1 /* $OpenBSD: gencode.c,v 1.40 2015/01/16 16:48:51 deraadt Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/param.h> /* ALIGN */ 25 #include <sys/types.h> 26 #include <sys/socket.h> 27 #include <sys/time.h> 28 29 struct mbuf; 30 struct rtentry; 31 32 #include <net/if.h> 33 34 #include <netinet/in.h> 35 #include <netinet/if_ether.h> 36 37 #include <net/if_pflog.h> 38 #include <net/pfvar.h> 39 40 #include <net80211/ieee80211.h> 41 #include <net80211/ieee80211_radiotap.h> 42 43 #include <stdlib.h> 44 #include <stddef.h> 45 #include <memory.h> 46 #include <setjmp.h> 47 #include <stdarg.h> 48 49 #include "pcap-int.h" 50 51 #include "ethertype.h" 52 #include "llc.h" 53 #include "gencode.h" 54 #include "ppp.h" 55 #include <pcap-namedb.h> 56 #ifdef INET6 57 #include <netdb.h> 58 #endif /*INET6*/ 59 60 #ifdef HAVE_OS_PROTO_H 61 #include "os-proto.h" 62 #endif 63 64 #define JMP(c) ((c)|BPF_JMP|BPF_K) 65 66 /* Locals */ 67 static jmp_buf top_ctx; 68 static pcap_t *bpf_pcap; 69 70 /* Hack for updating VLAN offsets. */ 71 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 72 73 /* XXX */ 74 #ifdef PCAP_FDDIPAD 75 int pcap_fddipad = PCAP_FDDIPAD; 76 #else 77 int pcap_fddipad; 78 #endif 79 80 /* VARARGS */ 81 __dead void 82 bpf_error(const char *fmt, ...) 83 { 84 va_list ap; 85 86 va_start(ap, fmt); 87 if (bpf_pcap != NULL) 88 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 89 fmt, ap); 90 va_end(ap); 91 longjmp(top_ctx, 1); 92 /* NOTREACHED */ 93 } 94 95 static void init_linktype(int); 96 97 static int alloc_reg(void); 98 static void free_reg(int); 99 100 static struct block *root; 101 102 /* initialization code used for variable link header */ 103 static struct slist *init_code = NULL; 104 105 /* Flags and registers for variable link type handling */ 106 static int variable_nl; 107 static int nl_reg, iphl_reg; 108 109 /* 110 * We divy out chunks of memory rather than call malloc each time so 111 * we don't have to worry about leaking memory. It's probably 112 * not a big deal if all this memory was wasted but it this ever 113 * goes into a library that would probably not be a good idea. 114 */ 115 #define NCHUNKS 16 116 #define CHUNK0SIZE 1024 117 struct chunk { 118 u_int n_left; 119 void *m; 120 }; 121 122 static struct chunk chunks[NCHUNKS]; 123 static int cur_chunk; 124 125 static void *newchunk(u_int); 126 static void freechunks(void); 127 static __inline struct block *new_block(int); 128 static __inline struct slist *new_stmt(int); 129 static struct block *gen_retblk(int); 130 static __inline void syntax(void); 131 132 static void backpatch(struct block *, struct block *); 133 static void merge(struct block *, struct block *); 134 static struct block *gen_cmp(u_int, u_int, bpf_int32); 135 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 136 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 137 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 138 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 139 static struct block *gen_bcmp(u_int, u_int, const u_char *); 140 static struct block *gen_uncond(int); 141 static __inline struct block *gen_true(void); 142 static __inline struct block *gen_false(void); 143 static struct block *gen_linktype(int); 144 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 145 #ifdef INET6 146 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 147 #endif 148 static struct block *gen_ehostop(const u_char *, int); 149 static struct block *gen_fhostop(const u_char *, int); 150 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 151 static struct block *gen_p80211_hostop(const u_char *, int); 152 static struct block *gen_p80211_addr(int, u_int, const u_char *); 153 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 154 #ifdef INET6 155 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 156 #endif 157 #ifndef INET6 158 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 159 #endif 160 static struct block *gen_ipfrag(void); 161 static struct block *gen_portatom(int, bpf_int32); 162 #ifdef INET6 163 static struct block *gen_portatom6(int, bpf_int32); 164 #endif 165 struct block *gen_portop(int, int, int); 166 static struct block *gen_port(int, int, int); 167 #ifdef INET6 168 struct block *gen_portop6(int, int, int); 169 static struct block *gen_port6(int, int, int); 170 #endif 171 static int lookup_proto(const char *, int); 172 static struct block *gen_protochain(int, int, int); 173 static struct block *gen_proto(int, int, int); 174 static struct slist *xfer_to_x(struct arth *); 175 static struct slist *xfer_to_a(struct arth *); 176 static struct block *gen_len(int, int); 177 178 static void * 179 newchunk(n) 180 u_int n; 181 { 182 struct chunk *cp; 183 int k, size; 184 185 /* XXX Round to structure boundary. */ 186 n = ALIGN(n); 187 188 cp = &chunks[cur_chunk]; 189 if (n > cp->n_left) { 190 ++cp, k = ++cur_chunk; 191 if (k >= NCHUNKS) 192 bpf_error("out of memory"); 193 size = CHUNK0SIZE << k; 194 cp->m = calloc(1, size); 195 if (cp->m == NULL) 196 bpf_error("out of memory"); 197 198 cp->n_left = size; 199 if (n > size) 200 bpf_error("out of memory"); 201 } 202 cp->n_left -= n; 203 return (void *)((char *)cp->m + cp->n_left); 204 } 205 206 static void 207 freechunks() 208 { 209 int i; 210 211 cur_chunk = 0; 212 for (i = 0; i < NCHUNKS; ++i) 213 if (chunks[i].m != NULL) { 214 free(chunks[i].m); 215 chunks[i].m = NULL; 216 } 217 } 218 219 /* 220 * A strdup whose allocations are freed after code generation is over. 221 */ 222 char * 223 sdup(s) 224 register const char *s; 225 { 226 int n = strlen(s) + 1; 227 char *cp = newchunk(n); 228 229 strlcpy(cp, s, n); 230 return (cp); 231 } 232 233 static __inline struct block * 234 new_block(code) 235 int code; 236 { 237 struct block *p; 238 239 p = (struct block *)newchunk(sizeof(*p)); 240 p->s.code = code; 241 p->head = p; 242 243 return p; 244 } 245 246 static __inline struct slist * 247 new_stmt(code) 248 int code; 249 { 250 struct slist *p; 251 252 p = (struct slist *)newchunk(sizeof(*p)); 253 p->s.code = code; 254 255 return p; 256 } 257 258 static struct block * 259 gen_retblk(v) 260 int v; 261 { 262 struct block *b = new_block(BPF_RET|BPF_K); 263 264 b->s.k = v; 265 return b; 266 } 267 268 static __inline void 269 syntax() 270 { 271 bpf_error("syntax error in filter expression"); 272 } 273 274 static bpf_u_int32 netmask; 275 static int snaplen; 276 int no_optimize; 277 278 int 279 pcap_compile(pcap_t *p, struct bpf_program *program, 280 char *buf, int optimize, bpf_u_int32 mask) 281 { 282 extern int n_errors; 283 int len; 284 285 no_optimize = 0; 286 n_errors = 0; 287 root = NULL; 288 bpf_pcap = p; 289 if (setjmp(top_ctx)) { 290 freechunks(); 291 return (-1); 292 } 293 294 netmask = mask; 295 snaplen = pcap_snapshot(p); 296 297 lex_init(buf ? buf : ""); 298 init_linktype(pcap_datalink(p)); 299 (void)pcap_parse(); 300 301 if (n_errors) 302 syntax(); 303 304 if (root == NULL) 305 root = gen_retblk(snaplen); 306 307 if (optimize && !no_optimize) { 308 bpf_optimize(&root); 309 if (root == NULL || 310 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 311 bpf_error("expression rejects all packets"); 312 } 313 program->bf_insns = icode_to_fcode(root, &len); 314 program->bf_len = len; 315 316 freechunks(); 317 return (0); 318 } 319 320 /* 321 * entry point for using the compiler with no pcap open 322 * pass in all the stuff that is needed explicitly instead. 323 */ 324 int 325 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 326 struct bpf_program *program, 327 char *buf, int optimize, bpf_u_int32 mask) 328 { 329 extern int n_errors; 330 int len; 331 332 n_errors = 0; 333 root = NULL; 334 bpf_pcap = NULL; 335 if (setjmp(top_ctx)) { 336 freechunks(); 337 return (-1); 338 } 339 340 netmask = mask; 341 342 /* XXX needed? I don't grok the use of globals here. */ 343 snaplen = snaplen_arg; 344 345 lex_init(buf ? buf : ""); 346 init_linktype(linktype_arg); 347 (void)pcap_parse(); 348 349 if (n_errors) 350 syntax(); 351 352 if (root == NULL) 353 root = gen_retblk(snaplen_arg); 354 355 if (optimize) { 356 bpf_optimize(&root); 357 if (root == NULL || 358 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 359 bpf_error("expression rejects all packets"); 360 } 361 program->bf_insns = icode_to_fcode(root, &len); 362 program->bf_len = len; 363 364 freechunks(); 365 return (0); 366 } 367 368 /* 369 * Clean up a "struct bpf_program" by freeing all the memory allocated 370 * in it. 371 */ 372 void 373 pcap_freecode(struct bpf_program *program) 374 { 375 program->bf_len = 0; 376 if (program->bf_insns != NULL) { 377 free((char *)program->bf_insns); 378 program->bf_insns = NULL; 379 } 380 } 381 382 /* 383 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 384 * which of the jt and jf fields has been resolved and which is a pointer 385 * back to another unresolved block (or nil). At least one of the fields 386 * in each block is already resolved. 387 */ 388 static void 389 backpatch(list, target) 390 struct block *list, *target; 391 { 392 struct block *next; 393 394 while (list) { 395 if (!list->sense) { 396 next = JT(list); 397 JT(list) = target; 398 } else { 399 next = JF(list); 400 JF(list) = target; 401 } 402 list = next; 403 } 404 } 405 406 /* 407 * Merge the lists in b0 and b1, using the 'sense' field to indicate 408 * which of jt and jf is the link. 409 */ 410 static void 411 merge(b0, b1) 412 struct block *b0, *b1; 413 { 414 register struct block **p = &b0; 415 416 /* Find end of list. */ 417 while (*p) 418 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 419 420 /* Concatenate the lists. */ 421 *p = b1; 422 } 423 424 void 425 finish_parse(p) 426 struct block *p; 427 { 428 backpatch(p, gen_retblk(snaplen)); 429 p->sense = !p->sense; 430 backpatch(p, gen_retblk(0)); 431 root = p->head; 432 433 /* prepend initialization code to root */ 434 if (init_code != NULL && root != NULL) { 435 sappend(init_code, root->stmts); 436 root->stmts = init_code; 437 init_code = NULL; 438 } 439 440 if (iphl_reg != -1) { 441 free_reg(iphl_reg); 442 iphl_reg = -1; 443 } 444 if (nl_reg != -1) { 445 free_reg(nl_reg); 446 nl_reg = -1; 447 } 448 } 449 450 void 451 gen_and(b0, b1) 452 struct block *b0, *b1; 453 { 454 backpatch(b0, b1->head); 455 b0->sense = !b0->sense; 456 b1->sense = !b1->sense; 457 merge(b1, b0); 458 b1->sense = !b1->sense; 459 b1->head = b0->head; 460 } 461 462 void 463 gen_or(b0, b1) 464 struct block *b0, *b1; 465 { 466 b0->sense = !b0->sense; 467 backpatch(b0, b1->head); 468 b0->sense = !b0->sense; 469 merge(b1, b0); 470 b1->head = b0->head; 471 } 472 473 void 474 gen_not(b) 475 struct block *b; 476 { 477 b->sense = !b->sense; 478 } 479 480 static struct block * 481 gen_cmp(offset, size, v) 482 u_int offset, size; 483 bpf_int32 v; 484 { 485 struct slist *s; 486 struct block *b; 487 488 s = new_stmt(BPF_LD|BPF_ABS|size); 489 s->s.k = offset; 490 491 b = new_block(JMP(BPF_JEQ)); 492 b->stmts = s; 493 b->s.k = v; 494 495 return b; 496 } 497 498 static struct block * 499 gen_cmp_gt(offset, size, v) 500 u_int offset, size; 501 bpf_int32 v; 502 { 503 struct slist *s; 504 struct block *b; 505 506 s = new_stmt(BPF_LD|BPF_ABS|size); 507 s->s.k = offset; 508 509 b = new_block(JMP(BPF_JGT)); 510 b->stmts = s; 511 b->s.k = v; 512 513 return b; 514 } 515 516 static struct block * 517 gen_mcmp(offset, size, v, mask) 518 u_int offset, size; 519 bpf_int32 v; 520 bpf_u_int32 mask; 521 { 522 struct block *b = gen_cmp(offset, size, v); 523 struct slist *s; 524 525 if (mask != 0xffffffff) { 526 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 527 s->s.k = mask; 528 sappend(b->stmts, s); 529 } 530 return b; 531 } 532 533 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 534 static struct block * 535 gen_mcmp_nl(offset, size, v, mask) 536 u_int offset, size; 537 bpf_int32 v; 538 bpf_u_int32 mask; 539 { 540 struct block *b = gen_cmp_nl(offset, size, v); 541 struct slist *s; 542 543 if (mask != 0xffffffff) { 544 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 545 s->s.k = mask; 546 sappend(b->stmts, s); 547 } 548 return b; 549 } 550 551 static struct block * 552 gen_bcmp(offset, size, v) 553 register u_int offset, size; 554 register const u_char *v; 555 { 556 register struct block *b, *tmp; 557 558 b = NULL; 559 while (size >= 4) { 560 register const u_char *p = &v[size - 4]; 561 bpf_int32 w = ((bpf_int32)p[0] << 24) | 562 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 563 564 tmp = gen_cmp(offset + size - 4, BPF_W, w); 565 if (b != NULL) 566 gen_and(b, tmp); 567 b = tmp; 568 size -= 4; 569 } 570 while (size >= 2) { 571 register const u_char *p = &v[size - 2]; 572 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 573 574 tmp = gen_cmp(offset + size - 2, BPF_H, w); 575 if (b != NULL) 576 gen_and(b, tmp); 577 b = tmp; 578 size -= 2; 579 } 580 if (size > 0) { 581 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 582 if (b != NULL) 583 gen_and(b, tmp); 584 b = tmp; 585 } 586 return b; 587 } 588 589 /* 590 * Various code constructs need to know the layout of the data link 591 * layer. These variables give the necessary offsets. off_linktype 592 * is set to -1 for no encapsulation, in which case, IP is assumed. 593 */ 594 static u_int off_linktype; 595 static u_int off_nl; 596 static u_int off_nl_nosnap; 597 598 static int linktype; 599 600 /* Generate code to load the dynamic 'off_nl' to the X register */ 601 static struct slist * 602 nl2X_stmt(void) 603 { 604 struct slist *s, *tmp; 605 606 if (nl_reg == -1) { 607 switch (linktype) { 608 case DLT_PFLOG: 609 /* The pflog header contains PFLOG_REAL_HDRLEN 610 which does NOT include the padding. Round 611 up to the nearest dword boundary */ 612 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 613 s->s.k = 0; 614 615 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 616 tmp->s.k = 3; 617 sappend(s, tmp); 618 619 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 620 tmp->s.k = 0xfc; 621 sappend(s, tmp); 622 623 nl_reg = alloc_reg(); 624 tmp = new_stmt(BPF_ST); 625 tmp->s.k = nl_reg; 626 sappend(s, tmp); 627 628 break; 629 default: 630 bpf_error("Unknown header size for link type 0x%x", 631 linktype); 632 } 633 634 if (init_code == NULL) 635 init_code = s; 636 else 637 sappend(init_code, s); 638 } 639 640 s = new_stmt(BPF_LDX|BPF_MEM); 641 s->s.k = nl_reg; 642 643 return s; 644 } 645 646 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 647 static struct block * 648 gen_cmp_nl(offset, size, v) 649 u_int offset, size; 650 bpf_int32 v; 651 { 652 struct slist *s, *tmp; 653 struct block *b; 654 655 if (variable_nl) { 656 s = nl2X_stmt(); 657 tmp = new_stmt(BPF_LD|BPF_IND|size); 658 tmp->s.k = offset; 659 sappend(s, tmp); 660 } else { 661 s = new_stmt(BPF_LD|BPF_ABS|size); 662 s->s.k = offset + off_nl; 663 } 664 b = new_block(JMP(BPF_JEQ)); 665 b->stmts = s; 666 b->s.k = v; 667 668 return b; 669 } 670 671 static void 672 init_linktype(type) 673 int type; 674 { 675 linktype = type; 676 init_code = NULL; 677 nl_reg = iphl_reg = -1; 678 679 switch (type) { 680 681 case DLT_EN10MB: 682 off_linktype = 12; 683 off_nl = 14; 684 return; 685 686 case DLT_SLIP: 687 /* 688 * SLIP doesn't have a link level type. The 16 byte 689 * header is hacked into our SLIP driver. 690 */ 691 off_linktype = -1; 692 off_nl = 16; 693 return; 694 695 case DLT_SLIP_BSDOS: 696 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 697 off_linktype = -1; 698 /* XXX end */ 699 off_nl = 24; 700 return; 701 702 case DLT_NULL: 703 off_linktype = 0; 704 off_nl = 4; 705 return; 706 707 case DLT_PPP: 708 off_linktype = 2; 709 off_nl = 4; 710 return; 711 712 case DLT_PPP_ETHER: 713 /* 714 * This does not include the Ethernet header, and 715 * only covers session state. 716 */ 717 off_linktype = 6; 718 off_nl = 8; 719 return; 720 721 case DLT_PPP_BSDOS: 722 off_linktype = 5; 723 off_nl = 24; 724 return; 725 726 case DLT_FDDI: 727 /* 728 * FDDI doesn't really have a link-level type field. 729 * We assume that SSAP = SNAP is being used and pick 730 * out the encapsulated Ethernet type. 731 */ 732 off_linktype = 19; 733 #ifdef PCAP_FDDIPAD 734 off_linktype += pcap_fddipad; 735 #endif 736 off_nl = 21; 737 #ifdef PCAP_FDDIPAD 738 off_nl += pcap_fddipad; 739 #endif 740 return; 741 742 case DLT_IEEE802: 743 off_linktype = 20; 744 off_nl = 22; 745 return; 746 747 case DLT_IEEE802_11: 748 off_linktype = 30; /* XXX variable */ 749 off_nl = 32; 750 return; 751 752 case DLT_IEEE802_11_RADIO: /* XXX variable */ 753 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 754 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 755 return; 756 757 case DLT_ATM_RFC1483: 758 /* 759 * assume routed, non-ISO PDUs 760 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 761 */ 762 off_linktype = 6; 763 off_nl = 8; 764 return; 765 766 case DLT_LOOP: 767 off_linktype = -1; 768 off_nl = 4; 769 return; 770 771 case DLT_ENC: 772 off_linktype = -1; 773 off_nl = 12; 774 return; 775 776 case DLT_PFLOG: 777 off_linktype = 0; 778 variable_nl = 1; 779 off_nl = 0; 780 return; 781 782 case DLT_PFSYNC: 783 off_linktype = -1; 784 off_nl = 4; 785 return; 786 787 case DLT_RAW: 788 off_linktype = -1; 789 off_nl = 0; 790 return; 791 } 792 bpf_error("unknown data link type 0x%x", linktype); 793 /* NOTREACHED */ 794 } 795 796 static struct block * 797 gen_uncond(rsense) 798 int rsense; 799 { 800 struct block *b; 801 struct slist *s; 802 803 s = new_stmt(BPF_LD|BPF_IMM); 804 s->s.k = !rsense; 805 b = new_block(JMP(BPF_JEQ)); 806 b->stmts = s; 807 808 return b; 809 } 810 811 static __inline struct block * 812 gen_true() 813 { 814 return gen_uncond(1); 815 } 816 817 static __inline struct block * 818 gen_false() 819 { 820 return gen_uncond(0); 821 } 822 823 static struct block * 824 gen_linktype(proto) 825 register int proto; 826 { 827 struct block *b0, *b1; 828 829 /* If we're not using encapsulation and checking for IP, we're done */ 830 if (off_linktype == -1 && proto == ETHERTYPE_IP) 831 return gen_true(); 832 #ifdef INET6 833 /* this isn't the right thing to do, but sometimes necessary */ 834 if (off_linktype == -1 && proto == ETHERTYPE_IPV6) 835 return gen_true(); 836 #endif 837 838 switch (linktype) { 839 840 case DLT_EN10MB: 841 if (proto <= ETHERMTU) { 842 /* This is an LLC SAP value */ 843 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 844 gen_not(b0); 845 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 846 gen_and(b0, b1); 847 return b1; 848 } else { 849 /* This is an Ethernet type */ 850 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 851 } 852 break; 853 854 case DLT_SLIP: 855 return gen_false(); 856 857 case DLT_PPP: 858 case DLT_PPP_ETHER: 859 if (proto == ETHERTYPE_IP) 860 proto = PPP_IP; /* XXX was 0x21 */ 861 #ifdef INET6 862 else if (proto == ETHERTYPE_IPV6) 863 proto = PPP_IPV6; 864 #endif 865 break; 866 867 case DLT_PPP_BSDOS: 868 switch (proto) { 869 870 case ETHERTYPE_IP: 871 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 872 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 873 gen_or(b0, b1); 874 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 875 gen_or(b1, b0); 876 return b0; 877 878 #ifdef INET6 879 case ETHERTYPE_IPV6: 880 proto = PPP_IPV6; 881 /* more to go? */ 882 break; 883 #endif /* INET6 */ 884 885 case ETHERTYPE_DN: 886 proto = PPP_DECNET; 887 break; 888 889 case ETHERTYPE_ATALK: 890 proto = PPP_APPLE; 891 break; 892 893 case ETHERTYPE_NS: 894 proto = PPP_NS; 895 break; 896 } 897 break; 898 899 case DLT_LOOP: 900 case DLT_ENC: 901 case DLT_NULL: 902 /* XXX */ 903 if (proto == ETHERTYPE_IP) 904 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 905 #ifdef INET6 906 else if (proto == ETHERTYPE_IPV6) 907 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 908 #endif /* INET6 */ 909 else 910 return gen_false(); 911 break; 912 case DLT_PFLOG: 913 if (proto == ETHERTYPE_IP) 914 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 915 (bpf_int32)AF_INET)); 916 #ifdef INET6 917 else if (proto == ETHERTYPE_IPV6) 918 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 919 (bpf_int32)AF_INET6)); 920 #endif /* INET6 */ 921 else 922 return gen_false(); 923 break; 924 925 } 926 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 927 } 928 929 static struct block * 930 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 931 bpf_u_int32 addr; 932 bpf_u_int32 mask; 933 int dir, proto; 934 u_int src_off, dst_off; 935 { 936 struct block *b0, *b1; 937 u_int offset; 938 939 switch (dir) { 940 941 case Q_SRC: 942 offset = src_off; 943 break; 944 945 case Q_DST: 946 offset = dst_off; 947 break; 948 949 case Q_AND: 950 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 951 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 952 gen_and(b0, b1); 953 return b1; 954 955 case Q_OR: 956 case Q_DEFAULT: 957 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 958 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 959 gen_or(b0, b1); 960 return b1; 961 962 default: 963 bpf_error("direction not supported on linktype 0x%x", 964 linktype); 965 } 966 b0 = gen_linktype(proto); 967 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 968 gen_and(b0, b1); 969 return b1; 970 } 971 972 #ifdef INET6 973 static struct block * 974 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 975 struct in6_addr *addr; 976 struct in6_addr *mask; 977 int dir, proto; 978 u_int src_off, dst_off; 979 { 980 struct block *b0, *b1; 981 u_int offset; 982 u_int32_t *a, *m; 983 984 switch (dir) { 985 986 case Q_SRC: 987 offset = src_off; 988 break; 989 990 case Q_DST: 991 offset = dst_off; 992 break; 993 994 case Q_AND: 995 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 996 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 997 gen_and(b0, b1); 998 return b1; 999 1000 case Q_OR: 1001 case Q_DEFAULT: 1002 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1003 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1004 gen_or(b0, b1); 1005 return b1; 1006 1007 default: 1008 bpf_error("direction not supported on linktype 0x%x", 1009 linktype); 1010 } 1011 /* this order is important */ 1012 a = (u_int32_t *)addr; 1013 m = (u_int32_t *)mask; 1014 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1015 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1016 gen_and(b0, b1); 1017 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1018 gen_and(b0, b1); 1019 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1020 gen_and(b0, b1); 1021 b0 = gen_linktype(proto); 1022 gen_and(b0, b1); 1023 return b1; 1024 } 1025 #endif /*INET6*/ 1026 1027 static struct block * 1028 gen_ehostop(eaddr, dir) 1029 register const u_char *eaddr; 1030 register int dir; 1031 { 1032 struct block *b0, *b1; 1033 1034 switch (dir) { 1035 case Q_SRC: 1036 return gen_bcmp(6, 6, eaddr); 1037 1038 case Q_DST: 1039 return gen_bcmp(0, 6, eaddr); 1040 1041 case Q_AND: 1042 b0 = gen_ehostop(eaddr, Q_SRC); 1043 b1 = gen_ehostop(eaddr, Q_DST); 1044 gen_and(b0, b1); 1045 return b1; 1046 1047 case Q_DEFAULT: 1048 case Q_OR: 1049 b0 = gen_ehostop(eaddr, Q_SRC); 1050 b1 = gen_ehostop(eaddr, Q_DST); 1051 gen_or(b0, b1); 1052 return b1; 1053 default: 1054 bpf_error("direction not supported on linktype 0x%x", 1055 linktype); 1056 } 1057 /* NOTREACHED */ 1058 } 1059 1060 /* 1061 * Like gen_ehostop, but for DLT_FDDI 1062 */ 1063 static struct block * 1064 gen_fhostop(eaddr, dir) 1065 register const u_char *eaddr; 1066 register int dir; 1067 { 1068 struct block *b0, *b1; 1069 1070 switch (dir) { 1071 case Q_SRC: 1072 #ifdef PCAP_FDDIPAD 1073 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1074 #else 1075 return gen_bcmp(6 + 1, 6, eaddr); 1076 #endif 1077 1078 case Q_DST: 1079 #ifdef PCAP_FDDIPAD 1080 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1081 #else 1082 return gen_bcmp(0 + 1, 6, eaddr); 1083 #endif 1084 1085 case Q_AND: 1086 b0 = gen_fhostop(eaddr, Q_SRC); 1087 b1 = gen_fhostop(eaddr, Q_DST); 1088 gen_and(b0, b1); 1089 return b1; 1090 1091 case Q_DEFAULT: 1092 case Q_OR: 1093 b0 = gen_fhostop(eaddr, Q_SRC); 1094 b1 = gen_fhostop(eaddr, Q_DST); 1095 gen_or(b0, b1); 1096 return b1; 1097 default: 1098 bpf_error("direction not supported on linktype 0x%x", 1099 linktype); 1100 } 1101 /* NOTREACHED */ 1102 } 1103 1104 /* 1105 * This is quite tricky because there may be pad bytes in front of the 1106 * DECNET header, and then there are two possible data packet formats that 1107 * carry both src and dst addresses, plus 5 packet types in a format that 1108 * carries only the src node, plus 2 types that use a different format and 1109 * also carry just the src node. 1110 * 1111 * Yuck. 1112 * 1113 * Instead of doing those all right, we just look for data packets with 1114 * 0 or 1 bytes of padding. If you want to look at other packets, that 1115 * will require a lot more hacking. 1116 * 1117 * To add support for filtering on DECNET "areas" (network numbers) 1118 * one would want to add a "mask" argument to this routine. That would 1119 * make the filter even more inefficient, although one could be clever 1120 * and not generate masking instructions if the mask is 0xFFFF. 1121 */ 1122 static struct block * 1123 gen_dnhostop(addr, dir, base_off) 1124 bpf_u_int32 addr; 1125 int dir; 1126 u_int base_off; 1127 { 1128 struct block *b0, *b1, *b2, *tmp; 1129 u_int offset_lh; /* offset if long header is received */ 1130 u_int offset_sh; /* offset if short header is received */ 1131 1132 switch (dir) { 1133 1134 case Q_DST: 1135 offset_sh = 1; /* follows flags */ 1136 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1137 break; 1138 1139 case Q_SRC: 1140 offset_sh = 3; /* follows flags, dstnode */ 1141 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1142 break; 1143 1144 case Q_AND: 1145 /* Inefficient because we do our Calvinball dance twice */ 1146 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1147 b1 = gen_dnhostop(addr, Q_DST, base_off); 1148 gen_and(b0, b1); 1149 return b1; 1150 1151 case Q_OR: 1152 case Q_DEFAULT: 1153 /* Inefficient because we do our Calvinball dance twice */ 1154 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1155 b1 = gen_dnhostop(addr, Q_DST, base_off); 1156 gen_or(b0, b1); 1157 return b1; 1158 1159 default: 1160 bpf_error("direction not supported on linktype 0x%x", 1161 linktype); 1162 } 1163 b0 = gen_linktype(ETHERTYPE_DN); 1164 /* Check for pad = 1, long header case */ 1165 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1166 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1167 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1168 BPF_H, (bpf_int32)ntohs(addr)); 1169 gen_and(tmp, b1); 1170 /* Check for pad = 0, long header case */ 1171 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1172 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1173 gen_and(tmp, b2); 1174 gen_or(b2, b1); 1175 /* Check for pad = 1, short header case */ 1176 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1177 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1178 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1179 BPF_H, (bpf_int32)ntohs(addr)); 1180 gen_and(tmp, b2); 1181 gen_or(b2, b1); 1182 /* Check for pad = 0, short header case */ 1183 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1184 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1185 gen_and(tmp, b2); 1186 gen_or(b2, b1); 1187 1188 /* Combine with test for linktype */ 1189 gen_and(b0, b1); 1190 return b1; 1191 } 1192 1193 static struct block * 1194 gen_host(addr, mask, proto, dir) 1195 bpf_u_int32 addr; 1196 bpf_u_int32 mask; 1197 int proto; 1198 int dir; 1199 { 1200 struct block *b0, *b1; 1201 1202 switch (proto) { 1203 1204 case Q_DEFAULT: 1205 b0 = gen_host(addr, mask, Q_IP, dir); 1206 b1 = gen_host(addr, mask, Q_ARP, dir); 1207 gen_or(b0, b1); 1208 b0 = gen_host(addr, mask, Q_RARP, dir); 1209 gen_or(b1, b0); 1210 return b0; 1211 1212 case Q_IP: 1213 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1214 12, 16); 1215 1216 case Q_RARP: 1217 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1218 14, 24); 1219 1220 case Q_ARP: 1221 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1222 14, 24); 1223 1224 case Q_TCP: 1225 bpf_error("'tcp' modifier applied to host"); 1226 1227 case Q_UDP: 1228 bpf_error("'udp' modifier applied to host"); 1229 1230 case Q_ICMP: 1231 bpf_error("'icmp' modifier applied to host"); 1232 1233 case Q_IGMP: 1234 bpf_error("'igmp' modifier applied to host"); 1235 1236 case Q_IGRP: 1237 bpf_error("'igrp' modifier applied to host"); 1238 1239 case Q_PIM: 1240 bpf_error("'pim' modifier applied to host"); 1241 1242 case Q_STP: 1243 bpf_error("'stp' modifier applied to host"); 1244 1245 case Q_ATALK: 1246 bpf_error("ATALK host filtering not implemented"); 1247 1248 case Q_DECNET: 1249 return gen_dnhostop(addr, dir, 0); 1250 1251 case Q_SCA: 1252 bpf_error("SCA host filtering not implemented"); 1253 1254 case Q_LAT: 1255 bpf_error("LAT host filtering not implemented"); 1256 1257 case Q_MOPDL: 1258 bpf_error("MOPDL host filtering not implemented"); 1259 1260 case Q_MOPRC: 1261 bpf_error("MOPRC host filtering not implemented"); 1262 1263 #ifdef INET6 1264 case Q_IPV6: 1265 bpf_error("'ip6' modifier applied to ip host"); 1266 1267 case Q_ICMPV6: 1268 bpf_error("'icmp6' modifier applied to host"); 1269 #endif /* INET6 */ 1270 1271 case Q_AH: 1272 bpf_error("'ah' modifier applied to host"); 1273 1274 case Q_ESP: 1275 bpf_error("'esp' modifier applied to host"); 1276 1277 default: 1278 bpf_error("direction not supported on linktype 0x%x", 1279 linktype); 1280 } 1281 /* NOTREACHED */ 1282 } 1283 1284 #ifdef INET6 1285 static struct block * 1286 gen_host6(addr, mask, proto, dir) 1287 struct in6_addr *addr; 1288 struct in6_addr *mask; 1289 int proto; 1290 int dir; 1291 { 1292 switch (proto) { 1293 1294 case Q_DEFAULT: 1295 return gen_host6(addr, mask, Q_IPV6, dir); 1296 1297 case Q_IP: 1298 bpf_error("'ip' modifier applied to ip6 host"); 1299 1300 case Q_RARP: 1301 bpf_error("'rarp' modifier applied to ip6 host"); 1302 1303 case Q_ARP: 1304 bpf_error("'arp' modifier applied to ip6 host"); 1305 1306 case Q_TCP: 1307 bpf_error("'tcp' modifier applied to host"); 1308 1309 case Q_UDP: 1310 bpf_error("'udp' modifier applied to host"); 1311 1312 case Q_ICMP: 1313 bpf_error("'icmp' modifier applied to host"); 1314 1315 case Q_IGMP: 1316 bpf_error("'igmp' modifier applied to host"); 1317 1318 case Q_IGRP: 1319 bpf_error("'igrp' modifier applied to host"); 1320 1321 case Q_PIM: 1322 bpf_error("'pim' modifier applied to host"); 1323 1324 case Q_STP: 1325 bpf_error("'stp' modifier applied to host"); 1326 1327 case Q_ATALK: 1328 bpf_error("ATALK host filtering not implemented"); 1329 1330 case Q_DECNET: 1331 bpf_error("'decnet' modifier applied to ip6 host"); 1332 1333 case Q_SCA: 1334 bpf_error("SCA host filtering not implemented"); 1335 1336 case Q_LAT: 1337 bpf_error("LAT host filtering not implemented"); 1338 1339 case Q_MOPDL: 1340 bpf_error("MOPDL host filtering not implemented"); 1341 1342 case Q_MOPRC: 1343 bpf_error("MOPRC host filtering not implemented"); 1344 1345 case Q_IPV6: 1346 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1347 8, 24); 1348 1349 case Q_ICMPV6: 1350 bpf_error("'icmp6' modifier applied to host"); 1351 1352 case Q_AH: 1353 bpf_error("'ah' modifier applied to host"); 1354 1355 case Q_ESP: 1356 bpf_error("'esp' modifier applied to host"); 1357 1358 default: 1359 abort(); 1360 } 1361 /* NOTREACHED */ 1362 } 1363 #endif /*INET6*/ 1364 1365 #ifndef INET6 1366 static struct block * 1367 gen_gateway(eaddr, alist, proto, dir) 1368 const u_char *eaddr; 1369 bpf_u_int32 **alist; 1370 int proto; 1371 int dir; 1372 { 1373 struct block *b0, *b1, *tmp; 1374 1375 if (dir != 0) 1376 bpf_error("direction applied to 'gateway'"); 1377 1378 switch (proto) { 1379 case Q_DEFAULT: 1380 case Q_IP: 1381 case Q_ARP: 1382 case Q_RARP: 1383 if (linktype == DLT_EN10MB) 1384 b0 = gen_ehostop(eaddr, Q_OR); 1385 else if (linktype == DLT_FDDI) 1386 b0 = gen_fhostop(eaddr, Q_OR); 1387 else 1388 bpf_error( 1389 "'gateway' supported only on ethernet or FDDI"); 1390 1391 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1392 while (*alist) { 1393 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1394 gen_or(b1, tmp); 1395 b1 = tmp; 1396 } 1397 gen_not(b1); 1398 gen_and(b0, b1); 1399 return b1; 1400 } 1401 bpf_error("illegal modifier of 'gateway'"); 1402 /* NOTREACHED */ 1403 } 1404 #endif /*INET6*/ 1405 1406 struct block * 1407 gen_proto_abbrev(proto) 1408 int proto; 1409 { 1410 struct block *b0 = NULL, *b1; 1411 1412 switch (proto) { 1413 1414 case Q_TCP: 1415 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1416 #ifdef INET6 1417 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1418 gen_or(b0, b1); 1419 #endif 1420 break; 1421 1422 case Q_UDP: 1423 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1424 #ifdef INET6 1425 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1426 gen_or(b0, b1); 1427 #endif 1428 break; 1429 1430 case Q_ICMP: 1431 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1432 break; 1433 1434 #ifndef IPPROTO_IGMP 1435 #define IPPROTO_IGMP 2 1436 #endif 1437 1438 case Q_IGMP: 1439 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1440 break; 1441 1442 #ifndef IPPROTO_IGRP 1443 #define IPPROTO_IGRP 9 1444 #endif 1445 case Q_IGRP: 1446 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1447 break; 1448 1449 #ifndef IPPROTO_PIM 1450 #define IPPROTO_PIM 103 1451 #endif 1452 1453 case Q_PIM: 1454 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1455 #ifdef INET6 1456 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1457 gen_or(b0, b1); 1458 #endif 1459 break; 1460 1461 case Q_IP: 1462 b1 = gen_linktype(ETHERTYPE_IP); 1463 break; 1464 1465 case Q_ARP: 1466 b1 = gen_linktype(ETHERTYPE_ARP); 1467 break; 1468 1469 case Q_RARP: 1470 b1 = gen_linktype(ETHERTYPE_REVARP); 1471 break; 1472 1473 case Q_LINK: 1474 bpf_error("link layer applied in wrong context"); 1475 1476 case Q_ATALK: 1477 b1 = gen_linktype(ETHERTYPE_ATALK); 1478 break; 1479 1480 case Q_DECNET: 1481 b1 = gen_linktype(ETHERTYPE_DN); 1482 break; 1483 1484 case Q_SCA: 1485 b1 = gen_linktype(ETHERTYPE_SCA); 1486 break; 1487 1488 case Q_LAT: 1489 b1 = gen_linktype(ETHERTYPE_LAT); 1490 break; 1491 1492 case Q_MOPDL: 1493 b1 = gen_linktype(ETHERTYPE_MOPDL); 1494 break; 1495 1496 case Q_MOPRC: 1497 b1 = gen_linktype(ETHERTYPE_MOPRC); 1498 break; 1499 1500 case Q_STP: 1501 b1 = gen_linktype(LLCSAP_8021D); 1502 break; 1503 1504 #ifdef INET6 1505 case Q_IPV6: 1506 b1 = gen_linktype(ETHERTYPE_IPV6); 1507 break; 1508 1509 #ifndef IPPROTO_ICMPV6 1510 #define IPPROTO_ICMPV6 58 1511 #endif 1512 case Q_ICMPV6: 1513 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1514 break; 1515 #endif /* INET6 */ 1516 1517 #ifndef IPPROTO_AH 1518 #define IPPROTO_AH 51 1519 #endif 1520 case Q_AH: 1521 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1522 #ifdef INET6 1523 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1524 gen_or(b0, b1); 1525 #endif 1526 break; 1527 1528 #ifndef IPPROTO_ESP 1529 #define IPPROTO_ESP 50 1530 #endif 1531 case Q_ESP: 1532 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1533 #ifdef INET6 1534 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1535 gen_or(b0, b1); 1536 #endif 1537 break; 1538 1539 default: 1540 abort(); 1541 } 1542 return b1; 1543 } 1544 1545 static struct block * 1546 gen_ipfrag() 1547 { 1548 struct slist *s, *tmp; 1549 struct block *b; 1550 1551 /* not ip frag */ 1552 if (variable_nl) { 1553 s = nl2X_stmt(); 1554 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1555 tmp->s.k = 6; 1556 sappend(s, tmp); 1557 } else { 1558 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1559 s->s.k = off_nl + 6; 1560 } 1561 b = new_block(JMP(BPF_JSET)); 1562 b->s.k = 0x1fff; 1563 b->stmts = s; 1564 gen_not(b); 1565 1566 return b; 1567 } 1568 1569 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1570 This function generates code to set X to the start of the IP payload 1571 X = off_nl + IP header_len. 1572 */ 1573 static struct slist * 1574 iphl_to_x(void) 1575 { 1576 struct slist *s, *tmp; 1577 1578 /* XXX clobbers A if variable_nl*/ 1579 if (variable_nl) { 1580 if (iphl_reg == -1) { 1581 /* X <- off_nl */ 1582 s = nl2X_stmt(); 1583 1584 /* A = p[X+0] */ 1585 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1586 tmp->s.k = 0; 1587 sappend(s, tmp); 1588 1589 /* A = A & 0x0f */ 1590 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1591 tmp->s.k = 0x0f; 1592 sappend(s, tmp); 1593 1594 /* A = A << 2 */ 1595 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1596 tmp->s.k = 2; 1597 sappend(s, tmp); 1598 1599 /* A = A + X (add off_nl again to compansate) */ 1600 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1601 1602 /* MEM[iphl_reg] = A */ 1603 iphl_reg = alloc_reg(); 1604 tmp = new_stmt(BPF_ST); 1605 tmp->s.k = iphl_reg; 1606 sappend(s, tmp); 1607 1608 sappend(init_code, s); 1609 } 1610 s = new_stmt(BPF_LDX|BPF_MEM); 1611 s->s.k = iphl_reg; 1612 1613 } else { 1614 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1615 s->s.k = off_nl; 1616 } 1617 1618 return s; 1619 } 1620 1621 static struct block * 1622 gen_portatom(off, v) 1623 int off; 1624 bpf_int32 v; 1625 { 1626 struct slist *s, *tmp; 1627 struct block *b; 1628 1629 s = iphl_to_x(); 1630 1631 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1632 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1633 sappend(s, tmp); 1634 1635 b = new_block(JMP(BPF_JEQ)); 1636 b->stmts = s; 1637 b->s.k = v; 1638 1639 return b; 1640 } 1641 1642 #ifdef INET6 1643 static struct block * 1644 gen_portatom6(off, v) 1645 int off; 1646 bpf_int32 v; 1647 { 1648 return gen_cmp_nl(40 + off, BPF_H, v); 1649 } 1650 #endif/*INET6*/ 1651 1652 struct block * 1653 gen_portop(port, proto, dir) 1654 int port, proto, dir; 1655 { 1656 struct block *b0, *b1, *tmp; 1657 1658 /* ip proto 'proto' */ 1659 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1660 b0 = gen_ipfrag(); 1661 gen_and(tmp, b0); 1662 1663 switch (dir) { 1664 case Q_SRC: 1665 b1 = gen_portatom(0, (bpf_int32)port); 1666 break; 1667 1668 case Q_DST: 1669 b1 = gen_portatom(2, (bpf_int32)port); 1670 break; 1671 1672 case Q_OR: 1673 case Q_DEFAULT: 1674 tmp = gen_portatom(0, (bpf_int32)port); 1675 b1 = gen_portatom(2, (bpf_int32)port); 1676 gen_or(tmp, b1); 1677 break; 1678 1679 case Q_AND: 1680 tmp = gen_portatom(0, (bpf_int32)port); 1681 b1 = gen_portatom(2, (bpf_int32)port); 1682 gen_and(tmp, b1); 1683 break; 1684 1685 default: 1686 abort(); 1687 } 1688 gen_and(b0, b1); 1689 1690 return b1; 1691 } 1692 1693 static struct block * 1694 gen_port(port, ip_proto, dir) 1695 int port; 1696 int ip_proto; 1697 int dir; 1698 { 1699 struct block *b0, *b1, *tmp; 1700 1701 /* ether proto ip */ 1702 b0 = gen_linktype(ETHERTYPE_IP); 1703 1704 switch (ip_proto) { 1705 case IPPROTO_UDP: 1706 case IPPROTO_TCP: 1707 b1 = gen_portop(port, ip_proto, dir); 1708 break; 1709 1710 case PROTO_UNDEF: 1711 tmp = gen_portop(port, IPPROTO_TCP, dir); 1712 b1 = gen_portop(port, IPPROTO_UDP, dir); 1713 gen_or(tmp, b1); 1714 break; 1715 1716 default: 1717 abort(); 1718 } 1719 gen_and(b0, b1); 1720 return b1; 1721 } 1722 1723 #ifdef INET6 1724 struct block * 1725 gen_portop6(port, proto, dir) 1726 int port, proto, dir; 1727 { 1728 struct block *b0, *b1, *tmp; 1729 1730 /* ip proto 'proto' */ 1731 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1732 1733 switch (dir) { 1734 case Q_SRC: 1735 b1 = gen_portatom6(0, (bpf_int32)port); 1736 break; 1737 1738 case Q_DST: 1739 b1 = gen_portatom6(2, (bpf_int32)port); 1740 break; 1741 1742 case Q_OR: 1743 case Q_DEFAULT: 1744 tmp = gen_portatom6(0, (bpf_int32)port); 1745 b1 = gen_portatom6(2, (bpf_int32)port); 1746 gen_or(tmp, b1); 1747 break; 1748 1749 case Q_AND: 1750 tmp = gen_portatom6(0, (bpf_int32)port); 1751 b1 = gen_portatom6(2, (bpf_int32)port); 1752 gen_and(tmp, b1); 1753 break; 1754 1755 default: 1756 abort(); 1757 } 1758 gen_and(b0, b1); 1759 1760 return b1; 1761 } 1762 1763 static struct block * 1764 gen_port6(port, ip_proto, dir) 1765 int port; 1766 int ip_proto; 1767 int dir; 1768 { 1769 struct block *b0, *b1, *tmp; 1770 1771 /* ether proto ip */ 1772 b0 = gen_linktype(ETHERTYPE_IPV6); 1773 1774 switch (ip_proto) { 1775 case IPPROTO_UDP: 1776 case IPPROTO_TCP: 1777 b1 = gen_portop6(port, ip_proto, dir); 1778 break; 1779 1780 case PROTO_UNDEF: 1781 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1782 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1783 gen_or(tmp, b1); 1784 break; 1785 1786 default: 1787 abort(); 1788 } 1789 gen_and(b0, b1); 1790 return b1; 1791 } 1792 #endif /* INET6 */ 1793 1794 static int 1795 lookup_proto(name, proto) 1796 register const char *name; 1797 register int proto; 1798 { 1799 register int v; 1800 1801 switch (proto) { 1802 1803 case Q_DEFAULT: 1804 case Q_IP: 1805 v = pcap_nametoproto(name); 1806 if (v == PROTO_UNDEF) 1807 bpf_error("unknown ip proto '%s'", name); 1808 break; 1809 1810 case Q_LINK: 1811 /* XXX should look up h/w protocol type based on linktype */ 1812 v = pcap_nametoeproto(name); 1813 if (v == PROTO_UNDEF) { 1814 v = pcap_nametollc(name); 1815 if (v == PROTO_UNDEF) 1816 bpf_error("unknown ether proto '%s'", name); 1817 } 1818 break; 1819 1820 default: 1821 v = PROTO_UNDEF; 1822 break; 1823 } 1824 return v; 1825 } 1826 1827 static struct block * 1828 gen_protochain(v, proto, dir) 1829 int v; 1830 int proto; 1831 int dir; 1832 { 1833 struct block *b0, *b; 1834 struct slist *s[100]; 1835 int fix2, fix3, fix4, fix5; 1836 int ahcheck, again, end; 1837 int i, max; 1838 int reg1 = alloc_reg(); 1839 int reg2 = alloc_reg(); 1840 1841 memset(s, 0, sizeof(s)); 1842 fix2 = fix3 = fix4 = fix5 = 0; 1843 1844 if (variable_nl) { 1845 bpf_error("'gen_protochain' not supported for variable DLTs"); 1846 /*NOTREACHED*/ 1847 } 1848 1849 switch (proto) { 1850 case Q_IP: 1851 case Q_IPV6: 1852 break; 1853 case Q_DEFAULT: 1854 b0 = gen_protochain(v, Q_IP, dir); 1855 b = gen_protochain(v, Q_IPV6, dir); 1856 gen_or(b0, b); 1857 return b; 1858 default: 1859 bpf_error("bad protocol applied for 'protochain'"); 1860 /*NOTREACHED*/ 1861 } 1862 1863 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1864 1865 /* 1866 * s[0] is a dummy entry to protect other BPF insn from damaged 1867 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1868 * hard to find interdependency made by jump table fixup. 1869 */ 1870 i = 0; 1871 s[i] = new_stmt(0); /*dummy*/ 1872 i++; 1873 1874 switch (proto) { 1875 case Q_IP: 1876 b0 = gen_linktype(ETHERTYPE_IP); 1877 1878 /* A = ip->ip_p */ 1879 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1880 s[i]->s.k = off_nl + 9; 1881 i++; 1882 /* X = ip->ip_hl << 2 */ 1883 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1884 s[i]->s.k = off_nl; 1885 i++; 1886 break; 1887 case Q_IPV6: 1888 b0 = gen_linktype(ETHERTYPE_IPV6); 1889 1890 /* A = ip6->ip_nxt */ 1891 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1892 s[i]->s.k = off_nl + 6; 1893 i++; 1894 /* X = sizeof(struct ip6_hdr) */ 1895 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1896 s[i]->s.k = 40; 1897 i++; 1898 break; 1899 default: 1900 bpf_error("unsupported proto to gen_protochain"); 1901 /*NOTREACHED*/ 1902 } 1903 1904 /* again: if (A == v) goto end; else fall through; */ 1905 again = i; 1906 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1907 s[i]->s.k = v; 1908 s[i]->s.jt = NULL; /*later*/ 1909 s[i]->s.jf = NULL; /*update in next stmt*/ 1910 fix5 = i; 1911 i++; 1912 1913 /* if (A == IPPROTO_NONE) goto end */ 1914 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1915 s[i]->s.jt = NULL; /*later*/ 1916 s[i]->s.jf = NULL; /*update in next stmt*/ 1917 s[i]->s.k = IPPROTO_NONE; 1918 s[fix5]->s.jf = s[i]; 1919 fix2 = i; 1920 i++; 1921 1922 if (proto == Q_IPV6) { 1923 int v6start, v6end, v6advance, j; 1924 1925 v6start = i; 1926 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1927 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1928 s[i]->s.jt = NULL; /*later*/ 1929 s[i]->s.jf = NULL; /*update in next stmt*/ 1930 s[i]->s.k = IPPROTO_HOPOPTS; 1931 s[fix2]->s.jf = s[i]; 1932 i++; 1933 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1934 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1935 s[i]->s.jt = NULL; /*later*/ 1936 s[i]->s.jf = NULL; /*update in next stmt*/ 1937 s[i]->s.k = IPPROTO_DSTOPTS; 1938 i++; 1939 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1940 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1941 s[i]->s.jt = NULL; /*later*/ 1942 s[i]->s.jf = NULL; /*update in next stmt*/ 1943 s[i]->s.k = IPPROTO_ROUTING; 1944 i++; 1945 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1946 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1947 s[i]->s.jt = NULL; /*later*/ 1948 s[i]->s.jf = NULL; /*later*/ 1949 s[i]->s.k = IPPROTO_FRAGMENT; 1950 fix3 = i; 1951 v6end = i; 1952 i++; 1953 1954 /* v6advance: */ 1955 v6advance = i; 1956 1957 /* 1958 * in short, 1959 * A = P[X + 1]; 1960 * X = X + (P[X] + 1) * 8; 1961 */ 1962 /* A = X */ 1963 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1964 i++; 1965 /* MEM[reg1] = A */ 1966 s[i] = new_stmt(BPF_ST); 1967 s[i]->s.k = reg1; 1968 i++; 1969 /* A += 1 */ 1970 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1971 s[i]->s.k = 1; 1972 i++; 1973 /* X = A */ 1974 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1975 i++; 1976 /* A = P[X + packet head]; */ 1977 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1978 s[i]->s.k = off_nl; 1979 i++; 1980 /* MEM[reg2] = A */ 1981 s[i] = new_stmt(BPF_ST); 1982 s[i]->s.k = reg2; 1983 i++; 1984 /* X = MEM[reg1] */ 1985 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1986 s[i]->s.k = reg1; 1987 i++; 1988 /* A = P[X + packet head] */ 1989 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1990 s[i]->s.k = off_nl; 1991 i++; 1992 /* A += 1 */ 1993 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1994 s[i]->s.k = 1; 1995 i++; 1996 /* A *= 8 */ 1997 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 1998 s[i]->s.k = 8; 1999 i++; 2000 /* X = A; */ 2001 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2002 i++; 2003 /* A = MEM[reg2] */ 2004 s[i] = new_stmt(BPF_LD|BPF_MEM); 2005 s[i]->s.k = reg2; 2006 i++; 2007 2008 /* goto again; (must use BPF_JA for backward jump) */ 2009 s[i] = new_stmt(BPF_JMP|BPF_JA); 2010 s[i]->s.k = again - i - 1; 2011 s[i - 1]->s.jf = s[i]; 2012 i++; 2013 2014 /* fixup */ 2015 for (j = v6start; j <= v6end; j++) 2016 s[j]->s.jt = s[v6advance]; 2017 } else { 2018 /* nop */ 2019 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2020 s[i]->s.k = 0; 2021 s[fix2]->s.jf = s[i]; 2022 i++; 2023 } 2024 2025 /* ahcheck: */ 2026 ahcheck = i; 2027 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2028 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2029 s[i]->s.jt = NULL; /*later*/ 2030 s[i]->s.jf = NULL; /*later*/ 2031 s[i]->s.k = IPPROTO_AH; 2032 if (fix3) 2033 s[fix3]->s.jf = s[ahcheck]; 2034 fix4 = i; 2035 i++; 2036 2037 /* 2038 * in short, 2039 * A = P[X + 1]; 2040 * X = X + (P[X] + 2) * 4; 2041 */ 2042 /* A = X */ 2043 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2044 i++; 2045 /* MEM[reg1] = A */ 2046 s[i] = new_stmt(BPF_ST); 2047 s[i]->s.k = reg1; 2048 i++; 2049 /* A += 1 */ 2050 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2051 s[i]->s.k = 1; 2052 i++; 2053 /* X = A */ 2054 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2055 i++; 2056 /* A = P[X + packet head]; */ 2057 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2058 s[i]->s.k = off_nl; 2059 i++; 2060 /* MEM[reg2] = A */ 2061 s[i] = new_stmt(BPF_ST); 2062 s[i]->s.k = reg2; 2063 i++; 2064 /* X = MEM[reg1] */ 2065 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2066 s[i]->s.k = reg1; 2067 i++; 2068 /* A = P[X + packet head] */ 2069 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2070 s[i]->s.k = off_nl; 2071 i++; 2072 /* A += 2 */ 2073 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2074 s[i]->s.k = 2; 2075 i++; 2076 /* A *= 4 */ 2077 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2078 s[i]->s.k = 4; 2079 i++; 2080 /* X = A; */ 2081 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2082 i++; 2083 /* A = MEM[reg2] */ 2084 s[i] = new_stmt(BPF_LD|BPF_MEM); 2085 s[i]->s.k = reg2; 2086 i++; 2087 2088 /* goto again; (must use BPF_JA for backward jump) */ 2089 s[i] = new_stmt(BPF_JMP|BPF_JA); 2090 s[i]->s.k = again - i - 1; 2091 i++; 2092 2093 /* end: nop */ 2094 end = i; 2095 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2096 s[i]->s.k = 0; 2097 s[fix2]->s.jt = s[end]; 2098 s[fix4]->s.jf = s[end]; 2099 s[fix5]->s.jt = s[end]; 2100 i++; 2101 2102 /* 2103 * make slist chain 2104 */ 2105 max = i; 2106 for (i = 0; i < max - 1; i++) 2107 s[i]->next = s[i + 1]; 2108 s[max - 1]->next = NULL; 2109 2110 /* 2111 * emit final check 2112 */ 2113 b = new_block(JMP(BPF_JEQ)); 2114 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2115 b->s.k = v; 2116 2117 free_reg(reg1); 2118 free_reg(reg2); 2119 2120 gen_and(b0, b); 2121 return b; 2122 } 2123 2124 static struct block * 2125 gen_proto(v, proto, dir) 2126 int v; 2127 int proto; 2128 int dir; 2129 { 2130 struct block *b0, *b1; 2131 2132 if (dir != Q_DEFAULT) 2133 bpf_error("direction applied to 'proto'"); 2134 2135 switch (proto) { 2136 case Q_DEFAULT: 2137 #ifdef INET6 2138 b0 = gen_proto(v, Q_IP, dir); 2139 b1 = gen_proto(v, Q_IPV6, dir); 2140 gen_or(b0, b1); 2141 return b1; 2142 #else 2143 /*FALLTHROUGH*/ 2144 #endif 2145 case Q_IP: 2146 b0 = gen_linktype(ETHERTYPE_IP); 2147 #ifndef CHASE_CHAIN 2148 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2149 #else 2150 b1 = gen_protochain(v, Q_IP); 2151 #endif 2152 gen_and(b0, b1); 2153 return b1; 2154 2155 case Q_ARP: 2156 bpf_error("arp does not encapsulate another protocol"); 2157 /* NOTREACHED */ 2158 2159 case Q_RARP: 2160 bpf_error("rarp does not encapsulate another protocol"); 2161 /* NOTREACHED */ 2162 2163 case Q_ATALK: 2164 bpf_error("atalk encapsulation is not specifiable"); 2165 /* NOTREACHED */ 2166 2167 case Q_DECNET: 2168 bpf_error("decnet encapsulation is not specifiable"); 2169 /* NOTREACHED */ 2170 2171 case Q_SCA: 2172 bpf_error("sca does not encapsulate another protocol"); 2173 /* NOTREACHED */ 2174 2175 case Q_LAT: 2176 bpf_error("lat does not encapsulate another protocol"); 2177 /* NOTREACHED */ 2178 2179 case Q_MOPRC: 2180 bpf_error("moprc does not encapsulate another protocol"); 2181 /* NOTREACHED */ 2182 2183 case Q_MOPDL: 2184 bpf_error("mopdl does not encapsulate another protocol"); 2185 /* NOTREACHED */ 2186 2187 case Q_LINK: 2188 return gen_linktype(v); 2189 2190 case Q_UDP: 2191 bpf_error("'udp proto' is bogus"); 2192 /* NOTREACHED */ 2193 2194 case Q_TCP: 2195 bpf_error("'tcp proto' is bogus"); 2196 /* NOTREACHED */ 2197 2198 case Q_ICMP: 2199 bpf_error("'icmp proto' is bogus"); 2200 /* NOTREACHED */ 2201 2202 case Q_IGMP: 2203 bpf_error("'igmp proto' is bogus"); 2204 /* NOTREACHED */ 2205 2206 case Q_IGRP: 2207 bpf_error("'igrp proto' is bogus"); 2208 /* NOTREACHED */ 2209 2210 case Q_PIM: 2211 bpf_error("'pim proto' is bogus"); 2212 /* NOTREACHED */ 2213 2214 case Q_STP: 2215 bpf_error("'stp proto' is bogus"); 2216 /* NOTREACHED */ 2217 2218 #ifdef INET6 2219 case Q_IPV6: 2220 b0 = gen_linktype(ETHERTYPE_IPV6); 2221 #ifndef CHASE_CHAIN 2222 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2223 #else 2224 b1 = gen_protochain(v, Q_IPV6); 2225 #endif 2226 gen_and(b0, b1); 2227 return b1; 2228 2229 case Q_ICMPV6: 2230 bpf_error("'icmp6 proto' is bogus"); 2231 #endif /* INET6 */ 2232 2233 case Q_AH: 2234 bpf_error("'ah proto' is bogus"); 2235 2236 case Q_ESP: 2237 bpf_error("'ah proto' is bogus"); 2238 2239 default: 2240 abort(); 2241 /* NOTREACHED */ 2242 } 2243 /* NOTREACHED */ 2244 } 2245 2246 struct block * 2247 gen_scode(name, q) 2248 register const char *name; 2249 struct qual q; 2250 { 2251 int proto = q.proto; 2252 int dir = q.dir; 2253 int tproto; 2254 u_char *eaddr; 2255 bpf_u_int32 mask, addr; 2256 #ifndef INET6 2257 bpf_u_int32 **alist; 2258 #else 2259 int tproto6; 2260 struct sockaddr_in *sin; 2261 struct sockaddr_in6 *sin6; 2262 struct addrinfo *res, *res0; 2263 struct in6_addr mask128; 2264 #endif /*INET6*/ 2265 struct block *b, *tmp; 2266 int port, real_proto; 2267 2268 switch (q.addr) { 2269 2270 case Q_NET: 2271 addr = pcap_nametonetaddr(name); 2272 if (addr == 0) 2273 bpf_error("unknown network '%s'", name); 2274 /* Left justify network addr and calculate its network mask */ 2275 mask = 0xffffffff; 2276 while (addr && (addr & 0xff000000) == 0) { 2277 addr <<= 8; 2278 mask <<= 8; 2279 } 2280 return gen_host(addr, mask, proto, dir); 2281 2282 case Q_DEFAULT: 2283 case Q_HOST: 2284 if (proto == Q_LINK) { 2285 switch (linktype) { 2286 2287 case DLT_EN10MB: 2288 eaddr = pcap_ether_hostton(name); 2289 if (eaddr == NULL) 2290 bpf_error( 2291 "unknown ether host '%s'", name); 2292 return gen_ehostop(eaddr, dir); 2293 2294 case DLT_FDDI: 2295 eaddr = pcap_ether_hostton(name); 2296 if (eaddr == NULL) 2297 bpf_error( 2298 "unknown FDDI host '%s'", name); 2299 return gen_fhostop(eaddr, dir); 2300 2301 case DLT_IEEE802_11: 2302 case DLT_IEEE802_11_RADIO: 2303 eaddr = pcap_ether_hostton(name); 2304 if (eaddr == NULL) 2305 bpf_error( 2306 "unknown 802.11 host '%s'", name); 2307 2308 return gen_p80211_hostop(eaddr, dir); 2309 2310 default: 2311 bpf_error( 2312 "only ethernet/FDDI supports link-level host name"); 2313 break; 2314 } 2315 } else if (proto == Q_DECNET) { 2316 unsigned short dn_addr = __pcap_nametodnaddr(name); 2317 /* 2318 * I don't think DECNET hosts can be multihomed, so 2319 * there is no need to build up a list of addresses 2320 */ 2321 return (gen_host(dn_addr, 0, proto, dir)); 2322 } else { 2323 #ifndef INET6 2324 alist = pcap_nametoaddr(name); 2325 if (alist == NULL || *alist == NULL) 2326 bpf_error("unknown host '%s'", name); 2327 tproto = proto; 2328 if (off_linktype == -1 && tproto == Q_DEFAULT) 2329 tproto = Q_IP; 2330 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2331 while (*alist) { 2332 tmp = gen_host(**alist++, 0xffffffff, 2333 tproto, dir); 2334 gen_or(b, tmp); 2335 b = tmp; 2336 } 2337 return b; 2338 #else 2339 memset(&mask128, 0xff, sizeof(mask128)); 2340 res0 = res = pcap_nametoaddrinfo(name); 2341 if (res == NULL) 2342 bpf_error("unknown host '%s'", name); 2343 b = tmp = NULL; 2344 tproto = tproto6 = proto; 2345 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2346 tproto = Q_IP; 2347 tproto6 = Q_IPV6; 2348 } 2349 for (res = res0; res; res = res->ai_next) { 2350 switch (res->ai_family) { 2351 case AF_INET: 2352 if (tproto == Q_IPV6) 2353 continue; 2354 2355 sin = (struct sockaddr_in *) 2356 res->ai_addr; 2357 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2358 0xffffffff, tproto, dir); 2359 break; 2360 case AF_INET6: 2361 if (tproto6 == Q_IP) 2362 continue; 2363 2364 sin6 = (struct sockaddr_in6 *) 2365 res->ai_addr; 2366 tmp = gen_host6(&sin6->sin6_addr, 2367 &mask128, tproto6, dir); 2368 break; 2369 } 2370 if (b) 2371 gen_or(b, tmp); 2372 b = tmp; 2373 } 2374 freeaddrinfo(res0); 2375 if (b == NULL) { 2376 bpf_error("unknown host '%s'%s", name, 2377 (proto == Q_DEFAULT) 2378 ? "" 2379 : " for specified address family"); 2380 } 2381 return b; 2382 #endif /*INET6*/ 2383 } 2384 2385 case Q_PORT: 2386 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2387 bpf_error("illegal qualifier of 'port'"); 2388 if (pcap_nametoport(name, &port, &real_proto) == 0) 2389 bpf_error("unknown port '%s'", name); 2390 if (proto == Q_UDP) { 2391 if (real_proto == IPPROTO_TCP) 2392 bpf_error("port '%s' is tcp", name); 2393 else 2394 /* override PROTO_UNDEF */ 2395 real_proto = IPPROTO_UDP; 2396 } 2397 if (proto == Q_TCP) { 2398 if (real_proto == IPPROTO_UDP) 2399 bpf_error("port '%s' is udp", name); 2400 else 2401 /* override PROTO_UNDEF */ 2402 real_proto = IPPROTO_TCP; 2403 } 2404 #ifndef INET6 2405 return gen_port(port, real_proto, dir); 2406 #else 2407 { 2408 struct block *b; 2409 b = gen_port(port, real_proto, dir); 2410 gen_or(gen_port6(port, real_proto, dir), b); 2411 return b; 2412 } 2413 #endif /* INET6 */ 2414 2415 case Q_GATEWAY: 2416 #ifndef INET6 2417 eaddr = pcap_ether_hostton(name); 2418 if (eaddr == NULL) 2419 bpf_error("unknown ether host: %s", name); 2420 2421 alist = pcap_nametoaddr(name); 2422 if (alist == NULL || *alist == NULL) 2423 bpf_error("unknown host '%s'", name); 2424 return gen_gateway(eaddr, alist, proto, dir); 2425 #else 2426 bpf_error("'gateway' not supported in this configuration"); 2427 #endif /*INET6*/ 2428 2429 case Q_PROTO: 2430 real_proto = lookup_proto(name, proto); 2431 if (real_proto >= 0) 2432 return gen_proto(real_proto, proto, dir); 2433 else 2434 bpf_error("unknown protocol: %s", name); 2435 2436 case Q_PROTOCHAIN: 2437 real_proto = lookup_proto(name, proto); 2438 if (real_proto >= 0) 2439 return gen_protochain(real_proto, proto, dir); 2440 else 2441 bpf_error("unknown protocol: %s", name); 2442 2443 2444 case Q_UNDEF: 2445 syntax(); 2446 /* NOTREACHED */ 2447 } 2448 abort(); 2449 /* NOTREACHED */ 2450 } 2451 2452 struct block * 2453 gen_mcode(s1, s2, masklen, q) 2454 register const char *s1, *s2; 2455 register int masklen; 2456 struct qual q; 2457 { 2458 register int nlen, mlen; 2459 bpf_u_int32 n, m; 2460 2461 nlen = __pcap_atoin(s1, &n); 2462 /* Promote short ipaddr */ 2463 n <<= 32 - nlen; 2464 2465 if (s2 != NULL) { 2466 mlen = __pcap_atoin(s2, &m); 2467 /* Promote short ipaddr */ 2468 m <<= 32 - mlen; 2469 if ((n & ~m) != 0) 2470 bpf_error("non-network bits set in \"%s mask %s\"", 2471 s1, s2); 2472 } else { 2473 /* Convert mask len to mask */ 2474 if (masklen > 32) 2475 bpf_error("mask length must be <= 32"); 2476 m = 0xffffffff << (32 - masklen); 2477 if ((n & ~m) != 0) 2478 bpf_error("non-network bits set in \"%s/%d\"", 2479 s1, masklen); 2480 } 2481 2482 switch (q.addr) { 2483 2484 case Q_NET: 2485 return gen_host(n, m, q.proto, q.dir); 2486 2487 default: 2488 bpf_error("Mask syntax for networks only"); 2489 /* NOTREACHED */ 2490 } 2491 } 2492 2493 struct block * 2494 gen_ncode(s, v, q) 2495 register const char *s; 2496 bpf_u_int32 v; 2497 struct qual q; 2498 { 2499 bpf_u_int32 mask; 2500 int proto = q.proto; 2501 int dir = q.dir; 2502 register int vlen; 2503 2504 if (s == NULL) 2505 vlen = 32; 2506 else if (q.proto == Q_DECNET) 2507 vlen = __pcap_atodn(s, &v); 2508 else 2509 vlen = __pcap_atoin(s, &v); 2510 2511 switch (q.addr) { 2512 2513 case Q_DEFAULT: 2514 case Q_HOST: 2515 case Q_NET: 2516 if (proto == Q_DECNET) 2517 return gen_host(v, 0, proto, dir); 2518 else if (proto == Q_LINK) { 2519 bpf_error("illegal link layer address"); 2520 } else { 2521 mask = 0xffffffff; 2522 if (s == NULL && q.addr == Q_NET) { 2523 /* Promote short net number */ 2524 while (v && (v & 0xff000000) == 0) { 2525 v <<= 8; 2526 mask <<= 8; 2527 } 2528 } else { 2529 /* Promote short ipaddr */ 2530 v <<= 32 - vlen; 2531 mask <<= 32 - vlen; 2532 } 2533 return gen_host(v, mask, proto, dir); 2534 } 2535 2536 case Q_PORT: 2537 if (proto == Q_UDP) 2538 proto = IPPROTO_UDP; 2539 else if (proto == Q_TCP) 2540 proto = IPPROTO_TCP; 2541 else if (proto == Q_DEFAULT) 2542 proto = PROTO_UNDEF; 2543 else 2544 bpf_error("illegal qualifier of 'port'"); 2545 2546 #ifndef INET6 2547 return gen_port((int)v, proto, dir); 2548 #else 2549 { 2550 struct block *b; 2551 b = gen_port((int)v, proto, dir); 2552 gen_or(gen_port6((int)v, proto, dir), b); 2553 return b; 2554 } 2555 #endif /* INET6 */ 2556 2557 case Q_GATEWAY: 2558 bpf_error("'gateway' requires a name"); 2559 /* NOTREACHED */ 2560 2561 case Q_PROTO: 2562 return gen_proto((int)v, proto, dir); 2563 2564 case Q_PROTOCHAIN: 2565 return gen_protochain((int)v, proto, dir); 2566 2567 case Q_UNDEF: 2568 syntax(); 2569 /* NOTREACHED */ 2570 2571 default: 2572 abort(); 2573 /* NOTREACHED */ 2574 } 2575 /* NOTREACHED */ 2576 } 2577 2578 #ifdef INET6 2579 struct block * 2580 gen_mcode6(s1, s2, masklen, q) 2581 register const char *s1, *s2; 2582 register int masklen; 2583 struct qual q; 2584 { 2585 struct addrinfo *res; 2586 struct in6_addr *addr; 2587 struct in6_addr mask; 2588 struct block *b; 2589 u_int32_t *a, *m; 2590 2591 if (s2) 2592 bpf_error("no mask %s supported", s2); 2593 2594 res = pcap_nametoaddrinfo(s1); 2595 if (!res) 2596 bpf_error("invalid ip6 address %s", s1); 2597 if (res->ai_next) 2598 bpf_error("%s resolved to multiple address", s1); 2599 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2600 2601 if (sizeof(mask) * 8 < masklen) 2602 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2603 memset(&mask, 0, sizeof(mask)); 2604 memset(&mask, 0xff, masklen / 8); 2605 if (masklen % 8) { 2606 mask.s6_addr[masklen / 8] = 2607 (0xff << (8 - masklen % 8)) & 0xff; 2608 } 2609 2610 a = (u_int32_t *)addr; 2611 m = (u_int32_t *)&mask; 2612 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2613 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2614 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2615 } 2616 2617 switch (q.addr) { 2618 2619 case Q_DEFAULT: 2620 case Q_HOST: 2621 if (masklen != 128) 2622 bpf_error("Mask syntax for networks only"); 2623 /* FALLTHROUGH */ 2624 2625 case Q_NET: 2626 b = gen_host6(addr, &mask, q.proto, q.dir); 2627 freeaddrinfo(res); 2628 return b; 2629 2630 default: 2631 bpf_error("invalid qualifier against IPv6 address"); 2632 /* NOTREACHED */ 2633 } 2634 } 2635 #endif /*INET6*/ 2636 2637 struct block * 2638 gen_ecode(eaddr, q) 2639 register const u_char *eaddr; 2640 struct qual q; 2641 { 2642 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2643 if (linktype == DLT_EN10MB) 2644 return gen_ehostop(eaddr, (int)q.dir); 2645 if (linktype == DLT_FDDI) 2646 return gen_fhostop(eaddr, (int)q.dir); 2647 if (linktype == DLT_IEEE802_11 || 2648 linktype == DLT_IEEE802_11_RADIO) 2649 return gen_p80211_hostop(eaddr, (int)q.dir); 2650 } 2651 bpf_error("ethernet address used in non-ether expression"); 2652 /* NOTREACHED */ 2653 } 2654 2655 void 2656 sappend(s0, s1) 2657 struct slist *s0, *s1; 2658 { 2659 /* 2660 * This is definitely not the best way to do this, but the 2661 * lists will rarely get long. 2662 */ 2663 while (s0->next) 2664 s0 = s0->next; 2665 s0->next = s1; 2666 } 2667 2668 static struct slist * 2669 xfer_to_x(a) 2670 struct arth *a; 2671 { 2672 struct slist *s; 2673 2674 s = new_stmt(BPF_LDX|BPF_MEM); 2675 s->s.k = a->regno; 2676 return s; 2677 } 2678 2679 static struct slist * 2680 xfer_to_a(a) 2681 struct arth *a; 2682 { 2683 struct slist *s; 2684 2685 s = new_stmt(BPF_LD|BPF_MEM); 2686 s->s.k = a->regno; 2687 return s; 2688 } 2689 2690 struct arth * 2691 gen_load(proto, index, size) 2692 int proto; 2693 struct arth *index; 2694 int size; 2695 { 2696 struct slist *s, *tmp; 2697 struct block *b; 2698 int regno = alloc_reg(); 2699 2700 free_reg(index->regno); 2701 switch (size) { 2702 2703 default: 2704 bpf_error("data size must be 1, 2, or 4"); 2705 2706 case 1: 2707 size = BPF_B; 2708 break; 2709 2710 case 2: 2711 size = BPF_H; 2712 break; 2713 2714 case 4: 2715 size = BPF_W; 2716 break; 2717 } 2718 switch (proto) { 2719 default: 2720 bpf_error("unsupported index operation"); 2721 2722 case Q_LINK: 2723 s = xfer_to_x(index); 2724 tmp = new_stmt(BPF_LD|BPF_IND|size); 2725 sappend(s, tmp); 2726 sappend(index->s, s); 2727 break; 2728 2729 case Q_IP: 2730 case Q_ARP: 2731 case Q_RARP: 2732 case Q_ATALK: 2733 case Q_DECNET: 2734 case Q_SCA: 2735 case Q_LAT: 2736 case Q_MOPRC: 2737 case Q_MOPDL: 2738 #ifdef INET6 2739 case Q_IPV6: 2740 #endif 2741 /* XXX Note that we assume a fixed link header here. */ 2742 if (variable_nl) { 2743 s = nl2X_stmt(); 2744 sappend(s, xfer_to_a(index)); 2745 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2746 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2747 } else { 2748 s = xfer_to_x(index); 2749 } 2750 tmp = new_stmt(BPF_LD|BPF_IND|size); 2751 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2752 sappend(s, tmp); 2753 sappend(index->s, s); 2754 2755 b = gen_proto_abbrev(proto); 2756 if (index->b) 2757 gen_and(index->b, b); 2758 index->b = b; 2759 break; 2760 2761 case Q_TCP: 2762 case Q_UDP: 2763 case Q_ICMP: 2764 case Q_IGMP: 2765 case Q_IGRP: 2766 case Q_PIM: 2767 s = iphl_to_x(); 2768 sappend(s, xfer_to_a(index)); 2769 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2770 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2771 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2772 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2773 sappend(index->s, s); 2774 2775 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2776 if (index->b) 2777 gen_and(index->b, b); 2778 #ifdef INET6 2779 gen_and(gen_proto_abbrev(Q_IP), b); 2780 #endif 2781 index->b = b; 2782 break; 2783 #ifdef INET6 2784 case Q_ICMPV6: 2785 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2786 /*NOTREACHED*/ 2787 #endif 2788 } 2789 index->regno = regno; 2790 s = new_stmt(BPF_ST); 2791 s->s.k = regno; 2792 sappend(index->s, s); 2793 2794 return index; 2795 } 2796 2797 struct block * 2798 gen_relation(code, a0, a1, reversed) 2799 int code; 2800 struct arth *a0, *a1; 2801 int reversed; 2802 { 2803 struct slist *s0, *s1, *s2; 2804 struct block *b, *tmp; 2805 2806 s0 = xfer_to_x(a1); 2807 s1 = xfer_to_a(a0); 2808 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2809 b = new_block(JMP(code)); 2810 if (code == BPF_JGT || code == BPF_JGE) { 2811 reversed = !reversed; 2812 b->s.k = 0x80000000; 2813 } 2814 if (reversed) 2815 gen_not(b); 2816 2817 sappend(s1, s2); 2818 sappend(s0, s1); 2819 sappend(a1->s, s0); 2820 sappend(a0->s, a1->s); 2821 2822 b->stmts = a0->s; 2823 2824 free_reg(a0->regno); 2825 free_reg(a1->regno); 2826 2827 /* 'and' together protocol checks */ 2828 if (a0->b) { 2829 if (a1->b) { 2830 gen_and(a0->b, tmp = a1->b); 2831 } 2832 else 2833 tmp = a0->b; 2834 } else 2835 tmp = a1->b; 2836 2837 if (tmp) 2838 gen_and(tmp, b); 2839 2840 return b; 2841 } 2842 2843 struct arth * 2844 gen_loadlen() 2845 { 2846 int regno = alloc_reg(); 2847 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2848 struct slist *s; 2849 2850 s = new_stmt(BPF_LD|BPF_LEN); 2851 s->next = new_stmt(BPF_ST); 2852 s->next->s.k = regno; 2853 a->s = s; 2854 a->regno = regno; 2855 2856 return a; 2857 } 2858 2859 struct arth * 2860 gen_loadi(val) 2861 int val; 2862 { 2863 struct arth *a; 2864 struct slist *s; 2865 int reg; 2866 2867 a = (struct arth *)newchunk(sizeof(*a)); 2868 2869 reg = alloc_reg(); 2870 2871 s = new_stmt(BPF_LD|BPF_IMM); 2872 s->s.k = val; 2873 s->next = new_stmt(BPF_ST); 2874 s->next->s.k = reg; 2875 a->s = s; 2876 a->regno = reg; 2877 2878 return a; 2879 } 2880 2881 struct arth * 2882 gen_neg(a) 2883 struct arth *a; 2884 { 2885 struct slist *s; 2886 2887 s = xfer_to_a(a); 2888 sappend(a->s, s); 2889 s = new_stmt(BPF_ALU|BPF_NEG); 2890 s->s.k = 0; 2891 sappend(a->s, s); 2892 s = new_stmt(BPF_ST); 2893 s->s.k = a->regno; 2894 sappend(a->s, s); 2895 2896 return a; 2897 } 2898 2899 struct arth * 2900 gen_arth(code, a0, a1) 2901 int code; 2902 struct arth *a0, *a1; 2903 { 2904 struct slist *s0, *s1, *s2; 2905 2906 s0 = xfer_to_x(a1); 2907 s1 = xfer_to_a(a0); 2908 s2 = new_stmt(BPF_ALU|BPF_X|code); 2909 2910 sappend(s1, s2); 2911 sappend(s0, s1); 2912 sappend(a1->s, s0); 2913 sappend(a0->s, a1->s); 2914 2915 free_reg(a1->regno); 2916 2917 s0 = new_stmt(BPF_ST); 2918 a0->regno = s0->s.k = alloc_reg(); 2919 sappend(a0->s, s0); 2920 2921 return a0; 2922 } 2923 2924 /* 2925 * Here we handle simple allocation of the scratch registers. 2926 * If too many registers are alloc'd, the allocator punts. 2927 */ 2928 static int regused[BPF_MEMWORDS]; 2929 static int curreg; 2930 2931 /* 2932 * Return the next free register. 2933 */ 2934 static int 2935 alloc_reg() 2936 { 2937 int n = BPF_MEMWORDS; 2938 2939 while (--n >= 0) { 2940 if (regused[curreg]) 2941 curreg = (curreg + 1) % BPF_MEMWORDS; 2942 else { 2943 regused[curreg] = 1; 2944 return curreg; 2945 } 2946 } 2947 bpf_error("too many registers needed to evaluate expression"); 2948 /* NOTREACHED */ 2949 } 2950 2951 /* 2952 * Return a register to the table so it can 2953 * be used later. 2954 */ 2955 static void 2956 free_reg(n) 2957 int n; 2958 { 2959 regused[n] = 0; 2960 } 2961 2962 static struct block * 2963 gen_len(jmp, n) 2964 int jmp, n; 2965 { 2966 struct slist *s; 2967 struct block *b; 2968 2969 s = new_stmt(BPF_LD|BPF_LEN); 2970 b = new_block(JMP(jmp)); 2971 b->stmts = s; 2972 b->s.k = n; 2973 2974 return b; 2975 } 2976 2977 struct block * 2978 gen_greater(n) 2979 int n; 2980 { 2981 return gen_len(BPF_JGE, n); 2982 } 2983 2984 struct block * 2985 gen_less(n) 2986 int n; 2987 { 2988 struct block *b; 2989 2990 b = gen_len(BPF_JGT, n); 2991 gen_not(b); 2992 2993 return b; 2994 } 2995 2996 struct block * 2997 gen_byteop(op, idx, val) 2998 int op, idx, val; 2999 { 3000 struct block *b; 3001 struct slist *s; 3002 3003 switch (op) { 3004 default: 3005 abort(); 3006 3007 case '=': 3008 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3009 3010 case '<': 3011 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3012 b->s.code = JMP(BPF_JGE); 3013 gen_not(b); 3014 return b; 3015 3016 case '>': 3017 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3018 b->s.code = JMP(BPF_JGT); 3019 return b; 3020 3021 case '|': 3022 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3023 break; 3024 3025 case '&': 3026 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3027 break; 3028 } 3029 s->s.k = val; 3030 b = new_block(JMP(BPF_JEQ)); 3031 b->stmts = s; 3032 gen_not(b); 3033 3034 return b; 3035 } 3036 3037 struct block * 3038 gen_broadcast(proto) 3039 int proto; 3040 { 3041 bpf_u_int32 hostmask; 3042 struct block *b0, *b1, *b2; 3043 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3044 3045 switch (proto) { 3046 3047 case Q_DEFAULT: 3048 case Q_LINK: 3049 if (linktype == DLT_EN10MB) 3050 return gen_ehostop(ebroadcast, Q_DST); 3051 if (linktype == DLT_FDDI) 3052 return gen_fhostop(ebroadcast, Q_DST); 3053 if (linktype == DLT_IEEE802_11 || 3054 linktype == DLT_IEEE802_11_RADIO) 3055 return gen_p80211_hostop(ebroadcast, Q_DST); 3056 bpf_error("not a broadcast link"); 3057 break; 3058 3059 case Q_IP: 3060 b0 = gen_linktype(ETHERTYPE_IP); 3061 hostmask = ~netmask; 3062 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3063 b2 = gen_mcmp_nl(16, BPF_W, 3064 (bpf_int32)(~0 & hostmask), hostmask); 3065 gen_or(b1, b2); 3066 gen_and(b0, b2); 3067 return b2; 3068 } 3069 bpf_error("only ether/ip broadcast filters supported"); 3070 } 3071 3072 struct block * 3073 gen_multicast(proto) 3074 int proto; 3075 { 3076 register struct block *b0, *b1; 3077 register struct slist *s; 3078 3079 switch (proto) { 3080 3081 case Q_DEFAULT: 3082 case Q_LINK: 3083 if (linktype == DLT_EN10MB) { 3084 /* ether[0] & 1 != 0 */ 3085 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3086 s->s.k = 0; 3087 b0 = new_block(JMP(BPF_JSET)); 3088 b0->s.k = 1; 3089 b0->stmts = s; 3090 return b0; 3091 } 3092 3093 if (linktype == DLT_FDDI) { 3094 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3095 /* fddi[1] & 1 != 0 */ 3096 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3097 s->s.k = 1; 3098 b0 = new_block(JMP(BPF_JSET)); 3099 b0->s.k = 1; 3100 b0->stmts = s; 3101 return b0; 3102 } 3103 /* Link not known to support multicasts */ 3104 break; 3105 3106 case Q_IP: 3107 b0 = gen_linktype(ETHERTYPE_IP); 3108 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3109 b1->s.code = JMP(BPF_JGE); 3110 gen_and(b0, b1); 3111 return b1; 3112 3113 #ifdef INET6 3114 case Q_IPV6: 3115 b0 = gen_linktype(ETHERTYPE_IPV6); 3116 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3117 gen_and(b0, b1); 3118 return b1; 3119 #endif /* INET6 */ 3120 } 3121 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3122 } 3123 3124 /* 3125 * generate command for inbound/outbound. It's here so we can 3126 * make it link-type specific. 'dir' = 0 implies "inbound", 3127 * = 1 implies "outbound". 3128 */ 3129 struct block * 3130 gen_inbound(dir) 3131 int dir; 3132 { 3133 register struct block *b0; 3134 3135 /* 3136 * Only SLIP and old-style PPP data link types support 3137 * inbound/outbound qualifiers. 3138 */ 3139 switch (linktype) { 3140 case DLT_SLIP: 3141 case DLT_PPP: 3142 b0 = gen_relation(BPF_JEQ, 3143 gen_load(Q_LINK, gen_loadi(0), 1), 3144 gen_loadi(0), 3145 dir); 3146 break; 3147 3148 case DLT_PFLOG: 3149 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3150 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3151 break; 3152 3153 default: 3154 bpf_error("inbound/outbound not supported on linktype 0x%x", 3155 linktype); 3156 /* NOTREACHED */ 3157 } 3158 3159 return (b0); 3160 } 3161 3162 3163 /* PF firewall log matched interface */ 3164 struct block * 3165 gen_pf_ifname(char *ifname) 3166 { 3167 struct block *b0; 3168 u_int len, off; 3169 3170 if (linktype == DLT_PFLOG) { 3171 len = sizeof(((struct pfloghdr *)0)->ifname); 3172 off = offsetof(struct pfloghdr, ifname); 3173 } else { 3174 bpf_error("ifname not supported on linktype 0x%x", linktype); 3175 /* NOTREACHED */ 3176 } 3177 if (strlen(ifname) >= len) { 3178 bpf_error("ifname interface names can only be %d characters", 3179 len - 1); 3180 /* NOTREACHED */ 3181 } 3182 b0 = gen_bcmp(off, strlen(ifname), ifname); 3183 return (b0); 3184 } 3185 3186 3187 /* PF firewall log ruleset name */ 3188 struct block * 3189 gen_pf_ruleset(char *ruleset) 3190 { 3191 struct block *b0; 3192 3193 if (linktype != DLT_PFLOG) { 3194 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3195 /* NOTREACHED */ 3196 } 3197 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3198 bpf_error("ruleset names can only be %zu characters", 3199 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3200 /* NOTREACHED */ 3201 } 3202 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3203 strlen(ruleset), ruleset); 3204 return (b0); 3205 } 3206 3207 3208 /* PF firewall log rule number */ 3209 struct block * 3210 gen_pf_rnr(int rnr) 3211 { 3212 struct block *b0; 3213 3214 if (linktype == DLT_PFLOG) { 3215 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3216 (bpf_int32)rnr); 3217 } else { 3218 bpf_error("rnr not supported on linktype 0x%x", linktype); 3219 /* NOTREACHED */ 3220 } 3221 3222 return (b0); 3223 } 3224 3225 3226 /* PF firewall log sub-rule number */ 3227 struct block * 3228 gen_pf_srnr(int srnr) 3229 { 3230 struct block *b0; 3231 3232 if (linktype != DLT_PFLOG) { 3233 bpf_error("srnr not supported on linktype 0x%x", linktype); 3234 /* NOTREACHED */ 3235 } 3236 3237 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3238 (bpf_int32)srnr); 3239 return (b0); 3240 } 3241 3242 /* PF firewall log reason code */ 3243 struct block * 3244 gen_pf_reason(int reason) 3245 { 3246 struct block *b0; 3247 3248 if (linktype == DLT_PFLOG) { 3249 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3250 (bpf_int32)reason); 3251 } else { 3252 bpf_error("reason not supported on linktype 0x%x", linktype); 3253 /* NOTREACHED */ 3254 } 3255 3256 return (b0); 3257 } 3258 3259 /* PF firewall log action */ 3260 struct block * 3261 gen_pf_action(int action) 3262 { 3263 struct block *b0; 3264 3265 if (linktype == DLT_PFLOG) { 3266 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3267 (bpf_int32)action); 3268 } else { 3269 bpf_error("action not supported on linktype 0x%x", linktype); 3270 /* NOTREACHED */ 3271 } 3272 3273 return (b0); 3274 } 3275 3276 /* IEEE 802.11 wireless header */ 3277 struct block * 3278 gen_p80211_type(int type, int mask) 3279 { 3280 struct block *b0; 3281 u_int offset; 3282 3283 if (!(linktype == DLT_IEEE802_11 || 3284 linktype == DLT_IEEE802_11_RADIO)) { 3285 bpf_error("type not supported on linktype 0x%x", 3286 linktype); 3287 /* NOTREACHED */ 3288 } 3289 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3290 if (linktype == DLT_IEEE802_11_RADIO) 3291 offset += IEEE80211_RADIOTAP_HDRLEN; 3292 3293 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3294 3295 return (b0); 3296 } 3297 3298 static struct block * 3299 gen_ahostop(eaddr, dir) 3300 register const u_char *eaddr; 3301 register int dir; 3302 { 3303 register struct block *b0, *b1; 3304 3305 switch (dir) { 3306 /* src comes first, different from Ethernet */ 3307 case Q_SRC: 3308 return gen_bcmp(0, 1, eaddr); 3309 3310 case Q_DST: 3311 return gen_bcmp(1, 1, eaddr); 3312 3313 case Q_AND: 3314 b0 = gen_ahostop(eaddr, Q_SRC); 3315 b1 = gen_ahostop(eaddr, Q_DST); 3316 gen_and(b0, b1); 3317 return b1; 3318 3319 case Q_DEFAULT: 3320 case Q_OR: 3321 b0 = gen_ahostop(eaddr, Q_SRC); 3322 b1 = gen_ahostop(eaddr, Q_DST); 3323 gen_or(b0, b1); 3324 return b1; 3325 } 3326 abort(); 3327 /* NOTREACHED */ 3328 } 3329 3330 struct block * 3331 gen_acode(eaddr, q) 3332 register const u_char *eaddr; 3333 struct qual q; 3334 { 3335 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3336 if (linktype == DLT_ARCNET) 3337 return gen_ahostop(eaddr, (int)q.dir); 3338 } 3339 bpf_error("ARCnet address used in non-arc expression"); 3340 /* NOTREACHED */ 3341 } 3342 3343 /* 3344 * support IEEE 802.1Q VLAN trunk over ethernet 3345 */ 3346 struct block * 3347 gen_vlan(vlan_num) 3348 int vlan_num; 3349 { 3350 struct block *b0; 3351 3352 if (variable_nl) { 3353 bpf_error("'vlan' not supported for variable DLTs"); 3354 /*NOTREACHED*/ 3355 } 3356 3357 /* 3358 * Change the offsets to point to the type and data fields within 3359 * the VLAN packet. This is somewhat of a kludge. 3360 */ 3361 if (orig_nl == (u_int)-1) { 3362 orig_linktype = off_linktype; /* save original values */ 3363 orig_nl = off_nl; 3364 orig_nl_nosnap = off_nl_nosnap; 3365 3366 switch (linktype) { 3367 3368 case DLT_EN10MB: 3369 off_linktype = 16; 3370 off_nl_nosnap = 18; 3371 off_nl = 18; 3372 break; 3373 3374 default: 3375 bpf_error("no VLAN support for data link type %d", 3376 linktype); 3377 /*NOTREACHED*/ 3378 } 3379 } 3380 3381 /* check for VLAN */ 3382 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3383 3384 /* If a specific VLAN is requested, check VLAN id */ 3385 if (vlan_num >= 0) { 3386 struct block *b1; 3387 3388 b1 = gen_cmp(orig_nl, BPF_H, (bpf_int32)vlan_num); 3389 gen_and(b0, b1); 3390 b0 = b1; 3391 } 3392 3393 return (b0); 3394 } 3395 3396 struct block * 3397 gen_p80211_fcdir(int fcdir) 3398 { 3399 struct block *b0; 3400 u_int offset; 3401 3402 if (!(linktype == DLT_IEEE802_11 || 3403 linktype == DLT_IEEE802_11_RADIO)) { 3404 bpf_error("frame direction not supported on linktype 0x%x", 3405 linktype); 3406 /* NOTREACHED */ 3407 } 3408 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3409 if (linktype == DLT_IEEE802_11_RADIO) 3410 offset += IEEE80211_RADIOTAP_HDRLEN; 3411 3412 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3413 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3414 3415 return (b0); 3416 } 3417 3418 static struct block * 3419 gen_p80211_hostop(const u_char *lladdr, int dir) 3420 { 3421 struct block *b0, *b1, *b2, *b3, *b4; 3422 u_int offset = 0; 3423 3424 if (linktype == DLT_IEEE802_11_RADIO) 3425 offset = IEEE80211_RADIOTAP_HDRLEN; 3426 3427 switch (dir) { 3428 case Q_SRC: 3429 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3430 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3431 lladdr); 3432 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3433 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3434 lladdr); 3435 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3436 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3437 lladdr); 3438 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3439 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3440 lladdr); 3441 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3442 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3443 lladdr); 3444 3445 gen_or(b0, b1); 3446 gen_or(b1, b2); 3447 gen_or(b2, b3); 3448 gen_or(b3, b4); 3449 return (b4); 3450 3451 case Q_DST: 3452 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3453 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3454 lladdr); 3455 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3456 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3457 lladdr); 3458 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3459 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3460 lladdr); 3461 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3462 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3463 lladdr); 3464 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3465 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3466 lladdr); 3467 3468 gen_or(b0, b1); 3469 gen_or(b1, b2); 3470 gen_or(b2, b3); 3471 gen_or(b3, b4); 3472 return (b4); 3473 3474 case Q_ADDR1: 3475 return (gen_bcmp(offset + 3476 (u_int)offsetof(struct ieee80211_frame, 3477 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3478 3479 case Q_ADDR2: 3480 return (gen_bcmp(offset + 3481 (u_int)offsetof(struct ieee80211_frame, 3482 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3483 3484 case Q_ADDR3: 3485 return (gen_bcmp(offset + 3486 (u_int)offsetof(struct ieee80211_frame, 3487 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3488 3489 case Q_ADDR4: 3490 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3491 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3492 lladdr)); 3493 3494 case Q_AND: 3495 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3496 b1 = gen_p80211_hostop(lladdr, Q_DST); 3497 gen_and(b0, b1); 3498 return (b1); 3499 3500 case Q_DEFAULT: 3501 case Q_OR: 3502 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3503 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3504 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3505 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3506 gen_or(b0, b1); 3507 gen_or(b1, b2); 3508 gen_or(b2, b3); 3509 return (b3); 3510 3511 default: 3512 bpf_error("direction not supported on linktype 0x%x", 3513 linktype); 3514 } 3515 /* NOTREACHED */ 3516 } 3517 3518 static struct block * 3519 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3520 { 3521 struct block *b0, *b1; 3522 3523 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3524 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3525 gen_and(b0, b1); 3526 3527 return (b1); 3528 } 3529