From Sepherosa Ziehau: additional filter operations for 802.11 frame

types. Modified to add ieee80211.h from FreeBSD, rather than depending on the OS supplying the header, and to support all 802.11 radio header types. Clean up some link-layer type checks and the messages for failing those checks.
mcr · Mar 11, 2007 · 8856701 · 8856701
1 parent 04203b9
commit 8856701
Show file tree

Hide file tree

Showing 8 changed files with 308 additions and 37 deletions.
diff --git a/CREDITS b/CREDITS
@@ -86,6 +86,7 @@ Additional people who have contributed patches:
 	Scott Barron			<sb125499@ohiou.edu>
 	Scott Gifford			<sgifford@tir.com>
 	Sebastian Krahmer		<krahmer@cs.uni-potsdam.de>
+	Sepherosa Ziehau		<sepherosa@gmail.com>
 	Shaun Clowes			<delius@progsoc.uts.edu.au>
 	Solomon Peachy			<pizza@shaftnet.org>
 	Stefan Hudson			<hudson@mbay.net>

diff --git a/FILES b/FILES
@@ -44,6 +44,7 @@ findalldevstest.c
 gencode.c
 gencode.h
 grammar.y
+ieee80211.h
 inet.c
 install-sh
 lbl/os-aix4.h

diff --git a/INSTALL.txt b/INSTALL.txt
@@ -1,4 +1,4 @@
-@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.18 2006-10-13 17:46:45 guy Exp $ (LBL)
+@(#) $Header: /tcpdump/master/libpcap/INSTALL.txt,v 1.19 2007-03-11 04:35:24 guy Exp $ (LBL)
 
 To build libpcap, run "./configure" (a shell script). The configure
 script will determine your system attributes and generate an
@@ -338,6 +338,7 @@ findalldevstest.c - test program for pcap_findalldevs()
 gencode.c	- BPF code generation routines
 gencode.h	- BPF code generation definitions
 grammar.y	- filter string grammar
+ieee80211.h	- 802.11 definitions
 inet.c		- network routines
 install-sh	- BSD style install script
 lbl/os-*.h	- OS-dependent defines and prototypes

diff --git a/gencode.c b/gencode.c
@@ -21,7 +21,7 @@
  */
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.276 2007-02-08 07:15:27 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/gencode.c,v 1.277 2007-03-11 04:35:24 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -1959,12 +1959,12 @@ gen_linktype(proto)
 		switch (proto) {
 		case ETHERTYPE_IP:
 		case PPP_IP:
-		/* FIXME add other L3 proto IDs */
+			/* FIXME add other L3 proto IDs */
 			return gen_mpls_linktype(Q_IP); 
 
 		case ETHERTYPE_IPV6:
 		case PPP_IPV6:
-		/* FIXME add other L3 proto IDs */
+			/* FIXME add other L3 proto IDs */
 			return gen_mpls_linktype(Q_IPV6); 
 
 		default:
@@ -6224,7 +6224,7 @@ gen_inbound(dir)
 			/* match incoming packets */
 			b0 = gen_mcmp(OR_LINK, 3, BPF_B, 1, 0x01);
 		}
-	    break;
+		break;
 
 	default:
 		bpf_error("inbound/outbound not supported on linktype %d",
@@ -6242,13 +6242,12 @@ gen_pf_ifname(const char *ifname)
 	struct block *b0;
 	u_int len, off;
 
-	if (linktype == DLT_PFLOG) {
-		len = sizeof(((struct pfloghdr *)0)->ifname);
-		off = offsetof(struct pfloghdr, ifname);
-	} else {
-		bpf_error("ifname not supported on linktype 0x%x", linktype);
+	if (linktype != DLT_PFLOG) {
+		bpf_error("ifname supported only on PF linktype");
 		/* NOTREACHED */
 	}
+	len = sizeof(((struct pfloghdr *)0)->ifname);
+	off = offsetof(struct pfloghdr, ifname);
 	if (strlen(ifname) >= len) {
 		bpf_error("ifname interface names can only be %d characters",
 		    len-1);
@@ -6265,14 +6264,16 @@ gen_pf_ruleset(char *ruleset)
 	struct block *b0;
 
 	if (linktype != DLT_PFLOG) {
-		bpf_error("ruleset not supported on linktype 0x%x", linktype);
+		bpf_error("ruleset supported only on PF linktype");
 		/* NOTREACHED */
 	}
+
 	if (strlen(ruleset) >= sizeof(((struct pfloghdr *)0)->ruleset)) {
 		bpf_error("ruleset names can only be %ld characters",
 		    (long)(sizeof(((struct pfloghdr *)0)->ruleset) - 1));
 		/* NOTREACHED */
 	}
+
 	b0 = gen_bcmp(OR_LINK, offsetof(struct pfloghdr, ruleset),
 	    strlen(ruleset), (const u_char *)ruleset);
 	return (b0);
@@ -6284,14 +6285,13 @@ gen_pf_rnr(int rnr)
 {
 	struct block *b0;
 
-	if (linktype == DLT_PFLOG) {
-		b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, rulenr), BPF_W,
-			 (bpf_int32)rnr);
-	} else {
-		bpf_error("rnr not supported on linktype 0x%x", linktype);
+	if (linktype != DLT_PFLOG) {
+		bpf_error("rnr supported only on PF linktype");
 		/* NOTREACHED */
 	}
 
+	b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, rulenr), BPF_W,
+		 (bpf_int32)rnr);
 	return (b0);
 }
 
@@ -6302,7 +6302,7 @@ gen_pf_srnr(int srnr)
 	struct block *b0;
 
 	if (linktype != DLT_PFLOG) {
-		bpf_error("srnr not supported on linktype 0x%x", linktype);
+		bpf_error("srnr supported only on PF linktype");
 		/* NOTREACHED */
 	}
 
@@ -6317,14 +6317,13 @@ gen_pf_reason(int reason)
 {
 	struct block *b0;
 
-	if (linktype == DLT_PFLOG) {
-		b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, reason), BPF_B,
-		    (bpf_int32)reason);
-	} else {
-		bpf_error("reason not supported on linktype 0x%x", linktype);
+	if (linktype != DLT_PFLOG) {
+		bpf_error("reason supported only on PF linktype");
 		/* NOTREACHED */
 	}
 
+	b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, reason), BPF_B,
+	    (bpf_int32)reason);
 	return (b0);
 }
 
@@ -6334,14 +6333,36 @@ gen_pf_action(int action)
 {
 	struct block *b0;
 
-	if (linktype == DLT_PFLOG) {
-		b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, action), BPF_B,
-		    (bpf_int32)action);
-	} else {
-		bpf_error("action not supported on linktype 0x%x", linktype);
+	if (linktype != DLT_PFLOG) {
+		bpf_error("action supported only on PF linktype");
 		/* NOTREACHED */
 	}
 
+	b0 = gen_cmp(OR_LINK, offsetof(struct pfloghdr, action), BPF_B,
+	    (bpf_int32)action);
+	return (b0);
+}
+
+/* IEEE 802.11 wireless header */
+struct block *
+gen_p80211_type(int type, int mask)
+{
+	struct block *b0;
+
+	switch (linktype) {
+
+	case DLT_IEEE802_11:
+	case DLT_PRISM_HEADER:
+	case DLT_IEEE802_11_RADIO_AVS:
+	case DLT_IEEE802_11_RADIO:
+		b0 = gen_mcmp(OR_LINK, 0, BPF_B, (bpf_int32)type,
+		    (bpf_int32)mask);
+		break;
+
+	default:
+		bpf_error("802.11 link-layer types supported only on 802.11");
+		/* NOTREACHED */
+	}
 	return (b0);
 }
 
@@ -6350,12 +6371,24 @@ gen_acode(eaddr, q)
 	register const u_char *eaddr;
 	struct qual q;
 {
-	if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
-		if (linktype == DLT_ARCNET || linktype == DLT_ARCNET_LINUX)
-			return gen_ahostop(eaddr, (int)q.dir);
+	switch (linktype) {
+
+	case DLT_ARCNET:
+	case DLT_ARCNET_LINUX:
+		if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) &&
+		    q.proto == Q_LINK)
+			return (gen_ahostop(eaddr, (int)q.dir));
+		else {
+			bpf_error("ARCnet address used in non-arc expression");
+			/* NOTREACHED */
+		}
+		break;
+
+	default:
+		bpf_error("aid supported only on ARCnet");
+		/* NOTREACHED */
 	}
-	bpf_error("ARCnet address used in non-arc expression");
-	/* NOTREACHED */
+	return (NULL);
 }
 
 static struct block *

diff --git a/gencode.h b/gencode.h
@@ -18,7 +18,7 @@
  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.68 2007-02-08 07:15:27 guy Exp $ (LBL)
+ * @(#) $Header: /tcpdump/master/libpcap/gencode.h,v 1.69 2007-03-11 04:35:24 guy Exp $ (LBL)
  */
 
 /*
@@ -312,6 +312,8 @@ struct block *gen_pf_reason(int);
 struct block *gen_pf_action(int);
 struct block *gen_pf_dir(int);
 
+struct block *gen_p80211_type(int, int);
+
 void bpf_optimize(struct block **);
 void bpf_error(const char *, ...)
     __attribute__((noreturn, format (printf, 1, 2)));

diff --git a/grammar.y b/grammar.y
@@ -22,7 +22,7 @@
  */
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.95 2007-02-08 07:15:27 guy Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/libpcap/grammar.y,v 1.96 2007-03-11 04:35:24 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -53,6 +53,7 @@ struct rtentry;
 
 #include "gencode.h"
 #include "pf.h"
+#include "ieee80211.h"
 #include <pcap/namedb.h>
 
 #ifdef HAVE_OS_PROTO_H
@@ -63,6 +64,10 @@ struct rtentry;
 			 (q).dir = (d),\
 			 (q).addr = (a)
 
+static const char *ieee80211_mgt_names[] = IEEE80211_MGT_SUBTYPE_NAMES;
+static const char *ieee80211_ctl_names[] = IEEE80211_CTL_SUBTYPE_NAMES;
+static const char *ieee80211_data_names[] = IEEE80211_DATA_SUBTYPE_NAMES;
+
 int n_errors = 0;
 
 static struct qual qerr = { Q_UNDEF, Q_UNDEF, Q_UNDEF, Q_UNDEF };
@@ -109,7 +114,7 @@ pcap_parse()
 %type	<a>	arth narth
 %type	<i>	byteop pname pnum relop irelop
 %type	<blk>	and or paren not null prog
-%type	<rblk>	other pfvar
+%type	<rblk>	other pfvar p80211
 %type	<i>	atmtype atmmultitype
 %type	<blk>	atmfield
 %type	<blk>	atmfieldvalue atmvalue atmlistvalue
@@ -143,12 +148,13 @@ pcap_parse()
 %token	RADIO
 %token	FISU LSSU MSU
 %token	SIO OPC DPC SLS
+%token	TYPE SUBTYPE
 
 %type	<s> ID
 %type	<e> EID
 %type	<e> AID
 %type	<s> HID HID6
-%type	<i> NUM action reason
+%type	<i> NUM action reason type subtype type_subtype
 
 %left OR AND
 %nonassoc  '!'
@@ -348,6 +354,7 @@ other:	  pqual TK_BROADCAST	{ $$ = gen_broadcast($1); }
 	| PPPOED		{ $$ = gen_pppoed(); }
 	| PPPOES		{ $$ = gen_pppoes(); }
 	| pfvar			{ $$ = $1; }
+	| pqual p80211		{ $$ = $2; }
 	;
 
 pfvar:	  PF_IFNAME ID		{ $$ = gen_pf_ifname($2); }
@@ -358,6 +365,83 @@ pfvar:	  PF_IFNAME ID		{ $$ = gen_pf_ifname($2); }
 	| PF_ACTION action	{ $$ = gen_pf_action($2); }
 	;
 
+p80211:   TYPE type SUBTYPE subtype
+				{ $$ = gen_p80211_type($2 | $4,
+					IEEE80211_FC0_TYPE_MASK |
+					IEEE80211_FC0_SUBTYPE_MASK);
+				}
+	| TYPE type		{ $$ = gen_p80211_type($2,
+					IEEE80211_FC0_TYPE_MASK);
+				}
+	| SUBTYPE type_subtype	{ $$ = gen_p80211_type($2,
+					IEEE80211_FC0_TYPE_MASK |
+					IEEE80211_FC0_SUBTYPE_MASK);
+				}
+	;
+
+type:	  NUM
+	| ID			{ const char *names[] = IEEE80211_TYPE_NAMES;
+				  int i, lim;
+				  lim = (IEEE80211_FC0_TYPE_MASK >> IEEE80211_FC0_TYPE_SHIFT) + 1;
+				  for (i = 0; i < lim; ++i) {
+				  	if (pcap_strcasecmp($1, names[i]) == 0) {
+						$$ = i << IEEE80211_FC0_TYPE_SHIFT;
+						break;
+					}
+				  }
+				  if (i == lim)
+				  	bpf_error("unknown 802.11 type name");
+				}
+	;
+
+subtype:  NUM
+	| ID			{ const char **names;
+				  int i, lim;
+				  if ($<i>-1 == IEEE80211_FC0_TYPE_MGT)
+				  	names = ieee80211_mgt_names;
+				  else if ($<i>-1 == IEEE80211_FC0_TYPE_CTL)
+				  	names = ieee80211_ctl_names;
+				  else if ($<i>-1 == IEEE80211_FC0_TYPE_DATA)
+				  	names = ieee80211_data_names;
+				  else
+				  	bpf_error("unknown 802.11 type");
+				  lim = (IEEE80211_FC0_SUBTYPE_MASK >> IEEE80211_FC0_SUBTYPE_SHIFT) + 1;
+				  for (i = 0; i < lim; ++i) {
+				  	if (pcap_strcasecmp($1, names[i]) == 0) {
+						$$ = i << IEEE80211_FC0_SUBTYPE_SHIFT;
+						break;
+					}
+				  }
+				  if (i == lim)
+				  	bpf_error("unknown 802.11 subtype name");
+				}
+	;
+
+type_subtype:	ID		{ const char **sub_names[] = {
+					ieee80211_mgt_names,
+					ieee80211_ctl_names,
+					ieee80211_data_names
+				  };
+				  int i, j, lim, sub_lim;
+				  sub_lim = sizeof(sub_names) / sizeof(sub_names[0]);
+				  lim = (IEEE80211_FC0_SUBTYPE_MASK >> IEEE80211_FC0_SUBTYPE_SHIFT) + 1;
+				  for (i = 0; i < sub_lim; ++i) {
+				  	const char **names = sub_names[i];
+				  	for (j = 0; j < lim; ++j) {
+						if (pcap_strcasecmp($1, names[j]) == 0)
+							break;
+					}
+					if (j != lim) {
+						$$ = (i << IEEE80211_FC0_TYPE_SHIFT) |
+						     (j << IEEE80211_FC0_SUBTYPE_SHIFT);
+						break;
+					}
+				  }
+				  if (i == sub_lim)
+				  	bpf_error("unknown 802.11 subtype name");
+				}
+		;
+
 reason:	  NUM			{ $$ = $1; }
 	| ID			{ const char *reasons[] = PFRES_NAMES;
 				  int i;