[444] | 1 | /* |
---|
| 2 | * Copyright (c) 1990, 1991, 1993 |
---|
| 3 | * The Regents of the University of California. All rights reserved. |
---|
| 4 | * |
---|
| 5 | * This code is derived from the Stanford/CMU enet packet filter, |
---|
| 6 | * (net/enet.c) distributed as part of 4.3BSD, and code contributed |
---|
| 7 | * to Berkeley by Steven McCanne and Van Jacobson both of Lawrence |
---|
| 8 | * Berkeley Laboratory. |
---|
| 9 | * |
---|
| 10 | * Redistribution and use in source and binary forms, with or without |
---|
| 11 | * modification, are permitted provided that the following conditions |
---|
| 12 | * are met: |
---|
| 13 | * 1. Redistributions of source code must retain the above copyright |
---|
| 14 | * notice, this list of conditions and the following disclaimer. |
---|
| 15 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
| 16 | * notice, this list of conditions and the following disclaimer in the |
---|
| 17 | * documentation and/or other materials provided with the distribution. |
---|
| 18 | * 3. All advertising materials mentioning features or use of this software |
---|
| 19 | * must display the following acknowledgement: |
---|
| 20 | * This product includes software developed by the University of |
---|
| 21 | * California, Berkeley and its contributors. |
---|
| 22 | * 4. Neither the name of the University nor the names of its contributors |
---|
| 23 | * may be used to endorse or promote products derived from this software |
---|
| 24 | * without specific prior written permission. |
---|
| 25 | * |
---|
| 26 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
---|
| 27 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
| 28 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
| 29 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
---|
| 30 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
| 31 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
| 32 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
| 33 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
| 34 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
| 35 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
| 36 | * SUCH DAMAGE. |
---|
| 37 | * |
---|
| 38 | * @(#)bpf.h 8.1 (Berkeley) 6/10/93 |
---|
| 39 | * @(#)bpf.h 1.34 (LBL) 6/16/96 |
---|
| 40 | * |
---|
| 41 | * $FreeBSD: src/sys/net/bpf.h,v 1.25 2002/03/19 21:54:16 alfred Exp $ |
---|
| 42 | */ |
---|
| 43 | |
---|
| 44 | #ifndef _NET_BPF_H_ |
---|
| 45 | #define _NET_BPF_H_ |
---|
| 46 | |
---|
| 47 | /* BSD style release date */ |
---|
| 48 | #define BPF_RELEASE 199606 |
---|
| 49 | |
---|
| 50 | typedef int32_t bpf_int32; |
---|
| 51 | typedef u_int32_t bpf_u_int32; |
---|
| 52 | |
---|
| 53 | /* |
---|
| 54 | * Alignment macros. BPF_WORDALIGN rounds up to the next |
---|
| 55 | * even multiple of BPF_ALIGNMENT. |
---|
| 56 | */ |
---|
| 57 | #define BPF_ALIGNMENT sizeof(long) |
---|
| 58 | #define BPF_WORDALIGN(x) (((x)+(BPF_ALIGNMENT-1))&~(BPF_ALIGNMENT-1)) |
---|
| 59 | |
---|
| 60 | #define BPF_MAXINSNS 512 |
---|
| 61 | #define BPF_MAXBUFSIZE 0x80000 |
---|
| 62 | #define BPF_MINBUFSIZE 32 |
---|
| 63 | |
---|
| 64 | /* |
---|
| 65 | * Structure for BIOCSETF. |
---|
| 66 | */ |
---|
| 67 | struct bpf_program { |
---|
| 68 | u_int bf_len; |
---|
| 69 | struct bpf_insn *bf_insns; |
---|
| 70 | }; |
---|
| 71 | |
---|
| 72 | /* |
---|
| 73 | * Struct returned by BIOCGSTATS. |
---|
| 74 | */ |
---|
| 75 | struct bpf_stat { |
---|
| 76 | u_int bs_recv; /* number of packets received */ |
---|
| 77 | u_int bs_drop; /* number of packets dropped */ |
---|
| 78 | }; |
---|
| 79 | |
---|
| 80 | /* |
---|
| 81 | * Struct return by BIOCVERSION. This represents the version number of |
---|
| 82 | * the filter language described by the instruction encodings below. |
---|
| 83 | * bpf understands a program iff kernel_major == filter_major && |
---|
| 84 | * kernel_minor >= filter_minor, that is, if the value returned by the |
---|
| 85 | * running kernel has the same major number and a minor number equal |
---|
| 86 | * equal to or less than the filter being downloaded. Otherwise, the |
---|
| 87 | * results are undefined, meaning an error may be returned or packets |
---|
| 88 | * may be accepted haphazardly. |
---|
| 89 | * It has nothing to do with the source code version. |
---|
| 90 | */ |
---|
| 91 | struct bpf_version { |
---|
| 92 | u_short bv_major; |
---|
| 93 | u_short bv_minor; |
---|
| 94 | }; |
---|
| 95 | /* Current version number of filter architecture. */ |
---|
| 96 | #define BPF_MAJOR_VERSION 1 |
---|
| 97 | #define BPF_MINOR_VERSION 1 |
---|
| 98 | |
---|
| 99 | #define BIOCGBLEN _IOR('B',102, u_int) |
---|
| 100 | #define BIOCSBLEN _IOWR('B',102, u_int) |
---|
| 101 | #define BIOCSETF _IOW('B',103, struct bpf_program) |
---|
| 102 | #define BIOCFLUSH _IO('B',104) |
---|
| 103 | #define BIOCPROMISC _IO('B',105) |
---|
| 104 | #define BIOCGDLT _IOR('B',106, u_int) |
---|
| 105 | #define BIOCGETIF _IOR('B',107, struct ifreq) |
---|
| 106 | #define BIOCSETIF _IOW('B',108, struct ifreq) |
---|
| 107 | #define BIOCSRTIMEOUT _IOW('B',109, struct timeval) |
---|
| 108 | #define BIOCGRTIMEOUT _IOR('B',110, struct timeval) |
---|
| 109 | #define BIOCGSTATS _IOR('B',111, struct bpf_stat) |
---|
| 110 | #define BIOCIMMEDIATE _IOW('B',112, u_int) |
---|
| 111 | #define BIOCVERSION _IOR('B',113, struct bpf_version) |
---|
| 112 | #define BIOCGRSIG _IOR('B',114, u_int) |
---|
| 113 | #define BIOCSRSIG _IOW('B',115, u_int) |
---|
| 114 | #define BIOCGHDRCMPLT _IOR('B',116, u_int) |
---|
| 115 | #define BIOCSHDRCMPLT _IOW('B',117, u_int) |
---|
| 116 | #define BIOCGSEESENT _IOR('B',118, u_int) |
---|
| 117 | #define BIOCSSEESENT _IOW('B',119, u_int) |
---|
| 118 | |
---|
| 119 | /* |
---|
| 120 | * Structure prepended to each packet. |
---|
| 121 | */ |
---|
| 122 | struct bpf_hdr { |
---|
| 123 | struct timeval bh_tstamp; /* time stamp */ |
---|
| 124 | bpf_u_int32 bh_caplen; /* length of captured portion */ |
---|
| 125 | bpf_u_int32 bh_datalen; /* original length of packet */ |
---|
| 126 | u_short bh_hdrlen; /* length of bpf header (this struct |
---|
| 127 | plus alignment padding) */ |
---|
| 128 | }; |
---|
| 129 | /* |
---|
| 130 | * Because the structure above is not a multiple of 4 bytes, some compilers |
---|
| 131 | * will insist on inserting padding; hence, sizeof(struct bpf_hdr) won't work. |
---|
| 132 | * Only the kernel needs to know about it; applications use bh_hdrlen. |
---|
| 133 | */ |
---|
| 134 | #ifdef _KERNEL |
---|
| 135 | #define SIZEOF_BPF_HDR (sizeof(struct bpf_hdr) <= 20 ? 18 : \ |
---|
| 136 | sizeof(struct bpf_hdr)) |
---|
| 137 | #endif |
---|
| 138 | |
---|
| 139 | /* |
---|
| 140 | * Data-link level type codes. |
---|
| 141 | */ |
---|
| 142 | #define DLT_NULL 0 /* no link-layer encapsulation */ |
---|
| 143 | #define DLT_EN10MB 1 /* Ethernet (10Mb) */ |
---|
| 144 | #define DLT_EN3MB 2 /* Experimental Ethernet (3Mb) */ |
---|
| 145 | #define DLT_AX25 3 /* Amateur Radio AX.25 */ |
---|
| 146 | #define DLT_PRONET 4 /* Proteon ProNET Token Ring */ |
---|
| 147 | #define DLT_CHAOS 5 /* Chaos */ |
---|
| 148 | #define DLT_IEEE802 6 /* IEEE 802 Networks */ |
---|
| 149 | #define DLT_ARCNET 7 /* ARCNET */ |
---|
| 150 | #define DLT_SLIP 8 /* Serial Line IP */ |
---|
| 151 | #define DLT_PPP 9 /* Point-to-point Protocol */ |
---|
| 152 | #define DLT_FDDI 10 /* FDDI */ |
---|
| 153 | #define DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */ |
---|
| 154 | #define DLT_RAW 12 /* raw IP */ |
---|
| 155 | |
---|
| 156 | /* |
---|
| 157 | * These are values from BSD/OS's "bpf.h". |
---|
| 158 | * These are not the same as the values from the traditional libpcap |
---|
| 159 | * "bpf.h"; however, these values shouldn't be generated by any |
---|
| 160 | * OS other than BSD/OS, so the correct values to use here are the |
---|
| 161 | * BSD/OS values. |
---|
| 162 | * |
---|
| 163 | * Platforms that have already assigned these values to other |
---|
| 164 | * DLT_ codes, however, should give these codes the values |
---|
| 165 | * from that platform, so that programs that use these codes will |
---|
| 166 | * continue to compile - even though they won't correctly read |
---|
| 167 | * files of these types. |
---|
| 168 | */ |
---|
| 169 | #define DLT_SLIP_BSDOS 15 /* BSD/OS Serial Line IP */ |
---|
| 170 | #define DLT_PPP_BSDOS 16 /* BSD/OS Point-to-point Protocol */ |
---|
| 171 | |
---|
| 172 | #define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */ |
---|
| 173 | |
---|
| 174 | /* |
---|
| 175 | * This value is defined by NetBSD; other platforms should refrain from |
---|
| 176 | * using it for other purposes, so that NetBSD savefiles with a link |
---|
| 177 | * type of 50 can be read as this type on all platforms. |
---|
| 178 | */ |
---|
| 179 | #define DLT_PPP_SERIAL 50 /* PPP over serial with HDLC encapsulation */ |
---|
| 180 | |
---|
| 181 | /* |
---|
| 182 | * This value was defined by libpcap 0.5; platforms that have defined |
---|
| 183 | * it with a different value should define it here with that value - |
---|
| 184 | * a link type of 104 in a save file will be mapped to DLT_C_HDLC, |
---|
| 185 | * whatever value that happens to be, so programs will correctly |
---|
| 186 | * handle files with that link type regardless of the value of |
---|
| 187 | * DLT_C_HDLC. |
---|
| 188 | * |
---|
| 189 | * The name DLT_C_HDLC was used by BSD/OS; we use that name for source |
---|
| 190 | * compatibility with programs written for BSD/OS. |
---|
| 191 | * |
---|
| 192 | * libpcap 0.5 defined it as DLT_CHDLC; we define DLT_CHDLC as well, |
---|
| 193 | * for source compatibility with programs written for libpcap 0.5. |
---|
| 194 | */ |
---|
| 195 | #define DLT_C_HDLC 104 /* Cisco HDLC */ |
---|
| 196 | #define DLT_CHDLC DLT_C_HDLC |
---|
| 197 | |
---|
| 198 | /* |
---|
| 199 | * Reserved for future use. |
---|
| 200 | * Do not pick other numerical value for these unless you have also |
---|
| 201 | * picked up the tcpdump.org top-of-CVS-tree version of "savefile.c", |
---|
| 202 | * which will arrange that capture files for these DLT_ types have |
---|
| 203 | * the same "network" value on all platforms, regardless of what |
---|
| 204 | * value is chosen for their DLT_ type (thus allowing captures made |
---|
| 205 | * on one platform to be read on other platforms, even if the two |
---|
| 206 | * platforms don't use the same numerical values for all DLT_ types). |
---|
| 207 | */ |
---|
| 208 | #define DLT_IEEE802_11 105 /* IEEE 802.11 wireless */ |
---|
| 209 | |
---|
| 210 | /* |
---|
| 211 | * Values between 106 and 107 are used in capture file headers as |
---|
| 212 | * link-layer types corresponding to DLT_ types that might differ |
---|
| 213 | * between platforms; don't use those values for new DLT_ new types. |
---|
| 214 | */ |
---|
| 215 | |
---|
| 216 | /* |
---|
| 217 | * OpenBSD DLT_LOOP, for loopback devices; it's like DLT_NULL, except |
---|
| 218 | * that the AF_ type in the link-layer header is in network byte order. |
---|
| 219 | * |
---|
| 220 | * OpenBSD defines it as 12, but that collides with DLT_RAW, so we |
---|
| 221 | * define it as 108 here. If OpenBSD picks up this file, it should |
---|
| 222 | * define DLT_LOOP as 12 in its version, as per the comment above - |
---|
| 223 | * and should not use 108 for any purpose. |
---|
| 224 | */ |
---|
| 225 | #define DLT_LOOP 108 |
---|
| 226 | |
---|
| 227 | /* |
---|
| 228 | * Values between 109 and 112 are used in capture file headers as |
---|
| 229 | * link-layer types corresponding to DLT_ types that might differ |
---|
| 230 | * between platforms; don't use those values for new DLT_ new types. |
---|
| 231 | */ |
---|
| 232 | |
---|
| 233 | /* |
---|
| 234 | * This is for Linux cooked sockets. |
---|
| 235 | */ |
---|
| 236 | #define DLT_LINUX_SLL 113 |
---|
| 237 | |
---|
| 238 | /* |
---|
| 239 | * The instruction encodings. |
---|
| 240 | */ |
---|
| 241 | /* instruction classes */ |
---|
| 242 | #define BPF_CLASS(code) ((code) & 0x07) |
---|
| 243 | #define BPF_LD 0x00 |
---|
| 244 | #define BPF_LDX 0x01 |
---|
| 245 | #define BPF_ST 0x02 |
---|
| 246 | #define BPF_STX 0x03 |
---|
| 247 | #define BPF_ALU 0x04 |
---|
| 248 | #define BPF_JMP 0x05 |
---|
| 249 | #define BPF_RET 0x06 |
---|
| 250 | #define BPF_MISC 0x07 |
---|
| 251 | |
---|
| 252 | /* ld/ldx fields */ |
---|
| 253 | #define BPF_SIZE(code) ((code) & 0x18) |
---|
| 254 | #define BPF_W 0x00 |
---|
| 255 | #define BPF_H 0x08 |
---|
| 256 | #define BPF_B 0x10 |
---|
| 257 | #define BPF_MODE(code) ((code) & 0xe0) |
---|
| 258 | #define BPF_IMM 0x00 |
---|
| 259 | #define BPF_ABS 0x20 |
---|
| 260 | #define BPF_IND 0x40 |
---|
| 261 | #define BPF_MEM 0x60 |
---|
| 262 | #define BPF_LEN 0x80 |
---|
| 263 | #define BPF_MSH 0xa0 |
---|
| 264 | |
---|
| 265 | /* alu/jmp fields */ |
---|
| 266 | #define BPF_OP(code) ((code) & 0xf0) |
---|
| 267 | #define BPF_ADD 0x00 |
---|
| 268 | #define BPF_SUB 0x10 |
---|
| 269 | #define BPF_MUL 0x20 |
---|
| 270 | #define BPF_DIV 0x30 |
---|
| 271 | #define BPF_OR 0x40 |
---|
| 272 | #define BPF_AND 0x50 |
---|
| 273 | #define BPF_LSH 0x60 |
---|
| 274 | #define BPF_RSH 0x70 |
---|
| 275 | #define BPF_NEG 0x80 |
---|
| 276 | #define BPF_JA 0x00 |
---|
| 277 | #define BPF_JEQ 0x10 |
---|
| 278 | #define BPF_JGT 0x20 |
---|
| 279 | #define BPF_JGE 0x30 |
---|
| 280 | #define BPF_JSET 0x40 |
---|
| 281 | #define BPF_SRC(code) ((code) & 0x08) |
---|
| 282 | #define BPF_K 0x00 |
---|
| 283 | #define BPF_X 0x08 |
---|
| 284 | |
---|
| 285 | /* ret - BPF_K and BPF_X also apply */ |
---|
| 286 | #define BPF_RVAL(code) ((code) & 0x18) |
---|
| 287 | #define BPF_A 0x10 |
---|
| 288 | |
---|
| 289 | /* misc */ |
---|
| 290 | #define BPF_MISCOP(code) ((code) & 0xf8) |
---|
| 291 | #define BPF_TAX 0x00 |
---|
| 292 | #define BPF_TXA 0x80 |
---|
| 293 | |
---|
| 294 | /* |
---|
| 295 | * The instruction data structure. |
---|
| 296 | */ |
---|
| 297 | struct bpf_insn { |
---|
| 298 | u_short code; |
---|
| 299 | u_char jt; |
---|
| 300 | u_char jf; |
---|
| 301 | bpf_u_int32 k; |
---|
| 302 | }; |
---|
| 303 | |
---|
| 304 | /* |
---|
| 305 | * Macros for insn array initializers. |
---|
| 306 | */ |
---|
| 307 | #define BPF_STMT(code, k) { (u_short)(code), 0, 0, k } |
---|
| 308 | #define BPF_JUMP(code, k, jt, jf) { (u_short)(code), jt, jf, k } |
---|
| 309 | |
---|
| 310 | #ifdef _KERNEL |
---|
| 311 | int bpf_validate(const struct bpf_insn *, int); |
---|
| 312 | void bpf_tap(struct ifnet *, u_char *, u_int); |
---|
| 313 | void bpf_mtap(struct ifnet *, struct mbuf *); |
---|
| 314 | void bpfattach(struct ifnet *, u_int, u_int); |
---|
| 315 | void bpfdetach(struct ifnet *); |
---|
| 316 | |
---|
| 317 | void bpfilterattach(int); |
---|
| 318 | u_int bpf_filter(const struct bpf_insn *, u_char *, u_int, u_int); |
---|
| 319 | #endif |
---|
| 320 | |
---|
| 321 | /* |
---|
| 322 | * Number of scratch memory words (for BPF_LD|BPF_MEM and BPF_ST). |
---|
| 323 | */ |
---|
| 324 | #define BPF_MEMWORDS 16 |
---|
| 325 | |
---|
| 326 | #endif |
---|