• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1--- gencode.c.cvs	2007-06-14 13:54:12.000000000 -0700
2+++ gencode.c	2007-06-14 13:56:27.531250000 -0700
3@@ -24,6 +24,8 @@
4     "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.221.2.51 2007/06/14 20:54:12 gianluca Exp $ (LBL)";
5 #endif
6
7+#define ENABLE_WLAN_FILTERING_PATCH
8+
9 #ifdef HAVE_CONFIG_H
10 #include "config.h"
11 #endif
12@@ -144,7 +146,8 @@
13 	OR_NET,		/* relative to the network-layer header */
14 	OR_NET_NOSNAP,	/* relative to the network-layer header, with no SNAP header at the link layer */
15 	OR_TRAN_IPV4,	/* relative to the transport-layer header, with IPv4 network layer */
16-	OR_TRAN_IPV6	/* relative to the transport-layer header, with IPv6 network layer */
17+	OR_TRAN_IPV6,	/* relative to the transport-layer header, with IPv6 network layer */
18+	OR_LINK_AFTER_WIRELESS_HDR /* After the 802.11 variable length header */
19 };
20
21 /*
22@@ -199,6 +202,7 @@
23 static struct block *gen_linktype(int);
24 static struct block *gen_snap(bpf_u_int32, bpf_u_int32, u_int);
25 static struct block *gen_llc_linktype(int);
26+static struct block *gen_802_11_llc_linktype(int);
27 static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int);
28 #ifdef INET6
29 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int);
30@@ -242,6 +246,7 @@
31 static struct slist *xfer_to_a(struct arth *);
32 static struct block *gen_mac_multicast(int);
33 static struct block *gen_len(int, int);
34+static struct block *gen_check_802_11_data_frame();
35
36 static struct block *gen_ppi_dlt_check();
37 static struct block *gen_msg_abbrev(int type);
38@@ -1345,6 +1350,138 @@
39 	return s;
40 }
41
42+/*
43+ * Load a value relative to the beginning of the link-layer header after the 802.11
44+ * header, i.e. LLC_SNAP.
45+ * The link-layer header doesn't necessarily begin at the beginning
46+ * of the packet data; there might be a variable-length prefix containing
47+ * radio information.
48+ */
49+static struct slist *
50+gen_load_ll_after_802_11_rel(offset, size)
51+	u_int offset, size;
52+{
53+	struct slist *s, *s_load_fc;
54+	struct slist *sjset_qos;
55+	struct slist *s_load;
56+	struct slist *s_ld_a_2;
57+	struct slist *s_add_a_x;
58+	struct slist *s_a_to_x;
59+	struct slist *sjset_data_frame_1;
60+	struct slist *sjset_data_frame_2;
61+	struct slist *s_load_x_0;
62+
63+	/*
64+	 * This code is not compatible with the optimizer, as
65+	 * we are generating jmp instructions within a normal
66+	 * slist of instructions
67+	 *
68+	 */
69+	no_optimize = 1;
70+
71+	s = gen_llprefixlen();
72+
73+	/*
74+	 * If "s" is non-null, it has code to arrange that the X register
75+	 * contains the length of the prefix preceding the link-layer
76+	 * header.
77+	 *
78+	 * Otherwise, the length of the prefix preceding the link-layer
79+	 * header is "off_ll".
80+	 */
81+	if (s != NULL) {
82+		/*
83+		 * There's a variable-length prefix preceding the
84+		 * link-layer header.  "s" points to a list of statements
85+		 * that put the length of that prefix into the X register.
86+		 * do an indirect load, to use the X register as an offset.
87+		 */
88+
89+		/*
90+		 * Load the Frame Control field
91+		 */
92+		s_load_fc = new_stmt(BPF_LD|BPF_IND|BPF_B);
93+		s_load_fc->s.k = 0;
94+	} else {
95+		/*
96+		 * There is no variable-length header preceding the
97+		 * link-layer header; add in off_ll, which, if there's
98+		 * a fixed-length header preceding the link-layer header,
99+		 * is the length of that header.
100+		 */
101+
102+		/*
103+		 * We need to load the Frame control directly, and
104+		 * then load X with a fake 0, i.e. the length of the
105+		 * non-existing prepended header
106+		 */
107+
108+		/*
109+		 * TODO GV: I'm not sure if 0 is the right constant in this
110+		 * case. If the link layer has a fixed length prepended header,
111+		 * that should be the value that we put here
112+		 */
113+
114+		/* Load 0 into X */
115+		s_load_x_0 = new_stmt(BPF_LDX|BPF_IMM);
116+		s_load_x_0->s.k = 0;
117+
118+		/*
119+		 * TODO GV: I'm not sure if 0 is the right constant in this
120+		 * case. If the link layer has a fixed length prepended header,
121+		 * that should be the value that we put here
122+		 */
123+
124+		/*
125+		 * load the Frame Control with absolute access
126+		 */
127+		s_load_fc = new_stmt(BPF_LD|BPF_ABS|BPF_B);
128+		s_load_fc->s.k = 0;
129+		s = s_load_x_0;
130+	}
131+
132+	/*
133+	 * Generate the common instructions to check if it's a data frame
134+	 * and if so compute the 802.11 header length
135+	 */
136+	sjset_data_frame_1 = new_stmt(JMP(BPF_JSET));	// b3 should be 1
137+	sjset_data_frame_1->s.k = 0x8;
138+
139+	sjset_data_frame_2 = new_stmt(JMP(BPF_JSET));	// b2 should be 0
140+	sjset_data_frame_2->s.k = 0x04;
141+
142+	sjset_qos = new_stmt(JMP(BPF_JSET));
143+	sjset_qos->s.k = 0x80; //QOS bit
144+
145+	s_ld_a_2 = new_stmt(BPF_LD|BPF_IMM);
146+	s_ld_a_2->s.k = 2;
147+
148+	s_add_a_x = new_stmt(BPF_ALU|BPF_ADD|BPF_X);
149+	s_a_to_x = new_stmt(BPF_MISC|BPF_TAX);
150+
151+	s_load = new_stmt(BPF_LD|BPF_IND|size);
152+	s_load->s.k = offset;
153+
154+	sjset_data_frame_1->s.jt = sjset_data_frame_2;
155+	sjset_data_frame_1->s.jf = s_load;
156+
157+	sjset_data_frame_2->s.jt = s_load;
158+	sjset_data_frame_2->s.jf = sjset_qos;
159+
160+	sjset_qos->s.jt = s_ld_a_2;
161+	sjset_qos->s.jf = s_load;
162+
163+	sappend(s, s_load_fc);
164+	sappend(s_load_fc, sjset_data_frame_1);
165+	sappend(sjset_data_frame_1, sjset_data_frame_2);
166+	sappend(sjset_data_frame_2, sjset_qos);
167+	sappend(sjset_qos, s_ld_a_2);
168+	sappend(s_ld_a_2, s_add_a_x);
169+	sappend(s_add_a_x,s_a_to_x);
170+	sappend(s_a_to_x, s_load);
171+
172+	return s;
173+}
174
175 /*
176  * Load a value relative to the beginning of the specified header.
177@@ -1367,6 +1504,22 @@
178 		s = gen_load_llrel(offset, size);
179 		break;
180
181+#ifdef ENABLE_WLAN_FILTERING_PATCH
182+
183+	case OR_LINK_AFTER_WIRELESS_HDR:
184+		if (linktype != DLT_IEEE802_11_RADIO
185+			&& linktype != DLT_PPI
186+			&& linktype != DLT_IEEE802_11
187+			&& linktype != DLT_PRISM_HEADER
188+			&& linktype != DLT_IEEE802_11_RADIO_AVS)
189+		{
190+			abort();
191+			return NULL;
192+		}
193+		s = gen_load_ll_after_802_11_rel(offset + 24, size);
194+		break;
195+#endif /* ENABLE_WLAN_FILTERING_PATCH */
196+
197 	case OR_NET:
198 		s = gen_load_llrel(off_nl + offset, size);
199 		break;
200@@ -2163,11 +2316,17 @@
201 		break;
202
203 	case DLT_PPI:
204+	case DLT_IEEE802_11_RADIO:
205+	case DLT_IEEE802_11:
206+#ifdef ENABLE_WLAN_FILTERING_PATCH
207+		return gen_802_11_llc_linktype(proto);
208+		/*NOTREACHED*/
209+		break;
210+#endif /* ENABLE_WLAN_FILTERING_PATCH */
211+
212 	case DLT_FDDI:
213 	case DLT_IEEE802:
214-	case DLT_IEEE802_11:
215 	case DLT_IEEE802_11_RADIO_AVS:
216-	case DLT_IEEE802_11_RADIO:
217 	case DLT_PRISM_HEADER:
218 	case DLT_ATM_RFC1483:
219 	case DLT_ATM_CLIP:
220@@ -2711,6 +2870,113 @@
221 	}
222 }
223
224+/*
225+ * Generate code to match a particular packet type, for link-layer types
226+ * using 802.2 LLC headers.
227+ *
228+ * This is *NOT* used for Ethernet; "gen_ether_linktype()" is used
229+ * for that - it handles the D/I/X Ethernet vs. 802.3+802.2 issues.
230+ *
231+ * "proto" is an Ethernet type value, if > ETHERMTU, or an LLC SAP
232+ * value, if <= ETHERMTU.  We use that to determine whether to
233+ * match the DSAP or both DSAP and LSAP or to check the OUI and
234+ * protocol ID in a SNAP header.
235+ */
236+static struct block *
237+gen_802_11_llc_linktype(proto)
238+	int proto;
239+{
240+	struct block *b_check_data_frame;
241+	struct block *b_check_linktype;
242+
243+	b_check_data_frame = gen_check_802_11_data_frame();
244+
245+	/*
246+	 * XXX - generate the code that discards non data frames
247+	 */
248+	switch (proto) {
249+
250+	case LLCSAP_IP:
251+	case LLCSAP_ISONS:
252+	case LLCSAP_NETBEUI:
253+		/*
254+		 * XXX - should we check both the DSAP and the
255+		 * SSAP, like this, or should we check just the
256+		 * DSAP, as we do for other types <= ETHERMTU
257+		 * (i.e., other SAP values)?
258+		 */
259+		b_check_linktype = gen_cmp(OR_LINK_AFTER_WIRELESS_HDR, 0, BPF_H, (bpf_u_int32)
260+			     ((proto << 8) | proto));
261+		break;
262+
263+	case LLCSAP_IPX:
264+		/*
265+		 * XXX - are there ever SNAP frames for IPX on
266+		 * non-Ethernet 802.x networks?
267+		 */
268+		b_check_linktype = gen_cmp(OR_LINK_AFTER_WIRELESS_HDR, 0, BPF_B,
269+		    (bpf_int32)LLCSAP_IPX);
270+
271+		break;
272+
273+#if 0
274+	case ETHERTYPE_ATALK:
275+		/*
276+		 * 802.2-encapsulated ETHERTYPE_ATALK packets are
277+		 * SNAP packets with an organization code of
278+		 * 0x080007 (Apple, for Appletalk) and a protocol
279+		 * type of ETHERTYPE_ATALK (Appletalk).
280+		 *
281+		 * XXX - check for an organization code of
282+		 * encapsulated Ethernet as well?
283+		 */
284+		return gen_snap(0x080007, ETHERTYPE_ATALK, off_linktype);
285+#endif
286+	default:
287+		/*
288+		 * XXX - we don't have to check for IPX 802.3
289+		 * here, but should we check for the IPX Ethertype?
290+		 */
291+		if (proto <= ETHERMTU) {
292+			/*
293+			 * This is an LLC SAP value, so check
294+			 * the DSAP.
295+			 */
296+			b_check_linktype = gen_cmp(OR_LINK_AFTER_WIRELESS_HDR, 0, BPF_B,
297+			    (bpf_int32)proto);
298+		} else {
299+			/*
300+			 * This is an Ethernet type; we assume that it's
301+			 * unlikely that it'll appear in the right place
302+			 * at random, and therefore check only the
303+			 * location that would hold the Ethernet type
304+			 * in a SNAP frame with an organization code of
305+			 * 0x000000 (encapsulated Ethernet).
306+			 *
307+			 * XXX - if we were to check for the SNAP DSAP and
308+			 * LSAP, as per XXX, and were also to check for an
309+			 * organization code of 0x000000 (encapsulated
310+			 * Ethernet), we'd do
311+			 *
312+			 *	return gen_snap(0x000000, proto,
313+			 *	    off_linktype);
314+			 *
315+			 * here; for now, we don't, as per the above.
316+			 * I don't know whether it's worth the extra CPU
317+			 * time to do the right check or not.
318+			 */
319+			b_check_linktype = gen_cmp(OR_LINK_AFTER_WIRELESS_HDR, 0+6, BPF_H,
320+			    (bpf_int32)proto);
321+		}
322+	}
323+
324+	gen_and(b_check_data_frame, b_check_linktype);
325+	return b_check_linktype;
326+
327+}
328+
329+
330+
331 static struct block *
332 gen_hostop(addr, mask, dir, proto, src_off, dst_off)
333 	bpf_u_int32 addr;
334@@ -2925,6 +3191,17 @@
335 	register struct block *b0, *b1, *b2;
336 	register struct slist *s;
337
338+#ifdef ENABLE_WLAN_FILTERING_PATCH
339+	/*
340+	 * TODO GV 20070613
341+	 * We need to disable the optimizer because the optimizer is buggy
342+	 * and wipes out some LD instructions generated by the below
343+	 * code to validate the Frame Control bits
344+	 *
345+	 */
346+	no_optimize = 1;
347+#endif /* ENABLE_WLAN_FILTERING_PATCH */
348+
349 	switch (dir) {
350 	case Q_SRC:
351 		/*
352@@ -4713,6 +4990,32 @@
353 #endif
354 }
355
356+static struct block *
357+gen_check_802_11_data_frame()
358+{
359+	struct slist *s;
360+	struct block *b0, *b1;
361+	/*
362+	* Now check for a data frame.
363+	* I.e, check "link[0] & 0x08".
364+	*/
365+	s = gen_load_a(OR_LINK, 0, BPF_B);
366+	b0 = new_block(JMP(BPF_JSET));
367+	b0->s.k = 0x08;
368+	b0->stmts = s;
369+
370+	s = gen_load_a(OR_LINK, 0, BPF_B);
371+	b1 = new_block(JMP(BPF_JSET));
372+	b1->s.k = 0x04;
373+	b1->stmts = s;
374+	gen_not(b1);
375+
376+
377+	gen_and(b1, b0);
378+
379+	return b0;
380+}
381+
382
383 /*
384  * Generate code that checks whether the packet is a packet for protocol
385