Add inbound/outbound support for two DSA DLTs.

In gen_inbound_outbound() add cases for DLT_DSA_TAG_BRCM and
DLT_DSA_TAG_DSA.  Cover the new code paths with accept and filter
tests.  For the latter use the existing savefiles.  Annotate the
contents of dsa.pcap better to make it easier to interpret the results.
Make the definition of inbound/outbound in pcap-filter(7) a bit more up
to date.

In my tests the new code handles DLT_DSA_TAG_BRCM correctly for a live
capture as well.

Author: infrastation

gencode.c

@@ -8232,6 +8232,33 @@ gen_inbound_outbound(compiler_state_t *cstate, const int outbound)
 		 * the byte after the 3-byte magic number */
 		return gen_mcmp(cstate, OR_LINKHDR, 3, BPF_B, outbound ? 0 : 1, 0x01);
 
+	case DLT_DSA_TAG_BRCM:
+		/*
+		 * This DSA tag encodes the frame direction in the three most
+		 * significant bits of its first octet: 0b000***** ("egress",
+		 * switch -> CPU) means "inbound" in libpcap terms and
+		 * 0b001***** ("ingress", CPU -> switch) means "outbound".
+		 */
+		return gen_mcmp(cstate, OR_LINKHDR, 6 + 6, BPF_B,
+		                outbound ? 0x20 : 0x00, 0xe0);
+
+	case DLT_DSA_TAG_DSA:
+		/*
+		 * This DSA tag does not encode the frame direction, but it
+		 * encodes the frame mode, and some modes imply exactly one
+		 * direction.  The mode is the two most significant bits of the
+		 * first octet.  0b00****** ("To_CPU ingress") and 0b10******
+		 * ("To_Sniffer ingress") mean "inbound" in libpcap terms and
+		 * 0b01****** ("From_CPU egress") means "outbound".  0x11******
+		 * ("Forward") can mean either direction, so cannot be used for
+		 * this purpose.
+		 *
+		 * So match 0b01****** for outbound and 0b*0****** otherwise.
+		 */
+		return gen_mcmp(cstate, OR_LINKHDR, 6 + 6, BPF_B,
+		                outbound ? 0x40 : 0x00,
+		                outbound ? 0xc0 : 0x40);
+
 	default:
 		/*
 		 * If we have packet meta-data indicating a direction,

pcap-filter.manmisc.in

@@ -18,7 +18,7 @@
 .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
-.TH PCAP-FILTER @MAN_MISC_INFO@ "2 November 2025"
+.TH PCAP-FILTER @MAN_MISC_INFO@ "22 November 2025"
 .SH NAME
 pcap-filter \- packet filter syntax
 .br
@@ -870,15 +870,26 @@ Exchange Identification (XID) U PDUs
 Frame Reject (FRMR) U PDUs
 .RE
 .IP \fBinbound\fP
-Packet was received by the host performing the capture rather than being
-sent by that host.  This is only supported for certain link-layer types,
-such as SLIP and the ``cooked'' Linux capture mode
-used for the ``any'' device and for some other device types.
+True if the packet was received by the host performing the capture rather than
+sent by that host.  This primitive is supported for certain link-layer types
+only, namely,
+.BR DLT_SLIP ,
+.BR DLT_IPNET ,
+.BR DLT_LINUX_SLL ,
+.BR DLT_LINUX_SLL2 ,
+.BR DLT_PFLOG ,
+.BR DLT_PPP_PPPD ,
+a number of Juniper Networks private types and some types of Linux DSA tag.
+For reference, the ``any'' pseudo-interface uses
+.B DLT_LINUX_SLL
+or
+.B DLT_LINUX_SLL2
+on Linux, and
+.B DLT_IPNET
+on Solaris.
 .IP \fBoutbound\fP
-Packet was sent by the host performing the capture rather than being
-received by that host.  This is only supported for certain link-layer types,
-such as SLIP and the ``cooked'' Linux capture mode
-used for the ``any'' device and for some other device types.
+Same as the above, but for the opposite direction (from the capturing host
+to the network).
 .IP "\fBifindex \fIinterface_index\fR"
 True if the packet was logged via the specified interface (applies only to
 packets logged by the Linux "any" cooked v2 interface).

testprogs/TESTrun

@@ -1083,6 +1083,66 @@ my @accept_blocks = (
 			(004) ret      #0
 			',
 	}, # juniper_mfr_outbound
+	{
+		name => 'inbound_DSA_TAG_BRCM',
+		DLT => 'DSA_TAG_BRCM',
+		aliases => ['inbound'],
+		opt => '
+			(000) ldb      [12]
+			(001) jset     #0xe0            jt 2	jf 3
+			(002) ret      #0
+			(003) ret      #262144
+			',
+		unopt => '
+			(000) ldb      [12]
+			(001) and      #0xe0
+			(002) jeq      #0x0             jt 3	jf 4
+			(003) ret      #262144
+			(004) ret      #0
+			',
+	},
+	{
+		name => 'outbound_DSA_TAG_BRCM',
+		DLT => 'DSA_TAG_BRCM',
+		aliases => ['outbound'],
+		optunopt => '
+			(000) ldb      [12]
+			(001) and      #0xe0
+			(002) jeq      #0x20            jt 3	jf 4
+			(003) ret      #262144
+			(004) ret      #0
+			',
+	},
+	{
+		name => 'inbound_DSA_TAG_DSA',
+		DLT => 'DSA_TAG_DSA',
+		aliases => ['inbound'],
+		opt => '
+			(000) ldb      [12]
+			(001) jset     #0x40            jt 2	jf 3
+			(002) ret      #0
+			(003) ret      #262144
+			',
+		unopt => '
+			(000) ldb      [12]
+			(001) and      #0x40
+			(002) jeq      #0x0             jt 3	jf 4
+			(003) ret      #262144
+			(004) ret      #0
+			',
+	},
+	{
+		name => 'outbound_DSA_TAG_DSA',
+		DLT => 'DSA_TAG_DSA',
+		aliases => ['outbound'],
+		optunopt => '
+			(000) ldb      [12]
+			(001) and      #0xc0
+			(002) jeq      #0x40            jt 3	jf 4
+			(003) ret      #262144
+			(004) ret      #0
+			',
+	},
 	{
 		name => 'inbound_linuxext',
 		skip => skip_os_not ('linux'),
@@ -20174,16 +20234,28 @@ my @apply_blocks = (
 		expr => 'multicast',
 		results => [64, 64, 64, 64],
 	},
+	{
+		name => 'inbound_DSA_TAG_BRCM',
+		savefile => 'brcm-tag-stp.pcap',
+		expr => 'inbound',
+		results => [64, 0, 0, 64],
+	},
+	{
+		name => 'outbound_DSA_TAG_BRCM',
+		savefile => 'brcm-tag-stp.pcap',
+		expr => 'outbound',
+		results => [0, 64, 64, 0],
+	},
 
 	# Protocol exchange for the packets in dsa.pcap:
-	# 1. 00:50:b6:29:10:70 > d6:c5:28:21:3e:af, 192.168.30.1 > 192.168.30.2, ICMP echo request
-	# 2. d6:c5:28:21:3e:af > 00:50:b6:29:10:70, 192.168.30.2 > 192.168.30.1, ICMP echo reply
-	# 3. 00:50:b6:29:10:70 > d6:c5:28:21:3e:af, 192.168.30.1 > 192.168.30.2, ICMP echo request
-	# 4. d6:c5:28:21:3e:af > 00:50:b6:29:10:70, 192.168.30.2 > 192.168.30.1, ICMP echo reply
-	# 5. 00:50:b6:29:10:70 > d6:c5:28:21:3e:af, 192.168.30.1 > 192.168.30.2, ICMP echo request
-	# 6. d6:c5:28:21:3e:af > 00:50:b6:29:10:70, 192.168.30.2 > 192.168.30.1, ICMP echo reply
-	# 7. d6:c5:28:21:3e:af > 00:50:b6:29:10:70, ARP Request who-has 192.168.30.1 tell 192.168.30.2
-	# 8. 00:50:b6:29:10:70 > d6:c5:28:21:3e:af, ARP Reply 192.168.30.1 is-at 00:50:b6:29:10:70
+	# 1. Forward,  00:50:b6:29:10:70 > d6:c5:28:21:3e:af, 192.168.30.1 > 192.168.30.2, ICMP echo request
+	# 2. From CPU, d6:c5:28:21:3e:af > 00:50:b6:29:10:70, 192.168.30.2 > 192.168.30.1, ICMP echo reply
+	# 3. Forward,  00:50:b6:29:10:70 > d6:c5:28:21:3e:af, 192.168.30.1 > 192.168.30.2, ICMP echo request
+	# 4. From CPU, d6:c5:28:21:3e:af > 00:50:b6:29:10:70, 192.168.30.2 > 192.168.30.1, ICMP echo reply
+	# 5. Forward,  00:50:b6:29:10:70 > d6:c5:28:21:3e:af, 192.168.30.1 > 192.168.30.2, ICMP echo request
+	# 6. From CPU, d6:c5:28:21:3e:af > 00:50:b6:29:10:70, 192.168.30.2 > 192.168.30.1, ICMP echo reply
+	# 7. From CPU, d6:c5:28:21:3e:af > 00:50:b6:29:10:70, ARP Request who-has 192.168.30.1 tell 192.168.30.2
+	# 8. Forward,  00:50:b6:29:10:70 > d6:c5:28:21:3e:af, ARP Reply 192.168.30.1 is-at 00:50:b6:29:10:70
 	{
 		name => 'link_dst_DSA_TAG_DSA',
 		savefile => 'dsa.pcap',
@@ -20220,6 +20292,18 @@ my @apply_blocks = (
 		expr => 'icmp[icmptype] == icmp-echo',
 		results => [262144, 0, 262144, 0, 262144, 0, 0, 0],
 	},
+	{
+		name => 'inbound_DSA_TAG_DSA',
+		savefile => 'dsa.pcap',
+		expr => 'inbound',
+		results => [0, 0, 0, 0, 0, 0, 0, 0],
+	},
+	{
+		name => 'outbound_DSA_TAG_DSA',
+		savefile => 'dsa.pcap',
+		expr => 'outbound',
+		results => [0, 262144, 0, 262144, 0, 262144, 262144, 0],
+	},
 );
 
 # yyerror()
@@ -21690,6 +21774,7 @@ my %DLTfeatures = (
 		vlan => 1,
 		mpls => 1,
 		llc => 1,
+		inout => 1,
 	},
 	DSA_TAG_BRCM_PREPEND => {
 	},
@@ -21701,6 +21786,7 @@ my %DLTfeatures = (
 		vlan => 1,
 		mpls => 1,
 		llc => 1,
+		inout => 1,
 	},
 	DSA_TAG_EDSA => {
 	},