136 { "NULL", -1 }
137
138 };
139
140 static transport_table_t ether_transport_mapping_table[] = {
141 {IPPROTO_TCP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
142 {IPPROTO_TCP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
143 {IPPROTO_UDP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
144 {IPPROTO_UDP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
145 {IPPROTO_OSPF, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
146 {IPPROTO_OSPF, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
147 {IPPROTO_SCTP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
148 {IPPROTO_SCTP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
149 {IPPROTO_ICMP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
150 {IPPROTO_ICMPV6, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
151 {IPPROTO_ENCAP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
152 {IPPROTO_ESP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
153 {IPPROTO_ESP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
154 {IPPROTO_AH, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
155 {IPPROTO_AH, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
156 {-1, 0, 0} /* must be the final entry */
157 };
158
159 static transport_table_t ipnet_transport_mapping_table[] = {
160 {IPPROTO_TCP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
161 IPV4_TYPE_HEADER_OFFSET},
162 {IPPROTO_TCP, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
163 IPV6_TYPE_HEADER_OFFSET},
164 {IPPROTO_UDP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
165 IPV4_TYPE_HEADER_OFFSET},
166 {IPPROTO_UDP, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
167 IPV6_TYPE_HEADER_OFFSET},
168 {IPPROTO_OSPF, (DL_IPNETINFO_VERSION << 8 | AF_INET),
169 IPV4_TYPE_HEADER_OFFSET},
170 {IPPROTO_OSPF, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
171 IPV6_TYPE_HEADER_OFFSET},
172 {IPPROTO_SCTP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
173 IPV4_TYPE_HEADER_OFFSET},
174 {IPPROTO_SCTP, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
175 IPV6_TYPE_HEADER_OFFSET},
176 {IPPROTO_ICMP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
177 IPV4_TYPE_HEADER_OFFSET},
178 {IPPROTO_ICMPV6, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
179 IPV6_TYPE_HEADER_OFFSET},
180 {IPPROTO_ENCAP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
181 IPV4_TYPE_HEADER_OFFSET},
182 {IPPROTO_ESP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
183 IPV4_TYPE_HEADER_OFFSET},
184 {IPPROTO_ESP, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
185 IPV6_TYPE_HEADER_OFFSET},
186 {IPPROTO_AH, (DL_IPNETINFO_VERSION << 8 | AF_INET),
187 IPV4_TYPE_HEADER_OFFSET},
188 {IPPROTO_AH, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
189 IPV6_TYPE_HEADER_OFFSET},
190 {-1, 0, 0} /* must be the final entry */
191 };
192
193 static transport_table_t ib_transport_mapping_table[] = {
194 {IPPROTO_TCP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
195 {IPPROTO_TCP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
196 {IPPROTO_UDP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
197 {IPPROTO_UDP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
198 {IPPROTO_OSPF, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
199 {IPPROTO_OSPF, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
200 {IPPROTO_SCTP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
201 {IPPROTO_SCTP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
202 {IPPROTO_ICMP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
203 {IPPROTO_ICMPV6, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
204 {IPPROTO_ENCAP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
205 {IPPROTO_ESP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
206 {IPPROTO_ESP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
207 {IPPROTO_AH, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
208 {IPPROTO_AH, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
209 {-1, 0, 0} /* must be the final entry */
210 };
211
212 typedef struct datalink {
213 uint_t dl_type;
214 void (*dl_match_fn)(uint_t datatype);
215 transport_table_t *dl_trans_map_tbl;
216 network_table_t *dl_net_map_tbl;
217 int dl_link_header_len;
218 int dl_link_type_offset;
219 int dl_link_dest_offset;
220 int dl_link_src_offset;
221 int dl_link_addr_len;
222 } datalink_t;
223
224 datalink_t dl;
225
226 #define IPV4_SRCADDR_OFFSET (dl.dl_link_header_len + 12)
227 #define IPV4_DSTADDR_OFFSET (dl.dl_link_header_len + 16)
228 #define IPV6_SRCADDR_OFFSET (dl.dl_link_header_len + 8)
1311 pf_check_transport_protocol(IPPROTO_ENCAP);
1312 opstack++;
1313 next();
1314 break;
1315 }
1316
1317 if (EQ("esp")) {
1318 pf_check_transport_protocol(IPPROTO_ESP);
1319 opstack++;
1320 next();
1321 break;
1322 }
1323
1324 if (EQ("ah")) {
1325 pf_check_transport_protocol(IPPROTO_AH);
1326 opstack++;
1327 next();
1328 break;
1329 }
1330
1331 if (EQ("(")) {
1332 inBrace++;
1333 next();
1334 pf_expression();
1335 if (EQ(")")) {
1336 if (inBrace)
1337 inBraceOR--;
1338 inBrace--;
1339 next();
1340 }
1341 break;
1342 }
1343
1344 if (EQ("to") || EQ("dst")) {
1345 dir = TO;
1346 next();
1347 continue;
1348 }
1349
1350 if (EQ("from") || EQ("src")) {
|
136 { "NULL", -1 }
137
138 };
139
140 static transport_table_t ether_transport_mapping_table[] = {
141 {IPPROTO_TCP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
142 {IPPROTO_TCP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
143 {IPPROTO_UDP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
144 {IPPROTO_UDP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
145 {IPPROTO_OSPF, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
146 {IPPROTO_OSPF, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
147 {IPPROTO_SCTP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
148 {IPPROTO_SCTP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
149 {IPPROTO_ICMP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
150 {IPPROTO_ICMPV6, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
151 {IPPROTO_ENCAP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
152 {IPPROTO_ESP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
153 {IPPROTO_ESP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
154 {IPPROTO_AH, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
155 {IPPROTO_AH, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
156 {IPPROTO_DCCP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
157 {IPPROTO_DCCP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
158 {-1, 0, 0} /* must be the final entry */
159 };
160
161 static transport_table_t ipnet_transport_mapping_table[] = {
162 {IPPROTO_TCP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
163 IPV4_TYPE_HEADER_OFFSET},
164 {IPPROTO_TCP, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
165 IPV6_TYPE_HEADER_OFFSET},
166 {IPPROTO_UDP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
167 IPV4_TYPE_HEADER_OFFSET},
168 {IPPROTO_UDP, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
169 IPV6_TYPE_HEADER_OFFSET},
170 {IPPROTO_OSPF, (DL_IPNETINFO_VERSION << 8 | AF_INET),
171 IPV4_TYPE_HEADER_OFFSET},
172 {IPPROTO_OSPF, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
173 IPV6_TYPE_HEADER_OFFSET},
174 {IPPROTO_SCTP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
175 IPV4_TYPE_HEADER_OFFSET},
176 {IPPROTO_SCTP, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
177 IPV6_TYPE_HEADER_OFFSET},
178 {IPPROTO_ICMP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
179 IPV4_TYPE_HEADER_OFFSET},
180 {IPPROTO_ICMPV6, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
181 IPV6_TYPE_HEADER_OFFSET},
182 {IPPROTO_ENCAP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
183 IPV4_TYPE_HEADER_OFFSET},
184 {IPPROTO_ESP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
185 IPV4_TYPE_HEADER_OFFSET},
186 {IPPROTO_ESP, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
187 IPV6_TYPE_HEADER_OFFSET},
188 {IPPROTO_AH, (DL_IPNETINFO_VERSION << 8 | AF_INET),
189 IPV4_TYPE_HEADER_OFFSET},
190 {IPPROTO_AH, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
191 IPV6_TYPE_HEADER_OFFSET},
192 {IPPROTO_DCCP, (DL_IPNETINFO_VERSION << 8 | AF_INET),
193 IPV4_TYPE_HEADER_OFFSET},
194 {IPPROTO_DCCP, (DL_IPNETINFO_VERSION << 8 | AF_INET6),
195 IPV6_TYPE_HEADER_OFFSET},
196 {-1, 0, 0} /* must be the final entry */
197 };
198
199 static transport_table_t ib_transport_mapping_table[] = {
200 {IPPROTO_TCP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
201 {IPPROTO_TCP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
202 {IPPROTO_UDP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
203 {IPPROTO_UDP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
204 {IPPROTO_OSPF, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
205 {IPPROTO_OSPF, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
206 {IPPROTO_SCTP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
207 {IPPROTO_SCTP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
208 {IPPROTO_ICMP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
209 {IPPROTO_ICMPV6, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
210 {IPPROTO_ENCAP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
211 {IPPROTO_ESP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
212 {IPPROTO_ESP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
213 {IPPROTO_AH, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
214 {IPPROTO_AH, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
215 {IPPROTO_DCCP, ETHERTYPE_IP, IPV4_TYPE_HEADER_OFFSET},
216 {IPPROTO_DCCP, ETHERTYPE_IPV6, IPV6_TYPE_HEADER_OFFSET},
217 {-1, 0, 0} /* must be the final entry */
218 };
219
220 typedef struct datalink {
221 uint_t dl_type;
222 void (*dl_match_fn)(uint_t datatype);
223 transport_table_t *dl_trans_map_tbl;
224 network_table_t *dl_net_map_tbl;
225 int dl_link_header_len;
226 int dl_link_type_offset;
227 int dl_link_dest_offset;
228 int dl_link_src_offset;
229 int dl_link_addr_len;
230 } datalink_t;
231
232 datalink_t dl;
233
234 #define IPV4_SRCADDR_OFFSET (dl.dl_link_header_len + 12)
235 #define IPV4_DSTADDR_OFFSET (dl.dl_link_header_len + 16)
236 #define IPV6_SRCADDR_OFFSET (dl.dl_link_header_len + 8)
1319 pf_check_transport_protocol(IPPROTO_ENCAP);
1320 opstack++;
1321 next();
1322 break;
1323 }
1324
1325 if (EQ("esp")) {
1326 pf_check_transport_protocol(IPPROTO_ESP);
1327 opstack++;
1328 next();
1329 break;
1330 }
1331
1332 if (EQ("ah")) {
1333 pf_check_transport_protocol(IPPROTO_AH);
1334 opstack++;
1335 next();
1336 break;
1337 }
1338
1339 if (EQ("dccp")) {
1340 pf_check_transport_protocol(IPPROTO_DCCP);
1341 opstack++;
1342 next();
1343 break;
1344 }
1345
1346 if (EQ("(")) {
1347 inBrace++;
1348 next();
1349 pf_expression();
1350 if (EQ(")")) {
1351 if (inBrace)
1352 inBraceOR--;
1353 inBrace--;
1354 next();
1355 }
1356 break;
1357 }
1358
1359 if (EQ("to") || EQ("dst")) {
1360 dir = TO;
1361 next();
1362 continue;
1363 }
1364
1365 if (EQ("from") || EQ("src")) {
|