1 /* $OpenBSD: gencode.c,v 1.52 2018/12/09 15:07:06 denis Exp $ */ 2 3 /* 4 * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998 5 * The Regents of the University of California. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that: (1) source code distributions 9 * retain the above copyright notice and this paragraph in its entirety, (2) 10 * distributions including binary code include the above copyright notice and 11 * this paragraph in its entirety in the documentation or other materials 12 * provided with the distribution, and (3) all advertising materials mentioning 13 * features or use of this software display the following acknowledgement: 14 * ``This product includes software developed by the University of California, 15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 16 * the University nor the names of its contributors may be used to endorse 17 * or promote products derived from this software without specific prior 18 * written permission. 19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 22 */ 23 24 #include <sys/param.h> /* ALIGN */ 25 #include <sys/types.h> 26 #include <sys/socket.h> 27 #include <sys/time.h> 28 29 struct mbuf; 30 struct rtentry; 31 32 #include <net/if.h> 33 34 #include <netinet/in.h> 35 #include <netinet/if_ether.h> 36 37 #include <net/if_pflog.h> 38 #include <net/pfvar.h> 39 40 #include <netmpls/mpls.h> 41 42 #include <net80211/ieee80211.h> 43 #include <net80211/ieee80211_radiotap.h> 44 45 #include <stdlib.h> 46 #include <stddef.h> 47 #include <setjmp.h> 48 #include <stdarg.h> 49 #include <string.h> 50 51 #include "pcap-int.h" 52 53 #include "ethertype.h" 54 #include "llc.h" 55 #include "gencode.h" 56 #include "ppp.h" 57 #include <pcap-namedb.h> 58 #ifdef INET6 59 #include <netdb.h> 60 #endif /*INET6*/ 61 62 #ifdef HAVE_OS_PROTO_H 63 #include "os-proto.h" 64 #endif 65 66 #define JMP(c) ((c)|BPF_JMP|BPF_K) 67 68 /* Locals */ 69 static jmp_buf top_ctx; 70 static pcap_t *bpf_pcap; 71 72 /* Hack for updating VLAN offsets. */ 73 static u_int orig_linktype = -1, orig_nl = -1, orig_nl_nosnap = -1; 74 static u_int mpls_stack = 0; 75 76 /* XXX */ 77 #ifdef PCAP_FDDIPAD 78 int pcap_fddipad = PCAP_FDDIPAD; 79 #else 80 int pcap_fddipad; 81 #endif 82 83 __dead void 84 bpf_error(const char *fmt, ...) 85 { 86 va_list ap; 87 88 va_start(ap, fmt); 89 if (bpf_pcap != NULL) 90 (void)vsnprintf(pcap_geterr(bpf_pcap), PCAP_ERRBUF_SIZE, 91 fmt, ap); 92 va_end(ap); 93 longjmp(top_ctx, 1); 94 /* NOTREACHED */ 95 } 96 97 static void init_linktype(int); 98 99 static int alloc_reg(void); 100 static void free_reg(int); 101 102 static struct block *root; 103 104 /* initialization code used for variable link header */ 105 static struct slist *init_code = NULL; 106 107 /* Flags and registers for variable link type handling */ 108 static int variable_nl; 109 static int nl_reg, iphl_reg; 110 111 /* 112 * We divy out chunks of memory rather than call malloc each time so 113 * we don't have to worry about leaking memory. It's probably 114 * not a big deal if all this memory was wasted but it this ever 115 * goes into a library that would probably not be a good idea. 116 */ 117 #define NCHUNKS 16 118 #define CHUNK0SIZE 1024 119 struct chunk { 120 u_int n_left; 121 void *m; 122 }; 123 124 static struct chunk chunks[NCHUNKS]; 125 static int cur_chunk; 126 127 static void *newchunk(u_int); 128 static void freechunks(void); 129 static __inline struct block *new_block(int); 130 static __inline struct slist *new_stmt(int); 131 static struct block *gen_retblk(int); 132 static __inline void syntax(void); 133 134 static void backpatch(struct block *, struct block *); 135 static void merge(struct block *, struct block *); 136 static struct block *gen_cmp(u_int, u_int, bpf_int32); 137 static struct block *gen_cmp_gt(u_int, u_int, bpf_int32); 138 static struct block *gen_cmp_nl(u_int, u_int, bpf_int32); 139 static struct block *gen_mcmp(u_int, u_int, bpf_int32, bpf_u_int32); 140 static struct block *gen_mcmp_nl(u_int, u_int, bpf_int32, bpf_u_int32); 141 static struct block *gen_bcmp(u_int, u_int, const u_char *); 142 static struct block *gen_uncond(int); 143 static __inline struct block *gen_true(void); 144 static __inline struct block *gen_false(void); 145 static struct block *gen_linktype(int); 146 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); 147 #ifdef INET6 148 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); 149 #endif 150 static struct block *gen_ehostop(const u_char *, int); 151 static struct block *gen_fhostop(const u_char *, int); 152 static struct block *gen_dnhostop(bpf_u_int32, int, u_int); 153 static struct block *gen_p80211_hostop(const u_char *, int); 154 static struct block *gen_p80211_addr(int, u_int, const u_char *); 155 static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int); 156 #ifdef INET6 157 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int); 158 #endif 159 #ifndef INET6 160 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); 161 #endif 162 static struct block *gen_ipfrag(void); 163 static struct block *gen_portatom(int, bpf_int32); 164 #ifdef INET6 165 static struct block *gen_portatom6(int, bpf_int32); 166 #endif 167 struct block *gen_portop(int, int, int); 168 static struct block *gen_port(int, int, int); 169 #ifdef INET6 170 struct block *gen_portop6(int, int, int); 171 static struct block *gen_port6(int, int, int); 172 #endif 173 static int lookup_proto(const char *, int); 174 static struct block *gen_protochain(int, int, int); 175 static struct block *gen_proto(int, int, int); 176 static struct slist *xfer_to_x(struct arth *); 177 static struct slist *xfer_to_a(struct arth *); 178 static struct block *gen_len(int, int); 179 180 static void * 181 newchunk(n) 182 u_int n; 183 { 184 struct chunk *cp; 185 int k, size; 186 187 /* XXX Round to structure boundary. */ 188 n = ALIGN(n); 189 190 cp = &chunks[cur_chunk]; 191 if (n > cp->n_left) { 192 ++cp, k = ++cur_chunk; 193 if (k >= NCHUNKS) 194 bpf_error("out of memory"); 195 size = CHUNK0SIZE << k; 196 cp->m = calloc(1, size); 197 if (cp->m == NULL) 198 bpf_error("out of memory"); 199 200 cp->n_left = size; 201 if (n > size) 202 bpf_error("out of memory"); 203 } 204 cp->n_left -= n; 205 return (void *)((char *)cp->m + cp->n_left); 206 } 207 208 static void 209 freechunks() 210 { 211 int i; 212 213 cur_chunk = 0; 214 for (i = 0; i < NCHUNKS; ++i) { 215 free(chunks[i].m); 216 chunks[i].m = NULL; 217 } 218 } 219 220 /* 221 * A strdup whose allocations are freed after code generation is over. 222 */ 223 char * 224 sdup(s) 225 const char *s; 226 { 227 int n = strlen(s) + 1; 228 char *cp = newchunk(n); 229 230 strlcpy(cp, s, n); 231 return (cp); 232 } 233 234 static __inline struct block * 235 new_block(code) 236 int code; 237 { 238 struct block *p; 239 240 p = (struct block *)newchunk(sizeof(*p)); 241 p->s.code = code; 242 p->head = p; 243 244 return p; 245 } 246 247 static __inline struct slist * 248 new_stmt(code) 249 int code; 250 { 251 struct slist *p; 252 253 p = (struct slist *)newchunk(sizeof(*p)); 254 p->s.code = code; 255 256 return p; 257 } 258 259 static struct block * 260 gen_retblk(v) 261 int v; 262 { 263 struct block *b = new_block(BPF_RET|BPF_K); 264 265 b->s.k = v; 266 return b; 267 } 268 269 static __inline void 270 syntax() 271 { 272 bpf_error("syntax error in filter expression"); 273 } 274 275 static bpf_u_int32 netmask; 276 static int snaplen; 277 int no_optimize; 278 279 int 280 pcap_compile(pcap_t *p, struct bpf_program *program, 281 const char *buf, int optimize, bpf_u_int32 mask) 282 { 283 extern int n_errors; 284 int len; 285 286 no_optimize = 0; 287 n_errors = 0; 288 root = NULL; 289 bpf_pcap = p; 290 if (setjmp(top_ctx)) { 291 freechunks(); 292 return (-1); 293 } 294 295 netmask = mask; 296 snaplen = pcap_snapshot(p); 297 298 lex_init(buf ? buf : ""); 299 init_linktype(pcap_datalink(p)); 300 (void)pcap_parse(); 301 302 if (n_errors) 303 syntax(); 304 305 if (root == NULL) 306 root = gen_retblk(snaplen); 307 308 if (optimize && !no_optimize) { 309 bpf_optimize(&root); 310 if (root == NULL || 311 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 312 bpf_error("expression rejects all packets"); 313 } 314 program->bf_insns = icode_to_fcode(root, &len); 315 program->bf_len = len; 316 317 freechunks(); 318 return (0); 319 } 320 321 /* 322 * entry point for using the compiler with no pcap open 323 * pass in all the stuff that is needed explicitly instead. 324 */ 325 int 326 pcap_compile_nopcap(int snaplen_arg, int linktype_arg, 327 struct bpf_program *program, 328 const char *buf, int optimize, bpf_u_int32 mask) 329 { 330 extern int n_errors; 331 int len; 332 333 n_errors = 0; 334 root = NULL; 335 bpf_pcap = NULL; 336 if (setjmp(top_ctx)) { 337 freechunks(); 338 return (-1); 339 } 340 341 netmask = mask; 342 343 /* XXX needed? I don't grok the use of globals here. */ 344 snaplen = snaplen_arg; 345 346 lex_init(buf ? buf : ""); 347 init_linktype(linktype_arg); 348 (void)pcap_parse(); 349 350 if (n_errors) 351 syntax(); 352 353 if (root == NULL) 354 root = gen_retblk(snaplen_arg); 355 356 if (optimize) { 357 bpf_optimize(&root); 358 if (root == NULL || 359 (root->s.code == (BPF_RET|BPF_K) && root->s.k == 0)) 360 bpf_error("expression rejects all packets"); 361 } 362 program->bf_insns = icode_to_fcode(root, &len); 363 program->bf_len = len; 364 365 freechunks(); 366 return (0); 367 } 368 369 /* 370 * Clean up a "struct bpf_program" by freeing all the memory allocated 371 * in it. 372 */ 373 void 374 pcap_freecode(struct bpf_program *program) 375 { 376 program->bf_len = 0; 377 if (program->bf_insns != NULL) { 378 free((char *)program->bf_insns); 379 program->bf_insns = NULL; 380 } 381 } 382 383 /* 384 * Backpatch the blocks in 'list' to 'target'. The 'sense' field indicates 385 * which of the jt and jf fields has been resolved and which is a pointer 386 * back to another unresolved block (or nil). At least one of the fields 387 * in each block is already resolved. 388 */ 389 static void 390 backpatch(list, target) 391 struct block *list, *target; 392 { 393 struct block *next; 394 395 while (list) { 396 if (!list->sense) { 397 next = JT(list); 398 JT(list) = target; 399 } else { 400 next = JF(list); 401 JF(list) = target; 402 } 403 list = next; 404 } 405 } 406 407 /* 408 * Merge the lists in b0 and b1, using the 'sense' field to indicate 409 * which of jt and jf is the link. 410 */ 411 static void 412 merge(b0, b1) 413 struct block *b0, *b1; 414 { 415 struct block **p = &b0; 416 417 /* Find end of list. */ 418 while (*p) 419 p = !((*p)->sense) ? &JT(*p) : &JF(*p); 420 421 /* Concatenate the lists. */ 422 *p = b1; 423 } 424 425 void 426 finish_parse(p) 427 struct block *p; 428 { 429 backpatch(p, gen_retblk(snaplen)); 430 p->sense = !p->sense; 431 backpatch(p, gen_retblk(0)); 432 root = p->head; 433 434 /* prepend initialization code to root */ 435 if (init_code != NULL && root != NULL) { 436 sappend(init_code, root->stmts); 437 root->stmts = init_code; 438 init_code = NULL; 439 } 440 441 if (iphl_reg != -1) { 442 free_reg(iphl_reg); 443 iphl_reg = -1; 444 } 445 if (nl_reg != -1) { 446 free_reg(nl_reg); 447 nl_reg = -1; 448 } 449 } 450 451 void 452 gen_and(b0, b1) 453 struct block *b0, *b1; 454 { 455 backpatch(b0, b1->head); 456 b0->sense = !b0->sense; 457 b1->sense = !b1->sense; 458 merge(b1, b0); 459 b1->sense = !b1->sense; 460 b1->head = b0->head; 461 } 462 463 void 464 gen_or(b0, b1) 465 struct block *b0, *b1; 466 { 467 b0->sense = !b0->sense; 468 backpatch(b0, b1->head); 469 b0->sense = !b0->sense; 470 merge(b1, b0); 471 b1->head = b0->head; 472 } 473 474 void 475 gen_not(b) 476 struct block *b; 477 { 478 b->sense = !b->sense; 479 } 480 481 static struct block * 482 gen_cmp(offset, size, v) 483 u_int offset, size; 484 bpf_int32 v; 485 { 486 struct slist *s; 487 struct block *b; 488 489 s = new_stmt(BPF_LD|BPF_ABS|size); 490 s->s.k = offset; 491 492 b = new_block(JMP(BPF_JEQ)); 493 b->stmts = s; 494 b->s.k = v; 495 496 return b; 497 } 498 499 static struct block * 500 gen_cmp_gt(offset, size, v) 501 u_int offset, size; 502 bpf_int32 v; 503 { 504 struct slist *s; 505 struct block *b; 506 507 s = new_stmt(BPF_LD|BPF_ABS|size); 508 s->s.k = offset; 509 510 b = new_block(JMP(BPF_JGT)); 511 b->stmts = s; 512 b->s.k = v; 513 514 return b; 515 } 516 517 static struct block * 518 gen_mcmp(offset, size, v, mask) 519 u_int offset, size; 520 bpf_int32 v; 521 bpf_u_int32 mask; 522 { 523 struct block *b = gen_cmp(offset, size, v); 524 struct slist *s; 525 526 if (mask != 0xffffffff) { 527 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 528 s->s.k = mask; 529 sappend(b->stmts, s); 530 } 531 return b; 532 } 533 534 /* Like gen_mcmp with 'dynamic off_nl' added to the offset */ 535 static struct block * 536 gen_mcmp_nl(offset, size, v, mask) 537 u_int offset, size; 538 bpf_int32 v; 539 bpf_u_int32 mask; 540 { 541 struct block *b = gen_cmp_nl(offset, size, v); 542 struct slist *s; 543 544 if (mask != 0xffffffff) { 545 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 546 s->s.k = mask; 547 sappend(b->stmts, s); 548 } 549 return b; 550 } 551 552 static struct block * 553 gen_bcmp(offset, size, v) 554 u_int offset, size; 555 const u_char *v; 556 { 557 struct block *b, *tmp; 558 559 b = NULL; 560 while (size >= 4) { 561 const u_char *p = &v[size - 4]; 562 bpf_int32 w = ((bpf_int32)p[0] << 24) | 563 ((bpf_int32)p[1] << 16) | ((bpf_int32)p[2] << 8) | p[3]; 564 565 tmp = gen_cmp(offset + size - 4, BPF_W, w); 566 if (b != NULL) 567 gen_and(b, tmp); 568 b = tmp; 569 size -= 4; 570 } 571 while (size >= 2) { 572 const u_char *p = &v[size - 2]; 573 bpf_int32 w = ((bpf_int32)p[0] << 8) | p[1]; 574 575 tmp = gen_cmp(offset + size - 2, BPF_H, w); 576 if (b != NULL) 577 gen_and(b, tmp); 578 b = tmp; 579 size -= 2; 580 } 581 if (size > 0) { 582 tmp = gen_cmp(offset, BPF_B, (bpf_int32)v[0]); 583 if (b != NULL) 584 gen_and(b, tmp); 585 b = tmp; 586 } 587 return b; 588 } 589 590 /* 591 * Various code constructs need to know the layout of the data link 592 * layer. These variables give the necessary offsets. off_linktype 593 * is set to -1 for no encapsulation, in which case, IP is assumed. 594 */ 595 static u_int off_linktype; 596 static u_int off_nl; 597 static u_int off_nl_nosnap; 598 599 static int linktype; 600 601 /* Generate code to load the dynamic 'off_nl' to the X register */ 602 static struct slist * 603 nl2X_stmt(void) 604 { 605 struct slist *s, *tmp; 606 607 if (nl_reg == -1) { 608 switch (linktype) { 609 case DLT_PFLOG: 610 /* The pflog header contains PFLOG_REAL_HDRLEN 611 which does NOT include the padding. Round 612 up to the nearest dword boundary */ 613 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 614 s->s.k = 0; 615 616 tmp = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 617 tmp->s.k = 3; 618 sappend(s, tmp); 619 620 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 621 tmp->s.k = 0xfc; 622 sappend(s, tmp); 623 624 nl_reg = alloc_reg(); 625 tmp = new_stmt(BPF_ST); 626 tmp->s.k = nl_reg; 627 sappend(s, tmp); 628 629 break; 630 default: 631 bpf_error("Unknown header size for link type 0x%x", 632 linktype); 633 } 634 635 if (init_code == NULL) 636 init_code = s; 637 else 638 sappend(init_code, s); 639 } 640 641 s = new_stmt(BPF_LDX|BPF_MEM); 642 s->s.k = nl_reg; 643 644 return s; 645 } 646 647 /* Like gen_cmp but adds the dynamic 'off_nl' to the offset */ 648 static struct block * 649 gen_cmp_nl(offset, size, v) 650 u_int offset, size; 651 bpf_int32 v; 652 { 653 struct slist *s, *tmp; 654 struct block *b; 655 656 if (variable_nl) { 657 s = nl2X_stmt(); 658 tmp = new_stmt(BPF_LD|BPF_IND|size); 659 tmp->s.k = offset; 660 sappend(s, tmp); 661 } else { 662 s = new_stmt(BPF_LD|BPF_ABS|size); 663 s->s.k = offset + off_nl; 664 } 665 b = new_block(JMP(BPF_JEQ)); 666 b->stmts = s; 667 b->s.k = v; 668 669 return b; 670 } 671 672 static void 673 init_linktype(type) 674 int type; 675 { 676 linktype = type; 677 init_code = NULL; 678 nl_reg = iphl_reg = -1; 679 680 switch (type) { 681 682 case DLT_EN10MB: 683 off_linktype = 12; 684 off_nl = 14; 685 return; 686 687 case DLT_SLIP: 688 /* 689 * SLIP doesn't have a link level type. The 16 byte 690 * header is hacked into our SLIP driver. 691 */ 692 off_linktype = -1; 693 off_nl = 16; 694 return; 695 696 case DLT_SLIP_BSDOS: 697 /* XXX this may be the same as the DLT_PPP_BSDOS case */ 698 off_linktype = -1; 699 /* XXX end */ 700 off_nl = 24; 701 return; 702 703 case DLT_NULL: 704 off_linktype = 0; 705 off_nl = 4; 706 return; 707 708 case DLT_PPP: 709 off_linktype = 2; 710 off_nl = 4; 711 return; 712 713 case DLT_PPP_SERIAL: 714 off_linktype = -1; 715 off_nl = 2; 716 return; 717 718 case DLT_PPP_ETHER: 719 /* 720 * This does not include the Ethernet header, and 721 * only covers session state. 722 */ 723 off_linktype = 6; 724 off_nl = 8; 725 return; 726 727 case DLT_PPP_BSDOS: 728 off_linktype = 5; 729 off_nl = 24; 730 return; 731 732 case DLT_FDDI: 733 /* 734 * FDDI doesn't really have a link-level type field. 735 * We assume that SSAP = SNAP is being used and pick 736 * out the encapsulated Ethernet type. 737 */ 738 off_linktype = 19; 739 #ifdef PCAP_FDDIPAD 740 off_linktype += pcap_fddipad; 741 #endif 742 off_nl = 21; 743 #ifdef PCAP_FDDIPAD 744 off_nl += pcap_fddipad; 745 #endif 746 return; 747 748 case DLT_IEEE802: 749 off_linktype = 20; 750 off_nl = 22; 751 return; 752 753 case DLT_IEEE802_11: 754 off_linktype = 30; /* XXX variable */ 755 off_nl = 32; 756 return; 757 758 case DLT_IEEE802_11_RADIO: /* XXX variable */ 759 off_linktype = 30 + IEEE80211_RADIOTAP_HDRLEN; 760 off_nl = 32 + IEEE80211_RADIOTAP_HDRLEN; 761 return; 762 763 case DLT_ATM_RFC1483: 764 /* 765 * assume routed, non-ISO PDUs 766 * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00) 767 */ 768 off_linktype = 6; 769 off_nl = 8; 770 return; 771 772 case DLT_LOOP: 773 off_linktype = -1; 774 off_nl = 4; 775 return; 776 777 case DLT_ENC: 778 off_linktype = -1; 779 off_nl = 12; 780 return; 781 782 case DLT_PFLOG: 783 off_linktype = 0; 784 variable_nl = 1; 785 off_nl = 0; 786 return; 787 788 case DLT_PFSYNC: 789 off_linktype = -1; 790 off_nl = 4; 791 return; 792 793 case DLT_OPENFLOW: 794 off_linktype = -1; 795 off_nl = 12; 796 return; 797 798 case DLT_USBPCAP: 799 /* FALLTHROUGH */ 800 case DLT_RAW: 801 off_linktype = -1; 802 off_nl = 0; 803 return; 804 } 805 bpf_error("unknown data link type 0x%x", linktype); 806 /* NOTREACHED */ 807 } 808 809 static struct block * 810 gen_uncond(rsense) 811 int rsense; 812 { 813 struct block *b; 814 struct slist *s; 815 816 s = new_stmt(BPF_LD|BPF_IMM); 817 s->s.k = !rsense; 818 b = new_block(JMP(BPF_JEQ)); 819 b->stmts = s; 820 821 return b; 822 } 823 824 static __inline struct block * 825 gen_true() 826 { 827 return gen_uncond(1); 828 } 829 830 static __inline struct block * 831 gen_false() 832 { 833 return gen_uncond(0); 834 } 835 836 static struct block * 837 gen_linktype(proto) 838 int proto; 839 { 840 struct block *b0, *b1; 841 842 /* If we're not using encapsulation and checking for IP, we're done */ 843 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IP) 844 return gen_true(); 845 #ifdef INET6 846 /* this isn't the right thing to do, but sometimes necessary */ 847 if ((off_linktype == -1 || mpls_stack > 0) && proto == ETHERTYPE_IPV6) 848 return gen_true(); 849 #endif 850 851 switch (linktype) { 852 853 case DLT_EN10MB: 854 if (proto <= ETHERMTU) { 855 /* This is an LLC SAP value */ 856 b0 = gen_cmp_gt(off_linktype, BPF_H, ETHERMTU); 857 gen_not(b0); 858 b1 = gen_cmp(off_linktype + 2, BPF_B, (bpf_int32)proto); 859 gen_and(b0, b1); 860 return b1; 861 } else { 862 /* This is an Ethernet type */ 863 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 864 } 865 break; 866 867 case DLT_SLIP: 868 return gen_false(); 869 870 case DLT_PPP: 871 case DLT_PPP_ETHER: 872 if (proto == ETHERTYPE_IP) 873 proto = PPP_IP; /* XXX was 0x21 */ 874 #ifdef INET6 875 else if (proto == ETHERTYPE_IPV6) 876 proto = PPP_IPV6; 877 #endif 878 break; 879 880 case DLT_PPP_BSDOS: 881 switch (proto) { 882 883 case ETHERTYPE_IP: 884 b0 = gen_cmp(off_linktype, BPF_H, PPP_IP); 885 b1 = gen_cmp(off_linktype, BPF_H, PPP_VJC); 886 gen_or(b0, b1); 887 b0 = gen_cmp(off_linktype, BPF_H, PPP_VJNC); 888 gen_or(b1, b0); 889 return b0; 890 891 #ifdef INET6 892 case ETHERTYPE_IPV6: 893 proto = PPP_IPV6; 894 /* more to go? */ 895 break; 896 #endif /* INET6 */ 897 898 case ETHERTYPE_DN: 899 proto = PPP_DECNET; 900 break; 901 902 case ETHERTYPE_ATALK: 903 proto = PPP_APPLE; 904 break; 905 906 case ETHERTYPE_NS: 907 proto = PPP_NS; 908 break; 909 } 910 break; 911 912 case DLT_LOOP: 913 case DLT_ENC: 914 case DLT_NULL: 915 /* XXX */ 916 if (proto == ETHERTYPE_IP) 917 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET))); 918 #ifdef INET6 919 else if (proto == ETHERTYPE_IPV6) 920 return (gen_cmp(0, BPF_W, (bpf_int32)htonl(AF_INET6))); 921 #endif /* INET6 */ 922 else 923 return gen_false(); 924 break; 925 case DLT_PFLOG: 926 if (proto == ETHERTYPE_IP) 927 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 928 (bpf_int32)AF_INET)); 929 #ifdef INET6 930 else if (proto == ETHERTYPE_IPV6) 931 return (gen_cmp(offsetof(struct pfloghdr, af), BPF_B, 932 (bpf_int32)AF_INET6)); 933 #endif /* INET6 */ 934 else 935 return gen_false(); 936 break; 937 938 } 939 return gen_cmp(off_linktype, BPF_H, (bpf_int32)proto); 940 } 941 942 static struct block * 943 gen_hostop(addr, mask, dir, proto, src_off, dst_off) 944 bpf_u_int32 addr; 945 bpf_u_int32 mask; 946 int dir, proto; 947 u_int src_off, dst_off; 948 { 949 struct block *b0, *b1; 950 u_int offset; 951 952 switch (dir) { 953 954 case Q_SRC: 955 offset = src_off; 956 break; 957 958 case Q_DST: 959 offset = dst_off; 960 break; 961 962 case Q_AND: 963 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 964 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 965 gen_and(b0, b1); 966 return b1; 967 968 case Q_OR: 969 case Q_DEFAULT: 970 b0 = gen_hostop(addr, mask, Q_SRC, proto, src_off, dst_off); 971 b1 = gen_hostop(addr, mask, Q_DST, proto, src_off, dst_off); 972 gen_or(b0, b1); 973 return b1; 974 975 default: 976 bpf_error("direction not supported on linktype 0x%x", 977 linktype); 978 } 979 b0 = gen_linktype(proto); 980 b1 = gen_mcmp_nl(offset, BPF_W, (bpf_int32)addr, mask); 981 gen_and(b0, b1); 982 return b1; 983 } 984 985 #ifdef INET6 986 static struct block * 987 gen_hostop6(addr, mask, dir, proto, src_off, dst_off) 988 struct in6_addr *addr; 989 struct in6_addr *mask; 990 int dir, proto; 991 u_int src_off, dst_off; 992 { 993 struct block *b0, *b1; 994 u_int offset; 995 u_int32_t *a, *m; 996 997 switch (dir) { 998 999 case Q_SRC: 1000 offset = src_off; 1001 break; 1002 1003 case Q_DST: 1004 offset = dst_off; 1005 break; 1006 1007 case Q_AND: 1008 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1009 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1010 gen_and(b0, b1); 1011 return b1; 1012 1013 case Q_OR: 1014 case Q_DEFAULT: 1015 b0 = gen_hostop6(addr, mask, Q_SRC, proto, src_off, dst_off); 1016 b1 = gen_hostop6(addr, mask, Q_DST, proto, src_off, dst_off); 1017 gen_or(b0, b1); 1018 return b1; 1019 1020 default: 1021 bpf_error("direction not supported on linktype 0x%x", 1022 linktype); 1023 } 1024 /* this order is important */ 1025 a = (u_int32_t *)addr; 1026 m = (u_int32_t *)mask; 1027 b1 = gen_mcmp_nl(offset + 12, BPF_W, ntohl(a[3]), ntohl(m[3])); 1028 b0 = gen_mcmp_nl(offset + 8, BPF_W, ntohl(a[2]), ntohl(m[2])); 1029 gen_and(b0, b1); 1030 b0 = gen_mcmp_nl(offset + 4, BPF_W, ntohl(a[1]), ntohl(m[1])); 1031 gen_and(b0, b1); 1032 b0 = gen_mcmp_nl(offset + 0, BPF_W, ntohl(a[0]), ntohl(m[0])); 1033 gen_and(b0, b1); 1034 b0 = gen_linktype(proto); 1035 gen_and(b0, b1); 1036 return b1; 1037 } 1038 #endif /*INET6*/ 1039 1040 static struct block * 1041 gen_ehostop(eaddr, dir) 1042 const u_char *eaddr; 1043 int dir; 1044 { 1045 struct block *b0, *b1; 1046 1047 switch (dir) { 1048 case Q_SRC: 1049 return gen_bcmp(6, 6, eaddr); 1050 1051 case Q_DST: 1052 return gen_bcmp(0, 6, eaddr); 1053 1054 case Q_AND: 1055 b0 = gen_ehostop(eaddr, Q_SRC); 1056 b1 = gen_ehostop(eaddr, Q_DST); 1057 gen_and(b0, b1); 1058 return b1; 1059 1060 case Q_DEFAULT: 1061 case Q_OR: 1062 b0 = gen_ehostop(eaddr, Q_SRC); 1063 b1 = gen_ehostop(eaddr, Q_DST); 1064 gen_or(b0, b1); 1065 return b1; 1066 default: 1067 bpf_error("direction not supported on linktype 0x%x", 1068 linktype); 1069 } 1070 /* NOTREACHED */ 1071 } 1072 1073 /* 1074 * Like gen_ehostop, but for DLT_FDDI 1075 */ 1076 static struct block * 1077 gen_fhostop(eaddr, dir) 1078 const u_char *eaddr; 1079 int dir; 1080 { 1081 struct block *b0, *b1; 1082 1083 switch (dir) { 1084 case Q_SRC: 1085 #ifdef PCAP_FDDIPAD 1086 return gen_bcmp(6 + 1 + pcap_fddipad, 6, eaddr); 1087 #else 1088 return gen_bcmp(6 + 1, 6, eaddr); 1089 #endif 1090 1091 case Q_DST: 1092 #ifdef PCAP_FDDIPAD 1093 return gen_bcmp(0 + 1 + pcap_fddipad, 6, eaddr); 1094 #else 1095 return gen_bcmp(0 + 1, 6, eaddr); 1096 #endif 1097 1098 case Q_AND: 1099 b0 = gen_fhostop(eaddr, Q_SRC); 1100 b1 = gen_fhostop(eaddr, Q_DST); 1101 gen_and(b0, b1); 1102 return b1; 1103 1104 case Q_DEFAULT: 1105 case Q_OR: 1106 b0 = gen_fhostop(eaddr, Q_SRC); 1107 b1 = gen_fhostop(eaddr, Q_DST); 1108 gen_or(b0, b1); 1109 return b1; 1110 default: 1111 bpf_error("direction not supported on linktype 0x%x", 1112 linktype); 1113 } 1114 /* NOTREACHED */ 1115 } 1116 1117 /* 1118 * This is quite tricky because there may be pad bytes in front of the 1119 * DECNET header, and then there are two possible data packet formats that 1120 * carry both src and dst addresses, plus 5 packet types in a format that 1121 * carries only the src node, plus 2 types that use a different format and 1122 * also carry just the src node. 1123 * 1124 * Yuck. 1125 * 1126 * Instead of doing those all right, we just look for data packets with 1127 * 0 or 1 bytes of padding. If you want to look at other packets, that 1128 * will require a lot more hacking. 1129 * 1130 * To add support for filtering on DECNET "areas" (network numbers) 1131 * one would want to add a "mask" argument to this routine. That would 1132 * make the filter even more inefficient, although one could be clever 1133 * and not generate masking instructions if the mask is 0xFFFF. 1134 */ 1135 static struct block * 1136 gen_dnhostop(addr, dir, base_off) 1137 bpf_u_int32 addr; 1138 int dir; 1139 u_int base_off; 1140 { 1141 struct block *b0, *b1, *b2, *tmp; 1142 u_int offset_lh; /* offset if long header is received */ 1143 u_int offset_sh; /* offset if short header is received */ 1144 1145 switch (dir) { 1146 1147 case Q_DST: 1148 offset_sh = 1; /* follows flags */ 1149 offset_lh = 7; /* flgs,darea,dsubarea,HIORD */ 1150 break; 1151 1152 case Q_SRC: 1153 offset_sh = 3; /* follows flags, dstnode */ 1154 offset_lh = 15; /* flgs,darea,dsubarea,did,sarea,ssub,HIORD */ 1155 break; 1156 1157 case Q_AND: 1158 /* Inefficient because we do our Calvinball dance twice */ 1159 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1160 b1 = gen_dnhostop(addr, Q_DST, base_off); 1161 gen_and(b0, b1); 1162 return b1; 1163 1164 case Q_OR: 1165 case Q_DEFAULT: 1166 /* Inefficient because we do our Calvinball dance twice */ 1167 b0 = gen_dnhostop(addr, Q_SRC, base_off); 1168 b1 = gen_dnhostop(addr, Q_DST, base_off); 1169 gen_or(b0, b1); 1170 return b1; 1171 1172 default: 1173 bpf_error("direction not supported on linktype 0x%x", 1174 linktype); 1175 } 1176 b0 = gen_linktype(ETHERTYPE_DN); 1177 /* Check for pad = 1, long header case */ 1178 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1179 (bpf_int32)ntohs(0x0681), (bpf_int32)ntohs(0x07FF)); 1180 b1 = gen_cmp_nl(base_off + 2 + 1 + offset_lh, 1181 BPF_H, (bpf_int32)ntohs(addr)); 1182 gen_and(tmp, b1); 1183 /* Check for pad = 0, long header case */ 1184 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x06, (bpf_int32)0x7); 1185 b2 = gen_cmp_nl(base_off + 2 + offset_lh, BPF_H, (bpf_int32)ntohs(addr)); 1186 gen_and(tmp, b2); 1187 gen_or(b2, b1); 1188 /* Check for pad = 1, short header case */ 1189 tmp = gen_mcmp_nl(base_off + 2, BPF_H, 1190 (bpf_int32)ntohs(0x0281), (bpf_int32)ntohs(0x07FF)); 1191 b2 = gen_cmp_nl(base_off + 2 + 1 + offset_sh, 1192 BPF_H, (bpf_int32)ntohs(addr)); 1193 gen_and(tmp, b2); 1194 gen_or(b2, b1); 1195 /* Check for pad = 0, short header case */ 1196 tmp = gen_mcmp_nl(base_off + 2, BPF_B, (bpf_int32)0x02, (bpf_int32)0x7); 1197 b2 = gen_cmp_nl(base_off + 2 + offset_sh, BPF_H, (bpf_int32)ntohs(addr)); 1198 gen_and(tmp, b2); 1199 gen_or(b2, b1); 1200 1201 /* Combine with test for linktype */ 1202 gen_and(b0, b1); 1203 return b1; 1204 } 1205 1206 static struct block * 1207 gen_host(addr, mask, proto, dir) 1208 bpf_u_int32 addr; 1209 bpf_u_int32 mask; 1210 int proto; 1211 int dir; 1212 { 1213 struct block *b0, *b1; 1214 1215 switch (proto) { 1216 1217 case Q_DEFAULT: 1218 b0 = gen_host(addr, mask, Q_IP, dir); 1219 b1 = gen_host(addr, mask, Q_ARP, dir); 1220 gen_or(b0, b1); 1221 b0 = gen_host(addr, mask, Q_RARP, dir); 1222 gen_or(b1, b0); 1223 return b0; 1224 1225 case Q_IP: 1226 return gen_hostop(addr, mask, dir, ETHERTYPE_IP, 1227 12, 16); 1228 1229 case Q_RARP: 1230 return gen_hostop(addr, mask, dir, ETHERTYPE_REVARP, 1231 14, 24); 1232 1233 case Q_ARP: 1234 return gen_hostop(addr, mask, dir, ETHERTYPE_ARP, 1235 14, 24); 1236 1237 case Q_TCP: 1238 bpf_error("'tcp' modifier applied to host"); 1239 1240 case Q_UDP: 1241 bpf_error("'udp' modifier applied to host"); 1242 1243 case Q_ICMP: 1244 bpf_error("'icmp' modifier applied to host"); 1245 1246 case Q_IGMP: 1247 bpf_error("'igmp' modifier applied to host"); 1248 1249 case Q_IGRP: 1250 bpf_error("'igrp' modifier applied to host"); 1251 1252 case Q_PIM: 1253 bpf_error("'pim' modifier applied to host"); 1254 1255 case Q_STP: 1256 bpf_error("'stp' modifier applied to host"); 1257 1258 case Q_ATALK: 1259 bpf_error("ATALK host filtering not implemented"); 1260 1261 case Q_DECNET: 1262 return gen_dnhostop(addr, dir, 0); 1263 1264 case Q_SCA: 1265 bpf_error("SCA host filtering not implemented"); 1266 1267 case Q_LAT: 1268 bpf_error("LAT host filtering not implemented"); 1269 1270 case Q_MOPDL: 1271 bpf_error("MOPDL host filtering not implemented"); 1272 1273 case Q_MOPRC: 1274 bpf_error("MOPRC host filtering not implemented"); 1275 1276 #ifdef INET6 1277 case Q_IPV6: 1278 bpf_error("'ip6' modifier applied to ip host"); 1279 1280 case Q_ICMPV6: 1281 bpf_error("'icmp6' modifier applied to host"); 1282 #endif /* INET6 */ 1283 1284 case Q_AH: 1285 bpf_error("'ah' modifier applied to host"); 1286 1287 case Q_ESP: 1288 bpf_error("'esp' modifier applied to host"); 1289 1290 default: 1291 bpf_error("direction not supported on linktype 0x%x", 1292 linktype); 1293 } 1294 /* NOTREACHED */ 1295 } 1296 1297 #ifdef INET6 1298 static struct block * 1299 gen_host6(addr, mask, proto, dir) 1300 struct in6_addr *addr; 1301 struct in6_addr *mask; 1302 int proto; 1303 int dir; 1304 { 1305 switch (proto) { 1306 1307 case Q_DEFAULT: 1308 return gen_host6(addr, mask, Q_IPV6, dir); 1309 1310 case Q_IP: 1311 bpf_error("'ip' modifier applied to ip6 host"); 1312 1313 case Q_RARP: 1314 bpf_error("'rarp' modifier applied to ip6 host"); 1315 1316 case Q_ARP: 1317 bpf_error("'arp' modifier applied to ip6 host"); 1318 1319 case Q_TCP: 1320 bpf_error("'tcp' modifier applied to host"); 1321 1322 case Q_UDP: 1323 bpf_error("'udp' modifier applied to host"); 1324 1325 case Q_ICMP: 1326 bpf_error("'icmp' modifier applied to host"); 1327 1328 case Q_IGMP: 1329 bpf_error("'igmp' modifier applied to host"); 1330 1331 case Q_IGRP: 1332 bpf_error("'igrp' modifier applied to host"); 1333 1334 case Q_PIM: 1335 bpf_error("'pim' modifier applied to host"); 1336 1337 case Q_STP: 1338 bpf_error("'stp' modifier applied to host"); 1339 1340 case Q_ATALK: 1341 bpf_error("ATALK host filtering not implemented"); 1342 1343 case Q_DECNET: 1344 bpf_error("'decnet' modifier applied to ip6 host"); 1345 1346 case Q_SCA: 1347 bpf_error("SCA host filtering not implemented"); 1348 1349 case Q_LAT: 1350 bpf_error("LAT host filtering not implemented"); 1351 1352 case Q_MOPDL: 1353 bpf_error("MOPDL host filtering not implemented"); 1354 1355 case Q_MOPRC: 1356 bpf_error("MOPRC host filtering not implemented"); 1357 1358 case Q_IPV6: 1359 return gen_hostop6(addr, mask, dir, ETHERTYPE_IPV6, 1360 8, 24); 1361 1362 case Q_ICMPV6: 1363 bpf_error("'icmp6' modifier applied to host"); 1364 1365 case Q_AH: 1366 bpf_error("'ah' modifier applied to host"); 1367 1368 case Q_ESP: 1369 bpf_error("'esp' modifier applied to host"); 1370 1371 default: 1372 abort(); 1373 } 1374 /* NOTREACHED */ 1375 } 1376 #endif /*INET6*/ 1377 1378 #ifndef INET6 1379 static struct block * 1380 gen_gateway(eaddr, alist, proto, dir) 1381 const u_char *eaddr; 1382 bpf_u_int32 **alist; 1383 int proto; 1384 int dir; 1385 { 1386 struct block *b0, *b1, *tmp; 1387 1388 if (dir != 0) 1389 bpf_error("direction applied to 'gateway'"); 1390 1391 switch (proto) { 1392 case Q_DEFAULT: 1393 case Q_IP: 1394 case Q_ARP: 1395 case Q_RARP: 1396 if (linktype == DLT_EN10MB) 1397 b0 = gen_ehostop(eaddr, Q_OR); 1398 else if (linktype == DLT_FDDI) 1399 b0 = gen_fhostop(eaddr, Q_OR); 1400 else 1401 bpf_error( 1402 "'gateway' supported only on ethernet or FDDI"); 1403 1404 b1 = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1405 while (*alist) { 1406 tmp = gen_host(**alist++, 0xffffffff, proto, Q_OR); 1407 gen_or(b1, tmp); 1408 b1 = tmp; 1409 } 1410 gen_not(b1); 1411 gen_and(b0, b1); 1412 return b1; 1413 } 1414 bpf_error("illegal modifier of 'gateway'"); 1415 /* NOTREACHED */ 1416 } 1417 #endif /*INET6*/ 1418 1419 struct block * 1420 gen_proto_abbrev(proto) 1421 int proto; 1422 { 1423 struct block *b0 = NULL, *b1; 1424 1425 switch (proto) { 1426 1427 case Q_TCP: 1428 b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); 1429 #ifdef INET6 1430 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); 1431 gen_or(b0, b1); 1432 #endif 1433 break; 1434 1435 case Q_UDP: 1436 b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); 1437 #ifdef INET6 1438 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); 1439 gen_or(b0, b1); 1440 #endif 1441 break; 1442 1443 case Q_ICMP: 1444 b1 = gen_proto(IPPROTO_ICMP, Q_IP, Q_DEFAULT); 1445 break; 1446 1447 #ifndef IPPROTO_IGMP 1448 #define IPPROTO_IGMP 2 1449 #endif 1450 1451 case Q_IGMP: 1452 b1 = gen_proto(IPPROTO_IGMP, Q_IP, Q_DEFAULT); 1453 break; 1454 1455 #ifndef IPPROTO_IGRP 1456 #define IPPROTO_IGRP 9 1457 #endif 1458 case Q_IGRP: 1459 b1 = gen_proto(IPPROTO_IGRP, Q_IP, Q_DEFAULT); 1460 break; 1461 1462 #ifndef IPPROTO_PIM 1463 #define IPPROTO_PIM 103 1464 #endif 1465 1466 case Q_PIM: 1467 b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); 1468 #ifdef INET6 1469 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); 1470 gen_or(b0, b1); 1471 #endif 1472 break; 1473 1474 case Q_IP: 1475 b1 = gen_linktype(ETHERTYPE_IP); 1476 break; 1477 1478 case Q_ARP: 1479 b1 = gen_linktype(ETHERTYPE_ARP); 1480 break; 1481 1482 case Q_RARP: 1483 b1 = gen_linktype(ETHERTYPE_REVARP); 1484 break; 1485 1486 case Q_LINK: 1487 bpf_error("link layer applied in wrong context"); 1488 1489 case Q_ATALK: 1490 b1 = gen_linktype(ETHERTYPE_ATALK); 1491 break; 1492 1493 case Q_DECNET: 1494 b1 = gen_linktype(ETHERTYPE_DN); 1495 break; 1496 1497 case Q_SCA: 1498 b1 = gen_linktype(ETHERTYPE_SCA); 1499 break; 1500 1501 case Q_LAT: 1502 b1 = gen_linktype(ETHERTYPE_LAT); 1503 break; 1504 1505 case Q_MOPDL: 1506 b1 = gen_linktype(ETHERTYPE_MOPDL); 1507 break; 1508 1509 case Q_MOPRC: 1510 b1 = gen_linktype(ETHERTYPE_MOPRC); 1511 break; 1512 1513 case Q_STP: 1514 b1 = gen_linktype(LLCSAP_8021D); 1515 break; 1516 1517 #ifdef INET6 1518 case Q_IPV6: 1519 b1 = gen_linktype(ETHERTYPE_IPV6); 1520 break; 1521 1522 #ifndef IPPROTO_ICMPV6 1523 #define IPPROTO_ICMPV6 58 1524 #endif 1525 case Q_ICMPV6: 1526 b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); 1527 break; 1528 #endif /* INET6 */ 1529 1530 #ifndef IPPROTO_AH 1531 #define IPPROTO_AH 51 1532 #endif 1533 case Q_AH: 1534 b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); 1535 #ifdef INET6 1536 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); 1537 gen_or(b0, b1); 1538 #endif 1539 break; 1540 1541 #ifndef IPPROTO_ESP 1542 #define IPPROTO_ESP 50 1543 #endif 1544 case Q_ESP: 1545 b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); 1546 #ifdef INET6 1547 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); 1548 gen_or(b0, b1); 1549 #endif 1550 break; 1551 1552 default: 1553 abort(); 1554 } 1555 return b1; 1556 } 1557 1558 static struct block * 1559 gen_ipfrag() 1560 { 1561 struct slist *s, *tmp; 1562 struct block *b; 1563 1564 /* not ip frag */ 1565 if (variable_nl) { 1566 s = nl2X_stmt(); 1567 tmp = new_stmt(BPF_LD|BPF_H|BPF_IND); 1568 tmp->s.k = 6; 1569 sappend(s, tmp); 1570 } else { 1571 s = new_stmt(BPF_LD|BPF_H|BPF_ABS); 1572 s->s.k = off_nl + 6; 1573 } 1574 b = new_block(JMP(BPF_JSET)); 1575 b->s.k = 0x1fff; 1576 b->stmts = s; 1577 gen_not(b); 1578 1579 return b; 1580 } 1581 1582 /* For dynamic off_nl, the BPF_LDX|BPF_MSH instruction does not work 1583 This function generates code to set X to the start of the IP payload 1584 X = off_nl + IP header_len. 1585 */ 1586 static struct slist * 1587 iphl_to_x(void) 1588 { 1589 struct slist *s, *tmp; 1590 1591 /* XXX clobbers A if variable_nl*/ 1592 if (variable_nl) { 1593 if (iphl_reg == -1) { 1594 /* X <- off_nl */ 1595 s = nl2X_stmt(); 1596 1597 /* A = p[X+0] */ 1598 tmp = new_stmt(BPF_LD|BPF_B|BPF_IND); 1599 tmp->s.k = 0; 1600 sappend(s, tmp); 1601 1602 /* A = A & 0x0f */ 1603 tmp = new_stmt(BPF_ALU|BPF_AND|BPF_K); 1604 tmp->s.k = 0x0f; 1605 sappend(s, tmp); 1606 1607 /* A = A << 2 */ 1608 tmp = new_stmt(BPF_ALU|BPF_LSH|BPF_K); 1609 tmp->s.k = 2; 1610 sappend(s, tmp); 1611 1612 /* A = A + X (add off_nl again to compansate) */ 1613 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 1614 1615 /* MEM[iphl_reg] = A */ 1616 iphl_reg = alloc_reg(); 1617 tmp = new_stmt(BPF_ST); 1618 tmp->s.k = iphl_reg; 1619 sappend(s, tmp); 1620 1621 sappend(init_code, s); 1622 } 1623 s = new_stmt(BPF_LDX|BPF_MEM); 1624 s->s.k = iphl_reg; 1625 1626 } else { 1627 s = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1628 s->s.k = off_nl; 1629 } 1630 1631 return s; 1632 } 1633 1634 static struct block * 1635 gen_portatom(off, v) 1636 int off; 1637 bpf_int32 v; 1638 { 1639 struct slist *s, *tmp; 1640 struct block *b; 1641 1642 s = iphl_to_x(); 1643 1644 tmp = new_stmt(BPF_LD|BPF_IND|BPF_H); 1645 tmp->s.k = off_nl + off; /* off_nl == 0 if variable_nl */ 1646 sappend(s, tmp); 1647 1648 b = new_block(JMP(BPF_JEQ)); 1649 b->stmts = s; 1650 b->s.k = v; 1651 1652 return b; 1653 } 1654 1655 #ifdef INET6 1656 static struct block * 1657 gen_portatom6(off, v) 1658 int off; 1659 bpf_int32 v; 1660 { 1661 return gen_cmp_nl(40 + off, BPF_H, v); 1662 } 1663 #endif/*INET6*/ 1664 1665 struct block * 1666 gen_portop(port, proto, dir) 1667 int port, proto, dir; 1668 { 1669 struct block *b0, *b1, *tmp; 1670 1671 /* ip proto 'proto' */ 1672 tmp = gen_cmp_nl(9, BPF_B, (bpf_int32)proto); 1673 b0 = gen_ipfrag(); 1674 gen_and(tmp, b0); 1675 1676 switch (dir) { 1677 case Q_SRC: 1678 b1 = gen_portatom(0, (bpf_int32)port); 1679 break; 1680 1681 case Q_DST: 1682 b1 = gen_portatom(2, (bpf_int32)port); 1683 break; 1684 1685 case Q_OR: 1686 case Q_DEFAULT: 1687 tmp = gen_portatom(0, (bpf_int32)port); 1688 b1 = gen_portatom(2, (bpf_int32)port); 1689 gen_or(tmp, b1); 1690 break; 1691 1692 case Q_AND: 1693 tmp = gen_portatom(0, (bpf_int32)port); 1694 b1 = gen_portatom(2, (bpf_int32)port); 1695 gen_and(tmp, b1); 1696 break; 1697 1698 default: 1699 abort(); 1700 } 1701 gen_and(b0, b1); 1702 1703 return b1; 1704 } 1705 1706 static struct block * 1707 gen_port(port, ip_proto, dir) 1708 int port; 1709 int ip_proto; 1710 int dir; 1711 { 1712 struct block *b0, *b1, *tmp; 1713 1714 /* ether proto ip */ 1715 b0 = gen_linktype(ETHERTYPE_IP); 1716 1717 switch (ip_proto) { 1718 case IPPROTO_UDP: 1719 case IPPROTO_TCP: 1720 b1 = gen_portop(port, ip_proto, dir); 1721 break; 1722 1723 case PROTO_UNDEF: 1724 tmp = gen_portop(port, IPPROTO_TCP, dir); 1725 b1 = gen_portop(port, IPPROTO_UDP, dir); 1726 gen_or(tmp, b1); 1727 break; 1728 1729 default: 1730 abort(); 1731 } 1732 gen_and(b0, b1); 1733 return b1; 1734 } 1735 1736 #ifdef INET6 1737 struct block * 1738 gen_portop6(port, proto, dir) 1739 int port, proto, dir; 1740 { 1741 struct block *b0, *b1, *tmp; 1742 1743 /* ip proto 'proto' */ 1744 b0 = gen_cmp_nl(6, BPF_B, (bpf_int32)proto); 1745 1746 switch (dir) { 1747 case Q_SRC: 1748 b1 = gen_portatom6(0, (bpf_int32)port); 1749 break; 1750 1751 case Q_DST: 1752 b1 = gen_portatom6(2, (bpf_int32)port); 1753 break; 1754 1755 case Q_OR: 1756 case Q_DEFAULT: 1757 tmp = gen_portatom6(0, (bpf_int32)port); 1758 b1 = gen_portatom6(2, (bpf_int32)port); 1759 gen_or(tmp, b1); 1760 break; 1761 1762 case Q_AND: 1763 tmp = gen_portatom6(0, (bpf_int32)port); 1764 b1 = gen_portatom6(2, (bpf_int32)port); 1765 gen_and(tmp, b1); 1766 break; 1767 1768 default: 1769 abort(); 1770 } 1771 gen_and(b0, b1); 1772 1773 return b1; 1774 } 1775 1776 static struct block * 1777 gen_port6(port, ip_proto, dir) 1778 int port; 1779 int ip_proto; 1780 int dir; 1781 { 1782 struct block *b0, *b1, *tmp; 1783 1784 /* ether proto ip */ 1785 b0 = gen_linktype(ETHERTYPE_IPV6); 1786 1787 switch (ip_proto) { 1788 case IPPROTO_UDP: 1789 case IPPROTO_TCP: 1790 b1 = gen_portop6(port, ip_proto, dir); 1791 break; 1792 1793 case PROTO_UNDEF: 1794 tmp = gen_portop6(port, IPPROTO_TCP, dir); 1795 b1 = gen_portop6(port, IPPROTO_UDP, dir); 1796 gen_or(tmp, b1); 1797 break; 1798 1799 default: 1800 abort(); 1801 } 1802 gen_and(b0, b1); 1803 return b1; 1804 } 1805 #endif /* INET6 */ 1806 1807 static int 1808 lookup_proto(name, proto) 1809 const char *name; 1810 int proto; 1811 { 1812 int v; 1813 1814 switch (proto) { 1815 1816 case Q_DEFAULT: 1817 case Q_IP: 1818 v = pcap_nametoproto(name); 1819 if (v == PROTO_UNDEF) 1820 bpf_error("unknown ip proto '%s'", name); 1821 break; 1822 1823 case Q_LINK: 1824 /* XXX should look up h/w protocol type based on linktype */ 1825 v = pcap_nametoeproto(name); 1826 if (v == PROTO_UNDEF) { 1827 v = pcap_nametollc(name); 1828 if (v == PROTO_UNDEF) 1829 bpf_error("unknown ether proto '%s'", name); 1830 } 1831 break; 1832 1833 default: 1834 v = PROTO_UNDEF; 1835 break; 1836 } 1837 return v; 1838 } 1839 1840 static struct block * 1841 gen_protochain(v, proto, dir) 1842 int v; 1843 int proto; 1844 int dir; 1845 { 1846 struct block *b0, *b; 1847 struct slist *s[100]; 1848 int fix2, fix3, fix4, fix5; 1849 int ahcheck, again, end; 1850 int i, max; 1851 int reg1 = alloc_reg(); 1852 int reg2 = alloc_reg(); 1853 1854 memset(s, 0, sizeof(s)); 1855 fix2 = fix3 = fix4 = fix5 = 0; 1856 1857 if (variable_nl) { 1858 bpf_error("'gen_protochain' not supported for variable DLTs"); 1859 /*NOTREACHED*/ 1860 } 1861 1862 switch (proto) { 1863 case Q_IP: 1864 case Q_IPV6: 1865 break; 1866 case Q_DEFAULT: 1867 b0 = gen_protochain(v, Q_IP, dir); 1868 b = gen_protochain(v, Q_IPV6, dir); 1869 gen_or(b0, b); 1870 return b; 1871 default: 1872 bpf_error("bad protocol applied for 'protochain'"); 1873 /*NOTREACHED*/ 1874 } 1875 1876 no_optimize = 1; /*this code is not compatible with optimzer yet */ 1877 1878 /* 1879 * s[0] is a dummy entry to protect other BPF insn from damaged 1880 * by s[fix] = foo with uninitialized variable "fix". It is somewhat 1881 * hard to find interdependency made by jump table fixup. 1882 */ 1883 i = 0; 1884 s[i] = new_stmt(0); /*dummy*/ 1885 i++; 1886 1887 switch (proto) { 1888 case Q_IP: 1889 b0 = gen_linktype(ETHERTYPE_IP); 1890 1891 /* A = ip->ip_p */ 1892 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1893 s[i]->s.k = off_nl + 9; 1894 i++; 1895 /* X = ip->ip_hl << 2 */ 1896 s[i] = new_stmt(BPF_LDX|BPF_MSH|BPF_B); 1897 s[i]->s.k = off_nl; 1898 i++; 1899 break; 1900 case Q_IPV6: 1901 b0 = gen_linktype(ETHERTYPE_IPV6); 1902 1903 /* A = ip6->ip_nxt */ 1904 s[i] = new_stmt(BPF_LD|BPF_ABS|BPF_B); 1905 s[i]->s.k = off_nl + 6; 1906 i++; 1907 /* X = sizeof(struct ip6_hdr) */ 1908 s[i] = new_stmt(BPF_LDX|BPF_IMM); 1909 s[i]->s.k = 40; 1910 i++; 1911 break; 1912 default: 1913 bpf_error("unsupported proto to gen_protochain"); 1914 /*NOTREACHED*/ 1915 } 1916 1917 /* again: if (A == v) goto end; else fall through; */ 1918 again = i; 1919 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1920 s[i]->s.k = v; 1921 s[i]->s.jt = NULL; /*later*/ 1922 s[i]->s.jf = NULL; /*update in next stmt*/ 1923 fix5 = i; 1924 i++; 1925 1926 /* if (A == IPPROTO_NONE) goto end */ 1927 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1928 s[i]->s.jt = NULL; /*later*/ 1929 s[i]->s.jf = NULL; /*update in next stmt*/ 1930 s[i]->s.k = IPPROTO_NONE; 1931 s[fix5]->s.jf = s[i]; 1932 fix2 = i; 1933 i++; 1934 1935 if (proto == Q_IPV6) { 1936 int v6start, v6end, v6advance, j; 1937 1938 v6start = i; 1939 /* if (A == IPPROTO_HOPOPTS) goto v6advance */ 1940 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1941 s[i]->s.jt = NULL; /*later*/ 1942 s[i]->s.jf = NULL; /*update in next stmt*/ 1943 s[i]->s.k = IPPROTO_HOPOPTS; 1944 s[fix2]->s.jf = s[i]; 1945 i++; 1946 /* if (A == IPPROTO_DSTOPTS) goto v6advance */ 1947 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1948 s[i]->s.jt = NULL; /*later*/ 1949 s[i]->s.jf = NULL; /*update in next stmt*/ 1950 s[i]->s.k = IPPROTO_DSTOPTS; 1951 i++; 1952 /* if (A == IPPROTO_ROUTING) goto v6advance */ 1953 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1954 s[i]->s.jt = NULL; /*later*/ 1955 s[i]->s.jf = NULL; /*update in next stmt*/ 1956 s[i]->s.k = IPPROTO_ROUTING; 1957 i++; 1958 /* if (A == IPPROTO_FRAGMENT) goto v6advance; else goto ahcheck; */ 1959 s[i - 1]->s.jf = s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 1960 s[i]->s.jt = NULL; /*later*/ 1961 s[i]->s.jf = NULL; /*later*/ 1962 s[i]->s.k = IPPROTO_FRAGMENT; 1963 fix3 = i; 1964 v6end = i; 1965 i++; 1966 1967 /* v6advance: */ 1968 v6advance = i; 1969 1970 /* 1971 * in short, 1972 * A = P[X + 1]; 1973 * X = X + (P[X] + 1) * 8; 1974 */ 1975 /* A = X */ 1976 s[i] = new_stmt(BPF_MISC|BPF_TXA); 1977 i++; 1978 /* MEM[reg1] = A */ 1979 s[i] = new_stmt(BPF_ST); 1980 s[i]->s.k = reg1; 1981 i++; 1982 /* A += 1 */ 1983 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 1984 s[i]->s.k = 1; 1985 i++; 1986 /* X = A */ 1987 s[i] = new_stmt(BPF_MISC|BPF_TAX); 1988 i++; 1989 /* A = P[X + packet head]; */ 1990 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 1991 s[i]->s.k = off_nl; 1992 i++; 1993 /* MEM[reg2] = A */ 1994 s[i] = new_stmt(BPF_ST); 1995 s[i]->s.k = reg2; 1996 i++; 1997 /* X = MEM[reg1] */ 1998 s[i] = new_stmt(BPF_LDX|BPF_MEM); 1999 s[i]->s.k = reg1; 2000 i++; 2001 /* A = P[X + packet head] */ 2002 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2003 s[i]->s.k = off_nl; 2004 i++; 2005 /* A += 1 */ 2006 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2007 s[i]->s.k = 1; 2008 i++; 2009 /* A *= 8 */ 2010 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2011 s[i]->s.k = 8; 2012 i++; 2013 /* X = A; */ 2014 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2015 i++; 2016 /* A = MEM[reg2] */ 2017 s[i] = new_stmt(BPF_LD|BPF_MEM); 2018 s[i]->s.k = reg2; 2019 i++; 2020 2021 /* goto again; (must use BPF_JA for backward jump) */ 2022 s[i] = new_stmt(BPF_JMP|BPF_JA); 2023 s[i]->s.k = again - i - 1; 2024 s[i - 1]->s.jf = s[i]; 2025 i++; 2026 2027 /* fixup */ 2028 for (j = v6start; j <= v6end; j++) 2029 s[j]->s.jt = s[v6advance]; 2030 } else { 2031 /* nop */ 2032 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2033 s[i]->s.k = 0; 2034 s[fix2]->s.jf = s[i]; 2035 i++; 2036 } 2037 2038 /* ahcheck: */ 2039 ahcheck = i; 2040 /* if (A == IPPROTO_AH) then fall through; else goto end; */ 2041 s[i] = new_stmt(BPF_JMP|BPF_JEQ|BPF_K); 2042 s[i]->s.jt = NULL; /*later*/ 2043 s[i]->s.jf = NULL; /*later*/ 2044 s[i]->s.k = IPPROTO_AH; 2045 if (fix3) 2046 s[fix3]->s.jf = s[ahcheck]; 2047 fix4 = i; 2048 i++; 2049 2050 /* 2051 * in short, 2052 * A = P[X + 1]; 2053 * X = X + (P[X] + 2) * 4; 2054 */ 2055 /* A = X */ 2056 s[i - 1]->s.jt = s[i] = new_stmt(BPF_MISC|BPF_TXA); 2057 i++; 2058 /* MEM[reg1] = A */ 2059 s[i] = new_stmt(BPF_ST); 2060 s[i]->s.k = reg1; 2061 i++; 2062 /* A += 1 */ 2063 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2064 s[i]->s.k = 1; 2065 i++; 2066 /* X = A */ 2067 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2068 i++; 2069 /* A = P[X + packet head]; */ 2070 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2071 s[i]->s.k = off_nl; 2072 i++; 2073 /* MEM[reg2] = A */ 2074 s[i] = new_stmt(BPF_ST); 2075 s[i]->s.k = reg2; 2076 i++; 2077 /* X = MEM[reg1] */ 2078 s[i] = new_stmt(BPF_LDX|BPF_MEM); 2079 s[i]->s.k = reg1; 2080 i++; 2081 /* A = P[X + packet head] */ 2082 s[i] = new_stmt(BPF_LD|BPF_IND|BPF_B); 2083 s[i]->s.k = off_nl; 2084 i++; 2085 /* A += 2 */ 2086 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2087 s[i]->s.k = 2; 2088 i++; 2089 /* A *= 4 */ 2090 s[i] = new_stmt(BPF_ALU|BPF_MUL|BPF_K); 2091 s[i]->s.k = 4; 2092 i++; 2093 /* X = A; */ 2094 s[i] = new_stmt(BPF_MISC|BPF_TAX); 2095 i++; 2096 /* A = MEM[reg2] */ 2097 s[i] = new_stmt(BPF_LD|BPF_MEM); 2098 s[i]->s.k = reg2; 2099 i++; 2100 2101 /* goto again; (must use BPF_JA for backward jump) */ 2102 s[i] = new_stmt(BPF_JMP|BPF_JA); 2103 s[i]->s.k = again - i - 1; 2104 i++; 2105 2106 /* end: nop */ 2107 end = i; 2108 s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); 2109 s[i]->s.k = 0; 2110 s[fix2]->s.jt = s[end]; 2111 s[fix4]->s.jf = s[end]; 2112 s[fix5]->s.jt = s[end]; 2113 i++; 2114 2115 /* 2116 * make slist chain 2117 */ 2118 max = i; 2119 for (i = 0; i < max - 1; i++) 2120 s[i]->next = s[i + 1]; 2121 s[max - 1]->next = NULL; 2122 2123 /* 2124 * emit final check 2125 */ 2126 b = new_block(JMP(BPF_JEQ)); 2127 b->stmts = s[1]; /*remember, s[0] is dummy*/ 2128 b->s.k = v; 2129 2130 free_reg(reg1); 2131 free_reg(reg2); 2132 2133 gen_and(b0, b); 2134 return b; 2135 } 2136 2137 static struct block * 2138 gen_proto(v, proto, dir) 2139 int v; 2140 int proto; 2141 int dir; 2142 { 2143 struct block *b0, *b1; 2144 2145 if (dir != Q_DEFAULT) 2146 bpf_error("direction applied to 'proto'"); 2147 2148 switch (proto) { 2149 case Q_DEFAULT: 2150 #ifdef INET6 2151 b0 = gen_proto(v, Q_IP, dir); 2152 b1 = gen_proto(v, Q_IPV6, dir); 2153 gen_or(b0, b1); 2154 return b1; 2155 #else 2156 /*FALLTHROUGH*/ 2157 #endif 2158 case Q_IP: 2159 b0 = gen_linktype(ETHERTYPE_IP); 2160 #ifndef CHASE_CHAIN 2161 b1 = gen_cmp_nl(9, BPF_B, (bpf_int32)v); 2162 #else 2163 b1 = gen_protochain(v, Q_IP); 2164 #endif 2165 gen_and(b0, b1); 2166 return b1; 2167 2168 case Q_ARP: 2169 bpf_error("arp does not encapsulate another protocol"); 2170 /* NOTREACHED */ 2171 2172 case Q_RARP: 2173 bpf_error("rarp does not encapsulate another protocol"); 2174 /* NOTREACHED */ 2175 2176 case Q_ATALK: 2177 bpf_error("atalk encapsulation is not specifiable"); 2178 /* NOTREACHED */ 2179 2180 case Q_DECNET: 2181 bpf_error("decnet encapsulation is not specifiable"); 2182 /* NOTREACHED */ 2183 2184 case Q_SCA: 2185 bpf_error("sca does not encapsulate another protocol"); 2186 /* NOTREACHED */ 2187 2188 case Q_LAT: 2189 bpf_error("lat does not encapsulate another protocol"); 2190 /* NOTREACHED */ 2191 2192 case Q_MOPRC: 2193 bpf_error("moprc does not encapsulate another protocol"); 2194 /* NOTREACHED */ 2195 2196 case Q_MOPDL: 2197 bpf_error("mopdl does not encapsulate another protocol"); 2198 /* NOTREACHED */ 2199 2200 case Q_LINK: 2201 return gen_linktype(v); 2202 2203 case Q_UDP: 2204 bpf_error("'udp proto' is bogus"); 2205 /* NOTREACHED */ 2206 2207 case Q_TCP: 2208 bpf_error("'tcp proto' is bogus"); 2209 /* NOTREACHED */ 2210 2211 case Q_ICMP: 2212 bpf_error("'icmp proto' is bogus"); 2213 /* NOTREACHED */ 2214 2215 case Q_IGMP: 2216 bpf_error("'igmp proto' is bogus"); 2217 /* NOTREACHED */ 2218 2219 case Q_IGRP: 2220 bpf_error("'igrp proto' is bogus"); 2221 /* NOTREACHED */ 2222 2223 case Q_PIM: 2224 bpf_error("'pim proto' is bogus"); 2225 /* NOTREACHED */ 2226 2227 case Q_STP: 2228 bpf_error("'stp proto' is bogus"); 2229 /* NOTREACHED */ 2230 2231 #ifdef INET6 2232 case Q_IPV6: 2233 b0 = gen_linktype(ETHERTYPE_IPV6); 2234 #ifndef CHASE_CHAIN 2235 b1 = gen_cmp_nl(6, BPF_B, (bpf_int32)v); 2236 #else 2237 b1 = gen_protochain(v, Q_IPV6); 2238 #endif 2239 gen_and(b0, b1); 2240 return b1; 2241 2242 case Q_ICMPV6: 2243 bpf_error("'icmp6 proto' is bogus"); 2244 #endif /* INET6 */ 2245 2246 case Q_AH: 2247 bpf_error("'ah proto' is bogus"); 2248 2249 case Q_ESP: 2250 bpf_error("'esp proto' is bogus"); 2251 2252 default: 2253 abort(); 2254 /* NOTREACHED */ 2255 } 2256 /* NOTREACHED */ 2257 } 2258 2259 struct block * 2260 gen_scode(name, q) 2261 const char *name; 2262 struct qual q; 2263 { 2264 int proto = q.proto; 2265 int dir = q.dir; 2266 int tproto; 2267 u_char *eaddr; 2268 bpf_u_int32 mask, addr; 2269 #ifndef INET6 2270 bpf_u_int32 **alist; 2271 #else 2272 int tproto6; 2273 struct sockaddr_in *sin; 2274 struct sockaddr_in6 *sin6; 2275 struct addrinfo *res, *res0; 2276 struct in6_addr mask128; 2277 #endif /*INET6*/ 2278 struct block *b, *tmp; 2279 int port, real_proto; 2280 2281 switch (q.addr) { 2282 2283 case Q_NET: 2284 addr = pcap_nametonetaddr(name); 2285 if (addr == 0) 2286 bpf_error("unknown network '%s'", name); 2287 /* Left justify network addr and calculate its network mask */ 2288 mask = 0xffffffff; 2289 while (addr && (addr & 0xff000000) == 0) { 2290 addr <<= 8; 2291 mask <<= 8; 2292 } 2293 return gen_host(addr, mask, proto, dir); 2294 2295 case Q_DEFAULT: 2296 case Q_HOST: 2297 if (proto == Q_LINK) { 2298 switch (linktype) { 2299 2300 case DLT_EN10MB: 2301 eaddr = pcap_ether_hostton(name); 2302 if (eaddr == NULL) 2303 bpf_error( 2304 "unknown ether host '%s'", name); 2305 return gen_ehostop(eaddr, dir); 2306 2307 case DLT_FDDI: 2308 eaddr = pcap_ether_hostton(name); 2309 if (eaddr == NULL) 2310 bpf_error( 2311 "unknown FDDI host '%s'", name); 2312 return gen_fhostop(eaddr, dir); 2313 2314 case DLT_IEEE802_11: 2315 case DLT_IEEE802_11_RADIO: 2316 eaddr = pcap_ether_hostton(name); 2317 if (eaddr == NULL) 2318 bpf_error( 2319 "unknown 802.11 host '%s'", name); 2320 2321 return gen_p80211_hostop(eaddr, dir); 2322 2323 default: 2324 bpf_error( 2325 "only ethernet/FDDI supports link-level host name"); 2326 break; 2327 } 2328 } else if (proto == Q_DECNET) { 2329 unsigned short dn_addr = __pcap_nametodnaddr(name); 2330 /* 2331 * I don't think DECNET hosts can be multihomed, so 2332 * there is no need to build up a list of addresses 2333 */ 2334 return (gen_host(dn_addr, 0, proto, dir)); 2335 } else { 2336 #ifndef INET6 2337 alist = pcap_nametoaddr(name); 2338 if (alist == NULL || *alist == NULL) 2339 bpf_error("unknown host '%s'", name); 2340 tproto = proto; 2341 if (off_linktype == -1 && tproto == Q_DEFAULT) 2342 tproto = Q_IP; 2343 b = gen_host(**alist++, 0xffffffff, tproto, dir); 2344 while (*alist) { 2345 tmp = gen_host(**alist++, 0xffffffff, 2346 tproto, dir); 2347 gen_or(b, tmp); 2348 b = tmp; 2349 } 2350 return b; 2351 #else 2352 memset(&mask128, 0xff, sizeof(mask128)); 2353 res0 = res = pcap_nametoaddrinfo(name); 2354 if (res == NULL) 2355 bpf_error("unknown host '%s'", name); 2356 b = tmp = NULL; 2357 tproto = tproto6 = proto; 2358 if (off_linktype == -1 && tproto == Q_DEFAULT) { 2359 tproto = Q_IP; 2360 tproto6 = Q_IPV6; 2361 } 2362 for (res = res0; res; res = res->ai_next) { 2363 switch (res->ai_family) { 2364 case AF_INET: 2365 if (tproto == Q_IPV6) 2366 continue; 2367 2368 sin = (struct sockaddr_in *) 2369 res->ai_addr; 2370 tmp = gen_host(ntohl(sin->sin_addr.s_addr), 2371 0xffffffff, tproto, dir); 2372 break; 2373 case AF_INET6: 2374 if (tproto6 == Q_IP) 2375 continue; 2376 2377 sin6 = (struct sockaddr_in6 *) 2378 res->ai_addr; 2379 tmp = gen_host6(&sin6->sin6_addr, 2380 &mask128, tproto6, dir); 2381 break; 2382 } 2383 if (b) 2384 gen_or(b, tmp); 2385 b = tmp; 2386 } 2387 freeaddrinfo(res0); 2388 if (b == NULL) { 2389 bpf_error("unknown host '%s'%s", name, 2390 (proto == Q_DEFAULT) 2391 ? "" 2392 : " for specified address family"); 2393 } 2394 return b; 2395 #endif /*INET6*/ 2396 } 2397 2398 case Q_PORT: 2399 if (proto != Q_DEFAULT && proto != Q_UDP && proto != Q_TCP) 2400 bpf_error("illegal qualifier of 'port'"); 2401 if (pcap_nametoport(name, &port, &real_proto) == 0) 2402 bpf_error("unknown port '%s'", name); 2403 if (proto == Q_UDP) { 2404 if (real_proto == IPPROTO_TCP) 2405 bpf_error("port '%s' is tcp", name); 2406 else 2407 /* override PROTO_UNDEF */ 2408 real_proto = IPPROTO_UDP; 2409 } 2410 if (proto == Q_TCP) { 2411 if (real_proto == IPPROTO_UDP) 2412 bpf_error("port '%s' is udp", name); 2413 else 2414 /* override PROTO_UNDEF */ 2415 real_proto = IPPROTO_TCP; 2416 } 2417 #ifndef INET6 2418 return gen_port(port, real_proto, dir); 2419 #else 2420 { 2421 struct block *b; 2422 b = gen_port(port, real_proto, dir); 2423 gen_or(gen_port6(port, real_proto, dir), b); 2424 return b; 2425 } 2426 #endif /* INET6 */ 2427 2428 case Q_GATEWAY: 2429 #ifndef INET6 2430 eaddr = pcap_ether_hostton(name); 2431 if (eaddr == NULL) 2432 bpf_error("unknown ether host: %s", name); 2433 2434 alist = pcap_nametoaddr(name); 2435 if (alist == NULL || *alist == NULL) 2436 bpf_error("unknown host '%s'", name); 2437 return gen_gateway(eaddr, alist, proto, dir); 2438 #else 2439 bpf_error("'gateway' not supported in this configuration"); 2440 #endif /*INET6*/ 2441 2442 case Q_PROTO: 2443 real_proto = lookup_proto(name, proto); 2444 if (real_proto >= 0) 2445 return gen_proto(real_proto, proto, dir); 2446 else 2447 bpf_error("unknown protocol: %s", name); 2448 2449 case Q_PROTOCHAIN: 2450 real_proto = lookup_proto(name, proto); 2451 if (real_proto >= 0) 2452 return gen_protochain(real_proto, proto, dir); 2453 else 2454 bpf_error("unknown protocol: %s", name); 2455 2456 2457 case Q_UNDEF: 2458 syntax(); 2459 /* NOTREACHED */ 2460 } 2461 abort(); 2462 /* NOTREACHED */ 2463 } 2464 2465 struct block * 2466 gen_mcode(s1, s2, masklen, q) 2467 const char *s1, *s2; 2468 int masklen; 2469 struct qual q; 2470 { 2471 int nlen, mlen; 2472 bpf_u_int32 n, m; 2473 2474 nlen = __pcap_atoin(s1, &n); 2475 /* Promote short ipaddr */ 2476 n <<= 32 - nlen; 2477 2478 if (s2 != NULL) { 2479 mlen = __pcap_atoin(s2, &m); 2480 /* Promote short ipaddr */ 2481 m <<= 32 - mlen; 2482 if ((n & ~m) != 0) 2483 bpf_error("non-network bits set in \"%s mask %s\"", 2484 s1, s2); 2485 } else { 2486 /* Convert mask len to mask */ 2487 if (masklen > 32) 2488 bpf_error("mask length must be <= 32"); 2489 m = 0xffffffff << (32 - masklen); 2490 if ((n & ~m) != 0) 2491 bpf_error("non-network bits set in \"%s/%d\"", 2492 s1, masklen); 2493 } 2494 2495 switch (q.addr) { 2496 2497 case Q_NET: 2498 return gen_host(n, m, q.proto, q.dir); 2499 2500 default: 2501 bpf_error("Mask syntax for networks only"); 2502 /* NOTREACHED */ 2503 } 2504 } 2505 2506 struct block * 2507 gen_ncode(s, v, q) 2508 const char *s; 2509 bpf_u_int32 v; 2510 struct qual q; 2511 { 2512 bpf_u_int32 mask; 2513 int proto = q.proto; 2514 int dir = q.dir; 2515 int vlen; 2516 2517 if (s == NULL) 2518 vlen = 32; 2519 else if (q.proto == Q_DECNET) 2520 vlen = __pcap_atodn(s, &v); 2521 else 2522 vlen = __pcap_atoin(s, &v); 2523 2524 switch (q.addr) { 2525 2526 case Q_DEFAULT: 2527 case Q_HOST: 2528 case Q_NET: 2529 if (proto == Q_DECNET) 2530 return gen_host(v, 0, proto, dir); 2531 else if (proto == Q_LINK) { 2532 bpf_error("illegal link layer address"); 2533 } else { 2534 mask = 0xffffffff; 2535 if (s == NULL && q.addr == Q_NET) { 2536 /* Promote short net number */ 2537 while (v && (v & 0xff000000) == 0) { 2538 v <<= 8; 2539 mask <<= 8; 2540 } 2541 } else { 2542 /* Promote short ipaddr */ 2543 v <<= 32 - vlen; 2544 mask <<= 32 - vlen; 2545 } 2546 return gen_host(v, mask, proto, dir); 2547 } 2548 2549 case Q_PORT: 2550 if (proto == Q_UDP) 2551 proto = IPPROTO_UDP; 2552 else if (proto == Q_TCP) 2553 proto = IPPROTO_TCP; 2554 else if (proto == Q_DEFAULT) 2555 proto = PROTO_UNDEF; 2556 else 2557 bpf_error("illegal qualifier of 'port'"); 2558 2559 #ifndef INET6 2560 return gen_port((int)v, proto, dir); 2561 #else 2562 { 2563 struct block *b; 2564 b = gen_port((int)v, proto, dir); 2565 gen_or(gen_port6((int)v, proto, dir), b); 2566 return b; 2567 } 2568 #endif /* INET6 */ 2569 2570 case Q_GATEWAY: 2571 bpf_error("'gateway' requires a name"); 2572 /* NOTREACHED */ 2573 2574 case Q_PROTO: 2575 return gen_proto((int)v, proto, dir); 2576 2577 case Q_PROTOCHAIN: 2578 return gen_protochain((int)v, proto, dir); 2579 2580 case Q_UNDEF: 2581 syntax(); 2582 /* NOTREACHED */ 2583 2584 default: 2585 abort(); 2586 /* NOTREACHED */ 2587 } 2588 /* NOTREACHED */ 2589 } 2590 2591 #ifdef INET6 2592 struct block * 2593 gen_mcode6(s1, s2, masklen, q) 2594 const char *s1, *s2; 2595 int masklen; 2596 struct qual q; 2597 { 2598 struct addrinfo *res; 2599 struct in6_addr *addr; 2600 struct in6_addr mask; 2601 struct block *b; 2602 u_int32_t *a, *m; 2603 2604 if (s2) 2605 bpf_error("no mask %s supported", s2); 2606 2607 res = pcap_nametoaddrinfo(s1); 2608 if (!res) 2609 bpf_error("invalid ip6 address %s", s1); 2610 if (res->ai_next) 2611 bpf_error("%s resolved to multiple address", s1); 2612 addr = &((struct sockaddr_in6 *)res->ai_addr)->sin6_addr; 2613 2614 if (sizeof(mask) * 8 < masklen) 2615 bpf_error("mask length must be <= %u", (unsigned int)(sizeof(mask) * 8)); 2616 memset(&mask, 0, sizeof(mask)); 2617 memset(&mask, 0xff, masklen / 8); 2618 if (masklen % 8) { 2619 mask.s6_addr[masklen / 8] = 2620 (0xff << (8 - masklen % 8)) & 0xff; 2621 } 2622 2623 a = (u_int32_t *)addr; 2624 m = (u_int32_t *)&mask; 2625 if ((a[0] & ~m[0]) || (a[1] & ~m[1]) 2626 || (a[2] & ~m[2]) || (a[3] & ~m[3])) { 2627 bpf_error("non-network bits set in \"%s/%d\"", s1, masklen); 2628 } 2629 2630 switch (q.addr) { 2631 2632 case Q_DEFAULT: 2633 case Q_HOST: 2634 if (masklen != 128) 2635 bpf_error("Mask syntax for networks only"); 2636 /* FALLTHROUGH */ 2637 2638 case Q_NET: 2639 b = gen_host6(addr, &mask, q.proto, q.dir); 2640 freeaddrinfo(res); 2641 return b; 2642 2643 default: 2644 bpf_error("invalid qualifier against IPv6 address"); 2645 /* NOTREACHED */ 2646 } 2647 } 2648 #endif /*INET6*/ 2649 2650 struct block * 2651 gen_ecode(eaddr, q) 2652 const u_char *eaddr; 2653 struct qual q; 2654 { 2655 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 2656 if (linktype == DLT_EN10MB) 2657 return gen_ehostop(eaddr, (int)q.dir); 2658 if (linktype == DLT_FDDI) 2659 return gen_fhostop(eaddr, (int)q.dir); 2660 if (linktype == DLT_IEEE802_11 || 2661 linktype == DLT_IEEE802_11_RADIO) 2662 return gen_p80211_hostop(eaddr, (int)q.dir); 2663 } 2664 bpf_error("ethernet address used in non-ether expression"); 2665 /* NOTREACHED */ 2666 } 2667 2668 void 2669 sappend(s0, s1) 2670 struct slist *s0, *s1; 2671 { 2672 /* 2673 * This is definitely not the best way to do this, but the 2674 * lists will rarely get long. 2675 */ 2676 while (s0->next) 2677 s0 = s0->next; 2678 s0->next = s1; 2679 } 2680 2681 static struct slist * 2682 xfer_to_x(a) 2683 struct arth *a; 2684 { 2685 struct slist *s; 2686 2687 s = new_stmt(BPF_LDX|BPF_MEM); 2688 s->s.k = a->regno; 2689 return s; 2690 } 2691 2692 static struct slist * 2693 xfer_to_a(a) 2694 struct arth *a; 2695 { 2696 struct slist *s; 2697 2698 s = new_stmt(BPF_LD|BPF_MEM); 2699 s->s.k = a->regno; 2700 return s; 2701 } 2702 2703 struct arth * 2704 gen_load(proto, index, size) 2705 int proto; 2706 struct arth *index; 2707 int size; 2708 { 2709 struct slist *s, *tmp; 2710 struct block *b; 2711 int regno = alloc_reg(); 2712 2713 free_reg(index->regno); 2714 switch (size) { 2715 2716 default: 2717 bpf_error("data size must be 1, 2, or 4"); 2718 2719 case 1: 2720 size = BPF_B; 2721 break; 2722 2723 case 2: 2724 size = BPF_H; 2725 break; 2726 2727 case 4: 2728 size = BPF_W; 2729 break; 2730 } 2731 switch (proto) { 2732 default: 2733 bpf_error("unsupported index operation"); 2734 2735 case Q_LINK: 2736 s = xfer_to_x(index); 2737 tmp = new_stmt(BPF_LD|BPF_IND|size); 2738 sappend(s, tmp); 2739 sappend(index->s, s); 2740 break; 2741 2742 case Q_IP: 2743 case Q_ARP: 2744 case Q_RARP: 2745 case Q_ATALK: 2746 case Q_DECNET: 2747 case Q_SCA: 2748 case Q_LAT: 2749 case Q_MOPRC: 2750 case Q_MOPDL: 2751 #ifdef INET6 2752 case Q_IPV6: 2753 #endif 2754 /* XXX Note that we assume a fixed link header here. */ 2755 if (variable_nl) { 2756 s = nl2X_stmt(); 2757 sappend(s, xfer_to_a(index)); 2758 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2759 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2760 } else { 2761 s = xfer_to_x(index); 2762 } 2763 tmp = new_stmt(BPF_LD|BPF_IND|size); 2764 tmp->s.k = off_nl; /* off_nl == 0 for variable_nl */ 2765 sappend(s, tmp); 2766 sappend(index->s, s); 2767 2768 b = gen_proto_abbrev(proto); 2769 if (index->b) 2770 gen_and(index->b, b); 2771 index->b = b; 2772 break; 2773 2774 case Q_TCP: 2775 case Q_UDP: 2776 case Q_ICMP: 2777 case Q_IGMP: 2778 case Q_IGRP: 2779 case Q_PIM: 2780 s = iphl_to_x(); 2781 sappend(s, xfer_to_a(index)); 2782 sappend(s, new_stmt(BPF_ALU|BPF_ADD|BPF_X)); 2783 sappend(s, new_stmt(BPF_MISC|BPF_TAX)); 2784 sappend(s, tmp = new_stmt(BPF_LD|BPF_IND|size)); 2785 tmp->s.k = off_nl; /* off_nl is 0 if variable_nl */ 2786 sappend(index->s, s); 2787 2788 gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); 2789 if (index->b) 2790 gen_and(index->b, b); 2791 #ifdef INET6 2792 gen_and(gen_proto_abbrev(Q_IP), b); 2793 #endif 2794 index->b = b; 2795 break; 2796 #ifdef INET6 2797 case Q_ICMPV6: 2798 bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); 2799 /*NOTREACHED*/ 2800 #endif 2801 } 2802 index->regno = regno; 2803 s = new_stmt(BPF_ST); 2804 s->s.k = regno; 2805 sappend(index->s, s); 2806 2807 return index; 2808 } 2809 2810 struct block * 2811 gen_relation(code, a0, a1, reversed) 2812 int code; 2813 struct arth *a0, *a1; 2814 int reversed; 2815 { 2816 struct slist *s0, *s1, *s2; 2817 struct block *b, *tmp; 2818 2819 s0 = xfer_to_x(a1); 2820 s1 = xfer_to_a(a0); 2821 s2 = new_stmt(BPF_ALU|BPF_SUB|BPF_X); 2822 b = new_block(JMP(code)); 2823 if (code == BPF_JGT || code == BPF_JGE) { 2824 reversed = !reversed; 2825 b->s.k = 0x80000000; 2826 } 2827 if (reversed) 2828 gen_not(b); 2829 2830 sappend(s1, s2); 2831 sappend(s0, s1); 2832 sappend(a1->s, s0); 2833 sappend(a0->s, a1->s); 2834 2835 b->stmts = a0->s; 2836 2837 free_reg(a0->regno); 2838 free_reg(a1->regno); 2839 2840 /* 'and' together protocol checks */ 2841 if (a0->b) { 2842 if (a1->b) { 2843 gen_and(a0->b, tmp = a1->b); 2844 } 2845 else 2846 tmp = a0->b; 2847 } else 2848 tmp = a1->b; 2849 2850 if (tmp) 2851 gen_and(tmp, b); 2852 2853 return b; 2854 } 2855 2856 struct arth * 2857 gen_loadlen() 2858 { 2859 int regno = alloc_reg(); 2860 struct arth *a = (struct arth *)newchunk(sizeof(*a)); 2861 struct slist *s; 2862 2863 s = new_stmt(BPF_LD|BPF_LEN); 2864 s->next = new_stmt(BPF_ST); 2865 s->next->s.k = regno; 2866 a->s = s; 2867 a->regno = regno; 2868 2869 return a; 2870 } 2871 2872 struct arth * 2873 gen_loadi(val) 2874 int val; 2875 { 2876 struct arth *a; 2877 struct slist *s; 2878 int reg; 2879 2880 a = (struct arth *)newchunk(sizeof(*a)); 2881 2882 reg = alloc_reg(); 2883 2884 s = new_stmt(BPF_LD|BPF_IMM); 2885 s->s.k = val; 2886 s->next = new_stmt(BPF_ST); 2887 s->next->s.k = reg; 2888 a->s = s; 2889 a->regno = reg; 2890 2891 return a; 2892 } 2893 2894 struct arth * 2895 gen_neg(a) 2896 struct arth *a; 2897 { 2898 struct slist *s; 2899 2900 s = xfer_to_a(a); 2901 sappend(a->s, s); 2902 s = new_stmt(BPF_ALU|BPF_NEG); 2903 s->s.k = 0; 2904 sappend(a->s, s); 2905 s = new_stmt(BPF_ST); 2906 s->s.k = a->regno; 2907 sappend(a->s, s); 2908 2909 return a; 2910 } 2911 2912 struct arth * 2913 gen_arth(code, a0, a1) 2914 int code; 2915 struct arth *a0, *a1; 2916 { 2917 struct slist *s0, *s1, *s2; 2918 2919 s0 = xfer_to_x(a1); 2920 s1 = xfer_to_a(a0); 2921 s2 = new_stmt(BPF_ALU|BPF_X|code); 2922 2923 sappend(s1, s2); 2924 sappend(s0, s1); 2925 sappend(a1->s, s0); 2926 sappend(a0->s, a1->s); 2927 2928 free_reg(a1->regno); 2929 2930 s0 = new_stmt(BPF_ST); 2931 a0->regno = s0->s.k = alloc_reg(); 2932 sappend(a0->s, s0); 2933 2934 return a0; 2935 } 2936 2937 /* 2938 * Here we handle simple allocation of the scratch registers. 2939 * If too many registers are alloc'd, the allocator punts. 2940 */ 2941 static int regused[BPF_MEMWORDS]; 2942 static int curreg; 2943 2944 /* 2945 * Return the next free register. 2946 */ 2947 static int 2948 alloc_reg() 2949 { 2950 int n = BPF_MEMWORDS; 2951 2952 while (--n >= 0) { 2953 if (regused[curreg]) 2954 curreg = (curreg + 1) % BPF_MEMWORDS; 2955 else { 2956 regused[curreg] = 1; 2957 return curreg; 2958 } 2959 } 2960 bpf_error("too many registers needed to evaluate expression"); 2961 /* NOTREACHED */ 2962 } 2963 2964 /* 2965 * Return a register to the table so it can 2966 * be used later. 2967 */ 2968 static void 2969 free_reg(n) 2970 int n; 2971 { 2972 regused[n] = 0; 2973 } 2974 2975 static struct block * 2976 gen_len(jmp, n) 2977 int jmp, n; 2978 { 2979 struct slist *s; 2980 struct block *b; 2981 2982 s = new_stmt(BPF_LD|BPF_LEN); 2983 b = new_block(JMP(jmp)); 2984 b->stmts = s; 2985 b->s.k = n; 2986 2987 return b; 2988 } 2989 2990 struct block * 2991 gen_greater(n) 2992 int n; 2993 { 2994 return gen_len(BPF_JGE, n); 2995 } 2996 2997 struct block * 2998 gen_less(n) 2999 int n; 3000 { 3001 struct block *b; 3002 3003 b = gen_len(BPF_JGT, n); 3004 gen_not(b); 3005 3006 return b; 3007 } 3008 3009 struct block * 3010 gen_byteop(op, idx, val) 3011 int op, idx, val; 3012 { 3013 struct block *b; 3014 struct slist *s; 3015 3016 switch (op) { 3017 default: 3018 abort(); 3019 3020 case '=': 3021 return gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3022 3023 case '<': 3024 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3025 b->s.code = JMP(BPF_JGE); 3026 gen_not(b); 3027 return b; 3028 3029 case '>': 3030 b = gen_cmp((u_int)idx, BPF_B, (bpf_int32)val); 3031 b->s.code = JMP(BPF_JGT); 3032 return b; 3033 3034 case '|': 3035 s = new_stmt(BPF_ALU|BPF_OR|BPF_K); 3036 break; 3037 3038 case '&': 3039 s = new_stmt(BPF_ALU|BPF_AND|BPF_K); 3040 break; 3041 } 3042 s->s.k = val; 3043 b = new_block(JMP(BPF_JEQ)); 3044 b->stmts = s; 3045 gen_not(b); 3046 3047 return b; 3048 } 3049 3050 struct block * 3051 gen_broadcast(proto) 3052 int proto; 3053 { 3054 bpf_u_int32 hostmask; 3055 struct block *b0, *b1, *b2; 3056 static u_char ebroadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 3057 3058 switch (proto) { 3059 3060 case Q_DEFAULT: 3061 case Q_LINK: 3062 if (linktype == DLT_EN10MB) 3063 return gen_ehostop(ebroadcast, Q_DST); 3064 if (linktype == DLT_FDDI) 3065 return gen_fhostop(ebroadcast, Q_DST); 3066 if (linktype == DLT_IEEE802_11 || 3067 linktype == DLT_IEEE802_11_RADIO) 3068 return gen_p80211_hostop(ebroadcast, Q_DST); 3069 bpf_error("not a broadcast link"); 3070 break; 3071 3072 case Q_IP: 3073 b0 = gen_linktype(ETHERTYPE_IP); 3074 hostmask = ~netmask; 3075 b1 = gen_mcmp_nl(16, BPF_W, (bpf_int32)0, hostmask); 3076 b2 = gen_mcmp_nl(16, BPF_W, 3077 (bpf_int32)(~0 & hostmask), hostmask); 3078 gen_or(b1, b2); 3079 gen_and(b0, b2); 3080 return b2; 3081 } 3082 bpf_error("only ether/ip broadcast filters supported"); 3083 } 3084 3085 struct block * 3086 gen_multicast(proto) 3087 int proto; 3088 { 3089 struct block *b0, *b1; 3090 struct slist *s; 3091 3092 switch (proto) { 3093 3094 case Q_DEFAULT: 3095 case Q_LINK: 3096 if (linktype == DLT_EN10MB) { 3097 /* ether[0] & 1 != 0 */ 3098 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3099 s->s.k = 0; 3100 b0 = new_block(JMP(BPF_JSET)); 3101 b0->s.k = 1; 3102 b0->stmts = s; 3103 return b0; 3104 } 3105 3106 if (linktype == DLT_FDDI) { 3107 /* XXX TEST THIS: MIGHT NOT PORT PROPERLY XXX */ 3108 /* fddi[1] & 1 != 0 */ 3109 s = new_stmt(BPF_LD|BPF_B|BPF_ABS); 3110 s->s.k = 1; 3111 b0 = new_block(JMP(BPF_JSET)); 3112 b0->s.k = 1; 3113 b0->stmts = s; 3114 return b0; 3115 } 3116 /* Link not known to support multicasts */ 3117 break; 3118 3119 case Q_IP: 3120 b0 = gen_linktype(ETHERTYPE_IP); 3121 b1 = gen_cmp_nl(16, BPF_B, (bpf_int32)224); 3122 b1->s.code = JMP(BPF_JGE); 3123 gen_and(b0, b1); 3124 return b1; 3125 3126 #ifdef INET6 3127 case Q_IPV6: 3128 b0 = gen_linktype(ETHERTYPE_IPV6); 3129 b1 = gen_cmp_nl(24, BPF_B, (bpf_int32)255); 3130 gen_and(b0, b1); 3131 return b1; 3132 #endif /* INET6 */ 3133 } 3134 bpf_error("only IP multicast filters supported on ethernet/FDDI"); 3135 } 3136 3137 /* 3138 * generate command for inbound/outbound. It's here so we can 3139 * make it link-type specific. 'dir' = 0 implies "inbound", 3140 * = 1 implies "outbound". 3141 */ 3142 struct block * 3143 gen_inbound(dir) 3144 int dir; 3145 { 3146 struct block *b0; 3147 3148 /* 3149 * Only SLIP and old-style PPP data link types support 3150 * inbound/outbound qualifiers. 3151 */ 3152 switch (linktype) { 3153 case DLT_SLIP: 3154 case DLT_PPP: 3155 b0 = gen_relation(BPF_JEQ, 3156 gen_load(Q_LINK, gen_loadi(0), 1), 3157 gen_loadi(0), 3158 dir); 3159 break; 3160 3161 case DLT_PFLOG: 3162 b0 = gen_cmp(offsetof(struct pfloghdr, dir), BPF_B, 3163 (bpf_int32)((dir == 0) ? PF_IN : PF_OUT)); 3164 break; 3165 3166 default: 3167 bpf_error("inbound/outbound not supported on linktype 0x%x", 3168 linktype); 3169 /* NOTREACHED */ 3170 } 3171 3172 return (b0); 3173 } 3174 3175 3176 /* PF firewall log matched interface */ 3177 struct block * 3178 gen_pf_ifname(char *ifname) 3179 { 3180 struct block *b0; 3181 u_int len, off; 3182 3183 if (linktype == DLT_PFLOG) { 3184 len = sizeof(((struct pfloghdr *)0)->ifname); 3185 off = offsetof(struct pfloghdr, ifname); 3186 } else { 3187 bpf_error("ifname not supported on linktype 0x%x", linktype); 3188 /* NOTREACHED */ 3189 } 3190 if (strlen(ifname) >= len) { 3191 bpf_error("ifname interface names can only be %d characters", 3192 len - 1); 3193 /* NOTREACHED */ 3194 } 3195 b0 = gen_bcmp(off, strlen(ifname), ifname); 3196 return (b0); 3197 } 3198 3199 3200 /* PF firewall log ruleset name */ 3201 struct block * 3202 gen_pf_ruleset(char *ruleset) 3203 { 3204 struct block *b0; 3205 3206 if (linktype != DLT_PFLOG) { 3207 bpf_error("ruleset not supported on linktype 0x%x", linktype); 3208 /* NOTREACHED */ 3209 } 3210 if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) { 3211 bpf_error("ruleset names can only be %zu characters", 3212 sizeof(((struct pfloghdr *)0)->ruleset) - 1); 3213 /* NOTREACHED */ 3214 } 3215 b0 = gen_bcmp(offsetof(struct pfloghdr, ruleset), 3216 strlen(ruleset), ruleset); 3217 return (b0); 3218 } 3219 3220 3221 /* PF firewall log rule number */ 3222 struct block * 3223 gen_pf_rnr(int rnr) 3224 { 3225 struct block *b0; 3226 3227 if (linktype == DLT_PFLOG) { 3228 b0 = gen_cmp(offsetof(struct pfloghdr, rulenr), BPF_W, 3229 (bpf_int32)rnr); 3230 } else { 3231 bpf_error("rnr not supported on linktype 0x%x", linktype); 3232 /* NOTREACHED */ 3233 } 3234 3235 return (b0); 3236 } 3237 3238 3239 /* PF firewall log sub-rule number */ 3240 struct block * 3241 gen_pf_srnr(int srnr) 3242 { 3243 struct block *b0; 3244 3245 if (linktype != DLT_PFLOG) { 3246 bpf_error("srnr not supported on linktype 0x%x", linktype); 3247 /* NOTREACHED */ 3248 } 3249 3250 b0 = gen_cmp(offsetof(struct pfloghdr, subrulenr), BPF_W, 3251 (bpf_int32)srnr); 3252 return (b0); 3253 } 3254 3255 /* PF firewall log reason code */ 3256 struct block * 3257 gen_pf_reason(int reason) 3258 { 3259 struct block *b0; 3260 3261 if (linktype == DLT_PFLOG) { 3262 b0 = gen_cmp(offsetof(struct pfloghdr, reason), BPF_B, 3263 (bpf_int32)reason); 3264 } else { 3265 bpf_error("reason not supported on linktype 0x%x", linktype); 3266 /* NOTREACHED */ 3267 } 3268 3269 return (b0); 3270 } 3271 3272 /* PF firewall log action */ 3273 struct block * 3274 gen_pf_action(int action) 3275 { 3276 struct block *b0; 3277 3278 if (linktype == DLT_PFLOG) { 3279 b0 = gen_cmp(offsetof(struct pfloghdr, action), BPF_B, 3280 (bpf_int32)action); 3281 } else { 3282 bpf_error("action not supported on linktype 0x%x", linktype); 3283 /* NOTREACHED */ 3284 } 3285 3286 return (b0); 3287 } 3288 3289 /* IEEE 802.11 wireless header */ 3290 struct block * 3291 gen_p80211_type(int type, int mask) 3292 { 3293 struct block *b0; 3294 u_int offset; 3295 3296 if (!(linktype == DLT_IEEE802_11 || 3297 linktype == DLT_IEEE802_11_RADIO)) { 3298 bpf_error("type not supported on linktype 0x%x", 3299 linktype); 3300 /* NOTREACHED */ 3301 } 3302 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[0]); 3303 if (linktype == DLT_IEEE802_11_RADIO) 3304 offset += IEEE80211_RADIOTAP_HDRLEN; 3305 3306 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)type, (bpf_u_int32)mask); 3307 3308 return (b0); 3309 } 3310 3311 static struct block * 3312 gen_ahostop(eaddr, dir) 3313 const u_char *eaddr; 3314 int dir; 3315 { 3316 struct block *b0, *b1; 3317 3318 switch (dir) { 3319 /* src comes first, different from Ethernet */ 3320 case Q_SRC: 3321 return gen_bcmp(0, 1, eaddr); 3322 3323 case Q_DST: 3324 return gen_bcmp(1, 1, eaddr); 3325 3326 case Q_AND: 3327 b0 = gen_ahostop(eaddr, Q_SRC); 3328 b1 = gen_ahostop(eaddr, Q_DST); 3329 gen_and(b0, b1); 3330 return b1; 3331 3332 case Q_DEFAULT: 3333 case Q_OR: 3334 b0 = gen_ahostop(eaddr, Q_SRC); 3335 b1 = gen_ahostop(eaddr, Q_DST); 3336 gen_or(b0, b1); 3337 return b1; 3338 } 3339 abort(); 3340 /* NOTREACHED */ 3341 } 3342 3343 struct block * 3344 gen_acode(eaddr, q) 3345 const u_char *eaddr; 3346 struct qual q; 3347 { 3348 if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { 3349 if (linktype == DLT_ARCNET) 3350 return gen_ahostop(eaddr, (int)q.dir); 3351 } 3352 bpf_error("ARCnet address used in non-arc expression"); 3353 /* NOTREACHED */ 3354 } 3355 3356 struct block * 3357 gen_mpls(label) 3358 int label; 3359 { 3360 struct block *b0; 3361 3362 if (label > MPLS_LABEL_MAX) 3363 bpf_error("invalid MPLS label : %d", label); 3364 3365 if (mpls_stack > 0) /* Bottom-Of-Label-Stack bit ? */ 3366 b0 = gen_mcmp(off_nl-2, BPF_B, (bpf_int32)0, 0x1); 3367 else 3368 b0 = gen_linktype(ETHERTYPE_MPLS); 3369 3370 if (label >= 0) { 3371 struct block *b1; 3372 3373 b1 = gen_mcmp(off_nl, BPF_W, (bpf_int32)(label << 12), 3374 MPLS_LABEL_MASK); 3375 gen_and(b0, b1); 3376 b0 = b1; 3377 } 3378 off_nl += 4; 3379 off_linktype += 4; 3380 mpls_stack++; 3381 return (b0); 3382 } 3383 3384 /* 3385 * support IEEE 802.1Q VLAN trunk over ethernet 3386 */ 3387 struct block * 3388 gen_vlan(vlan_num) 3389 int vlan_num; 3390 { 3391 struct block *b0; 3392 3393 if (variable_nl) { 3394 bpf_error("'vlan' not supported for variable DLTs"); 3395 /*NOTREACHED*/ 3396 } 3397 3398 if (vlan_num > 4095) { 3399 bpf_error("invalid VLAN number : %d", vlan_num); 3400 /*NOTREACHED*/ 3401 } 3402 3403 /* 3404 * Change the offsets to point to the type and data fields within 3405 * the VLAN packet. This is somewhat of a kludge. 3406 */ 3407 if (orig_nl == (u_int)-1) { 3408 orig_linktype = off_linktype; /* save original values */ 3409 orig_nl = off_nl; 3410 orig_nl_nosnap = off_nl_nosnap; 3411 3412 switch (linktype) { 3413 3414 case DLT_EN10MB: 3415 off_linktype = 16; 3416 off_nl_nosnap = 18; 3417 off_nl = 18; 3418 break; 3419 3420 default: 3421 bpf_error("no VLAN support for data link type %d", 3422 linktype); 3423 /*NOTREACHED*/ 3424 } 3425 } 3426 3427 /* check for VLAN */ 3428 b0 = gen_cmp(orig_linktype, BPF_H, (bpf_int32)ETHERTYPE_8021Q); 3429 3430 /* If a specific VLAN is requested, check VLAN id */ 3431 if (vlan_num >= 0) { 3432 struct block *b1; 3433 3434 b1 = gen_mcmp(orig_nl, BPF_H, (bpf_int32)vlan_num, 0x0FFF); 3435 gen_and(b0, b1); 3436 b0 = b1; 3437 } 3438 3439 return (b0); 3440 } 3441 3442 struct block * 3443 gen_p80211_fcdir(int fcdir) 3444 { 3445 struct block *b0; 3446 u_int offset; 3447 3448 if (!(linktype == DLT_IEEE802_11 || 3449 linktype == DLT_IEEE802_11_RADIO)) { 3450 bpf_error("frame direction not supported on linktype 0x%x", 3451 linktype); 3452 /* NOTREACHED */ 3453 } 3454 offset = (u_int)offsetof(struct ieee80211_frame, i_fc[1]); 3455 if (linktype == DLT_IEEE802_11_RADIO) 3456 offset += IEEE80211_RADIOTAP_HDRLEN; 3457 3458 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, 3459 (bpf_u_int32)IEEE80211_FC1_DIR_MASK); 3460 3461 return (b0); 3462 } 3463 3464 static struct block * 3465 gen_p80211_hostop(const u_char *lladdr, int dir) 3466 { 3467 struct block *b0, *b1, *b2, *b3, *b4; 3468 u_int offset = 0; 3469 3470 if (linktype == DLT_IEEE802_11_RADIO) 3471 offset = IEEE80211_RADIOTAP_HDRLEN; 3472 3473 switch (dir) { 3474 case Q_SRC: 3475 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3476 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3477 lladdr); 3478 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3479 (u_int)offsetof(struct ieee80211_frame, i_addr2), 3480 lladdr); 3481 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3482 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3483 lladdr); 3484 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3485 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3486 lladdr); 3487 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3488 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr2), 3489 lladdr); 3490 3491 gen_or(b0, b1); 3492 gen_or(b1, b2); 3493 gen_or(b2, b3); 3494 gen_or(b3, b4); 3495 return (b4); 3496 3497 case Q_DST: 3498 b0 = gen_p80211_addr(IEEE80211_FC1_DIR_NODS, offset + 3499 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3500 lladdr); 3501 b1 = gen_p80211_addr(IEEE80211_FC1_DIR_TODS, offset + 3502 (u_int)offsetof(struct ieee80211_frame, i_addr3), 3503 lladdr); 3504 b2 = gen_p80211_addr(IEEE80211_FC1_DIR_FROMDS, offset + 3505 (u_int)offsetof(struct ieee80211_frame, i_addr1), 3506 lladdr); 3507 b3 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3508 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr3), 3509 lladdr); 3510 b4 = gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3511 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr1), 3512 lladdr); 3513 3514 gen_or(b0, b1); 3515 gen_or(b1, b2); 3516 gen_or(b2, b3); 3517 gen_or(b3, b4); 3518 return (b4); 3519 3520 case Q_ADDR1: 3521 return (gen_bcmp(offset + 3522 (u_int)offsetof(struct ieee80211_frame, 3523 i_addr1), IEEE80211_ADDR_LEN, lladdr)); 3524 3525 case Q_ADDR2: 3526 return (gen_bcmp(offset + 3527 (u_int)offsetof(struct ieee80211_frame, 3528 i_addr2), IEEE80211_ADDR_LEN, lladdr)); 3529 3530 case Q_ADDR3: 3531 return (gen_bcmp(offset + 3532 (u_int)offsetof(struct ieee80211_frame, 3533 i_addr3), IEEE80211_ADDR_LEN, lladdr)); 3534 3535 case Q_ADDR4: 3536 return (gen_p80211_addr(IEEE80211_FC1_DIR_DSTODS, offset + 3537 (u_int)offsetof(struct ieee80211_frame_addr4, i_addr4), 3538 lladdr)); 3539 3540 case Q_AND: 3541 b0 = gen_p80211_hostop(lladdr, Q_SRC); 3542 b1 = gen_p80211_hostop(lladdr, Q_DST); 3543 gen_and(b0, b1); 3544 return (b1); 3545 3546 case Q_DEFAULT: 3547 case Q_OR: 3548 b0 = gen_p80211_hostop(lladdr, Q_ADDR1); 3549 b1 = gen_p80211_hostop(lladdr, Q_ADDR2); 3550 b2 = gen_p80211_hostop(lladdr, Q_ADDR3); 3551 b3 = gen_p80211_hostop(lladdr, Q_ADDR4); 3552 gen_or(b0, b1); 3553 gen_or(b1, b2); 3554 gen_or(b2, b3); 3555 return (b3); 3556 3557 default: 3558 bpf_error("direction not supported on linktype 0x%x", 3559 linktype); 3560 } 3561 /* NOTREACHED */ 3562 } 3563 3564 static struct block * 3565 gen_p80211_addr(int fcdir, u_int offset, const u_char *lladdr) 3566 { 3567 struct block *b0, *b1; 3568 3569 b0 = gen_mcmp(offset, BPF_B, (bpf_int32)fcdir, IEEE80211_FC1_DIR_MASK); 3570 b1 = gen_bcmp(offset, IEEE80211_ADDR_LEN, lladdr); 3571 gen_and(b0, b1); 3572 3573 return (b1); 3574 } 3575