Support both "igrp" and "eigrp" in filters.

Use our own header to define IPPROTO_ values, rather than leaving them
up to the OS for which we're building.

Always use IP protocol 9 for "igrp", and use IP protocol 88 for "eigrp".
9 is assigned to "any private Internet gateway protocol", and is mainly
used for Cisco's IGRP.  88 is for Cisco's EIGRP, which is not compatible
on-the-wire with IGRP.

FreeBSD, DragonFly BSD and macOS define IPPROTO_IGRP as 88, rather than
as 9, and their libpcaps use IP protocol 88 for "igrp".  Everybody else
uses IP protocol 9 for "igrp".

Author: guyharris

Makefile.in

@@ -126,6 +126,7 @@ HDR = $(PUBHDR) \
 	ftmacros.h \
 	gencode.h \
 	ieee80211.h \
+	ipproto.h \
 	llc.h \
 	nametoaddr.h \
 	optimize.h \

gencode.c

@@ -21,12 +21,6 @@
 
 #include <config.h>
 
-#ifdef _WIN32
-  #include <ws2tcpip.h>
-#else
-  #include <netinet/in.h>
-#endif /* _WIN32 */
-
 #include <stdlib.h>
 #include <string.h>
 #include <memory.h>
@@ -41,6 +35,7 @@
 
 #include "ethertype.h"
 #include "llc.h"
+#include "ipproto.h"
 #include "gencode.h"
 #include "ieee80211.h"
 #include "pflog.h"
@@ -5190,6 +5185,9 @@ gen_host(compiler_state_t *cstate, bpf_u_int32 addr, bpf_u_int32 mask,
 	case Q_IGRP:
 		bpf_error(cstate, "'igrp' modifier applied to %s", typestr);
 
+	case Q_EIGRP:
+		bpf_error(cstate, "'eigrp' modifier applied to %s", typestr);
+
 	case Q_ATALK:
 		bpf_error(cstate, "AppleTalk host filtering not implemented");
 
@@ -5330,6 +5328,9 @@ gen_host6(compiler_state_t *cstate, struct in6_addr *addr,
 	case Q_IGRP:
 		bpf_error(cstate, "'igrp' modifier applied to ip6 %s", typestr);
 
+	case Q_EIGRP:
+		bpf_error(cstate, "'eigrp' modifier applied to ip6 %s", typestr);
+
 	case Q_ATALK:
 		bpf_error(cstate, "AppleTalk modifier applied to ip6 %s", typestr);
 
@@ -5554,41 +5555,39 @@ gen_proto_abbrev_internal(compiler_state_t *cstate, int proto)
 		b1 = gen_proto(cstate, IPPROTO_ICMP, Q_IP, Q_DEFAULT);
 		break;
 
-#ifndef	IPPROTO_IGMP
-#define	IPPROTO_IGMP	2
-#endif
-
 	case Q_IGMP:
 		b1 = gen_proto(cstate, IPPROTO_IGMP, Q_IP, Q_DEFAULT);
 		break;
 
-#ifndef	IPPROTO_IGRP
-#define	IPPROTO_IGRP	9
-#endif
 	case Q_IGRP:
-		b1 = gen_proto(cstate, IPPROTO_IGRP, Q_IP, Q_DEFAULT);
+		/*
+		 * XXX - the current IANA protocol number assignments
+		 * page lists 9 as "any private interior gateway
+		 * (used by Cisco for their IGRP)" and 88 as
+		 * "EIGRP" from Cisco.
+		 *
+		 * Recent FreeBSD, DragonFly BSD, and macOS <netinet/in.h>
+		 * headers define IPPROTO_PIGP ("private interior gateway
+		 * protocol") as 9 and IPPROTO_IGRP as 88.  We define
+		 * IPPROTO_PIGP as 9 and IPPROTO_EIGRP as 88; those
+		 * names better match what the current protocol number
+		 * assignments say.
+		 */
+		b1 = gen_proto(cstate, IPPROTO_PIGP, Q_IP, Q_DEFAULT);
 		break;
 
-#ifndef IPPROTO_PIM
-#define IPPROTO_PIM	103
-#endif
+	case Q_EIGRP:
+		b1 = gen_proto(cstate, IPPROTO_EIGRP, Q_IP, Q_DEFAULT);
+		break;
 
 	case Q_PIM:
 		b1 = gen_proto(cstate, IPPROTO_PIM, Q_DEFAULT, Q_DEFAULT);
 		break;
 
-#ifndef IPPROTO_VRRP
-#define IPPROTO_VRRP	112
-#endif
-
 	case Q_VRRP:
 		b1 = gen_proto(cstate, IPPROTO_VRRP, Q_IP, Q_DEFAULT);
 		break;
 
-#ifndef IPPROTO_CARP
-#define IPPROTO_CARP	112
-#endif
-
 	case Q_CARP:
 		b1 = gen_proto(cstate, IPPROTO_CARP, Q_IP, Q_DEFAULT);
 		break;
@@ -5640,23 +5639,14 @@ gen_proto_abbrev_internal(compiler_state_t *cstate, int proto)
 		b1 = gen_linktype(cstate, ETHERTYPE_IPV6);
 		break;
 
-#ifndef IPPROTO_ICMPV6
-#define IPPROTO_ICMPV6	58
-#endif
 	case Q_ICMPV6:
 		b1 = gen_proto(cstate, IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT);
 		break;
 
-#ifndef IPPROTO_AH
-#define IPPROTO_AH	51
-#endif
 	case Q_AH:
 		b1 = gen_proto(cstate, IPPROTO_AH, Q_DEFAULT, Q_DEFAULT);
 		break;
 
-#ifndef IPPROTO_ESP
-#define IPPROTO_ESP	50
-#endif
 	case Q_ESP:
 		b1 = gen_proto(cstate, IPPROTO_ESP, Q_DEFAULT, Q_DEFAULT);
 		break;
@@ -6659,6 +6649,10 @@ gen_proto(compiler_state_t *cstate, bpf_u_int32 v, int proto, int dir)
 		bpf_error(cstate, "'igrp proto' is bogus");
 		/*NOTREACHED*/
 
+	case Q_EIGRP:
+		bpf_error(cstate, "'eigrp proto' is bogus");
+		/*NOTREACHED*/
+
 	case Q_ATALK:
 		bpf_error(cstate, "AppleTalk encapsulation is not specifiable");
 		/*NOTREACHED*/
@@ -7919,6 +7913,7 @@ gen_load_internal(compiler_state_t *cstate, int proto, struct arth *inst,
 	case Q_ICMP:
 	case Q_IGMP:
 	case Q_IGRP:
+	case Q_EIGRP:
 	case Q_PIM:
 	case Q_VRRP:
 	case Q_CARP:

gencode.h

@@ -134,6 +134,8 @@
 
 #define Q_CARP		39
 
+#define Q_EIGRP		40
+
 /* Directional qualifiers. */
 
 #define Q_SRC		1

grammar.y.in

@@ -376,7 +376,7 @@ DIAG_OFF_BISON_BYACC
 
 %token  DST SRC HOST GATEWAY
 %token  NET NETMASK PORT PORTRANGE LESS GREATER PROTO PROTOCHAIN CBYTE
-%token  ARP RARP IP SCTP TCP UDP ICMP IGMP IGRP PIM VRRP CARP
+%token  ARP RARP IP SCTP TCP UDP ICMP IGMP IGRP EIGRP PIM VRRP CARP
 %token  ATALK AARP DECNET LAT SCA MOPRC MOPDL
 %token  TK_BROADCAST TK_MULTICAST
 %token  NUM INBOUND OUTBOUND
@@ -640,6 +640,7 @@ pname:	  LINK			{ $$ = Q_LINK; }
 	| ICMP			{ $$ = Q_ICMP; }
 	| IGMP			{ $$ = Q_IGMP; }
 	| IGRP			{ $$ = Q_IGRP; }
+	| EIGRP			{ $$ = Q_EIGRP; }
 	| PIM			{ $$ = Q_PIM; }
 	| VRRP			{ $$ = Q_VRRP; }
 	| CARP			{ $$ = Q_CARP; }

ipproto.h

@@ -0,0 +1,159 @@
+/*
+ * Copyright (c) 1982, 1986, 1990, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * From:
+ *	@(#)in.h	8.3 (Berkeley) 1/3/94
+ * $FreeBSD: src/sys/netinet/in.h,v 1.38.2.3 1999/08/29 16:29:34 peter Exp $
+ */
+
+#ifndef IPPROTO_IP
+#define	IPPROTO_IP		0		/* dummy for IP */
+#endif
+#ifndef IPPROTO_HOPOPTS
+#define IPPROTO_HOPOPTS		0		/* IPv6 hop-by-hop options */
+#endif
+#ifndef IPPROTO_ICMP
+#define	IPPROTO_ICMP		1		/* control message protocol */
+#endif
+#ifndef IPPROTO_IGMP
+#define	IPPROTO_IGMP		2		/* group mgmt protocol */
+#endif
+#ifndef IPPROTO_IPV4
+#define IPPROTO_IPV4		4
+#endif
+#ifndef IPPROTO_TCP
+#define	IPPROTO_TCP		6		/* tcp */
+#endif
+#ifndef IPPROTO_EGP
+#define	IPPROTO_EGP		8		/* exterior gateway protocol */
+#endif
+/*
+ * XXX - the current IANA protocol number assignments page lists 9 as
+ * "any private interior gateway (used by Cisco for their IGRP)" and
+ * 88 as "EIGRP" from Cisco.
+ *
+ * Recent FreeBSD, DragonFly BSD, and macOS <netinet/in.h> headers define
+ * IPPROTO_PIGP ("private interior gateway protocol") as 9 and
+ * IPPROTO_IGRP as 88.  We define IPPROTO_PIGP as 9 and IPPROTO_EIGRP
+ * as 88; those names better match what the current protocol number
+ * assignments say.
+ */
+#ifndef IPPROTO_PIGP
+#define IPPROTO_PIGP		9
+#endif
+#ifndef IPPROTO_UDP
+#define	IPPROTO_UDP		17		/* user datagram protocol */
+#endif
+#ifndef IPPROTO_DCCP
+#define	IPPROTO_DCCP		33		/* datagram congestion control protocol */
+#endif
+#ifndef IPPROTO_IPV6
+#define IPPROTO_IPV6		41
+#endif
+#ifndef IPPROTO_ROUTING
+#define IPPROTO_ROUTING		43		/* IPv6 routing header */
+#endif
+#ifndef IPPROTO_FRAGMENT
+#define IPPROTO_FRAGMENT	44		/* IPv6 fragmentation header */
+#endif
+#ifndef IPPROTO_RSVP
+#define IPPROTO_RSVP		46		/* resource reservation */
+#endif
+#ifndef IPPROTO_GRE
+#define	IPPROTO_GRE		47		/* General Routing Encap. */
+#endif
+#ifndef IPPROTO_ESP
+#define	IPPROTO_ESP		50		/* SIPP Encap Sec. Payload */
+#endif
+#ifndef IPPROTO_AH
+#define	IPPROTO_AH		51		/* SIPP Auth Header */
+#endif
+#ifndef IPPROTO_NHRP
+#define IPPROTO_NHRP		54		/* Next Hop Resolution */
+#endif
+#ifndef IPPROTO_MOBILE
+#define IPPROTO_MOBILE		55
+#endif
+#ifndef IPPROTO_ICMPV6
+#define IPPROTO_ICMPV6		58		/* ICMPv6 */
+#endif
+#ifndef IPPROTO_NONE
+#define IPPROTO_NONE		59		/* IPv6 no next header */
+#endif
+#ifndef IPPROTO_DSTOPTS
+#define IPPROTO_DSTOPTS		60		/* IPv6 destination options */
+#endif
+#ifndef IPPROTO_MOBILITY_OLD
+/*
+ * The current Protocol Numbers list says that the IP protocol number for
+ * mobility headers is 135; it cites RFC 6275 (obsoletes RFC 3775).
+ *
+ * It appears that 62 used to be used, even though that's assigned to
+ * a protocol called CFTP; however, the only reference for CFTP is a
+ * Network Message from BBN back in 1982, so, for now, we support 62,
+ * as well as 135, as a protocol number for mobility headers.
+ */
+#define IPPROTO_MOBILITY_OLD	62
+#endif
+#ifndef IPPROTO_ND
+#define	IPPROTO_ND		77		/* Sun net disk proto (temp.) */
+#endif
+#ifndef IPPROTO_EIGRP
+#define	IPPROTO_EIGRP		88		/* Cisco/GXS IGRP */
+#endif
+#ifndef IPPROTO_OSPF
+#define IPPROTO_OSPF		89
+#endif
+#ifndef IPPROTO_PIM
+#define IPPROTO_PIM		103
+#endif
+#ifndef IPPROTO_IPCOMP
+#define IPPROTO_IPCOMP		108
+#endif
+#ifndef IPPROTO_VRRP
+#define IPPROTO_VRRP		112 /* See also CARP. */
+#endif
+#ifndef IPPROTO_CARP
+#define IPPROTO_CARP		112
+#endif
+#ifndef IPPROTO_PGM
+#define IPPROTO_PGM             113
+#endif
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP		132
+#endif
+#ifndef IPPROTO_MOBILITY
+#define IPPROTO_MOBILITY	135
+#endif
+#ifndef IPPROTO_ETHERNET
+#define IPPROTO_ETHERNET	143 /* TEMPORARY - registered 2020-01-31, expires 2021-01-31 */
+#endif

pcap-filter.manmisc.in

@@ -354,6 +354,13 @@ Abbreviation for:
 \fBip proto\fR 9
 .fi
 .in -.5i
+.IP "\fBeigrp\fR"
+Abbreviation for:
+.in +.5i
+.nf
+\fBip proto\fR 88
+.fi
+.in -.5i
 .IP "\fBip6 proto \fIprotocol\fR"
 True if the packet is an IPv6 packet of protocol type \fIprotocol\fP.
 (See `\fBip proto\fP' above for the meaning of \fIprotocol\fR.)
@@ -1015,6 +1022,7 @@ is one of
 .BR atalk ,
 .BR carp ,
 .BR decnet ,
+.BR eigrp ,
 .BR ether ,
 .BR fddi ,
 .BR icmp ,
@@ -1075,6 +1083,7 @@ This check is implicitly applied to the
 .BR igmp ,
 .BR pim ,
 .BR igrp ,
+.BR eigrp ,
 .BR vrrp
 and
 .BR carp

scanner.l

@@ -258,6 +258,7 @@ udp		return UDP;
 icmp		return ICMP;
 igmp		return IGMP;
 igrp		return IGRP;
+eigrp		return EIGRP;
 pim		return PIM;
 vrrp		return VRRP;
 carp		return CARP;