From 9b15cc6779cb9694b7ce87d07eb0018247bbafaf Mon Sep 17 00:00:00 2001 From: Guy Harris Date: Tue, 7 Jan 2025 00:13:41 -0800 Subject: [PATCH] Support both "igrp" and "eigrp" in filters. Use our own header to define IPPROTO_ values, rather than leaving them up to the OS for which we're building. Always use IP protocol 9 for "igrp", and use IP protocol 88 for "eigrp". 9 is assigned to "any private Internet gateway protocol", and is mainly used for Cisco's IGRP. 88 is for Cisco's EIGRP, which is not compatible on-the-wire with IGRP. FreeBSD, DragonFly BSD and macOS define IPPROTO_IGRP as 88, rather than as 9, and their libpcaps use IP protocol 88 for "igrp". Everybody else uses IP protocol 9 for "igrp". --- Makefile.in | 1 + gencode.c | 63 ++++++++-------- gencode.h | 2 + grammar.y.in | 3 +- ipproto.h | 159 +++++++++++++++++++++++++++++++++++++++++ pcap-filter.manmisc.in | 9 +++ scanner.l | 1 + 7 files changed, 203 insertions(+), 35 deletions(-) create mode 100644 ipproto.h diff --git a/Makefile.in b/Makefile.in index fc7a4ffc69..8bc298ae99 100644 --- a/Makefile.in +++ b/Makefile.in @@ -126,6 +126,7 @@ HDR = $(PUBHDR) \ ftmacros.h \ gencode.h \ ieee80211.h \ + ipproto.h \ llc.h \ nametoaddr.h \ optimize.h \ diff --git a/gencode.c b/gencode.c index 7e6fea7a16..342e2994d4 100644 --- a/gencode.c +++ b/gencode.c @@ -21,12 +21,6 @@ #include -#ifdef _WIN32 - #include -#else - #include -#endif /* _WIN32 */ - #include #include #include @@ -41,6 +35,7 @@ #include "ethertype.h" #include "llc.h" +#include "ipproto.h" #include "gencode.h" #include "ieee80211.h" #include "pflog.h" @@ -5190,6 +5185,9 @@ gen_host(compiler_state_t *cstate, bpf_u_int32 addr, bpf_u_int32 mask, case Q_IGRP: bpf_error(cstate, "'igrp' modifier applied to %s", typestr); + case Q_EIGRP: + bpf_error(cstate, "'eigrp' modifier applied to %s", typestr); + case Q_ATALK: bpf_error(cstate, "AppleTalk host filtering not implemented"); @@ -5330,6 +5328,9 @@ gen_host6(compiler_state_t *cstate, struct in6_addr *addr, case Q_IGRP: bpf_error(cstate, "'igrp' modifier applied to ip6 %s", typestr); + case Q_EIGRP: + bpf_error(cstate, "'eigrp' modifier applied to ip6 %s", typestr); + case Q_ATALK: bpf_error(cstate, "AppleTalk modifier applied to ip6 %s", typestr); @@ -5554,41 +5555,39 @@ gen_proto_abbrev_internal(compiler_state_t *cstate, int proto) b1 = gen_proto(cstate, IPPROTO_ICMP, Q_IP, Q_DEFAULT); break; -#ifndef IPPROTO_IGMP -#define IPPROTO_IGMP 2 -#endif - case Q_IGMP: b1 = gen_proto(cstate, IPPROTO_IGMP, Q_IP, Q_DEFAULT); break; -#ifndef IPPROTO_IGRP -#define IPPROTO_IGRP 9 -#endif case Q_IGRP: - b1 = gen_proto(cstate, IPPROTO_IGRP, Q_IP, Q_DEFAULT); + /* + * XXX - the current IANA protocol number assignments + * page lists 9 as "any private interior gateway + * (used by Cisco for their IGRP)" and 88 as + * "EIGRP" from Cisco. + * + * Recent FreeBSD, DragonFly BSD, and macOS + * headers define IPPROTO_PIGP ("private interior gateway + * protocol") as 9 and IPPROTO_IGRP as 88. We define + * IPPROTO_PIGP as 9 and IPPROTO_EIGRP as 88; those + * names better match what the current protocol number + * assignments say. + */ + b1 = gen_proto(cstate, IPPROTO_PIGP, Q_IP, Q_DEFAULT); break; -#ifndef IPPROTO_PIM -#define IPPROTO_PIM 103 -#endif + case Q_EIGRP: + b1 = gen_proto(cstate, IPPROTO_EIGRP, Q_IP, Q_DEFAULT); + break; case Q_PIM: b1 = gen_proto(cstate, IPPROTO_PIM, Q_DEFAULT, Q_DEFAULT); break; -#ifndef IPPROTO_VRRP -#define IPPROTO_VRRP 112 -#endif - case Q_VRRP: b1 = gen_proto(cstate, IPPROTO_VRRP, Q_IP, Q_DEFAULT); break; -#ifndef IPPROTO_CARP -#define IPPROTO_CARP 112 -#endif - case Q_CARP: b1 = gen_proto(cstate, IPPROTO_CARP, Q_IP, Q_DEFAULT); break; @@ -5640,23 +5639,14 @@ gen_proto_abbrev_internal(compiler_state_t *cstate, int proto) b1 = gen_linktype(cstate, ETHERTYPE_IPV6); break; -#ifndef IPPROTO_ICMPV6 -#define IPPROTO_ICMPV6 58 -#endif case Q_ICMPV6: b1 = gen_proto(cstate, IPPROTO_ICMPV6, Q_IPV6, Q_DEFAULT); break; -#ifndef IPPROTO_AH -#define IPPROTO_AH 51 -#endif case Q_AH: b1 = gen_proto(cstate, IPPROTO_AH, Q_DEFAULT, Q_DEFAULT); break; -#ifndef IPPROTO_ESP -#define IPPROTO_ESP 50 -#endif case Q_ESP: b1 = gen_proto(cstate, IPPROTO_ESP, Q_DEFAULT, Q_DEFAULT); break; @@ -6659,6 +6649,10 @@ gen_proto(compiler_state_t *cstate, bpf_u_int32 v, int proto, int dir) bpf_error(cstate, "'igrp proto' is bogus"); /*NOTREACHED*/ + case Q_EIGRP: + bpf_error(cstate, "'eigrp proto' is bogus"); + /*NOTREACHED*/ + case Q_ATALK: bpf_error(cstate, "AppleTalk encapsulation is not specifiable"); /*NOTREACHED*/ @@ -7919,6 +7913,7 @@ gen_load_internal(compiler_state_t *cstate, int proto, struct arth *inst, case Q_ICMP: case Q_IGMP: case Q_IGRP: + case Q_EIGRP: case Q_PIM: case Q_VRRP: case Q_CARP: diff --git a/gencode.h b/gencode.h index cf9baafed1..871b56eeac 100644 --- a/gencode.h +++ b/gencode.h @@ -134,6 +134,8 @@ #define Q_CARP 39 +#define Q_EIGRP 40 + /* Directional qualifiers. */ #define Q_SRC 1 diff --git a/grammar.y.in b/grammar.y.in index 578ccfb17a..40b4e6399c 100644 --- a/grammar.y.in +++ b/grammar.y.in @@ -376,7 +376,7 @@ DIAG_OFF_BISON_BYACC %token DST SRC HOST GATEWAY %token NET NETMASK PORT PORTRANGE LESS GREATER PROTO PROTOCHAIN CBYTE -%token ARP RARP IP SCTP TCP UDP ICMP IGMP IGRP PIM VRRP CARP +%token ARP RARP IP SCTP TCP UDP ICMP IGMP IGRP EIGRP PIM VRRP CARP %token ATALK AARP DECNET LAT SCA MOPRC MOPDL %token TK_BROADCAST TK_MULTICAST %token NUM INBOUND OUTBOUND @@ -640,6 +640,7 @@ pname: LINK { $$ = Q_LINK; } | ICMP { $$ = Q_ICMP; } | IGMP { $$ = Q_IGMP; } | IGRP { $$ = Q_IGRP; } + | EIGRP { $$ = Q_EIGRP; } | PIM { $$ = Q_PIM; } | VRRP { $$ = Q_VRRP; } | CARP { $$ = Q_CARP; } diff --git a/ipproto.h b/ipproto.h new file mode 100644 index 0000000000..3088e5e48b --- /dev/null +++ b/ipproto.h @@ -0,0 +1,159 @@ +/* + * Copyright (c) 1982, 1986, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * From: + * @(#)in.h 8.3 (Berkeley) 1/3/94 + * $FreeBSD: src/sys/netinet/in.h,v 1.38.2.3 1999/08/29 16:29:34 peter Exp $ + */ + +#ifndef IPPROTO_IP +#define IPPROTO_IP 0 /* dummy for IP */ +#endif +#ifndef IPPROTO_HOPOPTS +#define IPPROTO_HOPOPTS 0 /* IPv6 hop-by-hop options */ +#endif +#ifndef IPPROTO_ICMP +#define IPPROTO_ICMP 1 /* control message protocol */ +#endif +#ifndef IPPROTO_IGMP +#define IPPROTO_IGMP 2 /* group mgmt protocol */ +#endif +#ifndef IPPROTO_IPV4 +#define IPPROTO_IPV4 4 +#endif +#ifndef IPPROTO_TCP +#define IPPROTO_TCP 6 /* tcp */ +#endif +#ifndef IPPROTO_EGP +#define IPPROTO_EGP 8 /* exterior gateway protocol */ +#endif +/* + * XXX - the current IANA protocol number assignments page lists 9 as + * "any private interior gateway (used by Cisco for their IGRP)" and + * 88 as "EIGRP" from Cisco. + * + * Recent FreeBSD, DragonFly BSD, and macOS headers define + * IPPROTO_PIGP ("private interior gateway protocol") as 9 and + * IPPROTO_IGRP as 88. We define IPPROTO_PIGP as 9 and IPPROTO_EIGRP + * as 88; those names better match what the current protocol number + * assignments say. + */ +#ifndef IPPROTO_PIGP +#define IPPROTO_PIGP 9 +#endif +#ifndef IPPROTO_UDP +#define IPPROTO_UDP 17 /* user datagram protocol */ +#endif +#ifndef IPPROTO_DCCP +#define IPPROTO_DCCP 33 /* datagram congestion control protocol */ +#endif +#ifndef IPPROTO_IPV6 +#define IPPROTO_IPV6 41 +#endif +#ifndef IPPROTO_ROUTING +#define IPPROTO_ROUTING 43 /* IPv6 routing header */ +#endif +#ifndef IPPROTO_FRAGMENT +#define IPPROTO_FRAGMENT 44 /* IPv6 fragmentation header */ +#endif +#ifndef IPPROTO_RSVP +#define IPPROTO_RSVP 46 /* resource reservation */ +#endif +#ifndef IPPROTO_GRE +#define IPPROTO_GRE 47 /* General Routing Encap. */ +#endif +#ifndef IPPROTO_ESP +#define IPPROTO_ESP 50 /* SIPP Encap Sec. Payload */ +#endif +#ifndef IPPROTO_AH +#define IPPROTO_AH 51 /* SIPP Auth Header */ +#endif +#ifndef IPPROTO_NHRP +#define IPPROTO_NHRP 54 /* Next Hop Resolution */ +#endif +#ifndef IPPROTO_MOBILE +#define IPPROTO_MOBILE 55 +#endif +#ifndef IPPROTO_ICMPV6 +#define IPPROTO_ICMPV6 58 /* ICMPv6 */ +#endif +#ifndef IPPROTO_NONE +#define IPPROTO_NONE 59 /* IPv6 no next header */ +#endif +#ifndef IPPROTO_DSTOPTS +#define IPPROTO_DSTOPTS 60 /* IPv6 destination options */ +#endif +#ifndef IPPROTO_MOBILITY_OLD +/* + * The current Protocol Numbers list says that the IP protocol number for + * mobility headers is 135; it cites RFC 6275 (obsoletes RFC 3775). + * + * It appears that 62 used to be used, even though that's assigned to + * a protocol called CFTP; however, the only reference for CFTP is a + * Network Message from BBN back in 1982, so, for now, we support 62, + * as well as 135, as a protocol number for mobility headers. + */ +#define IPPROTO_MOBILITY_OLD 62 +#endif +#ifndef IPPROTO_ND +#define IPPROTO_ND 77 /* Sun net disk proto (temp.) */ +#endif +#ifndef IPPROTO_EIGRP +#define IPPROTO_EIGRP 88 /* Cisco/GXS IGRP */ +#endif +#ifndef IPPROTO_OSPF +#define IPPROTO_OSPF 89 +#endif +#ifndef IPPROTO_PIM +#define IPPROTO_PIM 103 +#endif +#ifndef IPPROTO_IPCOMP +#define IPPROTO_IPCOMP 108 +#endif +#ifndef IPPROTO_VRRP +#define IPPROTO_VRRP 112 /* See also CARP. */ +#endif +#ifndef IPPROTO_CARP +#define IPPROTO_CARP 112 +#endif +#ifndef IPPROTO_PGM +#define IPPROTO_PGM 113 +#endif +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif +#ifndef IPPROTO_MOBILITY +#define IPPROTO_MOBILITY 135 +#endif +#ifndef IPPROTO_ETHERNET +#define IPPROTO_ETHERNET 143 /* TEMPORARY - registered 2020-01-31, expires 2021-01-31 */ +#endif diff --git a/pcap-filter.manmisc.in b/pcap-filter.manmisc.in index 6e3269fb9c..27e72ba3d4 100644 --- a/pcap-filter.manmisc.in +++ b/pcap-filter.manmisc.in @@ -354,6 +354,13 @@ Abbreviation for: \fBip proto\fR 9 .fi .in -.5i +.IP "\fBeigrp\fR" +Abbreviation for: +.in +.5i +.nf +\fBip proto\fR 88 +.fi +.in -.5i .IP "\fBip6 proto \fIprotocol\fR" True if the packet is an IPv6 packet of protocol type \fIprotocol\fP. (See `\fBip proto\fP' above for the meaning of \fIprotocol\fR.) @@ -1015,6 +1022,7 @@ is one of .BR atalk , .BR carp , .BR decnet , +.BR eigrp , .BR ether , .BR fddi , .BR icmp , @@ -1075,6 +1083,7 @@ This check is implicitly applied to the .BR igmp , .BR pim , .BR igrp , +.BR eigrp , .BR vrrp and .BR carp diff --git a/scanner.l b/scanner.l index 0fa8f40724..279baa0135 100644 --- a/scanner.l +++ b/scanner.l @@ -258,6 +258,7 @@ udp return UDP; icmp return ICMP; igmp return IGMP; igrp return IGRP; +eigrp return EIGRP; pim return PIM; vrrp return VRRP; carp return CARP;