PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity

Updated the included libpcap to 1.5.3

Browse Source
This commit is contained in:
jay
2014-06-06 10:43:17 +00:00
parent 5f27fb12a6
commit d8071c0352
98 changed files with 11651 additions and 7008 deletions
Download Patch File Download Diff File Expand all files Collapse all files

290
libpcap/gencode.c
View File

@@ -84,6 +84,11 @@ static const char rcsid[] _U_ =
#include "pcap/sll.h"
#include "pcap/ipnet.h"
#include "arcnet.h"
#if defined(linux) && defined(PF_PACKET) && defined(SO_ATTACH_FILTER)
#include <linux/types.h>
#include <linux/if_packet.h>
#include <linux/filter.h>
#endif
#ifdef HAVE_NET_PFVAR_H
#include <sys/socket.h>
#include <net/if.h>
@@ -102,6 +107,18 @@ static const char rcsid[] _U_ =
#define ETHERMTU 1500
#ifndef IPPROTO_HOPOPTS
#define IPPROTO_HOPOPTS 0
#endif
#ifndef IPPROTO_ROUTING
#define IPPROTO_ROUTING 43
#endif
#ifndef IPPROTO_FRAGMENT
#define IPPROTO_FRAGMENT 44
#endif
#ifndef IPPROTO_DSTOPTS
#define IPPROTO_DSTOPTS 60
#endif
#ifndef IPPROTO_SCTP
#define IPPROTO_SCTP 132
#endif
@@ -124,9 +141,7 @@ static u_int orig_linktype = -1U, orig_nl = -1U, label_stack_depth = -1U;
#endif
/* XXX */
#ifdef PCAP_FDDIPAD
static int pcap_fddipad;
#endif
/* VARARGS */
void
@@ -256,20 +271,16 @@ static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int);
static struct block *gen_ipfrag(void);
static struct block *gen_portatom(int, bpf_int32);
static struct block *gen_portrangeatom(int, bpf_int32, bpf_int32);
#ifdef INET6
static struct block *gen_portatom6(int, bpf_int32);
static struct block *gen_portrangeatom6(int, bpf_int32, bpf_int32);
#endif
struct block *gen_portop(int, int, int);
static struct block *gen_port(int, int, int);
struct block *gen_portrangeop(int, int, int, int);
static struct block *gen_portrange(int, int, int, int);
#ifdef INET6
struct block *gen_portop6(int, int, int);
static struct block *gen_port6(int, int, int);
struct block *gen_portrangeop6(int, int, int, int);
static struct block *gen_portrange6(int, int, int, int);
#endif
static int lookup_proto(const char *, int);
static struct block *gen_protochain(int, int, int);
static struct block *gen_proto(int, int, int);
@@ -418,8 +429,17 @@ pcap_compile(pcap_t *p, struct bpf_program *program,
{
extern int n_errors;
const char * volatile xbuf = buf;
int len;
u_int len;
/*
* If this pcap_t hasn't been activated, it doesn't have a
* link-layer type, so we can't use it.
*/
if (!p->activated) {
snprintf(p->errbuf, PCAP_ERRBUF_SIZE,
"not-yet-activated pcap_t passed to pcap_compile");
return (-1);
}
no_optimize = 0;
n_errors = 0;
root = NULL;
@@ -854,6 +874,7 @@ static u_int off_proto;
* These are offsets for the MTP2 fields.
*/
static u_int off_li;
static u_int off_li_hsl;
/*
* These are offsets for the MTP3 fields.
@@ -903,9 +924,7 @@ init_linktype(p)
pcap_t *p;
{
linktype = pcap_datalink(p);
#ifdef PCAP_FDDIPAD
pcap_fddipad = p->fddipad;
#endif
/*
* Assume it's not raw ATM with a pseudo-header, for now.
@@ -927,6 +946,7 @@ init_linktype(p)
* And assume we're not doing SS7.
*/
off_li = -1;
off_li_hsl = -1;
off_sio = -1;
off_opc = -1;
off_dpc = -1;
@@ -1042,13 +1062,9 @@ init_linktype(p)
* XXX - should we generate code to check for SNAP?
*/
off_linktype = 13;
#ifdef PCAP_FDDIPAD
off_linktype += pcap_fddipad;
#endif
off_macpl = 13; /* FDDI MAC header length */
#ifdef PCAP_FDDIPAD
off_macpl += pcap_fddipad;
#endif
off_nl = 8; /* 802.2+SNAP */
off_nl_nosnap = 3; /* 802.2 */
return;
@@ -1319,6 +1335,13 @@ init_linktype(p)
off_nl_nosnap = -1; /* no 802.2 LLC */
return;
case DLT_BACNET_MS_TP:
off_linktype = -1;
off_macpl = -1;
off_nl = -1;
off_nl_nosnap = -1;
return;
case DLT_JUNIPER_SERVICES:
off_linktype = 12;
off_macpl = -1; /* L3 proto location dep. on cookie type */
@@ -1359,6 +1382,7 @@ init_linktype(p)
case DLT_MTP2:
off_li = 2;
off_li_hsl = 4;
off_sio = 3;
off_opc = 4;
off_dpc = 4;
@@ -1371,6 +1395,7 @@ init_linktype(p)
case DLT_MTP2_WITH_PHDR:
off_li = 6;
off_li_hsl = 8;
off_sio = 7;
off_opc = 8;
off_dpc = 8;
@@ -1383,6 +1408,7 @@ init_linktype(p)
case DLT_ERF:
off_li = 22;
off_li_hsl = 24;
off_sio = 23;
off_opc = 24;
off_dpc = 24;
@@ -1393,14 +1419,12 @@ init_linktype(p)
off_nl_nosnap = -1;
return;
#ifdef DLT_PFSYNC
case DLT_PFSYNC:
off_linktype = -1;
off_macpl = 4;
off_nl = 0;
off_nl_nosnap = 0;
return;
#endif
case DLT_AX25_KISS:
/*
@@ -2829,11 +2853,9 @@ ethertype_to_ppptype(proto)
proto = PPP_IP;
break;
#ifdef INET6
case ETHERTYPE_IPV6:
proto = PPP_IPV6;
break;
#endif
case ETHERTYPE_DN:
proto = PPP_DECNET;
@@ -3041,11 +3063,10 @@ gen_linktype(proto)
case ETHERTYPE_IP:
/* Check for a version number of 4. */
return gen_mcmp(OR_LINK, 0, BPF_B, 0x40, 0xF0);
#ifdef INET6
case ETHERTYPE_IPV6:
/* Check for a version number of 6. */
return gen_mcmp(OR_LINK, 0, BPF_B, 0x60, 0xF0);
#endif
default:
return gen_false(); /* always false */
@@ -3069,10 +3090,8 @@ gen_linktype(proto)
/*
* Raw IPv6, so no type field.
*/
#ifdef INET6
if (proto == ETHERTYPE_IPV6)
return gen_true(); /* always true */
#endif
/* Checking for something other than IPv6; always false */
return gen_false();
@@ -3178,8 +3197,7 @@ gen_linktype(proto)
* Then we run it through "htonl()", and
* generate code to compare against the result.
*/
if (bpf_pcap->sf.rfile != NULL &&
bpf_pcap->sf.swapped)
if (bpf_pcap->rfile != NULL && bpf_pcap->swapped)
proto = SWAPLONG(proto);
proto = htonl(proto);
}
@@ -3194,11 +3212,9 @@ gen_linktype(proto)
if (proto == ETHERTYPE_IP)
return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af),
BPF_B, (bpf_int32)AF_INET));
#ifdef INET6
else if (proto == ETHERTYPE_IPV6)
return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af),
BPF_B, (bpf_int32)AF_INET6));
#endif /* INET6 */
else
return gen_false();
/*NOTREACHED*/
@@ -3216,11 +3232,9 @@ gen_linktype(proto)
default:
return gen_false();
#ifdef INET6
case ETHERTYPE_IPV6:
return (gen_cmp(OR_LINK, off_linktype, BPF_B,
(bpf_int32)ARCTYPE_INET6));
#endif /* INET6 */
case ETHERTYPE_IP:
b0 = gen_cmp(OR_LINK, off_linktype, BPF_B,
@@ -3272,13 +3286,11 @@ gen_linktype(proto)
*/
return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | 0xcc);
#ifdef INET6
case ETHERTYPE_IPV6:
/*
* Check for the special NLPID for IPv6.
*/
return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | 0x8e);
#endif
case LLCSAP_ISONS:
/*
@@ -3340,6 +3352,9 @@ gen_linktype(proto)
*/
return gen_mcmp(OR_LINK, 0, BPF_W, 0x4d474300, 0xffffff00); /* compare the magic number */
case DLT_BACNET_MS_TP:
return gen_mcmp(OR_LINK, 0, BPF_W, 0x55FF0000, 0xffff0000);
case DLT_IPNET:
return gen_ipnet_linktype(proto);
@@ -3356,10 +3371,8 @@ gen_linktype(proto)
case DLT_ERF:
bpf_error("ERF link-layer type filtering not implemented");
#ifdef DLT_PFSYNC
case DLT_PFSYNC:
bpf_error("PFSYNC link-layer type filtering not implemented");
#endif
case DLT_LINUX_LAPD:
bpf_error("LAPD link-layer type filtering not implemented");
@@ -3627,7 +3640,7 @@ gen_hostop6(addr, mask, dir, proto, src_off, dst_off)
gen_and(b0, b1);
return b1;
}
#endif /*INET6*/
#endif
static struct block *
gen_ehostop(eaddr, dir)
@@ -3696,18 +3709,10 @@ gen_fhostop(eaddr, dir)
switch (dir) {
case Q_SRC:
#ifdef PCAP_FDDIPAD
return gen_bcmp(OR_LINK, 6 + 1 + pcap_fddipad, 6, eaddr);
#else
return gen_bcmp(OR_LINK, 6 + 1, 6, eaddr);
#endif
case Q_DST:
#ifdef PCAP_FDDIPAD
return gen_bcmp(OR_LINK, 0 + 1 + pcap_fddipad, 6, eaddr);
#else
return gen_bcmp(OR_LINK, 0 + 1, 6, eaddr);
#endif
case Q_AND:
b0 = gen_fhostop(eaddr, Q_SRC);
@@ -4505,13 +4510,11 @@ gen_host(addr, mask, proto, dir, type)
case Q_MOPRC:
bpf_error("MOPRC host filtering not implemented");
#ifdef INET6
case Q_IPV6:
bpf_error("'ip6' modifier applied to ip host");
case Q_ICMPV6:
bpf_error("'icmp6' modifier applied to %s", typestr);
#endif /* INET6 */
case Q_AH:
bpf_error("'ah' modifier applied to %s", typestr);
@@ -4570,6 +4573,9 @@ gen_host6(addr, mask, proto, dir, type)
case Q_DEFAULT:
return gen_host6(addr, mask, Q_IPV6, dir, type);
case Q_LINK:
bpf_error("link-layer modifier applied to ip6 %s", typestr);
case Q_IP:
bpf_error("'ip' modifier applied to ip6 %s", typestr);
@@ -4668,7 +4674,7 @@ gen_host6(addr, mask, proto, dir, type)
}
/* NOTREACHED */
}
#endif /*INET6*/
#endif
#ifndef INET6
static struct block *
@@ -4760,26 +4766,20 @@ gen_proto_abbrev(proto)
case Q_SCTP:
b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT);
#ifdef INET6
b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT);
gen_or(b0, b1);
#endif
break;
case Q_TCP:
b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT);
#ifdef INET6
b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT);
gen_or(b0, b1);
#endif
break;
case Q_UDP:
b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT);
#ifdef INET6
b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT);
gen_or(b0, b1);
#endif
break;
case Q_ICMP:
@@ -4807,10 +4807,8 @@ gen_proto_abbrev(proto)
case Q_PIM:
b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT);
#ifdef INET6
b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT);
gen_or(b0, b1);
#endif
break;
#ifndef IPPROTO_VRRP
@@ -4872,7 +4870,6 @@ gen_proto_abbrev(proto)
b1 = gen_linktype(ETHERTYPE_MOPRC);
break;
#ifdef INET6
case Q_IPV6:
b1 = gen_linktype(ETHERTYPE_IPV6);
break;
@@ -4883,17 +4880,14 @@ gen_proto_abbrev(proto)
case Q_ICMPV6:
b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
break;
#endif /* INET6 */
#ifndef IPPROTO_AH
#define IPPROTO_AH 51
#endif
case Q_AH:
b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT);
#ifdef INET6
b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT);
gen_or(b0, b1);
#endif
break;
#ifndef IPPROTO_ESP
@@ -4901,10 +4895,8 @@ gen_proto_abbrev(proto)
#endif
case Q_ESP:
b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT);
#ifdef INET6
b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT);
gen_or(b0, b1);
#endif
break;
case Q_ISO:
@@ -5037,7 +5029,6 @@ gen_portatom(off, v)
return gen_cmp(OR_TRAN_IPV4, off, BPF_H, v);
}
#ifdef INET6
static struct block *
gen_portatom6(off, v)
int off;
@@ -5045,7 +5036,6 @@ gen_portatom6(off, v)
{
return gen_cmp(OR_TRAN_IPV6, off, BPF_H, v);
}
#endif/*INET6*/
struct block *
gen_portop(port, proto, dir)
@@ -5137,7 +5127,6 @@ gen_port(port, ip_proto, dir)
return b1;
}
#ifdef INET6
struct block *
gen_portop6(port, proto, dir)
int port, proto, dir;
@@ -5210,7 +5199,6 @@ gen_port6(port, ip_proto, dir)
gen_and(b0, b1);
return b1;
}
#endif /* INET6 */
/* gen_portrange code */
static struct block *
@@ -5315,7 +5303,6 @@ gen_portrange(port1, port2, ip_proto, dir)
return b1;
}
#ifdef INET6
static struct block *
gen_portrangeatom6(off, v1, v2)
int off;
@@ -5416,7 +5403,6 @@ gen_portrange6(port1, port2, ip_proto, dir)
gen_and(b0, b1);
return b1;
}
#endif /* INET6 */
static int
lookup_proto(name, proto)
@@ -5551,7 +5537,7 @@ gen_protochain(v, proto, dir)
s[i]->s.k = off_macpl + off_nl;
i++;
break;
#ifdef INET6
case Q_IPV6:
b0 = gen_linktype(ETHERTYPE_IPV6);
@@ -5564,7 +5550,7 @@ gen_protochain(v, proto, dir)
s[i]->s.k = 40;
i++;
break;
#endif
default:
bpf_error("unsupported proto to gen_protochain");
/*NOTREACHED*/
@@ -5591,7 +5577,6 @@ gen_protochain(v, proto, dir)
fix2 = i;
i++;
#ifdef INET6
if (proto == Q_IPV6) {
int v6start, v6end, v6advance, j;
@@ -5673,9 +5658,7 @@ gen_protochain(v, proto, dir)
/* fixup */
for (j = v6start; j <= v6end; j++)
s[j]->s.jt = s[v6advance];
} else
#endif
{
} else {
/* nop */
s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K);
s[i]->s.k = 0;
@@ -5819,20 +5802,20 @@ gen_proto(v, proto, dir)
int dir;
{
struct block *b0, *b1;
#ifndef CHASE_CHAIN
struct block *b2;
#endif
if (dir != Q_DEFAULT)
bpf_error("direction applied to 'proto'");
switch (proto) {
case Q_DEFAULT:
#ifdef INET6
b0 = gen_proto(v, Q_IP, dir);
b1 = gen_proto(v, Q_IPV6, dir);
gen_or(b0, b1);
return b1;
#else
/*FALLTHROUGH*/
#endif
case Q_IP:
/*
* For FDDI, RFC 1188 says that SNAP encapsulation is used,
@@ -5983,11 +5966,18 @@ gen_proto(v, proto, dir)
bpf_error("'carp proto' is bogus");
/* NOTREACHED */
#ifdef INET6
case Q_IPV6:
b0 = gen_linktype(ETHERTYPE_IPV6);
#ifndef CHASE_CHAIN
b1 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)v);
/*
* Also check for a fragment header before the final
* header.
*/
b2 = gen_cmp(OR_NET, 6, BPF_B, IPPROTO_FRAGMENT);
b1 = gen_cmp(OR_NET, 40, BPF_B, (bpf_int32)v);
gen_and(b2, b1);
b2 = gen_cmp(OR_NET, 6, BPF_B, (bpf_int32)v);
gen_or(b2, b1);
#else
b1 = gen_protochain(v, Q_IPV6);
#endif
@@ -5996,7 +5986,6 @@ gen_proto(v, proto, dir)
case Q_ICMPV6:
bpf_error("'icmp6 proto' is bogus");
#endif /* INET6 */
case Q_AH:
bpf_error("'ah proto' is bogus");
@@ -6253,13 +6242,9 @@ gen_scode(name, q)
bpf_error("illegal port number %d < 0", port);
if (port > 65535)
bpf_error("illegal port number %d > 65535", port);
#ifndef INET6
return gen_port(port, real_proto, dir);
#else
b = gen_port(port, real_proto, dir);
gen_or(gen_port6(port, real_proto, dir), b);
return b;
#endif /* INET6 */
case Q_PORTRANGE:
if (proto != Q_DEFAULT &&
@@ -6303,13 +6288,9 @@ gen_scode(name, q)
if (port2 > 65535)
bpf_error("illegal port number %d > 65535", port2);
#ifndef INET6
return gen_portrange(port1, port2, real_proto, dir);
#else
b = gen_portrange(port1, port2, real_proto, dir);
gen_or(gen_portrange6(port1, port2, real_proto, dir), b);
return b;
#endif /* INET6 */
case Q_GATEWAY:
#ifndef INET6
@@ -6457,16 +6438,12 @@ gen_ncode(s, v, q)
if (v > 65535)
bpf_error("illegal port number %u > 65535", v);
#ifndef INET6
return gen_port((int)v, proto, dir);
#else
{
struct block *b;
b = gen_port((int)v, proto, dir);
gen_or(gen_port6((int)v, proto, dir), b);
return b;
}
#endif /* INET6 */
case Q_PORTRANGE:
if (proto == Q_UDP)
@@ -6483,16 +6460,12 @@ gen_ncode(s, v, q)
if (v > 65535)
bpf_error("illegal port number %u > 65535", v);
#ifndef INET6
return gen_portrange((int)v, (int)v, proto, dir);
#else
{
struct block *b;
b = gen_portrange((int)v, (int)v, proto, dir);
gen_or(gen_portrange6((int)v, (int)v, proto, dir), b);
return b;
}
#endif /* INET6 */
case Q_GATEWAY:
bpf_error("'gateway' requires a name");
@@ -6782,9 +6755,7 @@ gen_load(proto, inst, size)
case Q_LAT:
case Q_MOPRC:
case Q_MOPDL:
#ifdef INET6
case Q_IPV6:
#endif
/*
* The offset is relative to the beginning of
* the network-layer header.
@@ -6893,16 +6864,12 @@ gen_load(proto, inst, size)
gen_and(gen_proto_abbrev(proto), b = gen_ipfrag());
if (inst->b)
gen_and(inst->b, b);
#ifdef INET6
gen_and(gen_proto_abbrev(Q_IP), b);
#endif
inst->b = b;
break;
#ifdef INET6
case Q_ICMPV6:
bpf_error("IPv6 upper-layer protocol is not supported by proto[x]");
/*NOTREACHED*/
#endif
}
inst->regno = regno;
s = new_stmt(BPF_ST);
@@ -7454,13 +7421,11 @@ gen_multicast(proto)
gen_and(b0, b1);
return b1;
#ifdef INET6
case Q_IPV6:
b0 = gen_linktype(ETHERTYPE_IPV6);
b1 = gen_cmp(OR_NET, 24, BPF_B, (bpf_int32)255);
gen_and(b0, b1);
return b1;
#endif /* INET6 */
}
bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel");
/* NOTREACHED */
@@ -7468,9 +7433,13 @@ gen_multicast(proto)
}
/*
* generate command for inbound/outbound. It's here so we can
* make it link-type specific. 'dir' = 0 implies "inbound",
* = 1 implies "outbound".
* Filter on inbound (dir == 0) or outbound (dir == 1) traffic.
* Outbound traffic is sent by this machine, while inbound traffic is
* sent by a remote machine (and may include packets destined for a
* unicast or multicast link-layer address we are not subscribing to).
* These are the same definitions implemented by pcap_setdirection().
* Capturing only unicast traffic destined for this host is probably
* better accomplished using a higher-layer filter.
*/
struct block *
gen_inbound(dir)
@@ -7500,23 +7469,11 @@ gen_inbound(dir)
break;
case DLT_LINUX_SLL:
if (dir) {
/*
* Match packets sent by this machine.
*/
b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_OUTGOING);
} else {
/*
* Match packets sent to this machine.
* (No broadcast or multicast packets, or
* packets sent to some other machine and
* received promiscuously.)
*
* XXX - packets sent to other machines probably
* shouldn't be matched, but what about broadcast
* or multicast packets we received?
*/
b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_HOST);
/* match outgoing packets */
b0 = gen_cmp(OR_LINK, 0, BPF_H, LINUX_SLL_OUTGOING);
if (!dir) {
/* to filter on inbound traffic, invert the match */
gen_not(b0);
}
break;
@@ -7572,10 +7529,38 @@ gen_inbound(dir)
break;
default:
/*
* If we have packet meta-data indicating a direction,
* check it, otherwise give up as this link-layer type
* has nothing in the packet data.
*/
#if defined(linux) && defined(PF_PACKET) && defined(SO_ATTACH_FILTER)
/*
* This is Linux with PF_PACKET support.
* If this is a *live* capture, we can look at
* special meta-data in the filter expression;
* if it's a savefile, we can't.
*/
if (bpf_pcap->rfile != NULL) {
/* We have a FILE *, so this is a savefile */
bpf_error("inbound/outbound not supported on linktype %d when reading savefiles",
linktype);
b0 = NULL;
/* NOTREACHED */
}
/* match outgoing packets */
b0 = gen_cmp(OR_LINK, SKF_AD_OFF + SKF_AD_PKTTYPE, BPF_H,
PACKET_OUTGOING);
if (!dir) {
/* to filter on inbound traffic, invert the match */
gen_not(b0);
}
#else /* defined(linux) && defined(PF_PACKET) && defined(SO_ATTACH_FILTER) */
bpf_error("inbound/outbound not supported on linktype %d",
linktype);
b0 = NULL;
/* NOTREACHED */
#endif /* defined(linux) && defined(PF_PACKET) && defined(SO_ATTACH_FILTER) */
}
return (b0);
}
@@ -8035,9 +8020,10 @@ gen_pppoed()
}
struct block *
gen_pppoes()
gen_pppoes(sess_num)
int sess_num;
{
struct block *b0;
struct block *b0, *b1;
/*
* Test against the PPPoE session link-layer type.
@@ -8077,6 +8063,14 @@ gen_pppoes()
orig_nl = off_nl;
is_pppoes = 1;
/* If a specific session is requested, check PPPoE session id */
if (sess_num >= 0) {
b1 = gen_mcmp(OR_MACPL, orig_nl, BPF_W,
(bpf_int32)sess_num, 0x0000ffff);
gen_and(b0, b1);
b0 = b1;
}
/*
* The "network-layer" protocol is PPPoE, which has a 6-byte
* PPPoE header, followed by a PPP packet.
@@ -8266,6 +8260,7 @@ gen_atmtype_abbrev(type)
* FISU, length is null
* LSSU, length is 1 or 2
* MSU, length is 3 or more
* For MTP2_HSL, sequences are on 2 bytes, and length on 9 bits
*/
struct block *
gen_mtp2type_abbrev(type)
@@ -8302,6 +8297,33 @@ gen_mtp2type_abbrev(type)
b0 = gen_ncmp(OR_PACKET, off_li, BPF_B, 0x3f, BPF_JGT, 0, 2);
break;
case MH_FISU:
if ( (linktype != DLT_MTP2) &&
(linktype != DLT_ERF) &&
(linktype != DLT_MTP2_WITH_PHDR) )
bpf_error("'hfisu' supported only on MTP2_HSL");
/* gen_ncmp(offrel, offset, size, mask, jtype, reverse, value) */
b0 = gen_ncmp(OR_PACKET, off_li_hsl, BPF_H, 0xff80, BPF_JEQ, 0, 0);
break;
case MH_LSSU:
if ( (linktype != DLT_MTP2) &&
(linktype != DLT_ERF) &&
(linktype != DLT_MTP2_WITH_PHDR) )
bpf_error("'hlssu' supported only on MTP2_HSL");
b0 = gen_ncmp(OR_PACKET, off_li_hsl, BPF_H, 0xff80, BPF_JGT, 1, 0x0100);
b1 = gen_ncmp(OR_PACKET, off_li_hsl, BPF_H, 0xff80, BPF_JGT, 0, 0);
gen_and(b1, b0);
break;
case MH_MSU:
if ( (linktype != DLT_MTP2) &&
(linktype != DLT_ERF) &&
(linktype != DLT_MTP2_WITH_PHDR) )
bpf_error("'hmsu' supported only on MTP2_HSL");
b0 = gen_ncmp(OR_PACKET, off_li_hsl, BPF_H, 0xff80, BPF_JGT, 0, 0x0100);
break;
default:
abort();
}
@@ -8317,9 +8339,17 @@ gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
{
struct block *b0;
bpf_u_int32 val1 , val2 , val3;
u_int newoff_sio=off_sio;
u_int newoff_opc=off_opc;
u_int newoff_dpc=off_dpc;
u_int newoff_sls=off_sls;
switch (mtp3field) {
case MH_SIO:
newoff_sio += 3; /* offset for MTP2_HSL */
/* FALLTHROUGH */
case M_SIO:
if (off_sio == (u_int)-1)
bpf_error("'sio' supported only on SS7");
@@ -8327,10 +8357,12 @@ gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
if(jvalue > 255)
bpf_error("sio value %u too big; max value = 255",
jvalue);
b0 = gen_ncmp(OR_PACKET, off_sio, BPF_B, 0xffffffff,
b0 = gen_ncmp(OR_PACKET, newoff_sio, BPF_B, 0xffffffff,
(u_int)jtype, reverse, (u_int)jvalue);
break;
case MH_OPC:
newoff_opc+=3;
case M_OPC:
if (off_opc == (u_int)-1)
bpf_error("'opc' supported only on SS7");
@@ -8347,10 +8379,14 @@ gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
val3 = jvalue & 0x00000003;
val3 = val3 <<22;
jvalue = val1 + val2 + val3;
b0 = gen_ncmp(OR_PACKET, off_opc, BPF_W, 0x00c0ff0f,
b0 = gen_ncmp(OR_PACKET, newoff_opc, BPF_W, 0x00c0ff0f,
(u_int)jtype, reverse, (u_int)jvalue);
break;
case MH_DPC:
newoff_dpc += 3;
/* FALLTHROUGH */
case M_DPC:
if (off_dpc == (u_int)-1)
bpf_error("'dpc' supported only on SS7");
@@ -8365,10 +8401,12 @@ gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
val2 = jvalue & 0x00003f00;
val2 = val2 << 8;
jvalue = val1 + val2;
b0 = gen_ncmp(OR_PACKET, off_dpc, BPF_W, 0xff3f0000,
b0 = gen_ncmp(OR_PACKET, newoff_dpc, BPF_W, 0xff3f0000,
(u_int)jtype, reverse, (u_int)jvalue);
break;
case MH_SLS:
newoff_sls+=3;
case M_SLS:
if (off_sls == (u_int)-1)
bpf_error("'sls' supported only on SS7");
@@ -8379,7 +8417,7 @@ gen_mtp3field_code(mtp3field, jvalue, jtype, reverse)
/* the following instruction is made to convert jvalue
* to the forme used to write sls in an ss7 message*/
jvalue = jvalue << 4;
b0 = gen_ncmp(OR_PACKET, off_sls, BPF_B, 0xf0,
b0 = gen_ncmp(OR_PACKET, newoff_sls, BPF_B, 0xf0,
(u_int)jtype,reverse, (u_int)jvalue);
break;