From 2ae11347945ebd5bcff0c81c4305c03309918530 Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Thu, 27 Sep 2012 19:34:11 -0700 Subject: [PATCH] Support what IPv6 stuff we can without IPv6 address resolution support. Make the INET6-only code just be code that depends on having getaddrinfo(), as per a complaint that, on a machine that either doesn't have getaddrinfo() or doesn't have INET6 enabled, a filter dst host 127.0.0.1 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 127.0.0.1))) Not having a full IPv6 stack shouldn't keep you from, for example, having a filter that just checks the packet type field for IPv6 or that looks at the protocol field in the IPv6 header. You can't check for IPv6 *hosts* (although we could perhaps allow them to be specified numerically). --- gencode.c | 89 ++++----------------------------------------------------------- scanner.l | 16 ++---------- 2 files changed, 7 insertions(+), 98 deletions(-) diff --git a/gencode.c b/gencode.c index 0010df5..85e2e8e 100644 --- a/gencode.c +++ b/gencode.c @@ -240,9 +240,7 @@ static struct block *gen_linktype(int); static struct block *gen_snap(bpf_u_int32, bpf_u_int32); static struct block *gen_llc_linktype(int); static struct block *gen_hostop(bpf_u_int32, bpf_u_int32, int, int, u_int, u_int); -#ifdef INET6 static struct block *gen_hostop6(struct in6_addr *, struct in6_addr *, int, int, u_int, u_int); -#endif static struct block *gen_ahostop(const u_char *, int); static struct block *gen_ehostop(const u_char *, int); static struct block *gen_fhostop(const u_char *, int); @@ -252,29 +250,23 @@ static struct block *gen_ipfchostop(const u_char *, int); static struct block *gen_dnhostop(bpf_u_int32, int); static struct block *gen_mpls_linktype(int); static struct block *gen_host(bpf_u_int32, bpf_u_int32, int, int, int); -#ifdef INET6 static struct block *gen_host6(struct in6_addr *, struct in6_addr *, int, int, int); -#endif #ifndef INET6 static struct block *gen_gateway(const u_char *, bpf_u_int32 **, int, int); #endif static struct block *gen_ipfrag(void); static struct block *gen_portatom(int, bpf_int32); static struct block *gen_portrangeatom(int, bpf_int32, bpf_int32); -#ifdef INET6 static struct block *gen_portatom6(int, bpf_int32); static struct block *gen_portrangeatom6(int, bpf_int32, bpf_int32); -#endif struct block *gen_portop(int, int, int); static struct block *gen_port(int, int, int); struct block *gen_portrangeop(int, int, int, int); static struct block *gen_portrange(int, int, int, int); -#ifdef INET6 struct block *gen_portop6(int, int, int); static struct block *gen_port6(int, int, int); struct block *gen_portrangeop6(int, int, int, int); static struct block *gen_portrange6(int, int, int, int); -#endif static int lookup_proto(const char *, int); static struct block *gen_protochain(int, int, int); static struct block *gen_proto(int, int, int); @@ -2841,11 +2833,9 @@ ethertype_to_ppptype(proto) proto = PPP_IP; break; -#ifdef INET6 case ETHERTYPE_IPV6: proto = PPP_IPV6; break; -#endif case ETHERTYPE_DN: proto = PPP_DECNET; @@ -3053,11 +3043,10 @@ gen_linktype(proto) case ETHERTYPE_IP: /* Check for a version number of 4. */ return gen_mcmp(OR_LINK, 0, BPF_B, 0x40, 0xF0); -#ifdef INET6 + case ETHERTYPE_IPV6: /* Check for a version number of 6. */ return gen_mcmp(OR_LINK, 0, BPF_B, 0x60, 0xF0); -#endif default: return gen_false(); /* always false */ @@ -3081,10 +3070,8 @@ gen_linktype(proto) /* * Raw IPv6, so no type field. */ -#ifdef INET6 if (proto == ETHERTYPE_IPV6) return gen_true(); /* always true */ -#endif /* Checking for something other than IPv6; always false */ return gen_false(); @@ -3206,11 +3193,9 @@ gen_linktype(proto) if (proto == ETHERTYPE_IP) return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af), BPF_B, (bpf_int32)AF_INET)); -#ifdef INET6 else if (proto == ETHERTYPE_IPV6) return (gen_cmp(OR_LINK, offsetof(struct pfloghdr, af), BPF_B, (bpf_int32)AF_INET6)); -#endif /* INET6 */ else return gen_false(); /*NOTREACHED*/ @@ -3228,11 +3213,9 @@ gen_linktype(proto) default: return gen_false(); -#ifdef INET6 case ETHERTYPE_IPV6: return (gen_cmp(OR_LINK, off_linktype, BPF_B, (bpf_int32)ARCTYPE_INET6)); -#endif /* INET6 */ case ETHERTYPE_IP: b0 = gen_cmp(OR_LINK, off_linktype, BPF_B, @@ -3284,13 +3267,11 @@ gen_linktype(proto) */ return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | 0xcc); -#ifdef INET6 case ETHERTYPE_IPV6: /* * Check for the special NLPID for IPv6. */ return gen_cmp(OR_LINK, 2, BPF_H, (0x03<<8) | 0x8e); -#endif case LLCSAP_ISONS: /* @@ -3585,7 +3566,6 @@ gen_hostop(addr, mask, dir, proto, src_off, dst_off) return b1; } -#ifdef INET6 static struct block * gen_hostop6(addr, mask, dir, proto, src_off, dst_off) struct in6_addr *addr; @@ -3637,7 +3617,6 @@ gen_hostop6(addr, mask, dir, proto, src_off, dst_off) gen_and(b0, b1); return b1; } -#endif /*INET6*/ static struct block * gen_ehostop(eaddr, dir) @@ -4515,13 +4494,11 @@ gen_host(addr, mask, proto, dir, type) case Q_MOPRC: bpf_error("MOPRC host filtering not implemented"); -#ifdef INET6 case Q_IPV6: bpf_error("'ip6' modifier applied to ip host"); case Q_ICMPV6: bpf_error("'icmp6' modifier applied to %s", typestr); -#endif /* INET6 */ case Q_AH: bpf_error("'ah' modifier applied to %s", typestr); @@ -4559,7 +4536,6 @@ gen_host(addr, mask, proto, dir, type) /* NOTREACHED */ } -#ifdef INET6 static struct block * gen_host6(addr, mask, proto, dir, type) struct in6_addr *addr; @@ -4678,7 +4654,6 @@ gen_host6(addr, mask, proto, dir, type) } /* NOTREACHED */ } -#endif /*INET6*/ #ifndef INET6 static struct block * @@ -4770,26 +4745,20 @@ gen_proto_abbrev(proto) case Q_SCTP: b1 = gen_proto(IPPROTO_SCTP, Q_IP, Q_DEFAULT); -#ifdef INET6 b0 = gen_proto(IPPROTO_SCTP, Q_IPV6, Q_DEFAULT); gen_or(b0, b1); -#endif break; case Q_TCP: b1 = gen_proto(IPPROTO_TCP, Q_IP, Q_DEFAULT); -#ifdef INET6 b0 = gen_proto(IPPROTO_TCP, Q_IPV6, Q_DEFAULT); gen_or(b0, b1); -#endif break; case Q_UDP: b1 = gen_proto(IPPROTO_UDP, Q_IP, Q_DEFAULT); -#ifdef INET6 b0 = gen_proto(IPPROTO_UDP, Q_IPV6, Q_DEFAULT); gen_or(b0, b1); -#endif break; case Q_ICMP: @@ -4817,10 +4786,8 @@ gen_proto_abbrev(proto) case Q_PIM: b1 = gen_proto(IPPROTO_PIM, Q_IP, Q_DEFAULT); -#ifdef INET6 b0 = gen_proto(IPPROTO_PIM, Q_IPV6, Q_DEFAULT); gen_or(b0, b1); -#endif break; #ifndef IPPROTO_VRRP @@ -4882,7 +4849,6 @@ gen_proto_abbrev(proto) b1 = gen_linktype(ETHERTYPE_MOPRC); break; -#ifdef INET6 case Q_IPV6: b1 = gen_linktype(ETHERTYPE_IPV6); break; @@ -4893,17 +4859,14 @@ gen_proto_abbrev(proto) case Q_ICMPV6: b1 = gen_proto(IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); break; -#endif /* INET6 */ #ifndef IPPROTO_AH #define IPPROTO_AH 51 #endif case Q_AH: b1 = gen_proto(IPPROTO_AH, Q_IP, Q_DEFAULT); -#ifdef INET6 b0 = gen_proto(IPPROTO_AH, Q_IPV6, Q_DEFAULT); gen_or(b0, b1); -#endif break; #ifndef IPPROTO_ESP @@ -4911,10 +4874,8 @@ gen_proto_abbrev(proto) #endif case Q_ESP: b1 = gen_proto(IPPROTO_ESP, Q_IP, Q_DEFAULT); -#ifdef INET6 b0 = gen_proto(IPPROTO_ESP, Q_IPV6, Q_DEFAULT); gen_or(b0, b1); -#endif break; case Q_ISO: @@ -5047,7 +5008,6 @@ gen_portatom(off, v) return gen_cmp(OR_TRAN_IPV4, off, BPF_H, v); } -#ifdef INET6 static struct block * gen_portatom6(off, v) int off; @@ -5055,7 +5015,6 @@ gen_portatom6(off, v) { return gen_cmp(OR_TRAN_IPV6, off, BPF_H, v); } -#endif/*INET6*/ struct block * gen_portop(port, proto, dir) @@ -5147,7 +5106,6 @@ gen_port(port, ip_proto, dir) return b1; } -#ifdef INET6 struct block * gen_portop6(port, proto, dir) int port, proto, dir; @@ -5220,7 +5178,6 @@ gen_port6(port, ip_proto, dir) gen_and(b0, b1); return b1; } -#endif /* INET6 */ /* gen_portrange code */ static struct block * @@ -5325,7 +5282,6 @@ gen_portrange(port1, port2, ip_proto, dir) return b1; } -#ifdef INET6 static struct block * gen_portrangeatom6(off, v1, v2) int off; @@ -5426,7 +5382,6 @@ gen_portrange6(port1, port2, ip_proto, dir) gen_and(b0, b1); return b1; } -#endif /* INET6 */ static int lookup_proto(name, proto) @@ -5561,7 +5516,7 @@ gen_protochain(v, proto, dir) s[i]->s.k = off_macpl + off_nl; i++; break; -#ifdef INET6 + case Q_IPV6: b0 = gen_linktype(ETHERTYPE_IPV6); @@ -5574,7 +5529,7 @@ gen_protochain(v, proto, dir) s[i]->s.k = 40; i++; break; -#endif + default: bpf_error("unsupported proto to gen_protochain"); /*NOTREACHED*/ @@ -5601,7 +5556,6 @@ gen_protochain(v, proto, dir) fix2 = i; i++; -#ifdef INET6 if (proto == Q_IPV6) { int v6start, v6end, v6advance, j; @@ -5683,9 +5637,7 @@ gen_protochain(v, proto, dir) /* fixup */ for (j = v6start; j <= v6end; j++) s[j]->s.jt = s[v6advance]; - } else -#endif - { + } else { /* nop */ s[i] = new_stmt(BPF_ALU|BPF_ADD|BPF_K); s[i]->s.k = 0; @@ -5829,25 +5781,20 @@ gen_proto(v, proto, dir) int dir; { struct block *b0, *b1; -#ifdef INET6 #ifndef CHASE_CHAIN struct block *b2; #endif -#endif if (dir != Q_DEFAULT) bpf_error("direction applied to 'proto'"); switch (proto) { case Q_DEFAULT: -#ifdef INET6 b0 = gen_proto(v, Q_IP, dir); b1 = gen_proto(v, Q_IPV6, dir); gen_or(b0, b1); return b1; -#else - /*FALLTHROUGH*/ -#endif + case Q_IP: /* * For FDDI, RFC 1188 says that SNAP encapsulation is used, @@ -5998,7 +5945,6 @@ gen_proto(v, proto, dir) bpf_error("'carp proto' is bogus"); /* NOTREACHED */ -#ifdef INET6 case Q_IPV6: b0 = gen_linktype(ETHERTYPE_IPV6); #ifndef CHASE_CHAIN @@ -6019,7 +5965,6 @@ gen_proto(v, proto, dir) case Q_ICMPV6: bpf_error("'icmp6 proto' is bogus"); -#endif /* INET6 */ case Q_AH: bpf_error("'ah proto' is bogus"); @@ -6276,13 +6221,9 @@ gen_scode(name, q) bpf_error("illegal port number %d < 0", port); if (port > 65535) bpf_error("illegal port number %d > 65535", port); -#ifndef INET6 - return gen_port(port, real_proto, dir); -#else b = gen_port(port, real_proto, dir); gen_or(gen_port6(port, real_proto, dir), b); return b; -#endif /* INET6 */ case Q_PORTRANGE: if (proto != Q_DEFAULT && @@ -6326,13 +6267,9 @@ gen_scode(name, q) if (port2 > 65535) bpf_error("illegal port number %d > 65535", port2); -#ifndef INET6 - return gen_portrange(port1, port2, real_proto, dir); -#else b = gen_portrange(port1, port2, real_proto, dir); gen_or(gen_portrange6(port1, port2, real_proto, dir), b); return b; -#endif /* INET6 */ case Q_GATEWAY: #ifndef INET6 @@ -6480,16 +6417,12 @@ gen_ncode(s, v, q) if (v > 65535) bpf_error("illegal port number %u > 65535", v); -#ifndef INET6 - return gen_port((int)v, proto, dir); -#else { struct block *b; b = gen_port((int)v, proto, dir); gen_or(gen_port6((int)v, proto, dir), b); return b; } -#endif /* INET6 */ case Q_PORTRANGE: if (proto == Q_UDP) @@ -6506,16 +6439,12 @@ gen_ncode(s, v, q) if (v > 65535) bpf_error("illegal port number %u > 65535", v); -#ifndef INET6 - return gen_portrange((int)v, (int)v, proto, dir); -#else { struct block *b; b = gen_portrange((int)v, (int)v, proto, dir); gen_or(gen_portrange6((int)v, (int)v, proto, dir), b); return b; } -#endif /* INET6 */ case Q_GATEWAY: bpf_error("'gateway' requires a name"); @@ -6805,9 +6734,7 @@ gen_load(proto, inst, size) case Q_LAT: case Q_MOPRC: case Q_MOPDL: -#ifdef INET6 case Q_IPV6: -#endif /* * The offset is relative to the beginning of * the network-layer header. @@ -6916,16 +6843,12 @@ gen_load(proto, inst, size) gen_and(gen_proto_abbrev(proto), b = gen_ipfrag()); if (inst->b) gen_and(inst->b, b); -#ifdef INET6 gen_and(gen_proto_abbrev(Q_IP), b); -#endif inst->b = b; break; -#ifdef INET6 case Q_ICMPV6: bpf_error("IPv6 upper-layer protocol is not supported by proto[x]"); /*NOTREACHED*/ -#endif } inst->regno = regno; s = new_stmt(BPF_ST); @@ -7477,13 +7400,11 @@ gen_multicast(proto) gen_and(b0, b1); return b1; -#ifdef INET6 case Q_IPV6: b0 = gen_linktype(ETHERTYPE_IPV6); b1 = gen_cmp(OR_NET, 24, BPF_B, (bpf_int32)255); gen_and(b0, b1); return b1; -#endif /* INET6 */ } bpf_error("link-layer multicast filters supported only on ethernet/FDDI/token ring/ARCNET/802.11/ATM LANE/Fibre Channel"); /* NOTREACHED */ diff --git a/scanner.l b/scanner.l index 064e9c8..10ffbcd 100644 --- a/scanner.l +++ b/scanner.l @@ -206,20 +206,8 @@ vrrp return VRRP; carp return CARP; radio return RADIO; -ip6 { -#ifdef INET6 - return IPV6; -#else - bpf_error("%s not supported", yytext); -#endif - } -icmp6 { -#ifdef INET6 - return ICMPV6; -#else - bpf_error("%s not supported", yytext); -#endif - } +ip6 return IPV6; +icmp6 return ICMPV6; ah return AH; esp return ESP; -- 1.8.1.1