xref: /dragonfly/contrib/libpcap/gencode.c (revision c090269b) 
1 /*#define CHASE_CHAIN*/
2 /*
3  * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998
4  *	The Regents of the University of California.  All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that: (1) source code distributions
8  * retain the above copyright notice and this paragraph in its entirety, (2)
9  * distributions including binary code include the above copyright notice and
10  * this paragraph in its entirety in the documentation or other materials
11  * provided with the distribution, and (3) all advertising materials mentioning
12  * features or use of this software display the following acknowledgement:
13  * ``This product includes software developed by the University of California,
14  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15  * the University nor the names of its contributors may be used to endorse
16  * or promote products derived from this software without specific prior
17  * written permission.
18  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21  */
22 
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26 
27 #include <pcap-types.h>
28 #ifdef _WIN32
29   #include <ws2tcpip.h>
30 #else
31   #include <sys/socket.h>
32 
33   #ifdef __NetBSD__
34     #include <sys/param.h>
35   #endif
36 
37   #include <netinet/in.h>
38   #include <arpa/inet.h>
39 #endif /* _WIN32 */
40 
41 #include <stdlib.h>
42 #include <string.h>
43 #include <memory.h>
44 #include <setjmp.h>
45 #include <stdarg.h>
46 
47 #ifdef MSDOS
48 #include "pcap-dos.h"
49 #endif
50 
51 /*
52  * TODO(tuxillo): Upstream this change to libpcap since our pfvar.h headers
53  * are in a different path.
54  *
55  */
56 #ifdef HAVE_NET_PF_PFVAR_H
57 /*
58  * In NetBSD <net/if.h> includes <net/dlt.h>, which is an older version of
59  * "pcap/dlt.h" with a lower value of DLT_MATCHING_MAX. Include the headers
60  * below before "pcap-int.h", which eventually includes "pcap/dlt.h", which
61  * redefines DLT_MATCHING_MAX from what this version of NetBSD has to what
62  * this version of libpcap has.
63  */
64 #include <sys/socket.h>
65 #include <net/if.h>
66 #include <net/pf/pfvar.h>
67 #include <net/pf/if_pflog.h>
68 #endif /* HAVE_NET_PF_PFVAR_H */
69 
70 #include "pcap-int.h"
71 
72 #include "extract.h"
73 
74 #include "ethertype.h"
75 #include "nlpid.h"
76 #include "llc.h"
77 #include "gencode.h"
78 #include "ieee80211.h"
79 #include "atmuni31.h"
80 #include "sunatmpos.h"
81 #include "ppp.h"
82 #include "pcap/sll.h"
83 #include "pcap/ipnet.h"
84 #include "arcnet.h"
85 
86 #include "grammar.h"
87 #include "scanner.h"
88 
89 #if defined(linux)
90 #include <linux/types.h>
91 #include <linux/if_packet.h>
92 #include <linux/filter.h>
93 #endif
94 
95 #ifndef offsetof
96 #define offsetof(s, e) ((size_t)&((s *)0)->e)
97 #endif
98 
99 #ifdef _WIN32
100   #ifdef INET6
101     #if defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF)
102 /* IPv6 address */
103 struct in6_addr
104   {
105     union
106       {
107 	uint8_t		u6_addr8[16];
108 	uint16_t	u6_addr16[8];
109 	uint32_t	u6_addr32[4];
110       } in6_u;
111 #define s6_addr			in6_u.u6_addr8
112 #define s6_addr16		in6_u.u6_addr16
113 #define s6_addr32		in6_u.u6_addr32
114 #define s6_addr64		in6_u.u6_addr64
115   };
116 
117 typedef unsigned short	sa_family_t;
118 
119 #define	__SOCKADDR_COMMON(sa_prefix) \
120   sa_family_t sa_prefix##family
121 
122 /* Ditto, for IPv6.  */
123 struct sockaddr_in6
124   {
125     __SOCKADDR_COMMON (sin6_);
126     uint16_t sin6_port;		/* Transport layer port # */
127     uint32_t sin6_flowinfo;	/* IPv6 flow information */
128     struct in6_addr sin6_addr;	/* IPv6 address */
129   };
130 
131       #ifndef EAI_ADDRFAMILY
132 struct addrinfo {
133 	int	ai_flags;	/* AI_PASSIVE, AI_CANONNAME */
134 	int	ai_family;	/* PF_xxx */
135 	int	ai_socktype;	/* SOCK_xxx */
136 	int	ai_protocol;	/* 0 or IPPROTO_xxx for IPv4 and IPv6 */
137 	size_t	ai_addrlen;	/* length of ai_addr */
138 	char	*ai_canonname;	/* canonical name for hostname */
139 	struct sockaddr *ai_addr;	/* binary address */
140 	struct addrinfo *ai_next;	/* next structure in linked list */
141 };
142       #endif /* EAI_ADDRFAMILY */
143     #endif /* defined(__MINGW32__) && defined(DEFINE_ADDITIONAL_IPV6_STUFF) */
144   #endif /* INET6 */
145 #else /* _WIN32 */
146   #include <netdb.h>	/* for "struct addrinfo" */
147 #endif /* _WIN32 */
148 #include <pcap/namedb.h>
149 
150 #include "nametoaddr.h"
151 
152 #define ETHERMTU	1500
153 
154 #ifndef IPPROTO_HOPOPTS
155 #define IPPROTO_HOPOPTS 0
156 #endif
157 #ifndef IPPROTO_ROUTING
158 #define IPPROTO_ROUTING 43
159 #endif
160 #ifndef IPPROTO_FRAGMENT
161 #define IPPROTO_FRAGMENT 44
162 #endif
163 #ifndef IPPROTO_DSTOPTS
164 #define IPPROTO_DSTOPTS 60
165 #endif
166 #ifndef IPPROTO_SCTP
167 #define IPPROTO_SCTP 132
168 #endif
169 
170 #define GENEVE_PORT 6081
171 
172 #ifdef HAVE_OS_PROTO_H
173 #include "os-proto.h"
174 #endif
175 
176 #define JMP(c) ((c)|BPF_JMP|BPF_K)
177 
178 /*
179  * "Push" the current value of the link-layer header type and link-layer
180  * header offset onto a "stack", and set a new value.  (It's not a
181  * full-blown stack; we keep only the top two items.)
182  */
183 #define PUSH_LINKHDR(cs, new_linktype, new_is_variable, new_constant_part, new_reg) \
184 { \
185 	(cs)->prevlinktype = (cs)->linktype; \
186 	(cs)->off_prevlinkhdr = (cs)->off_linkhdr; \
187 	(cs)->linktype = (new_linktype); \
188 	(cs)->off_linkhdr.is_variable = (new_is_variable); \
189 	(cs)->off_linkhdr.constant_part = (new_constant_part); \
190 	(cs)->off_linkhdr.reg = (new_reg); \
191 	(cs)->is_geneve = 0; \
192 }
193 
194 /*
195  * Offset "not set" value.
196  */
197 #define OFFSET_NOT_SET	0xffffffffU
198 
199 /*
200  * Absolute offsets, which are offsets from the beginning of the raw
201  * packet data, are, in the general case, the sum of a variable value
202  * and a constant value; the variable value may be absent, in which
203  * case the offset is only the constant value, and the constant value
204  * may be zero, in which case the offset is only the variable value.
205  *
206  * bpf_abs_offset is a structure containing all that information:
207  *
208  *   is_variable is 1 if there's a variable part.
209  *
210  *   constant_part is the constant part of the value, possibly zero;
211  *
212  *   if is_variable is 1, reg is the register number for a register
213  *   containing the variable value if the register has been assigned,
214  *   and -1 otherwise.
215  */
216 typedef struct {
217 	int	is_variable;
218 	u_int	constant_part;
219 	int	reg;
220 } bpf_abs_offset;
221 
222 /*
223  * Value passed to gen_load_a() to indicate what the offset argument
224  * is relative to the beginning of.
225  */
226 enum e_offrel {
227 	OR_PACKET,		/* full packet data */
228 	OR_LINKHDR,		/* link-layer header */
229 	OR_PREVLINKHDR,		/* previous link-layer header */
230 	OR_LLC,			/* 802.2 LLC header */
231 	OR_PREVMPLSHDR,		/* previous MPLS header */
232 	OR_LINKTYPE,		/* link-layer type */
233 	OR_LINKPL,		/* link-layer payload */
234 	OR_LINKPL_NOSNAP,	/* link-layer payload, with no SNAP header at the link layer */
235 	OR_TRAN_IPV4,		/* transport-layer header, with IPv4 network layer */
236 	OR_TRAN_IPV6		/* transport-layer header, with IPv6 network layer */
237 };
238 
239 /*
240  * We divy out chunks of memory rather than call malloc each time so
241  * we don't have to worry about leaking memory.  It's probably
242  * not a big deal if all this memory was wasted but if this ever
243  * goes into a library that would probably not be a good idea.
244  *
245  * XXX - this *is* in a library....
246  */
247 #define NCHUNKS 16
248 #define CHUNK0SIZE 1024
249 struct chunk {
250 	size_t n_left;
251 	void *m;
252 };
253 
254 /* Code generator state */
255 
256 struct _compiler_state {
257 	jmp_buf top_ctx;
258 	pcap_t *bpf_pcap;
259 	int error_set;
260 
261 	struct icode ic;
262 
263 	int snaplen;
264 
265 	int linktype;
266 	int prevlinktype;
267 	int outermostlinktype;
268 
269 	bpf_u_int32 netmask;
270 	int no_optimize;
271 
272 	/* Hack for handling VLAN and MPLS stacks. */
273 	u_int label_stack_depth;
274 	u_int vlan_stack_depth;
275 
276 	/* XXX */
277 	u_int pcap_fddipad;
278 
279 	/*
280 	 * As errors are handled by a longjmp, anything allocated must
281 	 * be freed in the longjmp handler, so it must be reachable
282 	 * from that handler.
283 	 *
284 	 * One thing that's allocated is the result of pcap_nametoaddrinfo();
285 	 * it must be freed with freeaddrinfo().  This variable points to
286 	 * any addrinfo structure that would need to be freed.
287 	 */
288 	struct addrinfo *ai;
289 
290 	/*
291 	 * Another thing that's allocated is the result of pcap_ether_aton();
292 	 * it must be freed with free().  This variable points to any
293 	 * address that would need to be freed.
294 	 */
295 	u_char *e;
296 
297 	/*
298 	 * Various code constructs need to know the layout of the packet.
299 	 * These values give the necessary offsets from the beginning
300 	 * of the packet data.
301 	 */
302 
303 	/*
304 	 * Absolute offset of the beginning of the link-layer header.
305 	 */
306 	bpf_abs_offset off_linkhdr;
307 
308 	/*
309 	 * If we're checking a link-layer header for a packet encapsulated
310 	 * in another protocol layer, this is the equivalent information
311 	 * for the previous layers' link-layer header from the beginning
312 	 * of the raw packet data.
313 	 */
314 	bpf_abs_offset off_prevlinkhdr;
315 
316 	/*
317 	 * This is the equivalent information for the outermost layers'
318 	 * link-layer header.
319 	 */
320 	bpf_abs_offset off_outermostlinkhdr;
321 
322 	/*
323 	 * Absolute offset of the beginning of the link-layer payload.
324 	 */
325 	bpf_abs_offset off_linkpl;
326 
327 	/*
328 	 * "off_linktype" is the offset to information in the link-layer
329 	 * header giving the packet type. This is an absolute offset
330 	 * from the beginning of the packet.
331 	 *
332 	 * For Ethernet, it's the offset of the Ethernet type field; this
333 	 * means that it must have a value that skips VLAN tags.
334 	 *
335 	 * For link-layer types that always use 802.2 headers, it's the
336 	 * offset of the LLC header; this means that it must have a value
337 	 * that skips VLAN tags.
338 	 *
339 	 * For PPP, it's the offset of the PPP type field.
340 	 *
341 	 * For Cisco HDLC, it's the offset of the CHDLC type field.
342 	 *
343 	 * For BSD loopback, it's the offset of the AF_ value.
344 	 *
345 	 * For Linux cooked sockets, it's the offset of the type field.
346 	 *
347 	 * off_linktype.constant_part is set to OFFSET_NOT_SET for no
348 	 * encapsulation, in which case, IP is assumed.
349 	 */
350 	bpf_abs_offset off_linktype;
351 
352 	/*
353 	 * TRUE if the link layer includes an ATM pseudo-header.
354 	 */
355 	int is_atm;
356 
357 	/*
358 	 * TRUE if "geneve" appeared in the filter; it causes us to
359 	 * generate code that checks for a Geneve header and assume
360 	 * that later filters apply to the encapsulated payload.
361 	 */
362 	int is_geneve;
363 
364 	/*
365 	 * TRUE if we need variable length part of VLAN offset
366 	 */
367 	int is_vlan_vloffset;
368 
369 	/*
370 	 * These are offsets for the ATM pseudo-header.
371 	 */
372 	u_int off_vpi;
373 	u_int off_vci;
374 	u_int off_proto;
375 
376 	/*
377 	 * These are offsets for the MTP2 fields.
378 	 */
379 	u_int off_li;
380 	u_int off_li_hsl;
381 
382 	/*
383 	 * These are offsets for the MTP3 fields.
384 	 */
385 	u_int off_sio;
386 	u_int off_opc;
387 	u_int off_dpc;
388 	u_int off_sls;
389 
390 	/*
391 	 * This is the offset of the first byte after the ATM pseudo_header,
392 	 * or -1 if there is no ATM pseudo-header.
393 	 */
394 	u_int off_payload;
395 
396 	/*
397 	 * These are offsets to the beginning of the network-layer header.
398 	 * They are relative to the beginning of the link-layer payload
399 	 * (i.e., they don't include off_linkhdr.constant_part or
400 	 * off_linkpl.constant_part).
401 	 *
402 	 * If the link layer never uses 802.2 LLC:
403 	 *
404 	 *	"off_nl" and "off_nl_nosnap" are the same.
405 	 *
406 	 * If the link layer always uses 802.2 LLC:
407 	 *
408 	 *	"off_nl" is the offset if there's a SNAP header following
409 	 *	the 802.2 header;
410 	 *
411 	 *	"off_nl_nosnap" is the offset if there's no SNAP header.
412 	 *
413 	 * If the link layer is Ethernet:
414 	 *
415 	 *	"off_nl" is the offset if the packet is an Ethernet II packet
416 	 *	(we assume no 802.3+802.2+SNAP);
417 	 *
418 	 *	"off_nl_nosnap" is the offset if the packet is an 802.3 packet
419 	 *	with an 802.2 header following it.
420 	 */
421 	u_int off_nl;
422 	u_int off_nl_nosnap;
423 
424 	/*
425 	 * Here we handle simple allocation of the scratch registers.
426 	 * If too many registers are alloc'd, the allocator punts.
427 	 */
428 	int regused[BPF_MEMWORDS];
429 	int curreg;
430 
431 	/*
432 	 * Memory chunks.
433 	 */
434 	struct chunk chunks[NCHUNKS];
435 	int cur_chunk;
436 };
437 
438 /*
439  * For use by routines outside this file.
440  */
441 /* VARARGS */
442 void
443 bpf_set_error(compiler_state_t *cstate, const char *fmt, ...)
444 {
445 	va_list ap;
446 
447 	/*
448 	 * If we've already set an error, don't override it.
449 	 * The lexical analyzer reports some errors by setting
450 	 * the error and then returning a LEX_ERROR token, which
451 	 * is not recognized by any grammar rule, and thus forces
452 	 * the parse to stop.  We don't want the error reported
453 	 * by the lexical analyzer to be overwritten by the syntax
454 	 * error.
455 	 */
456 	if (!cstate->error_set) {
457 		va_start(ap, fmt);
458 		(void)vsnprintf(cstate->bpf_pcap->errbuf, PCAP_ERRBUF_SIZE,
459 		    fmt, ap);
460 		va_end(ap);
461 		cstate->error_set = 1;
462 	}
463 }
464 
465 /*
466  * For use *ONLY* in routines in this file.
467  */
468 static void PCAP_NORETURN bpf_error(compiler_state_t *, const char *, ...)
469     PCAP_PRINTFLIKE(2, 3);
470 
471 /* VARARGS */
472 static void PCAP_NORETURN
473 bpf_error(compiler_state_t *cstate, const char *fmt, ...)
474 {
475 	va_list ap;
476 
477 	va_start(ap, fmt);
478 	(void)vsnprintf(cstate->bpf_pcap->errbuf, PCAP_ERRBUF_SIZE,
479 	    fmt, ap);
480 	va_end(ap);
481 	longjmp(cstate->top_ctx, 1);
482 	/*NOTREACHED*/
483 }
484 
485 static int init_linktype(compiler_state_t *, pcap_t *);
486 
487 static void init_regs(compiler_state_t *);
488 static int alloc_reg(compiler_state_t *);
489 static void free_reg(compiler_state_t *, int);
490 
491 static void initchunks(compiler_state_t *cstate);
492 static void *newchunk_nolongjmp(compiler_state_t *cstate, size_t);
493 static void *newchunk(compiler_state_t *cstate, size_t);
494 static void freechunks(compiler_state_t *cstate);
495 static inline struct block *new_block(compiler_state_t *cstate, int);
496 static inline struct slist *new_stmt(compiler_state_t *cstate, int);
497 static struct block *gen_retblk(compiler_state_t *cstate, int);
498 static inline void syntax(compiler_state_t *cstate);
499 
500 static void backpatch(struct block *, struct block *);
501 static void merge(struct block *, struct block *);
502 static struct block *gen_cmp(compiler_state_t *, enum e_offrel, u_int,
503     u_int, bpf_u_int32);
504 static struct block *gen_cmp_gt(compiler_state_t *, enum e_offrel, u_int,
505     u_int, bpf_u_int32);
506 static struct block *gen_cmp_ge(compiler_state_t *, enum e_offrel, u_int,
507     u_int, bpf_u_int32);
508 static struct block *gen_cmp_lt(compiler_state_t *, enum e_offrel, u_int,
509     u_int, bpf_u_int32);
510 static struct block *gen_cmp_le(compiler_state_t *, enum e_offrel, u_int,
511     u_int, bpf_u_int32);
512 static struct block *gen_mcmp(compiler_state_t *, enum e_offrel, u_int,
513     u_int, bpf_u_int32, bpf_u_int32);
514 static struct block *gen_bcmp(compiler_state_t *, enum e_offrel, u_int,
515     u_int, const u_char *);
516 static struct block *gen_ncmp(compiler_state_t *, enum e_offrel, u_int,
517     u_int, bpf_u_int32, int, int, bpf_u_int32);
518 static struct slist *gen_load_absoffsetrel(compiler_state_t *, bpf_abs_offset *,
519     u_int, u_int);
520 static struct slist *gen_load_a(compiler_state_t *, enum e_offrel, u_int,
521     u_int);
522 static struct slist *gen_loadx_iphdrlen(compiler_state_t *);
523 static struct block *gen_uncond(compiler_state_t *, int);
524 static inline struct block *gen_true(compiler_state_t *);
525 static inline struct block *gen_false(compiler_state_t *);
526 static struct block *gen_ether_linktype(compiler_state_t *, bpf_u_int32);
527 static struct block *gen_ipnet_linktype(compiler_state_t *, bpf_u_int32);
528 static struct block *gen_linux_sll_linktype(compiler_state_t *, bpf_u_int32);
529 static struct slist *gen_load_prism_llprefixlen(compiler_state_t *);
530 static struct slist *gen_load_avs_llprefixlen(compiler_state_t *);
531 static struct slist *gen_load_radiotap_llprefixlen(compiler_state_t *);
532 static struct slist *gen_load_ppi_llprefixlen(compiler_state_t *);
533 static void insert_compute_vloffsets(compiler_state_t *, struct block *);
534 static struct slist *gen_abs_offset_varpart(compiler_state_t *,
535     bpf_abs_offset *);
536 static bpf_u_int32 ethertype_to_ppptype(bpf_u_int32);
537 static struct block *gen_linktype(compiler_state_t *, bpf_u_int32);
538 static struct block *gen_snap(compiler_state_t *, bpf_u_int32, bpf_u_int32);
539 static struct block *gen_llc_linktype(compiler_state_t *, bpf_u_int32);
540 static struct block *gen_hostop(compiler_state_t *, bpf_u_int32, bpf_u_int32,
541     int, bpf_u_int32, u_int, u_int);
542 #ifdef INET6
543 static struct block *gen_hostop6(compiler_state_t *, struct in6_addr *,
544     struct in6_addr *, int, bpf_u_int32, u_int, u_int);
545 #endif
546 static struct block *gen_ahostop(compiler_state_t *, const u_char *, int);
547 static struct block *gen_ehostop(compiler_state_t *, const u_char *, int);
548 static struct block *gen_fhostop(compiler_state_t *, const u_char *, int);
549 static struct block *gen_thostop(compiler_state_t *, const u_char *, int);
550 static struct block *gen_wlanhostop(compiler_state_t *, const u_char *, int);
551 static struct block *gen_ipfchostop(compiler_state_t *, const u_char *, int);
552 static struct block *gen_dnhostop(compiler_state_t *, bpf_u_int32, int);
553 static struct block *gen_mpls_linktype(compiler_state_t *, bpf_u_int32);
554 static struct block *gen_host(compiler_state_t *, bpf_u_int32, bpf_u_int32,
555     int, int, int);
556 #ifdef INET6
557 static struct block *gen_host6(compiler_state_t *, struct in6_addr *,
558     struct in6_addr *, int, int, int);
559 #endif
560 #ifndef INET6
561 static struct block *gen_gateway(compiler_state_t *, const u_char *,
562     struct addrinfo *, int, int);
563 #endif
564 static struct block *gen_ipfrag(compiler_state_t *);
565 static struct block *gen_portatom(compiler_state_t *, int, bpf_u_int32);
566 static struct block *gen_portrangeatom(compiler_state_t *, u_int, bpf_u_int32,
567     bpf_u_int32);
568 static struct block *gen_portatom6(compiler_state_t *, int, bpf_u_int32);
569 static struct block *gen_portrangeatom6(compiler_state_t *, u_int, bpf_u_int32,
570     bpf_u_int32);
571 static struct block *gen_portop(compiler_state_t *, u_int, u_int, int);
572 static struct block *gen_port(compiler_state_t *, u_int, int, int);
573 static struct block *gen_portrangeop(compiler_state_t *, u_int, u_int,
574     bpf_u_int32, int);
575 static struct block *gen_portrange(compiler_state_t *, u_int, u_int, int, int);
576 struct block *gen_portop6(compiler_state_t *, u_int, u_int, int);
577 static struct block *gen_port6(compiler_state_t *, u_int, int, int);
578 static struct block *gen_portrangeop6(compiler_state_t *, u_int, u_int,
579     bpf_u_int32, int);
580 static struct block *gen_portrange6(compiler_state_t *, u_int, u_int, int, int);
581 static int lookup_proto(compiler_state_t *, const char *, int);
582 static struct block *gen_protochain(compiler_state_t *, bpf_u_int32, int);
583 static struct block *gen_proto(compiler_state_t *, bpf_u_int32, int, int);
584 static struct slist *xfer_to_x(compiler_state_t *, struct arth *);
585 static struct slist *xfer_to_a(compiler_state_t *, struct arth *);
586 static struct block *gen_mac_multicast(compiler_state_t *, int);
587 static struct block *gen_len(compiler_state_t *, int, int);
588 static struct block *gen_check_802_11_data_frame(compiler_state_t *);
589 static struct block *gen_geneve_ll_check(compiler_state_t *cstate);
590 
591 static struct block *gen_ppi_dlt_check(compiler_state_t *);
592 static struct block *gen_atmfield_code_internal(compiler_state_t *, int,
593     bpf_u_int32, int, int);
594 static struct block *gen_atmtype_llc(compiler_state_t *);
595 static struct block *gen_msg_abbrev(compiler_state_t *, int type);
596 
597 static void
598 initchunks(compiler_state_t *cstate)
599 {
600 	int i;
601 
602 	for (i = 0; i < NCHUNKS; i++) {
603 		cstate->chunks[i].n_left = 0;
604 		cstate->chunks[i].m = NULL;
605 	}
606 	cstate->cur_chunk = 0;
607 }
608 
609 static void *
610 newchunk_nolongjmp(compiler_state_t *cstate, size_t n)
611 {
612 	struct chunk *cp;
613 	int k;
614 	size_t size;
615 
616 #ifndef __NetBSD__
617 	/* XXX Round up to nearest long. */
618 	n = (n + sizeof(long) - 1) & ~(sizeof(long) - 1);
619 #else
620 	/* XXX Round up to structure boundary. */
621 	n = ALIGN(n);
622 #endif
623 
624 	cp = &cstate->chunks[cstate->cur_chunk];
625 	if (n > cp->n_left) {
626 		++cp;
627 		k = ++cstate->cur_chunk;
628 		if (k >= NCHUNKS) {
629 			bpf_set_error(cstate, "out of memory");
630 			return (NULL);
631 		}
632 		size = CHUNK0SIZE << k;
633 		cp->m = (void *)malloc(size);
634 		if (cp->m == NULL) {
635 			bpf_set_error(cstate, "out of memory");
636 			return (NULL);
637 		}
638 		memset((char *)cp->m, 0, size);
639 		cp->n_left = size;
640 		if (n > size) {
641 			bpf_set_error(cstate, "out of memory");
642 			return (NULL);
643 		}
644 	}
645 	cp->n_left -= n;
646 	return (void *)((char *)cp->m + cp->n_left);
647 }
648 
649 static void *
650 newchunk(compiler_state_t *cstate, size_t n)
651 {
652 	void *p;
653 
654 	p = newchunk_nolongjmp(cstate, n);
655 	if (p == NULL) {
656 		longjmp(cstate->top_ctx, 1);
657 		/*NOTREACHED*/
658 	}
659 	return (p);
660 }
661 
662 static void
663 freechunks(compiler_state_t *cstate)
664 {
665 	int i;
666 
667 	for (i = 0; i < NCHUNKS; ++i)
668 		if (cstate->chunks[i].m != NULL)
669 			free(cstate->chunks[i].m);
670 }
671 
672 /*
673  * A strdup whose allocations are freed after code generation is over.
674  * This is used by the lexical analyzer, so it can't longjmp; it just
675  * returns NULL on an allocation error, and the callers must check
676  * for it.
677  */
678 char *
679 sdup(compiler_state_t *cstate, const char *s)
680 {
681 	size_t n = strlen(s) + 1;
682 	char *cp = newchunk_nolongjmp(cstate, n);
683 
684 	if (cp == NULL)
685 		return (NULL);
686 	pcap_strlcpy(cp, s, n);
687 	return (cp);
688 }
689 
690 static inline struct block *
691 new_block(compiler_state_t *cstate, int code)
692 {
693 	struct block *p;
694 
695 	p = (struct block *)newchunk(cstate, sizeof(*p));
696 	p->s.code = code;
697 	p->head = p;
698 
699 	return p;
700 }
701 
702 static inline struct slist *
703 new_stmt(compiler_state_t *cstate, int code)
704 {
705 	struct slist *p;
706 
707 	p = (struct slist *)newchunk(cstate, sizeof(*p));
708 	p->s.code = code;
709 
710 	return p;
711 }
712 
713 static struct block *
714 gen_retblk(compiler_state_t *cstate, int v)
715 {
716 	struct block *b = new_block(cstate, BPF_RET|BPF_K);
717 
718 	b->s.k = v;
719 	return b;
720 }
721 
722 static inline PCAP_NORETURN_DEF void
723 syntax(compiler_state_t *cstate)
724 {
725 	bpf_error(cstate, "syntax error in filter expression");
726 }
727 
728 int
729 pcap_compile(pcap_t *p, struct bpf_program *program,
730 	     const char *buf, int optimize, bpf_u_int32 mask)
731 {
732 #ifdef _WIN32
733 	static int done = 0;
734 #endif
735 	compiler_state_t cstate;
736 	const char * volatile xbuf = buf;
737 	yyscan_t scanner = NULL;
738 	volatile YY_BUFFER_STATE in_buffer = NULL;
739 	u_int len;
740 	int  rc;
741 
742 	/*
743 	 * If this pcap_t hasn't been activated, it doesn't have a
744 	 * link-layer type, so we can't use it.
745 	 */
746 	if (!p->activated) {
747 		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
748 		    "not-yet-activated pcap_t passed to pcap_compile");
749 		return (-1);
750 	}
751 
752 #ifdef _WIN32
753 	if (!done)
754 		pcap_wsockinit();
755 	done = 1;
756 #endif
757 
758 #ifdef ENABLE_REMOTE
759 	/*
760 	 * If the device on which we're capturing need to be notified
761 	 * that a new filter is being compiled, do so.
762 	 *
763 	 * This allows them to save a copy of it, in case, for example,
764 	 * they're implementing a form of remote packet capture, and
765 	 * want the remote machine to filter out the packets in which
766 	 * it's sending the packets it's captured.
767 	 *
768 	 * XXX - the fact that we happen to be compiling a filter
769 	 * doesn't necessarily mean we'll be installing it as the
770 	 * filter for this pcap_t; we might be running it from userland
771 	 * on captured packets to do packet classification.  We really
772 	 * need a better way of handling this, but this is all that
773 	 * the WinPcap remote capture code did.
774 	 */
775 	if (p->save_current_filter_op != NULL)
776 		(p->save_current_filter_op)(p, buf);
777 #endif
778 
779 	initchunks(&cstate);
780 	cstate.no_optimize = 0;
781 #ifdef INET6
782 	cstate.ai = NULL;
783 #endif
784 	cstate.e = NULL;
785 	cstate.ic.root = NULL;
786 	cstate.ic.cur_mark = 0;
787 	cstate.bpf_pcap = p;
788 	cstate.error_set = 0;
789 	init_regs(&cstate);
790 
791 	cstate.netmask = mask;
792 
793 	cstate.snaplen = pcap_snapshot(p);
794 	if (cstate.snaplen == 0) {
795 		snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
796 			 "snaplen of 0 rejects all packets");
797 		rc = -1;
798 		goto quit;
799 	}
800 
801 	if (pcap_lex_init(&scanner) != 0)
802 		pcap_fmt_errmsg_for_errno(p->errbuf, PCAP_ERRBUF_SIZE,
803 		    errno, "can't initialize scanner");
804 	in_buffer = pcap__scan_string(xbuf ? xbuf : "", scanner);
805 
806 	/*
807 	 * Associate the compiler state with the lexical analyzer
808 	 * state.
809 	 */
810 	pcap_set_extra(&cstate, scanner);
811 
812 	if (init_linktype(&cstate, p) == -1) {
813 		rc = -1;
814 		goto quit;
815 	}
816 	if (pcap_parse(scanner, &cstate) != 0) {
817 #ifdef INET6
818 		if (cstate.ai != NULL)
819 			freeaddrinfo(cstate.ai);
820 #endif
821 		if (cstate.e != NULL)
822 			free(cstate.e);
823 		rc = -1;
824 		goto quit;
825 	}
826 
827 	if (cstate.ic.root == NULL) {
828 		/*
829 		 * Catch errors reported by gen_retblk().
830 		 */
831 		if (setjmp(cstate.top_ctx)) {
832 			rc = -1;
833 			goto quit;
834 		}
835 		cstate.ic.root = gen_retblk(&cstate, cstate.snaplen);
836 	}
837 
838 	if (optimize && !cstate.no_optimize) {
839 		if (bpf_optimize(&cstate.ic, p->errbuf) == -1) {
840 			/* Failure */
841 			rc = -1;
842 			goto quit;
843 		}
844 		if (cstate.ic.root == NULL ||
845 		    (cstate.ic.root->s.code == (BPF_RET|BPF_K) && cstate.ic.root->s.k == 0)) {
846 			(void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
847 			    "expression rejects all packets");
848 			rc = -1;
849 			goto quit;
850 		}
851 	}
852 	program->bf_insns = icode_to_fcode(&cstate.ic,
853 	    cstate.ic.root, &len, p->errbuf);
854 	if (program->bf_insns == NULL) {
855 		/* Failure */
856 		rc = -1;
857 		goto quit;
858 	}
859 	program->bf_len = len;
860 
861 	rc = 0;  /* We're all okay */
862 
863 quit:
864 	/*
865 	 * Clean up everything for the lexical analyzer.
866 	 */
867 	if (in_buffer != NULL)
868 		pcap__delete_buffer(in_buffer, scanner);
869 	if (scanner != NULL)
870 		pcap_lex_destroy(scanner);
871 
872 	/*
873 	 * Clean up our own allocated memory.
874 	 */
875 	freechunks(&cstate);
876 
877 	return (rc);
878 }
879 
880 /*
881  * entry point for using the compiler with no pcap open
882  * pass in all the stuff that is needed explicitly instead.
883  */
884 int
885 pcap_compile_nopcap(int snaplen_arg, int linktype_arg,
886 		    struct bpf_program *program,
887 	     const char *buf, int optimize, bpf_u_int32 mask)
888 {
889 	pcap_t *p;
890 	int ret;
891 
892 	p = pcap_open_dead(linktype_arg, snaplen_arg);
893 	if (p == NULL)
894 		return (-1);
895 	ret = pcap_compile(p, program, buf, optimize, mask);
896 	pcap_close(p);
897 	return (ret);
898 }
899 
900 /*
901  * Clean up a "struct bpf_program" by freeing all the memory allocated
902  * in it.
903  */
904 void
905 pcap_freecode(struct bpf_program *program)
906 {
907 	program->bf_len = 0;
908 	if (program->bf_insns != NULL) {
909 		free((char *)program->bf_insns);
910 		program->bf_insns = NULL;
911 	}
912 }
913 
914 /*
915  * Backpatch the blocks in 'list' to 'target'.  The 'sense' field indicates
916  * which of the jt and jf fields has been resolved and which is a pointer
917  * back to another unresolved block (or nil).  At least one of the fields
918  * in each block is already resolved.
919  */
920 static void
921 backpatch(struct block *list, struct block *target)
922 {
923 	struct block *next;
924 
925 	while (list) {
926 		if (!list->sense) {
927 			next = JT(list);
928 			JT(list) = target;
929 		} else {
930 			next = JF(list);
931 			JF(list) = target;
932 		}
933 		list = next;
934 	}
935 }
936 
937 /*
938  * Merge the lists in b0 and b1, using the 'sense' field to indicate
939  * which of jt and jf is the link.
940  */
941 static void
942 merge(struct block *b0, struct block *b1)
943 {
944 	register struct block **p = &b0;
945 
946 	/* Find end of list. */
947 	while (*p)
948 		p = !((*p)->sense) ? &JT(*p) : &JF(*p);
949 
950 	/* Concatenate the lists. */
951 	*p = b1;
952 }
953 
954 int
955 finish_parse(compiler_state_t *cstate, struct block *p)
956 {
957 	struct block *ppi_dlt_check;
958 
959 	/*
960 	 * Catch errors reported by us and routines below us, and return -1
961 	 * on an error.
962 	 */
963 	if (setjmp(cstate->top_ctx))
964 		return (-1);
965 
966 	/*
967 	 * Insert before the statements of the first (root) block any
968 	 * statements needed to load the lengths of any variable-length
969 	 * headers into registers.
970 	 *
971 	 * XXX - a fancier strategy would be to insert those before the
972 	 * statements of all blocks that use those lengths and that
973 	 * have no predecessors that use them, so that we only compute
974 	 * the lengths if we need them.  There might be even better
975 	 * approaches than that.
976 	 *
977 	 * However, those strategies would be more complicated, and
978 	 * as we don't generate code to compute a length if the
979 	 * program has no tests that use the length, and as most
980 	 * tests will probably use those lengths, we would just
981 	 * postpone computing the lengths so that it's not done
982 	 * for tests that fail early, and it's not clear that's
983 	 * worth the effort.
984 	 */
985 	insert_compute_vloffsets(cstate, p->head);
986 
987 	/*
988 	 * For DLT_PPI captures, generate a check of the per-packet
989 	 * DLT value to make sure it's DLT_IEEE802_11.
990 	 *
991 	 * XXX - TurboCap cards use DLT_PPI for Ethernet.
992 	 * Can we just define some DLT_ETHERNET_WITH_PHDR pseudo-header
993 	 * with appropriate Ethernet information and use that rather
994 	 * than using something such as DLT_PPI where you don't know
995 	 * the link-layer header type until runtime, which, in the
996 	 * general case, would force us to generate both Ethernet *and*
997 	 * 802.11 code (*and* anything else for which PPI is used)
998 	 * and choose between them early in the BPF program?
999 	 */
1000 	ppi_dlt_check = gen_ppi_dlt_check(cstate);
1001 	if (ppi_dlt_check != NULL)
1002 		gen_and(ppi_dlt_check, p);
1003 
1004 	backpatch(p, gen_retblk(cstate, cstate->snaplen));
1005 	p->sense = !p->sense;
1006 	backpatch(p, gen_retblk(cstate, 0));
1007 	cstate->ic.root = p->head;
1008 	return (0);
1009 }
1010 
1011 void
1012 gen_and(struct block *b0, struct block *b1)
1013 {
1014 	backpatch(b0, b1->head);
1015 	b0->sense = !b0->sense;
1016 	b1->sense = !b1->sense;
1017 	merge(b1, b0);
1018 	b1->sense = !b1->sense;
1019 	b1->head = b0->head;
1020 }
1021 
1022 void
1023 gen_or(struct block *b0, struct block *b1)
1024 {
1025 	b0->sense = !b0->sense;
1026 	backpatch(b0, b1->head);
1027 	b0->sense = !b0->sense;
1028 	merge(b1, b0);
1029 	b1->head = b0->head;
1030 }
1031 
1032 void
1033 gen_not(struct block *b)
1034 {
1035 	b->sense = !b->sense;
1036 }
1037 
1038 static struct block *
1039 gen_cmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1040     u_int size, bpf_u_int32 v)
1041 {
1042 	return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JEQ, 0, v);
1043 }
1044 
1045 static struct block *
1046 gen_cmp_gt(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1047     u_int size, bpf_u_int32 v)
1048 {
1049 	return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGT, 0, v);
1050 }
1051 
1052 static struct block *
1053 gen_cmp_ge(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1054     u_int size, bpf_u_int32 v)
1055 {
1056 	return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGE, 0, v);
1057 }
1058 
1059 static struct block *
1060 gen_cmp_lt(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1061     u_int size, bpf_u_int32 v)
1062 {
1063 	return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGE, 1, v);
1064 }
1065 
1066 static struct block *
1067 gen_cmp_le(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1068     u_int size, bpf_u_int32 v)
1069 {
1070 	return gen_ncmp(cstate, offrel, offset, size, 0xffffffff, BPF_JGT, 1, v);
1071 }
1072 
1073 static struct block *
1074 gen_mcmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1075     u_int size, bpf_u_int32 v, bpf_u_int32 mask)
1076 {
1077 	return gen_ncmp(cstate, offrel, offset, size, mask, BPF_JEQ, 0, v);
1078 }
1079 
1080 static struct block *
1081 gen_bcmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1082     u_int size, const u_char *v)
1083 {
1084 	register struct block *b, *tmp;
1085 
1086 	b = NULL;
1087 	while (size >= 4) {
1088 		register const u_char *p = &v[size - 4];
1089 
1090 		tmp = gen_cmp(cstate, offrel, offset + size - 4, BPF_W,
1091 		    EXTRACT_BE_U_4(p));
1092 		if (b != NULL)
1093 			gen_and(b, tmp);
1094 		b = tmp;
1095 		size -= 4;
1096 	}
1097 	while (size >= 2) {
1098 		register const u_char *p = &v[size - 2];
1099 
1100 		tmp = gen_cmp(cstate, offrel, offset + size - 2, BPF_H,
1101 		    EXTRACT_BE_U_2(p));
1102 		if (b != NULL)
1103 			gen_and(b, tmp);
1104 		b = tmp;
1105 		size -= 2;
1106 	}
1107 	if (size > 0) {
1108 		tmp = gen_cmp(cstate, offrel, offset, BPF_B, v[0]);
1109 		if (b != NULL)
1110 			gen_and(b, tmp);
1111 		b = tmp;
1112 	}
1113 	return b;
1114 }
1115 
1116 /*
1117  * AND the field of size "size" at offset "offset" relative to the header
1118  * specified by "offrel" with "mask", and compare it with the value "v"
1119  * with the test specified by "jtype"; if "reverse" is true, the test
1120  * should test the opposite of "jtype".
1121  */
1122 static struct block *
1123 gen_ncmp(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1124     u_int size, bpf_u_int32 mask, int jtype, int reverse,
1125     bpf_u_int32 v)
1126 {
1127 	struct slist *s, *s2;
1128 	struct block *b;
1129 
1130 	s = gen_load_a(cstate, offrel, offset, size);
1131 
1132 	if (mask != 0xffffffff) {
1133 		s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
1134 		s2->s.k = mask;
1135 		sappend(s, s2);
1136 	}
1137 
1138 	b = new_block(cstate, JMP(jtype));
1139 	b->stmts = s;
1140 	b->s.k = v;
1141 	if (reverse && (jtype == BPF_JGT || jtype == BPF_JGE))
1142 		gen_not(b);
1143 	return b;
1144 }
1145 
1146 static int
1147 init_linktype(compiler_state_t *cstate, pcap_t *p)
1148 {
1149 	cstate->pcap_fddipad = p->fddipad;
1150 
1151 	/*
1152 	 * We start out with only one link-layer header.
1153 	 */
1154 	cstate->outermostlinktype = pcap_datalink(p);
1155 	cstate->off_outermostlinkhdr.constant_part = 0;
1156 	cstate->off_outermostlinkhdr.is_variable = 0;
1157 	cstate->off_outermostlinkhdr.reg = -1;
1158 
1159 	cstate->prevlinktype = cstate->outermostlinktype;
1160 	cstate->off_prevlinkhdr.constant_part = 0;
1161 	cstate->off_prevlinkhdr.is_variable = 0;
1162 	cstate->off_prevlinkhdr.reg = -1;
1163 
1164 	cstate->linktype = cstate->outermostlinktype;
1165 	cstate->off_linkhdr.constant_part = 0;
1166 	cstate->off_linkhdr.is_variable = 0;
1167 	cstate->off_linkhdr.reg = -1;
1168 
1169 	/*
1170 	 * XXX
1171 	 */
1172 	cstate->off_linkpl.constant_part = 0;
1173 	cstate->off_linkpl.is_variable = 0;
1174 	cstate->off_linkpl.reg = -1;
1175 
1176 	cstate->off_linktype.constant_part = 0;
1177 	cstate->off_linktype.is_variable = 0;
1178 	cstate->off_linktype.reg = -1;
1179 
1180 	/*
1181 	 * Assume it's not raw ATM with a pseudo-header, for now.
1182 	 */
1183 	cstate->is_atm = 0;
1184 	cstate->off_vpi = OFFSET_NOT_SET;
1185 	cstate->off_vci = OFFSET_NOT_SET;
1186 	cstate->off_proto = OFFSET_NOT_SET;
1187 	cstate->off_payload = OFFSET_NOT_SET;
1188 
1189 	/*
1190 	 * And not Geneve.
1191 	 */
1192 	cstate->is_geneve = 0;
1193 
1194 	/*
1195 	 * No variable length VLAN offset by default
1196 	 */
1197 	cstate->is_vlan_vloffset = 0;
1198 
1199 	/*
1200 	 * And assume we're not doing SS7.
1201 	 */
1202 	cstate->off_li = OFFSET_NOT_SET;
1203 	cstate->off_li_hsl = OFFSET_NOT_SET;
1204 	cstate->off_sio = OFFSET_NOT_SET;
1205 	cstate->off_opc = OFFSET_NOT_SET;
1206 	cstate->off_dpc = OFFSET_NOT_SET;
1207 	cstate->off_sls = OFFSET_NOT_SET;
1208 
1209 	cstate->label_stack_depth = 0;
1210 	cstate->vlan_stack_depth = 0;
1211 
1212 	switch (cstate->linktype) {
1213 
1214 	case DLT_ARCNET:
1215 		cstate->off_linktype.constant_part = 2;
1216 		cstate->off_linkpl.constant_part = 6;
1217 		cstate->off_nl = 0;		/* XXX in reality, variable! */
1218 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1219 		break;
1220 
1221 	case DLT_ARCNET_LINUX:
1222 		cstate->off_linktype.constant_part = 4;
1223 		cstate->off_linkpl.constant_part = 8;
1224 		cstate->off_nl = 0;		/* XXX in reality, variable! */
1225 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1226 		break;
1227 
1228 	case DLT_EN10MB:
1229 		cstate->off_linktype.constant_part = 12;
1230 		cstate->off_linkpl.constant_part = 14;	/* Ethernet header length */
1231 		cstate->off_nl = 0;		/* Ethernet II */
1232 		cstate->off_nl_nosnap = 3;	/* 802.3+802.2 */
1233 		break;
1234 
1235 	case DLT_SLIP:
1236 		/*
1237 		 * SLIP doesn't have a link level type.  The 16 byte
1238 		 * header is hacked into our SLIP driver.
1239 		 */
1240 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1241 		cstate->off_linkpl.constant_part = 16;
1242 		cstate->off_nl = 0;
1243 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1244 		break;
1245 
1246 	case DLT_SLIP_BSDOS:
1247 		/* XXX this may be the same as the DLT_PPP_BSDOS case */
1248 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1249 		/* XXX end */
1250 		cstate->off_linkpl.constant_part = 24;
1251 		cstate->off_nl = 0;
1252 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1253 		break;
1254 
1255 	case DLT_NULL:
1256 	case DLT_LOOP:
1257 		cstate->off_linktype.constant_part = 0;
1258 		cstate->off_linkpl.constant_part = 4;
1259 		cstate->off_nl = 0;
1260 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1261 		break;
1262 
1263 	case DLT_ENC:
1264 		cstate->off_linktype.constant_part = 0;
1265 		cstate->off_linkpl.constant_part = 12;
1266 		cstate->off_nl = 0;
1267 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1268 		break;
1269 
1270 	case DLT_PPP:
1271 	case DLT_PPP_PPPD:
1272 	case DLT_C_HDLC:		/* BSD/OS Cisco HDLC */
1273 	case DLT_PPP_SERIAL:		/* NetBSD sync/async serial PPP */
1274 		cstate->off_linktype.constant_part = 2;	/* skip HDLC-like framing */
1275 		cstate->off_linkpl.constant_part = 4;	/* skip HDLC-like framing and protocol field */
1276 		cstate->off_nl = 0;
1277 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1278 		break;
1279 
1280 	case DLT_PPP_ETHER:
1281 		/*
1282 		 * This does no include the Ethernet header, and
1283 		 * only covers session state.
1284 		 */
1285 		cstate->off_linktype.constant_part = 6;
1286 		cstate->off_linkpl.constant_part = 8;
1287 		cstate->off_nl = 0;
1288 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1289 		break;
1290 
1291 	case DLT_PPP_BSDOS:
1292 		cstate->off_linktype.constant_part = 5;
1293 		cstate->off_linkpl.constant_part = 24;
1294 		cstate->off_nl = 0;
1295 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1296 		break;
1297 
1298 	case DLT_FDDI:
1299 		/*
1300 		 * FDDI doesn't really have a link-level type field.
1301 		 * We set "off_linktype" to the offset of the LLC header.
1302 		 *
1303 		 * To check for Ethernet types, we assume that SSAP = SNAP
1304 		 * is being used and pick out the encapsulated Ethernet type.
1305 		 * XXX - should we generate code to check for SNAP?
1306 		 */
1307 		cstate->off_linktype.constant_part = 13;
1308 		cstate->off_linktype.constant_part += cstate->pcap_fddipad;
1309 		cstate->off_linkpl.constant_part = 13;	/* FDDI MAC header length */
1310 		cstate->off_linkpl.constant_part += cstate->pcap_fddipad;
1311 		cstate->off_nl = 8;		/* 802.2+SNAP */
1312 		cstate->off_nl_nosnap = 3;	/* 802.2 */
1313 		break;
1314 
1315 	case DLT_IEEE802:
1316 		/*
1317 		 * Token Ring doesn't really have a link-level type field.
1318 		 * We set "off_linktype" to the offset of the LLC header.
1319 		 *
1320 		 * To check for Ethernet types, we assume that SSAP = SNAP
1321 		 * is being used and pick out the encapsulated Ethernet type.
1322 		 * XXX - should we generate code to check for SNAP?
1323 		 *
1324 		 * XXX - the header is actually variable-length.
1325 		 * Some various Linux patched versions gave 38
1326 		 * as "off_linktype" and 40 as "off_nl"; however,
1327 		 * if a token ring packet has *no* routing
1328 		 * information, i.e. is not source-routed, the correct
1329 		 * values are 20 and 22, as they are in the vanilla code.
1330 		 *
1331 		 * A packet is source-routed iff the uppermost bit
1332 		 * of the first byte of the source address, at an
1333 		 * offset of 8, has the uppermost bit set.  If the
1334 		 * packet is source-routed, the total number of bytes
1335 		 * of routing information is 2 plus bits 0x1F00 of
1336 		 * the 16-bit value at an offset of 14 (shifted right
1337 		 * 8 - figure out which byte that is).
1338 		 */
1339 		cstate->off_linktype.constant_part = 14;
1340 		cstate->off_linkpl.constant_part = 14;	/* Token Ring MAC header length */
1341 		cstate->off_nl = 8;		/* 802.2+SNAP */
1342 		cstate->off_nl_nosnap = 3;	/* 802.2 */
1343 		break;
1344 
1345 	case DLT_PRISM_HEADER:
1346 	case DLT_IEEE802_11_RADIO_AVS:
1347 	case DLT_IEEE802_11_RADIO:
1348 		cstate->off_linkhdr.is_variable = 1;
1349 		/* Fall through, 802.11 doesn't have a variable link
1350 		 * prefix but is otherwise the same. */
1351 		/* FALLTHROUGH */
1352 
1353 	case DLT_IEEE802_11:
1354 		/*
1355 		 * 802.11 doesn't really have a link-level type field.
1356 		 * We set "off_linktype.constant_part" to the offset of
1357 		 * the LLC header.
1358 		 *
1359 		 * To check for Ethernet types, we assume that SSAP = SNAP
1360 		 * is being used and pick out the encapsulated Ethernet type.
1361 		 * XXX - should we generate code to check for SNAP?
1362 		 *
1363 		 * We also handle variable-length radio headers here.
1364 		 * The Prism header is in theory variable-length, but in
1365 		 * practice it's always 144 bytes long.  However, some
1366 		 * drivers on Linux use ARPHRD_IEEE80211_PRISM, but
1367 		 * sometimes or always supply an AVS header, so we
1368 		 * have to check whether the radio header is a Prism
1369 		 * header or an AVS header, so, in practice, it's
1370 		 * variable-length.
1371 		 */
1372 		cstate->off_linktype.constant_part = 24;
1373 		cstate->off_linkpl.constant_part = 0;	/* link-layer header is variable-length */
1374 		cstate->off_linkpl.is_variable = 1;
1375 		cstate->off_nl = 8;		/* 802.2+SNAP */
1376 		cstate->off_nl_nosnap = 3;	/* 802.2 */
1377 		break;
1378 
1379 	case DLT_PPI:
1380 		/*
1381 		 * At the moment we treat PPI the same way that we treat
1382 		 * normal Radiotap encoded packets. The difference is in
1383 		 * the function that generates the code at the beginning
1384 		 * to compute the header length.  Since this code generator
1385 		 * of PPI supports bare 802.11 encapsulation only (i.e.
1386 		 * the encapsulated DLT should be DLT_IEEE802_11) we
1387 		 * generate code to check for this too.
1388 		 */
1389 		cstate->off_linktype.constant_part = 24;
1390 		cstate->off_linkpl.constant_part = 0;	/* link-layer header is variable-length */
1391 		cstate->off_linkpl.is_variable = 1;
1392 		cstate->off_linkhdr.is_variable = 1;
1393 		cstate->off_nl = 8;		/* 802.2+SNAP */
1394 		cstate->off_nl_nosnap = 3;	/* 802.2 */
1395 		break;
1396 
1397 	case DLT_ATM_RFC1483:
1398 	case DLT_ATM_CLIP:	/* Linux ATM defines this */
1399 		/*
1400 		 * assume routed, non-ISO PDUs
1401 		 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
1402 		 *
1403 		 * XXX - what about ISO PDUs, e.g. CLNP, ISIS, ESIS,
1404 		 * or PPP with the PPP NLPID (e.g., PPPoA)?  The
1405 		 * latter would presumably be treated the way PPPoE
1406 		 * should be, so you can do "pppoe and udp port 2049"
1407 		 * or "pppoa and tcp port 80" and have it check for
1408 		 * PPPo{A,E} and a PPP protocol of IP and....
1409 		 */
1410 		cstate->off_linktype.constant_part = 0;
1411 		cstate->off_linkpl.constant_part = 0;	/* packet begins with LLC header */
1412 		cstate->off_nl = 8;		/* 802.2+SNAP */
1413 		cstate->off_nl_nosnap = 3;	/* 802.2 */
1414 		break;
1415 
1416 	case DLT_SUNATM:
1417 		/*
1418 		 * Full Frontal ATM; you get AALn PDUs with an ATM
1419 		 * pseudo-header.
1420 		 */
1421 		cstate->is_atm = 1;
1422 		cstate->off_vpi = SUNATM_VPI_POS;
1423 		cstate->off_vci = SUNATM_VCI_POS;
1424 		cstate->off_proto = PROTO_POS;
1425 		cstate->off_payload = SUNATM_PKT_BEGIN_POS;
1426 		cstate->off_linktype.constant_part = cstate->off_payload;
1427 		cstate->off_linkpl.constant_part = cstate->off_payload;	/* if LLC-encapsulated */
1428 		cstate->off_nl = 8;		/* 802.2+SNAP */
1429 		cstate->off_nl_nosnap = 3;	/* 802.2 */
1430 		break;
1431 
1432 	case DLT_RAW:
1433 	case DLT_IPV4:
1434 	case DLT_IPV6:
1435 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1436 		cstate->off_linkpl.constant_part = 0;
1437 		cstate->off_nl = 0;
1438 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1439 		break;
1440 
1441 	case DLT_LINUX_SLL:	/* fake header for Linux cooked socket v1 */
1442 		cstate->off_linktype.constant_part = 14;
1443 		cstate->off_linkpl.constant_part = 16;
1444 		cstate->off_nl = 0;
1445 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1446 		break;
1447 
1448 	case DLT_LINUX_SLL2:	/* fake header for Linux cooked socket v2 */
1449 		cstate->off_linktype.constant_part = 0;
1450 		cstate->off_linkpl.constant_part = 20;
1451 		cstate->off_nl = 0;
1452 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1453 		break;
1454 
1455 	case DLT_LTALK:
1456 		/*
1457 		 * LocalTalk does have a 1-byte type field in the LLAP header,
1458 		 * but really it just indicates whether there is a "short" or
1459 		 * "long" DDP packet following.
1460 		 */
1461 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1462 		cstate->off_linkpl.constant_part = 0;
1463 		cstate->off_nl = 0;
1464 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1465 		break;
1466 
1467 	case DLT_IP_OVER_FC:
1468 		/*
1469 		 * RFC 2625 IP-over-Fibre-Channel doesn't really have a
1470 		 * link-level type field.  We set "off_linktype" to the
1471 		 * offset of the LLC header.
1472 		 *
1473 		 * To check for Ethernet types, we assume that SSAP = SNAP
1474 		 * is being used and pick out the encapsulated Ethernet type.
1475 		 * XXX - should we generate code to check for SNAP? RFC
1476 		 * 2625 says SNAP should be used.
1477 		 */
1478 		cstate->off_linktype.constant_part = 16;
1479 		cstate->off_linkpl.constant_part = 16;
1480 		cstate->off_nl = 8;		/* 802.2+SNAP */
1481 		cstate->off_nl_nosnap = 3;	/* 802.2 */
1482 		break;
1483 
1484 	case DLT_FRELAY:
1485 		/*
1486 		 * XXX - we should set this to handle SNAP-encapsulated
1487 		 * frames (NLPID of 0x80).
1488 		 */
1489 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1490 		cstate->off_linkpl.constant_part = 0;
1491 		cstate->off_nl = 0;
1492 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1493 		break;
1494 
1495                 /*
1496                  * the only BPF-interesting FRF.16 frames are non-control frames;
1497                  * Frame Relay has a variable length link-layer
1498                  * so lets start with offset 4 for now and increments later on (FIXME);
1499                  */
1500 	case DLT_MFR:
1501 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1502 		cstate->off_linkpl.constant_part = 0;
1503 		cstate->off_nl = 4;
1504 		cstate->off_nl_nosnap = 0;	/* XXX - for now -> no 802.2 LLC */
1505 		break;
1506 
1507 	case DLT_APPLE_IP_OVER_IEEE1394:
1508 		cstate->off_linktype.constant_part = 16;
1509 		cstate->off_linkpl.constant_part = 18;
1510 		cstate->off_nl = 0;
1511 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1512 		break;
1513 
1514 	case DLT_SYMANTEC_FIREWALL:
1515 		cstate->off_linktype.constant_part = 6;
1516 		cstate->off_linkpl.constant_part = 44;
1517 		cstate->off_nl = 0;		/* Ethernet II */
1518 		cstate->off_nl_nosnap = 0;	/* XXX - what does it do with 802.3 packets? */
1519 		break;
1520 
1521 #ifdef HAVE_NET_PFVAR_H
1522 	case DLT_PFLOG:
1523 		cstate->off_linktype.constant_part = 0;
1524 		cstate->off_linkpl.constant_part = PFLOG_HDRLEN;
1525 		cstate->off_nl = 0;
1526 		cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
1527 		break;
1528 #endif
1529 
1530         case DLT_JUNIPER_MFR:
1531         case DLT_JUNIPER_MLFR:
1532         case DLT_JUNIPER_MLPPP:
1533         case DLT_JUNIPER_PPP:
1534         case DLT_JUNIPER_CHDLC:
1535         case DLT_JUNIPER_FRELAY:
1536 		cstate->off_linktype.constant_part = 4;
1537 		cstate->off_linkpl.constant_part = 4;
1538 		cstate->off_nl = 0;
1539 		cstate->off_nl_nosnap = OFFSET_NOT_SET;	/* no 802.2 LLC */
1540                 break;
1541 
1542 	case DLT_JUNIPER_ATM1:
1543 		cstate->off_linktype.constant_part = 4;		/* in reality variable between 4-8 */
1544 		cstate->off_linkpl.constant_part = 4;	/* in reality variable between 4-8 */
1545 		cstate->off_nl = 0;
1546 		cstate->off_nl_nosnap = 10;
1547 		break;
1548 
1549 	case DLT_JUNIPER_ATM2:
1550 		cstate->off_linktype.constant_part = 8;		/* in reality variable between 8-12 */
1551 		cstate->off_linkpl.constant_part = 8;	/* in reality variable between 8-12 */
1552 		cstate->off_nl = 0;
1553 		cstate->off_nl_nosnap = 10;
1554 		break;
1555 
1556 		/* frames captured on a Juniper PPPoE service PIC
1557 		 * contain raw ethernet frames */
1558 	case DLT_JUNIPER_PPPOE:
1559         case DLT_JUNIPER_ETHER:
1560 		cstate->off_linkpl.constant_part = 14;
1561 		cstate->off_linktype.constant_part = 16;
1562 		cstate->off_nl = 18;		/* Ethernet II */
1563 		cstate->off_nl_nosnap = 21;	/* 802.3+802.2 */
1564 		break;
1565 
1566 	case DLT_JUNIPER_PPPOE_ATM:
1567 		cstate->off_linktype.constant_part = 4;
1568 		cstate->off_linkpl.constant_part = 6;
1569 		cstate->off_nl = 0;
1570 		cstate->off_nl_nosnap = OFFSET_NOT_SET;	/* no 802.2 LLC */
1571 		break;
1572 
1573 	case DLT_JUNIPER_GGSN:
1574 		cstate->off_linktype.constant_part = 6;
1575 		cstate->off_linkpl.constant_part = 12;
1576 		cstate->off_nl = 0;
1577 		cstate->off_nl_nosnap = OFFSET_NOT_SET;	/* no 802.2 LLC */
1578 		break;
1579 
1580 	case DLT_JUNIPER_ES:
1581 		cstate->off_linktype.constant_part = 6;
1582 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;	/* not really a network layer but raw IP addresses */
1583 		cstate->off_nl = OFFSET_NOT_SET;	/* not really a network layer but raw IP addresses */
1584 		cstate->off_nl_nosnap = OFFSET_NOT_SET;	/* no 802.2 LLC */
1585 		break;
1586 
1587 	case DLT_JUNIPER_MONITOR:
1588 		cstate->off_linktype.constant_part = 12;
1589 		cstate->off_linkpl.constant_part = 12;
1590 		cstate->off_nl = 0;			/* raw IP/IP6 header */
1591 		cstate->off_nl_nosnap = OFFSET_NOT_SET;	/* no 802.2 LLC */
1592 		break;
1593 
1594 	case DLT_BACNET_MS_TP:
1595 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1596 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1597 		cstate->off_nl = OFFSET_NOT_SET;
1598 		cstate->off_nl_nosnap = OFFSET_NOT_SET;
1599 		break;
1600 
1601 	case DLT_JUNIPER_SERVICES:
1602 		cstate->off_linktype.constant_part = 12;
1603 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;	/* L3 proto location dep. on cookie type */
1604 		cstate->off_nl = OFFSET_NOT_SET;	/* L3 proto location dep. on cookie type */
1605 		cstate->off_nl_nosnap = OFFSET_NOT_SET;	/* no 802.2 LLC */
1606 		break;
1607 
1608 	case DLT_JUNIPER_VP:
1609 		cstate->off_linktype.constant_part = 18;
1610 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1611 		cstate->off_nl = OFFSET_NOT_SET;
1612 		cstate->off_nl_nosnap = OFFSET_NOT_SET;
1613 		break;
1614 
1615 	case DLT_JUNIPER_ST:
1616 		cstate->off_linktype.constant_part = 18;
1617 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1618 		cstate->off_nl = OFFSET_NOT_SET;
1619 		cstate->off_nl_nosnap = OFFSET_NOT_SET;
1620 		break;
1621 
1622 	case DLT_JUNIPER_ISM:
1623 		cstate->off_linktype.constant_part = 8;
1624 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1625 		cstate->off_nl = OFFSET_NOT_SET;
1626 		cstate->off_nl_nosnap = OFFSET_NOT_SET;
1627 		break;
1628 
1629 	case DLT_JUNIPER_VS:
1630 	case DLT_JUNIPER_SRX_E2E:
1631 	case DLT_JUNIPER_FIBRECHANNEL:
1632 	case DLT_JUNIPER_ATM_CEMIC:
1633 		cstate->off_linktype.constant_part = 8;
1634 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1635 		cstate->off_nl = OFFSET_NOT_SET;
1636 		cstate->off_nl_nosnap = OFFSET_NOT_SET;
1637 		break;
1638 
1639 	case DLT_MTP2:
1640 		cstate->off_li = 2;
1641 		cstate->off_li_hsl = 4;
1642 		cstate->off_sio = 3;
1643 		cstate->off_opc = 4;
1644 		cstate->off_dpc = 4;
1645 		cstate->off_sls = 7;
1646 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1647 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1648 		cstate->off_nl = OFFSET_NOT_SET;
1649 		cstate->off_nl_nosnap = OFFSET_NOT_SET;
1650 		break;
1651 
1652 	case DLT_MTP2_WITH_PHDR:
1653 		cstate->off_li = 6;
1654 		cstate->off_li_hsl = 8;
1655 		cstate->off_sio = 7;
1656 		cstate->off_opc = 8;
1657 		cstate->off_dpc = 8;
1658 		cstate->off_sls = 11;
1659 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1660 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1661 		cstate->off_nl = OFFSET_NOT_SET;
1662 		cstate->off_nl_nosnap = OFFSET_NOT_SET;
1663 		break;
1664 
1665 	case DLT_ERF:
1666 		cstate->off_li = 22;
1667 		cstate->off_li_hsl = 24;
1668 		cstate->off_sio = 23;
1669 		cstate->off_opc = 24;
1670 		cstate->off_dpc = 24;
1671 		cstate->off_sls = 27;
1672 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1673 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1674 		cstate->off_nl = OFFSET_NOT_SET;
1675 		cstate->off_nl_nosnap = OFFSET_NOT_SET;
1676 		break;
1677 
1678 	case DLT_PFSYNC:
1679 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1680 		cstate->off_linkpl.constant_part = 4;
1681 		cstate->off_nl = 0;
1682 		cstate->off_nl_nosnap = 0;
1683 		break;
1684 
1685 	case DLT_AX25_KISS:
1686 		/*
1687 		 * Currently, only raw "link[N:M]" filtering is supported.
1688 		 */
1689 		cstate->off_linktype.constant_part = OFFSET_NOT_SET;	/* variable, min 15, max 71 steps of 7 */
1690 		cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1691 		cstate->off_nl = OFFSET_NOT_SET;	/* variable, min 16, max 71 steps of 7 */
1692 		cstate->off_nl_nosnap = OFFSET_NOT_SET;	/* no 802.2 LLC */
1693 		break;
1694 
1695 	case DLT_IPNET:
1696 		cstate->off_linktype.constant_part = 1;
1697 		cstate->off_linkpl.constant_part = 24;	/* ipnet header length */
1698 		cstate->off_nl = 0;
1699 		cstate->off_nl_nosnap = OFFSET_NOT_SET;
1700 		break;
1701 
1702 	case DLT_NETANALYZER:
1703 		cstate->off_linkhdr.constant_part = 4;	/* Ethernet header is past 4-byte pseudo-header */
1704 		cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12;
1705 		cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14;	/* pseudo-header+Ethernet header length */
1706 		cstate->off_nl = 0;		/* Ethernet II */
1707 		cstate->off_nl_nosnap = 3;	/* 802.3+802.2 */
1708 		break;
1709 
1710 	case DLT_NETANALYZER_TRANSPARENT:
1711 		cstate->off_linkhdr.constant_part = 12;	/* MAC header is past 4-byte pseudo-header, preamble, and SFD */
1712 		cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12;
1713 		cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14;	/* pseudo-header+preamble+SFD+Ethernet header length */
1714 		cstate->off_nl = 0;		/* Ethernet II */
1715 		cstate->off_nl_nosnap = 3;	/* 802.3+802.2 */
1716 		break;
1717 
1718 	default:
1719 		/*
1720 		 * For values in the range in which we've assigned new
1721 		 * DLT_ values, only raw "link[N:M]" filtering is supported.
1722 		 */
1723 		if (cstate->linktype >= DLT_MATCHING_MIN &&
1724 		    cstate->linktype <= DLT_MATCHING_MAX) {
1725 			cstate->off_linktype.constant_part = OFFSET_NOT_SET;
1726 			cstate->off_linkpl.constant_part = OFFSET_NOT_SET;
1727 			cstate->off_nl = OFFSET_NOT_SET;
1728 			cstate->off_nl_nosnap = OFFSET_NOT_SET;
1729 		} else {
1730 			bpf_set_error(cstate, "unknown data link type %d", cstate->linktype);
1731 			return (-1);
1732 		}
1733 		break;
1734 	}
1735 
1736 	cstate->off_outermostlinkhdr = cstate->off_prevlinkhdr = cstate->off_linkhdr;
1737 	return (0);
1738 }
1739 
1740 /*
1741  * Load a value relative to the specified absolute offset.
1742  */
1743 static struct slist *
1744 gen_load_absoffsetrel(compiler_state_t *cstate, bpf_abs_offset *abs_offset,
1745     u_int offset, u_int size)
1746 {
1747 	struct slist *s, *s2;
1748 
1749 	s = gen_abs_offset_varpart(cstate, abs_offset);
1750 
1751 	/*
1752 	 * If "s" is non-null, it has code to arrange that the X register
1753 	 * contains the variable part of the absolute offset, so we
1754 	 * generate a load relative to that, with an offset of
1755 	 * abs_offset->constant_part + offset.
1756 	 *
1757 	 * Otherwise, we can do an absolute load with an offset of
1758 	 * abs_offset->constant_part + offset.
1759 	 */
1760 	if (s != NULL) {
1761 		/*
1762 		 * "s" points to a list of statements that puts the
1763 		 * variable part of the absolute offset into the X register.
1764 		 * Do an indirect load, to use the X register as an offset.
1765 		 */
1766 		s2 = new_stmt(cstate, BPF_LD|BPF_IND|size);
1767 		s2->s.k = abs_offset->constant_part + offset;
1768 		sappend(s, s2);
1769 	} else {
1770 		/*
1771 		 * There is no variable part of the absolute offset, so
1772 		 * just do an absolute load.
1773 		 */
1774 		s = new_stmt(cstate, BPF_LD|BPF_ABS|size);
1775 		s->s.k = abs_offset->constant_part + offset;
1776 	}
1777 	return s;
1778 }
1779 
1780 /*
1781  * Load a value relative to the beginning of the specified header.
1782  */
1783 static struct slist *
1784 gen_load_a(compiler_state_t *cstate, enum e_offrel offrel, u_int offset,
1785     u_int size)
1786 {
1787 	struct slist *s, *s2;
1788 
1789 	/*
1790 	 * Squelch warnings from compilers that *don't* assume that
1791 	 * offrel always has a valid enum value and therefore don't
1792 	 * assume that we'll always go through one of the case arms.
1793 	 *
1794 	 * If we have a default case, compilers that *do* assume that
1795 	 * will then complain about the default case code being
1796 	 * unreachable.
1797 	 *
1798 	 * Damned if you do, damned if you don't.
1799 	 */
1800 	s = NULL;
1801 
1802 	switch (offrel) {
1803 
1804 	case OR_PACKET:
1805                 s = new_stmt(cstate, BPF_LD|BPF_ABS|size);
1806                 s->s.k = offset;
1807 		break;
1808 
1809 	case OR_LINKHDR:
1810 		s = gen_load_absoffsetrel(cstate, &cstate->off_linkhdr, offset, size);
1811 		break;
1812 
1813 	case OR_PREVLINKHDR:
1814 		s = gen_load_absoffsetrel(cstate, &cstate->off_prevlinkhdr, offset, size);
1815 		break;
1816 
1817 	case OR_LLC:
1818 		s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, offset, size);
1819 		break;
1820 
1821 	case OR_PREVMPLSHDR:
1822 		s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl - 4 + offset, size);
1823 		break;
1824 
1825 	case OR_LINKPL:
1826 		s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl + offset, size);
1827 		break;
1828 
1829 	case OR_LINKPL_NOSNAP:
1830 		s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl_nosnap + offset, size);
1831 		break;
1832 
1833 	case OR_LINKTYPE:
1834 		s = gen_load_absoffsetrel(cstate, &cstate->off_linktype, offset, size);
1835 		break;
1836 
1837 	case OR_TRAN_IPV4:
1838 		/*
1839 		 * Load the X register with the length of the IPv4 header
1840 		 * (plus the offset of the link-layer header, if it's
1841 		 * preceded by a variable-length header such as a radio
1842 		 * header), in bytes.
1843 		 */
1844 		s = gen_loadx_iphdrlen(cstate);
1845 
1846 		/*
1847 		 * Load the item at {offset of the link-layer payload} +
1848 		 * {offset, relative to the start of the link-layer
1849 		 * paylod, of the IPv4 header} + {length of the IPv4 header} +
1850 		 * {specified offset}.
1851 		 *
1852 		 * If the offset of the link-layer payload is variable,
1853 		 * the variable part of that offset is included in the
1854 		 * value in the X register, and we include the constant
1855 		 * part in the offset of the load.
1856 		 */
1857 		s2 = new_stmt(cstate, BPF_LD|BPF_IND|size);
1858 		s2->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + offset;
1859 		sappend(s, s2);
1860 		break;
1861 
1862 	case OR_TRAN_IPV6:
1863 		s = gen_load_absoffsetrel(cstate, &cstate->off_linkpl, cstate->off_nl + 40 + offset, size);
1864 		break;
1865 	}
1866 	return s;
1867 }
1868 
1869 /*
1870  * Generate code to load into the X register the sum of the length of
1871  * the IPv4 header and the variable part of the offset of the link-layer
1872  * payload.
1873  */
1874 static struct slist *
1875 gen_loadx_iphdrlen(compiler_state_t *cstate)
1876 {
1877 	struct slist *s, *s2;
1878 
1879 	s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
1880 	if (s != NULL) {
1881 		/*
1882 		 * The offset of the link-layer payload has a variable
1883 		 * part.  "s" points to a list of statements that put
1884 		 * the variable part of that offset into the X register.
1885 		 *
1886 		 * The 4*([k]&0xf) addressing mode can't be used, as we
1887 		 * don't have a constant offset, so we have to load the
1888 		 * value in question into the A register and add to it
1889 		 * the value from the X register.
1890 		 */
1891 		s2 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
1892 		s2->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
1893 		sappend(s, s2);
1894 		s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
1895 		s2->s.k = 0xf;
1896 		sappend(s, s2);
1897 		s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K);
1898 		s2->s.k = 2;
1899 		sappend(s, s2);
1900 
1901 		/*
1902 		 * The A register now contains the length of the IP header.
1903 		 * We need to add to it the variable part of the offset of
1904 		 * the link-layer payload, which is still in the X
1905 		 * register, and move the result into the X register.
1906 		 */
1907 		sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X));
1908 		sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX));
1909 	} else {
1910 		/*
1911 		 * The offset of the link-layer payload is a constant,
1912 		 * so no code was generated to load the (non-existent)
1913 		 * variable part of that offset.
1914 		 *
1915 		 * This means we can use the 4*([k]&0xf) addressing
1916 		 * mode.  Load the length of the IPv4 header, which
1917 		 * is at an offset of cstate->off_nl from the beginning of
1918 		 * the link-layer payload, and thus at an offset of
1919 		 * cstate->off_linkpl.constant_part + cstate->off_nl from the beginning
1920 		 * of the raw packet data, using that addressing mode.
1921 		 */
1922 		s = new_stmt(cstate, BPF_LDX|BPF_MSH|BPF_B);
1923 		s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
1924 	}
1925 	return s;
1926 }
1927 
1928 
1929 static struct block *
1930 gen_uncond(compiler_state_t *cstate, int rsense)
1931 {
1932 	struct block *b;
1933 	struct slist *s;
1934 
1935 	s = new_stmt(cstate, BPF_LD|BPF_IMM);
1936 	s->s.k = !rsense;
1937 	b = new_block(cstate, JMP(BPF_JEQ));
1938 	b->stmts = s;
1939 
1940 	return b;
1941 }
1942 
1943 static inline struct block *
1944 gen_true(compiler_state_t *cstate)
1945 {
1946 	return gen_uncond(cstate, 1);
1947 }
1948 
1949 static inline struct block *
1950 gen_false(compiler_state_t *cstate)
1951 {
1952 	return gen_uncond(cstate, 0);
1953 }
1954 
1955 /*
1956  * Byte-swap a 32-bit number.
1957  * ("htonl()" or "ntohl()" won't work - we want to byte-swap even on
1958  * big-endian platforms.)
1959  */
1960 #define	SWAPLONG(y) \
1961 ((((y)&0xff)<<24) | (((y)&0xff00)<<8) | (((y)&0xff0000)>>8) | (((y)>>24)&0xff))
1962 
1963 /*
1964  * Generate code to match a particular packet type.
1965  *
1966  * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
1967  * value, if <= ETHERMTU.  We use that to determine whether to
1968  * match the type/length field or to check the type/length field for
1969  * a value <= ETHERMTU to see whether it's a type field and then do
1970  * the appropriate test.
1971  */
1972 static struct block *
1973 gen_ether_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
1974 {
1975 	struct block *b0, *b1;
1976 
1977 	switch (ll_proto) {
1978 
1979 	case LLCSAP_ISONS:
1980 	case LLCSAP_IP:
1981 	case LLCSAP_NETBEUI:
1982 		/*
1983 		 * OSI protocols and NetBEUI always use 802.2 encapsulation,
1984 		 * so we check the DSAP and SSAP.
1985 		 *
1986 		 * LLCSAP_IP checks for IP-over-802.2, rather
1987 		 * than IP-over-Ethernet or IP-over-SNAP.
1988 		 *
1989 		 * XXX - should we check both the DSAP and the
1990 		 * SSAP, like this, or should we check just the
1991 		 * DSAP, as we do for other types <= ETHERMTU
1992 		 * (i.e., other SAP values)?
1993 		 */
1994 		b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU);
1995 		gen_not(b0);
1996 		b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, (ll_proto << 8) | ll_proto);
1997 		gen_and(b0, b1);
1998 		return b1;
1999 
2000 	case LLCSAP_IPX:
2001 		/*
2002 		 * Check for;
2003 		 *
2004 		 *	Ethernet_II frames, which are Ethernet
2005 		 *	frames with a frame type of ETHERTYPE_IPX;
2006 		 *
2007 		 *	Ethernet_802.3 frames, which are 802.3
2008 		 *	frames (i.e., the type/length field is
2009 		 *	a length field, <= ETHERMTU, rather than
2010 		 *	a type field) with the first two bytes
2011 		 *	after the Ethernet/802.3 header being
2012 		 *	0xFFFF;
2013 		 *
2014 		 *	Ethernet_802.2 frames, which are 802.3
2015 		 *	frames with an 802.2 LLC header and
2016 		 *	with the IPX LSAP as the DSAP in the LLC
2017 		 *	header;
2018 		 *
2019 		 *	Ethernet_SNAP frames, which are 802.3
2020 		 *	frames with an LLC header and a SNAP
2021 		 *	header and with an OUI of 0x000000
2022 		 *	(encapsulated Ethernet) and a protocol
2023 		 *	ID of ETHERTYPE_IPX in the SNAP header.
2024 		 *
2025 		 * XXX - should we generate the same code both
2026 		 * for tests for LLCSAP_IPX and for ETHERTYPE_IPX?
2027 		 */
2028 
2029 		/*
2030 		 * This generates code to check both for the
2031 		 * IPX LSAP (Ethernet_802.2) and for Ethernet_802.3.
2032 		 */
2033 		b0 = gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX);
2034 		b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, 0xFFFF);
2035 		gen_or(b0, b1);
2036 
2037 		/*
2038 		 * Now we add code to check for SNAP frames with
2039 		 * ETHERTYPE_IPX, i.e. Ethernet_SNAP.
2040 		 */
2041 		b0 = gen_snap(cstate, 0x000000, ETHERTYPE_IPX);
2042 		gen_or(b0, b1);
2043 
2044 		/*
2045 		 * Now we generate code to check for 802.3
2046 		 * frames in general.
2047 		 */
2048 		b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU);
2049 		gen_not(b0);
2050 
2051 		/*
2052 		 * Now add the check for 802.3 frames before the
2053 		 * check for Ethernet_802.2 and Ethernet_802.3,
2054 		 * as those checks should only be done on 802.3
2055 		 * frames, not on Ethernet frames.
2056 		 */
2057 		gen_and(b0, b1);
2058 
2059 		/*
2060 		 * Now add the check for Ethernet_II frames, and
2061 		 * do that before checking for the other frame
2062 		 * types.
2063 		 */
2064 		b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ETHERTYPE_IPX);
2065 		gen_or(b0, b1);
2066 		return b1;
2067 
2068 	case ETHERTYPE_ATALK:
2069 	case ETHERTYPE_AARP:
2070 		/*
2071 		 * EtherTalk (AppleTalk protocols on Ethernet link
2072 		 * layer) may use 802.2 encapsulation.
2073 		 */
2074 
2075 		/*
2076 		 * Check for 802.2 encapsulation (EtherTalk phase 2?);
2077 		 * we check for an Ethernet type field less than
2078 		 * 1500, which means it's an 802.3 length field.
2079 		 */
2080 		b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU);
2081 		gen_not(b0);
2082 
2083 		/*
2084 		 * 802.2-encapsulated ETHERTYPE_ATALK packets are
2085 		 * SNAP packets with an organization code of
2086 		 * 0x080007 (Apple, for Appletalk) and a protocol
2087 		 * type of ETHERTYPE_ATALK (Appletalk).
2088 		 *
2089 		 * 802.2-encapsulated ETHERTYPE_AARP packets are
2090 		 * SNAP packets with an organization code of
2091 		 * 0x000000 (encapsulated Ethernet) and a protocol
2092 		 * type of ETHERTYPE_AARP (Appletalk ARP).
2093 		 */
2094 		if (ll_proto == ETHERTYPE_ATALK)
2095 			b1 = gen_snap(cstate, 0x080007, ETHERTYPE_ATALK);
2096 		else	/* ll_proto == ETHERTYPE_AARP */
2097 			b1 = gen_snap(cstate, 0x000000, ETHERTYPE_AARP);
2098 		gen_and(b0, b1);
2099 
2100 		/*
2101 		 * Check for Ethernet encapsulation (Ethertalk
2102 		 * phase 1?); we just check for the Ethernet
2103 		 * protocol type.
2104 		 */
2105 		b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
2106 
2107 		gen_or(b0, b1);
2108 		return b1;
2109 
2110 	default:
2111 		if (ll_proto <= ETHERMTU) {
2112 			/*
2113 			 * This is an LLC SAP value, so the frames
2114 			 * that match would be 802.2 frames.
2115 			 * Check that the frame is an 802.2 frame
2116 			 * (i.e., that the length/type field is
2117 			 * a length field, <= ETHERMTU) and
2118 			 * then check the DSAP.
2119 			 */
2120 			b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU);
2121 			gen_not(b0);
2122 			b1 = gen_cmp(cstate, OR_LINKTYPE, 2, BPF_B, ll_proto);
2123 			gen_and(b0, b1);
2124 			return b1;
2125 		} else {
2126 			/*
2127 			 * This is an Ethernet type, so compare
2128 			 * the length/type field with it (if
2129 			 * the frame is an 802.2 frame, the length
2130 			 * field will be <= ETHERMTU, and, as
2131 			 * "ll_proto" is > ETHERMTU, this test
2132 			 * will fail and the frame won't match,
2133 			 * which is what we want).
2134 			 */
2135 			return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
2136 		}
2137 	}
2138 }
2139 
2140 static struct block *
2141 gen_loopback_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
2142 {
2143 	/*
2144 	 * For DLT_NULL, the link-layer header is a 32-bit word
2145 	 * containing an AF_ value in *host* byte order, and for
2146 	 * DLT_ENC, the link-layer header begins with a 32-bit
2147 	 * word containing an AF_ value in host byte order.
2148 	 *
2149 	 * In addition, if we're reading a saved capture file,
2150 	 * the host byte order in the capture may not be the
2151 	 * same as the host byte order on this machine.
2152 	 *
2153 	 * For DLT_LOOP, the link-layer header is a 32-bit
2154 	 * word containing an AF_ value in *network* byte order.
2155 	 */
2156 	if (cstate->linktype == DLT_NULL || cstate->linktype == DLT_ENC) {
2157 		/*
2158 		 * The AF_ value is in host byte order, but the BPF
2159 		 * interpreter will convert it to network byte order.
2160 		 *
2161 		 * If this is a save file, and it's from a machine
2162 		 * with the opposite byte order to ours, we byte-swap
2163 		 * the AF_ value.
2164 		 *
2165 		 * Then we run it through "htonl()", and generate
2166 		 * code to compare against the result.
2167 		 */
2168 		if (cstate->bpf_pcap->rfile != NULL && cstate->bpf_pcap->swapped)
2169 			ll_proto = SWAPLONG(ll_proto);
2170 		ll_proto = htonl(ll_proto);
2171 	}
2172 	return (gen_cmp(cstate, OR_LINKHDR, 0, BPF_W, ll_proto));
2173 }
2174 
2175 /*
2176  * "proto" is an Ethernet type value and for IPNET, if it is not IPv4
2177  * or IPv6 then we have an error.
2178  */
2179 static struct block *
2180 gen_ipnet_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
2181 {
2182 	switch (ll_proto) {
2183 
2184 	case ETHERTYPE_IP:
2185 		return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, IPH_AF_INET);
2186 		/*NOTREACHED*/
2187 
2188 	case ETHERTYPE_IPV6:
2189 		return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B, IPH_AF_INET6);
2190 		/*NOTREACHED*/
2191 
2192 	default:
2193 		break;
2194 	}
2195 
2196 	return gen_false(cstate);
2197 }
2198 
2199 /*
2200  * Generate code to match a particular packet type.
2201  *
2202  * "ll_proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
2203  * value, if <= ETHERMTU.  We use that to determine whether to
2204  * match the type field or to check the type field for the special
2205  * LINUX_SLL_P_802_2 value and then do the appropriate test.
2206  */
2207 static struct block *
2208 gen_linux_sll_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
2209 {
2210 	struct block *b0, *b1;
2211 
2212 	switch (ll_proto) {
2213 
2214 	case LLCSAP_ISONS:
2215 	case LLCSAP_IP:
2216 	case LLCSAP_NETBEUI:
2217 		/*
2218 		 * OSI protocols and NetBEUI always use 802.2 encapsulation,
2219 		 * so we check the DSAP and SSAP.
2220 		 *
2221 		 * LLCSAP_IP checks for IP-over-802.2, rather
2222 		 * than IP-over-Ethernet or IP-over-SNAP.
2223 		 *
2224 		 * XXX - should we check both the DSAP and the
2225 		 * SSAP, like this, or should we check just the
2226 		 * DSAP, as we do for other types <= ETHERMTU
2227 		 * (i.e., other SAP values)?
2228 		 */
2229 		b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2);
2230 		b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, (ll_proto << 8) | ll_proto);
2231 		gen_and(b0, b1);
2232 		return b1;
2233 
2234 	case LLCSAP_IPX:
2235 		/*
2236 		 *	Ethernet_II frames, which are Ethernet
2237 		 *	frames with a frame type of ETHERTYPE_IPX;
2238 		 *
2239 		 *	Ethernet_802.3 frames, which have a frame
2240 		 *	type of LINUX_SLL_P_802_3;
2241 		 *
2242 		 *	Ethernet_802.2 frames, which are 802.3
2243 		 *	frames with an 802.2 LLC header (i.e, have
2244 		 *	a frame type of LINUX_SLL_P_802_2) and
2245 		 *	with the IPX LSAP as the DSAP in the LLC
2246 		 *	header;
2247 		 *
2248 		 *	Ethernet_SNAP frames, which are 802.3
2249 		 *	frames with an LLC header and a SNAP
2250 		 *	header and with an OUI of 0x000000
2251 		 *	(encapsulated Ethernet) and a protocol
2252 		 *	ID of ETHERTYPE_IPX in the SNAP header.
2253 		 *
2254 		 * First, do the checks on LINUX_SLL_P_802_2
2255 		 * frames; generate the check for either
2256 		 * Ethernet_802.2 or Ethernet_SNAP frames, and
2257 		 * then put a check for LINUX_SLL_P_802_2 frames
2258 		 * before it.
2259 		 */
2260 		b0 = gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX);
2261 		b1 = gen_snap(cstate, 0x000000, ETHERTYPE_IPX);
2262 		gen_or(b0, b1);
2263 		b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2);
2264 		gen_and(b0, b1);
2265 
2266 		/*
2267 		 * Now check for 802.3 frames and OR that with
2268 		 * the previous test.
2269 		 */
2270 		b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_3);
2271 		gen_or(b0, b1);
2272 
2273 		/*
2274 		 * Now add the check for Ethernet_II frames, and
2275 		 * do that before checking for the other frame
2276 		 * types.
2277 		 */
2278 		b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ETHERTYPE_IPX);
2279 		gen_or(b0, b1);
2280 		return b1;
2281 
2282 	case ETHERTYPE_ATALK:
2283 	case ETHERTYPE_AARP:
2284 		/*
2285 		 * EtherTalk (AppleTalk protocols on Ethernet link
2286 		 * layer) may use 802.2 encapsulation.
2287 		 */
2288 
2289 		/*
2290 		 * Check for 802.2 encapsulation (EtherTalk phase 2?);
2291 		 * we check for the 802.2 protocol type in the
2292 		 * "Ethernet type" field.
2293 		 */
2294 		b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2);
2295 
2296 		/*
2297 		 * 802.2-encapsulated ETHERTYPE_ATALK packets are
2298 		 * SNAP packets with an organization code of
2299 		 * 0x080007 (Apple, for Appletalk) and a protocol
2300 		 * type of ETHERTYPE_ATALK (Appletalk).
2301 		 *
2302 		 * 802.2-encapsulated ETHERTYPE_AARP packets are
2303 		 * SNAP packets with an organization code of
2304 		 * 0x000000 (encapsulated Ethernet) and a protocol
2305 		 * type of ETHERTYPE_AARP (Appletalk ARP).
2306 		 */
2307 		if (ll_proto == ETHERTYPE_ATALK)
2308 			b1 = gen_snap(cstate, 0x080007, ETHERTYPE_ATALK);
2309 		else	/* ll_proto == ETHERTYPE_AARP */
2310 			b1 = gen_snap(cstate, 0x000000, ETHERTYPE_AARP);
2311 		gen_and(b0, b1);
2312 
2313 		/*
2314 		 * Check for Ethernet encapsulation (Ethertalk
2315 		 * phase 1?); we just check for the Ethernet
2316 		 * protocol type.
2317 		 */
2318 		b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
2319 
2320 		gen_or(b0, b1);
2321 		return b1;
2322 
2323 	default:
2324 		if (ll_proto <= ETHERMTU) {
2325 			/*
2326 			 * This is an LLC SAP value, so the frames
2327 			 * that match would be 802.2 frames.
2328 			 * Check for the 802.2 protocol type
2329 			 * in the "Ethernet type" field, and
2330 			 * then check the DSAP.
2331 			 */
2332 			b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, LINUX_SLL_P_802_2);
2333 			b1 = gen_cmp(cstate, OR_LINKHDR, cstate->off_linkpl.constant_part, BPF_B,
2334 			     ll_proto);
2335 			gen_and(b0, b1);
2336 			return b1;
2337 		} else {
2338 			/*
2339 			 * This is an Ethernet type, so compare
2340 			 * the length/type field with it (if
2341 			 * the frame is an 802.2 frame, the length
2342 			 * field will be <= ETHERMTU, and, as
2343 			 * "ll_proto" is > ETHERMTU, this test
2344 			 * will fail and the frame won't match,
2345 			 * which is what we want).
2346 			 */
2347 			return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
2348 		}
2349 	}
2350 }
2351 
2352 static struct slist *
2353 gen_load_prism_llprefixlen(compiler_state_t *cstate)
2354 {
2355 	struct slist *s1, *s2;
2356 	struct slist *sjeq_avs_cookie;
2357 	struct slist *sjcommon;
2358 
2359 	/*
2360 	 * This code is not compatible with the optimizer, as
2361 	 * we are generating jmp instructions within a normal
2362 	 * slist of instructions
2363 	 */
2364 	cstate->no_optimize = 1;
2365 
2366 	/*
2367 	 * Generate code to load the length of the radio header into
2368 	 * the register assigned to hold that length, if one has been
2369 	 * assigned.  (If one hasn't been assigned, no code we've
2370 	 * generated uses that prefix, so we don't need to generate any
2371 	 * code to load it.)
2372 	 *
2373 	 * Some Linux drivers use ARPHRD_IEEE80211_PRISM but sometimes
2374 	 * or always use the AVS header rather than the Prism header.
2375 	 * We load a 4-byte big-endian value at the beginning of the
2376 	 * raw packet data, and see whether, when masked with 0xFFFFF000,
2377 	 * it's equal to 0x80211000.  If so, that indicates that it's
2378 	 * an AVS header (the masked-out bits are the version number).
2379 	 * Otherwise, it's a Prism header.
2380 	 *
2381 	 * XXX - the Prism header is also, in theory, variable-length,
2382 	 * but no known software generates headers that aren't 144
2383 	 * bytes long.
2384 	 */
2385 	if (cstate->off_linkhdr.reg != -1) {
2386 		/*
2387 		 * Load the cookie.
2388 		 */
2389 		s1 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS);
2390 		s1->s.k = 0;
2391 
2392 		/*
2393 		 * AND it with 0xFFFFF000.
2394 		 */
2395 		s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
2396 		s2->s.k = 0xFFFFF000;
2397 		sappend(s1, s2);
2398 
2399 		/*
2400 		 * Compare with 0x80211000.
2401 		 */
2402 		sjeq_avs_cookie = new_stmt(cstate, JMP(BPF_JEQ));
2403 		sjeq_avs_cookie->s.k = 0x80211000;
2404 		sappend(s1, sjeq_avs_cookie);
2405 
2406 		/*
2407 		 * If it's AVS:
2408 		 *
2409 		 * The 4 bytes at an offset of 4 from the beginning of
2410 		 * the AVS header are the length of the AVS header.
2411 		 * That field is big-endian.
2412 		 */
2413 		s2 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS);
2414 		s2->s.k = 4;
2415 		sappend(s1, s2);
2416 		sjeq_avs_cookie->s.jt = s2;
2417 
2418 		/*
2419 		 * Now jump to the code to allocate a register
2420 		 * into which to save the header length and
2421 		 * store the length there.  (The "jump always"
2422 		 * instruction needs to have the k field set;
2423 		 * it's added to the PC, so, as we're jumping
2424 		 * over a single instruction, it should be 1.)
2425 		 */
2426 		sjcommon = new_stmt(cstate, JMP(BPF_JA));
2427 		sjcommon->s.k = 1;
2428 		sappend(s1, sjcommon);
2429 
2430 		/*
2431 		 * Now for the code that handles the Prism header.
2432 		 * Just load the length of the Prism header (144)
2433 		 * into the A register.  Have the test for an AVS
2434 		 * header branch here if we don't have an AVS header.
2435 		 */
2436 		s2 = new_stmt(cstate, BPF_LD|BPF_W|BPF_IMM);
2437 		s2->s.k = 144;
2438 		sappend(s1, s2);
2439 		sjeq_avs_cookie->s.jf = s2;
2440 
2441 		/*
2442 		 * Now allocate a register to hold that value and store
2443 		 * it.  The code for the AVS header will jump here after
2444 		 * loading the length of the AVS header.
2445 		 */
2446 		s2 = new_stmt(cstate, BPF_ST);
2447 		s2->s.k = cstate->off_linkhdr.reg;
2448 		sappend(s1, s2);
2449 		sjcommon->s.jf = s2;
2450 
2451 		/*
2452 		 * Now move it into the X register.
2453 		 */
2454 		s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2455 		sappend(s1, s2);
2456 
2457 		return (s1);
2458 	} else
2459 		return (NULL);
2460 }
2461 
2462 static struct slist *
2463 gen_load_avs_llprefixlen(compiler_state_t *cstate)
2464 {
2465 	struct slist *s1, *s2;
2466 
2467 	/*
2468 	 * Generate code to load the length of the AVS header into
2469 	 * the register assigned to hold that length, if one has been
2470 	 * assigned.  (If one hasn't been assigned, no code we've
2471 	 * generated uses that prefix, so we don't need to generate any
2472 	 * code to load it.)
2473 	 */
2474 	if (cstate->off_linkhdr.reg != -1) {
2475 		/*
2476 		 * The 4 bytes at an offset of 4 from the beginning of
2477 		 * the AVS header are the length of the AVS header.
2478 		 * That field is big-endian.
2479 		 */
2480 		s1 = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS);
2481 		s1->s.k = 4;
2482 
2483 		/*
2484 		 * Now allocate a register to hold that value and store
2485 		 * it.
2486 		 */
2487 		s2 = new_stmt(cstate, BPF_ST);
2488 		s2->s.k = cstate->off_linkhdr.reg;
2489 		sappend(s1, s2);
2490 
2491 		/*
2492 		 * Now move it into the X register.
2493 		 */
2494 		s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2495 		sappend(s1, s2);
2496 
2497 		return (s1);
2498 	} else
2499 		return (NULL);
2500 }
2501 
2502 static struct slist *
2503 gen_load_radiotap_llprefixlen(compiler_state_t *cstate)
2504 {
2505 	struct slist *s1, *s2;
2506 
2507 	/*
2508 	 * Generate code to load the length of the radiotap header into
2509 	 * the register assigned to hold that length, if one has been
2510 	 * assigned.  (If one hasn't been assigned, no code we've
2511 	 * generated uses that prefix, so we don't need to generate any
2512 	 * code to load it.)
2513 	 */
2514 	if (cstate->off_linkhdr.reg != -1) {
2515 		/*
2516 		 * The 2 bytes at offsets of 2 and 3 from the beginning
2517 		 * of the radiotap header are the length of the radiotap
2518 		 * header; unfortunately, it's little-endian, so we have
2519 		 * to load it a byte at a time and construct the value.
2520 		 */
2521 
2522 		/*
2523 		 * Load the high-order byte, at an offset of 3, shift it
2524 		 * left a byte, and put the result in the X register.
2525 		 */
2526 		s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
2527 		s1->s.k = 3;
2528 		s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K);
2529 		sappend(s1, s2);
2530 		s2->s.k = 8;
2531 		s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2532 		sappend(s1, s2);
2533 
2534 		/*
2535 		 * Load the next byte, at an offset of 2, and OR the
2536 		 * value from the X register into it.
2537 		 */
2538 		s2 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
2539 		sappend(s1, s2);
2540 		s2->s.k = 2;
2541 		s2 = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_X);
2542 		sappend(s1, s2);
2543 
2544 		/*
2545 		 * Now allocate a register to hold that value and store
2546 		 * it.
2547 		 */
2548 		s2 = new_stmt(cstate, BPF_ST);
2549 		s2->s.k = cstate->off_linkhdr.reg;
2550 		sappend(s1, s2);
2551 
2552 		/*
2553 		 * Now move it into the X register.
2554 		 */
2555 		s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2556 		sappend(s1, s2);
2557 
2558 		return (s1);
2559 	} else
2560 		return (NULL);
2561 }
2562 
2563 /*
2564  * At the moment we treat PPI as normal Radiotap encoded
2565  * packets. The difference is in the function that generates
2566  * the code at the beginning to compute the header length.
2567  * Since this code generator of PPI supports bare 802.11
2568  * encapsulation only (i.e. the encapsulated DLT should be
2569  * DLT_IEEE802_11) we generate code to check for this too;
2570  * that's done in finish_parse().
2571  */
2572 static struct slist *
2573 gen_load_ppi_llprefixlen(compiler_state_t *cstate)
2574 {
2575 	struct slist *s1, *s2;
2576 
2577 	/*
2578 	 * Generate code to load the length of the radiotap header
2579 	 * into the register assigned to hold that length, if one has
2580 	 * been assigned.
2581 	 */
2582 	if (cstate->off_linkhdr.reg != -1) {
2583 		/*
2584 		 * The 2 bytes at offsets of 2 and 3 from the beginning
2585 		 * of the radiotap header are the length of the radiotap
2586 		 * header; unfortunately, it's little-endian, so we have
2587 		 * to load it a byte at a time and construct the value.
2588 		 */
2589 
2590 		/*
2591 		 * Load the high-order byte, at an offset of 3, shift it
2592 		 * left a byte, and put the result in the X register.
2593 		 */
2594 		s1 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
2595 		s1->s.k = 3;
2596 		s2 = new_stmt(cstate, BPF_ALU|BPF_LSH|BPF_K);
2597 		sappend(s1, s2);
2598 		s2->s.k = 8;
2599 		s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2600 		sappend(s1, s2);
2601 
2602 		/*
2603 		 * Load the next byte, at an offset of 2, and OR the
2604 		 * value from the X register into it.
2605 		 */
2606 		s2 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
2607 		sappend(s1, s2);
2608 		s2->s.k = 2;
2609 		s2 = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_X);
2610 		sappend(s1, s2);
2611 
2612 		/*
2613 		 * Now allocate a register to hold that value and store
2614 		 * it.
2615 		 */
2616 		s2 = new_stmt(cstate, BPF_ST);
2617 		s2->s.k = cstate->off_linkhdr.reg;
2618 		sappend(s1, s2);
2619 
2620 		/*
2621 		 * Now move it into the X register.
2622 		 */
2623 		s2 = new_stmt(cstate, BPF_MISC|BPF_TAX);
2624 		sappend(s1, s2);
2625 
2626 		return (s1);
2627 	} else
2628 		return (NULL);
2629 }
2630 
2631 /*
2632  * Load a value relative to the beginning of the link-layer header after the 802.11
2633  * header, i.e. LLC_SNAP.
2634  * The link-layer header doesn't necessarily begin at the beginning
2635  * of the packet data; there might be a variable-length prefix containing
2636  * radio information.
2637  */
2638 static struct slist *
2639 gen_load_802_11_header_len(compiler_state_t *cstate, struct slist *s, struct slist *snext)
2640 {
2641 	struct slist *s2;
2642 	struct slist *sjset_data_frame_1;
2643 	struct slist *sjset_data_frame_2;
2644 	struct slist *sjset_qos;
2645 	struct slist *sjset_radiotap_flags_present;
2646 	struct slist *sjset_radiotap_ext_present;
2647 	struct slist *sjset_radiotap_tsft_present;
2648 	struct slist *sjset_tsft_datapad, *sjset_notsft_datapad;
2649 	struct slist *s_roundup;
2650 
2651 	if (cstate->off_linkpl.reg == -1) {
2652 		/*
2653 		 * No register has been assigned to the offset of
2654 		 * the link-layer payload, which means nobody needs
2655 		 * it; don't bother computing it - just return
2656 		 * what we already have.
2657 		 */
2658 		return (s);
2659 	}
2660 
2661 	/*
2662 	 * This code is not compatible with the optimizer, as
2663 	 * we are generating jmp instructions within a normal
2664 	 * slist of instructions
2665 	 */
2666 	cstate->no_optimize = 1;
2667 
2668 	/*
2669 	 * If "s" is non-null, it has code to arrange that the X register
2670 	 * contains the length of the prefix preceding the link-layer
2671 	 * header.
2672 	 *
2673 	 * Otherwise, the length of the prefix preceding the link-layer
2674 	 * header is "off_outermostlinkhdr.constant_part".
2675 	 */
2676 	if (s == NULL) {
2677 		/*
2678 		 * There is no variable-length header preceding the
2679 		 * link-layer header.
2680 		 *
2681 		 * Load the length of the fixed-length prefix preceding
2682 		 * the link-layer header (if any) into the X register,
2683 		 * and store it in the cstate->off_linkpl.reg register.
2684 		 * That length is off_outermostlinkhdr.constant_part.
2685 		 */
2686 		s = new_stmt(cstate, BPF_LDX|BPF_IMM);
2687 		s->s.k = cstate->off_outermostlinkhdr.constant_part;
2688 	}
2689 
2690 	/*
2691 	 * The X register contains the offset of the beginning of the
2692 	 * link-layer header; add 24, which is the minimum length
2693 	 * of the MAC header for a data frame, to that, and store it
2694 	 * in cstate->off_linkpl.reg, and then load the Frame Control field,
2695 	 * which is at the offset in the X register, with an indexed load.
2696 	 */
2697 	s2 = new_stmt(cstate, BPF_MISC|BPF_TXA);
2698 	sappend(s, s2);
2699 	s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
2700 	s2->s.k = 24;
2701 	sappend(s, s2);
2702 	s2 = new_stmt(cstate, BPF_ST);
2703 	s2->s.k = cstate->off_linkpl.reg;
2704 	sappend(s, s2);
2705 
2706 	s2 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
2707 	s2->s.k = 0;
2708 	sappend(s, s2);
2709 
2710 	/*
2711 	 * Check the Frame Control field to see if this is a data frame;
2712 	 * a data frame has the 0x08 bit (b3) in that field set and the
2713 	 * 0x04 bit (b2) clear.
2714 	 */
2715 	sjset_data_frame_1 = new_stmt(cstate, JMP(BPF_JSET));
2716 	sjset_data_frame_1->s.k = 0x08;
2717 	sappend(s, sjset_data_frame_1);
2718 
2719 	/*
2720 	 * If b3 is set, test b2, otherwise go to the first statement of
2721 	 * the rest of the program.
2722 	 */
2723 	sjset_data_frame_1->s.jt = sjset_data_frame_2 = new_stmt(cstate, JMP(BPF_JSET));
2724 	sjset_data_frame_2->s.k = 0x04;
2725 	sappend(s, sjset_data_frame_2);
2726 	sjset_data_frame_1->s.jf = snext;
2727 
2728 	/*
2729 	 * If b2 is not set, this is a data frame; test the QoS bit.
2730 	 * Otherwise, go to the first statement of the rest of the
2731 	 * program.
2732 	 */
2733 	sjset_data_frame_2->s.jt = snext;
2734 	sjset_data_frame_2->s.jf = sjset_qos = new_stmt(cstate, JMP(BPF_JSET));
2735 	sjset_qos->s.k = 0x80;	/* QoS bit */
2736 	sappend(s, sjset_qos);
2737 
2738 	/*
2739 	 * If it's set, add 2 to cstate->off_linkpl.reg, to skip the QoS
2740 	 * field.
2741 	 * Otherwise, go to the first statement of the rest of the
2742 	 * program.
2743 	 */
2744 	sjset_qos->s.jt = s2 = new_stmt(cstate, BPF_LD|BPF_MEM);
2745 	s2->s.k = cstate->off_linkpl.reg;
2746 	sappend(s, s2);
2747 	s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM);
2748 	s2->s.k = 2;
2749 	sappend(s, s2);
2750 	s2 = new_stmt(cstate, BPF_ST);
2751 	s2->s.k = cstate->off_linkpl.reg;
2752 	sappend(s, s2);
2753 
2754 	/*
2755 	 * If we have a radiotap header, look at it to see whether
2756 	 * there's Atheros padding between the MAC-layer header
2757 	 * and the payload.
2758 	 *
2759 	 * Note: all of the fields in the radiotap header are
2760 	 * little-endian, so we byte-swap all of the values
2761 	 * we test against, as they will be loaded as big-endian
2762 	 * values.
2763 	 *
2764 	 * XXX - in the general case, we would have to scan through
2765 	 * *all* the presence bits, if there's more than one word of
2766 	 * presence bits.  That would require a loop, meaning that
2767 	 * we wouldn't be able to run the filter in the kernel.
2768 	 *
2769 	 * We assume here that the Atheros adapters that insert the
2770 	 * annoying padding don't have multiple antennae and therefore
2771 	 * do not generate radiotap headers with multiple presence words.
2772 	 */
2773 	if (cstate->linktype == DLT_IEEE802_11_RADIO) {
2774 		/*
2775 		 * Is the IEEE80211_RADIOTAP_FLAGS bit (0x0000002) set
2776 		 * in the first presence flag word?
2777 		 */
2778 		sjset_qos->s.jf = s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_W);
2779 		s2->s.k = 4;
2780 		sappend(s, s2);
2781 
2782 		sjset_radiotap_flags_present = new_stmt(cstate, JMP(BPF_JSET));
2783 		sjset_radiotap_flags_present->s.k = SWAPLONG(0x00000002);
2784 		sappend(s, sjset_radiotap_flags_present);
2785 
2786 		/*
2787 		 * If not, skip all of this.
2788 		 */
2789 		sjset_radiotap_flags_present->s.jf = snext;
2790 
2791 		/*
2792 		 * Otherwise, is the "extension" bit set in that word?
2793 		 */
2794 		sjset_radiotap_ext_present = new_stmt(cstate, JMP(BPF_JSET));
2795 		sjset_radiotap_ext_present->s.k = SWAPLONG(0x80000000);
2796 		sappend(s, sjset_radiotap_ext_present);
2797 		sjset_radiotap_flags_present->s.jt = sjset_radiotap_ext_present;
2798 
2799 		/*
2800 		 * If so, skip all of this.
2801 		 */
2802 		sjset_radiotap_ext_present->s.jt = snext;
2803 
2804 		/*
2805 		 * Otherwise, is the IEEE80211_RADIOTAP_TSFT bit set?
2806 		 */
2807 		sjset_radiotap_tsft_present = new_stmt(cstate, JMP(BPF_JSET));
2808 		sjset_radiotap_tsft_present->s.k = SWAPLONG(0x00000001);
2809 		sappend(s, sjset_radiotap_tsft_present);
2810 		sjset_radiotap_ext_present->s.jf = sjset_radiotap_tsft_present;
2811 
2812 		/*
2813 		 * If IEEE80211_RADIOTAP_TSFT is set, the flags field is
2814 		 * at an offset of 16 from the beginning of the raw packet
2815 		 * data (8 bytes for the radiotap header and 8 bytes for
2816 		 * the TSFT field).
2817 		 *
2818 		 * Test whether the IEEE80211_RADIOTAP_F_DATAPAD bit (0x20)
2819 		 * is set.
2820 		 */
2821 		s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B);
2822 		s2->s.k = 16;
2823 		sappend(s, s2);
2824 		sjset_radiotap_tsft_present->s.jt = s2;
2825 
2826 		sjset_tsft_datapad = new_stmt(cstate, JMP(BPF_JSET));
2827 		sjset_tsft_datapad->s.k = 0x20;
2828 		sappend(s, sjset_tsft_datapad);
2829 
2830 		/*
2831 		 * If IEEE80211_RADIOTAP_TSFT is not set, the flags field is
2832 		 * at an offset of 8 from the beginning of the raw packet
2833 		 * data (8 bytes for the radiotap header).
2834 		 *
2835 		 * Test whether the IEEE80211_RADIOTAP_F_DATAPAD bit (0x20)
2836 		 * is set.
2837 		 */
2838 		s2 = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B);
2839 		s2->s.k = 8;
2840 		sappend(s, s2);
2841 		sjset_radiotap_tsft_present->s.jf = s2;
2842 
2843 		sjset_notsft_datapad = new_stmt(cstate, JMP(BPF_JSET));
2844 		sjset_notsft_datapad->s.k = 0x20;
2845 		sappend(s, sjset_notsft_datapad);
2846 
2847 		/*
2848 		 * In either case, if IEEE80211_RADIOTAP_F_DATAPAD is
2849 		 * set, round the length of the 802.11 header to
2850 		 * a multiple of 4.  Do that by adding 3 and then
2851 		 * dividing by and multiplying by 4, which we do by
2852 		 * ANDing with ~3.
2853 		 */
2854 		s_roundup = new_stmt(cstate, BPF_LD|BPF_MEM);
2855 		s_roundup->s.k = cstate->off_linkpl.reg;
2856 		sappend(s, s_roundup);
2857 		s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM);
2858 		s2->s.k = 3;
2859 		sappend(s, s2);
2860 		s2 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_IMM);
2861 		s2->s.k = (bpf_u_int32)~3;
2862 		sappend(s, s2);
2863 		s2 = new_stmt(cstate, BPF_ST);
2864 		s2->s.k = cstate->off_linkpl.reg;
2865 		sappend(s, s2);
2866 
2867 		sjset_tsft_datapad->s.jt = s_roundup;
2868 		sjset_tsft_datapad->s.jf = snext;
2869 		sjset_notsft_datapad->s.jt = s_roundup;
2870 		sjset_notsft_datapad->s.jf = snext;
2871 	} else
2872 		sjset_qos->s.jf = snext;
2873 
2874 	return s;
2875 }
2876 
2877 static void
2878 insert_compute_vloffsets(compiler_state_t *cstate, struct block *b)
2879 {
2880 	struct slist *s;
2881 
2882 	/* There is an implicit dependency between the link
2883 	 * payload and link header since the payload computation
2884 	 * includes the variable part of the header. Therefore,
2885 	 * if nobody else has allocated a register for the link
2886 	 * header and we need it, do it now. */
2887 	if (cstate->off_linkpl.reg != -1 && cstate->off_linkhdr.is_variable &&
2888 	    cstate->off_linkhdr.reg == -1)
2889 		cstate->off_linkhdr.reg = alloc_reg(cstate);
2890 
2891 	/*
2892 	 * For link-layer types that have a variable-length header
2893 	 * preceding the link-layer header, generate code to load
2894 	 * the offset of the link-layer header into the register
2895 	 * assigned to that offset, if any.
2896 	 *
2897 	 * XXX - this, and the next switch statement, won't handle
2898 	 * encapsulation of 802.11 or 802.11+radio information in
2899 	 * some other protocol stack.  That's significantly more
2900 	 * complicated.
2901 	 */
2902 	switch (cstate->outermostlinktype) {
2903 
2904 	case DLT_PRISM_HEADER:
2905 		s = gen_load_prism_llprefixlen(cstate);
2906 		break;
2907 
2908 	case DLT_IEEE802_11_RADIO_AVS:
2909 		s = gen_load_avs_llprefixlen(cstate);
2910 		break;
2911 
2912 	case DLT_IEEE802_11_RADIO:
2913 		s = gen_load_radiotap_llprefixlen(cstate);
2914 		break;
2915 
2916 	case DLT_PPI:
2917 		s = gen_load_ppi_llprefixlen(cstate);
2918 		break;
2919 
2920 	default:
2921 		s = NULL;
2922 		break;
2923 	}
2924 
2925 	/*
2926 	 * For link-layer types that have a variable-length link-layer
2927 	 * header, generate code to load the offset of the link-layer
2928 	 * payload into the register assigned to that offset, if any.
2929 	 */
2930 	switch (cstate->outermostlinktype) {
2931 
2932 	case DLT_IEEE802_11:
2933 	case DLT_PRISM_HEADER:
2934 	case DLT_IEEE802_11_RADIO_AVS:
2935 	case DLT_IEEE802_11_RADIO:
2936 	case DLT_PPI:
2937 		s = gen_load_802_11_header_len(cstate, s, b->stmts);
2938 		break;
2939 	}
2940 
2941 	/*
2942 	 * If there is no initialization yet and we need variable
2943 	 * length offsets for VLAN, initialize them to zero
2944 	 */
2945 	if (s == NULL && cstate->is_vlan_vloffset) {
2946 		struct slist *s2;
2947 
2948 		if (cstate->off_linkpl.reg == -1)
2949 			cstate->off_linkpl.reg = alloc_reg(cstate);
2950 		if (cstate->off_linktype.reg == -1)
2951 			cstate->off_linktype.reg = alloc_reg(cstate);
2952 
2953 		s = new_stmt(cstate, BPF_LD|BPF_W|BPF_IMM);
2954 		s->s.k = 0;
2955 		s2 = new_stmt(cstate, BPF_ST);
2956 		s2->s.k = cstate->off_linkpl.reg;
2957 		sappend(s, s2);
2958 		s2 = new_stmt(cstate, BPF_ST);
2959 		s2->s.k = cstate->off_linktype.reg;
2960 		sappend(s, s2);
2961 	}
2962 
2963 	/*
2964 	 * If we have any offset-loading code, append all the
2965 	 * existing statements in the block to those statements,
2966 	 * and make the resulting list the list of statements
2967 	 * for the block.
2968 	 */
2969 	if (s != NULL) {
2970 		sappend(s, b->stmts);
2971 		b->stmts = s;
2972 	}
2973 }
2974 
2975 static struct block *
2976 gen_ppi_dlt_check(compiler_state_t *cstate)
2977 {
2978 	struct slist *s_load_dlt;
2979 	struct block *b;
2980 
2981 	if (cstate->linktype == DLT_PPI)
2982 	{
2983 		/* Create the statements that check for the DLT
2984 		 */
2985 		s_load_dlt = new_stmt(cstate, BPF_LD|BPF_W|BPF_ABS);
2986 		s_load_dlt->s.k = 4;
2987 
2988 		b = new_block(cstate, JMP(BPF_JEQ));
2989 
2990 		b->stmts = s_load_dlt;
2991 		b->s.k = SWAPLONG(DLT_IEEE802_11);
2992 	}
2993 	else
2994 	{
2995 		b = NULL;
2996 	}
2997 
2998 	return b;
2999 }
3000 
3001 /*
3002  * Take an absolute offset, and:
3003  *
3004  *    if it has no variable part, return NULL;
3005  *
3006  *    if it has a variable part, generate code to load the register
3007  *    containing that variable part into the X register, returning
3008  *    a pointer to that code - if no register for that offset has
3009  *    been allocated, allocate it first.
3010  *
3011  * (The code to set that register will be generated later, but will
3012  * be placed earlier in the code sequence.)
3013  */
3014 static struct slist *
3015 gen_abs_offset_varpart(compiler_state_t *cstate, bpf_abs_offset *off)
3016 {
3017 	struct slist *s;
3018 
3019 	if (off->is_variable) {
3020 		if (off->reg == -1) {
3021 			/*
3022 			 * We haven't yet assigned a register for the
3023 			 * variable part of the offset of the link-layer
3024 			 * header; allocate one.
3025 			 */
3026 			off->reg = alloc_reg(cstate);
3027 		}
3028 
3029 		/*
3030 		 * Load the register containing the variable part of the
3031 		 * offset of the link-layer header into the X register.
3032 		 */
3033 		s = new_stmt(cstate, BPF_LDX|BPF_MEM);
3034 		s->s.k = off->reg;
3035 		return s;
3036 	} else {
3037 		/*
3038 		 * That offset isn't variable, there's no variable part,
3039 		 * so we don't need to generate any code.
3040 		 */
3041 		return NULL;
3042 	}
3043 }
3044 
3045 /*
3046  * Map an Ethernet type to the equivalent PPP type.
3047  */
3048 static bpf_u_int32
3049 ethertype_to_ppptype(bpf_u_int32 ll_proto)
3050 {
3051 	switch (ll_proto) {
3052 
3053 	case ETHERTYPE_IP:
3054 		ll_proto = PPP_IP;
3055 		break;
3056 
3057 	case ETHERTYPE_IPV6:
3058 		ll_proto = PPP_IPV6;
3059 		break;
3060 
3061 	case ETHERTYPE_DN:
3062 		ll_proto = PPP_DECNET;
3063 		break;
3064 
3065 	case ETHERTYPE_ATALK:
3066 		ll_proto = PPP_APPLE;
3067 		break;
3068 
3069 	case ETHERTYPE_NS:
3070 		ll_proto = PPP_NS;
3071 		break;
3072 
3073 	case LLCSAP_ISONS:
3074 		ll_proto = PPP_OSI;
3075 		break;
3076 
3077 	case LLCSAP_8021D:
3078 		/*
3079 		 * I'm assuming the "Bridging PDU"s that go
3080 		 * over PPP are Spanning Tree Protocol
3081 		 * Bridging PDUs.
3082 		 */
3083 		ll_proto = PPP_BRPDU;
3084 		break;
3085 
3086 	case LLCSAP_IPX:
3087 		ll_proto = PPP_IPX;
3088 		break;
3089 	}
3090 	return (ll_proto);
3091 }
3092 
3093 /*
3094  * Generate any tests that, for encapsulation of a link-layer packet
3095  * inside another protocol stack, need to be done to check for those
3096  * link-layer packets (and that haven't already been done by a check
3097  * for that encapsulation).
3098  */
3099 static struct block *
3100 gen_prevlinkhdr_check(compiler_state_t *cstate)
3101 {
3102 	struct block *b0;
3103 
3104 	if (cstate->is_geneve)
3105 		return gen_geneve_ll_check(cstate);
3106 
3107 	switch (cstate->prevlinktype) {
3108 
3109 	case DLT_SUNATM:
3110 		/*
3111 		 * This is LANE-encapsulated Ethernet; check that the LANE
3112 		 * packet doesn't begin with an LE Control marker, i.e.
3113 		 * that it's data, not a control message.
3114 		 *
3115 		 * (We've already generated a test for LANE.)
3116 		 */
3117 		b0 = gen_cmp(cstate, OR_PREVLINKHDR, SUNATM_PKT_BEGIN_POS, BPF_H, 0xFF00);
3118 		gen_not(b0);
3119 		return b0;
3120 
3121 	default:
3122 		/*
3123 		 * No such tests are necessary.
3124 		 */
3125 		return NULL;
3126 	}
3127 	/*NOTREACHED*/
3128 }
3129 
3130 /*
3131  * The three different values we should check for when checking for an
3132  * IPv6 packet with DLT_NULL.
3133  */
3134 #define BSD_AFNUM_INET6_BSD	24	/* NetBSD, OpenBSD, BSD/OS, Npcap */
3135 #define BSD_AFNUM_INET6_FREEBSD	28	/* FreeBSD */
3136 #define BSD_AFNUM_INET6_DARWIN	30	/* macOS, iOS, other Darwin-based OSes */
3137 
3138 /*
3139  * Generate code to match a particular packet type by matching the
3140  * link-layer type field or fields in the 802.2 LLC header.
3141  *
3142  * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
3143  * value, if <= ETHERMTU.
3144  */
3145 static struct block *
3146 gen_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
3147 {
3148 	struct block *b0, *b1, *b2;
3149 	const char *description;
3150 
3151 	/* are we checking MPLS-encapsulated packets? */
3152 	if (cstate->label_stack_depth > 0)
3153 		return gen_mpls_linktype(cstate, ll_proto);
3154 
3155 	switch (cstate->linktype) {
3156 
3157 	case DLT_EN10MB:
3158 	case DLT_NETANALYZER:
3159 	case DLT_NETANALYZER_TRANSPARENT:
3160 		/* Geneve has an EtherType regardless of whether there is an
3161 		 * L2 header. */
3162 		if (!cstate->is_geneve)
3163 			b0 = gen_prevlinkhdr_check(cstate);
3164 		else
3165 			b0 = NULL;
3166 
3167 		b1 = gen_ether_linktype(cstate, ll_proto);
3168 		if (b0 != NULL)
3169 			gen_and(b0, b1);
3170 		return b1;
3171 		/*NOTREACHED*/
3172 
3173 	case DLT_C_HDLC:
3174 		switch (ll_proto) {
3175 
3176 		case LLCSAP_ISONS:
3177 			ll_proto = (ll_proto << 8 | LLCSAP_ISONS);
3178 			/* fall through */
3179 
3180 		default:
3181 			return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
3182 			/*NOTREACHED*/
3183 		}
3184 
3185 	case DLT_IEEE802_11:
3186 	case DLT_PRISM_HEADER:
3187 	case DLT_IEEE802_11_RADIO_AVS:
3188 	case DLT_IEEE802_11_RADIO:
3189 	case DLT_PPI:
3190 		/*
3191 		 * Check that we have a data frame.
3192 		 */
3193 		b0 = gen_check_802_11_data_frame(cstate);
3194 
3195 		/*
3196 		 * Now check for the specified link-layer type.
3197 		 */
3198 		b1 = gen_llc_linktype(cstate, ll_proto);
3199 		gen_and(b0, b1);
3200 		return b1;
3201 		/*NOTREACHED*/
3202 
3203 	case DLT_FDDI:
3204 		/*
3205 		 * XXX - check for LLC frames.
3206 		 */
3207 		return gen_llc_linktype(cstate, ll_proto);
3208 		/*NOTREACHED*/
3209 
3210 	case DLT_IEEE802:
3211 		/*
3212 		 * XXX - check for LLC PDUs, as per IEEE 802.5.
3213 		 */
3214 		return gen_llc_linktype(cstate, ll_proto);
3215 		/*NOTREACHED*/
3216 
3217 	case DLT_ATM_RFC1483:
3218 	case DLT_ATM_CLIP:
3219 	case DLT_IP_OVER_FC:
3220 		return gen_llc_linktype(cstate, ll_proto);
3221 		/*NOTREACHED*/
3222 
3223 	case DLT_SUNATM:
3224 		/*
3225 		 * Check for an LLC-encapsulated version of this protocol;
3226 		 * if we were checking for LANE, linktype would no longer
3227 		 * be DLT_SUNATM.
3228 		 *
3229 		 * Check for LLC encapsulation and then check the protocol.
3230 		 */
3231 		b0 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
3232 		b1 = gen_llc_linktype(cstate, ll_proto);
3233 		gen_and(b0, b1);
3234 		return b1;
3235 		/*NOTREACHED*/
3236 
3237 	case DLT_LINUX_SLL:
3238 		return gen_linux_sll_linktype(cstate, ll_proto);
3239 		/*NOTREACHED*/
3240 
3241 	case DLT_SLIP:
3242 	case DLT_SLIP_BSDOS:
3243 	case DLT_RAW:
3244 		/*
3245 		 * These types don't provide any type field; packets
3246 		 * are always IPv4 or IPv6.
3247 		 *
3248 		 * XXX - for IPv4, check for a version number of 4, and,
3249 		 * for IPv6, check for a version number of 6?
3250 		 */
3251 		switch (ll_proto) {
3252 
3253 		case ETHERTYPE_IP:
3254 			/* Check for a version number of 4. */
3255 			return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, 0x40, 0xF0);
3256 
3257 		case ETHERTYPE_IPV6:
3258 			/* Check for a version number of 6. */
3259 			return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, 0x60, 0xF0);
3260 
3261 		default:
3262 			return gen_false(cstate);	/* always false */
3263 		}
3264 		/*NOTREACHED*/
3265 
3266 	case DLT_IPV4:
3267 		/*
3268 		 * Raw IPv4, so no type field.
3269 		 */
3270 		if (ll_proto == ETHERTYPE_IP)
3271 			return gen_true(cstate);	/* always true */
3272 
3273 		/* Checking for something other than IPv4; always false */
3274 		return gen_false(cstate);
3275 		/*NOTREACHED*/
3276 
3277 	case DLT_IPV6:
3278 		/*
3279 		 * Raw IPv6, so no type field.
3280 		 */
3281 		if (ll_proto == ETHERTYPE_IPV6)
3282 			return gen_true(cstate);	/* always true */
3283 
3284 		/* Checking for something other than IPv6; always false */
3285 		return gen_false(cstate);
3286 		/*NOTREACHED*/
3287 
3288 	case DLT_PPP:
3289 	case DLT_PPP_PPPD:
3290 	case DLT_PPP_SERIAL:
3291 	case DLT_PPP_ETHER:
3292 		/*
3293 		 * We use Ethernet protocol types inside libpcap;
3294 		 * map them to the corresponding PPP protocol types.
3295 		 */
3296 		return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H,
3297 		    ethertype_to_ppptype(ll_proto));
3298 		/*NOTREACHED*/
3299 
3300 	case DLT_PPP_BSDOS:
3301 		/*
3302 		 * We use Ethernet protocol types inside libpcap;
3303 		 * map them to the corresponding PPP protocol types.
3304 		 */
3305 		switch (ll_proto) {
3306 
3307 		case ETHERTYPE_IP:
3308 			/*
3309 			 * Also check for Van Jacobson-compressed IP.
3310 			 * XXX - do this for other forms of PPP?
3311 			 */
3312 			b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_IP);
3313 			b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_VJC);
3314 			gen_or(b0, b1);
3315 			b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, PPP_VJNC);
3316 			gen_or(b1, b0);
3317 			return b0;
3318 
3319 		default:
3320 			return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H,
3321 			    ethertype_to_ppptype(ll_proto));
3322 		}
3323 		/*NOTREACHED*/
3324 
3325 	case DLT_NULL:
3326 	case DLT_LOOP:
3327 	case DLT_ENC:
3328 		switch (ll_proto) {
3329 
3330 		case ETHERTYPE_IP:
3331 			return (gen_loopback_linktype(cstate, AF_INET));
3332 
3333 		case ETHERTYPE_IPV6:
3334 			/*
3335 			 * AF_ values may, unfortunately, be platform-
3336 			 * dependent; AF_INET isn't, because everybody
3337 			 * used 4.2BSD's value, but AF_INET6 is, because
3338 			 * 4.2BSD didn't have a value for it (given that
3339 			 * IPv6 didn't exist back in the early 1980's),
3340 			 * and they all picked their own values.
3341 			 *
3342 			 * This means that, if we're reading from a
3343 			 * savefile, we need to check for all the
3344 			 * possible values.
3345 			 *
3346 			 * If we're doing a live capture, we only need
3347 			 * to check for this platform's value; however,
3348 			 * Npcap uses 24, which isn't Windows's AF_INET6
3349 			 * value.  (Given the multiple different values,
3350 			 * programs that read pcap files shouldn't be
3351 			 * checking for their platform's AF_INET6 value
3352 			 * anyway, they should check for all of the
3353 			 * possible values. and they might as well do
3354 			 * that even for live captures.)
3355 			 */
3356 			if (cstate->bpf_pcap->rfile != NULL) {
3357 				/*
3358 				 * Savefile - check for all three
3359 				 * possible IPv6 values.
3360 				 */
3361 				b0 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_BSD);
3362 				b1 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_FREEBSD);
3363 				gen_or(b0, b1);
3364 				b0 = gen_loopback_linktype(cstate, BSD_AFNUM_INET6_DARWIN);
3365 				gen_or(b0, b1);
3366 				return (b1);
3367 			} else {
3368 				/*
3369 				 * Live capture, so we only need to
3370 				 * check for the value used on this
3371 				 * platform.
3372 				 */
3373 #ifdef _WIN32
3374 				/*
3375 				 * Npcap doesn't use Windows's AF_INET6,
3376 				 * as that collides with AF_IPX on
3377 				 * some BSDs (both have the value 23).
3378 				 * Instead, it uses 24.
3379 				 */
3380 				return (gen_loopback_linktype(cstate, 24));
3381 #else /* _WIN32 */
3382 #ifdef AF_INET6
3383 				return (gen_loopback_linktype(cstate, AF_INET6));
3384 #else /* AF_INET6 */
3385 				/*
3386 				 * I guess this platform doesn't support
3387 				 * IPv6, so we just reject all packets.
3388 				 */
3389 				return gen_false(cstate);
3390 #endif /* AF_INET6 */
3391 #endif /* _WIN32 */
3392 			}
3393 
3394 		default:
3395 			/*
3396 			 * Not a type on which we support filtering.
3397 			 * XXX - support those that have AF_ values
3398 			 * #defined on this platform, at least?
3399 			 */
3400 			return gen_false(cstate);
3401 		}
3402 
3403 #ifdef HAVE_NET_PFVAR_H
3404 	case DLT_PFLOG:
3405 		/*
3406 		 * af field is host byte order in contrast to the rest of
3407 		 * the packet.
3408 		 */
3409 		if (ll_proto == ETHERTYPE_IP)
3410 			return (gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, af),
3411 			    BPF_B, AF_INET));
3412 		else if (ll_proto == ETHERTYPE_IPV6)
3413 			return (gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, af),
3414 			    BPF_B, AF_INET6));
3415 		else
3416 			return gen_false(cstate);
3417 		/*NOTREACHED*/
3418 #endif /* HAVE_NET_PFVAR_H */
3419 
3420 	case DLT_ARCNET:
3421 	case DLT_ARCNET_LINUX:
3422 		/*
3423 		 * XXX should we check for first fragment if the protocol
3424 		 * uses PHDS?
3425 		 */
3426 		switch (ll_proto) {
3427 
3428 		default:
3429 			return gen_false(cstate);
3430 
3431 		case ETHERTYPE_IPV6:
3432 			return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3433 				ARCTYPE_INET6));
3434 
3435 		case ETHERTYPE_IP:
3436 			b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3437 			    ARCTYPE_IP);
3438 			b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3439 			    ARCTYPE_IP_OLD);
3440 			gen_or(b0, b1);
3441 			return (b1);
3442 
3443 		case ETHERTYPE_ARP:
3444 			b0 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3445 			    ARCTYPE_ARP);
3446 			b1 = gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3447 			    ARCTYPE_ARP_OLD);
3448 			gen_or(b0, b1);
3449 			return (b1);
3450 
3451 		case ETHERTYPE_REVARP:
3452 			return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3453 			    ARCTYPE_REVARP));
3454 
3455 		case ETHERTYPE_ATALK:
3456 			return (gen_cmp(cstate, OR_LINKTYPE, 0, BPF_B,
3457 			    ARCTYPE_ATALK));
3458 		}
3459 		/*NOTREACHED*/
3460 
3461 	case DLT_LTALK:
3462 		switch (ll_proto) {
3463 		case ETHERTYPE_ATALK:
3464 			return gen_true(cstate);
3465 		default:
3466 			return gen_false(cstate);
3467 		}
3468 		/*NOTREACHED*/
3469 
3470 	case DLT_FRELAY:
3471 		/*
3472 		 * XXX - assumes a 2-byte Frame Relay header with
3473 		 * DLCI and flags.  What if the address is longer?
3474 		 */
3475 		switch (ll_proto) {
3476 
3477 		case ETHERTYPE_IP:
3478 			/*
3479 			 * Check for the special NLPID for IP.
3480 			 */
3481 			return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | 0xcc);
3482 
3483 		case ETHERTYPE_IPV6:
3484 			/*
3485 			 * Check for the special NLPID for IPv6.
3486 			 */
3487 			return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | 0x8e);
3488 
3489 		case LLCSAP_ISONS:
3490 			/*
3491 			 * Check for several OSI protocols.
3492 			 *
3493 			 * Frame Relay packets typically have an OSI
3494 			 * NLPID at the beginning; we check for each
3495 			 * of them.
3496 			 *
3497 			 * What we check for is the NLPID and a frame
3498 			 * control field of UI, i.e. 0x03 followed
3499 			 * by the NLPID.
3500 			 */
3501 			b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO8473_CLNP);
3502 			b1 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO9542_ESIS);
3503 			b2 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | ISO10589_ISIS);
3504 			gen_or(b1, b2);
3505 			gen_or(b0, b2);
3506 			return b2;
3507 
3508 		default:
3509 			return gen_false(cstate);
3510 		}
3511 		/*NOTREACHED*/
3512 
3513 	case DLT_MFR:
3514 		bpf_error(cstate, "Multi-link Frame Relay link-layer type filtering not implemented");
3515 
3516         case DLT_JUNIPER_MFR:
3517         case DLT_JUNIPER_MLFR:
3518         case DLT_JUNIPER_MLPPP:
3519 	case DLT_JUNIPER_ATM1:
3520 	case DLT_JUNIPER_ATM2:
3521 	case DLT_JUNIPER_PPPOE:
3522 	case DLT_JUNIPER_PPPOE_ATM:
3523         case DLT_JUNIPER_GGSN:
3524         case DLT_JUNIPER_ES:
3525         case DLT_JUNIPER_MONITOR:
3526         case DLT_JUNIPER_SERVICES:
3527         case DLT_JUNIPER_ETHER:
3528         case DLT_JUNIPER_PPP:
3529         case DLT_JUNIPER_FRELAY:
3530         case DLT_JUNIPER_CHDLC:
3531         case DLT_JUNIPER_VP:
3532         case DLT_JUNIPER_ST:
3533         case DLT_JUNIPER_ISM:
3534         case DLT_JUNIPER_VS:
3535         case DLT_JUNIPER_SRX_E2E:
3536         case DLT_JUNIPER_FIBRECHANNEL:
3537 	case DLT_JUNIPER_ATM_CEMIC:
3538 
3539 		/* just lets verify the magic number for now -
3540 		 * on ATM we may have up to 6 different encapsulations on the wire
3541 		 * and need a lot of heuristics to figure out that the payload
3542 		 * might be;
3543 		 *
3544 		 * FIXME encapsulation specific BPF_ filters
3545 		 */
3546 		return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
3547 
3548 	case DLT_BACNET_MS_TP:
3549 		return gen_mcmp(cstate, OR_LINKHDR, 0, BPF_W, 0x55FF0000, 0xffff0000);
3550 
3551 	case DLT_IPNET:
3552 		return gen_ipnet_linktype(cstate, ll_proto);
3553 
3554 	case DLT_LINUX_IRDA:
3555 		bpf_error(cstate, "IrDA link-layer type filtering not implemented");
3556 
3557 	case DLT_DOCSIS:
3558 		bpf_error(cstate, "DOCSIS link-layer type filtering not implemented");
3559 
3560 	case DLT_MTP2:
3561 	case DLT_MTP2_WITH_PHDR:
3562 		bpf_error(cstate, "MTP2 link-layer type filtering not implemented");
3563 
3564 	case DLT_ERF:
3565 		bpf_error(cstate, "ERF link-layer type filtering not implemented");
3566 
3567 	case DLT_PFSYNC:
3568 		bpf_error(cstate, "PFSYNC link-layer type filtering not implemented");
3569 
3570 	case DLT_LINUX_LAPD:
3571 		bpf_error(cstate, "LAPD link-layer type filtering not implemented");
3572 
3573 	case DLT_USB_FREEBSD:
3574 	case DLT_USB_LINUX:
3575 	case DLT_USB_LINUX_MMAPPED:
3576 	case DLT_USBPCAP:
3577 		bpf_error(cstate, "USB link-layer type filtering not implemented");
3578 
3579 	case DLT_BLUETOOTH_HCI_H4:
3580 	case DLT_BLUETOOTH_HCI_H4_WITH_PHDR:
3581 		bpf_error(cstate, "Bluetooth link-layer type filtering not implemented");
3582 
3583 	case DLT_CAN20B:
3584 	case DLT_CAN_SOCKETCAN:
3585 		bpf_error(cstate, "CAN link-layer type filtering not implemented");
3586 
3587 	case DLT_IEEE802_15_4:
3588 	case DLT_IEEE802_15_4_LINUX:
3589 	case DLT_IEEE802_15_4_NONASK_PHY:
3590 	case DLT_IEEE802_15_4_NOFCS:
3591 	case DLT_IEEE802_15_4_TAP:
3592 		bpf_error(cstate, "IEEE 802.15.4 link-layer type filtering not implemented");
3593 
3594 	case DLT_IEEE802_16_MAC_CPS_RADIO:
3595 		bpf_error(cstate, "IEEE 802.16 link-layer type filtering not implemented");
3596 
3597 	case DLT_SITA:
3598 		bpf_error(cstate, "SITA link-layer type filtering not implemented");
3599 
3600 	case DLT_RAIF1:
3601 		bpf_error(cstate, "RAIF1 link-layer type filtering not implemented");
3602 
3603 	case DLT_IPMB_KONTRON:
3604 	case DLT_IPMB_LINUX:
3605 		bpf_error(cstate, "IPMB link-layer type filtering not implemented");
3606 
3607 	case DLT_AX25_KISS:
3608 		bpf_error(cstate, "AX.25 link-layer type filtering not implemented");
3609 
3610 	case DLT_NFLOG:
3611 		/* Using the fixed-size NFLOG header it is possible to tell only
3612 		 * the address family of the packet, other meaningful data is
3613 		 * either missing or behind TLVs.
3614 		 */
3615 		bpf_error(cstate, "NFLOG link-layer type filtering not implemented");
3616 
3617 	default:
3618 		/*
3619 		 * Does this link-layer header type have a field
3620 		 * indicating the type of the next protocol?  If
3621 		 * so, off_linktype.constant_part will be the offset of that
3622 		 * field in the packet; if not, it will be OFFSET_NOT_SET.
3623 		 */
3624 		if (cstate->off_linktype.constant_part != OFFSET_NOT_SET) {
3625 			/*
3626 			 * Yes; assume it's an Ethernet type.  (If
3627 			 * it's not, it needs to be handled specially
3628 			 * above.)
3629 			 */
3630 			return gen_cmp(cstate, OR_LINKTYPE, 0, BPF_H, ll_proto);
3631 			/*NOTREACHED */
3632 		} else {
3633 			/*
3634 			 * No; report an error.
3635 			 */
3636 			description = pcap_datalink_val_to_description_or_dlt(cstate->linktype);
3637 			bpf_error(cstate, "%s link-layer type filtering not implemented",
3638 			    description);
3639 			/*NOTREACHED */
3640 		}
3641 	}
3642 }
3643 
3644 /*
3645  * Check for an LLC SNAP packet with a given organization code and
3646  * protocol type; we check the entire contents of the 802.2 LLC and
3647  * snap headers, checking for DSAP and SSAP of SNAP and a control
3648  * field of 0x03 in the LLC header, and for the specified organization
3649  * code and protocol type in the SNAP header.
3650  */
3651 static struct block *
3652 gen_snap(compiler_state_t *cstate, bpf_u_int32 orgcode, bpf_u_int32 ptype)
3653 {
3654 	u_char snapblock[8];
3655 
3656 	snapblock[0] = LLCSAP_SNAP;		/* DSAP = SNAP */
3657 	snapblock[1] = LLCSAP_SNAP;		/* SSAP = SNAP */
3658 	snapblock[2] = 0x03;			/* control = UI */
3659 	snapblock[3] = (u_char)(orgcode >> 16);	/* upper 8 bits of organization code */
3660 	snapblock[4] = (u_char)(orgcode >> 8);	/* middle 8 bits of organization code */
3661 	snapblock[5] = (u_char)(orgcode >> 0);	/* lower 8 bits of organization code */
3662 	snapblock[6] = (u_char)(ptype >> 8);	/* upper 8 bits of protocol type */
3663 	snapblock[7] = (u_char)(ptype >> 0);	/* lower 8 bits of protocol type */
3664 	return gen_bcmp(cstate, OR_LLC, 0, 8, snapblock);
3665 }
3666 
3667 /*
3668  * Generate code to match frames with an LLC header.
3669  */
3670 static struct block *
3671 gen_llc_internal(compiler_state_t *cstate)
3672 {
3673 	struct block *b0, *b1;
3674 
3675 	switch (cstate->linktype) {
3676 
3677 	case DLT_EN10MB:
3678 		/*
3679 		 * We check for an Ethernet type field less than
3680 		 * 1500, which means it's an 802.3 length field.
3681 		 */
3682 		b0 = gen_cmp_gt(cstate, OR_LINKTYPE, 0, BPF_H, ETHERMTU);
3683 		gen_not(b0);
3684 
3685 		/*
3686 		 * Now check for the purported DSAP and SSAP not being
3687 		 * 0xFF, to rule out NetWare-over-802.3.
3688 		 */
3689 		b1 = gen_cmp(cstate, OR_LLC, 0, BPF_H, 0xFFFF);
3690 		gen_not(b1);
3691 		gen_and(b0, b1);
3692 		return b1;
3693 
3694 	case DLT_SUNATM:
3695 		/*
3696 		 * We check for LLC traffic.
3697 		 */
3698 		b0 = gen_atmtype_llc(cstate);
3699 		return b0;
3700 
3701 	case DLT_IEEE802:	/* Token Ring */
3702 		/*
3703 		 * XXX - check for LLC frames.
3704 		 */
3705 		return gen_true(cstate);
3706 
3707 	case DLT_FDDI:
3708 		/*
3709 		 * XXX - check for LLC frames.
3710 		 */
3711 		return gen_true(cstate);
3712 
3713 	case DLT_ATM_RFC1483:
3714 		/*
3715 		 * For LLC encapsulation, these are defined to have an
3716 		 * 802.2 LLC header.
3717 		 *
3718 		 * For VC encapsulation, they don't, but there's no
3719 		 * way to check for that; the protocol used on the VC
3720 		 * is negotiated out of band.
3721 		 */
3722 		return gen_true(cstate);
3723 
3724 	case DLT_IEEE802_11:
3725 	case DLT_PRISM_HEADER:
3726 	case DLT_IEEE802_11_RADIO:
3727 	case DLT_IEEE802_11_RADIO_AVS:
3728 	case DLT_PPI:
3729 		/*
3730 		 * Check that we have a data frame.
3731 		 */
3732 		b0 = gen_check_802_11_data_frame(cstate);
3733 		return b0;
3734 
3735 	default:
3736 		bpf_error(cstate, "'llc' not supported for %s",
3737 			  pcap_datalink_val_to_description_or_dlt(cstate->linktype));
3738 		/*NOTREACHED*/
3739 	}
3740 }
3741 
3742 struct block *
3743 gen_llc(compiler_state_t *cstate)
3744 {
3745 	/*
3746 	 * Catch errors reported by us and routines below us, and return NULL
3747 	 * on an error.
3748 	 */
3749 	if (setjmp(cstate->top_ctx))
3750 		return (NULL);
3751 
3752 	return gen_llc_internal(cstate);
3753 }
3754 
3755 struct block *
3756 gen_llc_i(compiler_state_t *cstate)
3757 {
3758 	struct block *b0, *b1;
3759 	struct slist *s;
3760 
3761 	/*
3762 	 * Catch errors reported by us and routines below us, and return NULL
3763 	 * on an error.
3764 	 */
3765 	if (setjmp(cstate->top_ctx))
3766 		return (NULL);
3767 
3768 	/*
3769 	 * Check whether this is an LLC frame.
3770 	 */
3771 	b0 = gen_llc_internal(cstate);
3772 
3773 	/*
3774 	 * Load the control byte and test the low-order bit; it must
3775 	 * be clear for I frames.
3776 	 */
3777 	s = gen_load_a(cstate, OR_LLC, 2, BPF_B);
3778 	b1 = new_block(cstate, JMP(BPF_JSET));
3779 	b1->s.k = 0x01;
3780 	b1->stmts = s;
3781 	gen_not(b1);
3782 	gen_and(b0, b1);
3783 	return b1;
3784 }
3785 
3786 struct block *
3787 gen_llc_s(compiler_state_t *cstate)
3788 {
3789 	struct block *b0, *b1;
3790 
3791 	/*
3792 	 * Catch errors reported by us and routines below us, and return NULL
3793 	 * on an error.
3794 	 */
3795 	if (setjmp(cstate->top_ctx))
3796 		return (NULL);
3797 
3798 	/*
3799 	 * Check whether this is an LLC frame.
3800 	 */
3801 	b0 = gen_llc_internal(cstate);
3802 
3803 	/*
3804 	 * Now compare the low-order 2 bit of the control byte against
3805 	 * the appropriate value for S frames.
3806 	 */
3807 	b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, LLC_S_FMT, 0x03);
3808 	gen_and(b0, b1);
3809 	return b1;
3810 }
3811 
3812 struct block *
3813 gen_llc_u(compiler_state_t *cstate)
3814 {
3815 	struct block *b0, *b1;
3816 
3817 	/*
3818 	 * Catch errors reported by us and routines below us, and return NULL
3819 	 * on an error.
3820 	 */
3821 	if (setjmp(cstate->top_ctx))
3822 		return (NULL);
3823 
3824 	/*
3825 	 * Check whether this is an LLC frame.
3826 	 */
3827 	b0 = gen_llc_internal(cstate);
3828 
3829 	/*
3830 	 * Now compare the low-order 2 bit of the control byte against
3831 	 * the appropriate value for U frames.
3832 	 */
3833 	b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, LLC_U_FMT, 0x03);
3834 	gen_and(b0, b1);
3835 	return b1;
3836 }
3837 
3838 struct block *
3839 gen_llc_s_subtype(compiler_state_t *cstate, bpf_u_int32 subtype)
3840 {
3841 	struct block *b0, *b1;
3842 
3843 	/*
3844 	 * Catch errors reported by us and routines below us, and return NULL
3845 	 * on an error.
3846 	 */
3847 	if (setjmp(cstate->top_ctx))
3848 		return (NULL);
3849 
3850 	/*
3851 	 * Check whether this is an LLC frame.
3852 	 */
3853 	b0 = gen_llc_internal(cstate);
3854 
3855 	/*
3856 	 * Now check for an S frame with the appropriate type.
3857 	 */
3858 	b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, subtype, LLC_S_CMD_MASK);
3859 	gen_and(b0, b1);
3860 	return b1;
3861 }
3862 
3863 struct block *
3864 gen_llc_u_subtype(compiler_state_t *cstate, bpf_u_int32 subtype)
3865 {
3866 	struct block *b0, *b1;
3867 
3868 	/*
3869 	 * Catch errors reported by us and routines below us, and return NULL
3870 	 * on an error.
3871 	 */
3872 	if (setjmp(cstate->top_ctx))
3873 		return (NULL);
3874 
3875 	/*
3876 	 * Check whether this is an LLC frame.
3877 	 */
3878 	b0 = gen_llc_internal(cstate);
3879 
3880 	/*
3881 	 * Now check for a U frame with the appropriate type.
3882 	 */
3883 	b1 = gen_mcmp(cstate, OR_LLC, 2, BPF_B, subtype, LLC_U_CMD_MASK);
3884 	gen_and(b0, b1);
3885 	return b1;
3886 }
3887 
3888 /*
3889  * Generate code to match a particular packet type, for link-layer types
3890  * using 802.2 LLC headers.
3891  *
3892  * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used
3893  * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues.
3894  *
3895  * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
3896  * value, if <= ETHERMTU.  We use that to determine whether to
3897  * match the DSAP or both DSAP and LSAP or to check the OUI and
3898  * protocol ID in a SNAP header.
3899  */
3900 static struct block *
3901 gen_llc_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
3902 {
3903 	/*
3904 	 * XXX - handle token-ring variable-length header.
3905 	 */
3906 	switch (ll_proto) {
3907 
3908 	case LLCSAP_IP:
3909 	case LLCSAP_ISONS:
3910 	case LLCSAP_NETBEUI:
3911 		/*
3912 		 * XXX - should we check both the DSAP and the
3913 		 * SSAP, like this, or should we check just the
3914 		 * DSAP, as we do for other SAP values?
3915 		 */
3916 		return gen_cmp(cstate, OR_LLC, 0, BPF_H, (bpf_u_int32)
3917 			     ((ll_proto << 8) | ll_proto));
3918 
3919 	case LLCSAP_IPX:
3920 		/*
3921 		 * XXX - are there ever SNAP frames for IPX on
3922 		 * non-Ethernet 802.x networks?
3923 		 */
3924 		return gen_cmp(cstate, OR_LLC, 0, BPF_B, LLCSAP_IPX);
3925 
3926 	case ETHERTYPE_ATALK:
3927 		/*
3928 		 * 802.2-encapsulated ETHERTYPE_ATALK packets are
3929 		 * SNAP packets with an organization code of
3930 		 * 0x080007 (Apple, for Appletalk) and a protocol
3931 		 * type of ETHERTYPE_ATALK (Appletalk).
3932 		 *
3933 		 * XXX - check for an organization code of
3934 		 * encapsulated Ethernet as well?
3935 		 */
3936 		return gen_snap(cstate, 0x080007, ETHERTYPE_ATALK);
3937 
3938 	default:
3939 		/*
3940 		 * XXX - we don't have to check for IPX 802.3
3941 		 * here, but should we check for the IPX Ethertype?
3942 		 */
3943 		if (ll_proto <= ETHERMTU) {
3944 			/*
3945 			 * This is an LLC SAP value, so check
3946 			 * the DSAP.
3947 			 */
3948 			return gen_cmp(cstate, OR_LLC, 0, BPF_B, ll_proto);
3949 		} else {
3950 			/*
3951 			 * This is an Ethernet type; we assume that it's
3952 			 * unlikely that it'll appear in the right place
3953 			 * at random, and therefore check only the
3954 			 * location that would hold the Ethernet type
3955 			 * in a SNAP frame with an organization code of
3956 			 * 0x000000 (encapsulated Ethernet).
3957 			 *
3958 			 * XXX - if we were to check for the SNAP DSAP and
3959 			 * LSAP, as per XXX, and were also to check for an
3960 			 * organization code of 0x000000 (encapsulated
3961 			 * Ethernet), we'd do
3962 			 *
3963 			 *	return gen_snap(cstate, 0x000000, ll_proto);
3964 			 *
3965 			 * here; for now, we don't, as per the above.
3966 			 * I don't know whether it's worth the extra CPU
3967 			 * time to do the right check or not.
3968 			 */
3969 			return gen_cmp(cstate, OR_LLC, 6, BPF_H, ll_proto);
3970 		}
3971 	}
3972 }
3973 
3974 static struct block *
3975 gen_hostop(compiler_state_t *cstate, bpf_u_int32 addr, bpf_u_int32 mask,
3976     int dir, bpf_u_int32 ll_proto, u_int src_off, u_int dst_off)
3977 {
3978 	struct block *b0, *b1;
3979 	u_int offset;
3980 
3981 	switch (dir) {
3982 
3983 	case Q_SRC:
3984 		offset = src_off;
3985 		break;
3986 
3987 	case Q_DST:
3988 		offset = dst_off;
3989 		break;
3990 
3991 	case Q_AND:
3992 		b0 = gen_hostop(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off);
3993 		b1 = gen_hostop(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off);
3994 		gen_and(b0, b1);
3995 		return b1;
3996 
3997 	case Q_DEFAULT:
3998 	case Q_OR:
3999 		b0 = gen_hostop(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off);
4000 		b1 = gen_hostop(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off);
4001 		gen_or(b0, b1);
4002 		return b1;
4003 
4004 	case Q_ADDR1:
4005 		bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4006 		/*NOTREACHED*/
4007 
4008 	case Q_ADDR2:
4009 		bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4010 		/*NOTREACHED*/
4011 
4012 	case Q_ADDR3:
4013 		bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4014 		/*NOTREACHED*/
4015 
4016 	case Q_ADDR4:
4017 		bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4018 		/*NOTREACHED*/
4019 
4020 	case Q_RA:
4021 		bpf_error(cstate, "'ra' is not a valid qualifier for addresses other than 802.11 MAC addresses");
4022 		/*NOTREACHED*/
4023 
4024 	case Q_TA:
4025 		bpf_error(cstate, "'ta' is not a valid qualifier for addresses other than 802.11 MAC addresses");
4026 		/*NOTREACHED*/
4027 
4028 	default:
4029 		abort();
4030 		/*NOTREACHED*/
4031 	}
4032 	b0 = gen_linktype(cstate, ll_proto);
4033 	b1 = gen_mcmp(cstate, OR_LINKPL, offset, BPF_W, addr, mask);
4034 	gen_and(b0, b1);
4035 	return b1;
4036 }
4037 
4038 #ifdef INET6
4039 static struct block *
4040 gen_hostop6(compiler_state_t *cstate, struct in6_addr *addr,
4041     struct in6_addr *mask, int dir, bpf_u_int32 ll_proto, u_int src_off,
4042     u_int dst_off)
4043 {
4044 	struct block *b0, *b1;
4045 	u_int offset;
4046 	uint32_t *a, *m;
4047 
4048 	switch (dir) {
4049 
4050 	case Q_SRC:
4051 		offset = src_off;
4052 		break;
4053 
4054 	case Q_DST:
4055 		offset = dst_off;
4056 		break;
4057 
4058 	case Q_AND:
4059 		b0 = gen_hostop6(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off);
4060 		b1 = gen_hostop6(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off);
4061 		gen_and(b0, b1);
4062 		return b1;
4063 
4064 	case Q_DEFAULT:
4065 	case Q_OR:
4066 		b0 = gen_hostop6(cstate, addr, mask, Q_SRC, ll_proto, src_off, dst_off);
4067 		b1 = gen_hostop6(cstate, addr, mask, Q_DST, ll_proto, src_off, dst_off);
4068 		gen_or(b0, b1);
4069 		return b1;
4070 
4071 	case Q_ADDR1:
4072 		bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4073 		/*NOTREACHED*/
4074 
4075 	case Q_ADDR2:
4076 		bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4077 		/*NOTREACHED*/
4078 
4079 	case Q_ADDR3:
4080 		bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4081 		/*NOTREACHED*/
4082 
4083 	case Q_ADDR4:
4084 		bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4085 		/*NOTREACHED*/
4086 
4087 	case Q_RA:
4088 		bpf_error(cstate, "'ra' is not a valid qualifier for addresses other than 802.11 MAC addresses");
4089 		/*NOTREACHED*/
4090 
4091 	case Q_TA:
4092 		bpf_error(cstate, "'ta' is not a valid qualifier for addresses other than 802.11 MAC addresses");
4093 		/*NOTREACHED*/
4094 
4095 	default:
4096 		abort();
4097 		/*NOTREACHED*/
4098 	}
4099 	/* this order is important */
4100 	a = (uint32_t *)addr;
4101 	m = (uint32_t *)mask;
4102 	b1 = gen_mcmp(cstate, OR_LINKPL, offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3]));
4103 	b0 = gen_mcmp(cstate, OR_LINKPL, offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2]));
4104 	gen_and(b0, b1);
4105 	b0 = gen_mcmp(cstate, OR_LINKPL, offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1]));
4106 	gen_and(b0, b1);
4107 	b0 = gen_mcmp(cstate, OR_LINKPL, offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0]));
4108 	gen_and(b0, b1);
4109 	b0 = gen_linktype(cstate, ll_proto);
4110 	gen_and(b0, b1);
4111 	return b1;
4112 }
4113 #endif
4114 
4115 static struct block *
4116 gen_ehostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
4117 {
4118 	register struct block *b0, *b1;
4119 
4120 	switch (dir) {
4121 	case Q_SRC:
4122 		return gen_bcmp(cstate, OR_LINKHDR, 6, 6, eaddr);
4123 
4124 	case Q_DST:
4125 		return gen_bcmp(cstate, OR_LINKHDR, 0, 6, eaddr);
4126 
4127 	case Q_AND:
4128 		b0 = gen_ehostop(cstate, eaddr, Q_SRC);
4129 		b1 = gen_ehostop(cstate, eaddr, Q_DST);
4130 		gen_and(b0, b1);
4131 		return b1;
4132 
4133 	case Q_DEFAULT:
4134 	case Q_OR:
4135 		b0 = gen_ehostop(cstate, eaddr, Q_SRC);
4136 		b1 = gen_ehostop(cstate, eaddr, Q_DST);
4137 		gen_or(b0, b1);
4138 		return b1;
4139 
4140 	case Q_ADDR1:
4141 		bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11 with 802.11 headers");
4142 		/*NOTREACHED*/
4143 
4144 	case Q_ADDR2:
4145 		bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11 with 802.11 headers");
4146 		/*NOTREACHED*/
4147 
4148 	case Q_ADDR3:
4149 		bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11 with 802.11 headers");
4150 		/*NOTREACHED*/
4151 
4152 	case Q_ADDR4:
4153 		bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11 with 802.11 headers");
4154 		/*NOTREACHED*/
4155 
4156 	case Q_RA:
4157 		bpf_error(cstate, "'ra' is only supported on 802.11 with 802.11 headers");
4158 		/*NOTREACHED*/
4159 
4160 	case Q_TA:
4161 		bpf_error(cstate, "'ta' is only supported on 802.11 with 802.11 headers");
4162 		/*NOTREACHED*/
4163 	}
4164 	abort();
4165 	/*NOTREACHED*/
4166 }
4167 
4168 /*
4169  * Like gen_ehostop, but for DLT_FDDI
4170  */
4171 static struct block *
4172 gen_fhostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
4173 {
4174 	struct block *b0, *b1;
4175 
4176 	switch (dir) {
4177 	case Q_SRC:
4178 		return gen_bcmp(cstate, OR_LINKHDR, 6 + 1 + cstate->pcap_fddipad, 6, eaddr);
4179 
4180 	case Q_DST:
4181 		return gen_bcmp(cstate, OR_LINKHDR, 0 + 1 + cstate->pcap_fddipad, 6, eaddr);
4182 
4183 	case Q_AND:
4184 		b0 = gen_fhostop(cstate, eaddr, Q_SRC);
4185 		b1 = gen_fhostop(cstate, eaddr, Q_DST);
4186 		gen_and(b0, b1);
4187 		return b1;
4188 
4189 	case Q_DEFAULT:
4190 	case Q_OR:
4191 		b0 = gen_fhostop(cstate, eaddr, Q_SRC);
4192 		b1 = gen_fhostop(cstate, eaddr, Q_DST);
4193 		gen_or(b0, b1);
4194 		return b1;
4195 
4196 	case Q_ADDR1:
4197 		bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11");
4198 		/*NOTREACHED*/
4199 
4200 	case Q_ADDR2:
4201 		bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11");
4202 		/*NOTREACHED*/
4203 
4204 	case Q_ADDR3:
4205 		bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11");
4206 		/*NOTREACHED*/
4207 
4208 	case Q_ADDR4:
4209 		bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11");
4210 		/*NOTREACHED*/
4211 
4212 	case Q_RA:
4213 		bpf_error(cstate, "'ra' is only supported on 802.11");
4214 		/*NOTREACHED*/
4215 
4216 	case Q_TA:
4217 		bpf_error(cstate, "'ta' is only supported on 802.11");
4218 		/*NOTREACHED*/
4219 	}
4220 	abort();
4221 	/*NOTREACHED*/
4222 }
4223 
4224 /*
4225  * Like gen_ehostop, but for DLT_IEEE802 (Token Ring)
4226  */
4227 static struct block *
4228 gen_thostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
4229 {
4230 	register struct block *b0, *b1;
4231 
4232 	switch (dir) {
4233 	case Q_SRC:
4234 		return gen_bcmp(cstate, OR_LINKHDR, 8, 6, eaddr);
4235 
4236 	case Q_DST:
4237 		return gen_bcmp(cstate, OR_LINKHDR, 2, 6, eaddr);
4238 
4239 	case Q_AND:
4240 		b0 = gen_thostop(cstate, eaddr, Q_SRC);
4241 		b1 = gen_thostop(cstate, eaddr, Q_DST);
4242 		gen_and(b0, b1);
4243 		return b1;
4244 
4245 	case Q_DEFAULT:
4246 	case Q_OR:
4247 		b0 = gen_thostop(cstate, eaddr, Q_SRC);
4248 		b1 = gen_thostop(cstate, eaddr, Q_DST);
4249 		gen_or(b0, b1);
4250 		return b1;
4251 
4252 	case Q_ADDR1:
4253 		bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11");
4254 		/*NOTREACHED*/
4255 
4256 	case Q_ADDR2:
4257 		bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11");
4258 		/*NOTREACHED*/
4259 
4260 	case Q_ADDR3:
4261 		bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11");
4262 		/*NOTREACHED*/
4263 
4264 	case Q_ADDR4:
4265 		bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11");
4266 		/*NOTREACHED*/
4267 
4268 	case Q_RA:
4269 		bpf_error(cstate, "'ra' is only supported on 802.11");
4270 		/*NOTREACHED*/
4271 
4272 	case Q_TA:
4273 		bpf_error(cstate, "'ta' is only supported on 802.11");
4274 		/*NOTREACHED*/
4275 	}
4276 	abort();
4277 	/*NOTREACHED*/
4278 }
4279 
4280 /*
4281  * Like gen_ehostop, but for DLT_IEEE802_11 (802.11 wireless LAN) and
4282  * various 802.11 + radio headers.
4283  */
4284 static struct block *
4285 gen_wlanhostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
4286 {
4287 	register struct block *b0, *b1, *b2;
4288 	register struct slist *s;
4289 
4290 #ifdef ENABLE_WLAN_FILTERING_PATCH
4291 	/*
4292 	 * TODO GV 20070613
4293 	 * We need to disable the optimizer because the optimizer is buggy
4294 	 * and wipes out some LD instructions generated by the below
4295 	 * code to validate the Frame Control bits
4296 	 */
4297 	cstate->no_optimize = 1;
4298 #endif /* ENABLE_WLAN_FILTERING_PATCH */
4299 
4300 	switch (dir) {
4301 	case Q_SRC:
4302 		/*
4303 		 * Oh, yuk.
4304 		 *
4305 		 *	For control frames, there is no SA.
4306 		 *
4307 		 *	For management frames, SA is at an
4308 		 *	offset of 10 from the beginning of
4309 		 *	the packet.
4310 		 *
4311 		 *	For data frames, SA is at an offset
4312 		 *	of 10 from the beginning of the packet
4313 		 *	if From DS is clear, at an offset of
4314 		 *	16 from the beginning of the packet
4315 		 *	if From DS is set and To DS is clear,
4316 		 *	and an offset of 24 from the beginning
4317 		 *	of the packet if From DS is set and To DS
4318 		 *	is set.
4319 		 */
4320 
4321 		/*
4322 		 * Generate the tests to be done for data frames
4323 		 * with From DS set.
4324 		 *
4325 		 * First, check for To DS set, i.e. check "link[1] & 0x01".
4326 		 */
4327 		s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4328 		b1 = new_block(cstate, JMP(BPF_JSET));
4329 		b1->s.k = 0x01;	/* To DS */
4330 		b1->stmts = s;
4331 
4332 		/*
4333 		 * If To DS is set, the SA is at 24.
4334 		 */
4335 		b0 = gen_bcmp(cstate, OR_LINKHDR, 24, 6, eaddr);
4336 		gen_and(b1, b0);
4337 
4338 		/*
4339 		 * Now, check for To DS not set, i.e. check
4340 		 * "!(link[1] & 0x01)".
4341 		 */
4342 		s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4343 		b2 = new_block(cstate, JMP(BPF_JSET));
4344 		b2->s.k = 0x01;	/* To DS */
4345 		b2->stmts = s;
4346 		gen_not(b2);
4347 
4348 		/*
4349 		 * If To DS is not set, the SA is at 16.
4350 		 */
4351 		b1 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr);
4352 		gen_and(b2, b1);
4353 
4354 		/*
4355 		 * Now OR together the last two checks.  That gives
4356 		 * the complete set of checks for data frames with
4357 		 * From DS set.
4358 		 */
4359 		gen_or(b1, b0);
4360 
4361 		/*
4362 		 * Now check for From DS being set, and AND that with
4363 		 * the ORed-together checks.
4364 		 */
4365 		s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4366 		b1 = new_block(cstate, JMP(BPF_JSET));
4367 		b1->s.k = 0x02;	/* From DS */
4368 		b1->stmts = s;
4369 		gen_and(b1, b0);
4370 
4371 		/*
4372 		 * Now check for data frames with From DS not set.
4373 		 */
4374 		s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4375 		b2 = new_block(cstate, JMP(BPF_JSET));
4376 		b2->s.k = 0x02;	/* From DS */
4377 		b2->stmts = s;
4378 		gen_not(b2);
4379 
4380 		/*
4381 		 * If From DS isn't set, the SA is at 10.
4382 		 */
4383 		b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr);
4384 		gen_and(b2, b1);
4385 
4386 		/*
4387 		 * Now OR together the checks for data frames with
4388 		 * From DS not set and for data frames with From DS
4389 		 * set; that gives the checks done for data frames.
4390 		 */
4391 		gen_or(b1, b0);
4392 
4393 		/*
4394 		 * Now check for a data frame.
4395 		 * I.e, check "link[0] & 0x08".
4396 		 */
4397 		s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4398 		b1 = new_block(cstate, JMP(BPF_JSET));
4399 		b1->s.k = 0x08;
4400 		b1->stmts = s;
4401 
4402 		/*
4403 		 * AND that with the checks done for data frames.
4404 		 */
4405 		gen_and(b1, b0);
4406 
4407 		/*
4408 		 * If the high-order bit of the type value is 0, this
4409 		 * is a management frame.
4410 		 * I.e, check "!(link[0] & 0x08)".
4411 		 */
4412 		s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4413 		b2 = new_block(cstate, JMP(BPF_JSET));
4414 		b2->s.k = 0x08;
4415 		b2->stmts = s;
4416 		gen_not(b2);
4417 
4418 		/*
4419 		 * For management frames, the SA is at 10.
4420 		 */
4421 		b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr);
4422 		gen_and(b2, b1);
4423 
4424 		/*
4425 		 * OR that with the checks done for data frames.
4426 		 * That gives the checks done for management and
4427 		 * data frames.
4428 		 */
4429 		gen_or(b1, b0);
4430 
4431 		/*
4432 		 * If the low-order bit of the type value is 1,
4433 		 * this is either a control frame or a frame
4434 		 * with a reserved type, and thus not a
4435 		 * frame with an SA.
4436 		 *
4437 		 * I.e., check "!(link[0] & 0x04)".
4438 		 */
4439 		s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4440 		b1 = new_block(cstate, JMP(BPF_JSET));
4441 		b1->s.k = 0x04;
4442 		b1->stmts = s;
4443 		gen_not(b1);
4444 
4445 		/*
4446 		 * AND that with the checks for data and management
4447 		 * frames.
4448 		 */
4449 		gen_and(b1, b0);
4450 		return b0;
4451 
4452 	case Q_DST:
4453 		/*
4454 		 * Oh, yuk.
4455 		 *
4456 		 *	For control frames, there is no DA.
4457 		 *
4458 		 *	For management frames, DA is at an
4459 		 *	offset of 4 from the beginning of
4460 		 *	the packet.
4461 		 *
4462 		 *	For data frames, DA is at an offset
4463 		 *	of 4 from the beginning of the packet
4464 		 *	if To DS is clear and at an offset of
4465 		 *	16 from the beginning of the packet
4466 		 *	if To DS is set.
4467 		 */
4468 
4469 		/*
4470 		 * Generate the tests to be done for data frames.
4471 		 *
4472 		 * First, check for To DS set, i.e. "link[1] & 0x01".
4473 		 */
4474 		s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4475 		b1 = new_block(cstate, JMP(BPF_JSET));
4476 		b1->s.k = 0x01;	/* To DS */
4477 		b1->stmts = s;
4478 
4479 		/*
4480 		 * If To DS is set, the DA is at 16.
4481 		 */
4482 		b0 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr);
4483 		gen_and(b1, b0);
4484 
4485 		/*
4486 		 * Now, check for To DS not set, i.e. check
4487 		 * "!(link[1] & 0x01)".
4488 		 */
4489 		s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
4490 		b2 = new_block(cstate, JMP(BPF_JSET));
4491 		b2->s.k = 0x01;	/* To DS */
4492 		b2->stmts = s;
4493 		gen_not(b2);
4494 
4495 		/*
4496 		 * If To DS is not set, the DA is at 4.
4497 		 */
4498 		b1 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr);
4499 		gen_and(b2, b1);
4500 
4501 		/*
4502 		 * Now OR together the last two checks.  That gives
4503 		 * the complete set of checks for data frames.
4504 		 */
4505 		gen_or(b1, b0);
4506 
4507 		/*
4508 		 * Now check for a data frame.
4509 		 * I.e, check "link[0] & 0x08".
4510 		 */
4511 		s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4512 		b1 = new_block(cstate, JMP(BPF_JSET));
4513 		b1->s.k = 0x08;
4514 		b1->stmts = s;
4515 
4516 		/*
4517 		 * AND that with the checks done for data frames.
4518 		 */
4519 		gen_and(b1, b0);
4520 
4521 		/*
4522 		 * If the high-order bit of the type value is 0, this
4523 		 * is a management frame.
4524 		 * I.e, check "!(link[0] & 0x08)".
4525 		 */
4526 		s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4527 		b2 = new_block(cstate, JMP(BPF_JSET));
4528 		b2->s.k = 0x08;
4529 		b2->stmts = s;
4530 		gen_not(b2);
4531 
4532 		/*
4533 		 * For management frames, the DA is at 4.
4534 		 */
4535 		b1 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr);
4536 		gen_and(b2, b1);
4537 
4538 		/*
4539 		 * OR that with the checks done for data frames.
4540 		 * That gives the checks done for management and
4541 		 * data frames.
4542 		 */
4543 		gen_or(b1, b0);
4544 
4545 		/*
4546 		 * If the low-order bit of the type value is 1,
4547 		 * this is either a control frame or a frame
4548 		 * with a reserved type, and thus not a
4549 		 * frame with an SA.
4550 		 *
4551 		 * I.e., check "!(link[0] & 0x04)".
4552 		 */
4553 		s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4554 		b1 = new_block(cstate, JMP(BPF_JSET));
4555 		b1->s.k = 0x04;
4556 		b1->stmts = s;
4557 		gen_not(b1);
4558 
4559 		/*
4560 		 * AND that with the checks for data and management
4561 		 * frames.
4562 		 */
4563 		gen_and(b1, b0);
4564 		return b0;
4565 
4566 	case Q_AND:
4567 		b0 = gen_wlanhostop(cstate, eaddr, Q_SRC);
4568 		b1 = gen_wlanhostop(cstate, eaddr, Q_DST);
4569 		gen_and(b0, b1);
4570 		return b1;
4571 
4572 	case Q_DEFAULT:
4573 	case Q_OR:
4574 		b0 = gen_wlanhostop(cstate, eaddr, Q_SRC);
4575 		b1 = gen_wlanhostop(cstate, eaddr, Q_DST);
4576 		gen_or(b0, b1);
4577 		return b1;
4578 
4579 	/*
4580 	 * XXX - add BSSID keyword?
4581 	 */
4582 	case Q_ADDR1:
4583 		return (gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr));
4584 
4585 	case Q_ADDR2:
4586 		/*
4587 		 * Not present in CTS or ACK control frames.
4588 		 */
4589 		b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL,
4590 			IEEE80211_FC0_TYPE_MASK);
4591 		gen_not(b0);
4592 		b1 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_CTS,
4593 			IEEE80211_FC0_SUBTYPE_MASK);
4594 		gen_not(b1);
4595 		b2 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_ACK,
4596 			IEEE80211_FC0_SUBTYPE_MASK);
4597 		gen_not(b2);
4598 		gen_and(b1, b2);
4599 		gen_or(b0, b2);
4600 		b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr);
4601 		gen_and(b2, b1);
4602 		return b1;
4603 
4604 	case Q_ADDR3:
4605 		/*
4606 		 * Not present in control frames.
4607 		 */
4608 		b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL,
4609 			IEEE80211_FC0_TYPE_MASK);
4610 		gen_not(b0);
4611 		b1 = gen_bcmp(cstate, OR_LINKHDR, 16, 6, eaddr);
4612 		gen_and(b0, b1);
4613 		return b1;
4614 
4615 	case Q_ADDR4:
4616 		/*
4617 		 * Present only if the direction mask has both "From DS"
4618 		 * and "To DS" set.  Neither control frames nor management
4619 		 * frames should have both of those set, so we don't
4620 		 * check the frame type.
4621 		 */
4622 		b0 = gen_mcmp(cstate, OR_LINKHDR, 1, BPF_B,
4623 			IEEE80211_FC1_DIR_DSTODS, IEEE80211_FC1_DIR_MASK);
4624 		b1 = gen_bcmp(cstate, OR_LINKHDR, 24, 6, eaddr);
4625 		gen_and(b0, b1);
4626 		return b1;
4627 
4628 	case Q_RA:
4629 		/*
4630 		 * Not present in management frames; addr1 in other
4631 		 * frames.
4632 		 */
4633 
4634 		/*
4635 		 * If the high-order bit of the type value is 0, this
4636 		 * is a management frame.
4637 		 * I.e, check "(link[0] & 0x08)".
4638 		 */
4639 		s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4640 		b1 = new_block(cstate, JMP(BPF_JSET));
4641 		b1->s.k = 0x08;
4642 		b1->stmts = s;
4643 
4644 		/*
4645 		 * Check addr1.
4646 		 */
4647 		b0 = gen_bcmp(cstate, OR_LINKHDR, 4, 6, eaddr);
4648 
4649 		/*
4650 		 * AND that with the check of addr1.
4651 		 */
4652 		gen_and(b1, b0);
4653 		return (b0);
4654 
4655 	case Q_TA:
4656 		/*
4657 		 * Not present in management frames; addr2, if present,
4658 		 * in other frames.
4659 		 */
4660 
4661 		/*
4662 		 * Not present in CTS or ACK control frames.
4663 		 */
4664 		b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_TYPE_CTL,
4665 			IEEE80211_FC0_TYPE_MASK);
4666 		gen_not(b0);
4667 		b1 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_CTS,
4668 			IEEE80211_FC0_SUBTYPE_MASK);
4669 		gen_not(b1);
4670 		b2 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, IEEE80211_FC0_SUBTYPE_ACK,
4671 			IEEE80211_FC0_SUBTYPE_MASK);
4672 		gen_not(b2);
4673 		gen_and(b1, b2);
4674 		gen_or(b0, b2);
4675 
4676 		/*
4677 		 * If the high-order bit of the type value is 0, this
4678 		 * is a management frame.
4679 		 * I.e, check "(link[0] & 0x08)".
4680 		 */
4681 		s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
4682 		b1 = new_block(cstate, JMP(BPF_JSET));
4683 		b1->s.k = 0x08;
4684 		b1->stmts = s;
4685 
4686 		/*
4687 		 * AND that with the check for frames other than
4688 		 * CTS and ACK frames.
4689 		 */
4690 		gen_and(b1, b2);
4691 
4692 		/*
4693 		 * Check addr2.
4694 		 */
4695 		b1 = gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr);
4696 		gen_and(b2, b1);
4697 		return b1;
4698 	}
4699 	abort();
4700 	/*NOTREACHED*/
4701 }
4702 
4703 /*
4704  * Like gen_ehostop, but for RFC 2625 IP-over-Fibre-Channel.
4705  * (We assume that the addresses are IEEE 48-bit MAC addresses,
4706  * as the RFC states.)
4707  */
4708 static struct block *
4709 gen_ipfchostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
4710 {
4711 	register struct block *b0, *b1;
4712 
4713 	switch (dir) {
4714 	case Q_SRC:
4715 		return gen_bcmp(cstate, OR_LINKHDR, 10, 6, eaddr);
4716 
4717 	case Q_DST:
4718 		return gen_bcmp(cstate, OR_LINKHDR, 2, 6, eaddr);
4719 
4720 	case Q_AND:
4721 		b0 = gen_ipfchostop(cstate, eaddr, Q_SRC);
4722 		b1 = gen_ipfchostop(cstate, eaddr, Q_DST);
4723 		gen_and(b0, b1);
4724 		return b1;
4725 
4726 	case Q_DEFAULT:
4727 	case Q_OR:
4728 		b0 = gen_ipfchostop(cstate, eaddr, Q_SRC);
4729 		b1 = gen_ipfchostop(cstate, eaddr, Q_DST);
4730 		gen_or(b0, b1);
4731 		return b1;
4732 
4733 	case Q_ADDR1:
4734 		bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11");
4735 		/*NOTREACHED*/
4736 
4737 	case Q_ADDR2:
4738 		bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11");
4739 		/*NOTREACHED*/
4740 
4741 	case Q_ADDR3:
4742 		bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11");
4743 		/*NOTREACHED*/
4744 
4745 	case Q_ADDR4:
4746 		bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11");
4747 		/*NOTREACHED*/
4748 
4749 	case Q_RA:
4750 		bpf_error(cstate, "'ra' is only supported on 802.11");
4751 		/*NOTREACHED*/
4752 
4753 	case Q_TA:
4754 		bpf_error(cstate, "'ta' is only supported on 802.11");
4755 		/*NOTREACHED*/
4756 	}
4757 	abort();
4758 	/*NOTREACHED*/
4759 }
4760 
4761 /*
4762  * This is quite tricky because there may be pad bytes in front of the
4763  * DECNET header, and then there are two possible data packet formats that
4764  * carry both src and dst addresses, plus 5 packet types in a format that
4765  * carries only the src node, plus 2 types that use a different format and
4766  * also carry just the src node.
4767  *
4768  * Yuck.
4769  *
4770  * Instead of doing those all right, we just look for data packets with
4771  * 0 or 1 bytes of padding.  If you want to look at other packets, that
4772  * will require a lot more hacking.
4773  *
4774  * To add support for filtering on DECNET "areas" (network numbers)
4775  * one would want to add a "mask" argument to this routine.  That would
4776  * make the filter even more inefficient, although one could be clever
4777  * and not generate masking instructions if the mask is 0xFFFF.
4778  */
4779 static struct block *
4780 gen_dnhostop(compiler_state_t *cstate, bpf_u_int32 addr, int dir)
4781 {
4782 	struct block *b0, *b1, *b2, *tmp;
4783 	u_int offset_lh;	/* offset if long header is received */
4784 	u_int offset_sh;	/* offset if short header is received */
4785 
4786 	switch (dir) {
4787 
4788 	case Q_DST:
4789 		offset_sh = 1;	/* follows flags */
4790 		offset_lh = 7;	/* flgs,darea,dsubarea,HIORD */
4791 		break;
4792 
4793 	case Q_SRC:
4794 		offset_sh = 3;	/* follows flags, dstnode */
4795 		offset_lh = 15;	/* flgs,darea,dsubarea,did,sarea,ssub,HIORD */
4796 		break;
4797 
4798 	case Q_AND:
4799 		/* Inefficient because we do our Calvinball dance twice */
4800 		b0 = gen_dnhostop(cstate, addr, Q_SRC);
4801 		b1 = gen_dnhostop(cstate, addr, Q_DST);
4802 		gen_and(b0, b1);
4803 		return b1;
4804 
4805 	case Q_DEFAULT:
4806 	case Q_OR:
4807 		/* Inefficient because we do our Calvinball dance twice */
4808 		b0 = gen_dnhostop(cstate, addr, Q_SRC);
4809 		b1 = gen_dnhostop(cstate, addr, Q_DST);
4810 		gen_or(b0, b1);
4811 		return b1;
4812 
4813 	case Q_ADDR1:
4814 		bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4815 		/*NOTREACHED*/
4816 
4817 	case Q_ADDR2:
4818 		bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4819 		/*NOTREACHED*/
4820 
4821 	case Q_ADDR3:
4822 		bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4823 		/*NOTREACHED*/
4824 
4825 	case Q_ADDR4:
4826 		bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for addresses other than 802.11 MAC addresses");
4827 		/*NOTREACHED*/
4828 
4829 	case Q_RA:
4830 		bpf_error(cstate, "'ra' is not a valid qualifier for addresses other than 802.11 MAC addresses");
4831 		/*NOTREACHED*/
4832 
4833 	case Q_TA:
4834 		bpf_error(cstate, "'ta' is not a valid qualifier for addresses other than 802.11 MAC addresses");
4835 		/*NOTREACHED*/
4836 
4837 	default:
4838 		abort();
4839 		/*NOTREACHED*/
4840 	}
4841 	b0 = gen_linktype(cstate, ETHERTYPE_DN);
4842 	/* Check for pad = 1, long header case */
4843 	tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_H,
4844 	    (bpf_u_int32)ntohs(0x0681), (bpf_u_int32)ntohs(0x07FF));
4845 	b1 = gen_cmp(cstate, OR_LINKPL, 2 + 1 + offset_lh,
4846 	    BPF_H, (bpf_u_int32)ntohs((u_short)addr));
4847 	gen_and(tmp, b1);
4848 	/* Check for pad = 0, long header case */
4849 	tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_B, (bpf_u_int32)0x06,
4850 	    (bpf_u_int32)0x7);
4851 	b2 = gen_cmp(cstate, OR_LINKPL, 2 + offset_lh, BPF_H,
4852 	    (bpf_u_int32)ntohs((u_short)addr));
4853 	gen_and(tmp, b2);
4854 	gen_or(b2, b1);
4855 	/* Check for pad = 1, short header case */
4856 	tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_H,
4857 	    (bpf_u_int32)ntohs(0x0281), (bpf_u_int32)ntohs(0x07FF));
4858 	b2 = gen_cmp(cstate, OR_LINKPL, 2 + 1 + offset_sh, BPF_H,
4859 	    (bpf_u_int32)ntohs((u_short)addr));
4860 	gen_and(tmp, b2);
4861 	gen_or(b2, b1);
4862 	/* Check for pad = 0, short header case */
4863 	tmp = gen_mcmp(cstate, OR_LINKPL, 2, BPF_B, (bpf_u_int32)0x02,
4864 	    (bpf_u_int32)0x7);
4865 	b2 = gen_cmp(cstate, OR_LINKPL, 2 + offset_sh, BPF_H,
4866 	    (bpf_u_int32)ntohs((u_short)addr));
4867 	gen_and(tmp, b2);
4868 	gen_or(b2, b1);
4869 
4870 	/* Combine with test for cstate->linktype */
4871 	gen_and(b0, b1);
4872 	return b1;
4873 }
4874 
4875 /*
4876  * Generate a check for IPv4 or IPv6 for MPLS-encapsulated packets;
4877  * test the bottom-of-stack bit, and then check the version number
4878  * field in the IP header.
4879  */
4880 static struct block *
4881 gen_mpls_linktype(compiler_state_t *cstate, bpf_u_int32 ll_proto)
4882 {
4883 	struct block *b0, *b1;
4884 
4885         switch (ll_proto) {
4886 
4887         case ETHERTYPE_IP:
4888                 /* match the bottom-of-stack bit */
4889                 b0 = gen_mcmp(cstate, OR_LINKPL, (u_int)-2, BPF_B, 0x01, 0x01);
4890                 /* match the IPv4 version number */
4891                 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_B, 0x40, 0xf0);
4892                 gen_and(b0, b1);
4893                 return b1;
4894 
4895         case ETHERTYPE_IPV6:
4896                 /* match the bottom-of-stack bit */
4897                 b0 = gen_mcmp(cstate, OR_LINKPL, (u_int)-2, BPF_B, 0x01, 0x01);
4898                 /* match the IPv4 version number */
4899                 b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_B, 0x60, 0xf0);
4900                 gen_and(b0, b1);
4901                 return b1;
4902 
4903         default:
4904                /* FIXME add other L3 proto IDs */
4905                bpf_error(cstate, "unsupported protocol over mpls");
4906                /*NOTREACHED*/
4907         }
4908 }
4909 
4910 static struct block *
4911 gen_host(compiler_state_t *cstate, bpf_u_int32 addr, bpf_u_int32 mask,
4912     int proto, int dir, int type)
4913 {
4914 	struct block *b0, *b1;
4915 	const char *typestr;
4916 
4917 	if (type == Q_NET)
4918 		typestr = "net";
4919 	else
4920 		typestr = "host";
4921 
4922 	switch (proto) {
4923 
4924 	case Q_DEFAULT:
4925 		b0 = gen_host(cstate, addr, mask, Q_IP, dir, type);
4926 		/*
4927 		 * Only check for non-IPv4 addresses if we're not
4928 		 * checking MPLS-encapsulated packets.
4929 		 */
4930 		if (cstate->label_stack_depth == 0) {
4931 			b1 = gen_host(cstate, addr, mask, Q_ARP, dir, type);
4932 			gen_or(b0, b1);
4933 			b0 = gen_host(cstate, addr, mask, Q_RARP, dir, type);
4934 			gen_or(b1, b0);
4935 		}
4936 		return b0;
4937 
4938 	case Q_LINK:
4939 		bpf_error(cstate, "link-layer modifier applied to %s", typestr);
4940 
4941 	case Q_IP:
4942 		return gen_hostop(cstate, addr, mask, dir, ETHERTYPE_IP, 12, 16);
4943 
4944 	case Q_RARP:
4945 		return gen_hostop(cstate, addr, mask, dir, ETHERTYPE_REVARP, 14, 24);
4946 
4947 	case Q_ARP:
4948 		return gen_hostop(cstate, addr, mask, dir, ETHERTYPE_ARP, 14, 24);
4949 
4950 	case Q_SCTP:
4951 		bpf_error(cstate, "'sctp' modifier applied to %s", typestr);
4952 
4953 	case Q_TCP:
4954 		bpf_error(cstate, "'tcp' modifier applied to %s", typestr);
4955 
4956 	case Q_UDP:
4957 		bpf_error(cstate, "'udp' modifier applied to %s", typestr);
4958 
4959 	case Q_ICMP:
4960 		bpf_error(cstate, "'icmp' modifier applied to %s", typestr);
4961 
4962 	case Q_IGMP:
4963 		bpf_error(cstate, "'igmp' modifier applied to %s", typestr);
4964 
4965 	case Q_IGRP:
4966 		bpf_error(cstate, "'igrp' modifier applied to %s", typestr);
4967 
4968 	case Q_ATALK:
4969 		bpf_error(cstate, "AppleTalk host filtering not implemented");
4970 
4971 	case Q_DECNET:
4972 		return gen_dnhostop(cstate, addr, dir);
4973 
4974 	case Q_LAT:
4975 		bpf_error(cstate, "LAT host filtering not implemented");
4976 
4977 	case Q_SCA:
4978 		bpf_error(cstate, "SCA host filtering not implemented");
4979 
4980 	case Q_MOPRC:
4981 		bpf_error(cstate, "MOPRC host filtering not implemented");
4982 
4983 	case Q_MOPDL:
4984 		bpf_error(cstate, "MOPDL host filtering not implemented");
4985 
4986 	case Q_IPV6:
4987 		bpf_error(cstate, "'ip6' modifier applied to ip host");
4988 
4989 	case Q_ICMPV6:
4990 		bpf_error(cstate, "'icmp6' modifier applied to %s", typestr);
4991 
4992 	case Q_AH:
4993 		bpf_error(cstate, "'ah' modifier applied to %s", typestr);
4994 
4995 	case Q_ESP:
4996 		bpf_error(cstate, "'esp' modifier applied to %s", typestr);
4997 
4998 	case Q_PIM:
4999 		bpf_error(cstate, "'pim' modifier applied to %s", typestr);
5000 
5001 	case Q_VRRP:
5002 		bpf_error(cstate, "'vrrp' modifier applied to %s", typestr);
5003 
5004 	case Q_AARP:
5005 		bpf_error(cstate, "AARP host filtering not implemented");
5006 
5007 	case Q_ISO:
5008 		bpf_error(cstate, "ISO host filtering not implemented");
5009 
5010 	case Q_ESIS:
5011 		bpf_error(cstate, "'esis' modifier applied to %s", typestr);
5012 
5013 	case Q_ISIS:
5014 		bpf_error(cstate, "'isis' modifier applied to %s", typestr);
5015 
5016 	case Q_CLNP:
5017 		bpf_error(cstate, "'clnp' modifier applied to %s", typestr);
5018 
5019 	case Q_STP:
5020 		bpf_error(cstate, "'stp' modifier applied to %s", typestr);
5021 
5022 	case Q_IPX:
5023 		bpf_error(cstate, "IPX host filtering not implemented");
5024 
5025 	case Q_NETBEUI:
5026 		bpf_error(cstate, "'netbeui' modifier applied to %s", typestr);
5027 
5028 	case Q_ISIS_L1:
5029 		bpf_error(cstate, "'l1' modifier applied to %s", typestr);
5030 
5031 	case Q_ISIS_L2:
5032 		bpf_error(cstate, "'l2' modifier applied to %s", typestr);
5033 
5034 	case Q_ISIS_IIH:
5035 		bpf_error(cstate, "'iih' modifier applied to %s", typestr);
5036 
5037 	case Q_ISIS_SNP:
5038 		bpf_error(cstate, "'snp' modifier applied to %s", typestr);
5039 
5040 	case Q_ISIS_CSNP:
5041 		bpf_error(cstate, "'csnp' modifier applied to %s", typestr);
5042 
5043 	case Q_ISIS_PSNP:
5044 		bpf_error(cstate, "'psnp' modifier applied to %s", typestr);
5045 
5046 	case Q_ISIS_LSP:
5047 		bpf_error(cstate, "'lsp' modifier applied to %s", typestr);
5048 
5049 	case Q_RADIO:
5050 		bpf_error(cstate, "'radio' modifier applied to %s", typestr);
5051 
5052 	case Q_CARP:
5053 		bpf_error(cstate, "'carp' modifier applied to %s", typestr);
5054 
5055 	default:
5056 		abort();
5057 	}
5058 	/*NOTREACHED*/
5059 }
5060 
5061 #ifdef INET6
5062 static struct block *
5063 gen_host6(compiler_state_t *cstate, struct in6_addr *addr,
5064     struct in6_addr *mask, int proto, int dir, int type)
5065 {
5066 	const char *typestr;
5067 
5068 	if (type == Q_NET)
5069 		typestr = "net";
5070 	else
5071 		typestr = "host";
5072 
5073 	switch (proto) {
5074 
5075 	case Q_DEFAULT:
5076 		return gen_host6(cstate, addr, mask, Q_IPV6, dir, type);
5077 
5078 	case Q_LINK:
5079 		bpf_error(cstate, "link-layer modifier applied to ip6 %s", typestr);
5080 
5081 	case Q_IP:
5082 		bpf_error(cstate, "'ip' modifier applied to ip6 %s", typestr);
5083 
5084 	case Q_RARP:
5085 		bpf_error(cstate, "'rarp' modifier applied to ip6 %s", typestr);
5086 
5087 	case Q_ARP:
5088 		bpf_error(cstate, "'arp' modifier applied to ip6 %s", typestr);
5089 
5090 	case Q_SCTP:
5091 		bpf_error(cstate, "'sctp' modifier applied to ip6 %s", typestr);
5092 
5093 	case Q_TCP:
5094 		bpf_error(cstate, "'tcp' modifier applied to ip6 %s", typestr);
5095 
5096 	case Q_UDP:
5097 		bpf_error(cstate, "'udp' modifier applied to ip6 %s", typestr);
5098 
5099 	case Q_ICMP:
5100 		bpf_error(cstate, "'icmp' modifier applied to ip6 %s", typestr);
5101 
5102 	case Q_IGMP:
5103 		bpf_error(cstate, "'igmp' modifier applied to ip6 %s", typestr);
5104 
5105 	case Q_IGRP:
5106 		bpf_error(cstate, "'igrp' modifier applied to ip6 %s", typestr);
5107 
5108 	case Q_ATALK:
5109 		bpf_error(cstate, "AppleTalk modifier applied to ip6 %s", typestr);
5110 
5111 	case Q_DECNET:
5112 		bpf_error(cstate, "'decnet' modifier applied to ip6 %s", typestr);
5113 
5114 	case Q_LAT:
5115 		bpf_error(cstate, "'lat' modifier applied to ip6 %s", typestr);
5116 
5117 	case Q_SCA:
5118 		bpf_error(cstate, "'sca' modifier applied to ip6 %s", typestr);
5119 
5120 	case Q_MOPRC:
5121 		bpf_error(cstate, "'moprc' modifier applied to ip6 %s", typestr);
5122 
5123 	case Q_MOPDL:
5124 		bpf_error(cstate, "'mopdl' modifier applied to ip6 %s", typestr);
5125 
5126 	case Q_IPV6:
5127 		return gen_hostop6(cstate, addr, mask, dir, ETHERTYPE_IPV6, 8, 24);
5128 
5129 	case Q_ICMPV6:
5130 		bpf_error(cstate, "'icmp6' modifier applied to ip6 %s", typestr);
5131 
5132 	case Q_AH:
5133 		bpf_error(cstate, "'ah' modifier applied to ip6 %s", typestr);
5134 
5135 	case Q_ESP:
5136 		bpf_error(cstate, "'esp' modifier applied to ip6 %s", typestr);
5137 
5138 	case Q_PIM:
5139 		bpf_error(cstate, "'pim' modifier applied to ip6 %s", typestr);
5140 
5141 	case Q_VRRP:
5142 		bpf_error(cstate, "'vrrp' modifier applied to ip6 %s", typestr);
5143 
5144 	case Q_AARP:
5145 		bpf_error(cstate, "'aarp' modifier applied to ip6 %s", typestr);
5146 
5147 	case Q_ISO:
5148 		bpf_error(cstate, "'iso' modifier applied to ip6 %s", typestr);
5149 
5150 	case Q_ESIS:
5151 		bpf_error(cstate, "'esis' modifier applied to ip6 %s", typestr);
5152 
5153 	case Q_ISIS:
5154 		bpf_error(cstate, "'isis' modifier applied to ip6 %s", typestr);
5155 
5156 	case Q_CLNP:
5157 		bpf_error(cstate, "'clnp' modifier applied to ip6 %s", typestr);
5158 
5159 	case Q_STP:
5160 		bpf_error(cstate, "'stp' modifier applied to ip6 %s", typestr);
5161 
5162 	case Q_IPX:
5163 		bpf_error(cstate, "'ipx' modifier applied to ip6 %s", typestr);
5164 
5165 	case Q_NETBEUI:
5166 		bpf_error(cstate, "'netbeui' modifier applied to ip6 %s", typestr);
5167 
5168 	case Q_ISIS_L1:
5169 		bpf_error(cstate, "'l1' modifier applied to ip6 %s", typestr);
5170 
5171 	case Q_ISIS_L2:
5172 		bpf_error(cstate, "'l2' modifier applied to ip6 %s", typestr);
5173 
5174 	case Q_ISIS_IIH:
5175 		bpf_error(cstate, "'iih' modifier applied to ip6 %s", typestr);
5176 
5177 	case Q_ISIS_SNP:
5178 		bpf_error(cstate, "'snp' modifier applied to ip6 %s", typestr);
5179 
5180 	case Q_ISIS_CSNP:
5181 		bpf_error(cstate, "'csnp' modifier applied to ip6 %s", typestr);
5182 
5183 	case Q_ISIS_PSNP:
5184 		bpf_error(cstate, "'psnp' modifier applied to ip6 %s", typestr);
5185 
5186 	case Q_ISIS_LSP:
5187 		bpf_error(cstate, "'lsp' modifier applied to ip6 %s", typestr);
5188 
5189 	case Q_RADIO:
5190 		bpf_error(cstate, "'radio' modifier applied to ip6 %s", typestr);
5191 
5192 	case Q_CARP:
5193 		bpf_error(cstate, "'carp' modifier applied to ip6 %s", typestr);
5194 
5195 	default:
5196 		abort();
5197 	}
5198 	/*NOTREACHED*/
5199 }
5200 #endif
5201 
5202 #ifndef INET6
5203 static struct block *
5204 gen_gateway(compiler_state_t *cstate, const u_char *eaddr,
5205     struct addrinfo *alist, int proto, int dir)
5206 {
5207 	struct block *b0, *b1, *tmp;
5208 	struct addrinfo *ai;
5209 	struct sockaddr_in *sin;
5210 
5211 	if (dir != 0)
5212 		bpf_error(cstate, "direction applied to 'gateway'");
5213 
5214 	switch (proto) {
5215 	case Q_DEFAULT:
5216 	case Q_IP:
5217 	case Q_ARP:
5218 	case Q_RARP:
5219 		switch (cstate->linktype) {
5220 		case DLT_EN10MB:
5221 		case DLT_NETANALYZER:
5222 		case DLT_NETANALYZER_TRANSPARENT:
5223 			b1 = gen_prevlinkhdr_check(cstate);
5224 			b0 = gen_ehostop(cstate, eaddr, Q_OR);
5225 			if (b1 != NULL)
5226 				gen_and(b1, b0);
5227 			break;
5228 		case DLT_FDDI:
5229 			b0 = gen_fhostop(cstate, eaddr, Q_OR);
5230 			break;
5231 		case DLT_IEEE802:
5232 			b0 = gen_thostop(cstate, eaddr, Q_OR);
5233 			break;
5234 		case DLT_IEEE802_11:
5235 		case DLT_PRISM_HEADER:
5236 		case DLT_IEEE802_11_RADIO_AVS:
5237 		case DLT_IEEE802_11_RADIO:
5238 		case DLT_PPI:
5239 			b0 = gen_wlanhostop(cstate, eaddr, Q_OR);
5240 			break;
5241 		case DLT_SUNATM:
5242 			/*
5243 			 * This is LLC-multiplexed traffic; if it were
5244 			 * LANE, cstate->linktype would have been set to
5245 			 * DLT_EN10MB.
5246 			 */
5247 			bpf_error(cstate,
5248 			    "'gateway' supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
5249 			break;
5250 		case DLT_IP_OVER_FC:
5251 			b0 = gen_ipfchostop(cstate, eaddr, Q_OR);
5252 			break;
5253 		default:
5254 			bpf_error(cstate,
5255 			    "'gateway' supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
5256 		}
5257 		b1 = NULL;
5258 		for (ai = alist; ai != NULL; ai = ai->ai_next) {
5259 			/*
5260 			 * Does it have an address?
5261 			 */
5262 			if (ai->ai_addr != NULL) {
5263 				/*
5264 				 * Yes.  Is it an IPv4 address?
5265 				 */
5266 				if (ai->ai_addr->sa_family == AF_INET) {
5267 					/*
5268 					 * Generate an entry for it.
5269 					 */
5270 					sin = (struct sockaddr_in *)ai->ai_addr;
5271 					tmp = gen_host(cstate,
5272 					    ntohl(sin->sin_addr.s_addr),
5273 					    0xffffffff, proto, Q_OR, Q_HOST);
5274 					/*
5275 					 * Is it the *first* IPv4 address?
5276 					 */
5277 					if (b1 == NULL) {
5278 						/*
5279 						 * Yes, so start with it.
5280 						 */
5281 						b1 = tmp;
5282 					} else {
5283 						/*
5284 						 * No, so OR it into the
5285 						 * existing set of
5286 						 * addresses.
5287 						 */
5288 						gen_or(b1, tmp);
5289 						b1 = tmp;
5290 					}
5291 				}
5292 			}
5293 		}
5294 		if (b1 == NULL) {
5295 			/*
5296 			 * No IPv4 addresses found.
5297 			 */
5298 			return (NULL);
5299 		}
5300 		gen_not(b1);
5301 		gen_and(b0, b1);
5302 		return b1;
5303 	}
5304 	bpf_error(cstate, "illegal modifier of 'gateway'");
5305 	/*NOTREACHED*/
5306 }
5307 #endif
5308 
5309 static struct block *
5310 gen_proto_abbrev_internal(compiler_state_t *cstate, int proto)
5311 {
5312 	struct block *b0;
5313 	struct block *b1;
5314 
5315 	switch (proto) {
5316 
5317 	case Q_SCTP:
5318 		b1 = gen_proto(cstate, IPPROTO_SCTP, Q_IP, Q_DEFAULT);
5319 		b0 = gen_proto(cstate, IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
5320 		gen_or(b0, b1);
5321 		break;
5322 
5323 	case Q_TCP:
5324 		b1 = gen_proto(cstate, IPPROTO_TCP, Q_IP, Q_DEFAULT);
5325 		b0 = gen_proto(cstate, IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
5326 		gen_or(b0, b1);
5327 		break;
5328 
5329 	case Q_UDP:
5330 		b1 = gen_proto(cstate, IPPROTO_UDP, Q_IP, Q_DEFAULT);
5331 		b0 = gen_proto(cstate, IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
5332 		gen_or(b0, b1);
5333 		break;
5334 
5335 	case Q_ICMP:
5336 		b1 = gen_proto(cstate, IPPROTO_ICMP, Q_IP, Q_DEFAULT);
5337 		break;
5338 
5339 #ifndef	IPPROTO_IGMP
5340 #define	IPPROTO_IGMP	2
5341 #endif
5342 
5343 	case Q_IGMP:
5344 		b1 = gen_proto(cstate, IPPROTO_IGMP, Q_IP, Q_DEFAULT);
5345 		break;
5346 
5347 #ifndef	IPPROTO_IGRP
5348 #define	IPPROTO_IGRP	9
5349 #endif
5350 	case Q_IGRP:
5351 		b1 = gen_proto(cstate, IPPROTO_IGRP, Q_IP, Q_DEFAULT);
5352 		break;
5353 
5354 #ifndef IPPROTO_PIM
5355 #define IPPROTO_PIM	103
5356 #endif
5357 
5358 	case Q_PIM:
5359 		b1 = gen_proto(cstate, IPPROTO_PIM, Q_IP, Q_DEFAULT);
5360 		b0 = gen_proto(cstate, IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
5361 		gen_or(b0, b1);
5362 		break;
5363 
5364 #ifndef IPPROTO_VRRP
5365 #define IPPROTO_VRRP	112
5366 #endif
5367 
5368 	case Q_VRRP:
5369 		b1 = gen_proto(cstate, IPPROTO_VRRP, Q_IP, Q_DEFAULT);
5370 		break;
5371 
5372 #ifndef IPPROTO_CARP
5373 #define IPPROTO_CARP	112
5374 #endif
5375 
5376 	case Q_CARP:
5377 		b1 = gen_proto(cstate, IPPROTO_CARP, Q_IP, Q_DEFAULT);
5378 		break;
5379 
5380 	case Q_IP:
5381 		b1 = gen_linktype(cstate, ETHERTYPE_IP);
5382 		break;
5383 
5384 	case Q_ARP:
5385 		b1 = gen_linktype(cstate, ETHERTYPE_ARP);
5386 		break;
5387 
5388 	case Q_RARP:
5389 		b1 = gen_linktype(cstate, ETHERTYPE_REVARP);
5390 		break;
5391 
5392 	case Q_LINK:
5393 		bpf_error(cstate, "link layer applied in wrong context");
5394 
5395 	case Q_ATALK:
5396 		b1 = gen_linktype(cstate, ETHERTYPE_ATALK);
5397 		break;
5398 
5399 	case Q_AARP:
5400 		b1 = gen_linktype(cstate, ETHERTYPE_AARP);
5401 		break;
5402 
5403 	case Q_DECNET:
5404 		b1 = gen_linktype(cstate, ETHERTYPE_DN);
5405 		break;
5406 
5407 	case Q_SCA:
5408 		b1 = gen_linktype(cstate, ETHERTYPE_SCA);
5409 		break;
5410 
5411 	case Q_LAT:
5412 		b1 = gen_linktype(cstate, ETHERTYPE_LAT);
5413 		break;
5414 
5415 	case Q_MOPDL:
5416 		b1 = gen_linktype(cstate, ETHERTYPE_MOPDL);
5417 		break;
5418 
5419 	case Q_MOPRC:
5420 		b1 = gen_linktype(cstate, ETHERTYPE_MOPRC);
5421 		break;
5422 
5423 	case Q_IPV6:
5424 		b1 = gen_linktype(cstate, ETHERTYPE_IPV6);
5425 		break;
5426 
5427 #ifndef IPPROTO_ICMPV6
5428 #define IPPROTO_ICMPV6	58
5429 #endif
5430 	case Q_ICMPV6:
5431 		b1 = gen_proto(cstate, IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
5432 		break;
5433 
5434 #ifndef IPPROTO_AH
5435 #define IPPROTO_AH	51
5436 #endif
5437 	case Q_AH:
5438 		b1 = gen_proto(cstate, IPPROTO_AH, Q_IP, Q_DEFAULT);
5439 		b0 = gen_proto(cstate, IPPROTO_AH, Q_IPV6, Q_DEFAULT);
5440 		gen_or(b0, b1);
5441 		break;
5442 
5443 #ifndef IPPROTO_ESP
5444 #define IPPROTO_ESP	50
5445 #endif
5446 	case Q_ESP:
5447 		b1 = gen_proto(cstate, IPPROTO_ESP, Q_IP, Q_DEFAULT);
5448 		b0 = gen_proto(cstate, IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
5449 		gen_or(b0, b1);
5450 		break;
5451 
5452 	case Q_ISO:
5453 		b1 = gen_linktype(cstate, LLCSAP_ISONS);
5454 		break;
5455 
5456 	case Q_ESIS:
5457 		b1 = gen_proto(cstate, ISO9542_ESIS, Q_ISO, Q_DEFAULT);
5458 		break;
5459 
5460 	case Q_ISIS:
5461 		b1 = gen_proto(cstate, ISO10589_ISIS, Q_ISO, Q_DEFAULT);
5462 		break;
5463 
5464 	case Q_ISIS_L1: /* all IS-IS Level1 PDU-Types */
5465 		b0 = gen_proto(cstate, ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
5466 		b1 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
5467 		gen_or(b0, b1);
5468 		b0 = gen_proto(cstate, ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
5469 		gen_or(b0, b1);
5470 		b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
5471 		gen_or(b0, b1);
5472 		b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
5473 		gen_or(b0, b1);
5474 		break;
5475 
5476 	case Q_ISIS_L2: /* all IS-IS Level2 PDU-Types */
5477 		b0 = gen_proto(cstate, ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
5478 		b1 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT); /* FIXME extract the circuit-type bits */
5479 		gen_or(b0, b1);
5480 		b0 = gen_proto(cstate, ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
5481 		gen_or(b0, b1);
5482 		b0 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
5483 		gen_or(b0, b1);
5484 		b0 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
5485 		gen_or(b0, b1);
5486 		break;
5487 
5488 	case Q_ISIS_IIH: /* all IS-IS Hello PDU-Types */
5489 		b0 = gen_proto(cstate, ISIS_L1_LAN_IIH, Q_ISIS, Q_DEFAULT);
5490 		b1 = gen_proto(cstate, ISIS_L2_LAN_IIH, Q_ISIS, Q_DEFAULT);
5491 		gen_or(b0, b1);
5492 		b0 = gen_proto(cstate, ISIS_PTP_IIH, Q_ISIS, Q_DEFAULT);
5493 		gen_or(b0, b1);
5494 		break;
5495 
5496 	case Q_ISIS_LSP:
5497 		b0 = gen_proto(cstate, ISIS_L1_LSP, Q_ISIS, Q_DEFAULT);
5498 		b1 = gen_proto(cstate, ISIS_L2_LSP, Q_ISIS, Q_DEFAULT);
5499 		gen_or(b0, b1);
5500 		break;
5501 
5502 	case Q_ISIS_SNP:
5503 		b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
5504 		b1 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
5505 		gen_or(b0, b1);
5506 		b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
5507 		gen_or(b0, b1);
5508 		b0 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
5509 		gen_or(b0, b1);
5510 		break;
5511 
5512 	case Q_ISIS_CSNP:
5513 		b0 = gen_proto(cstate, ISIS_L1_CSNP, Q_ISIS, Q_DEFAULT);
5514 		b1 = gen_proto(cstate, ISIS_L2_CSNP, Q_ISIS, Q_DEFAULT);
5515 		gen_or(b0, b1);
5516 		break;
5517 
5518 	case Q_ISIS_PSNP:
5519 		b0 = gen_proto(cstate, ISIS_L1_PSNP, Q_ISIS, Q_DEFAULT);
5520 		b1 = gen_proto(cstate, ISIS_L2_PSNP, Q_ISIS, Q_DEFAULT);
5521 		gen_or(b0, b1);
5522 		break;
5523 
5524 	case Q_CLNP:
5525 		b1 = gen_proto(cstate, ISO8473_CLNP, Q_ISO, Q_DEFAULT);
5526 		break;
5527 
5528 	case Q_STP:
5529 		b1 = gen_linktype(cstate, LLCSAP_8021D);
5530 		break;
5531 
5532 	case Q_IPX:
5533 		b1 = gen_linktype(cstate, LLCSAP_IPX);
5534 		break;
5535 
5536 	case Q_NETBEUI:
5537 		b1 = gen_linktype(cstate, LLCSAP_NETBEUI);
5538 		break;
5539 
5540 	case Q_RADIO:
5541 		bpf_error(cstate, "'radio' is not a valid protocol type");
5542 
5543 	default:
5544 		abort();
5545 	}
5546 	return b1;
5547 }
5548 
5549 struct block *
5550 gen_proto_abbrev(compiler_state_t *cstate, int proto)
5551 {
5552 	/*
5553 	 * Catch errors reported by us and routines below us, and return NULL
5554 	 * on an error.
5555 	 */
5556 	if (setjmp(cstate->top_ctx))
5557 		return (NULL);
5558 
5559 	return gen_proto_abbrev_internal(cstate, proto);
5560 }
5561 
5562 static struct block *
5563 gen_ipfrag(compiler_state_t *cstate)
5564 {
5565 	struct slist *s;
5566 	struct block *b;
5567 
5568 	/* not IPv4 frag other than the first frag */
5569 	s = gen_load_a(cstate, OR_LINKPL, 6, BPF_H);
5570 	b = new_block(cstate, JMP(BPF_JSET));
5571 	b->s.k = 0x1fff;
5572 	b->stmts = s;
5573 	gen_not(b);
5574 
5575 	return b;
5576 }
5577 
5578 /*
5579  * Generate a comparison to a port value in the transport-layer header
5580  * at the specified offset from the beginning of that header.
5581  *
5582  * XXX - this handles a variable-length prefix preceding the link-layer
5583  * header, such as the radiotap or AVS radio prefix, but doesn't handle
5584  * variable-length link-layer headers (such as Token Ring or 802.11
5585  * headers).
5586  */
5587 static struct block *
5588 gen_portatom(compiler_state_t *cstate, int off, bpf_u_int32 v)
5589 {
5590 	return gen_cmp(cstate, OR_TRAN_IPV4, off, BPF_H, v);
5591 }
5592 
5593 static struct block *
5594 gen_portatom6(compiler_state_t *cstate, int off, bpf_u_int32 v)
5595 {
5596 	return gen_cmp(cstate, OR_TRAN_IPV6, off, BPF_H, v);
5597 }
5598 
5599 static struct block *
5600 gen_portop(compiler_state_t *cstate, u_int port, u_int proto, int dir)
5601 {
5602 	struct block *b0, *b1, *tmp;
5603 
5604 	/* ip proto 'proto' and not a fragment other than the first fragment */
5605 	tmp = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, proto);
5606 	b0 = gen_ipfrag(cstate);
5607 	gen_and(tmp, b0);
5608 
5609 	switch (dir) {
5610 	case Q_SRC:
5611 		b1 = gen_portatom(cstate, 0, port);
5612 		break;
5613 
5614 	case Q_DST:
5615 		b1 = gen_portatom(cstate, 2, port);
5616 		break;
5617 
5618 	case Q_AND:
5619 		tmp = gen_portatom(cstate, 0, port);
5620 		b1 = gen_portatom(cstate, 2, port);
5621 		gen_and(tmp, b1);
5622 		break;
5623 
5624 	case Q_DEFAULT:
5625 	case Q_OR:
5626 		tmp = gen_portatom(cstate, 0, port);
5627 		b1 = gen_portatom(cstate, 2, port);
5628 		gen_or(tmp, b1);
5629 		break;
5630 
5631 	case Q_ADDR1:
5632 		bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for ports");
5633 		/*NOTREACHED*/
5634 
5635 	case Q_ADDR2:
5636 		bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for ports");
5637 		/*NOTREACHED*/
5638 
5639 	case Q_ADDR3:
5640 		bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for ports");
5641 		/*NOTREACHED*/
5642 
5643 	case Q_ADDR4:
5644 		bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for ports");
5645 		/*NOTREACHED*/
5646 
5647 	case Q_RA:
5648 		bpf_error(cstate, "'ra' is not a valid qualifier for ports");
5649 		/*NOTREACHED*/
5650 
5651 	case Q_TA:
5652 		bpf_error(cstate, "'ta' is not a valid qualifier for ports");
5653 		/*NOTREACHED*/
5654 
5655 	default:
5656 		abort();
5657 		/*NOTREACHED*/
5658 	}
5659 	gen_and(b0, b1);
5660 
5661 	return b1;
5662 }
5663 
5664 static struct block *
5665 gen_port(compiler_state_t *cstate, u_int port, int ip_proto, int dir)
5666 {
5667 	struct block *b0, *b1, *tmp;
5668 
5669 	/*
5670 	 * ether proto ip
5671 	 *
5672 	 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
5673 	 * not LLC encapsulation with LLCSAP_IP.
5674 	 *
5675 	 * For IEEE 802 networks - which includes 802.5 token ring
5676 	 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
5677 	 * says that SNAP encapsulation is used, not LLC encapsulation
5678 	 * with LLCSAP_IP.
5679 	 *
5680 	 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
5681 	 * RFC 2225 say that SNAP encapsulation is used, not LLC
5682 	 * encapsulation with LLCSAP_IP.
5683 	 *
5684 	 * So we always check for ETHERTYPE_IP.
5685 	 */
5686 	b0 = gen_linktype(cstate, ETHERTYPE_IP);
5687 
5688 	switch (ip_proto) {
5689 	case IPPROTO_UDP:
5690 	case IPPROTO_TCP:
5691 	case IPPROTO_SCTP:
5692 		b1 = gen_portop(cstate, port, (u_int)ip_proto, dir);
5693 		break;
5694 
5695 	case PROTO_UNDEF:
5696 		tmp = gen_portop(cstate, port, IPPROTO_TCP, dir);
5697 		b1 = gen_portop(cstate, port, IPPROTO_UDP, dir);
5698 		gen_or(tmp, b1);
5699 		tmp = gen_portop(cstate, port, IPPROTO_SCTP, dir);
5700 		gen_or(tmp, b1);
5701 		break;
5702 
5703 	default:
5704 		abort();
5705 	}
5706 	gen_and(b0, b1);
5707 	return b1;
5708 }
5709 
5710 struct block *
5711 gen_portop6(compiler_state_t *cstate, u_int port, u_int proto, int dir)
5712 {
5713 	struct block *b0, *b1, *tmp;
5714 
5715 	/* ip6 proto 'proto' */
5716 	/* XXX - catch the first fragment of a fragmented packet? */
5717 	b0 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, proto);
5718 
5719 	switch (dir) {
5720 	case Q_SRC:
5721 		b1 = gen_portatom6(cstate, 0, port);
5722 		break;
5723 
5724 	case Q_DST:
5725 		b1 = gen_portatom6(cstate, 2, port);
5726 		break;
5727 
5728 	case Q_AND:
5729 		tmp = gen_portatom6(cstate, 0, port);
5730 		b1 = gen_portatom6(cstate, 2, port);
5731 		gen_and(tmp, b1);
5732 		break;
5733 
5734 	case Q_DEFAULT:
5735 	case Q_OR:
5736 		tmp = gen_portatom6(cstate, 0, port);
5737 		b1 = gen_portatom6(cstate, 2, port);
5738 		gen_or(tmp, b1);
5739 		break;
5740 
5741 	default:
5742 		abort();
5743 	}
5744 	gen_and(b0, b1);
5745 
5746 	return b1;
5747 }
5748 
5749 static struct block *
5750 gen_port6(compiler_state_t *cstate, u_int port, int ip_proto, int dir)
5751 {
5752 	struct block *b0, *b1, *tmp;
5753 
5754 	/* link proto ip6 */
5755 	b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
5756 
5757 	switch (ip_proto) {
5758 	case IPPROTO_UDP:
5759 	case IPPROTO_TCP:
5760 	case IPPROTO_SCTP:
5761 		b1 = gen_portop6(cstate, port, (u_int)ip_proto, dir);
5762 		break;
5763 
5764 	case PROTO_UNDEF:
5765 		tmp = gen_portop6(cstate, port, IPPROTO_TCP, dir);
5766 		b1 = gen_portop6(cstate, port, IPPROTO_UDP, dir);
5767 		gen_or(tmp, b1);
5768 		tmp = gen_portop6(cstate, port, IPPROTO_SCTP, dir);
5769 		gen_or(tmp, b1);
5770 		break;
5771 
5772 	default:
5773 		abort();
5774 	}
5775 	gen_and(b0, b1);
5776 	return b1;
5777 }
5778 
5779 /* gen_portrange code */
5780 static struct block *
5781 gen_portrangeatom(compiler_state_t *cstate, u_int off, bpf_u_int32 v1,
5782     bpf_u_int32 v2)
5783 {
5784 	struct block *b1, *b2;
5785 
5786 	if (v1 > v2) {
5787 		/*
5788 		 * Reverse the order of the ports, so v1 is the lower one.
5789 		 */
5790 		bpf_u_int32 vtemp;
5791 
5792 		vtemp = v1;
5793 		v1 = v2;
5794 		v2 = vtemp;
5795 	}
5796 
5797 	b1 = gen_cmp_ge(cstate, OR_TRAN_IPV4, off, BPF_H, v1);
5798 	b2 = gen_cmp_le(cstate, OR_TRAN_IPV4, off, BPF_H, v2);
5799 
5800 	gen_and(b1, b2);
5801 
5802 	return b2;
5803 }
5804 
5805 static struct block *
5806 gen_portrangeop(compiler_state_t *cstate, u_int port1, u_int port2,
5807     bpf_u_int32 proto, int dir)
5808 {
5809 	struct block *b0, *b1, *tmp;
5810 
5811 	/* ip proto 'proto' and not a fragment other than the first fragment */
5812 	tmp = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, proto);
5813 	b0 = gen_ipfrag(cstate);
5814 	gen_and(tmp, b0);
5815 
5816 	switch (dir) {
5817 	case Q_SRC:
5818 		b1 = gen_portrangeatom(cstate, 0, port1, port2);
5819 		break;
5820 
5821 	case Q_DST:
5822 		b1 = gen_portrangeatom(cstate, 2, port1, port2);
5823 		break;
5824 
5825 	case Q_AND:
5826 		tmp = gen_portrangeatom(cstate, 0, port1, port2);
5827 		b1 = gen_portrangeatom(cstate, 2, port1, port2);
5828 		gen_and(tmp, b1);
5829 		break;
5830 
5831 	case Q_DEFAULT:
5832 	case Q_OR:
5833 		tmp = gen_portrangeatom(cstate, 0, port1, port2);
5834 		b1 = gen_portrangeatom(cstate, 2, port1, port2);
5835 		gen_or(tmp, b1);
5836 		break;
5837 
5838 	case Q_ADDR1:
5839 		bpf_error(cstate, "'addr1' and 'address1' are not valid qualifiers for port ranges");
5840 		/*NOTREACHED*/
5841 
5842 	case Q_ADDR2:
5843 		bpf_error(cstate, "'addr2' and 'address2' are not valid qualifiers for port ranges");
5844 		/*NOTREACHED*/
5845 
5846 	case Q_ADDR3:
5847 		bpf_error(cstate, "'addr3' and 'address3' are not valid qualifiers for port ranges");
5848 		/*NOTREACHED*/
5849 
5850 	case Q_ADDR4:
5851 		bpf_error(cstate, "'addr4' and 'address4' are not valid qualifiers for port ranges");
5852 		/*NOTREACHED*/
5853 
5854 	case Q_RA:
5855 		bpf_error(cstate, "'ra' is not a valid qualifier for port ranges");
5856 		/*NOTREACHED*/
5857 
5858 	case Q_TA:
5859 		bpf_error(cstate, "'ta' is not a valid qualifier for port ranges");
5860 		/*NOTREACHED*/
5861 
5862 	default:
5863 		abort();
5864 		/*NOTREACHED*/
5865 	}
5866 	gen_and(b0, b1);
5867 
5868 	return b1;
5869 }
5870 
5871 static struct block *
5872 gen_portrange(compiler_state_t *cstate, u_int port1, u_int port2, int ip_proto,
5873     int dir)
5874 {
5875 	struct block *b0, *b1, *tmp;
5876 
5877 	/* link proto ip */
5878 	b0 = gen_linktype(cstate, ETHERTYPE_IP);
5879 
5880 	switch (ip_proto) {
5881 	case IPPROTO_UDP:
5882 	case IPPROTO_TCP:
5883 	case IPPROTO_SCTP:
5884 		b1 = gen_portrangeop(cstate, port1, port2, (bpf_u_int32)ip_proto,
5885 		    dir);
5886 		break;
5887 
5888 	case PROTO_UNDEF:
5889 		tmp = gen_portrangeop(cstate, port1, port2, IPPROTO_TCP, dir);
5890 		b1 = gen_portrangeop(cstate, port1, port2, IPPROTO_UDP, dir);
5891 		gen_or(tmp, b1);
5892 		tmp = gen_portrangeop(cstate, port1, port2, IPPROTO_SCTP, dir);
5893 		gen_or(tmp, b1);
5894 		break;
5895 
5896 	default:
5897 		abort();
5898 	}
5899 	gen_and(b0, b1);
5900 	return b1;
5901 }
5902 
5903 static struct block *
5904 gen_portrangeatom6(compiler_state_t *cstate, u_int off, bpf_u_int32 v1,
5905     bpf_u_int32 v2)
5906 {
5907 	struct block *b1, *b2;
5908 
5909 	if (v1 > v2) {
5910 		/*
5911 		 * Reverse the order of the ports, so v1 is the lower one.
5912 		 */
5913 		bpf_u_int32 vtemp;
5914 
5915 		vtemp = v1;
5916 		v1 = v2;
5917 		v2 = vtemp;
5918 	}
5919 
5920 	b1 = gen_cmp_ge(cstate, OR_TRAN_IPV6, off, BPF_H, v1);
5921 	b2 = gen_cmp_le(cstate, OR_TRAN_IPV6, off, BPF_H, v2);
5922 
5923 	gen_and(b1, b2);
5924 
5925 	return b2;
5926 }
5927 
5928 static struct block *
5929 gen_portrangeop6(compiler_state_t *cstate, u_int port1, u_int port2,
5930     bpf_u_int32 proto, int dir)
5931 {
5932 	struct block *b0, *b1, *tmp;
5933 
5934 	/* ip6 proto 'proto' */
5935 	/* XXX - catch the first fragment of a fragmented packet? */
5936 	b0 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, proto);
5937 
5938 	switch (dir) {
5939 	case Q_SRC:
5940 		b1 = gen_portrangeatom6(cstate, 0, port1, port2);
5941 		break;
5942 
5943 	case Q_DST:
5944 		b1 = gen_portrangeatom6(cstate, 2, port1, port2);
5945 		break;
5946 
5947 	case Q_AND:
5948 		tmp = gen_portrangeatom6(cstate, 0, port1, port2);
5949 		b1 = gen_portrangeatom6(cstate, 2, port1, port2);
5950 		gen_and(tmp, b1);
5951 		break;
5952 
5953 	case Q_DEFAULT:
5954 	case Q_OR:
5955 		tmp = gen_portrangeatom6(cstate, 0, port1, port2);
5956 		b1 = gen_portrangeatom6(cstate, 2, port1, port2);
5957 		gen_or(tmp, b1);
5958 		break;
5959 
5960 	default:
5961 		abort();
5962 	}
5963 	gen_and(b0, b1);
5964 
5965 	return b1;
5966 }
5967 
5968 static struct block *
5969 gen_portrange6(compiler_state_t *cstate, u_int port1, u_int port2, int ip_proto,
5970     int dir)
5971 {
5972 	struct block *b0, *b1, *tmp;
5973 
5974 	/* link proto ip6 */
5975 	b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
5976 
5977 	switch (ip_proto) {
5978 	case IPPROTO_UDP:
5979 	case IPPROTO_TCP:
5980 	case IPPROTO_SCTP:
5981 		b1 = gen_portrangeop6(cstate, port1, port2, (bpf_u_int32)ip_proto,
5982 		    dir);
5983 		break;
5984 
5985 	case PROTO_UNDEF:
5986 		tmp = gen_portrangeop6(cstate, port1, port2, IPPROTO_TCP, dir);
5987 		b1 = gen_portrangeop6(cstate, port1, port2, IPPROTO_UDP, dir);
5988 		gen_or(tmp, b1);
5989 		tmp = gen_portrangeop6(cstate, port1, port2, IPPROTO_SCTP, dir);
5990 		gen_or(tmp, b1);
5991 		break;
5992 
5993 	default:
5994 		abort();
5995 	}
5996 	gen_and(b0, b1);
5997 	return b1;
5998 }
5999 
6000 static int
6001 lookup_proto(compiler_state_t *cstate, const char *name, int proto)
6002 {
6003 	register int v;
6004 
6005 	switch (proto) {
6006 
6007 	case Q_DEFAULT:
6008 	case Q_IP:
6009 	case Q_IPV6:
6010 		v = pcap_nametoproto(name);
6011 		if (v == PROTO_UNDEF)
6012 			bpf_error(cstate, "unknown ip proto '%s'", name);
6013 		break;
6014 
6015 	case Q_LINK:
6016 		/* XXX should look up h/w protocol type based on cstate->linktype */
6017 		v = pcap_nametoeproto(name);
6018 		if (v == PROTO_UNDEF) {
6019 			v = pcap_nametollc(name);
6020 			if (v == PROTO_UNDEF)
6021 				bpf_error(cstate, "unknown ether proto '%s'", name);
6022 		}
6023 		break;
6024 
6025 	case Q_ISO:
6026 		if (strcmp(name, "esis") == 0)
6027 			v = ISO9542_ESIS;
6028 		else if (strcmp(name, "isis") == 0)
6029 			v = ISO10589_ISIS;
6030 		else if (strcmp(name, "clnp") == 0)
6031 			v = ISO8473_CLNP;
6032 		else
6033 			bpf_error(cstate, "unknown osi proto '%s'", name);
6034 		break;
6035 
6036 	default:
6037 		v = PROTO_UNDEF;
6038 		break;
6039 	}
6040 	return v;
6041 }
6042 
6043 #if 0
6044 struct stmt *
6045 gen_joinsp(struct stmt **s, int n)
6046 {
6047 	return NULL;
6048 }
6049 #endif
6050 
6051 static struct block *
6052 gen_protochain(compiler_state_t *cstate, bpf_u_int32 v, int proto)
6053 {
6054 #ifdef NO_PROTOCHAIN
6055 	return gen_proto(cstate, v, proto);
6056 #else
6057 	struct block *b0, *b;
6058 	struct slist *s[100];
6059 	int fix2, fix3, fix4, fix5;
6060 	int ahcheck, again, end;
6061 	int i, max;
6062 	int reg2 = alloc_reg(cstate);
6063 
6064 	memset(s, 0, sizeof(s));
6065 	fix3 = fix4 = fix5 = 0;
6066 
6067 	switch (proto) {
6068 	case Q_IP:
6069 	case Q_IPV6:
6070 		break;
6071 	case Q_DEFAULT:
6072 		b0 = gen_protochain(cstate, v, Q_IP);
6073 		b = gen_protochain(cstate, v, Q_IPV6);
6074 		gen_or(b0, b);
6075 		return b;
6076 	default:
6077 		bpf_error(cstate, "bad protocol applied for 'protochain'");
6078 		/*NOTREACHED*/
6079 	}
6080 
6081 	/*
6082 	 * We don't handle variable-length prefixes before the link-layer
6083 	 * header, or variable-length link-layer headers, here yet.
6084 	 * We might want to add BPF instructions to do the protochain
6085 	 * work, to simplify that and, on platforms that have a BPF
6086 	 * interpreter with the new instructions, let the filtering
6087 	 * be done in the kernel.  (We already require a modified BPF
6088 	 * engine to do the protochain stuff, to support backward
6089 	 * branches, and backward branch support is unlikely to appear
6090 	 * in kernel BPF engines.)
6091 	 */
6092 	if (cstate->off_linkpl.is_variable)
6093 		bpf_error(cstate, "'protochain' not supported with variable length headers");
6094 
6095 	/*
6096 	 * To quote a comment in optimize.c:
6097 	 *
6098 	 * "These data structures are used in a Cocke and Shwarz style
6099 	 * value numbering scheme.  Since the flowgraph is acyclic,
6100 	 * exit values can be propagated from a node's predecessors
6101 	 * provided it is uniquely defined."
6102 	 *
6103 	 * "Acyclic" means "no backward branches", which means "no
6104 	 * loops", so we have to turn the optimizer off.
6105 	 */
6106 	cstate->no_optimize = 1;
6107 
6108 	/*
6109 	 * s[0] is a dummy entry to protect other BPF insn from damage
6110 	 * by s[fix] = foo with uninitialized variable "fix".  It is somewhat
6111 	 * hard to find interdependency made by jump table fixup.
6112 	 */
6113 	i = 0;
6114 	s[i] = new_stmt(cstate, 0);	/*dummy*/
6115 	i++;
6116 
6117 	switch (proto) {
6118 	case Q_IP:
6119 		b0 = gen_linktype(cstate, ETHERTYPE_IP);
6120 
6121 		/* A = ip->ip_p */
6122 		s[i] = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B);
6123 		s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 9;
6124 		i++;
6125 		/* X = ip->ip_hl << 2 */
6126 		s[i] = new_stmt(cstate, BPF_LDX|BPF_MSH|BPF_B);
6127 		s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6128 		i++;
6129 		break;
6130 
6131 	case Q_IPV6:
6132 		b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
6133 
6134 		/* A = ip6->ip_nxt */
6135 		s[i] = new_stmt(cstate, BPF_LD|BPF_ABS|BPF_B);
6136 		s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 6;
6137 		i++;
6138 		/* X = sizeof(struct ip6_hdr) */
6139 		s[i] = new_stmt(cstate, BPF_LDX|BPF_IMM);
6140 		s[i]->s.k = 40;
6141 		i++;
6142 		break;
6143 
6144 	default:
6145 		bpf_error(cstate, "unsupported proto to gen_protochain");
6146 		/*NOTREACHED*/
6147 	}
6148 
6149 	/* again: if (A == v) goto end; else fall through; */
6150 	again = i;
6151 	s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6152 	s[i]->s.k = v;
6153 	s[i]->s.jt = NULL;		/*later*/
6154 	s[i]->s.jf = NULL;		/*update in next stmt*/
6155 	fix5 = i;
6156 	i++;
6157 
6158 #ifndef IPPROTO_NONE
6159 #define IPPROTO_NONE	59
6160 #endif
6161 	/* if (A == IPPROTO_NONE) goto end */
6162 	s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6163 	s[i]->s.jt = NULL;	/*later*/
6164 	s[i]->s.jf = NULL;	/*update in next stmt*/
6165 	s[i]->s.k = IPPROTO_NONE;
6166 	s[fix5]->s.jf = s[i];
6167 	fix2 = i;
6168 	i++;
6169 
6170 	if (proto == Q_IPV6) {
6171 		int v6start, v6end, v6advance, j;
6172 
6173 		v6start = i;
6174 		/* if (A == IPPROTO_HOPOPTS) goto v6advance */
6175 		s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6176 		s[i]->s.jt = NULL;	/*later*/
6177 		s[i]->s.jf = NULL;	/*update in next stmt*/
6178 		s[i]->s.k = IPPROTO_HOPOPTS;
6179 		s[fix2]->s.jf = s[i];
6180 		i++;
6181 		/* if (A == IPPROTO_DSTOPTS) goto v6advance */
6182 		s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6183 		s[i]->s.jt = NULL;	/*later*/
6184 		s[i]->s.jf = NULL;	/*update in next stmt*/
6185 		s[i]->s.k = IPPROTO_DSTOPTS;
6186 		i++;
6187 		/* if (A == IPPROTO_ROUTING) goto v6advance */
6188 		s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6189 		s[i]->s.jt = NULL;	/*later*/
6190 		s[i]->s.jf = NULL;	/*update in next stmt*/
6191 		s[i]->s.k = IPPROTO_ROUTING;
6192 		i++;
6193 		/* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */
6194 		s[i - 1]->s.jf = s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6195 		s[i]->s.jt = NULL;	/*later*/
6196 		s[i]->s.jf = NULL;	/*later*/
6197 		s[i]->s.k = IPPROTO_FRAGMENT;
6198 		fix3 = i;
6199 		v6end = i;
6200 		i++;
6201 
6202 		/* v6advance: */
6203 		v6advance = i;
6204 
6205 		/*
6206 		 * in short,
6207 		 * A = P[X + packet head];
6208 		 * X = X + (P[X + packet head + 1] + 1) * 8;
6209 		 */
6210 		/* A = P[X + packet head] */
6211 		s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
6212 		s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6213 		i++;
6214 		/* MEM[reg2] = A */
6215 		s[i] = new_stmt(cstate, BPF_ST);
6216 		s[i]->s.k = reg2;
6217 		i++;
6218 		/* A = P[X + packet head + 1]; */
6219 		s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
6220 		s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 1;
6221 		i++;
6222 		/* A += 1 */
6223 		s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
6224 		s[i]->s.k = 1;
6225 		i++;
6226 		/* A *= 8 */
6227 		s[i] = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K);
6228 		s[i]->s.k = 8;
6229 		i++;
6230 		/* A += X */
6231 		s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X);
6232 		s[i]->s.k = 0;
6233 		i++;
6234 		/* X = A; */
6235 		s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX);
6236 		i++;
6237 		/* A = MEM[reg2] */
6238 		s[i] = new_stmt(cstate, BPF_LD|BPF_MEM);
6239 		s[i]->s.k = reg2;
6240 		i++;
6241 
6242 		/* goto again; (must use BPF_JA for backward jump) */
6243 		s[i] = new_stmt(cstate, BPF_JMP|BPF_JA);
6244 		s[i]->s.k = again - i - 1;
6245 		s[i - 1]->s.jf = s[i];
6246 		i++;
6247 
6248 		/* fixup */
6249 		for (j = v6start; j <= v6end; j++)
6250 			s[j]->s.jt = s[v6advance];
6251 	} else {
6252 		/* nop */
6253 		s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
6254 		s[i]->s.k = 0;
6255 		s[fix2]->s.jf = s[i];
6256 		i++;
6257 	}
6258 
6259 	/* ahcheck: */
6260 	ahcheck = i;
6261 	/* if (A == IPPROTO_AH) then fall through; else goto end; */
6262 	s[i] = new_stmt(cstate, BPF_JMP|BPF_JEQ|BPF_K);
6263 	s[i]->s.jt = NULL;	/*later*/
6264 	s[i]->s.jf = NULL;	/*later*/
6265 	s[i]->s.k = IPPROTO_AH;
6266 	if (fix3)
6267 		s[fix3]->s.jf = s[ahcheck];
6268 	fix4 = i;
6269 	i++;
6270 
6271 	/*
6272 	 * in short,
6273 	 * A = P[X];
6274 	 * X = X + (P[X + 1] + 2) * 4;
6275 	 */
6276 	/* A = X */
6277 	s[i - 1]->s.jt = s[i] = new_stmt(cstate, BPF_MISC|BPF_TXA);
6278 	i++;
6279 	/* A = P[X + packet head]; */
6280 	s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
6281 	s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6282 	i++;
6283 	/* MEM[reg2] = A */
6284 	s[i] = new_stmt(cstate, BPF_ST);
6285 	s[i]->s.k = reg2;
6286 	i++;
6287 	/* A = X */
6288 	s[i - 1]->s.jt = s[i] = new_stmt(cstate, BPF_MISC|BPF_TXA);
6289 	i++;
6290 	/* A += 1 */
6291 	s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
6292 	s[i]->s.k = 1;
6293 	i++;
6294 	/* X = A */
6295 	s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX);
6296 	i++;
6297 	/* A = P[X + packet head] */
6298 	s[i] = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
6299 	s[i]->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
6300 	i++;
6301 	/* A += 2 */
6302 	s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
6303 	s[i]->s.k = 2;
6304 	i++;
6305 	/* A *= 4 */
6306 	s[i] = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K);
6307 	s[i]->s.k = 4;
6308 	i++;
6309 	/* X = A; */
6310 	s[i] = new_stmt(cstate, BPF_MISC|BPF_TAX);
6311 	i++;
6312 	/* A = MEM[reg2] */
6313 	s[i] = new_stmt(cstate, BPF_LD|BPF_MEM);
6314 	s[i]->s.k = reg2;
6315 	i++;
6316 
6317 	/* goto again; (must use BPF_JA for backward jump) */
6318 	s[i] = new_stmt(cstate, BPF_JMP|BPF_JA);
6319 	s[i]->s.k = again - i - 1;
6320 	i++;
6321 
6322 	/* end: nop */
6323 	end = i;
6324 	s[i] = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
6325 	s[i]->s.k = 0;
6326 	s[fix2]->s.jt = s[end];
6327 	s[fix4]->s.jf = s[end];
6328 	s[fix5]->s.jt = s[end];
6329 	i++;
6330 
6331 	/*
6332 	 * make slist chain
6333 	 */
6334 	max = i;
6335 	for (i = 0; i < max - 1; i++)
6336 		s[i]->next = s[i + 1];
6337 	s[max - 1]->next = NULL;
6338 
6339 	/*
6340 	 * emit final check
6341 	 */
6342 	b = new_block(cstate, JMP(BPF_JEQ));
6343 	b->stmts = s[1];	/*remember, s[0] is dummy*/
6344 	b->s.k = v;
6345 
6346 	free_reg(cstate, reg2);
6347 
6348 	gen_and(b0, b);
6349 	return b;
6350 #endif
6351 }
6352 
6353 static struct block *
6354 gen_check_802_11_data_frame(compiler_state_t *cstate)
6355 {
6356 	struct slist *s;
6357 	struct block *b0, *b1;
6358 
6359 	/*
6360 	 * A data frame has the 0x08 bit (b3) in the frame control field set
6361 	 * and the 0x04 bit (b2) clear.
6362 	 */
6363 	s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
6364 	b0 = new_block(cstate, JMP(BPF_JSET));
6365 	b0->s.k = 0x08;
6366 	b0->stmts = s;
6367 
6368 	s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
6369 	b1 = new_block(cstate, JMP(BPF_JSET));
6370 	b1->s.k = 0x04;
6371 	b1->stmts = s;
6372 	gen_not(b1);
6373 
6374 	gen_and(b1, b0);
6375 
6376 	return b0;
6377 }
6378 
6379 /*
6380  * Generate code that checks whether the packet is a packet for protocol
6381  * <proto> and whether the type field in that protocol's header has
6382  * the value <v>, e.g. if <proto> is Q_IP, it checks whether it's an
6383  * IP packet and checks the protocol number in the IP header against <v>.
6384  *
6385  * If <proto> is Q_DEFAULT, i.e. just "proto" was specified, it checks
6386  * against Q_IP and Q_IPV6.
6387  */
6388 static struct block *
6389 gen_proto(compiler_state_t *cstate, bpf_u_int32 v, int proto, int dir)
6390 {
6391 	struct block *b0, *b1;
6392 #ifndef CHASE_CHAIN
6393 	struct block *b2;
6394 #endif
6395 
6396 	if (dir != Q_DEFAULT)
6397 		bpf_error(cstate, "direction applied to 'proto'");
6398 
6399 	switch (proto) {
6400 	case Q_DEFAULT:
6401 		b0 = gen_proto(cstate, v, Q_IP, dir);
6402 		b1 = gen_proto(cstate, v, Q_IPV6, dir);
6403 		gen_or(b0, b1);
6404 		return b1;
6405 
6406 	case Q_LINK:
6407 		return gen_linktype(cstate, v);
6408 
6409 	case Q_IP:
6410 		/*
6411 		 * For FDDI, RFC 1188 says that SNAP encapsulation is used,
6412 		 * not LLC encapsulation with LLCSAP_IP.
6413 		 *
6414 		 * For IEEE 802 networks - which includes 802.5 token ring
6415 		 * (which is what DLT_IEEE802 means) and 802.11 - RFC 1042
6416 		 * says that SNAP encapsulation is used, not LLC encapsulation
6417 		 * with LLCSAP_IP.
6418 		 *
6419 		 * For LLC-encapsulated ATM/"Classical IP", RFC 1483 and
6420 		 * RFC 2225 say that SNAP encapsulation is used, not LLC
6421 		 * encapsulation with LLCSAP_IP.
6422 		 *
6423 		 * So we always check for ETHERTYPE_IP.
6424 		 */
6425 		b0 = gen_linktype(cstate, ETHERTYPE_IP);
6426 #ifndef CHASE_CHAIN
6427 		b1 = gen_cmp(cstate, OR_LINKPL, 9, BPF_B, v);
6428 #else
6429 		b1 = gen_protochain(cstate, v, Q_IP);
6430 #endif
6431 		gen_and(b0, b1);
6432 		return b1;
6433 
6434 	case Q_ARP:
6435 		bpf_error(cstate, "arp does not encapsulate another protocol");
6436 		/*NOTREACHED*/
6437 
6438 	case Q_RARP:
6439 		bpf_error(cstate, "rarp does not encapsulate another protocol");
6440 		/*NOTREACHED*/
6441 
6442 	case Q_SCTP:
6443 		bpf_error(cstate, "'sctp proto' is bogus");
6444 		/*NOTREACHED*/
6445 
6446 	case Q_TCP:
6447 		bpf_error(cstate, "'tcp proto' is bogus");
6448 		/*NOTREACHED*/
6449 
6450 	case Q_UDP:
6451 		bpf_error(cstate, "'udp proto' is bogus");
6452 		/*NOTREACHED*/
6453 
6454 	case Q_ICMP:
6455 		bpf_error(cstate, "'icmp proto' is bogus");
6456 		/*NOTREACHED*/
6457 
6458 	case Q_IGMP:
6459 		bpf_error(cstate, "'igmp proto' is bogus");
6460 		/*NOTREACHED*/
6461 
6462 	case Q_IGRP:
6463 		bpf_error(cstate, "'igrp proto' is bogus");
6464 		/*NOTREACHED*/
6465 
6466 	case Q_ATALK:
6467 		bpf_error(cstate, "AppleTalk encapsulation is not specifiable");
6468 		/*NOTREACHED*/
6469 
6470 	case Q_DECNET:
6471 		bpf_error(cstate, "DECNET encapsulation is not specifiable");
6472 		/*NOTREACHED*/
6473 
6474 	case Q_LAT:
6475 		bpf_error(cstate, "LAT does not encapsulate another protocol");
6476 		/*NOTREACHED*/
6477 
6478 	case Q_SCA:
6479 		bpf_error(cstate, "SCA does not encapsulate another protocol");
6480 		/*NOTREACHED*/
6481 
6482 	case Q_MOPRC:
6483 		bpf_error(cstate, "MOPRC does not encapsulate another protocol");
6484 		/*NOTREACHED*/
6485 
6486 	case Q_MOPDL:
6487 		bpf_error(cstate, "MOPDL does not encapsulate another protocol");
6488 		/*NOTREACHED*/
6489 
6490 	case Q_IPV6:
6491 		b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
6492 #ifndef CHASE_CHAIN
6493 		/*
6494 		 * Also check for a fragment header before the final
6495 		 * header.
6496 		 */
6497 		b2 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, IPPROTO_FRAGMENT);
6498 		b1 = gen_cmp(cstate, OR_LINKPL, 40, BPF_B, v);
6499 		gen_and(b2, b1);
6500 		b2 = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, v);
6501 		gen_or(b2, b1);
6502 #else
6503 		b1 = gen_protochain(cstate, v, Q_IPV6);
6504 #endif
6505 		gen_and(b0, b1);
6506 		return b1;
6507 
6508 	case Q_ICMPV6:
6509 		bpf_error(cstate, "'icmp6 proto' is bogus");
6510 		/*NOTREACHED*/
6511 
6512 	case Q_AH:
6513 		bpf_error(cstate, "'ah proto' is bogus");
6514 		/*NOTREACHED*/
6515 
6516 	case Q_ESP:
6517 		bpf_error(cstate, "'esp proto' is bogus");
6518 		/*NOTREACHED*/
6519 
6520 	case Q_PIM:
6521 		bpf_error(cstate, "'pim proto' is bogus");
6522 		/*NOTREACHED*/
6523 
6524 	case Q_VRRP:
6525 		bpf_error(cstate, "'vrrp proto' is bogus");
6526 		/*NOTREACHED*/
6527 
6528 	case Q_AARP:
6529 		bpf_error(cstate, "'aarp proto' is bogus");
6530 		/*NOTREACHED*/
6531 
6532 	case Q_ISO:
6533 		switch (cstate->linktype) {
6534 
6535 		case DLT_FRELAY:
6536 			/*
6537 			 * Frame Relay packets typically have an OSI
6538 			 * NLPID at the beginning; "gen_linktype(cstate, LLCSAP_ISONS)"
6539 			 * generates code to check for all the OSI
6540 			 * NLPIDs, so calling it and then adding a check
6541 			 * for the particular NLPID for which we're
6542 			 * looking is bogus, as we can just check for
6543 			 * the NLPID.
6544 			 *
6545 			 * What we check for is the NLPID and a frame
6546 			 * control field value of UI, i.e. 0x03 followed
6547 			 * by the NLPID.
6548 			 *
6549 			 * XXX - assumes a 2-byte Frame Relay header with
6550 			 * DLCI and flags.  What if the address is longer?
6551 			 *
6552 			 * XXX - what about SNAP-encapsulated frames?
6553 			 */
6554 			return gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, (0x03<<8) | v);
6555 			/*NOTREACHED*/
6556 
6557 		case DLT_C_HDLC:
6558 			/*
6559 			 * Cisco uses an Ethertype lookalike - for OSI,
6560 			 * it's 0xfefe.
6561 			 */
6562 			b0 = gen_linktype(cstate, LLCSAP_ISONS<<8 | LLCSAP_ISONS);
6563 			/* OSI in C-HDLC is stuffed with a fudge byte */
6564 			b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 1, BPF_B, v);
6565 			gen_and(b0, b1);
6566 			return b1;
6567 
6568 		default:
6569 			b0 = gen_linktype(cstate, LLCSAP_ISONS);
6570 			b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 0, BPF_B, v);
6571 			gen_and(b0, b1);
6572 			return b1;
6573 		}
6574 
6575 	case Q_ESIS:
6576 		bpf_error(cstate, "'esis proto' is bogus");
6577 		/*NOTREACHED*/
6578 
6579 	case Q_ISIS:
6580 		b0 = gen_proto(cstate, ISO10589_ISIS, Q_ISO, Q_DEFAULT);
6581 		/*
6582 		 * 4 is the offset of the PDU type relative to the IS-IS
6583 		 * header.
6584 		 */
6585 		b1 = gen_cmp(cstate, OR_LINKPL_NOSNAP, 4, BPF_B, v);
6586 		gen_and(b0, b1);
6587 		return b1;
6588 
6589 	case Q_CLNP:
6590 		bpf_error(cstate, "'clnp proto' is not supported");
6591 		/*NOTREACHED*/
6592 
6593 	case Q_STP:
6594 		bpf_error(cstate, "'stp proto' is bogus");
6595 		/*NOTREACHED*/
6596 
6597 	case Q_IPX:
6598 		bpf_error(cstate, "'ipx proto' is bogus");
6599 		/*NOTREACHED*/
6600 
6601 	case Q_NETBEUI:
6602 		bpf_error(cstate, "'netbeui proto' is bogus");
6603 		/*NOTREACHED*/
6604 
6605 	case Q_ISIS_L1:
6606 		bpf_error(cstate, "'l1 proto' is bogus");
6607 		/*NOTREACHED*/
6608 
6609 	case Q_ISIS_L2:
6610 		bpf_error(cstate, "'l2 proto' is bogus");
6611 		/*NOTREACHED*/
6612 
6613 	case Q_ISIS_IIH:
6614 		bpf_error(cstate, "'iih proto' is bogus");
6615 		/*NOTREACHED*/
6616 
6617 	case Q_ISIS_SNP:
6618 		bpf_error(cstate, "'snp proto' is bogus");
6619 		/*NOTREACHED*/
6620 
6621 	case Q_ISIS_CSNP:
6622 		bpf_error(cstate, "'csnp proto' is bogus");
6623 		/*NOTREACHED*/
6624 
6625 	case Q_ISIS_PSNP:
6626 		bpf_error(cstate, "'psnp proto' is bogus");
6627 		/*NOTREACHED*/
6628 
6629 	case Q_ISIS_LSP:
6630 		bpf_error(cstate, "'lsp proto' is bogus");
6631 		/*NOTREACHED*/
6632 
6633 	case Q_RADIO:
6634 		bpf_error(cstate, "'radio proto' is bogus");
6635 		/*NOTREACHED*/
6636 
6637 	case Q_CARP:
6638 		bpf_error(cstate, "'carp proto' is bogus");
6639 		/*NOTREACHED*/
6640 
6641 	default:
6642 		abort();
6643 		/*NOTREACHED*/
6644 	}
6645 	/*NOTREACHED*/
6646 }
6647 
6648 struct block *
6649 gen_scode(compiler_state_t *cstate, const char *name, struct qual q)
6650 {
6651 	int proto = q.proto;
6652 	int dir = q.dir;
6653 	int tproto;
6654 	u_char *eaddr;
6655 	bpf_u_int32 mask, addr;
6656 	struct addrinfo *res, *res0;
6657 	struct sockaddr_in *sin4;
6658 #ifdef INET6
6659 	int tproto6;
6660 	struct sockaddr_in6 *sin6;
6661 	struct in6_addr mask128;
6662 #endif /*INET6*/
6663 	struct block *b, *tmp;
6664 	int port, real_proto;
6665 	int port1, port2;
6666 
6667 	/*
6668 	 * Catch errors reported by us and routines below us, and return NULL
6669 	 * on an error.
6670 	 */
6671 	if (setjmp(cstate->top_ctx))
6672 		return (NULL);
6673 
6674 	switch (q.addr) {
6675 
6676 	case Q_NET:
6677 		addr = pcap_nametonetaddr(name);
6678 		if (addr == 0)
6679 			bpf_error(cstate, "unknown network '%s'", name);
6680 		/* Left justify network addr and calculate its network mask */
6681 		mask = 0xffffffff;
6682 		while (addr && (addr & 0xff000000) == 0) {
6683 			addr <<= 8;
6684 			mask <<= 8;
6685 		}
6686 		return gen_host(cstate, addr, mask, proto, dir, q.addr);
6687 
6688 	case Q_DEFAULT:
6689 	case Q_HOST:
6690 		if (proto == Q_LINK) {
6691 			switch (cstate->linktype) {
6692 
6693 			case DLT_EN10MB:
6694 			case DLT_NETANALYZER:
6695 			case DLT_NETANALYZER_TRANSPARENT:
6696 				eaddr = pcap_ether_hostton(name);
6697 				if (eaddr == NULL)
6698 					bpf_error(cstate,
6699 					    "unknown ether host '%s'", name);
6700 				tmp = gen_prevlinkhdr_check(cstate);
6701 				b = gen_ehostop(cstate, eaddr, dir);
6702 				if (tmp != NULL)
6703 					gen_and(tmp, b);
6704 				free(eaddr);
6705 				return b;
6706 
6707 			case DLT_FDDI:
6708 				eaddr = pcap_ether_hostton(name);
6709 				if (eaddr == NULL)
6710 					bpf_error(cstate,
6711 					    "unknown FDDI host '%s'", name);
6712 				b = gen_fhostop(cstate, eaddr, dir);
6713 				free(eaddr);
6714 				return b;
6715 
6716 			case DLT_IEEE802:
6717 				eaddr = pcap_ether_hostton(name);
6718 				if (eaddr == NULL)
6719 					bpf_error(cstate,
6720 					    "unknown token ring host '%s'", name);
6721 				b = gen_thostop(cstate, eaddr, dir);
6722 				free(eaddr);
6723 				return b;
6724 
6725 			case DLT_IEEE802_11:
6726 			case DLT_PRISM_HEADER:
6727 			case DLT_IEEE802_11_RADIO_AVS:
6728 			case DLT_IEEE802_11_RADIO:
6729 			case DLT_PPI:
6730 				eaddr = pcap_ether_hostton(name);
6731 				if (eaddr == NULL)
6732 					bpf_error(cstate,
6733 					    "unknown 802.11 host '%s'", name);
6734 				b = gen_wlanhostop(cstate, eaddr, dir);
6735 				free(eaddr);
6736 				return b;
6737 
6738 			case DLT_IP_OVER_FC:
6739 				eaddr = pcap_ether_hostton(name);
6740 				if (eaddr == NULL)
6741 					bpf_error(cstate,
6742 					    "unknown Fibre Channel host '%s'", name);
6743 				b = gen_ipfchostop(cstate, eaddr, dir);
6744 				free(eaddr);
6745 				return b;
6746 			}
6747 
6748 			bpf_error(cstate, "only ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel supports link-level host name");
6749 		} else if (proto == Q_DECNET) {
6750 			unsigned short dn_addr;
6751 
6752 			if (!__pcap_nametodnaddr(name, &dn_addr)) {
6753 #ifdef	DECNETLIB
6754 				bpf_error(cstate, "unknown decnet host name '%s'\n", name);
6755 #else
6756 				bpf_error(cstate, "decnet name support not included, '%s' cannot be translated\n",
6757 					name);
6758 #endif
6759 			}
6760 			/*
6761 			 * I don't think DECNET hosts can be multihomed, so
6762 			 * there is no need to build up a list of addresses
6763 			 */
6764 			return (gen_host(cstate, dn_addr, 0, proto, dir, q.addr));
6765 		} else {
6766 #ifdef INET6
6767 			memset(&mask128, 0xff, sizeof(mask128));
6768 #endif
6769 			res0 = res = pcap_nametoaddrinfo(name);
6770 			if (res == NULL)
6771 				bpf_error(cstate, "unknown host '%s'", name);
6772 			cstate->ai = res;
6773 			b = tmp = NULL;
6774 			tproto = proto;
6775 #ifdef INET6
6776 			tproto6 = proto;
6777 #endif
6778 			if (cstate->off_linktype.constant_part == OFFSET_NOT_SET &&
6779 			    tproto == Q_DEFAULT) {
6780 				tproto = Q_IP;
6781 #ifdef INET6
6782 				tproto6 = Q_IPV6;
6783 #endif
6784 			}
6785 			for (res = res0; res; res = res->ai_next) {
6786 				switch (res->ai_family) {
6787 				case AF_INET:
6788 #ifdef INET6
6789 					if (tproto == Q_IPV6)
6790 						continue;
6791 #endif
6792 
6793 					sin4 = (struct sockaddr_in *)
6794 						res->ai_addr;
6795 					tmp = gen_host(cstate, ntohl(sin4->sin_addr.s_addr),
6796 						0xffffffff, tproto, dir, q.addr);
6797 					break;
6798 #ifdef INET6
6799 				case AF_INET6:
6800 					if (tproto6 == Q_IP)
6801 						continue;
6802 
6803 					sin6 = (struct sockaddr_in6 *)
6804 						res->ai_addr;
6805 					tmp = gen_host6(cstate, &sin6->sin6_addr,
6806 						&mask128, tproto6, dir, q.addr);
6807 					break;
6808 #endif
6809 				default:
6810 					continue;
6811 				}
6812 				if (b)
6813 					gen_or(b, tmp);
6814 				b = tmp;
6815 			}
6816 			cstate->ai = NULL;
6817 			freeaddrinfo(res0);
6818 			if (b == NULL) {
6819 				bpf_error(cstate, "unknown host '%s'%s", name,
6820 				    (proto == Q_DEFAULT)
6821 					? ""
6822 					: " for specified address family");
6823 			}
6824 			return b;
6825 		}
6826 
6827 	case Q_PORT:
6828 		if (proto != Q_DEFAULT &&
6829 		    proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
6830 			bpf_error(cstate, "illegal qualifier of 'port'");
6831 		if (pcap_nametoport(name, &port, &real_proto) == 0)
6832 			bpf_error(cstate, "unknown port '%s'", name);
6833 		if (proto == Q_UDP) {
6834 			if (real_proto == IPPROTO_TCP)
6835 				bpf_error(cstate, "port '%s' is tcp", name);
6836 			else if (real_proto == IPPROTO_SCTP)
6837 				bpf_error(cstate, "port '%s' is sctp", name);
6838 			else
6839 				/* override PROTO_UNDEF */
6840 				real_proto = IPPROTO_UDP;
6841 		}
6842 		if (proto == Q_TCP) {
6843 			if (real_proto == IPPROTO_UDP)
6844 				bpf_error(cstate, "port '%s' is udp", name);
6845 
6846 			else if (real_proto == IPPROTO_SCTP)
6847 				bpf_error(cstate, "port '%s' is sctp", name);
6848 			else
6849 				/* override PROTO_UNDEF */
6850 				real_proto = IPPROTO_TCP;
6851 		}
6852 		if (proto == Q_SCTP) {
6853 			if (real_proto == IPPROTO_UDP)
6854 				bpf_error(cstate, "port '%s' is udp", name);
6855 
6856 			else if (real_proto == IPPROTO_TCP)
6857 				bpf_error(cstate, "port '%s' is tcp", name);
6858 			else
6859 				/* override PROTO_UNDEF */
6860 				real_proto = IPPROTO_SCTP;
6861 		}
6862 		if (port < 0)
6863 			bpf_error(cstate, "illegal port number %d < 0", port);
6864 		if (port > 65535)
6865 			bpf_error(cstate, "illegal port number %d > 65535", port);
6866 		b = gen_port(cstate, port, real_proto, dir);
6867 		gen_or(gen_port6(cstate, port, real_proto, dir), b);
6868 		return b;
6869 
6870 	case Q_PORTRANGE:
6871 		if (proto != Q_DEFAULT &&
6872 		    proto != Q_UDP && proto != Q_TCP && proto != Q_SCTP)
6873 			bpf_error(cstate, "illegal qualifier of 'portrange'");
6874 		if (pcap_nametoportrange(name, &port1, &port2, &real_proto) == 0)
6875 			bpf_error(cstate, "unknown port in range '%s'", name);
6876 		if (proto == Q_UDP) {
6877 			if (real_proto == IPPROTO_TCP)
6878 				bpf_error(cstate, "port in range '%s' is tcp", name);
6879 			else if (real_proto == IPPROTO_SCTP)
6880 				bpf_error(cstate, "port in range '%s' is sctp", name);
6881 			else
6882 				/* override PROTO_UNDEF */
6883 				real_proto = IPPROTO_UDP;
6884 		}
6885 		if (proto == Q_TCP) {
6886 			if (real_proto == IPPROTO_UDP)
6887 				bpf_error(cstate, "port in range '%s' is udp", name);
6888 			else if (real_proto == IPPROTO_SCTP)
6889 				bpf_error(cstate, "port in range '%s' is sctp", name);
6890 			else
6891 				/* override PROTO_UNDEF */
6892 				real_proto = IPPROTO_TCP;
6893 		}
6894 		if (proto == Q_SCTP) {
6895 			if (real_proto == IPPROTO_UDP)
6896 				bpf_error(cstate, "port in range '%s' is udp", name);
6897 			else if (real_proto == IPPROTO_TCP)
6898 				bpf_error(cstate, "port in range '%s' is tcp", name);
6899 			else
6900 				/* override PROTO_UNDEF */
6901 				real_proto = IPPROTO_SCTP;
6902 		}
6903 		if (port1 < 0)
6904 			bpf_error(cstate, "illegal port number %d < 0", port1);
6905 		if (port1 > 65535)
6906 			bpf_error(cstate, "illegal port number %d > 65535", port1);
6907 		if (port2 < 0)
6908 			bpf_error(cstate, "illegal port number %d < 0", port2);
6909 		if (port2 > 65535)
6910 			bpf_error(cstate, "illegal port number %d > 65535", port2);
6911 
6912 		b = gen_portrange(cstate, port1, port2, real_proto, dir);
6913 		gen_or(gen_portrange6(cstate, port1, port2, real_proto, dir), b);
6914 		return b;
6915 
6916 	case Q_GATEWAY:
6917 #ifndef INET6
6918 		eaddr = pcap_ether_hostton(name);
6919 		if (eaddr == NULL)
6920 			bpf_error(cstate, "unknown ether host: %s", name);
6921 
6922 		res = pcap_nametoaddrinfo(name);
6923 		cstate->ai = res;
6924 		if (res == NULL)
6925 			bpf_error(cstate, "unknown host '%s'", name);
6926 		b = gen_gateway(cstate, eaddr, res, proto, dir);
6927 		cstate->ai = NULL;
6928 		freeaddrinfo(res);
6929 		if (b == NULL)
6930 			bpf_error(cstate, "unknown host '%s'", name);
6931 		return b;
6932 #else
6933 		bpf_error(cstate, "'gateway' not supported in this configuration");
6934 #endif /*INET6*/
6935 
6936 	case Q_PROTO:
6937 		real_proto = lookup_proto(cstate, name, proto);
6938 		if (real_proto >= 0)
6939 			return gen_proto(cstate, real_proto, proto, dir);
6940 		else
6941 			bpf_error(cstate, "unknown protocol: %s", name);
6942 
6943 	case Q_PROTOCHAIN:
6944 		real_proto = lookup_proto(cstate, name, proto);
6945 		if (real_proto >= 0)
6946 			return gen_protochain(cstate, real_proto, proto);
6947 		else
6948 			bpf_error(cstate, "unknown protocol: %s", name);
6949 
6950 	case Q_UNDEF:
6951 		syntax(cstate);
6952 		/*NOTREACHED*/
6953 	}
6954 	abort();
6955 	/*NOTREACHED*/
6956 }
6957 
6958 struct block *
6959 gen_mcode(compiler_state_t *cstate, const char *s1, const char *s2,
6960     bpf_u_int32 masklen, struct qual q)
6961 {
6962 	register int nlen, mlen;
6963 	bpf_u_int32 n, m;
6964 
6965 	/*
6966 	 * Catch errors reported by us and routines below us, and return NULL
6967 	 * on an error.
6968 	 */
6969 	if (setjmp(cstate->top_ctx))
6970 		return (NULL);
6971 
6972 	nlen = __pcap_atoin(s1, &n);
6973 	if (nlen < 0)
6974 		bpf_error(cstate, "invalid IPv4 address '%s'", s1);
6975 	/* Promote short ipaddr */
6976 	n <<= 32 - nlen;
6977 
6978 	if (s2 != NULL) {
6979 		mlen = __pcap_atoin(s2, &m);
6980 		if (mlen < 0)
6981 			bpf_error(cstate, "invalid IPv4 address '%s'", s2);
6982 		/* Promote short ipaddr */
6983 		m <<= 32 - mlen;
6984 		if ((n & ~m) != 0)
6985 			bpf_error(cstate, "non-network bits set in \"%s mask %s\"",
6986 			    s1, s2);
6987 	} else {
6988 		/* Convert mask len to mask */
6989 		if (masklen > 32)
6990 			bpf_error(cstate, "mask length must be <= 32");
6991 		if (masklen == 0) {
6992 			/*
6993 			 * X << 32 is not guaranteed by C to be 0; it's
6994 			 * undefined.
6995 			 */
6996 			m = 0;
6997 		} else
6998 			m = 0xffffffff << (32 - masklen);
6999 		if ((n & ~m) != 0)
7000 			bpf_error(cstate, "non-network bits set in \"%s/%d\"",
7001 			    s1, masklen);
7002 	}
7003 
7004 	switch (q.addr) {
7005 
7006 	case Q_NET:
7007 		return gen_host(cstate, n, m, q.proto, q.dir, q.addr);
7008 
7009 	default:
7010 		bpf_error(cstate, "Mask syntax for networks only");
7011 		/*NOTREACHED*/
7012 	}
7013 	/*NOTREACHED*/
7014 }
7015 
7016 struct block *
7017 gen_ncode(compiler_state_t *cstate, const char *s, bpf_u_int32 v, struct qual q)
7018 {
7019 	bpf_u_int32 mask;
7020 	int proto;
7021 	int dir;
7022 	register int vlen;
7023 
7024 	/*
7025 	 * Catch errors reported by us and routines below us, and return NULL
7026 	 * on an error.
7027 	 */
7028 	if (setjmp(cstate->top_ctx))
7029 		return (NULL);
7030 
7031 	proto = q.proto;
7032 	dir = q.dir;
7033 	if (s == NULL)
7034 		vlen = 32;
7035 	else if (q.proto == Q_DECNET) {
7036 		vlen = __pcap_atodn(s, &v);
7037 		if (vlen == 0)
7038 			bpf_error(cstate, "malformed decnet address '%s'", s);
7039 	} else {
7040 		vlen = __pcap_atoin(s, &v);
7041 		if (vlen < 0)
7042 			bpf_error(cstate, "invalid IPv4 address '%s'", s);
7043 	}
7044 
7045 	switch (q.addr) {
7046 
7047 	case Q_DEFAULT:
7048 	case Q_HOST:
7049 	case Q_NET:
7050 		if (proto == Q_DECNET)
7051 			return gen_host(cstate, v, 0, proto, dir, q.addr);
7052 		else if (proto == Q_LINK) {
7053 			bpf_error(cstate, "illegal link layer address");
7054 		} else {
7055 			mask = 0xffffffff;
7056 			if (s == NULL && q.addr == Q_NET) {
7057 				/* Promote short net number */
7058 				while (v && (v & 0xff000000) == 0) {
7059 					v <<= 8;
7060 					mask <<= 8;
7061 				}
7062 			} else {
7063 				/* Promote short ipaddr */
7064 				v <<= 32 - vlen;
7065 				mask <<= 32 - vlen ;
7066 			}
7067 			return gen_host(cstate, v, mask, proto, dir, q.addr);
7068 		}
7069 
7070 	case Q_PORT:
7071 		if (proto == Q_UDP)
7072 			proto = IPPROTO_UDP;
7073 		else if (proto == Q_TCP)
7074 			proto = IPPROTO_TCP;
7075 		else if (proto == Q_SCTP)
7076 			proto = IPPROTO_SCTP;
7077 		else if (proto == Q_DEFAULT)
7078 			proto = PROTO_UNDEF;
7079 		else
7080 			bpf_error(cstate, "illegal qualifier of 'port'");
7081 
7082 		if (v > 65535)
7083 			bpf_error(cstate, "illegal port number %u > 65535", v);
7084 
7085 	    {
7086 		struct block *b;
7087 		b = gen_port(cstate, v, proto, dir);
7088 		gen_or(gen_port6(cstate, v, proto, dir), b);
7089 		return b;
7090 	    }
7091 
7092 	case Q_PORTRANGE:
7093 		if (proto == Q_UDP)
7094 			proto = IPPROTO_UDP;
7095 		else if (proto == Q_TCP)
7096 			proto = IPPROTO_TCP;
7097 		else if (proto == Q_SCTP)
7098 			proto = IPPROTO_SCTP;
7099 		else if (proto == Q_DEFAULT)
7100 			proto = PROTO_UNDEF;
7101 		else
7102 			bpf_error(cstate, "illegal qualifier of 'portrange'");
7103 
7104 		if (v > 65535)
7105 			bpf_error(cstate, "illegal port number %u > 65535", v);
7106 
7107 	    {
7108 		struct block *b;
7109 		b = gen_portrange(cstate, v, v, proto, dir);
7110 		gen_or(gen_portrange6(cstate, v, v, proto, dir), b);
7111 		return b;
7112 	    }
7113 
7114 	case Q_GATEWAY:
7115 		bpf_error(cstate, "'gateway' requires a name");
7116 		/*NOTREACHED*/
7117 
7118 	case Q_PROTO:
7119 		return gen_proto(cstate, v, proto, dir);
7120 
7121 	case Q_PROTOCHAIN:
7122 		return gen_protochain(cstate, v, proto);
7123 
7124 	case Q_UNDEF:
7125 		syntax(cstate);
7126 		/*NOTREACHED*/
7127 
7128 	default:
7129 		abort();
7130 		/*NOTREACHED*/
7131 	}
7132 	/*NOTREACHED*/
7133 }
7134 
7135 #ifdef INET6
7136 struct block *
7137 gen_mcode6(compiler_state_t *cstate, const char *s1, const char *s2,
7138     bpf_u_int32 masklen, struct qual q)
7139 {
7140 	struct addrinfo *res;
7141 	struct in6_addr *addr;
7142 	struct in6_addr mask;
7143 	struct block *b;
7144 	uint32_t *a, *m;
7145 
7146 	/*
7147 	 * Catch errors reported by us and routines below us, and return NULL
7148 	 * on an error.
7149 	 */
7150 	if (setjmp(cstate->top_ctx))
7151 		return (NULL);
7152 
7153 	if (s2)
7154 		bpf_error(cstate, "no mask %s supported", s2);
7155 
7156 	res = pcap_nametoaddrinfo(s1);
7157 	if (!res)
7158 		bpf_error(cstate, "invalid ip6 address %s", s1);
7159 	cstate->ai = res;
7160 	if (res->ai_next)
7161 		bpf_error(cstate, "%s resolved to multiple address", s1);
7162 	addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr;
7163 
7164 	if (masklen > sizeof(mask.s6_addr) * 8)
7165 		bpf_error(cstate, "mask length must be <= %u", (unsigned int)(sizeof(mask.s6_addr) * 8));
7166 	memset(&mask, 0, sizeof(mask));
7167 	memset(&mask.s6_addr, 0xff, masklen / 8);
7168 	if (masklen % 8) {
7169 		mask.s6_addr[masklen / 8] =
7170 			(0xff << (8 - masklen % 8)) & 0xff;
7171 	}
7172 
7173 	a = (uint32_t *)addr;
7174 	m = (uint32_t *)&mask;
7175 	if ((a[0] & ~m[0]) || (a[1] & ~m[1])
7176 	 || (a[2] & ~m[2]) || (a[3] & ~m[3])) {
7177 		bpf_error(cstate, "non-network bits set in \"%s/%d\"", s1, masklen);
7178 	}
7179 
7180 	switch (q.addr) {
7181 
7182 	case Q_DEFAULT:
7183 	case Q_HOST:
7184 		if (masklen != 128)
7185 			bpf_error(cstate, "Mask syntax for networks only");
7186 		/* FALLTHROUGH */
7187 
7188 	case Q_NET:
7189 		b = gen_host6(cstate, addr, &mask, q.proto, q.dir, q.addr);
7190 		cstate->ai = NULL;
7191 		freeaddrinfo(res);
7192 		return b;
7193 
7194 	default:
7195 		bpf_error(cstate, "invalid qualifier against IPv6 address");
7196 		/*NOTREACHED*/
7197 	}
7198 }
7199 #endif /*INET6*/
7200 
7201 struct block *
7202 gen_ecode(compiler_state_t *cstate, const char *s, struct qual q)
7203 {
7204 	struct block *b, *tmp;
7205 
7206 	/*
7207 	 * Catch errors reported by us and routines below us, and return NULL
7208 	 * on an error.
7209 	 */
7210 	if (setjmp(cstate->top_ctx))
7211 		return (NULL);
7212 
7213 	if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
7214 		cstate->e = pcap_ether_aton(s);
7215 		if (cstate->e == NULL)
7216 			bpf_error(cstate, "malloc");
7217 		switch (cstate->linktype) {
7218 		case DLT_EN10MB:
7219 		case DLT_NETANALYZER:
7220 		case DLT_NETANALYZER_TRANSPARENT:
7221 			tmp = gen_prevlinkhdr_check(cstate);
7222 			b = gen_ehostop(cstate, cstate->e, (int)q.dir);
7223 			if (tmp != NULL)
7224 				gen_and(tmp, b);
7225 			break;
7226 		case DLT_FDDI:
7227 			b = gen_fhostop(cstate, cstate->e, (int)q.dir);
7228 			break;
7229 		case DLT_IEEE802:
7230 			b = gen_thostop(cstate, cstate->e, (int)q.dir);
7231 			break;
7232 		case DLT_IEEE802_11:
7233 		case DLT_PRISM_HEADER:
7234 		case DLT_IEEE802_11_RADIO_AVS:
7235 		case DLT_IEEE802_11_RADIO:
7236 		case DLT_PPI:
7237 			b = gen_wlanhostop(cstate, cstate->e, (int)q.dir);
7238 			break;
7239 		case DLT_IP_OVER_FC:
7240 			b = gen_ipfchostop(cstate, cstate->e, (int)q.dir);
7241 			break;
7242 		default:
7243 			free(cstate->e);
7244 			cstate->e = NULL;
7245 			bpf_error(cstate, "ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel");
7246 			/*NOTREACHED*/
7247 		}
7248 		free(cstate->e);
7249 		cstate->e = NULL;
7250 		return (b);
7251 	}
7252 	bpf_error(cstate, "ethernet address used in non-ether expression");
7253 	/*NOTREACHED*/
7254 }
7255 
7256 void
7257 sappend(struct slist *s0, struct slist *s1)
7258 {
7259 	/*
7260 	 * This is definitely not the best way to do this, but the
7261 	 * lists will rarely get long.
7262 	 */
7263 	while (s0->next)
7264 		s0 = s0->next;
7265 	s0->next = s1;
7266 }
7267 
7268 static struct slist *
7269 xfer_to_x(compiler_state_t *cstate, struct arth *a)
7270 {
7271 	struct slist *s;
7272 
7273 	s = new_stmt(cstate, BPF_LDX|BPF_MEM);
7274 	s->s.k = a->regno;
7275 	return s;
7276 }
7277 
7278 static struct slist *
7279 xfer_to_a(compiler_state_t *cstate, struct arth *a)
7280 {
7281 	struct slist *s;
7282 
7283 	s = new_stmt(cstate, BPF_LD|BPF_MEM);
7284 	s->s.k = a->regno;
7285 	return s;
7286 }
7287 
7288 /*
7289  * Modify "index" to use the value stored into its register as an
7290  * offset relative to the beginning of the header for the protocol
7291  * "proto", and allocate a register and put an item "size" bytes long
7292  * (1, 2, or 4) at that offset into that register, making it the register
7293  * for "index".
7294  */
7295 static struct arth *
7296 gen_load_internal(compiler_state_t *cstate, int proto, struct arth *inst,
7297     bpf_u_int32 size)
7298 {
7299 	int size_code;
7300 	struct slist *s, *tmp;
7301 	struct block *b;
7302 	int regno = alloc_reg(cstate);
7303 
7304 	free_reg(cstate, inst->regno);
7305 	switch (size) {
7306 
7307 	default:
7308 		bpf_error(cstate, "data size must be 1, 2, or 4");
7309 		/*NOTREACHED*/
7310 
7311 	case 1:
7312 		size_code = BPF_B;
7313 		break;
7314 
7315 	case 2:
7316 		size_code = BPF_H;
7317 		break;
7318 
7319 	case 4:
7320 		size_code = BPF_W;
7321 		break;
7322 	}
7323 	switch (proto) {
7324 	default:
7325 		bpf_error(cstate, "unsupported index operation");
7326 
7327 	case Q_RADIO:
7328 		/*
7329 		 * The offset is relative to the beginning of the packet
7330 		 * data, if we have a radio header.  (If we don't, this
7331 		 * is an error.)
7332 		 */
7333 		if (cstate->linktype != DLT_IEEE802_11_RADIO_AVS &&
7334 		    cstate->linktype != DLT_IEEE802_11_RADIO &&
7335 		    cstate->linktype != DLT_PRISM_HEADER)
7336 			bpf_error(cstate, "radio information not present in capture");
7337 
7338 		/*
7339 		 * Load into the X register the offset computed into the
7340 		 * register specified by "index".
7341 		 */
7342 		s = xfer_to_x(cstate, inst);
7343 
7344 		/*
7345 		 * Load the item at that offset.
7346 		 */
7347 		tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code);
7348 		sappend(s, tmp);
7349 		sappend(inst->s, s);
7350 		break;
7351 
7352 	case Q_LINK:
7353 		/*
7354 		 * The offset is relative to the beginning of
7355 		 * the link-layer header.
7356 		 *
7357 		 * XXX - what about ATM LANE?  Should the index be
7358 		 * relative to the beginning of the AAL5 frame, so
7359 		 * that 0 refers to the beginning of the LE Control
7360 		 * field, or relative to the beginning of the LAN
7361 		 * frame, so that 0 refers, for Ethernet LANE, to
7362 		 * the beginning of the destination address?
7363 		 */
7364 		s = gen_abs_offset_varpart(cstate, &cstate->off_linkhdr);
7365 
7366 		/*
7367 		 * If "s" is non-null, it has code to arrange that the
7368 		 * X register contains the length of the prefix preceding
7369 		 * the link-layer header.  Add to it the offset computed
7370 		 * into the register specified by "index", and move that
7371 		 * into the X register.  Otherwise, just load into the X
7372 		 * register the offset computed into the register specified
7373 		 * by "index".
7374 		 */
7375 		if (s != NULL) {
7376 			sappend(s, xfer_to_a(cstate, inst));
7377 			sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X));
7378 			sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX));
7379 		} else
7380 			s = xfer_to_x(cstate, inst);
7381 
7382 		/*
7383 		 * Load the item at the sum of the offset we've put in the
7384 		 * X register and the offset of the start of the link
7385 		 * layer header (which is 0 if the radio header is
7386 		 * variable-length; that header length is what we put
7387 		 * into the X register and then added to the index).
7388 		 */
7389 		tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code);
7390 		tmp->s.k = cstate->off_linkhdr.constant_part;
7391 		sappend(s, tmp);
7392 		sappend(inst->s, s);
7393 		break;
7394 
7395 	case Q_IP:
7396 	case Q_ARP:
7397 	case Q_RARP:
7398 	case Q_ATALK:
7399 	case Q_DECNET:
7400 	case Q_SCA:
7401 	case Q_LAT:
7402 	case Q_MOPRC:
7403 	case Q_MOPDL:
7404 	case Q_IPV6:
7405 		/*
7406 		 * The offset is relative to the beginning of
7407 		 * the network-layer header.
7408 		 * XXX - are there any cases where we want
7409 		 * cstate->off_nl_nosnap?
7410 		 */
7411 		s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
7412 
7413 		/*
7414 		 * If "s" is non-null, it has code to arrange that the
7415 		 * X register contains the variable part of the offset
7416 		 * of the link-layer payload.  Add to it the offset
7417 		 * computed into the register specified by "index",
7418 		 * and move that into the X register.  Otherwise, just
7419 		 * load into the X register the offset computed into
7420 		 * the register specified by "index".
7421 		 */
7422 		if (s != NULL) {
7423 			sappend(s, xfer_to_a(cstate, inst));
7424 			sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X));
7425 			sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX));
7426 		} else
7427 			s = xfer_to_x(cstate, inst);
7428 
7429 		/*
7430 		 * Load the item at the sum of the offset we've put in the
7431 		 * X register, the offset of the start of the network
7432 		 * layer header from the beginning of the link-layer
7433 		 * payload, and the constant part of the offset of the
7434 		 * start of the link-layer payload.
7435 		 */
7436 		tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code);
7437 		tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
7438 		sappend(s, tmp);
7439 		sappend(inst->s, s);
7440 
7441 		/*
7442 		 * Do the computation only if the packet contains
7443 		 * the protocol in question.
7444 		 */
7445 		b = gen_proto_abbrev_internal(cstate, proto);
7446 		if (inst->b)
7447 			gen_and(inst->b, b);
7448 		inst->b = b;
7449 		break;
7450 
7451 	case Q_SCTP:
7452 	case Q_TCP:
7453 	case Q_UDP:
7454 	case Q_ICMP:
7455 	case Q_IGMP:
7456 	case Q_IGRP:
7457 	case Q_PIM:
7458 	case Q_VRRP:
7459 	case Q_CARP:
7460 		/*
7461 		 * The offset is relative to the beginning of
7462 		 * the transport-layer header.
7463 		 *
7464 		 * Load the X register with the length of the IPv4 header
7465 		 * (plus the offset of the link-layer header, if it's
7466 		 * a variable-length header), in bytes.
7467 		 *
7468 		 * XXX - are there any cases where we want
7469 		 * cstate->off_nl_nosnap?
7470 		 * XXX - we should, if we're built with
7471 		 * IPv6 support, generate code to load either
7472 		 * IPv4, IPv6, or both, as appropriate.
7473 		 */
7474 		s = gen_loadx_iphdrlen(cstate);
7475 
7476 		/*
7477 		 * The X register now contains the sum of the variable
7478 		 * part of the offset of the link-layer payload and the
7479 		 * length of the network-layer header.
7480 		 *
7481 		 * Load into the A register the offset relative to
7482 		 * the beginning of the transport layer header,
7483 		 * add the X register to that, move that to the
7484 		 * X register, and load with an offset from the
7485 		 * X register equal to the sum of the constant part of
7486 		 * the offset of the link-layer payload and the offset,
7487 		 * relative to the beginning of the link-layer payload,
7488 		 * of the network-layer header.
7489 		 */
7490 		sappend(s, xfer_to_a(cstate, inst));
7491 		sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X));
7492 		sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX));
7493 		sappend(s, tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code));
7494 		tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl;
7495 		sappend(inst->s, s);
7496 
7497 		/*
7498 		 * Do the computation only if the packet contains
7499 		 * the protocol in question - which is true only
7500 		 * if this is an IP datagram and is the first or
7501 		 * only fragment of that datagram.
7502 		 */
7503 		gen_and(gen_proto_abbrev_internal(cstate, proto), b = gen_ipfrag(cstate));
7504 		if (inst->b)
7505 			gen_and(inst->b, b);
7506 		gen_and(gen_proto_abbrev_internal(cstate, Q_IP), b);
7507 		inst->b = b;
7508 		break;
7509 	case Q_ICMPV6:
7510         /*
7511         * Do the computation only if the packet contains
7512         * the protocol in question.
7513         */
7514         b = gen_proto_abbrev_internal(cstate, Q_IPV6);
7515         if (inst->b) {
7516             gen_and(inst->b, b);
7517         }
7518         inst->b = b;
7519 
7520         /*
7521         * Check if we have an icmp6 next header
7522         */
7523         b = gen_cmp(cstate, OR_LINKPL, 6, BPF_B, 58);
7524         if (inst->b) {
7525             gen_and(inst->b, b);
7526         }
7527         inst->b = b;
7528 
7529 
7530         s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
7531         /*
7532         * If "s" is non-null, it has code to arrange that the
7533         * X register contains the variable part of the offset
7534         * of the link-layer payload.  Add to it the offset
7535         * computed into the register specified by "index",
7536         * and move that into the X register.  Otherwise, just
7537         * load into the X register the offset computed into
7538         * the register specified by "index".
7539         */
7540         if (s != NULL) {
7541             sappend(s, xfer_to_a(cstate, inst));
7542             sappend(s, new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X));
7543             sappend(s, new_stmt(cstate, BPF_MISC|BPF_TAX));
7544         } else {
7545             s = xfer_to_x(cstate, inst);
7546         }
7547 
7548         /*
7549         * Load the item at the sum of the offset we've put in the
7550         * X register, the offset of the start of the network
7551         * layer header from the beginning of the link-layer
7552         * payload, and the constant part of the offset of the
7553         * start of the link-layer payload.
7554         */
7555         tmp = new_stmt(cstate, BPF_LD|BPF_IND|size_code);
7556         tmp->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 40;
7557 
7558         sappend(s, tmp);
7559         sappend(inst->s, s);
7560 
7561         break;
7562 	}
7563 	inst->regno = regno;
7564 	s = new_stmt(cstate, BPF_ST);
7565 	s->s.k = regno;
7566 	sappend(inst->s, s);
7567 
7568 	return inst;
7569 }
7570 
7571 struct arth *
7572 gen_load(compiler_state_t *cstate, int proto, struct arth *inst,
7573     bpf_u_int32 size)
7574 {
7575 	/*
7576 	 * Catch errors reported by us and routines below us, and return NULL
7577 	 * on an error.
7578 	 */
7579 	if (setjmp(cstate->top_ctx))
7580 		return (NULL);
7581 
7582 	return gen_load_internal(cstate, proto, inst, size);
7583 }
7584 
7585 static struct block *
7586 gen_relation_internal(compiler_state_t *cstate, int code, struct arth *a0,
7587     struct arth *a1, int reversed)
7588 {
7589 	struct slist *s0, *s1, *s2;
7590 	struct block *b, *tmp;
7591 
7592 	s0 = xfer_to_x(cstate, a1);
7593 	s1 = xfer_to_a(cstate, a0);
7594 	if (code == BPF_JEQ) {
7595 		s2 = new_stmt(cstate, BPF_ALU|BPF_SUB|BPF_X);
7596 		b = new_block(cstate, JMP(code));
7597 		sappend(s1, s2);
7598 	}
7599 	else
7600 		b = new_block(cstate, BPF_JMP|code|BPF_X);
7601 	if (reversed)
7602 		gen_not(b);
7603 
7604 	sappend(s0, s1);
7605 	sappend(a1->s, s0);
7606 	sappend(a0->s, a1->s);
7607 
7608 	b->stmts = a0->s;
7609 
7610 	free_reg(cstate, a0->regno);
7611 	free_reg(cstate, a1->regno);
7612 
7613 	/* 'and' together protocol checks */
7614 	if (a0->b) {
7615 		if (a1->b) {
7616 			gen_and(a0->b, tmp = a1->b);
7617 		}
7618 		else
7619 			tmp = a0->b;
7620 	} else
7621 		tmp = a1->b;
7622 
7623 	if (tmp)
7624 		gen_and(tmp, b);
7625 
7626 	return b;
7627 }
7628 
7629 struct block *
7630 gen_relation(compiler_state_t *cstate, int code, struct arth *a0,
7631     struct arth *a1, int reversed)
7632 {
7633 	/*
7634 	 * Catch errors reported by us and routines below us, and return NULL
7635 	 * on an error.
7636 	 */
7637 	if (setjmp(cstate->top_ctx))
7638 		return (NULL);
7639 
7640 	return gen_relation_internal(cstate, code, a0, a1, reversed);
7641 }
7642 
7643 struct arth *
7644 gen_loadlen(compiler_state_t *cstate)
7645 {
7646 	int regno;
7647 	struct arth *a;
7648 	struct slist *s;
7649 
7650 	/*
7651 	 * Catch errors reported by us and routines below us, and return NULL
7652 	 * on an error.
7653 	 */
7654 	if (setjmp(cstate->top_ctx))
7655 		return (NULL);
7656 
7657 	regno = alloc_reg(cstate);
7658 	a = (struct arth *)newchunk(cstate, sizeof(*a));
7659 	s = new_stmt(cstate, BPF_LD|BPF_LEN);
7660 	s->next = new_stmt(cstate, BPF_ST);
7661 	s->next->s.k = regno;
7662 	a->s = s;
7663 	a->regno = regno;
7664 
7665 	return a;
7666 }
7667 
7668 static struct arth *
7669 gen_loadi_internal(compiler_state_t *cstate, bpf_u_int32 val)
7670 {
7671 	struct arth *a;
7672 	struct slist *s;
7673 	int reg;
7674 
7675 	a = (struct arth *)newchunk(cstate, sizeof(*a));
7676 
7677 	reg = alloc_reg(cstate);
7678 
7679 	s = new_stmt(cstate, BPF_LD|BPF_IMM);
7680 	s->s.k = val;
7681 	s->next = new_stmt(cstate, BPF_ST);
7682 	s->next->s.k = reg;
7683 	a->s = s;
7684 	a->regno = reg;
7685 
7686 	return a;
7687 }
7688 
7689 struct arth *
7690 gen_loadi(compiler_state_t *cstate, bpf_u_int32 val)
7691 {
7692 	/*
7693 	 * Catch errors reported by us and routines below us, and return NULL
7694 	 * on an error.
7695 	 */
7696 	if (setjmp(cstate->top_ctx))
7697 		return (NULL);
7698 
7699 	return gen_loadi_internal(cstate, val);
7700 }
7701 
7702 /*
7703  * The a_arg dance is to avoid annoying whining by compilers that
7704  * a might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
7705  * It's not *used* after setjmp returns.
7706  */
7707 struct arth *
7708 gen_neg(compiler_state_t *cstate, struct arth *a_arg)
7709 {
7710 	struct arth *a = a_arg;
7711 	struct slist *s;
7712 
7713 	/*
7714 	 * Catch errors reported by us and routines below us, and return NULL
7715 	 * on an error.
7716 	 */
7717 	if (setjmp(cstate->top_ctx))
7718 		return (NULL);
7719 
7720 	s = xfer_to_a(cstate, a);
7721 	sappend(a->s, s);
7722 	s = new_stmt(cstate, BPF_ALU|BPF_NEG);
7723 	s->s.k = 0;
7724 	sappend(a->s, s);
7725 	s = new_stmt(cstate, BPF_ST);
7726 	s->s.k = a->regno;
7727 	sappend(a->s, s);
7728 
7729 	return a;
7730 }
7731 
7732 /*
7733  * The a0_arg dance is to avoid annoying whining by compilers that
7734  * a0 might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
7735  * It's not *used* after setjmp returns.
7736  */
7737 struct arth *
7738 gen_arth(compiler_state_t *cstate, int code, struct arth *a0_arg,
7739     struct arth *a1)
7740 {
7741 	struct arth *a0 = a0_arg;
7742 	struct slist *s0, *s1, *s2;
7743 
7744 	/*
7745 	 * Catch errors reported by us and routines below us, and return NULL
7746 	 * on an error.
7747 	 */
7748 	if (setjmp(cstate->top_ctx))
7749 		return (NULL);
7750 
7751 	/*
7752 	 * Disallow division by, or modulus by, zero; we do this here
7753 	 * so that it gets done even if the optimizer is disabled.
7754 	 *
7755 	 * Also disallow shifts by a value greater than 31; we do this
7756 	 * here, for the same reason.
7757 	 */
7758 	if (code == BPF_DIV) {
7759 		if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k == 0)
7760 			bpf_error(cstate, "division by zero");
7761 	} else if (code == BPF_MOD) {
7762 		if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k == 0)
7763 			bpf_error(cstate, "modulus by zero");
7764 	} else if (code == BPF_LSH || code == BPF_RSH) {
7765 		if (a1->s->s.code == (BPF_LD|BPF_IMM) && a1->s->s.k > 31)
7766 			bpf_error(cstate, "shift by more than 31 bits");
7767 	}
7768 	s0 = xfer_to_x(cstate, a1);
7769 	s1 = xfer_to_a(cstate, a0);
7770 	s2 = new_stmt(cstate, BPF_ALU|BPF_X|code);
7771 
7772 	sappend(s1, s2);
7773 	sappend(s0, s1);
7774 	sappend(a1->s, s0);
7775 	sappend(a0->s, a1->s);
7776 
7777 	free_reg(cstate, a0->regno);
7778 	free_reg(cstate, a1->regno);
7779 
7780 	s0 = new_stmt(cstate, BPF_ST);
7781 	a0->regno = s0->s.k = alloc_reg(cstate);
7782 	sappend(a0->s, s0);
7783 
7784 	return a0;
7785 }
7786 
7787 /*
7788  * Initialize the table of used registers and the current register.
7789  */
7790 static void
7791 init_regs(compiler_state_t *cstate)
7792 {
7793 	cstate->curreg = 0;
7794 	memset(cstate->regused, 0, sizeof cstate->regused);
7795 }
7796 
7797 /*
7798  * Return the next free register.
7799  */
7800 static int
7801 alloc_reg(compiler_state_t *cstate)
7802 {
7803 	int n = BPF_MEMWORDS;
7804 
7805 	while (--n >= 0) {
7806 		if (cstate->regused[cstate->curreg])
7807 			cstate->curreg = (cstate->curreg + 1) % BPF_MEMWORDS;
7808 		else {
7809 			cstate->regused[cstate->curreg] = 1;
7810 			return cstate->curreg;
7811 		}
7812 	}
7813 	bpf_error(cstate, "too many registers needed to evaluate expression");
7814 	/*NOTREACHED*/
7815 }
7816 
7817 /*
7818  * Return a register to the table so it can
7819  * be used later.
7820  */
7821 static void
7822 free_reg(compiler_state_t *cstate, int n)
7823 {
7824 	cstate->regused[n] = 0;
7825 }
7826 
7827 static struct block *
7828 gen_len(compiler_state_t *cstate, int jmp, int n)
7829 {
7830 	struct slist *s;
7831 	struct block *b;
7832 
7833 	s = new_stmt(cstate, BPF_LD|BPF_LEN);
7834 	b = new_block(cstate, JMP(jmp));
7835 	b->stmts = s;
7836 	b->s.k = n;
7837 
7838 	return b;
7839 }
7840 
7841 struct block *
7842 gen_greater(compiler_state_t *cstate, int n)
7843 {
7844 	/*
7845 	 * Catch errors reported by us and routines below us, and return NULL
7846 	 * on an error.
7847 	 */
7848 	if (setjmp(cstate->top_ctx))
7849 		return (NULL);
7850 
7851 	return gen_len(cstate, BPF_JGE, n);
7852 }
7853 
7854 /*
7855  * Actually, this is less than or equal.
7856  */
7857 struct block *
7858 gen_less(compiler_state_t *cstate, int n)
7859 {
7860 	struct block *b;
7861 
7862 	/*
7863 	 * Catch errors reported by us and routines below us, and return NULL
7864 	 * on an error.
7865 	 */
7866 	if (setjmp(cstate->top_ctx))
7867 		return (NULL);
7868 
7869 	b = gen_len(cstate, BPF_JGT, n);
7870 	gen_not(b);
7871 
7872 	return b;
7873 }
7874 
7875 /*
7876  * This is for "byte {idx} {op} {val}"; "idx" is treated as relative to
7877  * the beginning of the link-layer header.
7878  * XXX - that means you can't test values in the radiotap header, but
7879  * as that header is difficult if not impossible to parse generally
7880  * without a loop, that might not be a severe problem.  A new keyword
7881  * "radio" could be added for that, although what you'd really want
7882  * would be a way of testing particular radio header values, which
7883  * would generate code appropriate to the radio header in question.
7884  */
7885 struct block *
7886 gen_byteop(compiler_state_t *cstate, int op, int idx, bpf_u_int32 val)
7887 {
7888 	struct block *b;
7889 	struct slist *s;
7890 
7891 	/*
7892 	 * Catch errors reported by us and routines below us, and return NULL
7893 	 * on an error.
7894 	 */
7895 	if (setjmp(cstate->top_ctx))
7896 		return (NULL);
7897 
7898 	switch (op) {
7899 	default:
7900 		abort();
7901 
7902 	case '=':
7903 		return gen_cmp(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val);
7904 
7905 	case '<':
7906 		b = gen_cmp_lt(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val);
7907 		return b;
7908 
7909 	case '>':
7910 		b = gen_cmp_gt(cstate, OR_LINKHDR, (u_int)idx, BPF_B, val);
7911 		return b;
7912 
7913 	case '|':
7914 		s = new_stmt(cstate, BPF_ALU|BPF_OR|BPF_K);
7915 		break;
7916 
7917 	case '&':
7918 		s = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
7919 		break;
7920 	}
7921 	s->s.k = val;
7922 	b = new_block(cstate, JMP(BPF_JEQ));
7923 	b->stmts = s;
7924 	gen_not(b);
7925 
7926 	return b;
7927 }
7928 
7929 static const u_char abroadcast[] = { 0x0 };
7930 
7931 struct block *
7932 gen_broadcast(compiler_state_t *cstate, int proto)
7933 {
7934 	bpf_u_int32 hostmask;
7935 	struct block *b0, *b1, *b2;
7936 	static const u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
7937 
7938 	/*
7939 	 * Catch errors reported by us and routines below us, and return NULL
7940 	 * on an error.
7941 	 */
7942 	if (setjmp(cstate->top_ctx))
7943 		return (NULL);
7944 
7945 	switch (proto) {
7946 
7947 	case Q_DEFAULT:
7948 	case Q_LINK:
7949 		switch (cstate->linktype) {
7950 		case DLT_ARCNET:
7951 		case DLT_ARCNET_LINUX:
7952 			return gen_ahostop(cstate, abroadcast, Q_DST);
7953 		case DLT_EN10MB:
7954 		case DLT_NETANALYZER:
7955 		case DLT_NETANALYZER_TRANSPARENT:
7956 			b1 = gen_prevlinkhdr_check(cstate);
7957 			b0 = gen_ehostop(cstate, ebroadcast, Q_DST);
7958 			if (b1 != NULL)
7959 				gen_and(b1, b0);
7960 			return b0;
7961 		case DLT_FDDI:
7962 			return gen_fhostop(cstate, ebroadcast, Q_DST);
7963 		case DLT_IEEE802:
7964 			return gen_thostop(cstate, ebroadcast, Q_DST);
7965 		case DLT_IEEE802_11:
7966 		case DLT_PRISM_HEADER:
7967 		case DLT_IEEE802_11_RADIO_AVS:
7968 		case DLT_IEEE802_11_RADIO:
7969 		case DLT_PPI:
7970 			return gen_wlanhostop(cstate, ebroadcast, Q_DST);
7971 		case DLT_IP_OVER_FC:
7972 			return gen_ipfchostop(cstate, ebroadcast, Q_DST);
7973 		default:
7974 			bpf_error(cstate, "not a broadcast link");
7975 		}
7976  		/*NOTREACHED*/
7977 
7978 	case Q_IP:
7979 		/*
7980 		 * We treat a netmask of PCAP_NETMASK_UNKNOWN (0xffffffff)
7981 		 * as an indication that we don't know the netmask, and fail
7982 		 * in that case.
7983 		 */
7984 		if (cstate->netmask == PCAP_NETMASK_UNKNOWN)
7985 			bpf_error(cstate, "netmask not known, so 'ip broadcast' not supported");
7986 		b0 = gen_linktype(cstate, ETHERTYPE_IP);
7987 		hostmask = ~cstate->netmask;
7988 		b1 = gen_mcmp(cstate, OR_LINKPL, 16, BPF_W, 0, hostmask);
7989 		b2 = gen_mcmp(cstate, OR_LINKPL, 16, BPF_W,
7990 			      ~0 & hostmask, hostmask);
7991 		gen_or(b1, b2);
7992 		gen_and(b0, b2);
7993 		return b2;
7994 	}
7995 	bpf_error(cstate, "only link-layer/IP broadcast filters supported");
7996 	/*NOTREACHED*/
7997 }
7998 
7999 /*
8000  * Generate code to test the low-order bit of a MAC address (that's
8001  * the bottom bit of the *first* byte).
8002  */
8003 static struct block *
8004 gen_mac_multicast(compiler_state_t *cstate, int offset)
8005 {
8006 	register struct block *b0;
8007 	register struct slist *s;
8008 
8009 	/* link[offset] & 1 != 0 */
8010 	s = gen_load_a(cstate, OR_LINKHDR, offset, BPF_B);
8011 	b0 = new_block(cstate, JMP(BPF_JSET));
8012 	b0->s.k = 1;
8013 	b0->stmts = s;
8014 	return b0;
8015 }
8016 
8017 struct block *
8018 gen_multicast(compiler_state_t *cstate, int proto)
8019 {
8020 	register struct block *b0, *b1, *b2;
8021 	register struct slist *s;
8022 
8023 	/*
8024 	 * Catch errors reported by us and routines below us, and return NULL
8025 	 * on an error.
8026 	 */
8027 	if (setjmp(cstate->top_ctx))
8028 		return (NULL);
8029 
8030 	switch (proto) {
8031 
8032 	case Q_DEFAULT:
8033 	case Q_LINK:
8034 		switch (cstate->linktype) {
8035 		case DLT_ARCNET:
8036 		case DLT_ARCNET_LINUX:
8037 			/* all ARCnet multicasts use the same address */
8038 			return gen_ahostop(cstate, abroadcast, Q_DST);
8039 		case DLT_EN10MB:
8040 		case DLT_NETANALYZER:
8041 		case DLT_NETANALYZER_TRANSPARENT:
8042 			b1 = gen_prevlinkhdr_check(cstate);
8043 			/* ether[0] & 1 != 0 */
8044 			b0 = gen_mac_multicast(cstate, 0);
8045 			if (b1 != NULL)
8046 				gen_and(b1, b0);
8047 			return b0;
8048 		case DLT_FDDI:
8049 			/*
8050 			 * XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX
8051 			 *
8052 			 * XXX - was that referring to bit-order issues?
8053 			 */
8054 			/* fddi[1] & 1 != 0 */
8055 			return gen_mac_multicast(cstate, 1);
8056 		case DLT_IEEE802:
8057 			/* tr[2] & 1 != 0 */
8058 			return gen_mac_multicast(cstate, 2);
8059 		case DLT_IEEE802_11:
8060 		case DLT_PRISM_HEADER:
8061 		case DLT_IEEE802_11_RADIO_AVS:
8062 		case DLT_IEEE802_11_RADIO:
8063 		case DLT_PPI:
8064 			/*
8065 			 * Oh, yuk.
8066 			 *
8067 			 *	For control frames, there is no DA.
8068 			 *
8069 			 *	For management frames, DA is at an
8070 			 *	offset of 4 from the beginning of
8071 			 *	the packet.
8072 			 *
8073 			 *	For data frames, DA is at an offset
8074 			 *	of 4 from the beginning of the packet
8075 			 *	if To DS is clear and at an offset of
8076 			 *	16 from the beginning of the packet
8077 			 *	if To DS is set.
8078 			 */
8079 
8080 			/*
8081 			 * Generate the tests to be done for data frames.
8082 			 *
8083 			 * First, check for To DS set, i.e. "link[1] & 0x01".
8084 			 */
8085 			s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
8086 			b1 = new_block(cstate, JMP(BPF_JSET));
8087 			b1->s.k = 0x01;	/* To DS */
8088 			b1->stmts = s;
8089 
8090 			/*
8091 			 * If To DS is set, the DA is at 16.
8092 			 */
8093 			b0 = gen_mac_multicast(cstate, 16);
8094 			gen_and(b1, b0);
8095 
8096 			/*
8097 			 * Now, check for To DS not set, i.e. check
8098 			 * "!(link[1] & 0x01)".
8099 			 */
8100 			s = gen_load_a(cstate, OR_LINKHDR, 1, BPF_B);
8101 			b2 = new_block(cstate, JMP(BPF_JSET));
8102 			b2->s.k = 0x01;	/* To DS */
8103 			b2->stmts = s;
8104 			gen_not(b2);
8105 
8106 			/*
8107 			 * If To DS is not set, the DA is at 4.
8108 			 */
8109 			b1 = gen_mac_multicast(cstate, 4);
8110 			gen_and(b2, b1);
8111 
8112 			/*
8113 			 * Now OR together the last two checks.  That gives
8114 			 * the complete set of checks for data frames.
8115 			 */
8116 			gen_or(b1, b0);
8117 
8118 			/*
8119 			 * Now check for a data frame.
8120 			 * I.e, check "link[0] & 0x08".
8121 			 */
8122 			s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
8123 			b1 = new_block(cstate, JMP(BPF_JSET));
8124 			b1->s.k = 0x08;
8125 			b1->stmts = s;
8126 
8127 			/*
8128 			 * AND that with the checks done for data frames.
8129 			 */
8130 			gen_and(b1, b0);
8131 
8132 			/*
8133 			 * If the high-order bit of the type value is 0, this
8134 			 * is a management frame.
8135 			 * I.e, check "!(link[0] & 0x08)".
8136 			 */
8137 			s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
8138 			b2 = new_block(cstate, JMP(BPF_JSET));
8139 			b2->s.k = 0x08;
8140 			b2->stmts = s;
8141 			gen_not(b2);
8142 
8143 			/*
8144 			 * For management frames, the DA is at 4.
8145 			 */
8146 			b1 = gen_mac_multicast(cstate, 4);
8147 			gen_and(b2, b1);
8148 
8149 			/*
8150 			 * OR that with the checks done for data frames.
8151 			 * That gives the checks done for management and
8152 			 * data frames.
8153 			 */
8154 			gen_or(b1, b0);
8155 
8156 			/*
8157 			 * If the low-order bit of the type value is 1,
8158 			 * this is either a control frame or a frame
8159 			 * with a reserved type, and thus not a
8160 			 * frame with an SA.
8161 			 *
8162 			 * I.e., check "!(link[0] & 0x04)".
8163 			 */
8164 			s = gen_load_a(cstate, OR_LINKHDR, 0, BPF_B);
8165 			b1 = new_block(cstate, JMP(BPF_JSET));
8166 			b1->s.k = 0x04;
8167 			b1->stmts = s;
8168 			gen_not(b1);
8169 
8170 			/*
8171 			 * AND that with the checks for data and management
8172 			 * frames.
8173 			 */
8174 			gen_and(b1, b0);
8175 			return b0;
8176 		case DLT_IP_OVER_FC:
8177 			b0 = gen_mac_multicast(cstate, 2);
8178 			return b0;
8179 		default:
8180 			break;
8181 		}
8182 		/* Link not known to support multicasts */
8183 		break;
8184 
8185 	case Q_IP:
8186 		b0 = gen_linktype(cstate, ETHERTYPE_IP);
8187 		b1 = gen_cmp_ge(cstate, OR_LINKPL, 16, BPF_B, 224);
8188 		gen_and(b0, b1);
8189 		return b1;
8190 
8191 	case Q_IPV6:
8192 		b0 = gen_linktype(cstate, ETHERTYPE_IPV6);
8193 		b1 = gen_cmp(cstate, OR_LINKPL, 24, BPF_B, 255);
8194 		gen_and(b0, b1);
8195 		return b1;
8196 	}
8197 	bpf_error(cstate, "link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
8198 	/*NOTREACHED*/
8199 }
8200 
8201 struct block *
8202 gen_ifindex(compiler_state_t *cstate, int ifindex)
8203 {
8204 	register struct block *b0;
8205 
8206 	/*
8207 	 * Catch errors reported by us and routines below us, and return NULL
8208 	 * on an error.
8209 	 */
8210 	if (setjmp(cstate->top_ctx))
8211 		return (NULL);
8212 
8213 	/*
8214 	 * Only some data link types support ifindex qualifiers.
8215 	 */
8216 	switch (cstate->linktype) {
8217 	case DLT_LINUX_SLL2:
8218 		/* match packets on this interface */
8219 		b0 = gen_cmp(cstate, OR_LINKHDR, 4, BPF_W, ifindex);
8220 		break;
8221         default:
8222 #if defined(linux)
8223 		/*
8224 		 * This is Linux; we require PF_PACKET support.
8225 		 * If this is a *live* capture, we can look at
8226 		 * special meta-data in the filter expression;
8227 		 * if it's a savefile, we can't.
8228 		 */
8229 		if (cstate->bpf_pcap->rfile != NULL) {
8230 			/* We have a FILE *, so this is a savefile */
8231 			bpf_error(cstate, "ifindex not supported on %s when reading savefiles",
8232 			    pcap_datalink_val_to_description_or_dlt(cstate->linktype));
8233 			b0 = NULL;
8234 			/*NOTREACHED*/
8235 		}
8236 		/* match ifindex */
8237 		b0 = gen_cmp(cstate, OR_LINKHDR, SKF_AD_OFF + SKF_AD_IFINDEX, BPF_W,
8238 		             ifindex);
8239 #else /* defined(linux) */
8240 		bpf_error(cstate, "ifindex not supported on %s",
8241 		    pcap_datalink_val_to_description_or_dlt(cstate->linktype));
8242 		/*NOTREACHED*/
8243 #endif /* defined(linux) */
8244 	}
8245 	return (b0);
8246 }
8247 
8248 /*
8249  * Filter on inbound (dir == 0) or outbound (dir == 1) traffic.
8250  * Outbound traffic is sent by this machine, while inbound traffic is
8251  * sent by a remote machine (and may include packets destined for a
8252  * unicast or multicast link-layer address we are not subscribing to).
8253  * These are the same definitions implemented by pcap_setdirection().
8254  * Capturing only unicast traffic destined for this host is probably
8255  * better accomplished using a higher-layer filter.
8256  */
8257 struct block *
8258 gen_inbound(compiler_state_t *cstate, int dir)
8259 {
8260 	register struct block *b0;
8261 
8262 	/*
8263 	 * Catch errors reported by us and routines below us, and return NULL
8264 	 * on an error.
8265 	 */
8266 	if (setjmp(cstate->top_ctx))
8267 		return (NULL);
8268 
8269 	/*
8270 	 * Only some data link types support inbound/outbound qualifiers.
8271 	 */
8272 	switch (cstate->linktype) {
8273 	case DLT_SLIP:
8274 		b0 = gen_relation_internal(cstate, BPF_JEQ,
8275 			  gen_load_internal(cstate, Q_LINK, gen_loadi_internal(cstate, 0), 1),
8276 			  gen_loadi_internal(cstate, 0),
8277 			  dir);
8278 		break;
8279 
8280 	case DLT_IPNET:
8281 		if (dir) {
8282 			/* match outgoing packets */
8283 			b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, IPNET_OUTBOUND);
8284 		} else {
8285 			/* match incoming packets */
8286 			b0 = gen_cmp(cstate, OR_LINKHDR, 2, BPF_H, IPNET_INBOUND);
8287 		}
8288 		break;
8289 
8290 	case DLT_LINUX_SLL:
8291 		/* match outgoing packets */
8292 		b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_H, LINUX_SLL_OUTGOING);
8293 		if (!dir) {
8294 			/* to filter on inbound traffic, invert the match */
8295 			gen_not(b0);
8296 		}
8297 		break;
8298 
8299 	case DLT_LINUX_SLL2:
8300 		/* match outgoing packets */
8301 		b0 = gen_cmp(cstate, OR_LINKHDR, 10, BPF_B, LINUX_SLL_OUTGOING);
8302 		if (!dir) {
8303 			/* to filter on inbound traffic, invert the match */
8304 			gen_not(b0);
8305 		}
8306 		break;
8307 
8308 #ifdef HAVE_NET_PFVAR_H
8309 	case DLT_PFLOG:
8310 		b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, dir), BPF_B,
8311 		    ((dir == 0) ? PF_IN : PF_OUT));
8312 		break;
8313 #endif
8314 
8315 	case DLT_PPP_PPPD:
8316 		if (dir) {
8317 			/* match outgoing packets */
8318 			b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_B, PPP_PPPD_OUT);
8319 		} else {
8320 			/* match incoming packets */
8321 			b0 = gen_cmp(cstate, OR_LINKHDR, 0, BPF_B, PPP_PPPD_IN);
8322 		}
8323 		break;
8324 
8325         case DLT_JUNIPER_MFR:
8326         case DLT_JUNIPER_MLFR:
8327         case DLT_JUNIPER_MLPPP:
8328 	case DLT_JUNIPER_ATM1:
8329 	case DLT_JUNIPER_ATM2:
8330 	case DLT_JUNIPER_PPPOE:
8331 	case DLT_JUNIPER_PPPOE_ATM:
8332         case DLT_JUNIPER_GGSN:
8333         case DLT_JUNIPER_ES:
8334         case DLT_JUNIPER_MONITOR:
8335         case DLT_JUNIPER_SERVICES:
8336         case DLT_JUNIPER_ETHER:
8337         case DLT_JUNIPER_PPP:
8338         case DLT_JUNIPER_FRELAY:
8339         case DLT_JUNIPER_CHDLC:
8340         case DLT_JUNIPER_VP:
8341         case DLT_JUNIPER_ST:
8342         case DLT_JUNIPER_ISM:
8343         case DLT_JUNIPER_VS:
8344         case DLT_JUNIPER_SRX_E2E:
8345         case DLT_JUNIPER_FIBRECHANNEL:
8346 	case DLT_JUNIPER_ATM_CEMIC:
8347 
8348 		/* juniper flags (including direction) are stored
8349 		 * the byte after the 3-byte magic number */
8350 		if (dir) {
8351 			/* match outgoing packets */
8352 			b0 = gen_mcmp(cstate, OR_LINKHDR, 3, BPF_B, 0, 0x01);
8353 		} else {
8354 			/* match incoming packets */
8355 			b0 = gen_mcmp(cstate, OR_LINKHDR, 3, BPF_B, 1, 0x01);
8356 		}
8357 		break;
8358 
8359 	default:
8360 		/*
8361 		 * If we have packet meta-data indicating a direction,
8362 		 * and that metadata can be checked by BPF code, check
8363 		 * it.  Otherwise, give up, as this link-layer type has
8364 		 * nothing in the packet data.
8365 		 *
8366 		 * Currently, the only platform where a BPF filter can
8367 		 * check that metadata is Linux with the in-kernel
8368 		 * BPF interpreter.  If other packet capture mechanisms
8369 		 * and BPF filters also supported this, it would be
8370 		 * nice.  It would be even better if they made that
8371 		 * metadata available so that we could provide it
8372 		 * with newer capture APIs, allowing it to be saved
8373 		 * in pcapng files.
8374 		 */
8375 #if defined(linux)
8376 		/*
8377 		 * This is Linux; we require PF_PACKET support.
8378 		 * If this is a *live* capture, we can look at
8379 		 * special meta-data in the filter expression;
8380 		 * if it's a savefile, we can't.
8381 		 */
8382 		if (cstate->bpf_pcap->rfile != NULL) {
8383 			/* We have a FILE *, so this is a savefile */
8384 			bpf_error(cstate, "inbound/outbound not supported on %s when reading savefiles",
8385 			    pcap_datalink_val_to_description_or_dlt(cstate->linktype));
8386 			/*NOTREACHED*/
8387 		}
8388 		/* match outgoing packets */
8389 		b0 = gen_cmp(cstate, OR_LINKHDR, SKF_AD_OFF + SKF_AD_PKTTYPE, BPF_H,
8390 		             PACKET_OUTGOING);
8391 		if (!dir) {
8392 			/* to filter on inbound traffic, invert the match */
8393 			gen_not(b0);
8394 		}
8395 #else /* defined(linux) */
8396 		bpf_error(cstate, "inbound/outbound not supported on %s",
8397 		    pcap_datalink_val_to_description_or_dlt(cstate->linktype));
8398 		/*NOTREACHED*/
8399 #endif /* defined(linux) */
8400 	}
8401 	return (b0);
8402 }
8403 
8404 #ifdef HAVE_NET_PFVAR_H
8405 /* PF firewall log matched interface */
8406 struct block *
8407 gen_pf_ifname(compiler_state_t *cstate, const char *ifname)
8408 {
8409 	struct block *b0;
8410 	u_int len, off;
8411 
8412 	/*
8413 	 * Catch errors reported by us and routines below us, and return NULL
8414 	 * on an error.
8415 	 */
8416 	if (setjmp(cstate->top_ctx))
8417 		return (NULL);
8418 
8419 	if (cstate->linktype != DLT_PFLOG) {
8420 		bpf_error(cstate, "ifname supported only on PF linktype");
8421 		/*NOTREACHED*/
8422 	}
8423 	len = sizeof(((struct pfloghdr *)0)->ifname);
8424 	off = offsetof(struct pfloghdr, ifname);
8425 	if (strlen(ifname) >= len) {
8426 		bpf_error(cstate, "ifname interface names can only be %d characters",
8427 		    len-1);
8428 		/*NOTREACHED*/
8429 	}
8430 	b0 = gen_bcmp(cstate, OR_LINKHDR, off, (u_int)strlen(ifname),
8431 	    (const u_char *)ifname);
8432 	return (b0);
8433 }
8434 
8435 /* PF firewall log ruleset name */
8436 struct block *
8437 gen_pf_ruleset(compiler_state_t *cstate, char *ruleset)
8438 {
8439 	struct block *b0;
8440 
8441 	/*
8442 	 * Catch errors reported by us and routines below us, and return NULL
8443 	 * on an error.
8444 	 */
8445 	if (setjmp(cstate->top_ctx))
8446 		return (NULL);
8447 
8448 	if (cstate->linktype != DLT_PFLOG) {
8449 		bpf_error(cstate, "ruleset supported only on PF linktype");
8450 		/*NOTREACHED*/
8451 	}
8452 
8453 	if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
8454 		bpf_error(cstate, "ruleset names can only be %ld characters",
8455 		    (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
8456 		/*NOTREACHED*/
8457 	}
8458 
8459 	b0 = gen_bcmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, ruleset),
8460 	    (u_int)strlen(ruleset), (const u_char *)ruleset);
8461 	return (b0);
8462 }
8463 
8464 /* PF firewall log rule number */
8465 struct block *
8466 gen_pf_rnr(compiler_state_t *cstate, int rnr)
8467 {
8468 	struct block *b0;
8469 
8470 	/*
8471 	 * Catch errors reported by us and routines below us, and return NULL
8472 	 * on an error.
8473 	 */
8474 	if (setjmp(cstate->top_ctx))
8475 		return (NULL);
8476 
8477 	if (cstate->linktype != DLT_PFLOG) {
8478 		bpf_error(cstate, "rnr supported only on PF linktype");
8479 		/*NOTREACHED*/
8480 	}
8481 
8482 	b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, rulenr), BPF_W,
8483 		 (bpf_u_int32)rnr);
8484 	return (b0);
8485 }
8486 
8487 /* PF firewall log sub-rule number */
8488 struct block *
8489 gen_pf_srnr(compiler_state_t *cstate, int srnr)
8490 {
8491 	struct block *b0;
8492 
8493 	/*
8494 	 * Catch errors reported by us and routines below us, and return NULL
8495 	 * on an error.
8496 	 */
8497 	if (setjmp(cstate->top_ctx))
8498 		return (NULL);
8499 
8500 	if (cstate->linktype != DLT_PFLOG) {
8501 		bpf_error(cstate, "srnr supported only on PF linktype");
8502 		/*NOTREACHED*/
8503 	}
8504 
8505 	b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, subrulenr), BPF_W,
8506 	    (bpf_u_int32)srnr);
8507 	return (b0);
8508 }
8509 
8510 /* PF firewall log reason code */
8511 struct block *
8512 gen_pf_reason(compiler_state_t *cstate, int reason)
8513 {
8514 	struct block *b0;
8515 
8516 	/*
8517 	 * Catch errors reported by us and routines below us, and return NULL
8518 	 * on an error.
8519 	 */
8520 	if (setjmp(cstate->top_ctx))
8521 		return (NULL);
8522 
8523 	if (cstate->linktype != DLT_PFLOG) {
8524 		bpf_error(cstate, "reason supported only on PF linktype");
8525 		/*NOTREACHED*/
8526 	}
8527 
8528 	b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, reason), BPF_B,
8529 	    (bpf_u_int32)reason);
8530 	return (b0);
8531 }
8532 
8533 /* PF firewall log action */
8534 struct block *
8535 gen_pf_action(compiler_state_t *cstate, int action)
8536 {
8537 	struct block *b0;
8538 
8539 	/*
8540 	 * Catch errors reported by us and routines below us, and return NULL
8541 	 * on an error.
8542 	 */
8543 	if (setjmp(cstate->top_ctx))
8544 		return (NULL);
8545 
8546 	if (cstate->linktype != DLT_PFLOG) {
8547 		bpf_error(cstate, "action supported only on PF linktype");
8548 		/*NOTREACHED*/
8549 	}
8550 
8551 	b0 = gen_cmp(cstate, OR_LINKHDR, offsetof(struct pfloghdr, action), BPF_B,
8552 	    (bpf_u_int32)action);
8553 	return (b0);
8554 }
8555 #else /* !HAVE_NET_PFVAR_H */
8556 struct block *
8557 gen_pf_ifname(compiler_state_t *cstate, const char *ifname _U_)
8558 {
8559 	/*
8560 	 * Catch errors reported by us and routines below us, and return NULL
8561 	 * on an error.
8562 	 */
8563 	if (setjmp(cstate->top_ctx))
8564 		return (NULL);
8565 
8566 	bpf_error(cstate, "libpcap was compiled without pf support");
8567 	/*NOTREACHED*/
8568 }
8569 
8570 struct block *
8571 gen_pf_ruleset(compiler_state_t *cstate, char *ruleset _U_)
8572 {
8573 	/*
8574 	 * Catch errors reported by us and routines below us, and return NULL
8575 	 * on an error.
8576 	 */
8577 	if (setjmp(cstate->top_ctx))
8578 		return (NULL);
8579 
8580 	bpf_error(cstate, "libpcap was compiled on a machine without pf support");
8581 	/*NOTREACHED*/
8582 }
8583 
8584 struct block *
8585 gen_pf_rnr(compiler_state_t *cstate, int rnr _U_)
8586 {
8587 	/*
8588 	 * Catch errors reported by us and routines below us, and return NULL
8589 	 * on an error.
8590 	 */
8591 	if (setjmp(cstate->top_ctx))
8592 		return (NULL);
8593 
8594 	bpf_error(cstate, "libpcap was compiled on a machine without pf support");
8595 	/*NOTREACHED*/
8596 }
8597 
8598 struct block *
8599 gen_pf_srnr(compiler_state_t *cstate, int srnr _U_)
8600 {
8601 	/*
8602 	 * Catch errors reported by us and routines below us, and return NULL
8603 	 * on an error.
8604 	 */
8605 	if (setjmp(cstate->top_ctx))
8606 		return (NULL);
8607 
8608 	bpf_error(cstate, "libpcap was compiled on a machine without pf support");
8609 	/*NOTREACHED*/
8610 }
8611 
8612 struct block *
8613 gen_pf_reason(compiler_state_t *cstate, int reason _U_)
8614 {
8615 	/*
8616 	 * Catch errors reported by us and routines below us, and return NULL
8617 	 * on an error.
8618 	 */
8619 	if (setjmp(cstate->top_ctx))
8620 		return (NULL);
8621 
8622 	bpf_error(cstate, "libpcap was compiled on a machine without pf support");
8623 	/*NOTREACHED*/
8624 }
8625 
8626 struct block *
8627 gen_pf_action(compiler_state_t *cstate, int action _U_)
8628 {
8629 	/*
8630 	 * Catch errors reported by us and routines below us, and return NULL
8631 	 * on an error.
8632 	 */
8633 	if (setjmp(cstate->top_ctx))
8634 		return (NULL);
8635 
8636 	bpf_error(cstate, "libpcap was compiled on a machine without pf support");
8637 	/*NOTREACHED*/
8638 }
8639 #endif /* HAVE_NET_PFVAR_H */
8640 
8641 /* IEEE 802.11 wireless header */
8642 struct block *
8643 gen_p80211_type(compiler_state_t *cstate, bpf_u_int32 type, bpf_u_int32 mask)
8644 {
8645 	struct block *b0;
8646 
8647 	/*
8648 	 * Catch errors reported by us and routines below us, and return NULL
8649 	 * on an error.
8650 	 */
8651 	if (setjmp(cstate->top_ctx))
8652 		return (NULL);
8653 
8654 	switch (cstate->linktype) {
8655 
8656 	case DLT_IEEE802_11:
8657 	case DLT_PRISM_HEADER:
8658 	case DLT_IEEE802_11_RADIO_AVS:
8659 	case DLT_IEEE802_11_RADIO:
8660 		b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, type, mask);
8661 		break;
8662 
8663 	default:
8664 		bpf_error(cstate, "802.11 link-layer types supported only on 802.11");
8665 		/*NOTREACHED*/
8666 	}
8667 
8668 	return (b0);
8669 }
8670 
8671 struct block *
8672 gen_p80211_fcdir(compiler_state_t *cstate, bpf_u_int32 fcdir)
8673 {
8674 	struct block *b0;
8675 
8676 	/*
8677 	 * Catch errors reported by us and routines below us, and return NULL
8678 	 * on an error.
8679 	 */
8680 	if (setjmp(cstate->top_ctx))
8681 		return (NULL);
8682 
8683 	switch (cstate->linktype) {
8684 
8685 	case DLT_IEEE802_11:
8686 	case DLT_PRISM_HEADER:
8687 	case DLT_IEEE802_11_RADIO_AVS:
8688 	case DLT_IEEE802_11_RADIO:
8689 		break;
8690 
8691 	default:
8692 		bpf_error(cstate, "frame direction supported only with 802.11 headers");
8693 		/*NOTREACHED*/
8694 	}
8695 
8696 	b0 = gen_mcmp(cstate, OR_LINKHDR, 1, BPF_B, fcdir,
8697 	    IEEE80211_FC1_DIR_MASK);
8698 
8699 	return (b0);
8700 }
8701 
8702 struct block *
8703 gen_acode(compiler_state_t *cstate, const char *s, struct qual q)
8704 {
8705 	struct block *b;
8706 
8707 	/*
8708 	 * Catch errors reported by us and routines below us, and return NULL
8709 	 * on an error.
8710 	 */
8711 	if (setjmp(cstate->top_ctx))
8712 		return (NULL);
8713 
8714 	switch (cstate->linktype) {
8715 
8716 	case DLT_ARCNET:
8717 	case DLT_ARCNET_LINUX:
8718 		if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) &&
8719 		    q.proto == Q_LINK) {
8720 			cstate->e = pcap_ether_aton(s);
8721 			if (cstate->e == NULL)
8722 				bpf_error(cstate, "malloc");
8723 			b = gen_ahostop(cstate, cstate->e, (int)q.dir);
8724 			free(cstate->e);
8725 			cstate->e = NULL;
8726 			return (b);
8727 		} else
8728 			bpf_error(cstate, "ARCnet address used in non-arc expression");
8729  		/*NOTREACHED*/
8730 
8731 	default:
8732 		bpf_error(cstate, "aid supported only on ARCnet");
8733 		/*NOTREACHED*/
8734 	}
8735 }
8736 
8737 static struct block *
8738 gen_ahostop(compiler_state_t *cstate, const u_char *eaddr, int dir)
8739 {
8740 	register struct block *b0, *b1;
8741 
8742 	switch (dir) {
8743 	/* src comes first, different from Ethernet */
8744 	case Q_SRC:
8745 		return gen_bcmp(cstate, OR_LINKHDR, 0, 1, eaddr);
8746 
8747 	case Q_DST:
8748 		return gen_bcmp(cstate, OR_LINKHDR, 1, 1, eaddr);
8749 
8750 	case Q_AND:
8751 		b0 = gen_ahostop(cstate, eaddr, Q_SRC);
8752 		b1 = gen_ahostop(cstate, eaddr, Q_DST);
8753 		gen_and(b0, b1);
8754 		return b1;
8755 
8756 	case Q_DEFAULT:
8757 	case Q_OR:
8758 		b0 = gen_ahostop(cstate, eaddr, Q_SRC);
8759 		b1 = gen_ahostop(cstate, eaddr, Q_DST);
8760 		gen_or(b0, b1);
8761 		return b1;
8762 
8763 	case Q_ADDR1:
8764 		bpf_error(cstate, "'addr1' and 'address1' are only supported on 802.11");
8765  		/*NOTREACHED*/
8766 
8767 	case Q_ADDR2:
8768 		bpf_error(cstate, "'addr2' and 'address2' are only supported on 802.11");
8769  		/*NOTREACHED*/
8770 
8771 	case Q_ADDR3:
8772 		bpf_error(cstate, "'addr3' and 'address3' are only supported on 802.11");
8773  		/*NOTREACHED*/
8774 
8775 	case Q_ADDR4:
8776 		bpf_error(cstate, "'addr4' and 'address4' are only supported on 802.11");
8777  		/*NOTREACHED*/
8778 
8779 	case Q_RA:
8780 		bpf_error(cstate, "'ra' is only supported on 802.11");
8781  		/*NOTREACHED*/
8782 
8783 	case Q_TA:
8784 		bpf_error(cstate, "'ta' is only supported on 802.11");
8785  		/*NOTREACHED*/
8786 	}
8787 	abort();
8788 	/*NOTREACHED*/
8789 }
8790 
8791 static struct block *
8792 gen_vlan_tpid_test(compiler_state_t *cstate)
8793 {
8794 	struct block *b0, *b1;
8795 
8796 	/* check for VLAN, including QinQ */
8797 	b0 = gen_linktype(cstate, ETHERTYPE_8021Q);
8798 	b1 = gen_linktype(cstate, ETHERTYPE_8021AD);
8799 	gen_or(b0,b1);
8800 	b0 = b1;
8801 	b1 = gen_linktype(cstate, ETHERTYPE_8021QINQ);
8802 	gen_or(b0,b1);
8803 
8804 	return b1;
8805 }
8806 
8807 static struct block *
8808 gen_vlan_vid_test(compiler_state_t *cstate, bpf_u_int32 vlan_num)
8809 {
8810 	if (vlan_num > 0x0fff) {
8811 		bpf_error(cstate, "VLAN tag %u greater than maximum %u",
8812 		    vlan_num, 0x0fff);
8813 	}
8814 	return gen_mcmp(cstate, OR_LINKPL, 0, BPF_H, vlan_num, 0x0fff);
8815 }
8816 
8817 static struct block *
8818 gen_vlan_no_bpf_extensions(compiler_state_t *cstate, bpf_u_int32 vlan_num,
8819     int has_vlan_tag)
8820 {
8821 	struct block *b0, *b1;
8822 
8823 	b0 = gen_vlan_tpid_test(cstate);
8824 
8825 	if (has_vlan_tag) {
8826 		b1 = gen_vlan_vid_test(cstate, vlan_num);
8827 		gen_and(b0, b1);
8828 		b0 = b1;
8829 	}
8830 
8831 	/*
8832 	 * Both payload and link header type follow the VLAN tags so that
8833 	 * both need to be updated.
8834 	 */
8835 	cstate->off_linkpl.constant_part += 4;
8836 	cstate->off_linktype.constant_part += 4;
8837 
8838 	return b0;
8839 }
8840 
8841 #if defined(SKF_AD_VLAN_TAG_PRESENT)
8842 /* add v to variable part of off */
8843 static void
8844 gen_vlan_vloffset_add(compiler_state_t *cstate, bpf_abs_offset *off,
8845     bpf_u_int32 v, struct slist *s)
8846 {
8847 	struct slist *s2;
8848 
8849 	if (!off->is_variable)
8850 		off->is_variable = 1;
8851 	if (off->reg == -1)
8852 		off->reg = alloc_reg(cstate);
8853 
8854 	s2 = new_stmt(cstate, BPF_LD|BPF_MEM);
8855 	s2->s.k = off->reg;
8856 	sappend(s, s2);
8857 	s2 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_IMM);
8858 	s2->s.k = v;
8859 	sappend(s, s2);
8860 	s2 = new_stmt(cstate, BPF_ST);
8861 	s2->s.k = off->reg;
8862 	sappend(s, s2);
8863 }
8864 
8865 /*
8866  * patch block b_tpid (VLAN TPID test) to update variable parts of link payload
8867  * and link type offsets first
8868  */
8869 static void
8870 gen_vlan_patch_tpid_test(compiler_state_t *cstate, struct block *b_tpid)
8871 {
8872 	struct slist s;
8873 
8874 	/* offset determined at run time, shift variable part */
8875 	s.next = NULL;
8876 	cstate->is_vlan_vloffset = 1;
8877 	gen_vlan_vloffset_add(cstate, &cstate->off_linkpl, 4, &s);
8878 	gen_vlan_vloffset_add(cstate, &cstate->off_linktype, 4, &s);
8879 
8880 	/* we get a pointer to a chain of or-ed blocks, patch first of them */
8881 	sappend(s.next, b_tpid->head->stmts);
8882 	b_tpid->head->stmts = s.next;
8883 }
8884 
8885 /*
8886  * patch block b_vid (VLAN id test) to load VID value either from packet
8887  * metadata (using BPF extensions) if SKF_AD_VLAN_TAG_PRESENT is true
8888  */
8889 static void
8890 gen_vlan_patch_vid_test(compiler_state_t *cstate, struct block *b_vid)
8891 {
8892 	struct slist *s, *s2, *sjeq;
8893 	unsigned cnt;
8894 
8895 	s = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
8896 	s->s.k = SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT;
8897 
8898 	/* true -> next instructions, false -> beginning of b_vid */
8899 	sjeq = new_stmt(cstate, JMP(BPF_JEQ));
8900 	sjeq->s.k = 1;
8901 	sjeq->s.jf = b_vid->stmts;
8902 	sappend(s, sjeq);
8903 
8904 	s2 = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
8905 	s2->s.k = SKF_AD_OFF + SKF_AD_VLAN_TAG;
8906 	sappend(s, s2);
8907 	sjeq->s.jt = s2;
8908 
8909 	/* Jump to the test in b_vid. We need to jump one instruction before
8910 	 * the end of the b_vid block so that we only skip loading the TCI
8911 	 * from packet data and not the 'and' instruction extractging VID.
8912 	 */
8913 	cnt = 0;
8914 	for (s2 = b_vid->stmts; s2; s2 = s2->next)
8915 		cnt++;
8916 	s2 = new_stmt(cstate, JMP(BPF_JA));
8917 	s2->s.k = cnt - 1;
8918 	sappend(s, s2);
8919 
8920 	/* insert our statements at the beginning of b_vid */
8921 	sappend(s, b_vid->stmts);
8922 	b_vid->stmts = s;
8923 }
8924 
8925 /*
8926  * Generate check for "vlan" or "vlan <id>" on systems with support for BPF
8927  * extensions.  Even if kernel supports VLAN BPF extensions, (outermost) VLAN
8928  * tag can be either in metadata or in packet data; therefore if the
8929  * SKF_AD_VLAN_TAG_PRESENT test is negative, we need to check link
8930  * header for VLAN tag. As the decision is done at run time, we need
8931  * update variable part of the offsets
8932  */
8933 static struct block *
8934 gen_vlan_bpf_extensions(compiler_state_t *cstate, bpf_u_int32 vlan_num,
8935     int has_vlan_tag)
8936 {
8937         struct block *b0, *b_tpid, *b_vid = NULL;
8938         struct slist *s;
8939 
8940         /* generate new filter code based on extracting packet
8941          * metadata */
8942         s = new_stmt(cstate, BPF_LD|BPF_B|BPF_ABS);
8943         s->s.k = SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT;
8944 
8945         b0 = new_block(cstate, JMP(BPF_JEQ));
8946         b0->stmts = s;
8947         b0->s.k = 1;
8948 
8949 	/*
8950 	 * This is tricky. We need to insert the statements updating variable
8951 	 * parts of offsets before the traditional TPID and VID tests so
8952 	 * that they are called whenever SKF_AD_VLAN_TAG_PRESENT fails but
8953 	 * we do not want this update to affect those checks. That's why we
8954 	 * generate both test blocks first and insert the statements updating
8955 	 * variable parts of both offsets after that. This wouldn't work if
8956 	 * there already were variable length link header when entering this
8957 	 * function but gen_vlan_bpf_extensions() isn't called in that case.
8958 	 */
8959 	b_tpid = gen_vlan_tpid_test(cstate);
8960 	if (has_vlan_tag)
8961 		b_vid = gen_vlan_vid_test(cstate, vlan_num);
8962 
8963 	gen_vlan_patch_tpid_test(cstate, b_tpid);
8964 	gen_or(b0, b_tpid);
8965 	b0 = b_tpid;
8966 
8967 	if (has_vlan_tag) {
8968 		gen_vlan_patch_vid_test(cstate, b_vid);
8969 		gen_and(b0, b_vid);
8970 		b0 = b_vid;
8971 	}
8972 
8973         return b0;
8974 }
8975 #endif
8976 
8977 /*
8978  * support IEEE 802.1Q VLAN trunk over ethernet
8979  */
8980 struct block *
8981 gen_vlan(compiler_state_t *cstate, bpf_u_int32 vlan_num, int has_vlan_tag)
8982 {
8983 	struct	block	*b0;
8984 
8985 	/*
8986 	 * Catch errors reported by us and routines below us, and return NULL
8987 	 * on an error.
8988 	 */
8989 	if (setjmp(cstate->top_ctx))
8990 		return (NULL);
8991 
8992 	/* can't check for VLAN-encapsulated packets inside MPLS */
8993 	if (cstate->label_stack_depth > 0)
8994 		bpf_error(cstate, "no VLAN match after MPLS");
8995 
8996 	/*
8997 	 * Check for a VLAN packet, and then change the offsets to point
8998 	 * to the type and data fields within the VLAN packet.  Just
8999 	 * increment the offsets, so that we can support a hierarchy, e.g.
9000 	 * "vlan 300 && vlan 200" to capture VLAN 200 encapsulated within
9001 	 * VLAN 100.
9002 	 *
9003 	 * XXX - this is a bit of a kludge.  If we were to split the
9004 	 * compiler into a parser that parses an expression and
9005 	 * generates an expression tree, and a code generator that
9006 	 * takes an expression tree (which could come from our
9007 	 * parser or from some other parser) and generates BPF code,
9008 	 * we could perhaps make the offsets parameters of routines
9009 	 * and, in the handler for an "AND" node, pass to subnodes
9010 	 * other than the VLAN node the adjusted offsets.
9011 	 *
9012 	 * This would mean that "vlan" would, instead of changing the
9013 	 * behavior of *all* tests after it, change only the behavior
9014 	 * of tests ANDed with it.  That would change the documented
9015 	 * semantics of "vlan", which might break some expressions.
9016 	 * However, it would mean that "(vlan and ip) or ip" would check
9017 	 * both for VLAN-encapsulated IP and IP-over-Ethernet, rather than
9018 	 * checking only for VLAN-encapsulated IP, so that could still
9019 	 * be considered worth doing; it wouldn't break expressions
9020 	 * that are of the form "vlan and ..." or "vlan N and ...",
9021 	 * which I suspect are the most common expressions involving
9022 	 * "vlan".  "vlan or ..." doesn't necessarily do what the user
9023 	 * would really want, now, as all the "or ..." tests would
9024 	 * be done assuming a VLAN, even though the "or" could be viewed
9025 	 * as meaning "or, if this isn't a VLAN packet...".
9026 	 */
9027 	switch (cstate->linktype) {
9028 
9029 	case DLT_EN10MB:
9030 	case DLT_NETANALYZER:
9031 	case DLT_NETANALYZER_TRANSPARENT:
9032 #if defined(SKF_AD_VLAN_TAG_PRESENT)
9033 		/* Verify that this is the outer part of the packet and
9034 		 * not encapsulated somehow. */
9035 		if (cstate->vlan_stack_depth == 0 && !cstate->off_linkhdr.is_variable &&
9036 		    cstate->off_linkhdr.constant_part ==
9037 		    cstate->off_outermostlinkhdr.constant_part) {
9038 			/*
9039 			 * Do we need special VLAN handling?
9040 			 */
9041 			if (cstate->bpf_pcap->bpf_codegen_flags & BPF_SPECIAL_VLAN_HANDLING)
9042 				b0 = gen_vlan_bpf_extensions(cstate, vlan_num,
9043 				    has_vlan_tag);
9044 			else
9045 				b0 = gen_vlan_no_bpf_extensions(cstate,
9046 				    vlan_num, has_vlan_tag);
9047 		} else
9048 #endif
9049 			b0 = gen_vlan_no_bpf_extensions(cstate, vlan_num,
9050 			    has_vlan_tag);
9051                 break;
9052 
9053 	case DLT_IEEE802_11:
9054 	case DLT_PRISM_HEADER:
9055 	case DLT_IEEE802_11_RADIO_AVS:
9056 	case DLT_IEEE802_11_RADIO:
9057 		b0 = gen_vlan_no_bpf_extensions(cstate, vlan_num, has_vlan_tag);
9058 		break;
9059 
9060 	default:
9061 		bpf_error(cstate, "no VLAN support for %s",
9062 		      pcap_datalink_val_to_description_or_dlt(cstate->linktype));
9063 		/*NOTREACHED*/
9064 	}
9065 
9066         cstate->vlan_stack_depth++;
9067 
9068 	return (b0);
9069 }
9070 
9071 /*
9072  * support for MPLS
9073  *
9074  * The label_num_arg dance is to avoid annoying whining by compilers that
9075  * label_num might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
9076  * It's not *used* after setjmp returns.
9077  */
9078 struct block *
9079 gen_mpls(compiler_state_t *cstate, bpf_u_int32 label_num_arg,
9080     int has_label_num)
9081 {
9082 	volatile bpf_u_int32 label_num = label_num_arg;
9083 	struct	block	*b0, *b1;
9084 
9085 	/*
9086 	 * Catch errors reported by us and routines below us, and return NULL
9087 	 * on an error.
9088 	 */
9089 	if (setjmp(cstate->top_ctx))
9090 		return (NULL);
9091 
9092         if (cstate->label_stack_depth > 0) {
9093             /* just match the bottom-of-stack bit clear */
9094             b0 = gen_mcmp(cstate, OR_PREVMPLSHDR, 2, BPF_B, 0, 0x01);
9095         } else {
9096             /*
9097              * We're not in an MPLS stack yet, so check the link-layer
9098              * type against MPLS.
9099              */
9100             switch (cstate->linktype) {
9101 
9102             case DLT_C_HDLC: /* fall through */
9103             case DLT_EN10MB:
9104             case DLT_NETANALYZER:
9105             case DLT_NETANALYZER_TRANSPARENT:
9106                     b0 = gen_linktype(cstate, ETHERTYPE_MPLS);
9107                     break;
9108 
9109             case DLT_PPP:
9110                     b0 = gen_linktype(cstate, PPP_MPLS_UCAST);
9111                     break;
9112 
9113                     /* FIXME add other DLT_s ...
9114                      * for Frame-Relay/and ATM this may get messy due to SNAP headers
9115                      * leave it for now */
9116 
9117             default:
9118                     bpf_error(cstate, "no MPLS support for %s",
9119                           pcap_datalink_val_to_description_or_dlt(cstate->linktype));
9120                     /*NOTREACHED*/
9121             }
9122         }
9123 
9124 	/* If a specific MPLS label is requested, check it */
9125 	if (has_label_num) {
9126 		if (label_num > 0xFFFFF) {
9127 			bpf_error(cstate, "MPLS label %u greater than maximum %u",
9128 			    label_num, 0xFFFFF);
9129 		}
9130 		label_num = label_num << 12; /* label is shifted 12 bits on the wire */
9131 		b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_W, label_num,
9132 		    0xfffff000); /* only compare the first 20 bits */
9133 		gen_and(b0, b1);
9134 		b0 = b1;
9135 	}
9136 
9137         /*
9138          * Change the offsets to point to the type and data fields within
9139          * the MPLS packet.  Just increment the offsets, so that we
9140          * can support a hierarchy, e.g. "mpls 100000 && mpls 1024" to
9141          * capture packets with an outer label of 100000 and an inner
9142          * label of 1024.
9143          *
9144          * Increment the MPLS stack depth as well; this indicates that
9145          * we're checking MPLS-encapsulated headers, to make sure higher
9146          * level code generators don't try to match against IP-related
9147          * protocols such as Q_ARP, Q_RARP etc.
9148          *
9149          * XXX - this is a bit of a kludge.  See comments in gen_vlan().
9150          */
9151         cstate->off_nl_nosnap += 4;
9152         cstate->off_nl += 4;
9153         cstate->label_stack_depth++;
9154 	return (b0);
9155 }
9156 
9157 /*
9158  * Support PPPOE discovery and session.
9159  */
9160 struct block *
9161 gen_pppoed(compiler_state_t *cstate)
9162 {
9163 	/*
9164 	 * Catch errors reported by us and routines below us, and return NULL
9165 	 * on an error.
9166 	 */
9167 	if (setjmp(cstate->top_ctx))
9168 		return (NULL);
9169 
9170 	/* check for PPPoE discovery */
9171 	return gen_linktype(cstate, ETHERTYPE_PPPOED);
9172 }
9173 
9174 struct block *
9175 gen_pppoes(compiler_state_t *cstate, bpf_u_int32 sess_num, int has_sess_num)
9176 {
9177 	struct block *b0, *b1;
9178 
9179 	/*
9180 	 * Catch errors reported by us and routines below us, and return NULL
9181 	 * on an error.
9182 	 */
9183 	if (setjmp(cstate->top_ctx))
9184 		return (NULL);
9185 
9186 	/*
9187 	 * Test against the PPPoE session link-layer type.
9188 	 */
9189 	b0 = gen_linktype(cstate, ETHERTYPE_PPPOES);
9190 
9191 	/* If a specific session is requested, check PPPoE session id */
9192 	if (has_sess_num) {
9193 		if (sess_num > 0x0000ffff) {
9194 			bpf_error(cstate, "PPPoE session number %u greater than maximum %u",
9195 			    sess_num, 0x0000ffff);
9196 		}
9197 		b1 = gen_mcmp(cstate, OR_LINKPL, 0, BPF_W, sess_num, 0x0000ffff);
9198 		gen_and(b0, b1);
9199 		b0 = b1;
9200 	}
9201 
9202 	/*
9203 	 * Change the offsets to point to the type and data fields within
9204 	 * the PPP packet, and note that this is PPPoE rather than
9205 	 * raw PPP.
9206 	 *
9207 	 * XXX - this is a bit of a kludge.  See the comments in
9208 	 * gen_vlan().
9209 	 *
9210 	 * The "network-layer" protocol is PPPoE, which has a 6-byte
9211 	 * PPPoE header, followed by a PPP packet.
9212 	 *
9213 	 * There is no HDLC encapsulation for the PPP packet (it's
9214 	 * encapsulated in PPPoES instead), so the link-layer type
9215 	 * starts at the first byte of the PPP packet.  For PPPoE,
9216 	 * that offset is relative to the beginning of the total
9217 	 * link-layer payload, including any 802.2 LLC header, so
9218 	 * it's 6 bytes past cstate->off_nl.
9219 	 */
9220 	PUSH_LINKHDR(cstate, DLT_PPP, cstate->off_linkpl.is_variable,
9221 	    cstate->off_linkpl.constant_part + cstate->off_nl + 6, /* 6 bytes past the PPPoE header */
9222 	    cstate->off_linkpl.reg);
9223 
9224 	cstate->off_linktype = cstate->off_linkhdr;
9225 	cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 2;
9226 
9227 	cstate->off_nl = 0;
9228 	cstate->off_nl_nosnap = 0;	/* no 802.2 LLC */
9229 
9230 	return b0;
9231 }
9232 
9233 /* Check that this is Geneve and the VNI is correct if
9234  * specified. Parameterized to handle both IPv4 and IPv6. */
9235 static struct block *
9236 gen_geneve_check(compiler_state_t *cstate,
9237     struct block *(*gen_portfn)(compiler_state_t *, u_int, int, int),
9238     enum e_offrel offrel, bpf_u_int32 vni, int has_vni)
9239 {
9240 	struct block *b0, *b1;
9241 
9242 	b0 = gen_portfn(cstate, GENEVE_PORT, IPPROTO_UDP, Q_DST);
9243 
9244 	/* Check that we are operating on version 0. Otherwise, we
9245 	 * can't decode the rest of the fields. The version is 2 bits
9246 	 * in the first byte of the Geneve header. */
9247 	b1 = gen_mcmp(cstate, offrel, 8, BPF_B, 0, 0xc0);
9248 	gen_and(b0, b1);
9249 	b0 = b1;
9250 
9251 	if (has_vni) {
9252 		if (vni > 0xffffff) {
9253 			bpf_error(cstate, "Geneve VNI %u greater than maximum %u",
9254 			    vni, 0xffffff);
9255 		}
9256 		vni <<= 8; /* VNI is in the upper 3 bytes */
9257 		b1 = gen_mcmp(cstate, offrel, 12, BPF_W, vni, 0xffffff00);
9258 		gen_and(b0, b1);
9259 		b0 = b1;
9260 	}
9261 
9262 	return b0;
9263 }
9264 
9265 /* The IPv4 and IPv6 Geneve checks need to do two things:
9266  * - Verify that this actually is Geneve with the right VNI.
9267  * - Place the IP header length (plus variable link prefix if
9268  *   needed) into register A to be used later to compute
9269  *   the inner packet offsets. */
9270 static struct block *
9271 gen_geneve4(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni)
9272 {
9273 	struct block *b0, *b1;
9274 	struct slist *s, *s1;
9275 
9276 	b0 = gen_geneve_check(cstate, gen_port, OR_TRAN_IPV4, vni, has_vni);
9277 
9278 	/* Load the IP header length into A. */
9279 	s = gen_loadx_iphdrlen(cstate);
9280 
9281 	s1 = new_stmt(cstate, BPF_MISC|BPF_TXA);
9282 	sappend(s, s1);
9283 
9284 	/* Forcibly append these statements to the true condition
9285 	 * of the protocol check by creating a new block that is
9286 	 * always true and ANDing them. */
9287 	b1 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X);
9288 	b1->stmts = s;
9289 	b1->s.k = 0;
9290 
9291 	gen_and(b0, b1);
9292 
9293 	return b1;
9294 }
9295 
9296 static struct block *
9297 gen_geneve6(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni)
9298 {
9299 	struct block *b0, *b1;
9300 	struct slist *s, *s1;
9301 
9302 	b0 = gen_geneve_check(cstate, gen_port6, OR_TRAN_IPV6, vni, has_vni);
9303 
9304 	/* Load the IP header length. We need to account for a
9305 	 * variable length link prefix if there is one. */
9306 	s = gen_abs_offset_varpart(cstate, &cstate->off_linkpl);
9307 	if (s) {
9308 		s1 = new_stmt(cstate, BPF_LD|BPF_IMM);
9309 		s1->s.k = 40;
9310 		sappend(s, s1);
9311 
9312 		s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X);
9313 		s1->s.k = 0;
9314 		sappend(s, s1);
9315 	} else {
9316 		s = new_stmt(cstate, BPF_LD|BPF_IMM);
9317 		s->s.k = 40;
9318 	}
9319 
9320 	/* Forcibly append these statements to the true condition
9321 	 * of the protocol check by creating a new block that is
9322 	 * always true and ANDing them. */
9323 	s1 = new_stmt(cstate, BPF_MISC|BPF_TAX);
9324 	sappend(s, s1);
9325 
9326 	b1 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X);
9327 	b1->stmts = s;
9328 	b1->s.k = 0;
9329 
9330 	gen_and(b0, b1);
9331 
9332 	return b1;
9333 }
9334 
9335 /* We need to store three values based on the Geneve header::
9336  * - The offset of the linktype.
9337  * - The offset of the end of the Geneve header.
9338  * - The offset of the end of the encapsulated MAC header. */
9339 static struct slist *
9340 gen_geneve_offsets(compiler_state_t *cstate)
9341 {
9342 	struct slist *s, *s1, *s_proto;
9343 
9344 	/* First we need to calculate the offset of the Geneve header
9345 	 * itself. This is composed of the IP header previously calculated
9346 	 * (include any variable link prefix) and stored in A plus the
9347 	 * fixed sized headers (fixed link prefix, MAC length, and UDP
9348 	 * header). */
9349 	s = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9350 	s->s.k = cstate->off_linkpl.constant_part + cstate->off_nl + 8;
9351 
9352 	/* Stash this in X since we'll need it later. */
9353 	s1 = new_stmt(cstate, BPF_MISC|BPF_TAX);
9354 	sappend(s, s1);
9355 
9356 	/* The EtherType in Geneve is 2 bytes in. Calculate this and
9357 	 * store it. */
9358 	s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9359 	s1->s.k = 2;
9360 	sappend(s, s1);
9361 
9362 	cstate->off_linktype.reg = alloc_reg(cstate);
9363 	cstate->off_linktype.is_variable = 1;
9364 	cstate->off_linktype.constant_part = 0;
9365 
9366 	s1 = new_stmt(cstate, BPF_ST);
9367 	s1->s.k = cstate->off_linktype.reg;
9368 	sappend(s, s1);
9369 
9370 	/* Load the Geneve option length and mask and shift to get the
9371 	 * number of bytes. It is stored in the first byte of the Geneve
9372 	 * header. */
9373 	s1 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_B);
9374 	s1->s.k = 0;
9375 	sappend(s, s1);
9376 
9377 	s1 = new_stmt(cstate, BPF_ALU|BPF_AND|BPF_K);
9378 	s1->s.k = 0x3f;
9379 	sappend(s, s1);
9380 
9381 	s1 = new_stmt(cstate, BPF_ALU|BPF_MUL|BPF_K);
9382 	s1->s.k = 4;
9383 	sappend(s, s1);
9384 
9385 	/* Add in the rest of the Geneve base header. */
9386 	s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9387 	s1->s.k = 8;
9388 	sappend(s, s1);
9389 
9390 	/* Add the Geneve header length to its offset and store. */
9391 	s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_X);
9392 	s1->s.k = 0;
9393 	sappend(s, s1);
9394 
9395 	/* Set the encapsulated type as Ethernet. Even though we may
9396 	 * not actually have Ethernet inside there are two reasons this
9397 	 * is useful:
9398 	 * - The linktype field is always in EtherType format regardless
9399 	 *   of whether it is in Geneve or an inner Ethernet frame.
9400 	 * - The only link layer that we have specific support for is
9401 	 *   Ethernet. We will confirm that the packet actually is
9402 	 *   Ethernet at runtime before executing these checks. */
9403 	PUSH_LINKHDR(cstate, DLT_EN10MB, 1, 0, alloc_reg(cstate));
9404 
9405 	s1 = new_stmt(cstate, BPF_ST);
9406 	s1->s.k = cstate->off_linkhdr.reg;
9407 	sappend(s, s1);
9408 
9409 	/* Calculate whether we have an Ethernet header or just raw IP/
9410 	 * MPLS/etc. If we have Ethernet, advance the end of the MAC offset
9411 	 * and linktype by 14 bytes so that the network header can be found
9412 	 * seamlessly. Otherwise, keep what we've calculated already. */
9413 
9414 	/* We have a bare jmp so we can't use the optimizer. */
9415 	cstate->no_optimize = 1;
9416 
9417 	/* Load the EtherType in the Geneve header, 2 bytes in. */
9418 	s1 = new_stmt(cstate, BPF_LD|BPF_IND|BPF_H);
9419 	s1->s.k = 2;
9420 	sappend(s, s1);
9421 
9422 	/* Load X with the end of the Geneve header. */
9423 	s1 = new_stmt(cstate, BPF_LDX|BPF_MEM);
9424 	s1->s.k = cstate->off_linkhdr.reg;
9425 	sappend(s, s1);
9426 
9427 	/* Check if the EtherType is Transparent Ethernet Bridging. At the
9428 	 * end of this check, we should have the total length in X. In
9429 	 * the non-Ethernet case, it's already there. */
9430 	s_proto = new_stmt(cstate, JMP(BPF_JEQ));
9431 	s_proto->s.k = ETHERTYPE_TEB;
9432 	sappend(s, s_proto);
9433 
9434 	s1 = new_stmt(cstate, BPF_MISC|BPF_TXA);
9435 	sappend(s, s1);
9436 	s_proto->s.jt = s1;
9437 
9438 	/* Since this is Ethernet, use the EtherType of the payload
9439 	 * directly as the linktype. Overwrite what we already have. */
9440 	s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9441 	s1->s.k = 12;
9442 	sappend(s, s1);
9443 
9444 	s1 = new_stmt(cstate, BPF_ST);
9445 	s1->s.k = cstate->off_linktype.reg;
9446 	sappend(s, s1);
9447 
9448 	/* Advance two bytes further to get the end of the Ethernet
9449 	 * header. */
9450 	s1 = new_stmt(cstate, BPF_ALU|BPF_ADD|BPF_K);
9451 	s1->s.k = 2;
9452 	sappend(s, s1);
9453 
9454 	/* Move the result to X. */
9455 	s1 = new_stmt(cstate, BPF_MISC|BPF_TAX);
9456 	sappend(s, s1);
9457 
9458 	/* Store the final result of our linkpl calculation. */
9459 	cstate->off_linkpl.reg = alloc_reg(cstate);
9460 	cstate->off_linkpl.is_variable = 1;
9461 	cstate->off_linkpl.constant_part = 0;
9462 
9463 	s1 = new_stmt(cstate, BPF_STX);
9464 	s1->s.k = cstate->off_linkpl.reg;
9465 	sappend(s, s1);
9466 	s_proto->s.jf = s1;
9467 
9468 	cstate->off_nl = 0;
9469 
9470 	return s;
9471 }
9472 
9473 /* Check to see if this is a Geneve packet. */
9474 struct block *
9475 gen_geneve(compiler_state_t *cstate, bpf_u_int32 vni, int has_vni)
9476 {
9477 	struct block *b0, *b1;
9478 	struct slist *s;
9479 
9480 	/*
9481 	 * Catch errors reported by us and routines below us, and return NULL
9482 	 * on an error.
9483 	 */
9484 	if (setjmp(cstate->top_ctx))
9485 		return (NULL);
9486 
9487 	b0 = gen_geneve4(cstate, vni, has_vni);
9488 	b1 = gen_geneve6(cstate, vni, has_vni);
9489 
9490 	gen_or(b0, b1);
9491 	b0 = b1;
9492 
9493 	/* Later filters should act on the payload of the Geneve frame,
9494 	 * update all of the header pointers. Attach this code so that
9495 	 * it gets executed in the event that the Geneve filter matches. */
9496 	s = gen_geneve_offsets(cstate);
9497 
9498 	b1 = gen_true(cstate);
9499 	sappend(s, b1->stmts);
9500 	b1->stmts = s;
9501 
9502 	gen_and(b0, b1);
9503 
9504 	cstate->is_geneve = 1;
9505 
9506 	return b1;
9507 }
9508 
9509 /* Check that the encapsulated frame has a link layer header
9510  * for Ethernet filters. */
9511 static struct block *
9512 gen_geneve_ll_check(compiler_state_t *cstate)
9513 {
9514 	struct block *b0;
9515 	struct slist *s, *s1;
9516 
9517 	/* The easiest way to see if there is a link layer present
9518 	 * is to check if the link layer header and payload are not
9519 	 * the same. */
9520 
9521 	/* Geneve always generates pure variable offsets so we can
9522 	 * compare only the registers. */
9523 	s = new_stmt(cstate, BPF_LD|BPF_MEM);
9524 	s->s.k = cstate->off_linkhdr.reg;
9525 
9526 	s1 = new_stmt(cstate, BPF_LDX|BPF_MEM);
9527 	s1->s.k = cstate->off_linkpl.reg;
9528 	sappend(s, s1);
9529 
9530 	b0 = new_block(cstate, BPF_JMP|BPF_JEQ|BPF_X);
9531 	b0->stmts = s;
9532 	b0->s.k = 0;
9533 	gen_not(b0);
9534 
9535 	return b0;
9536 }
9537 
9538 static struct block *
9539 gen_atmfield_code_internal(compiler_state_t *cstate, int atmfield,
9540     bpf_u_int32 jvalue, int jtype, int reverse)
9541 {
9542 	struct block *b0;
9543 
9544 	switch (atmfield) {
9545 
9546 	case A_VPI:
9547 		if (!cstate->is_atm)
9548 			bpf_error(cstate, "'vpi' supported only on raw ATM");
9549 		if (cstate->off_vpi == OFFSET_NOT_SET)
9550 			abort();
9551 		b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_vpi, BPF_B,
9552 		    0xffffffffU, jtype, reverse, jvalue);
9553 		break;
9554 
9555 	case A_VCI:
9556 		if (!cstate->is_atm)
9557 			bpf_error(cstate, "'vci' supported only on raw ATM");
9558 		if (cstate->off_vci == OFFSET_NOT_SET)
9559 			abort();
9560 		b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_vci, BPF_H,
9561 		    0xffffffffU, jtype, reverse, jvalue);
9562 		break;
9563 
9564 	case A_PROTOTYPE:
9565 		if (cstate->off_proto == OFFSET_NOT_SET)
9566 			abort();	/* XXX - this isn't on FreeBSD */
9567 		b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_proto, BPF_B,
9568 		    0x0fU, jtype, reverse, jvalue);
9569 		break;
9570 
9571 	case A_MSGTYPE:
9572 		if (cstate->off_payload == OFFSET_NOT_SET)
9573 			abort();
9574 		b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_payload + MSG_TYPE_POS, BPF_B,
9575 		    0xffffffffU, jtype, reverse, jvalue);
9576 		break;
9577 
9578 	case A_CALLREFTYPE:
9579 		if (!cstate->is_atm)
9580 			bpf_error(cstate, "'callref' supported only on raw ATM");
9581 		if (cstate->off_proto == OFFSET_NOT_SET)
9582 			abort();
9583 		b0 = gen_ncmp(cstate, OR_LINKHDR, cstate->off_proto, BPF_B,
9584 		    0xffffffffU, jtype, reverse, jvalue);
9585 		break;
9586 
9587 	default:
9588 		abort();
9589 	}
9590 	return b0;
9591 }
9592 
9593 static struct block *
9594 gen_atmtype_metac(compiler_state_t *cstate)
9595 {
9596 	struct block *b0, *b1;
9597 
9598 	b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9599 	b1 = gen_atmfield_code_internal(cstate, A_VCI, 1, BPF_JEQ, 0);
9600 	gen_and(b0, b1);
9601 	return b1;
9602 }
9603 
9604 static struct block *
9605 gen_atmtype_sc(compiler_state_t *cstate)
9606 {
9607 	struct block *b0, *b1;
9608 
9609 	b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9610 	b1 = gen_atmfield_code_internal(cstate, A_VCI, 5, BPF_JEQ, 0);
9611 	gen_and(b0, b1);
9612 	return b1;
9613 }
9614 
9615 static struct block *
9616 gen_atmtype_llc(compiler_state_t *cstate)
9617 {
9618 	struct block *b0;
9619 
9620 	b0 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LLC, BPF_JEQ, 0);
9621 	cstate->linktype = cstate->prevlinktype;
9622 	return b0;
9623 }
9624 
9625 struct block *
9626 gen_atmfield_code(compiler_state_t *cstate, int atmfield,
9627     bpf_u_int32 jvalue, int jtype, int reverse)
9628 {
9629 	/*
9630 	 * Catch errors reported by us and routines below us, and return NULL
9631 	 * on an error.
9632 	 */
9633 	if (setjmp(cstate->top_ctx))
9634 		return (NULL);
9635 
9636 	return gen_atmfield_code_internal(cstate, atmfield, jvalue, jtype,
9637 	    reverse);
9638 }
9639 
9640 struct block *
9641 gen_atmtype_abbrev(compiler_state_t *cstate, int type)
9642 {
9643 	struct block *b0, *b1;
9644 
9645 	/*
9646 	 * Catch errors reported by us and routines below us, and return NULL
9647 	 * on an error.
9648 	 */
9649 	if (setjmp(cstate->top_ctx))
9650 		return (NULL);
9651 
9652 	switch (type) {
9653 
9654 	case A_METAC:
9655 		/* Get all packets in Meta signalling Circuit */
9656 		if (!cstate->is_atm)
9657 			bpf_error(cstate, "'metac' supported only on raw ATM");
9658 		b1 = gen_atmtype_metac(cstate);
9659 		break;
9660 
9661 	case A_BCC:
9662 		/* Get all packets in Broadcast Circuit*/
9663 		if (!cstate->is_atm)
9664 			bpf_error(cstate, "'bcc' supported only on raw ATM");
9665 		b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9666 		b1 = gen_atmfield_code_internal(cstate, A_VCI, 2, BPF_JEQ, 0);
9667 		gen_and(b0, b1);
9668 		break;
9669 
9670 	case A_OAMF4SC:
9671 		/* Get all cells in Segment OAM F4 circuit*/
9672 		if (!cstate->is_atm)
9673 			bpf_error(cstate, "'oam4sc' supported only on raw ATM");
9674 		b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9675 		b1 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0);
9676 		gen_and(b0, b1);
9677 		break;
9678 
9679 	case A_OAMF4EC:
9680 		/* Get all cells in End-to-End OAM F4 Circuit*/
9681 		if (!cstate->is_atm)
9682 			bpf_error(cstate, "'oam4ec' supported only on raw ATM");
9683 		b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9684 		b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0);
9685 		gen_and(b0, b1);
9686 		break;
9687 
9688 	case A_SC:
9689 		/*  Get all packets in connection Signalling Circuit */
9690 		if (!cstate->is_atm)
9691 			bpf_error(cstate, "'sc' supported only on raw ATM");
9692 		b1 = gen_atmtype_sc(cstate);
9693 		break;
9694 
9695 	case A_ILMIC:
9696 		/* Get all packets in ILMI Circuit */
9697 		if (!cstate->is_atm)
9698 			bpf_error(cstate, "'ilmic' supported only on raw ATM");
9699 		b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
9700 		b1 = gen_atmfield_code_internal(cstate, A_VCI, 16, BPF_JEQ, 0);
9701 		gen_and(b0, b1);
9702 		break;
9703 
9704 	case A_LANE:
9705 		/* Get all LANE packets */
9706 		if (!cstate->is_atm)
9707 			bpf_error(cstate, "'lane' supported only on raw ATM");
9708 		b1 = gen_atmfield_code_internal(cstate, A_PROTOTYPE, PT_LANE, BPF_JEQ, 0);
9709 
9710 		/*
9711 		 * Arrange that all subsequent tests assume LANE
9712 		 * rather than LLC-encapsulated packets, and set
9713 		 * the offsets appropriately for LANE-encapsulated
9714 		 * Ethernet.
9715 		 *
9716 		 * We assume LANE means Ethernet, not Token Ring.
9717 		 */
9718 		PUSH_LINKHDR(cstate, DLT_EN10MB, 0,
9719 		    cstate->off_payload + 2,	/* Ethernet header */
9720 		    -1);
9721 		cstate->off_linktype.constant_part = cstate->off_linkhdr.constant_part + 12;
9722 		cstate->off_linkpl.constant_part = cstate->off_linkhdr.constant_part + 14;	/* Ethernet */
9723 		cstate->off_nl = 0;			/* Ethernet II */
9724 		cstate->off_nl_nosnap = 3;		/* 802.3+802.2 */
9725 		break;
9726 
9727 	case A_LLC:
9728 		/* Get all LLC-encapsulated packets */
9729 		if (!cstate->is_atm)
9730 			bpf_error(cstate, "'llc' supported only on raw ATM");
9731 		b1 = gen_atmtype_llc(cstate);
9732 		break;
9733 
9734 	default:
9735 		abort();
9736 	}
9737 	return b1;
9738 }
9739 
9740 /*
9741  * Filtering for MTP2 messages based on li value
9742  * FISU, length is null
9743  * LSSU, length is 1 or 2
9744  * MSU, length is 3 or more
9745  * For MTP2_HSL, sequences are on 2 bytes, and length on 9 bits
9746  */
9747 struct block *
9748 gen_mtp2type_abbrev(compiler_state_t *cstate, int type)
9749 {
9750 	struct block *b0, *b1;
9751 
9752 	/*
9753 	 * Catch errors reported by us and routines below us, and return NULL
9754 	 * on an error.
9755 	 */
9756 	if (setjmp(cstate->top_ctx))
9757 		return (NULL);
9758 
9759 	switch (type) {
9760 
9761 	case M_FISU:
9762 		if ( (cstate->linktype != DLT_MTP2) &&
9763 		     (cstate->linktype != DLT_ERF) &&
9764 		     (cstate->linktype != DLT_MTP2_WITH_PHDR) )
9765 			bpf_error(cstate, "'fisu' supported only on MTP2");
9766 		/* gen_ncmp(cstate, offrel, offset, size, mask, jtype, reverse, value) */
9767 		b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
9768 		    0x3fU, BPF_JEQ, 0, 0U);
9769 		break;
9770 
9771 	case M_LSSU:
9772 		if ( (cstate->linktype != DLT_MTP2) &&
9773 		     (cstate->linktype != DLT_ERF) &&
9774 		     (cstate->linktype != DLT_MTP2_WITH_PHDR) )
9775 			bpf_error(cstate, "'lssu' supported only on MTP2");
9776 		b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
9777 		    0x3fU, BPF_JGT, 1, 2U);
9778 		b1 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
9779 		    0x3fU, BPF_JGT, 0, 0U);
9780 		gen_and(b1, b0);
9781 		break;
9782 
9783 	case M_MSU:
9784 		if ( (cstate->linktype != DLT_MTP2) &&
9785 		     (cstate->linktype != DLT_ERF) &&
9786 		     (cstate->linktype != DLT_MTP2_WITH_PHDR) )
9787 			bpf_error(cstate, "'msu' supported only on MTP2");
9788 		b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li, BPF_B,
9789 		    0x3fU, BPF_JGT, 0, 2U);
9790 		break;
9791 
9792 	case MH_FISU:
9793 		if ( (cstate->linktype != DLT_MTP2) &&
9794 		     (cstate->linktype != DLT_ERF) &&
9795 		     (cstate->linktype != DLT_MTP2_WITH_PHDR) )
9796 			bpf_error(cstate, "'hfisu' supported only on MTP2_HSL");
9797 		/* gen_ncmp(cstate, offrel, offset, size, mask, jtype, reverse, value) */
9798 		b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
9799 		    0xff80U, BPF_JEQ, 0, 0U);
9800 		break;
9801 
9802 	case MH_LSSU:
9803 		if ( (cstate->linktype != DLT_MTP2) &&
9804 		     (cstate->linktype != DLT_ERF) &&
9805 		     (cstate->linktype != DLT_MTP2_WITH_PHDR) )
9806 			bpf_error(cstate, "'hlssu' supported only on MTP2_HSL");
9807 		b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
9808 		    0xff80U, BPF_JGT, 1, 0x0100U);
9809 		b1 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
9810 		    0xff80U, BPF_JGT, 0, 0U);
9811 		gen_and(b1, b0);
9812 		break;
9813 
9814 	case MH_MSU:
9815 		if ( (cstate->linktype != DLT_MTP2) &&
9816 		     (cstate->linktype != DLT_ERF) &&
9817 		     (cstate->linktype != DLT_MTP2_WITH_PHDR) )
9818 			bpf_error(cstate, "'hmsu' supported only on MTP2_HSL");
9819 		b0 = gen_ncmp(cstate, OR_PACKET, cstate->off_li_hsl, BPF_H,
9820 		    0xff80U, BPF_JGT, 0, 0x0100U);
9821 		break;
9822 
9823 	default:
9824 		abort();
9825 	}
9826 	return b0;
9827 }
9828 
9829 /*
9830  * The jvalue_arg dance is to avoid annoying whining by compilers that
9831  * jvalue might be clobbered by longjmp - yeah, it might, but *WHO CARES*?
9832  * It's not *used* after setjmp returns.
9833  */
9834 struct block *
9835 gen_mtp3field_code(compiler_state_t *cstate, int mtp3field,
9836     bpf_u_int32 jvalue_arg, int jtype, int reverse)
9837 {
9838 	volatile bpf_u_int32 jvalue = jvalue_arg;
9839 	struct block *b0;
9840 	bpf_u_int32 val1 , val2 , val3;
9841 	u_int newoff_sio;
9842 	u_int newoff_opc;
9843 	u_int newoff_dpc;
9844 	u_int newoff_sls;
9845 
9846 	/*
9847 	 * Catch errors reported by us and routines below us, and return NULL
9848 	 * on an error.
9849 	 */
9850 	if (setjmp(cstate->top_ctx))
9851 		return (NULL);
9852 
9853 	newoff_sio = cstate->off_sio;
9854 	newoff_opc = cstate->off_opc;
9855 	newoff_dpc = cstate->off_dpc;
9856 	newoff_sls = cstate->off_sls;
9857 	switch (mtp3field) {
9858 
9859 	case MH_SIO:
9860 		newoff_sio += 3; /* offset for MTP2_HSL */
9861 		/* FALLTHROUGH */
9862 
9863 	case M_SIO:
9864 		if (cstate->off_sio == OFFSET_NOT_SET)
9865 			bpf_error(cstate, "'sio' supported only on SS7");
9866 		/* sio coded on 1 byte so max value 255 */
9867 		if(jvalue > 255)
9868 		        bpf_error(cstate, "sio value %u too big; max value = 255",
9869 		            jvalue);
9870 		b0 = gen_ncmp(cstate, OR_PACKET, newoff_sio, BPF_B, 0xffffffffU,
9871 		    jtype, reverse, jvalue);
9872 		break;
9873 
9874 	case MH_OPC:
9875 		newoff_opc += 3;
9876 
9877 		/* FALLTHROUGH */
9878         case M_OPC:
9879 	        if (cstate->off_opc == OFFSET_NOT_SET)
9880 			bpf_error(cstate, "'opc' supported only on SS7");
9881 		/* opc coded on 14 bits so max value 16383 */
9882 		if (jvalue > 16383)
9883 		        bpf_error(cstate, "opc value %u too big; max value = 16383",
9884 		            jvalue);
9885 		/* the following instructions are made to convert jvalue
9886 		 * to the form used to write opc in an ss7 message*/
9887 		val1 = jvalue & 0x00003c00;
9888 		val1 = val1 >>10;
9889 		val2 = jvalue & 0x000003fc;
9890 		val2 = val2 <<6;
9891 		val3 = jvalue & 0x00000003;
9892 		val3 = val3 <<22;
9893 		jvalue = val1 + val2 + val3;
9894 		b0 = gen_ncmp(cstate, OR_PACKET, newoff_opc, BPF_W, 0x00c0ff0fU,
9895 		    jtype, reverse, jvalue);
9896 		break;
9897 
9898 	case MH_DPC:
9899 		newoff_dpc += 3;
9900 		/* FALLTHROUGH */
9901 
9902 	case M_DPC:
9903 	        if (cstate->off_dpc == OFFSET_NOT_SET)
9904 			bpf_error(cstate, "'dpc' supported only on SS7");
9905 		/* dpc coded on 14 bits so max value 16383 */
9906 		if (jvalue > 16383)
9907 		        bpf_error(cstate, "dpc value %u too big; max value = 16383",
9908 		            jvalue);
9909 		/* the following instructions are made to convert jvalue
9910 		 * to the forme used to write dpc in an ss7 message*/
9911 		val1 = jvalue & 0x000000ff;
9912 		val1 = val1 << 24;
9913 		val2 = jvalue & 0x00003f00;
9914 		val2 = val2 << 8;
9915 		jvalue = val1 + val2;
9916 		b0 = gen_ncmp(cstate, OR_PACKET, newoff_dpc, BPF_W, 0xff3f0000U,
9917 		    jtype, reverse, jvalue);
9918 		break;
9919 
9920 	case MH_SLS:
9921 		newoff_sls += 3;
9922 		/* FALLTHROUGH */
9923 
9924 	case M_SLS:
9925 	        if (cstate->off_sls == OFFSET_NOT_SET)
9926 			bpf_error(cstate, "'sls' supported only on SS7");
9927 		/* sls coded on 4 bits so max value 15 */
9928 		if (jvalue > 15)
9929 		         bpf_error(cstate, "sls value %u too big; max value = 15",
9930 		             jvalue);
9931 		/* the following instruction is made to convert jvalue
9932 		 * to the forme used to write sls in an ss7 message*/
9933 		jvalue = jvalue << 4;
9934 		b0 = gen_ncmp(cstate, OR_PACKET, newoff_sls, BPF_B, 0xf0U,
9935 		    jtype, reverse, jvalue);
9936 		break;
9937 
9938 	default:
9939 		abort();
9940 	}
9941 	return b0;
9942 }
9943 
9944 static struct block *
9945 gen_msg_abbrev(compiler_state_t *cstate, int type)
9946 {
9947 	struct block *b1;
9948 
9949 	/*
9950 	 * Q.2931 signalling protocol messages for handling virtual circuits
9951 	 * establishment and teardown
9952 	 */
9953 	switch (type) {
9954 
9955 	case A_SETUP:
9956 		b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, SETUP, BPF_JEQ, 0);
9957 		break;
9958 
9959 	case A_CALLPROCEED:
9960 		b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CALL_PROCEED, BPF_JEQ, 0);
9961 		break;
9962 
9963 	case A_CONNECT:
9964 		b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CONNECT, BPF_JEQ, 0);
9965 		break;
9966 
9967 	case A_CONNECTACK:
9968 		b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, CONNECT_ACK, BPF_JEQ, 0);
9969 		break;
9970 
9971 	case A_RELEASE:
9972 		b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, RELEASE, BPF_JEQ, 0);
9973 		break;
9974 
9975 	case A_RELEASE_DONE:
9976 		b1 = gen_atmfield_code_internal(cstate, A_MSGTYPE, RELEASE_DONE, BPF_JEQ, 0);
9977 		break;
9978 
9979 	default:
9980 		abort();
9981 	}
9982 	return b1;
9983 }
9984 
9985 struct block *
9986 gen_atmmulti_abbrev(compiler_state_t *cstate, int type)
9987 {
9988 	struct block *b0, *b1;
9989 
9990 	/*
9991 	 * Catch errors reported by us and routines below us, and return NULL
9992 	 * on an error.
9993 	 */
9994 	if (setjmp(cstate->top_ctx))
9995 		return (NULL);
9996 
9997 	switch (type) {
9998 
9999 	case A_OAM:
10000 		if (!cstate->is_atm)
10001 			bpf_error(cstate, "'oam' supported only on raw ATM");
10002 		/* OAM F4 type */
10003 		b0 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0);
10004 		b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0);
10005 		gen_or(b0, b1);
10006 		b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
10007 		gen_and(b0, b1);
10008 		break;
10009 
10010 	case A_OAMF4:
10011 		if (!cstate->is_atm)
10012 			bpf_error(cstate, "'oamf4' supported only on raw ATM");
10013 		/* OAM F4 type */
10014 		b0 = gen_atmfield_code_internal(cstate, A_VCI, 3, BPF_JEQ, 0);
10015 		b1 = gen_atmfield_code_internal(cstate, A_VCI, 4, BPF_JEQ, 0);
10016 		gen_or(b0, b1);
10017 		b0 = gen_atmfield_code_internal(cstate, A_VPI, 0, BPF_JEQ, 0);
10018 		gen_and(b0, b1);
10019 		break;
10020 
10021 	case A_CONNECTMSG:
10022 		/*
10023 		 * Get Q.2931 signalling messages for switched
10024 		 * virtual connection
10025 		 */
10026 		if (!cstate->is_atm)
10027 			bpf_error(cstate, "'connectmsg' supported only on raw ATM");
10028 		b0 = gen_msg_abbrev(cstate, A_SETUP);
10029 		b1 = gen_msg_abbrev(cstate, A_CALLPROCEED);
10030 		gen_or(b0, b1);
10031 		b0 = gen_msg_abbrev(cstate, A_CONNECT);
10032 		gen_or(b0, b1);
10033 		b0 = gen_msg_abbrev(cstate, A_CONNECTACK);
10034 		gen_or(b0, b1);
10035 		b0 = gen_msg_abbrev(cstate, A_RELEASE);
10036 		gen_or(b0, b1);
10037 		b0 = gen_msg_abbrev(cstate, A_RELEASE_DONE);
10038 		gen_or(b0, b1);
10039 		b0 = gen_atmtype_sc(cstate);
10040 		gen_and(b0, b1);
10041 		break;
10042 
10043 	case A_METACONNECT:
10044 		if (!cstate->is_atm)
10045 			bpf_error(cstate, "'metaconnect' supported only on raw ATM");
10046 		b0 = gen_msg_abbrev(cstate, A_SETUP);
10047 		b1 = gen_msg_abbrev(cstate, A_CALLPROCEED);
10048 		gen_or(b0, b1);
10049 		b0 = gen_msg_abbrev(cstate, A_CONNECT);
10050 		gen_or(b0, b1);
10051 		b0 = gen_msg_abbrev(cstate, A_RELEASE);
10052 		gen_or(b0, b1);
10053 		b0 = gen_msg_abbrev(cstate, A_RELEASE_DONE);
10054 		gen_or(b0, b1);
10055 		b0 = gen_atmtype_metac(cstate);
10056 		gen_and(b0, b1);
10057 		break;
10058 
10059 	default:
10060 		abort();
10061 	}
10062 	return b1;
10063 }
10064