, int, int); 158 #ifdef INET6 159 struct block *gen_portop6(int, int, int); 160 static struct block *gen_port6(int, int, int); 161 #endif 162 static int lookup_proto(const char *, int); 163 static struct block *gen_protochain(int, int, int); 164 static struct block *gen_proto(int, int, int); 165 static struct slist *xfer_to_x(struct arth *); 166 static struct slist *xfer_to_a(struct arth *); 167 static struct block *gen_len(int, int); 168 169 static void * 170 newchunk(n) 171 u_int n; 172 { 173 struct chunk *cp; 174 int k, size; 175 176 /* XXX Round to structure boundary. */ 177 n = ALIGN(n); 178 179 cp = &chunks[cur_chunk]; 180 if (n > cp->n_left) { 181 ++cp, k = ++cur_chunk; 182 if (k >= NCHUNKS) 183 bpf_error("out of memory"); 184 size = CHUNK0SIZE << k; 185 cp->m = (void *)malloc(size); 186 if (cp->m == NULL) 187 bpf_error("out of memory"); 188 189 memset((char *)cp->m, 0, size); 190 cp->n_left = size; 191 if (n > size) 192 bpf_error("out of memory"); 193 } 194 cp->n_left -= n; 195 return (void *)((char *)cp->m + cp->n_left); 196 } 197 198 static void 199 freechunks() 200 { 201 int i; 202 203 cur_chunk = 0; 204 for (i = 0; i < NCHUNKS; ++i) 205 if (chunks[i].m != NULL) { 206 free(chunks[i].m); 207 chunks[i].m = NULL; 208 } 209 } 210 211 /* 212 * A strdup whose allocations are freed after code generation is over. 213 */ 214 char * 215 sdup(s) 216 register const char *s; 217 { 218 int n = strlen(s) + 1; 219 char *cp = newchunk(n); 220 221 strlcpy(cp, s, n); 222 return (cp); 223 } 224 225 static __inline struct block * 226 new_block(code) 227 int code; 228 { 229 struct block *p; 230 231 p = (struct block *)newchunk(sizeof(*p)); 232 p->s.code = code; 233 p->head = p; 234 235 return p; 236 } 237 238 static __inline struct slist * 239 new_stmt(code) 240 int code; 241 { 242 struct slist *p; 243 244 p = (struct slist *)newchunk(sizeof(*p)); 245 p->s.code = code; 246 247 return p; 248 } 249 250 static struct block * 251 gen_retblk(v) 252 int v; 253 { 254 struct block *b = new_block(BPF_RET|BPF_K); 255 256 b->s.k = v; 257 return b; 258 } 259 260 static __inline void 261 syntax() 262 { 263 bpf_error("syntax error in filter expression"); 264 } 265 266 static bpf_u_int32 netmask; 267 static int snaplen; 268 int no_optimize; 269 270 int 271 pcap_compile(pcap_t *p, struct bpf_program *program, 272 char *buf, int optimize, bpf_u_int32 mask) 273 { 274 extern int n_errors; 275 int len; 276 277 no_optimize = 0; 278 n_errors = 0; 279 root = NULL; 280 bpf_pcap = p; 281 if (setjmp(top_ctx)) { 282 freechunks(); 283 return (-1); 284 } 285 286 netmask = mask; 287 snaplen = pcap_snapshot(p); 288 289 lex_init(buf ? buf : ""); 290 init_linktype(pcap_datalink(p)); 291 (void)pcap_parse(); 292 293 if (n_errors) 294 syntax(); 295 296 if (root == NULL) 297 root = gen_retblk(snaplen); 298 299 if (optimize && !no_optimize) { 300 bpf_optimize(&root); 301 if (root == NULL || 302 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 303 bpf_error("expression rejects all packets"); 304 } 305 program->bf_insns = icode_to_fcode(root, &len); 306 program->bf_len = len; 307 308 freechunks(); 309 return (0); 310 } 311 312 /* 313 * entry point for using the compiler with no pcap open 314 * pass in all the stuff that is needed explicitly instead. 315 */ 316 int 317 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 318 struct bpf_program *program, 319 char *buf, int optimize, bpf_u_int32 mask) 320 { 321 extern int n_errors; 322 int len; 323 324 n_errors = 0; 325 root = NULL; 326 bpf_pcap = NULL; 327 if (setjmp(top_ctx)) { 328 freechunks(); 329 return (-1); 330 } 331 332 netmask = mask; 333 334 /* XXX needed? I don't grok the use of globals here. */ 335 snaplen = snaplen_arg; 336 337 lex_init(buf ? buf : ""); 338 init_linktype(linktype_arg); 339 (void)pcap_parse(); 340 341 if (n_errors) 342 syntax(); 343 344 if (root == NULL) 345 root = gen_retblk(snaplen_arg); 346 347 if (optimize) { 348 bpf_optimize(&root); 349 if (root == NULL || 350 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 351 bpf_error("expression rejects all packets"); 352 } 353 program->bf_insns = icode_to_fcode(root, &len); 354 program->bf_len = len; 355 356 freechunks(); 357 return (0); 358 } 359 360 /* 361 * Clean up a "struct bpf_program" by freeing all the memory allocated 362 * in it. 363 */ 364 void 365 pcap_freecode(struct bpf_program *program) 366 { 367 program->bf_len = 0; 368 if (program->bf_insns != NULL) { 369 free((char *)program->bf_insns); 370 program->bf_insns = NULL; 371 } 372 } 373 374 /* 375 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 376 * which of the jt and jf fields has been resolved and which is a pointer 377 * back to another unresolved block (or nil). At least one of the fields 378 * in each block is already resolved. 379 */ 380 static void 381 backpatch(list, target) 382 struct block *list, *target; 383 { 384 struct block *next; 385 386 while (list) { 387 if (!list->sense) { 388 next = JT(list); 389 JT(list) = target; 390 } else { 391 next = JF(list); 392 JF(list) = target; 393 } 394 list = next; 395 } 396 } 397 398 /* 399 * Merge the lists in b0 and b1, using the 'sense' field to indicate 400 * which of jt and jf is the link. 401 */ 402 static void 403 merge(b0, b1) 404 struct block *b0, *b1; 405 { 406 register struct block **p = &b0; 407 408 /* Find end of list. */ 409 while (*p) 410 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 411 412 /* Concatenate the lists. */ 413 *p = b1; 414 } 415 416 void 417 finish_parse(p) 418 struct block *p; 419 { 420 backpatch(p, gen_retblk(snaplen)); 421 p->sense = !p->sense; 422 backpatch(p, gen_retblk(0)); 423 root = p->head; 424 } 425 426 void 427 gen_and(b0, b1) 428 struct block *b0, *b1; 429 { 430 backpatch(b0, b1->head); 431 b0->sense = !b0->sense; 432 b1->sense = !b1->sense; 433 merge(b1, b0); 434 b1->sense = !b1->sense; 435 b1->head = b0->head; 436 } 437 438 void 439 gen_or(b0, b1) 440 struct block *b0, *b1; 441 { 442 b0->sense = !b0->sense; 443 backpatch(b0, b1->head); 444 b0->sense = !b0->sense; 445 merge(b1, b0); 446 b1->head = b0->head; 447 } 448 449 void 450 gen_not(b) 451 struct block *b; 452 { 453 b->sense = !b->sense; 454 } 455 456 static struct block * 457 gen_cmp(offset, size, v) 458 u_int offset, size; 459 bpf_int32 v; 460 { 461 struct slist *s; 462 struct block *b; 463 464 s = new_stmt(BPF_LD|BPF_ABS|size); 465 s->s.k = offset; 466 467 b = new_block(JMP(BPF_JEQ)); 468 b->stmts = s; 469 b->s.k = v; 470 471 return b; 472 } 473 474 static struct block * 475 gen_cmp_gt(offset, size, v) 476 u_int offset, size; 477 bpf_int32 v; 478 { 479 struct slist *s; 480 struct block *b; 481 482 s = new_stmt(BPF_LD|BPF_ABS|size); 483 s->s.k = offset; 484 485 b = new_block(JMP(BPF_JGT)); 486 b->stmts = s; 487 b->s.k = v; 488 489 return b; 490 } 491 492 static struct block * 493 gen_mcmp(offset, size, v, mask) 494 u_int offset, size; 495 bpf_int32 v; 496 bpf_u_int32 mask; 497 { 498 struct block *b = gen_cmp(offset, size, v); 499 struct slist *s; 500 501 if (mask != 0xffffffff) { 502 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 503 s->s.k = mask; 504 b->stmts->next = s; 505 } 506 return b; 507 } 508 509 static struct block * 510 gen_bcmp(offset, size, v) 511 register u_int offset, size; 512 register const u_char *v; 513 { 514 register struct block *b, *tmp; 515 516 b = NULL; 517 while (size >= 4) { 518 register const u_char *p = &v[size - 4]; 519 bpf_int32 w = ((bpf_int32)p[0] << 24) | 520 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 521 522 tmp = gen_cmp(offset + size - 4, BPF_W, w); 523 if (b != NULL) 524 gen_and(b, tmp); 525 b = tmp; 526 size -= 4; 527 } 528 while (size >= 2) { 529 register const u_char *p = &v[size - 2]; 530 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 531 532 tmp = gen_cmp(offset + size - 2, BPF_H, w); 533 if (b != NULL) 534 gen_and(b, tmp); 535 b = tmp; 536 size -= 2; 537 } 538 if (size > 0) { 539 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 540 if (b != NULL) 541 gen_and(b, tmp); 542 b = tmp; 543 } 544 return b; 545 } 546 547 /* 548 * Various code constructs need to know the layout of the data link 549 * layer. These variables give the necessary offsets. off_linktype 550 * is set to -1 for no encapsulation, in which case, IP is assumed. 551 */ 552 static u_int off_linktype; 553 static u_int off_nl; 554 static u_int off_nl_nosnap; 555 556 static int linktype; 557 558 static void 559 init_linktype(type) 560 int type; 561 { 562 linktype = type; 563 564 switch (type) { 565 566 case DLT_EN10MB: 567 off_linktype = 12; 568 off_nl = 14; 569 return; 570 571 case DLT_SLIP: 572 /* 573 * SLIP doesn't have a link level type. The 16 byte 574 * header is hacked into our SLIP driver. 575 */ 576 off_linktype = -1; 577 off_nl = 16; 578 return; 579 580 case DLT_SLIP_BSDOS: 581 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 582 off_linktype = -1; 583 /* XXX end */ 584 off_nl = 24; 585 return; 586 587 case DLT_NULL: 588 off_linktype = 0; 589 off_nl = 4; 590 return; 591 592 case DLT_PPP: 593 off_linktype = 2; 594 off_nl = 4; 595 return; 596 597 case DLT_PPP_ETHER: 598 /* 599 * This does not include the Ethernet header, and 600 * only covers session state. 601 */ 602 off_linktype = 6; 603 off_nl = 8; 604 return; 605 606 case DLT_PPP_BSDOS: 607 off_linktype = 5; 608 off_nl = 24; 609 return; 610 611 case DLT_FDDI: 612 /* 613 * FDDI doesn't really have a link-level type field. 614 * We assume that SSAP = SNAP is being used and pick 615 * out the encapsulated Ethernet type. 616 */ 617 off_linktype = 19; 618 #ifdef PCAP_FDDIPAD 619 off_linktype += pcap_fddipad; 620 #endif 621 off_nl = 21; 622 #ifdef PCAP_FDDIPAD 623 off_nl += pcap_fddipad; 624 #endif 625 return; 626 627 case DLT_IEEE802: 628 off_linktype = 20; 629 off_nl = 22; 630 return; 631 632 case DLT_IEEE802_11: 633 off_linktype = 30; /* XXX variable */ 634 off_nl = 32; 635 return; 636 637 case DLT_IEEE802_11_RADIO: /* XXX variable */ 638 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 639 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 640 return; 641 642 case DLT_ATM_RFC1483: 643 /* 644 * assume routed, non-ISO PDUs 645 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 646 */ 647 off_linktype = 6; 648 off_nl = 8; 649 return; 650 651 case DLT_LOOP: 652 off_linktype = -1; 653 off_nl = 4; 654 return; 655 656 case DLT_ENC: 657 off_linktype = -1; 658 off_nl = 12; 659 return; 660 661 case DLT_OLD_PFLOG: 662 off_linktype = 0; 663 off_nl = 28; 664 return; 665 666 case DLT_PFLOG: 667 off_linktype = 0; 668 /* XXX read from header? */ 669 off_nl = PFLOG_HDRLEN; 670 return; 671 672 case DLT_PFSYNC: 673 off_linktype = -1; 674 off_nl = 4; 675 return; 676 677 case DLT_RAW: 678 off_linktype = -1; 679 off_nl = 0; 680 return; 681 } 682 bpf_error("unknown data link type 0x%x", linktype); 683 /* NOTREACHED */ 684 } 685 686 static struct block * 687 gen_uncond(rsense) 688 int rsense; 689 { 690 struct block *b; 691 struct slist *s; 692 693 s = new_stmt(BPF_LD|BPF_IMM); 694 s->s.k = !rsense; 695 b = new_block(JMP(BPF_JEQ)); 696 b->stmts = s; 697 698 return b; 699 } 700 701 static __inline struct block * 702 gen_true() 703 { 704 return gen_uncond(1); 705 } 706 707 static __inline struct block * 708 gen_false() 709 { 710 return gen_uncond(0); 711 } 712 713 static struct block * 714 gen_linktype(proto) 715 register int proto; 716 { 717 struct block *b0, *b1; 718 719 /* If we're not using encapsulation and checking for IP, we're done */ 720 if (off_linktype == -1 && proto == ETHERTYPE_IP) 721 return gen_true(); 722 #ifdef INET6 723 /* this isn't the right thing to do, but sometimes necessary */ 724 if (off_linktype == -1 && proto == ETHERTYPE_IPV6) 725 return gen_true(); 726 #endif 727 728 switch (linktype) { 729 730 case DLT_EN10MB: 731 if (proto <= ETHERMTU) { 732 /* This is an LLC SAP value */ 733 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 734 gen_not(b0); 735 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 736 gen_and(b0, b1); 737 return b1; 738 } else { 739 /* This is an Ethernet type */ 740 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 741 } 742 break; 743 744 case DLT_SLIP: 745 return gen_false(); 746 747 case DLT_PPP: 748 case DLT_PPP_ETHER: 749 if (proto == ETHERTYPE_IP) 750 proto = PPP_IP; /* XXX was 0x21 */ 751 #ifdef INET6 752 else if (proto == ETHERTYPE_IPV6) 753 proto = PPP_IPV6; 754 #endif 755 break; 756 757 case DLT_PPP_BSDOS: 758 switch (proto) { 759 760 case ETHERTYPE_IP: 761 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 762 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 763 gen_or(b0, b1); 764 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 765 gen_or(b1, b0); 766 return b0; 767 768 #ifdef INET6 769 case ETHERTYPE_IPV6: 770 proto = PPP_IPV6; 771 /* more to go? */ 772 break; 773 #endif /* INET6 */ 774 775 case ETHERTYPE_DN: 776 proto = PPP_DECNET; 777 break; 778 779 case ETHERTYPE_ATALK: 780 proto = PPP_APPLE; 781 break; 782 783 case ETHERTYPE_NS: 784 proto = PPP_NS; 785 break; 786 } 787 break; 788 789 case DLT_LOOP: 790 case DLT_ENC: 791 case DLT_NULL: 792 /* XXX */ 793 if (proto == ETHERTYPE_IP) 794 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 795 #ifdef INET6 796 else if (proto == ETHERTYPE_IPV6) 797 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 798 #endif /* INET6 */ 799 else 800 return gen_false(); 801 break; 802 case DLT_OLD_PFLOG: 803 if (proto == ETHERTYPE_IP) 804 return (gen_cmp(0, BPF_W, (bpf_int32)AF_INET)); 805 #ifdef INET6 806 else if (proto == ETHERTYPE_IPV6) 807 return (gen_cmp(0, BPF_W, (bpf_int32)AF_INET6)); 808 #endif /* INET6 */ 809 else 810 return gen_false(); 811 break; 812 813 case DLT_PFLOG: 814 if (proto == ETHERTYPE_IP) 815 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 816 (bpf_int32)AF_INET)); 817 #ifdef INET6 818 else if (proto == ETHERTYPE_IPV6) 819 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 820 (bpf_int32)AF_INET6)); 821 #endif /* INET6 */ 822 else 823 return gen_false(); 824 break; 825 826 } 827 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 828 } 829 830 static struct block * 831 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 832 bpf_u_int32 addr; 833 bpf_u_int32 mask; 834 int dir, proto; 835 u_int src_off, dst_off; 836 { 837 struct block *b0, *b1; 838 u_int offset; 839 840 switch (dir) { 841 842 case Q_SRC: 843 offset = src_off; 844 break; 845 846 case Q_DST: 847 offset = dst_off; 848 break; 849 850 case Q_AND: 851 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 852 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 853 gen_and(b0, b1); 854 return b1; 855 856 case Q_OR: 857 case Q_DEFAULT: 858 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 859 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 860 gen_or(b0, b1); 861 return b1; 862 863 default: 864 bpf_error("direction not supported on linktype 0x%x", 865 linktype); 866 } 867 b0 = gen_linktype(proto); 868 b1 = gen_mcmp(offset, BPF_W, (bpf_int32)addr, mask); 869 gen_and(b0, b1); 870 return b1; 871 } 872 873 #ifdef INET6 874 static struct block * 875 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 876 struct in6_addr *addr; 877 struct in6_addr *mask; 878 int dir, proto; 879 u_int src_off, dst_off; 880 { 881 struct block *b0, *b1; 882 u_int offset; 883 u_int32_t *a, *m; 884 885 switch (dir) { 886 887 case Q_SRC: 888 offset = src_off; 889 break; 890 891 case Q_DST: 892 offset = dst_off; 893 break; 894 895 case Q_AND: 896 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 897 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 898 gen_and(b0, b1); 899 return b1; 900 901 case Q_OR: 902 case Q_DEFAULT: 903 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 904 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 905 gen_or(b0, b1); 906 return b1; 907 908 default: 909 bpf_error("direction not supported on linktype 0x%x", 910 linktype); 911 } 912 /* this order is important */ 913 a = (u_int32_t *)addr; 914 m = (u_int32_t *)mask; 915 b1 = gen_mcmp(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 916 b0 = gen_mcmp(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 917 gen_and(b0, b1); 918 b0 = gen_mcmp(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 919 gen_and(b0, b1); 920 b0 = gen_mcmp(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 921 gen_and(b0, b1); 922 b0 = gen_linktype(proto); 923 gen_and(b0, b1); 924 return b1; 925 } 926 #endif /*INET6*/ 927 928 static struct block * 929 gen_ehostop(eaddr, dir) 930 register const u_char *eaddr; 931 register int dir; 932 { 933 struct block *b0, *b1; 934 935 switch (dir) { 936 case Q_SRC: 937 return gen_bcmp(6, 6, eaddr); 938 939 case Q_DST: 940 return gen_bcmp(0, 6, eaddr); 941 942 case Q_AND: 943 b0 = gen_ehostop(eaddr, Q_SRC); 944 b1 = gen_ehostop(eaddr, Q_DST); 945 gen_and(b0, b1); 946 return b1; 947 948 case Q_DEFAULT: 949 case Q_OR: 950 b0 = gen_ehostop(eaddr, Q_SRC); 951 b1 = gen_ehostop(eaddr, Q_DST); 952 gen_or(b0, b1); 953 return b1; 954 default: 955 bpf_error("direction not supported on linktype 0x%x", 956 linktype); 957 } 958 /* NOTREACHED */ 959 } 960 961 /* 962 * Like gen_ehostop, but for DLT_FDDI 963 */ 964 static struct block * 965 gen_fhostop(eaddr, dir) 966 register const u_char *eaddr; 967 register int dir; 968 { 969 struct block *b0, *b1; 970 971 switch (dir) { 972 case Q_SRC: 973 #ifdef PCAP_FDDIPAD 974 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 975 #else 976 return gen_bcmp(6 + 1, 6, eaddr); 977 #endif 978 979 case Q_DST: 980 #ifdef PCAP_FDDIPAD 981 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 982 #else 983 return gen_bcmp(0 + 1, 6, eaddr); 984 #endif 985 986 case Q_AND: 987 b0 = gen_fhostop(eaddr, Q_SRC); 988 b1 = gen_fhostop(eaddr, Q_DST); 989 gen_and(b0, b1); 990 return b1; 991 992 case Q_DEFAULT: 993 case Q_OR: 994 b0 = gen_fhostop(eaddr, Q_SRC); 995 b1 = gen_fhostop(eaddr, Q_DST); 996 gen_or(b0, b1); 997 return b1; 998 default: 999 bpf_error("direction not supported on linktype 0x%x", 1000 linktype); 1001 } 1002 /* NOTREACHED */ 1003 } 1004 1005 /* 1006 * This is quite tricky because there may be pad bytes in front of the 1007 * DECNET header, and then there are two possible data packet formats that 1008 * carry both src and dst addresses, plus 5 packet types in a format that 1009 * carries only the src node, plus 2 types that use a different format and 1010 * also carry just the src node. 1011 * 1012 * Yuck. 1013 * 1014 * Instead of doing those all right, we just look for data packets with 1015 * 0 or 1 bytes of padding. If you want to look at other packets, that 1016 * will require a lot more hacking. 1017 * 1018 * To add support for filtering on DECNET "areas" (network numbers) 1019 * one would want to add a "mask" argument to this routine. That would 1020 * make the filter even more inefficient, although one could be clever 1021 * and not generate masking instructions if the mask is 0xFFFF. 1022 */ 1023 static struct block * 1024 gen_dnhostop(addr, dir, base_off) 1025 bpf_u_int32 addr; 1026 int dir; 1027 u_int base_off; 1028 { 1029 struct block *b0, *b1, *b2, *tmp; 1030 u_int offset_lh; /* offset if long header is received */ 1031 u_int offset_sh; /* offset if short header is received */ 1032 1033 switch (dir) { 1034 1035 case Q_DST: 1036 offset_sh = 1; /* follows flags */ 1037 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1038 break; 1039 1040 case Q_SRC: 1041 offset_sh = 3; /* follows flags, dstnode */ 1042 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1043 break; 1044 1045 case Q_AND: 1046 /* Inefficient because we do our Calvinball dance twice */ 1047 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1048 b1 = gen_dnhostop(addr, Q_DST, base_off); 1049 gen_and(b0, b1); 1050 return b1; 1051 1052 case Q_OR: 1053 case Q_DEFAULT: 1054 /* Inefficient because we do our Calvinball dance twice */ 1055 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1056 b1 = gen_dnhostop(addr, Q_DST, base_off); 1057 gen_or(b0, b1); 1058 return b1; 1059 1060 default: 1061 bpf_error("direction not supported on linktype 0x%x", 1062 linktype); 1063 } 1064 b0 = gen_linktype(ETHERTYPE_DN); 1065 /* Check for pad = 1, long header case */ 1066 tmp = gen_mcmp(base_off + 2, BPF_H, 1067 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1068 b1 = gen_cmp(base_off + 2 + 1 + offset_lh, 1069 BPF_H, (bpf_int32)ntohs(addr)); 1070 gen_and(tmp, b1); 1071 /* Check for pad = 0, long header case */ 1072 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1073 b2 = gen_cmp(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1074 gen_and(tmp, b2); 1075 gen_or(b2, b1); 1076 /* Check for pad = 1, short header case */ 1077 tmp = gen_mcmp(base_off + 2, BPF_H, 1078 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1079 b2 = gen_cmp(base_off + 2 + 1 + offset_sh, 1080 BPF_H, (bpf_int32)ntohs(addr)); 1081 gen_and(tmp, b2); 1082 gen_or(b2, b1); 1083 /* Check for pad = 0, short header case */ 1084 tmp = gen_mcmp(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1085 b2 = gen_cmp(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1086 gen_and(tmp, b2); 1087 gen_or(b2, b1); 1088 1089 /* Combine with test for linktype */ 1090 gen_and(b0, b1); 1091 return b1; 1092 } 1093 1094 static struct block * 1095 gen_host(addr, mask, proto, dir) 1096 bpf_u_int32 addr; 1097 bpf_u_int32 mask; 1098 int proto; 1099 int dir; 1100 { 1101 struct block *b0, *b1; 1102 1103 switch (proto) { 1104 1105 case Q_DEFAULT: 1106 b0 = gen_host(addr, mask, Q_IP, dir); 1107 b1 = gen_host(addr, mask, Q_ARP, dir); 1108 gen_or(b0, b1); 1109 b0 = gen_host(addr, mask, Q_RARP, dir); 1110 gen_or(b1, b0); 1111 return b0; 1112 1113 case Q_IP: 1114 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1115 off_nl + 12, off_nl + 16); 1116 1117 case Q_RARP: 1118 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1119 off_nl + 14, off_nl + 24); 1120 1121 case Q_ARP: 1122 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1123 off_nl + 14, off_nl + 24); 1124 1125 case Q_TCP: 1126 bpf_error("'tcp' modifier applied to host"); 1127 1128 case Q_UDP: 1129 bpf_error("'udp' modifier applied to host"); 1130 1131 case Q_ICMP: 1132 bpf_error("'icmp' modifier applied to host"); 1133 1134 case Q_IGMP: 1135 bpf_error("'igmp' modifier applied to host"); 1136 1137 case Q_IGRP: 1138 bpf_error("'igrp' modifier applied to host"); 1139 1140 case Q_PIM: 1141 bpf_error("'pim' modifier applied to host"); 1142 1143 case Q_STP: 1144 bpf_error("'stp' modifier applied to host"); 1145 1146 case Q_ATALK: 1147 bpf_error("ATALK host filtering not implemented"); 1148 1149 case Q_DECNET: 1150 return gen_dnhostop(addr, dir, off_nl); 1151 1152 case Q_SCA: 1153 bpf_error("SCA host filtering not implemented"); 1154 1155 case Q_LAT: 1156 bpf_error("LAT host filtering not implemented"); 1157 1158 case Q_MOPDL: 1159 bpf_error("MOPDL host filtering not implemented"); 1160 1161 case Q_MOPRC: 1162 bpf_error("MOPRC host filtering not implemented"); 1163 1164 #ifdef INET6 1165 case Q_IPV6: 1166 bpf_error("'ip6' modifier applied to ip host"); 1167 1168 case Q_ICMPV6: 1169 bpf_error("'icmp6' modifier applied to host"); 1170 #endif /* INET6 */ 1171 1172 case Q_AH: 1173 bpf_error("'ah' modifier applied to host"); 1174 1175 case Q_ESP: 1176 bpf_error("'esp' modifier applied to host"); 1177 1178 default: 1179 bpf_error("direction not supported on linktype 0x%x", 1180 linktype); 1181 } 1182 /* NOTREACHED */ 1183 } 1184 1185 #ifdef INET6 1186 static struct block * 1187 gen_host6(addr, mask, proto, dir) 1188 struct in6_addr *addr; 1189 struct in6_addr *mask; 1190 int proto; 1191 int dir; 1192 { 1193 switch (proto) { 1194 1195 case Q_DEFAULT: 1196 return gen_host6(addr, mask, Q_IPV6, dir); 1197 1198 case Q_IP: 1199 bpf_error("'ip' modifier applied to ip6 host"); 1200 1201 case Q_RARP: 1202 bpf_error("'rarp' modifier applied to ip6 host"); 1203 1204 case Q_ARP: 1205 bpf_error("'arp' modifier applied to ip6 host"); 1206 1207 case Q_TCP: 1208 bpf_error("'tcp' modifier applied to host"); 1209 1210 case Q_UDP: 1211 bpf_error("'udp' modifier applied to host"); 1212 1213 case Q_ICMP: 1214 bpf_error("'icmp' modifier applied to host"); 1215 1216 case Q_IGMP: 1217 bpf_error("'igmp' modifier applied to host"); 1218 1219 case Q_IGRP: 1220 bpf_error("'igrp' modifier applied to host"); 1221 1222 case Q_PIM: 1223 bpf_error("'pim' modifier applied to host"); 1224 1225 case Q_STP: 1226 bpf_error("'stp' modifier applied to host"); 1227 1228 case Q_ATALK: 1229 bpf_error("ATALK host filtering not implemented"); 1230 1231 case Q_DECNET: 1232 bpf_error("'decnet' modifier applied to ip6 host"); 1233 1234 case Q_SCA: 1235 bpf_error("SCA host filtering not implemented"); 1236 1237 case Q_LAT: 1238 bpf_error("LAT host filtering not implemented"); 1239 1240 case Q_MOPDL: 1241 bpf_error("MOPDL host filtering not implemented"); 1242 1243 case Q_MOPRC: 1244 bpf_error("MOPRC host filtering not implemented"); 1245 1246 case Q_IPV6: 1247 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1248 off_nl + 8, off_nl + 24); 1249 1250 case Q_ICMPV6: 1251 bpf_error("'icmp6' modifier applied to host"); 1252 1253 case Q_AH: 1254 bpf_error("'ah' modifier applied to host"); 1255 1256 case Q_ESP: 1257 bpf_error("'esp' modifier applied to host"); 1258 1259 default: 1260 abort(); 1261 } 1262 /* NOTREACHED */ 1263 } 1264 #endif /*INET6*/ 1265 1266 #ifndef INET6 1267 static struct block * 1268 gen_gateway(eaddr, alist, proto, dir) 1269 const u_char *eaddr; 1270 bpf_u_int32 **alist; 1271 int proto; 1272 int dir; 1273 { 1274 struct block *b0, *b1, *tmp; 1275 1276 if (dir != 0) 1277 bpf_error("direction applied to 'gateway'"); 1278 1279 switch (proto) { 1280 case Q_DEFAULT: 1281 case Q_IP: 1282 case Q_ARP: 1283 case Q_RARP: 1284 if (linktype == DLT_EN10MB) 1285 b0 = gen_ehostop(eaddr, Q_OR); 1286 else if (linktype == DLT_FDDI) 1287 b0 = gen_fhostop(eaddr, Q_OR); 1288 else 1289 bpf_error( 1290 "'gateway' supported only on ethernet or FDDI"); 1291 1292 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1293 while (*alist) { 1294 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1295 gen_or(b1, tmp); 1296 b1 = tmp; 1297 } 1298 gen_not(b1); 1299 gen_and(b0, b1); 1300 return b1; 1301 } 1302 bpf_error("illegal modifier of 'gateway'"); 1303 /* NOTREACHED */ 1304 } 1305 #endif /*INET6*/ 1306 1307 struct block * 1308 gen_proto_abbrev(proto) 1309 int proto; 1310 { 1311 struct block *b0 = NULL, *b1; 1312 1313 switch (proto) { 1314 1315 case Q_TCP: 1316 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1317 #ifdef INET6 1318 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1319 gen_or(b0, b1); 1320 #endif 1321 break; 1322 1323 case Q_UDP: 1324 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1325 #ifdef INET6 1326 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1327 gen_or(b0, b1); 1328 #endif 1329 break; 1330 1331 case Q_ICMP: 1332 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1333 break; 1334 1335 #ifndef IPPROTO_IGMP 1336 #define IPPROTO_IGMP 2 1337 #endif 1338 1339 case Q_IGMP: 1340 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1341 break; 1342 1343 #ifndef IPPROTO_IGRP 1344 #define IPPROTO_IGRP 9 1345 #endif 1346 case Q_IGRP: 1347 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1348 break; 1349 1350 #ifndef IPPROTO_PIM 1351 #define IPPROTO_PIM 103 1352 #endif 1353 1354 case Q_PIM: 1355 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1356 #ifdef INET6 1357 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1358 gen_or(b0, b1); 1359 #endif 1360 break; 1361 1362 case Q_IP: 1363 b1 = gen_linktype(ETHERTYPE_IP); 1364 break; 1365 1366 case Q_ARP: 1367 b1 = gen_linktype(ETHERTYPE_ARP); 1368 break; 1369 1370 case Q_RARP: 1371 b1 = gen_linktype(ETHERTYPE_REVARP); 1372 break; 1373 1374 case Q_LINK: 1375 bpf_error("link layer applied in wrong context"); 1376 1377 case Q_ATALK: 1378 b1 = gen_linktype(ETHERTYPE_ATALK); 1379 break; 1380 1381 case Q_DECNET: 1382 b1 = gen_linktype(ETHERTYPE_DN); 1383 break; 1384 1385 case Q_SCA: 1386 b1 = gen_linktype(ETHERTYPE_SCA); 1387 break; 1388 1389 case Q_LAT: 1390 b1 = gen_linktype(ETHERTYPE_LAT); 1391 break; 1392 1393 case Q_MOPDL: 1394 b1 = gen_linktype(ETHERTYPE_MOPDL); 1395 break; 1396 1397 case Q_MOPRC: 1398 b1 = gen_linktype(ETHERTYPE_MOPRC); 1399 break; 1400 1401 case Q_STP: 1402 b1 = gen_linktype(LLCSAP_8021D); 1403 break; 1404 1405 #ifdef INET6 1406 case Q_IPV6: 1407 b1 = gen_linktype(ETHERTYPE_IPV6); 1408 break; 1409 1410 #ifndef IPPROTO_ICMPV6 1411 #define IPPROTO_ICMPV6 58 1412 #endif 1413 case Q_ICMPV6: 1414 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1415 break; 1416 #endif /* INET6 */ 1417 1418 #ifndef IPPROTO_AH 1419 #define IPPROTO_AH 51 1420 #endif 1421 case Q_AH: 1422 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1423 #ifdef INET6 1424 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1425 gen_or(b0, b1); 1426 #endif 1427 break; 1428 1429 #ifndef IPPROTO_ESP 1430 #define IPPROTO_ESP 50 1431 #endif 1432 case Q_ESP: 1433 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1434 #ifdef INET6 1435 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1436 gen_or(b0, b1); 1437 #endif 1438 break; 1439 1440 default: 1441 abort(); 1442 } 1443 return b1; 1444 } 1445 1446 static struct block * 1447 gen_ipfrag() 1448 { 1449 struct slist *s; 1450 struct block *b; 1451 1452 /* not ip frag */ 1453 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1454 s->s.k = off_nl + 6; 1455 b = new_block(JMP(BPF_JSET)); 1456 b->s.k = 0x1fff; 1457 b->stmts = s; 1458 gen_not(b); 1459 1460 return b; 1461 } 1462 1463 static struct block * 1464 gen_portatom(off, v) 1465 int off; 1466 bpf_int32 v; 1467 { 1468 struct slist *s; 1469 struct block *b; 1470 1471 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1472 s->s.k = off_nl; 1473 1474 s->next = new_stmt(BPF_LD|BPF_IND|BPF_H); 1475 s->next->s.k = off_nl + off; 1476 1477 b = new_block(JMP(BPF_JEQ)); 1478 b->stmts = s; 1479 b->s.k = v; 1480 1481 return b; 1482 } 1483 1484 #ifdef INET6 1485 static struct block * 1486 gen_portatom6(off, v) 1487 int off; 1488 bpf_int32 v; 1489 { 1490 return gen_cmp(off_nl + 40 + off, BPF_H, v); 1491 } 1492 #endif/*INET6*/ 1493 1494 struct block * 1495 gen_portop(port, proto, dir) 1496 int port, proto, dir; 1497 { 1498 struct block *b0, *b1, *tmp; 1499 1500 /* ip proto 'proto' */ 1501 tmp = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)proto); 1502 b0 = gen_ipfrag(); 1503 gen_and(tmp, b0); 1504 1505 switch (dir) { 1506 case Q_SRC: 1507 b1 = gen_portatom(0, (bpf_int32)port); 1508 break; 1509 1510 case Q_DST: 1511 b1 = gen_portatom(2, (bpf_int32)port); 1512 break; 1513 1514 case Q_OR: 1515 case Q_DEFAULT: 1516 tmp = gen_portatom(0, (bpf_int32)port); 1517 b1 = gen_portatom(2, (bpf_int32)port); 1518 gen_or(tmp, b1); 1519 break; 1520 1521 case Q_AND: 1522 tmp = gen_portatom(0, (bpf_int32)port); 1523 b1 = gen_portatom(2, (bpf_int32)port); 1524 gen_and(tmp, b1); 1525 break; 1526 1527 default: 1528 abort(); 1529 } 1530 gen_and(b0, b1); 1531 1532 return b1; 1533 } 1534 1535 static struct block * 1536 gen_port(port, ip_proto, dir) 1537 int port; 1538 int ip_proto; 1539 int dir; 1540 { 1541 struct block *b0, *b1, *tmp; 1542 1543 /* ether proto ip */ 1544 b0 = gen_linktype(ETHERTYPE_IP); 1545 1546 switch (ip_proto) { 1547 case IPPROTO_UDP: 1548 case IPPROTO_TCP: 1549 b1 = gen_portop(port, ip_proto, dir); 1550 break; 1551 1552 case PROTO_UNDEF: 1553 tmp = gen_portop(port, IPPROTO_TCP, dir); 1554 b1 = gen_portop(port, IPPROTO_UDP, dir); 1555 gen_or(tmp, b1); 1556 break; 1557 1558 default: 1559 abort(); 1560 } 1561 gen_and(b0, b1); 1562 return b1; 1563 } 1564 1565 #ifdef INET6 1566 struct block * 1567 gen_portop6(port, proto, dir) 1568 int port, proto, dir; 1569 { 1570 struct block *b0, *b1, *tmp; 1571 1572 /* ip proto 'proto' */ 1573 b0 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)proto); 1574 1575 switch (dir) { 1576 case Q_SRC: 1577 b1 = gen_portatom6(0, (bpf_int32)port); 1578 break; 1579 1580 case Q_DST: 1581 b1 = gen_portatom6(2, (bpf_int32)port); 1582 break; 1583 1584 case Q_OR: 1585 case Q_DEFAULT: 1586 tmp = gen_portatom6(0, (bpf_int32)port); 1587 b1 = gen_portatom6(2, (bpf_int32)port); 1588 gen_or(tmp, b1); 1589 break; 1590 1591 case Q_AND: 1592 tmp = gen_portatom6(0, (bpf_int32)port); 1593 b1 = gen_portatom6(2, (bpf_int32)port); 1594 gen_and(tmp, b1); 1595 break; 1596 1597 default: 1598 abort(); 1599 } 1600 gen_and(b0, b1); 1601 1602 return b1; 1603 } 1604 1605 static struct block * 1606 gen_port6(port, ip_proto, dir) 1607 int port; 1608 int ip_proto; 1609 int dir; 1610 { 1611 struct block *b0, *b1, *tmp; 1612 1613 /* ether proto ip */ 1614 b0 = gen_linktype(ETHERTYPE_IPV6); 1615 1616 switch (ip_proto) { 1617 case IPPROTO_UDP: 1618 case IPPROTO_TCP: 1619 b1 = gen_portop6(port, ip_proto, dir); 1620 break; 1621 1622 case PROTO_UNDEF: 1623 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1624 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1625 gen_or(tmp, b1); 1626 break; 1627 1628 default: 1629 abort(); 1630 } 1631 gen_and(b0, b1); 1632 return b1; 1633 } 1634 #endif /* INET6 */ 1635 1636 static int 1637 lookup_proto(name, proto) 1638 register const char *name; 1639 register int proto; 1640 { 1641 register int v; 1642 1643 switch (proto) { 1644 1645 case Q_DEFAULT: 1646 case Q_IP: 1647 v = pcap_nametoproto(name); 1648 if (v == PROTO_UNDEF) 1649 bpf_error("unknown ip proto '%s'", name); 1650 break; 1651 1652 case Q_LINK: 1653 /* XXX should look up h/w protocol type based on linktype */ 1654 v = pcap_nametoeproto(name); 1655 if (v == PROTO_UNDEF) { 1656 v = pcap_nametollc(name); 1657 if (v == PROTO_UNDEF) 1658 bpf_error("unknown ether proto '%s'", name); 1659 } 1660 break; 1661 1662 default: 1663 v = PROTO_UNDEF; 1664 break; 1665 } 1666 return v; 1667 } 1668 1669 static struct block * 1670 gen_protochain(v, proto, dir) 1671 int v; 1672 int proto; 1673 int dir; 1674 { 1675 struct block *b0, *b; 1676 struct slist *s[100]; 1677 int fix2, fix3, fix4, fix5; 1678 int ahcheck, again, end; 1679 int i, max; 1680 int reg1 = alloc_reg(); 1681 int reg2 = alloc_reg(); 1682 1683 memset(s, 0, sizeof(s)); 1684 fix2 = fix3 = fix4 = fix5 = 0; 1685 1686 switch (proto) { 1687 case Q_IP: 1688 case Q_IPV6: 1689 break; 1690 case Q_DEFAULT: 1691 b0 = gen_protochain(v, Q_IP, dir); 1692 b = gen_protochain(v, Q_IPV6, dir); 1693 gen_or(b0, b); 1694 return b; 1695 default: 1696 bpf_error("bad protocol applied for 'protochain'"); 1697 /*NOTREACHED*/ 1698 } 1699 1700 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1701 1702 /* 1703 * s[0] is a dummy entry to protect other BPF insn from damaged 1704 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1705 * hard to find interdependency made by jump table fixup. 1706 */ 1707 i = 0; 1708 s[i] = new_stmt(0); /*dummy*/ 1709 i++; 1710 1711 switch (proto) { 1712 case Q_IP: 1713 b0 = gen_linktype(ETHERTYPE_IP); 1714 1715 /* A = ip->ip_p */ 1716 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1717 s[i]->s.k = off_nl + 9; 1718 i++; 1719 /* X = ip->ip_hl << 2 */ 1720 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1721 s[i]->s.k = off_nl; 1722 i++; 1723 break; 1724 case Q_IPV6: 1725 b0 = gen_linktype(ETHERTYPE_IPV6); 1726 1727 /* A = ip6->ip_nxt */ 1728 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1729 s[i]->s.k = off_nl + 6; 1730 i++; 1731 /* X = sizeof(struct ip6_hdr) */ 1732 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1733 s[i]->s.k = 40; 1734 i++; 1735 break; 1736 default: 1737 bpf_error("unsupported proto to gen_protochain"); 1738 /*NOTREACHED*/ 1739 } 1740 1741 /* again: if (A == v) goto end; else fall through; */ 1742 again = i; 1743 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1744 s[i]->s.k = v; 1745 s[i]->s.jt = NULL; /*later*/ 1746 s[i]->s.jf = NULL; /*update in next stmt*/ 1747 fix5 = i; 1748 i++; 1749 1750 /* if (A == IPPROTO_NONE) goto end */ 1751 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1752 s[i]->s.jt = NULL; /*later*/ 1753 s[i]->s.jf = NULL; /*update in next stmt*/ 1754 s[i]->s.k = IPPROTO_NONE; 1755 s[fix5]->s.jf = s[i]; 1756 fix2 = i; 1757 i++; 1758 1759 if (proto == Q_IPV6) { 1760 int v6start, v6end, v6advance, j; 1761 1762 v6start = i; 1763 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1764 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1765 s[i]->s.jt = NULL; /*later*/ 1766 s[i]->s.jf = NULL; /*update in next stmt*/ 1767 s[i]->s.k = IPPROTO_HOPOPTS; 1768 s[fix2]->s.jf = s[i]; 1769 i++; 1770 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1771 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1772 s[i]->s.jt = NULL; /*later*/ 1773 s[i]->s.jf = NULL; /*update in next stmt*/ 1774 s[i]->s.k = IPPROTO_DSTOPTS; 1775 i++; 1776 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1777 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1778 s[i]->s.jt = NULL; /*later*/ 1779 s[i]->s.jf = NULL; /*update in next stmt*/ 1780 s[i]->s.k = IPPROTO_ROUTING; 1781 i++; 1782 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1783 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1784 s[i]->s.jt = NULL; /*later*/ 1785 s[i]->s.jf = NULL; /*later*/ 1786 s[i]->s.k = IPPROTO_FRAGMENT; 1787 fix3 = i; 1788 v6end = i; 1789 i++; 1790 1791 /* v6advance: */ 1792 v6advance = i; 1793 1794 /* 1795 * in short, 1796 * A = P[X + 1]; 1797 * X = X + (P[X] + 1) * 8; 1798 */ 1799 /* A = X */ 1800 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1801 i++; 1802 /* MEM[reg1] = A */ 1803 s[i] = new_stmt(BPF_ST); 1804 s[i]->s.k = reg1; 1805 i++; 1806 /* A += 1 */ 1807 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1808 s[i]->s.k = 1; 1809 i++; 1810 /* X = A */ 1811 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1812 i++; 1813 /* A = P[X + packet head]; */ 1814 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1815 s[i]->s.k = off_nl; 1816 i++; 1817 /* MEM[reg2] = A */ 1818 s[i] = new_stmt(BPF_ST); 1819 s[i]->s.k = reg2; 1820 i++; 1821 /* X = MEM[reg1] */ 1822 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1823 s[i]->s.k = reg1; 1824 i++; 1825 /* A = P[X + packet head] */ 1826 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1827 s[i]->s.k = off_nl; 1828 i++; 1829 /* A += 1 */ 1830 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1831 s[i]->s.k = 1; 1832 i++; 1833 /* A *= 8 */ 1834 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1835 s[i]->s.k = 8; 1836 i++; 1837 /* X = A; */ 1838 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1839 i++; 1840 /* A = MEM[reg2] */ 1841 s[i] = new_stmt(BPF_LD|BPF_MEM); 1842 s[i]->s.k = reg2; 1843 i++; 1844 1845 /* goto again; (must use BPF_JA for backward jump) */ 1846 s[i] = new_stmt(BPF_JMP|BPF_JA); 1847 s[i]->s.k = again - i - 1; 1848 s[i - 1]->s.jf = s[i]; 1849 i++; 1850 1851 /* fixup */ 1852 for (j = v6start; j <= v6end; j++) 1853 s[j]->s.jt = s[v6advance]; 1854 } else { 1855 /* nop */ 1856 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1857 s[i]->s.k = 0; 1858 s[fix2]->s.jf = s[i]; 1859 i++; 1860 } 1861 1862 /* ahcheck: */ 1863 ahcheck = i; 1864 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 1865 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1866 s[i]->s.jt = NULL; /*later*/ 1867 s[i]->s.jf = NULL; /*later*/ 1868 s[i]->s.k = IPPROTO_AH; 1869 if (fix3) 1870 s[fix3]->s.jf = s[ahcheck]; 1871 fix4 = i; 1872 i++; 1873 1874 /* 1875 * in short, 1876 * A = P[X + 1]; 1877 * X = X + (P[X] + 2) * 4; 1878 */ 1879 /* A = X */ 1880 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 1881 i++; 1882 /* MEM[reg1] = A */ 1883 s[i] = new_stmt(BPF_ST); 1884 s[i]->s.k = reg1; 1885 i++; 1886 /* A += 1 */ 1887 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1888 s[i]->s.k = 1; 1889 i++; 1890 /* X = A */ 1891 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1892 i++; 1893 /* A = P[X + packet head]; */ 1894 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1895 s[i]->s.k = off_nl; 1896 i++; 1897 /* MEM[reg2] = A */ 1898 s[i] = new_stmt(BPF_ST); 1899 s[i]->s.k = reg2; 1900 i++; 1901 /* X = MEM[reg1] */ 1902 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1903 s[i]->s.k = reg1; 1904 i++; 1905 /* A = P[X + packet head] */ 1906 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1907 s[i]->s.k = off_nl; 1908 i++; 1909 /* A += 2 */ 1910 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1911 s[i]->s.k = 2; 1912 i++; 1913 /* A *= 4 */ 1914 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1915 s[i]->s.k = 4; 1916 i++; 1917 /* X = A; */ 1918 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1919 i++; 1920 /* A = MEM[reg2] */ 1921 s[i] = new_stmt(BPF_LD|BPF_MEM); 1922 s[i]->s.k = reg2; 1923 i++; 1924 1925 /* goto again; (must use BPF_JA for backward jump) */ 1926 s[i] = new_stmt(BPF_JMP|BPF_JA); 1927 s[i]->s.k = again - i - 1; 1928 i++; 1929 1930 /* end: nop */ 1931 end = i; 1932 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1933 s[i]->s.k = 0; 1934 s[fix2]->s.jt = s[end]; 1935 s[fix4]->s.jf = s[end]; 1936 s[fix5]->s.jt = s[end]; 1937 i++; 1938 1939 /* 1940 * make slist chain 1941 */ 1942 max = i; 1943 for (i = 0; i < max - 1; i++) 1944 s[i]->next = s[i + 1]; 1945 s[max - 1]->next = NULL; 1946 1947 /* 1948 * emit final check 1949 */ 1950 b = new_block(JMP(BPF_JEQ)); 1951 b->stmts = s[1]; /*remember, s[0] is dummy*/ 1952 b->s.k = v; 1953 1954 free_reg(reg1); 1955 free_reg(reg2); 1956 1957 gen_and(b0, b); 1958 return b; 1959 } 1960 1961 static struct block * 1962 gen_proto(v, proto, dir) 1963 int v; 1964 int proto; 1965 int dir; 1966 { 1967 struct block *b0, *b1; 1968 1969 if (dir != Q_DEFAULT) 1970 bpf_error("direction applied to 'proto'"); 1971 1972 switch (proto) { 1973 case Q_DEFAULT: 1974 #ifdef INET6 1975 b0 = gen_proto(v, Q_IP, dir); 1976 b1 = gen_proto(v, Q_IPV6, dir); 1977 gen_or(b0, b1); 1978 return b1; 1979 #else 1980 /*FALLTHROUGH*/ 1981 #endif 1982 case Q_IP: 1983 b0 = gen_linktype(ETHERTYPE_IP); 1984 #ifndef CHASE_CHAIN 1985 b1 = gen_cmp(off_nl + 9, BPF_B, (bpf_int32)v); 1986 #else 1987 b1 = gen_protochain(v, Q_IP); 1988 #endif 1989 gen_and(b0, b1); 1990 return b1; 1991 1992 case Q_ARP: 1993 bpf_error("arp does not encapsulate another protocol"); 1994 /* NOTREACHED */ 1995 1996 case Q_RARP: 1997 bpf_error("rarp does not encapsulate another protocol"); 1998 /* NOTREACHED */ 1999 2000 case Q_ATALK: 2001 bpf_error("atalk encapsulation is not specifiable"); 2002 /* NOTREACHED */ 2003 2004 case Q_DECNET: 2005 bpf_error("decnet encapsulation is not specifiable"); 2006 /* NOTREACHED */ 2007 2008 case Q_SCA: 2009 bpf_error("sca does not encapsulate another protocol"); 2010 /* NOTREACHED */ 2011 2012 case Q_LAT: 2013 bpf_error("lat does not encapsulate another protocol"); 2014 /* NOTREACHED */ 2015 2016 case Q_MOPRC: 2017 bpf_error("moprc does not encapsulate another protocol"); 2018 /* NOTREACHED */ 2019 2020 case Q_MOPDL: 2021 bpf_error("mopdl does not encapsulate another protocol"); 2022 /* NOTREACHED */ 2023 2024 case Q_LINK: 2025 return gen_linktype(v); 2026 2027 case Q_UDP: 2028 bpf_error("'udp proto' is bogus"); 2029 /* NOTREACHED */ 2030 2031 case Q_TCP: 2032 bpf_error("'tcp proto' is bogus"); 2033 /* NOTREACHED */ 2034 2035 case Q_ICMP: 2036 bpf_error("'icmp proto' is bogus"); 2037 /* NOTREACHED */ 2038 2039 case Q_IGMP: 2040 bpf_error("'igmp proto' is bogus"); 2041 /* NOTREACHED */ 2042 2043 case Q_IGRP: 2044 bpf_error("'igrp proto' is bogus"); 2045 /* NOTREACHED */ 2046 2047 case Q_PIM: 2048 bpf_error("'pim proto' is bogus"); 2049 /* NOTREACHED */ 2050 2051 case Q_STP: 2052 bpf_error("'stp proto' is bogus"); 2053 /* NOTREACHED */ 2054 2055 #ifdef INET6 2056 case Q_IPV6: 2057 b0 = gen_linktype(ETHERTYPE_IPV6); 2058 #ifndef CHASE_CHAIN 2059 b1 = gen_cmp(off_nl + 6, BPF_B, (bpf_int32)v); 2060 #else 2061 b1 = gen_protochain(v, Q_IPV6); 2062 #endif 2063 gen_and(b0, b1); 2064 return b1; 2065 2066 case Q_ICMPV6: 2067 bpf_error("'icmp6 proto' is bogus"); 2068 #endif /* INET6 */ 2069 2070 case Q_AH: 2071 bpf_error("'ah proto' is bogus"); 2072 2073 case Q_ESP: 2074 bpf_error("'ah proto' is bogus"); 2075 2076 default: 2077 abort(); 2078 /* NOTREACHED */ 2079 } 2080 /* NOTREACHED */ 2081 } 2082 2083 struct block * 2084 gen_scode(name, q) 2085 register const char *name; 2086 struct qual q; 2087 { 2088 int proto = q.proto; 2089 int dir = q.dir; 2090 int tproto; 2091 u_char *eaddr; 2092 bpf_u_int32 mask, addr; 2093 #ifndef INET6 2094 bpf_u_int32 **alist; 2095 #else 2096 int tproto6; 2097 struct sockaddr_in *sin; 2098 struct sockaddr_in6 *sin6; 2099 struct addrinfo *res, *res0; 2100 struct in6_addr mask128; 2101 #endif /*INET6*/ 2102 struct block *b, *tmp; 2103 int port, real_proto; 2104 2105 switch (q.addr) { 2106 2107 case Q_NET: 2108 addr = pcap_nametonetaddr(name); 2109 if (addr == 0) 2110 bpf_error("unknown network '%s'", name); 2111 /* Left justify network addr and calculate its network mask */ 2112 mask = 0xffffffff; 2113 while (addr && (addr & 0xff000000) == 0) { 2114 addr <<= 8; 2115 mask <<= 8; 2116 } 2117 return gen_host(addr, mask, proto, dir); 2118 2119 case Q_DEFAULT: 2120 case Q_HOST: 2121 if (proto == Q_LINK) { 2122 switch (linktype) { 2123 2124 case DLT_EN10MB: 2125 eaddr = pcap_ether_hostton(name); 2126 if (eaddr == NULL) 2127 bpf_error( 2128 "unknown ether host '%s'", name); 2129 return gen_ehostop(eaddr, dir); 2130 2131 case DLT_FDDI: 2132 eaddr = pcap_ether_hostton(name); 2133 if (eaddr == NULL) 2134 bpf_error( 2135 "unknown FDDI host '%s'", name); 2136 return gen_fhostop(eaddr, dir); 2137 2138 case DLT_IEEE802_11: 2139 case DLT_IEEE802_11_RADIO: 2140 eaddr = pcap_ether_hostton(name); 2141 if (eaddr == NULL) 2142 bpf_error( 2143 "unknown 802.11 host '%s'", name); 2144 2145 return gen_p80211_hostop(eaddr, dir); 2146 2147 default: 2148 bpf_error( 2149 "only ethernet/FDDI supports link-level host name"); 2150 break; 2151 } 2152 } else if (proto == Q_DECNET) { 2153 unsigned short dn_addr = __pcap_nametodnaddr(name); 2154 /* 2155 * I don't think DECNET hosts can be multihomed, so 2156 * there is no need to build up a list of addresses 2157 */ 2158 return (gen_host(dn_addr, 0, proto, dir)); 2159 } else { 2160 #ifndef INET6 2161 alist = pcap_nametoaddr(name); 2162 if (alist == NULL || *alist == NULL) 2163 bpf_error("unknown host '%s'", name); 2164 tproto = proto; 2165 if (off_linktype == -1 && tproto == Q_DEFAULT) 2166 tproto = Q_IP; 2167 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2168 while (*alist) { 2169 tmp = gen_host(**alist++, 0xffffffff, 2170 tproto, dir); 2171 gen_or(b, tmp); 2172 b = tmp; 2173 } 2174 return b; 2175 #else 2176 memset(&mask128, 0xff, sizeof(mask128)); 2177 res0 = res = pcap_nametoaddrinfo(name); 2178 if (res == NULL) 2179 bpf_error("unknown host '%s'", name); 2180 b = tmp = NULL; 2181 tproto = tproto6 = proto; 2182 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2183 tproto = Q_IP; 2184 tproto6 = Q_IPV6; 2185 } 2186 for (res = res0; res; res = res->ai_next) { 2187 switch (res->ai_family) { 2188 case AF_INET: 2189 if (tproto == Q_IPV6) 2190 continue; 2191 2192 sin = (struct sockaddr_in *) 2193 res->ai_addr; 2194 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2195 0xffffffff, tproto, dir); 2196 break; 2197 case AF_INET6: 2198 if (tproto6 == Q_IP) 2199 continue; 2200 2201 sin6 = (struct sockaddr_in6 *) 2202 res->ai_addr; 2203 tmp = gen_host6(&sin6->sin6_addr, 2204 &mask128, tproto6, dir); 2205 break; 2206 } 2207 if (b) 2208 gen_or(b, tmp); 2209 b = tmp; 2210 } 2211 freeaddrinfo(res0); 2212 if (b == NULL) { 2213 bpf_error("unknown host '%s'%s", name, 2214 (proto == Q_DEFAULT) 2215 ? "" 2216 : " for specified address family"); 2217 } 2218 return b; 2219 #endif /*INET6*/ 2220 } 2221 2222 case Q_PORT: 2223 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2224 bpf_error("illegal qualifier of 'port'"); 2225 if (pcap_nametoport(name, &port, &real_proto) == 0) 2226 bpf_error("unknown port '%s'", name); 2227 if (proto == Q_UDP) { 2228 if (real_proto == IPPROTO_TCP) 2229 bpf_error("port '%s' is tcp", name); 2230 else 2231 /* override PROTO_UNDEF */ 2232 real_proto = IPPROTO_UDP; 2233 } 2234 if (proto == Q_TCP) { 2235 if (real_proto == IPPROTO_UDP) 2236 bpf_error("port '%s' is udp", name); 2237 else 2238 /* override PROTO_UNDEF */ 2239 real_proto = IPPROTO_TCP; 2240 } 2241 #ifndef INET6 2242 return gen_port(port, real_proto, dir); 2243 #else 2244 { 2245 struct block *b; 2246 b = gen_port(port, real_proto, dir); 2247 gen_or(gen_port6(port, real_proto, dir), b); 2248 return b; 2249 } 2250 #endif /* INET6 */ 2251 2252 case Q_GATEWAY: 2253 #ifndef INET6 2254 eaddr = pcap_ether_hostton(name); 2255 if (eaddr == NULL) 2256 bpf_error("unknown ether host: %s", name); 2257 2258 alist = pcap_nametoaddr(name); 2259 if (alist == NULL || *alist == NULL) 2260 bpf_error("unknown host '%s'", name); 2261 return gen_gateway(eaddr, alist, proto, dir); 2262 #else 2263 bpf_error("'gateway' not supported in this configuration"); 2264 #endif /*INET6*/ 2265 2266 case Q_PROTO: 2267 real_proto = lookup_proto(name, proto); 2268 if (real_proto >= 0) 2269 return gen_proto(real_proto, proto, dir); 2270 else 2271 bpf_error("unknown protocol: %s", name); 2272 2273 case Q_PROTOCHAIN: 2274 real_proto = lookup_proto(name, proto); 2275 if (real_proto >= 0) 2276 return gen_protochain(real_proto, proto, dir); 2277 else 2278 bpf_error("unknown protocol: %s", name); 2279 2280 2281 case Q_UNDEF: 2282 syntax(); 2283 /* NOTREACHED */ 2284 } 2285 abort(); 2286 /* NOTREACHED */ 2287 } 2288 2289 struct block * 2290 gen_mcode(s1, s2, masklen, q) 2291 register const char *s1, *s2; 2292 register int masklen; 2293 struct qual q; 2294 { 2295 register int nlen, mlen; 2296 bpf_u_int32 n, m; 2297 2298 nlen = __pcap_atoin(s1, &n); 2299 /* Promote short ipaddr */ 2300 n <<= 32 - nlen; 2301 2302 if (s2 != NULL) { 2303 mlen = __pcap_atoin(s2, &m); 2304 /* Promote short ipaddr */ 2305 m <<= 32 - mlen; 2306 if ((n & ~m) != 0) 2307 bpf_error("non-network bits set in \"%s mask %s\"", 2308 s1, s2); 2309 } else { 2310 /* Convert mask len to mask */ 2311 if (masklen > 32) 2312 bpf_error("mask length must be <= 32"); 2313 m = 0xffffffff << (32 - masklen); 2314 if ((n & ~m) != 0) 2315 bpf_error("non-network bits set in \"%s/%d\"", 2316 s1, masklen); 2317 } 2318 2319 switch (q.addr) { 2320 2321 case Q_NET: 2322 return gen_host(n, m, q.proto, q.dir); 2323 2324 default: 2325 bpf_error("Mask syntax for networks only"); 2326 /* NOTREACHED */ 2327 } 2328 } 2329 2330 struct block * 2331 gen_ncode(s, v, q) 2332 register const char *s; 2333 bpf_u_int32 v; 2334 struct qual q; 2335 { 2336 bpf_u_int32 mask; 2337 int proto = q.proto; 2338 int dir = q.dir; 2339 register int vlen; 2340 2341 if (s == NULL) 2342 vlen = 32; 2343 else if (q.proto == Q_DECNET) 2344 vlen = __pcap_atodn(s, &v); 2345 else 2346 vlen = __pcap_atoin(s, &v); 2347 2348 switch (q.addr) { 2349 2350 case Q_DEFAULT: 2351 case Q_HOST: 2352 case Q_NET: 2353 if (proto == Q_DECNET) 2354 return gen_host(v, 0, proto, dir); 2355 else if (proto == Q_LINK) { 2356 bpf_error("illegal link layer address"); 2357 } else { 2358 mask = 0xffffffff; 2359 if (s == NULL && q.addr == Q_NET) { 2360 /* Promote short net number */ 2361 while (v && (v & 0xff000000) == 0) { 2362 v <<= 8; 2363 mask <<= 8; 2364 } 2365 } else { 2366 /* Promote short ipaddr */ 2367 v <<= 32 - vlen; 2368 mask <<= 32 - vlen; 2369 } 2370 return gen_host(v, mask, proto, dir); 2371 } 2372 2373 case Q_PORT: 2374 if (proto == Q_UDP) 2375 proto = IPPROTO_UDP; 2376 else if (proto == Q_TCP) 2377 proto = IPPROTO_TCP; 2378 else if (proto == Q_DEFAULT) 2379 proto = PROTO_UNDEF; 2380 else 2381 bpf_error("illegal qualifier of 'port'"); 2382 2383 #ifndef INET6 2384 return gen_port((int)v, proto, dir); 2385 #else 2386 { 2387 struct block *b; 2388 b = gen_port((int)v, proto, dir); 2389 gen_or(gen_port6((int)v, proto, dir), b); 2390 return b; 2391 } 2392 #endif /* INET6 */ 2393 2394 case Q_GATEWAY: 2395 bpf_error("'gateway' requires a name"); 2396 /* NOTREACHED */ 2397 2398 case Q_PROTO: 2399 return gen_proto((int)v, proto, dir); 2400 2401 case Q_PROTOCHAIN: 2402 return gen_protochain((int)v, proto, dir); 2403 2404 case Q_UNDEF: 2405 syntax(); 2406 /* NOTREACHED */ 2407 2408 default: 2409 abort(); 2410 /* NOTREACHED */ 2411 } 2412 /* NOTREACHED */ 2413 } 2414 2415 #ifdef INET6 2416 struct block * 2417 gen_mcode6(s1, s2, masklen, q) 2418 register const char *s1, *s2; 2419 register int masklen; 2420 struct qual q; 2421 { 2422 struct addrinfo *res; 2423 struct in6_addr *addr; 2424 struct in6_addr mask; 2425 struct block *b; 2426 u_int32_t *a, *m; 2427 2428 if (s2) 2429 bpf_error("no mask %s supported", s2); 2430 2431 res = pcap_nametoaddrinfo(s1); 2432 if (!res) 2433 bpf_error("invalid ip6 address %s", s1); 2434 if (res->ai_next) 2435 bpf_error("%s resolved to multiple address", s1); 2436 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2437 2438 if (sizeof(mask) * 8 < masklen) 2439 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2440 memset(&mask, 0xff, masklen / 8); 2441 if (masklen % 8) { 2442 mask.s6_addr[masklen / 8] = 2443 (0xff << (8 - masklen % 8)) & 0xff; 2444 } 2445 2446 a = (u_int32_t *)addr; 2447 m = (u_int32_t *)&mask; 2448 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2449 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2450 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2451 } 2452 2453 switch (q.addr) { 2454 2455 case Q_DEFAULT: 2456 case Q_HOST: 2457 if (masklen != 128) 2458 bpf_error("Mask syntax for networks only"); 2459 /* FALLTHROUGH */ 2460 2461 case Q_NET: 2462 b = gen_host6(addr, &mask, q.proto, q.dir); 2463 freeaddrinfo(res); 2464 return b; 2465 2466 default: 2467 bpf_error("invalid qualifier against IPv6 address"); 2468 /* NOTREACHED */ 2469 } 2470 } 2471 #endif /*INET6*/ 2472 2473 struct block * 2474 gen_ecode(eaddr, q) 2475 register const u_char *eaddr; 2476 struct qual q; 2477 { 2478 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2479 if (linktype == DLT_EN10MB) 2480 return gen_ehostop(eaddr, (int)q.dir); 2481 if (linktype == DLT_FDDI) 2482 return gen_fhostop(eaddr, (int)q.dir); 2483 if (linktype == DLT_IEEE802_11 || 2484 linktype == DLT_IEEE802_11_RADIO) 2485 return gen_p80211_hostop(eaddr, (int)q.dir); 2486 } 2487 bpf_error("ethernet address used in non-ether expression"); 2488 /* NOTREACHED */ 2489 } 2490 2491 void 2492 sappend(s0, s1) 2493 struct slist *s0, *s1; 2494 { 2495 /* 2496 * This is definitely not the best way to do this, but the 2497 * lists will rarely get long. 2498 */ 2499 while (s0->next) 2500 s0 = s0->next; 2501 s0->next = s1; 2502 } 2503 2504 static struct slist * 2505 xfer_to_x(a) 2506 struct arth *a; 2507 { 2508 struct slist *s; 2509 2510 s = new_stmt(BPF_LDX|BPF_MEM); 2511 s->s.k = a->regno; 2512 return s; 2513 } 2514 2515 static struct slist * 2516 xfer_to_a(a) 2517 struct arth *a; 2518 { 2519 struct slist *s; 2520 2521 s = new_stmt(BPF_LD|BPF_MEM); 2522 s->s.k = a->regno; 2523 return s; 2524 } 2525 2526 struct arth * 2527 gen_load(proto, index, size) 2528 int proto; 2529 struct arth *index; 2530 int size; 2531 { 2532 struct slist *s, *tmp; 2533 struct block *b; 2534 int regno = alloc_reg(); 2535 2536 free_reg(index->regno); 2537 switch (size) { 2538 2539 default: 2540 bpf_error("data size must be 1, 2, or 4"); 2541 2542 case 1: 2543 size = BPF_B; 2544 break; 2545 2546 case 2: 2547 size = BPF_H; 2548 break; 2549 2550 case 4: 2551 size = BPF_W; 2552 break; 2553 } 2554 switch (proto) { 2555 default: 2556 bpf_error("unsupported index operation"); 2557 2558 case Q_LINK: 2559 s = xfer_to_x(index); 2560 tmp = new_stmt(BPF_LD|BPF_IND|size); 2561 sappend(s, tmp); 2562 sappend(index->s, s); 2563 break; 2564 2565 case Q_IP: 2566 case Q_ARP: 2567 case Q_RARP: 2568 case Q_ATALK: 2569 case Q_DECNET: 2570 case Q_SCA: 2571 case Q_LAT: 2572 case Q_MOPRC: 2573 case Q_MOPDL: 2574 #ifdef INET6 2575 case Q_IPV6: 2576 #endif 2577 /* XXX Note that we assume a fixed link header here. */ 2578 s = xfer_to_x(index); 2579 tmp = new_stmt(BPF_LD|BPF_IND|size); 2580 tmp->s.k = off_nl; 2581 sappend(s, tmp); 2582 sappend(index->s, s); 2583 2584 b = gen_proto_abbrev(proto); 2585 if (index->b) 2586 gen_and(index->b, b); 2587 index->b = b; 2588 break; 2589 2590 case Q_TCP: 2591 case Q_UDP: 2592 case Q_ICMP: 2593 case Q_IGMP: 2594 case Q_IGRP: 2595 case Q_PIM: 2596 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 2597 s->s.k = off_nl; 2598 sappend(s, xfer_to_a(index)); 2599 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2600 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2601 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2602 tmp->s.k = off_nl; 2603 sappend(index->s, s); 2604 2605 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2606 if (index->b) 2607 gen_and(index->b, b); 2608 #ifdef INET6 2609 gen_and(gen_proto_abbrev(Q_IP), b); 2610 #endif 2611 index->b = b; 2612 break; 2613 #ifdef INET6 2614 case Q_ICMPV6: 2615 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2616 /*NOTREACHED*/ 2617 #endif 2618 } 2619 index->regno = regno; 2620 s = new_stmt(BPF_ST); 2621 s->s.k = regno; 2622 sappend(index->s, s); 2623 2624 return index; 2625 } 2626 2627 struct block * 2628 gen_relation(code, a0, a1, reversed) 2629 int code; 2630 struct arth *a0, *a1; 2631 int reversed; 2632 { 2633 struct slist *s0, *s1, *s2; 2634 struct block *b, *tmp; 2635 2636 s0 = xfer_to_x(a1); 2637 s1 = xfer_to_a(a0); 2638 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2639 b = new_block(JMP(code)); 2640 if (code == BPF_JGT || code == BPF_JGE) { 2641 reversed = !reversed; 2642 b->s.k = 0x80000000; 2643 } 2644 if (reversed) 2645 gen_not(b); 2646 2647 sappend(s1, s2); 2648 sappend(s0, s1); 2649 sappend(a1->s, s0); 2650 sappend(a0->s, a1->s); 2651 2652 b->stmts = a0->s; 2653 2654 free_reg(a0->regno); 2655 free_reg(a1->regno); 2656 2657 /* 'and' together protocol checks */ 2658 if (a0->b) { 2659 if (a1->b) { 2660 gen_and(a0->b, tmp = a1->b); 2661 } 2662 else 2663 tmp = a0->b; 2664 } else 2665 tmp = a1->b; 2666 2667 if (tmp) 2668 gen_and(tmp, b); 2669 2670 return b; 2671 } 2672 2673 struct arth * 2674 gen_loadlen() 2675 { 2676 int regno = alloc_reg(); 2677 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2678 struct slist *s; 2679 2680 s = new_stmt(BPF_LD|BPF_LEN); 2681 s->next = new_stmt(BPF_ST); 2682 s->next->s.k = regno; 2683 a->s = s; 2684 a->regno = regno; 2685 2686 return a; 2687 } 2688 2689 struct arth * 2690 gen_loadi(val) 2691 int val; 2692 { 2693 struct arth *a; 2694 struct slist *s; 2695 int reg; 2696 2697 a = (struct arth *)newchunk(sizeof(*a)); 2698 2699 reg = alloc_reg(); 2700 2701 s = new_stmt(BPF_LD|BPF_IMM); 2702 s->s.k = val; 2703 s->next = new_stmt(BPF_ST); 2704 s->next->s.k = reg; 2705 a->s = s; 2706 a->regno = reg; 2707 2708 return a; 2709 } 2710 2711 struct arth * 2712 gen_neg(a) 2713 struct arth *a; 2714 { 2715 struct slist *s; 2716 2717 s = xfer_to_a(a); 2718 sappend(a->s, s); 2719 s = new_stmt(BPF_ALU|BPF_NEG); 2720 s->s.k = 0; 2721 sappend(a->s, s); 2722 s = new_stmt(BPF_ST); 2723 s->s.k = a->regno; 2724 sappend(a->s, s); 2725 2726 return a; 2727 } 2728 2729 struct arth * 2730 gen_arth(code, a0, a1) 2731 int code; 2732 struct arth *a0, *a1; 2733 { 2734 struct slist *s0, *s1, *s2; 2735 2736 s0 = xfer_to_x(a1); 2737 s1 = xfer_to_a(a0); 2738 s2 = new_stmt(BPF_ALU|BPF_X|code); 2739 2740 sappend(s1, s2); 2741 sappend(s0, s1); 2742 sappend(a1->s, s0); 2743 sappend(a0->s, a1->s); 2744 2745 free_reg(a1->regno); 2746 2747 s0 = new_stmt(BPF_ST); 2748 a0->regno = s0->s.k = alloc_reg(); 2749 sappend(a0->s, s0); 2750 2751 return a0; 2752 } 2753 2754 /* 2755 * Here we handle simple allocation of the scratch registers. 2756 * If too many registers are alloc'd, the allocator punts. 2757 */ 2758 static int regused[BPF_MEMWORDS]; 2759 static int curreg; 2760 2761 /* 2762 * Return the next free register. 2763 */ 2764 static int 2765 alloc_reg() 2766 { 2767 int n = BPF_MEMWORDS; 2768 2769 while (--n >= 0) { 2770 if (regused[curreg]) 2771 curreg = (curreg + 1) % BPF_MEMWORDS; 2772 else { 2773 regused[curreg] = 1; 2774 return curreg; 2775 } 2776 } 2777 bpf_error("too many registers needed to evaluate expression"); 2778 /* NOTREACHED */ 2779 } 2780 2781 /* 2782 * Return a register to the table so it can 2783 * be used later. 2784 */ 2785 static void 2786 free_reg(n) 2787 int n; 2788 { 2789 regused[n] = 0; 2790 } 2791 2792 static struct block * 2793 gen_len(jmp, n) 2794 int jmp, n; 2795 { 2796 struct slist *s; 2797 struct block *b; 2798 2799 s = new_stmt(BPF_LD|BPF_LEN); 2800 b = new_block(JMP(jmp)); 2801 b->stmts = s; 2802 b->s.k = n; 2803 2804 return b; 2805 } 2806 2807 struct block * 2808 gen_greater(n) 2809 int n; 2810 { 2811 return gen_len(BPF_JGE, n); 2812 } 2813 2814 struct block * 2815 gen_less(n) 2816 int n; 2817 { 2818 struct block *b; 2819 2820 b = gen_len(BPF_JGT, n); 2821 gen_not(b); 2822 2823 return b; 2824 } 2825 2826 struct block * 2827 gen_byteop(op, idx, val) 2828 int op, idx, val; 2829 { 2830 struct block *b; 2831 struct slist *s; 2832 2833 switch (op) { 2834 default: 2835 abort(); 2836 2837 case '=': 2838 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2839 2840 case '<': 2841 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2842 b->s.code = JMP(BPF_JGE); 2843 gen_not(b); 2844 return b; 2845 2846 case '>': 2847 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 2848 b->s.code = JMP(BPF_JGT); 2849 return b; 2850 2851 case '|': 2852 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 2853 break; 2854 2855 case '&': 2856 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 2857 break; 2858 } 2859 s->s.k = val; 2860 b = new_block(JMP(BPF_JEQ)); 2861 b->stmts = s; 2862 gen_not(b); 2863 2864 return b; 2865 } 2866 2867 struct block * 2868 gen_broadcast(proto) 2869 int proto; 2870 { 2871 bpf_u_int32 hostmask; 2872 struct block *b0, *b1, *b2; 2873 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 2874 2875 switch (proto) { 2876 2877 case Q_DEFAULT: 2878 case Q_LINK: 2879 if (linktype == DLT_EN10MB) 2880 return gen_ehostop(ebroadcast, Q_DST); 2881 if (linktype == DLT_FDDI) 2882 return gen_fhostop(ebroadcast, Q_DST); 2883 if (linktype == DLT_IEEE802_11 || 2884 linktype == DLT_IEEE802_11_RADIO) 2885 return gen_p80211_hostop(ebroadcast, Q_DST); 2886 bpf_error("not a broadcast link"); 2887 break; 2888 2889 case Q_IP: 2890 b0 = gen_linktype(ETHERTYPE_IP); 2891 hostmask = ~netmask; 2892 b1 = gen_mcmp(off_nl + 16, BPF_W, (bpf_int32)0, hostmask); 2893 b2 = gen_mcmp(off_nl + 16, BPF_W, 2894 (bpf_int32)(~0 & hostmask), hostmask); 2895 gen_or(b1, b2); 2896 gen_and(b0, b2); 2897 return b2; 2898 } 2899 bpf_error("only ether/ip broadcast filters supported"); 2900 } 2901 2902 struct block * 2903 gen_multicast(proto) 2904 int proto; 2905 { 2906 register struct block *b0, *b1; 2907 register struct slist *s; 2908 2909 switch (proto) { 2910 2911 case Q_DEFAULT: 2912 case Q_LINK: 2913 if (linktype == DLT_EN10MB) { 2914 /* ether[0] & 1 != 0 */ 2915 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2916 s->s.k = 0; 2917 b0 = new_block(JMP(BPF_JSET)); 2918 b0->s.k = 1; 2919 b0->stmts = s; 2920 return b0; 2921 } 2922 2923 if (linktype == DLT_FDDI) { 2924 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 2925 /* fddi[1] & 1 != 0 */ 2926 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 2927 s->s.k = 1; 2928 b0 = new_block(JMP(BPF_JSET)); 2929 b0->s.k = 1; 2930 b0->stmts = s; 2931 return b0; 2932 } 2933 /* Link not known to support multicasts */ 2934 break; 2935 2936 case Q_IP: 2937 b0 = gen_linktype(ETHERTYPE_IP); 2938 b1 = gen_cmp(off_nl + 16, BPF_B, (bpf_int32)224); 2939 b1->s.code = JMP(BPF_JGE); 2940 gen_and(b0, b1); 2941 return b1; 2942 2943 #ifdef INET6 2944 case Q_IPV6: 2945 b0 = gen_linktype(ETHERTYPE_IPV6); 2946 b1 = gen_cmp(off_nl + 24, BPF_B, (bpf_int32)255); 2947 gen_and(b0, b1); 2948 return b1; 2949 #endif /* INET6 */ 2950 } 2951 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 2952 } 2953 2954 /* 2955 * generate command for inbound/outbound. It's here so we can 2956 * make it link-type specific. 'dir' = 0 implies "inbound", 2957 * = 1 implies "outbound". 2958 */ 2959 struct block * 2960 gen_inbound(dir) 2961 int dir; 2962 { 2963 register struct block *b0; 2964 2965 /* 2966 * Only SLIP and old-style PPP data link types support 2967 * inbound/outbound qualifiers. 2968 */ 2969 switch (linktype) { 2970 case DLT_SLIP: 2971 case DLT_PPP: 2972 b0 = gen_relation(BPF_JEQ, 2973 gen_load(Q_LINK, gen_loadi(0), 1), 2974 gen_loadi(0), 2975 dir); 2976 break; 2977 2978 case DLT_PFLOG: 2979 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 2980 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 2981 break; 2982 2983 case DLT_OLD_PFLOG: 2984 b0 = gen_cmp(offsetof(struct old_pfloghdr, dir), BPF_H, 2985 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 2986 break; 2987 2988 default: 2989 bpf_error("inbound/outbound not supported on linktype 0x%x", 2990 linktype); 2991 /* NOTREACHED */ 2992 } 2993 2994 return (b0); 2995 } 2996 2997 2998 /* PF firewall log matched interface */ 2999 struct block * 3000 gen_pf_ifname(char *ifname) 3001 { 3002 struct block *b0; 3003 u_int len, off; 3004 3005 if (linktype == DLT_PFLOG) { 3006 len = sizeof(((struct pfloghdr *)0)->ifname); 3007 off = offsetof(struct pfloghdr, ifname); 3008 } else if (linktype == DLT_OLD_PFLOG) { 3009 len = sizeof(((struct old_pfloghdr *)0)->ifname); 3010 off = offsetof(struct old_pfloghdr, ifname); 3011 } else { 3012 bpf_error("ifname not supported on linktype 0x%x", linktype); 3013 /* NOTREACHED */ 3014 } 3015 if (strlen(ifname) >= len) { 3016 bpf_error("ifname interface names can only be %d characters", 3017 len - 1); 3018 /* NOTREACHED */ 3019 } 3020 b0 = gen_bcmp(off, strlen(ifname), ifname); 3021 return (b0); 3022 } 3023 3024 3025 /* PF firewall log ruleset name */ 3026 struct block * 3027 gen_pf_ruleset(char *ruleset) 3028 { 3029 struct block *b0; 3030 3031 if (linktype != DLT_PFLOG) { 3032 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3033 /* NOTREACHED */ 3034 } 3035 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3036 bpf_error("ruleset names can only be %zu characters", 3037 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3038 /* NOTREACHED */ 3039 } 3040 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3041 strlen(ruleset), ruleset); 3042 return (b0); 3043 } 3044 3045 3046 /* PF firewall log rule number */ 3047 struct block * 3048 gen_pf_rnr(int rnr) 3049 { 3050 struct block *b0; 3051 3052 if (linktype == DLT_PFLOG) { 3053 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3054 (bpf_int32)rnr); 3055 } else if (linktype == DLT_OLD_PFLOG) { 3056 b0 = gen_cmp(offsetof(struct old_pfloghdr, rnr), BPF_H, 3057 (bpf_int32)rnr); 3058 } else { 3059 bpf_error("rnr not supported on linktype 0x%x", linktype); 3060 /* NOTREACHED */ 3061 } 3062 3063 return (b0); 3064 } 3065 3066 3067 /* PF firewall log sub-rule number */ 3068 struct block * 3069 gen_pf_srnr(int srnr) 3070 { 3071 struct block *b0; 3072 3073 if (linktype != DLT_PFLOG) { 3074 bpf_error("srnr not supported on linktype 0x%x", linktype); 3075 /* NOTREACHED */ 3076 } 3077 3078 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3079 (bpf_int32)srnr); 3080 return (b0); 3081 } 3082 3083 /* PF firewall log reason code */ 3084 struct block * 3085 gen_pf_reason(int reason) 3086 { 3087 struct block *b0; 3088 3089 if (linktype == DLT_PFLOG) { 3090 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3091 (bpf_int32)reason); 3092 } else if (linktype == DLT_OLD_PFLOG) { 3093 b0 = gen_cmp(offsetof(struct old_pfloghdr, reason), BPF_H, 3094 (bpf_int32)reason); 3095 } else { 3096 bpf_error("reason not supported on linktype 0x%x", linktype); 3097 /* NOTREACHED */ 3098 } 3099 3100 return (b0); 3101 } 3102 3103 /* PF firewall log action */ 3104 struct block * 3105 gen_pf_action(int action) 3106 { 3107 struct block *b0; 3108 3109 if (linktype == DLT_PFLOG) { 3110 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3111 (bpf_int32)action); 3112 } else if (linktype == DLT_OLD_PFLOG) { 3113 b0 = gen_cmp(offsetof(struct old_pfloghdr, action), BPF_H, 3114 (bpf_int32)action); 3115 } else { 3116 bpf_error("action not supported on linktype 0x%x", linktype); 3117 /* NOTREACHED */ 3118 } 3119 3120 return (b0); 3121 } 3122 3123 /* IEEE 802.11 wireless header */ 3124 struct block * 3125 gen_p80211_type(int type, int mask) 3126 { 3127 struct block *b0; 3128 u_int offset; 3129 3130 if (!(linktype == DLT_IEEE802_11 || 3131 linktype == DLT_IEEE802_11_RADIO)) { 3132 bpf_error("type not supported on linktype 0x%x", 3133 linktype); 3134 /* NOTREACHED */ 3135 } 3136 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3137 if (linktype == DLT_IEEE802_11_RADIO) 3138 offset += IEEE80211_RADIOTAP_HDRLEN; 3139 3140 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3141 3142 return (b0); 3143 } 3144 3145 static struct block * 3146 gen_ahostop(eaddr, dir) 3147 register const u_char *eaddr; 3148 register int dir; 3149 { 3150 register struct block *b0, *b1; 3151 3152 switch (dir) { 3153 /* src comes first, different from Ethernet */ 3154 case Q_SRC: 3155 return gen_bcmp(0, 1, eaddr); 3156 3157 case Q_DST: 3158 return gen_bcmp(1, 1, eaddr); 3159 3160 case Q_AND: 3161 b0 = gen_ahostop(eaddr, Q_SRC); 3162 b1 = gen_ahostop(eaddr, Q_DST); 3163 gen_and(b0, b1); 3164 return b1; 3165 3166 case Q_DEFAULT: 3167 case Q_OR: 3168 b0 = gen_ahostop(eaddr, Q_SRC); 3169 b1 = gen_ahostop(eaddr, Q_DST); 3170 gen_or(b0, b1); 3171 return b1; 3172 } 3173 abort(); 3174 /* NOTREACHED */ 3175 } 3176 3177 struct block * 3178 gen_acode(eaddr, q) 3179 register const u_char *eaddr; 3180 struct qual q; 3181 { 3182 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3183 if (linktype == DLT_ARCNET) 3184 return gen_ahostop(eaddr, (int)q.dir); 3185 } 3186 bpf_error("ARCnet address used in non-arc expression"); 3187 /* NOTREACHED */ 3188 } 3189 3190 /* 3191 * support IEEE 802.1Q VLAN trunk over ethernet 3192 */ 3193 struct block * 3194 gen_vlan(vlan_num) 3195 int vlan_num; 3196 { 3197 struct block *b0; 3198 3199 /* 3200 * Change the offsets to point to the type and data fields within 3201 * the VLAN packet. This is somewhat of a kludge. 3202 */ 3203 if (orig_nl == (u_int)-1) { 3204 orig_linktype = off_linktype; /* save original values */ 3205 orig_nl = off_nl; 3206 orig_nl_nosnap = off_nl_nosnap; 3207 3208 switch (linktype) { 3209 3210 case DLT_EN10MB: 3211 off_linktype = 16; 3212 off_nl_nosnap = 18; 3213 off_nl = 18; 3214 break; 3215 3216 default: 3217 bpf_error("no VLAN support for data link type %d", 3218 linktype); 3219 /*NOTREACHED*/ 3220 } 3221 } 3222 3223 /* check for VLAN */ 3224 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3225 3226 /* If a specific VLAN is requested, check VLAN id */ 3227 if (vlan_num >= 0) { 3228 struct block *b1; 3229 3230 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3231 gen_and(b0, b1); 3232 b0 = b1; 3233 } 3234 3235 return (b0); 3236 } 3237 3238 struct block * 3239 gen_p80211_fcdir(int fcdir) 3240 { 3241 struct block *b0; 3242 u_int offset; 3243 3244 if (!(linktype == DLT_IEEE802_11 || 3245 linktype == DLT_IEEE802_11_RADIO)) { 3246 bpf_error("frame direction not supported on linktype 0x%x", 3247 linktype); 3248 /* NOTREACHED */ 3249 } 3250 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3251 if (linktype == DLT_IEEE802_11_RADIO) 3252 offset += IEEE80211_RADIOTAP_HDRLEN; 3253 3254 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3255 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3256 3257 return (b0); 3258 } 3259 3260 static struct block * 3261 gen_p80211_hostop(const u_char *lladdr, int dir) 3262 { 3263 struct block *b0, *b1, *b2, *b3, *b4; 3264 u_int offset = 0; 3265 3266 if (linktype == DLT_IEEE802_11_RADIO) 3267 offset = IEEE80211_RADIOTAP_HDRLEN; 3268 3269 switch (dir) { 3270 case Q_SRC: 3271 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3272 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3273 lladdr); 3274 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3275 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3276 lladdr); 3277 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3278 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3279 lladdr); 3280 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3281 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3282 lladdr); 3283 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3284 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3285 lladdr); 3286 3287 gen_or(b0, b1); 3288 gen_or(b1, b2); 3289 gen_or(b2, b3); 3290 gen_or(b3, b4); 3291 return (b4); 3292 3293 case Q_DST: 3294 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3295 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3296 lladdr); 3297 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3298 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3299 lladdr); 3300 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3301 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3302 lladdr); 3303 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3304 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3305 lladdr); 3306 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3307 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3308 lladdr); 3309 3310 gen_or(b0, b1); 3311 gen_or(b1, b2); 3312 gen_or(b2, b3); 3313 gen_or(b3, b4); 3314 return (b4); 3315 3316 case Q_ADDR1: 3317 return (gen_bcmp(offset + 3318 (u_int)offsetof(struct ieee80211_frame, 3319 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3320 3321 case Q_ADDR2: 3322 return (gen_bcmp(offset + 3323 (u_int)offsetof(struct ieee80211_frame, 3324 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3325 3326 case Q_ADDR3: 3327 return (gen_bcmp(offset + 3328 (u_int)offsetof(struct ieee80211_frame, 3329 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3330 3331 case Q_ADDR4: 3332 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3333 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3334 lladdr)); 3335 3336 case Q_AND: 3337 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3338 b1 = gen_p80211_hostop(lladdr, Q_DST); 3339 gen_and(b0, b1); 3340 return (b1); 3341 3342 case Q_DEFAULT: 3343 case Q_OR: 3344 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3345 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3346 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3347 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3348 gen_or(b0, b1); 3349 gen_or(b1, b2); 3350 gen_or(b2, b3); 3351 return (b3); 3352 3353 default: 3354 bpf_error("direction not supported on linktype 0x%x", 3355 linktype); 3356 } 3357 /* NOTREACHED */ 3358 } 3359 3360 static struct block * 3361 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3362 { 3363 struct block *b0, *b1; 3364 3365 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3366 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3367 gen_and(b0, b1); 3368 3369 return (b1); 3370 } 3371