1998-09-16 02:39:15 +00:00
|
|
|
/* packet-tr.c
|
|
|
|
* Routines for Token-Ring packet disassembly
|
2001-11-13 23:55:44 +00:00
|
|
|
* Gilbert Ramirez <gram@alumni.rice.edu>
|
1998-09-16 02:39:15 +00:00
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
1998-09-16 02:39:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2000-11-17 21:00:40 +00:00
|
|
|
#include <string.h>
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2000-05-19 05:29:44 +00:00
|
|
|
#include "packet-tr.h"
|
2000-02-15 21:06:58 +00:00
|
|
|
#include "packet-llc.h"
|
2004-09-27 22:55:15 +00:00
|
|
|
#include <epan/prefs.h>
|
2004-09-29 00:06:36 +00:00
|
|
|
#include <epan/tap.h>
|
2005-08-18 08:55:22 +00:00
|
|
|
#include <epan/emem.h>
|
2002-08-28 21:04:11 +00:00
|
|
|
|
1999-07-29 05:47:07 +00:00
|
|
|
static int proto_tr = -1;
|
|
|
|
static int hf_tr_dst = -1;
|
|
|
|
static int hf_tr_src = -1;
|
2000-03-20 22:22:45 +00:00
|
|
|
static int hf_tr_addr = -1;
|
1999-07-29 05:47:07 +00:00
|
|
|
static int hf_tr_sr = -1;
|
|
|
|
static int hf_tr_ac = -1;
|
|
|
|
static int hf_tr_priority = -1;
|
|
|
|
static int hf_tr_frame = -1;
|
|
|
|
static int hf_tr_monitor_cnt = -1;
|
|
|
|
static int hf_tr_priority_reservation = -1;
|
|
|
|
static int hf_tr_fc = -1;
|
|
|
|
static int hf_tr_fc_type = -1;
|
|
|
|
static int hf_tr_fc_pcf = -1;
|
|
|
|
static int hf_tr_rif_bytes = -1;
|
|
|
|
static int hf_tr_broadcast = -1;
|
|
|
|
static int hf_tr_max_frame_size = -1;
|
|
|
|
static int hf_tr_direction = -1;
|
|
|
|
static int hf_tr_rif = -1;
|
|
|
|
static int hf_tr_rif_ring = -1;
|
|
|
|
static int hf_tr_rif_bridge = -1;
|
1999-09-15 06:26:42 +00:00
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_token_ring = -1;
|
|
|
|
static gint ett_token_ring_ac = -1;
|
|
|
|
static gint ett_token_ring_fc = -1;
|
|
|
|
|
2003-01-22 01:17:01 +00:00
|
|
|
static int tr_tap = -1;
|
|
|
|
|
2003-02-08 05:31:05 +00:00
|
|
|
/*
|
|
|
|
* Check for and attempt to fix Linux link-layer header mangling.
|
|
|
|
*/
|
|
|
|
static gboolean fix_linux_botches = FALSE;
|
|
|
|
|
1999-09-17 04:20:23 +00:00
|
|
|
#define TR_MIN_HEADER_LEN 14
|
1999-09-15 06:26:42 +00:00
|
|
|
#define TR_MAX_HEADER_LEN 32
|
|
|
|
|
1999-10-12 06:21:15 +00:00
|
|
|
static const true_false_string ac_truth = { "Frame", "Token" };
|
1999-07-07 22:52:57 +00:00
|
|
|
|
|
|
|
static const value_string pcf_vals[] = {
|
|
|
|
{ 0, "Normal buffer" },
|
|
|
|
{ 1, "Express buffer" },
|
|
|
|
{ 2, "Purge" },
|
|
|
|
{ 3, "Claim Token" },
|
|
|
|
{ 4, "Beacon" },
|
|
|
|
{ 5, "Active Monitor Present" },
|
|
|
|
{ 6, "Standby Monitor Present" },
|
|
|
|
{ 0, NULL },
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string frame_vals[] = {
|
|
|
|
{ 0, "MAC" },
|
1999-10-12 06:21:15 +00:00
|
|
|
{ 1, "LLC" },
|
|
|
|
{ 2, "Reserved" },
|
1999-07-07 22:52:57 +00:00
|
|
|
{ 0, NULL },
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string broadcast_vals[] = {
|
|
|
|
{ 0 << 5, "Non-broadcast" },
|
|
|
|
{ 1 << 5, "Non-broadcast" },
|
|
|
|
{ 2 << 5, "Non-broadcast" },
|
|
|
|
{ 3 << 5, "Non-broadcast" },
|
|
|
|
{ 4 << 5, "All-routes broadcast" },
|
|
|
|
{ 5 << 5, "All-routes broadcast" },
|
|
|
|
{ 6 << 5, "Single-route broadcast" },
|
|
|
|
{ 7 << 5, "Single-route broadcast" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string max_frame_size_vals[] = {
|
2001-02-05 02:06:27 +00:00
|
|
|
{ 0 << 4, "516" },
|
|
|
|
{ 1 << 4, "1500" },
|
|
|
|
{ 2 << 4, "2052" },
|
|
|
|
{ 3 << 4, "4472" },
|
|
|
|
{ 4 << 4, "8144" },
|
|
|
|
{ 5 << 4, "11407" },
|
|
|
|
{ 6 << 4, "17800" },
|
|
|
|
{ 7 << 4, "65535" },
|
|
|
|
{ 0, NULL }
|
1999-07-07 22:52:57 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string direction_vals[] = {
|
|
|
|
{ 0, "From originating station (-->)" },
|
|
|
|
{ 128, "To originating station (<--)" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2001-01-03 10:34:42 +00:00
|
|
|
static dissector_handle_t trmac_handle;
|
|
|
|
static dissector_handle_t llc_handle;
|
2001-11-26 04:52:51 +00:00
|
|
|
static dissector_handle_t data_handle;
|
2001-01-03 10:34:42 +00:00
|
|
|
|
1999-08-27 19:15:38 +00:00
|
|
|
/*
|
|
|
|
* DODGY LINUX HACK DODGY LINUX HACK
|
2002-08-28 21:04:11 +00:00
|
|
|
* Linux 2.0.x always passes frames to the Token Ring driver for transmission with
|
|
|
|
* 18 bytes padding for source routing information. Some drivers copy the first
|
1999-08-27 19:15:38 +00:00
|
|
|
* (18 - srlen) bytes up the frame (18 - srlen) bytes thus removing the padding.
|
|
|
|
* Other drivers just make a copy of the entire frame and then hack about with it
|
|
|
|
* so the frame the sniffer gets is fine (just has extra sr routing).
|
|
|
|
* In the first instance (driver hacking frame in situ) the sniffer gets a garbled
|
|
|
|
* frame.
|
|
|
|
* This function trys to detect this and returns the offset of where
|
|
|
|
* the frame really starts.
|
|
|
|
* This only detects frames that we have sent ourselves so if we are packet sniffing
|
|
|
|
* on the machine we are watching this is useful.
|
|
|
|
* Compare offset 0 with offset x+1 for a length of x bytes for all value of x = 1 to 18
|
2002-08-28 21:04:11 +00:00
|
|
|
* if match then Linux driver has done in situ source route compression of the crappy
|
1999-08-27 19:15:38 +00:00
|
|
|
* Linux 2.0.x frame so the beginning of the real frame is x bytes in.
|
|
|
|
* (And this real frame x bytes in looks like a proper TR frame that goes on the wire
|
|
|
|
* with none of the Linux idiosyncrasies).
|
2003-01-31 07:16:11 +00:00
|
|
|
*
|
|
|
|
* XXX - there should perhaps be a preference setting to turn this off,
|
|
|
|
* as sometimes it can, and does, get a false hit.
|
1999-08-27 19:15:38 +00:00
|
|
|
*/
|
2002-04-14 23:04:04 +00:00
|
|
|
static
|
2000-05-15 06:22:07 +00:00
|
|
|
int check_for_old_linux_tvb(tvbuff_t *tvb)
|
|
|
|
{
|
2001-03-13 21:34:28 +00:00
|
|
|
const guint8 *data;
|
|
|
|
int x, bytes;
|
2000-05-15 06:22:07 +00:00
|
|
|
|
|
|
|
/* Restrict our looping to the boundaries of the frame */
|
|
|
|
bytes = tvb_length(tvb);
|
|
|
|
if (bytes > 19) {
|
|
|
|
bytes = 19;
|
|
|
|
}
|
|
|
|
|
|
|
|
data = tvb_get_ptr(tvb, 0, bytes);
|
|
|
|
|
|
|
|
for(x = 1; x <= bytes-1 ;x++)
|
|
|
|
{
|
|
|
|
if (memcmp(&data[0], &data[x], x) == 0)
|
|
|
|
{
|
|
|
|
return x;
|
|
|
|
}
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
return 0;
|
2000-05-15 06:22:07 +00:00
|
|
|
}
|
|
|
|
|
2002-04-14 23:04:04 +00:00
|
|
|
static
|
2002-08-02 23:36:07 +00:00
|
|
|
int check_for_old_linux(const guchar * pd)
|
1999-08-27 19:15:38 +00:00
|
|
|
{
|
|
|
|
int x;
|
|
|
|
for(x=1;x<=18;x++)
|
|
|
|
{
|
|
|
|
if (memcmp(&pd[0],&pd[x],x) == 0)
|
|
|
|
{
|
|
|
|
return x;
|
|
|
|
}
|
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
return 0;
|
1999-08-27 19:15:38 +00:00
|
|
|
}
|
|
|
|
|
2000-05-15 06:22:07 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
static void
|
2000-05-15 06:22:07 +00:00
|
|
|
add_ring_bridge_pairs(int rcf_len, tvbuff_t*, proto_tree *tree);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-02-09 00:35:38 +00:00
|
|
|
void
|
2002-08-02 23:36:07 +00:00
|
|
|
capture_tr(const guchar *pd, int offset, int len, packet_counts *ld) {
|
1999-02-09 00:35:38 +00:00
|
|
|
|
|
|
|
int source_routed = 0;
|
|
|
|
int frame_type;
|
1999-08-27 19:15:38 +00:00
|
|
|
int x;
|
1999-02-09 00:35:38 +00:00
|
|
|
guint8 trn_rif_bytes;
|
|
|
|
guint8 actual_rif_bytes;
|
2000-10-17 11:05:23 +00:00
|
|
|
guint16 first2_sr;
|
1999-02-09 00:35:38 +00:00
|
|
|
|
|
|
|
/* The trn_hdr struct, as separate variables */
|
|
|
|
guint8 trn_fc; /* field control field */
|
2000-05-04 22:59:27 +00:00
|
|
|
const guint8 *trn_shost; /* source host */
|
1999-02-09 00:35:38 +00:00
|
|
|
|
2001-11-20 21:59:18 +00:00
|
|
|
if (!BYTES_ARE_IN_FRAME(offset, len, TR_MIN_HEADER_LEN)) {
|
1999-09-15 06:26:42 +00:00
|
|
|
ld->other++;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
1999-08-27 19:15:38 +00:00
|
|
|
if ((x = check_for_old_linux(pd)))
|
|
|
|
{
|
|
|
|
/* Actually packet starts x bytes into what we have got but with all
|
2002-08-28 21:04:11 +00:00
|
|
|
source routing compressed
|
1999-08-27 19:15:38 +00:00
|
|
|
*/
|
|
|
|
/* pd = &pd[x]; */ offset+=x;
|
|
|
|
}
|
|
|
|
|
1999-02-09 00:35:38 +00:00
|
|
|
/* get the data */
|
2000-05-04 22:59:27 +00:00
|
|
|
trn_fc = pd[offset + 1];
|
|
|
|
trn_shost = &pd[offset + 8];
|
1999-02-09 00:35:38 +00:00
|
|
|
|
|
|
|
frame_type = (trn_fc & 192) >> 6;
|
|
|
|
|
|
|
|
/* if the high bit on the first byte of src hwaddr is 1, then
|
|
|
|
this packet is source-routed */
|
|
|
|
source_routed = trn_shost[0] & 128;
|
|
|
|
|
1999-08-27 19:15:38 +00:00
|
|
|
trn_rif_bytes = pd[offset + 14] & 31;
|
1999-02-09 00:35:38 +00:00
|
|
|
|
2003-02-08 05:31:05 +00:00
|
|
|
if (fix_linux_botches) {
|
|
|
|
/* the Linux 2.0 TR code strips source-route bits in
|
|
|
|
* order to test for SR. This can be removed from most
|
|
|
|
* packets with oltr, but not all. So, I try to figure out
|
|
|
|
* which packets should have been SR here. I'll check to
|
|
|
|
* see if there's a SNAP or IPX field right after
|
|
|
|
* my RIF fields.
|
|
|
|
*
|
|
|
|
* The Linux 2.4.18 code, at least appears to do the
|
|
|
|
* same thing, from a capture I got from somebody running
|
|
|
|
* 2.4.18 (RH 7.1, so perhaps this is a Red Hat
|
|
|
|
* "improvement").
|
|
|
|
*/
|
|
|
|
if (!source_routed && trn_rif_bytes > 0) {
|
|
|
|
if (pd[offset + 0x0e] != pd[offset + 0x0f]) {
|
|
|
|
first2_sr = pntohs(&pd[offset + 0xe0 + trn_rif_bytes]);
|
|
|
|
if (
|
|
|
|
(first2_sr == 0xaaaa &&
|
|
|
|
pd[offset + 0x10 + trn_rif_bytes] == 0x03) ||
|
2000-10-17 11:05:23 +00:00
|
|
|
|
2003-02-08 05:31:05 +00:00
|
|
|
first2_sr == 0xe0e0 ||
|
|
|
|
first2_sr == 0xe0aa ) {
|
1999-02-09 00:35:38 +00:00
|
|
|
|
2003-02-08 05:31:05 +00:00
|
|
|
source_routed = 1;
|
|
|
|
}
|
2000-10-17 11:05:23 +00:00
|
|
|
}
|
|
|
|
}
|
1999-02-09 00:35:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (source_routed) {
|
|
|
|
actual_rif_bytes = trn_rif_bytes;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
trn_rif_bytes = 0;
|
|
|
|
actual_rif_bytes = 0;
|
|
|
|
}
|
|
|
|
|
2003-02-08 05:31:05 +00:00
|
|
|
if (fix_linux_botches) {
|
|
|
|
/* this is a silly hack for Linux 2.0.x. Read the comment
|
2009-02-02 03:26:49 +00:00
|
|
|
* below about LLC headers. If we're sniffing our own NIC,
|
|
|
|
* we get a full RIF, sometimes with garbage
|
2003-02-08 05:31:05 +00:00
|
|
|
*/
|
|
|
|
if ((source_routed && trn_rif_bytes == 2 && frame_type == 1) ||
|
|
|
|
(!source_routed && frame_type == 1)) {
|
|
|
|
/* look for SNAP or IPX only */
|
|
|
|
if ( (pd[offset + 0x20] == 0xaa && pd[offset + 0x21] == 0xaa && pd[offset + 0x22] == 03) ||
|
|
|
|
(pd[offset + 0x20] == 0xe0 && pd[offset + 0x21] == 0xe0) ) {
|
|
|
|
actual_rif_bytes = 18;
|
|
|
|
} else if (
|
|
|
|
pd[offset + 0x23] == 0 &&
|
|
|
|
pd[offset + 0x24] == 0 &&
|
|
|
|
pd[offset + 0x25] == 0 &&
|
|
|
|
pd[offset + 0x26] == 0x00 &&
|
|
|
|
pd[offset + 0x27] == 0x11) {
|
|
|
|
|
|
|
|
actual_rif_bytes = 18;
|
|
|
|
|
|
|
|
/* Linux 2.0.x also requires drivers pass up
|
|
|
|
* a fake SNAP and LLC header before the
|
|
|
|
* real LLC hdr for all Token Ring frames
|
|
|
|
* that arrive with DSAP and SSAP != 0xAA
|
|
|
|
* (i.e. for non SNAP frames e.g. for Netware
|
|
|
|
* frames) the fake SNAP header has the
|
|
|
|
* ETH_P_TR_802_2 ether type (0x0011) and the protocol id
|
|
|
|
* bytes as zero frame looks like :-
|
|
|
|
* TR Header | Fake LLC | Fake SNAP | Wire LLC | Rest of data
|
|
|
|
*/
|
|
|
|
offset += 8; /* Skip fake LLC and SNAP */
|
|
|
|
}
|
|
|
|
}
|
1999-02-09 00:35:38 +00:00
|
|
|
}
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-05-15 06:22:07 +00:00
|
|
|
offset += actual_rif_bytes + TR_MIN_HEADER_LEN;
|
1999-02-09 00:35:38 +00:00
|
|
|
|
|
|
|
/* The package is either MAC or LLC */
|
|
|
|
switch (frame_type) {
|
|
|
|
/* MAC */
|
|
|
|
case 0:
|
|
|
|
ld->other++;
|
|
|
|
break;
|
|
|
|
case 1:
|
2001-11-20 21:59:18 +00:00
|
|
|
capture_llc(pd, offset, len, ld);
|
1999-02-09 00:35:38 +00:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
/* non-MAC, non-LLC, i.e., "Reserved" */
|
|
|
|
ld->other++;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2001-01-21 20:16:01 +00:00
|
|
|
static void
|
2000-05-15 06:22:07 +00:00
|
|
|
dissect_tr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
1999-07-07 22:52:57 +00:00
|
|
|
proto_tree *tr_tree, *bf_tree;
|
2008-05-15 13:22:06 +00:00
|
|
|
proto_item *ti, *hidden_item;
|
2000-05-15 06:22:07 +00:00
|
|
|
guint8 rcf1, rcf2;
|
2000-05-11 22:04:18 +00:00
|
|
|
tvbuff_t *next_tvb;
|
2000-05-15 06:22:07 +00:00
|
|
|
|
2008-11-22 15:55:01 +00:00
|
|
|
volatile int frame_type;
|
2000-05-15 06:22:07 +00:00
|
|
|
volatile int fixoffset = 0;
|
|
|
|
volatile int source_routed = 0;
|
|
|
|
volatile guint8 trn_rif_bytes;
|
|
|
|
volatile guint8 actual_rif_bytes;
|
2000-10-17 11:05:23 +00:00
|
|
|
volatile guint8 c1_nonsr;
|
|
|
|
volatile guint8 c2_nonsr;
|
|
|
|
volatile guint16 first2_sr;
|
2000-11-13 05:11:16 +00:00
|
|
|
tvbuff_t *volatile tr_tvb;
|
1998-09-17 22:28:07 +00:00
|
|
|
|
2003-01-22 01:17:01 +00:00
|
|
|
static tr_hdr trh_arr[4];
|
|
|
|
static int trh_current=0;
|
2005-01-01 23:11:46 +00:00
|
|
|
tr_hdr *volatile trh;
|
1998-09-17 22:28:07 +00:00
|
|
|
|
|
|
|
/* non-source-routed version of source addr */
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
static guint8 trn_shost_nonsr[6];
|
1999-08-27 19:15:38 +00:00
|
|
|
int x;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
/* Token-Ring Strings */
|
2005-08-05 13:10:58 +00:00
|
|
|
const char *fc[] = { "MAC", "LLC", "Reserved", "Unknown" };
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2003-01-22 01:17:01 +00:00
|
|
|
|
|
|
|
trh_current++;
|
|
|
|
if(trh_current==4){
|
|
|
|
trh_current=0;
|
|
|
|
}
|
|
|
|
trh=&trh_arr[trh_current];
|
|
|
|
|
2009-08-09 06:26:46 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "TR");
|
2000-05-15 06:22:07 +00:00
|
|
|
|
2003-02-08 05:31:05 +00:00
|
|
|
if (fix_linux_botches)
|
|
|
|
x = check_for_old_linux_tvb((tvbuff_t*) tvb);
|
|
|
|
else
|
|
|
|
x = 0;
|
|
|
|
if (x != 0) {
|
1999-08-27 19:15:38 +00:00
|
|
|
/* Actually packet starts x bytes into what we have got but with all
|
|
|
|
source routing compressed. See comment above */
|
2000-05-16 04:44:14 +00:00
|
|
|
tr_tvb = tvb_new_subset((tvbuff_t*) tvb, x, -1, -1);
|
2000-05-15 06:22:07 +00:00
|
|
|
}
|
|
|
|
else {
|
|
|
|
tr_tvb = tvb;
|
1999-08-27 19:15:38 +00:00
|
|
|
}
|
|
|
|
|
2000-05-15 06:22:07 +00:00
|
|
|
/* Get the data */
|
2003-01-22 01:17:01 +00:00
|
|
|
trh->fc = tvb_get_guint8(tr_tvb, 1);
|
2003-08-23 09:09:35 +00:00
|
|
|
SET_ADDRESS(&trh->src, AT_ETHER, 6, tvb_get_ptr(tr_tvb, 8, 6));
|
|
|
|
SET_ADDRESS(&trh->dst, AT_ETHER, 6, tvb_get_ptr(tr_tvb, 2, 6));
|
2000-05-15 06:22:07 +00:00
|
|
|
|
2007-04-25 23:54:54 +00:00
|
|
|
/* if the high bit on the first byte of src hwaddr is 1, then
|
|
|
|
this packet is source-routed */
|
2003-08-23 09:09:35 +00:00
|
|
|
memcpy(trn_shost_nonsr, trh->src.data, 6);
|
2007-04-25 23:54:54 +00:00
|
|
|
source_routed = trn_shost_nonsr[0] & 128;
|
1998-09-17 22:28:07 +00:00
|
|
|
trn_shost_nonsr[0] &= 127;
|
2007-04-25 23:54:54 +00:00
|
|
|
|
2003-01-22 01:17:01 +00:00
|
|
|
frame_type = (trh->fc & 192) >> 6;
|
1998-09-17 22:28:07 +00:00
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "Token-Ring %s", fc[frame_type]);
|
2000-05-15 06:22:07 +00:00
|
|
|
|
|
|
|
trn_rif_bytes = tvb_get_guint8(tr_tvb, 14) & 31;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2003-02-08 05:31:05 +00:00
|
|
|
if (fix_linux_botches) {
|
|
|
|
/* the Linux 2.0 TR code strips source-route bits in
|
|
|
|
* order to test for SR. This can be removed from most
|
|
|
|
* packets with oltr, but not all. So, I try to figure out
|
|
|
|
* which packets should have been SR here. I'll check to
|
|
|
|
* see if there's a SNAP or IPX field right after
|
|
|
|
* my RIF fields.
|
|
|
|
*
|
|
|
|
* The Linux 2.4.18 code, at least appears to do the
|
|
|
|
* same thing, from a capture I got from somebody running
|
|
|
|
* 2.4.18 (RH 7.1, so perhaps this is a Red Hat
|
|
|
|
* "improvement").
|
|
|
|
*/
|
|
|
|
if (frame_type == 1 && !source_routed && trn_rif_bytes > 0) {
|
|
|
|
TRY {
|
|
|
|
|
|
|
|
c1_nonsr = tvb_get_guint8(tr_tvb, 14);
|
|
|
|
c2_nonsr = tvb_get_guint8(tr_tvb, 15);
|
|
|
|
|
|
|
|
if (c1_nonsr != c2_nonsr) {
|
|
|
|
|
|
|
|
first2_sr = tvb_get_ntohs(tr_tvb, trn_rif_bytes + 0x0e);
|
|
|
|
|
|
|
|
if ( ( first2_sr == 0xaaaa &&
|
|
|
|
tvb_get_guint8(tr_tvb, trn_rif_bytes + 0x10) == 0x03) ||
|
|
|
|
|
|
|
|
first2_sr == 0xe0e0 ||
|
|
|
|
first2_sr == 0xe0aa ) {
|
|
|
|
|
|
|
|
source_routed = 1;
|
|
|
|
}
|
2000-05-15 06:22:07 +00:00
|
|
|
}
|
|
|
|
}
|
2003-02-08 05:31:05 +00:00
|
|
|
CATCH(BoundsError) {
|
|
|
|
/* We had no information beyond the TR header. Just assume
|
|
|
|
* this is a normal (non-Linux) TR header. */
|
|
|
|
;
|
|
|
|
}
|
|
|
|
ENDTRY;
|
1998-09-17 22:28:07 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (source_routed) {
|
1998-09-17 22:28:07 +00:00
|
|
|
actual_rif_bytes = trn_rif_bytes;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
1998-09-17 22:28:07 +00:00
|
|
|
else {
|
|
|
|
trn_rif_bytes = 0;
|
|
|
|
actual_rif_bytes = 0;
|
|
|
|
}
|
|
|
|
|
2003-02-08 05:31:05 +00:00
|
|
|
if (fix_linux_botches) {
|
|
|
|
/* this is a silly hack for Linux 2.0.x. Read the comment
|
2009-02-02 03:26:49 +00:00
|
|
|
* below about LLC headers. If we're sniffing our own NIC,
|
|
|
|
* we get a full RIF, sometimes with garbage
|
2003-02-08 05:31:05 +00:00
|
|
|
*/
|
|
|
|
TRY {
|
|
|
|
if (frame_type == 1 && ( (source_routed && trn_rif_bytes == 2) ||
|
|
|
|
!source_routed) ) {
|
|
|
|
/* look for SNAP or IPX only */
|
|
|
|
if (
|
|
|
|
(tvb_get_ntohs(tr_tvb, 0x20) == 0xaaaa &&
|
|
|
|
tvb_get_guint8(tr_tvb, 0x22) == 0x03)
|
|
|
|
||
|
|
|
|
tvb_get_ntohs(tr_tvb, 0x20) == 0xe0e0 ) {
|
|
|
|
|
|
|
|
actual_rif_bytes = 18;
|
|
|
|
}
|
|
|
|
else if (
|
2000-05-15 06:22:07 +00:00
|
|
|
tvb_get_ntohl(tr_tvb, 0x23) == 0 &&
|
|
|
|
tvb_get_guint8(tr_tvb, 0x27) == 0x11) {
|
|
|
|
|
2003-02-08 05:31:05 +00:00
|
|
|
actual_rif_bytes = 18;
|
|
|
|
|
|
|
|
/* Linux 2.0.x also requires drivers
|
|
|
|
* pass up a fake SNAP and LLC header
|
|
|
|
* before the real LLC hdr for all
|
|
|
|
* Token Ring frames that arrive with
|
|
|
|
* DSAP and SSAP != 0xAA
|
|
|
|
* (i.e. for non SNAP frames e.g. for
|
|
|
|
* Netware frames)
|
|
|
|
* the fake SNAP header has the
|
|
|
|
* ETH_P_TR_802_2 ether type (0x0011)
|
|
|
|
* and the protocol id bytes as zero frame looks like :-
|
|
|
|
* TR Header | Fake LLC | Fake SNAP | Wire LLC | Rest of data
|
|
|
|
*/
|
|
|
|
fixoffset += 8; /* Skip fake LLC and SNAP */
|
|
|
|
}
|
2000-05-15 06:22:07 +00:00
|
|
|
}
|
|
|
|
}
|
2003-02-08 05:31:05 +00:00
|
|
|
CATCH(BoundsError) {
|
|
|
|
/* We had no information beyond the TR header. Just assume
|
|
|
|
* this is a normal (non-Linux) TR header. */
|
|
|
|
;
|
|
|
|
}
|
|
|
|
ENDTRY;
|
2000-05-15 06:22:07 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2001-07-03 04:56:46 +00:00
|
|
|
/* XXX - copy it to some buffer associated with "*pinfo", rather than
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
just making "trn_shost_nonsr" static? */
|
2001-07-03 04:56:46 +00:00
|
|
|
SET_ADDRESS(&pinfo->dl_src, AT_ETHER, 6, trn_shost_nonsr);
|
|
|
|
SET_ADDRESS(&pinfo->src, AT_ETHER, 6, trn_shost_nonsr);
|
2003-08-23 09:09:35 +00:00
|
|
|
SET_ADDRESS(&pinfo->dl_dst, AT_ETHER, 6, trh->dst.data);
|
|
|
|
SET_ADDRESS(&pinfo->dst, AT_ETHER, 6, trh->dst.data);
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
|
1998-09-17 22:28:07 +00:00
|
|
|
/* protocol analysis tree */
|
1998-09-16 02:39:15 +00:00
|
|
|
if (tree) {
|
1999-07-07 22:52:57 +00:00
|
|
|
/* Create Token-Ring Tree */
|
2000-05-31 05:09:07 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_tr, tr_tvb, 0, TR_MIN_HEADER_LEN + actual_rif_bytes, FALSE);
|
1999-11-16 11:44:20 +00:00
|
|
|
tr_tree = proto_item_add_subtree(ti, ett_token_ring);
|
1999-06-14 20:30:06 +00:00
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
/* Create the Access Control bitfield tree */
|
2003-01-22 01:17:01 +00:00
|
|
|
trh->ac = tvb_get_guint8(tr_tvb, 0);
|
|
|
|
ti = proto_tree_add_uint(tr_tree, hf_tr_ac, tr_tvb, 0, 1, trh->ac);
|
1999-11-16 11:44:20 +00:00
|
|
|
bf_tree = proto_item_add_subtree(ti, ett_token_ring_ac);
|
1999-06-14 20:30:06 +00:00
|
|
|
|
2003-01-22 01:17:01 +00:00
|
|
|
proto_tree_add_uint(bf_tree, hf_tr_priority, tr_tvb, 0, 1, trh->ac);
|
|
|
|
proto_tree_add_boolean(bf_tree, hf_tr_frame, tr_tvb, 0, 1, trh->ac);
|
|
|
|
proto_tree_add_uint(bf_tree, hf_tr_monitor_cnt, tr_tvb, 0, 1, trh->ac);
|
|
|
|
proto_tree_add_uint(bf_tree, hf_tr_priority_reservation, tr_tvb, 0, 1, trh->ac);
|
1999-06-14 20:30:06 +00:00
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
/* Create the Frame Control bitfield tree */
|
2003-01-22 01:17:01 +00:00
|
|
|
ti = proto_tree_add_uint(tr_tree, hf_tr_fc, tr_tvb, 1, 1, trh->fc);
|
1999-11-16 11:44:20 +00:00
|
|
|
bf_tree = proto_item_add_subtree(ti, ett_token_ring_fc);
|
1999-06-14 20:30:06 +00:00
|
|
|
|
2003-01-22 01:17:01 +00:00
|
|
|
proto_tree_add_uint(bf_tree, hf_tr_fc_type, tr_tvb, 1, 1, trh->fc);
|
|
|
|
proto_tree_add_uint(bf_tree, hf_tr_fc_pcf, tr_tvb, 1, 1, trh->fc);
|
2003-08-23 09:09:35 +00:00
|
|
|
proto_tree_add_ether(tr_tree, hf_tr_dst, tr_tvb, 2, 6, trh->dst.data);
|
|
|
|
proto_tree_add_ether(tr_tree, hf_tr_src, tr_tvb, 8, 6, trh->src.data);
|
2008-05-15 13:22:06 +00:00
|
|
|
hidden_item = proto_tree_add_ether(tr_tree, hf_tr_addr, tr_tvb, 2, 6, trh->dst.data);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
hidden_item = proto_tree_add_ether(tr_tree, hf_tr_addr, tr_tvb, 8, 6, trh->src.data);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
1999-08-27 19:27:22 +00:00
|
|
|
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_boolean(tr_tree, hf_tr_sr, tr_tvb, 8, 1, source_routed);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
/* non-source-routed version of src addr */
|
2008-05-15 13:22:06 +00:00
|
|
|
hidden_item = proto_tree_add_ether(tr_tree, hf_tr_src, tr_tvb, 8, 6, trn_shost_nonsr);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
if (source_routed) {
|
|
|
|
/* RCF Byte 1 */
|
2000-05-15 06:22:07 +00:00
|
|
|
rcf1 = tvb_get_guint8(tr_tvb, 14);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(tr_tree, hf_tr_rif_bytes, tr_tvb, 14, 1, trn_rif_bytes);
|
|
|
|
proto_tree_add_uint(tr_tree, hf_tr_broadcast, tr_tvb, 14, 1, rcf1 & 224);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
/* RCF Byte 2 */
|
2000-05-15 06:22:07 +00:00
|
|
|
rcf2 = tvb_get_guint8(tr_tvb, 15);
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_uint(tr_tree, hf_tr_max_frame_size, tr_tvb, 15, 1, rcf2 & 112);
|
|
|
|
proto_tree_add_uint(tr_tree, hf_tr_direction, tr_tvb, 15, 1, rcf2 & 128);
|
1998-09-16 02:39:15 +00:00
|
|
|
|
|
|
|
/* if we have more than 2 bytes of RIF, then we have
|
|
|
|
ring/bridge pairs */
|
2000-05-15 06:22:07 +00:00
|
|
|
if (trn_rif_bytes > 2) {
|
|
|
|
add_ring_bridge_pairs(trn_rif_bytes, tr_tvb, tr_tree);
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Linux 2.0.x has a problem in that the 802.5 code creates
|
|
|
|
an emtpy full (18-byte) RIF area. It's up to the tr driver to
|
|
|
|
either fill it in or remove it before sending the bytes out
|
|
|
|
to the wire. If you run tcpdump on a Linux 2.0.x machine running
|
|
|
|
token-ring, tcpdump will capture these 18 filler bytes. They
|
|
|
|
are filled with garbage. The best way to detect this problem is
|
|
|
|
to know the src hwaddr of the machine from which you were running
|
|
|
|
tcpdump. W/o that, however, I'm guessing that DSAP == SSAP if the
|
2000-05-15 06:22:07 +00:00
|
|
|
frame type is LLC. It's very much a hack. */
|
1998-09-17 22:28:07 +00:00
|
|
|
if (actual_rif_bytes > trn_rif_bytes) {
|
2000-05-15 06:22:07 +00:00
|
|
|
proto_tree_add_text(tr_tree, tr_tvb, TR_MIN_HEADER_LEN + trn_rif_bytes, actual_rif_bytes - trn_rif_bytes,
|
1998-09-17 22:28:07 +00:00
|
|
|
"Empty RIF from Linux 2.0.x driver. The sniffing NIC "
|
|
|
|
"is also running a protocol stack.");
|
|
|
|
}
|
1999-08-27 19:15:38 +00:00
|
|
|
if (fixoffset) {
|
2000-05-15 06:22:07 +00:00
|
|
|
proto_tree_add_text(tr_tree, tr_tvb, TR_MIN_HEADER_LEN + 18,8,"Linux 2.0.x fake LLC and SNAP header");
|
1999-08-27 19:15:38 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
2000-05-15 06:22:07 +00:00
|
|
|
|
2009-08-16 12:36:22 +00:00
|
|
|
next_tvb = tvb_new_subset_remaining(tr_tvb, TR_MIN_HEADER_LEN + actual_rif_bytes + fixoffset);
|
2000-05-15 06:22:07 +00:00
|
|
|
|
|
|
|
/* The package is either MAC or LLC */
|
|
|
|
switch (frame_type) {
|
|
|
|
/* MAC */
|
|
|
|
case 0:
|
2001-01-03 10:34:42 +00:00
|
|
|
call_dissector(trmac_handle, next_tvb, pinfo, tree);
|
2000-05-15 06:22:07 +00:00
|
|
|
break;
|
|
|
|
case 1:
|
2001-01-03 10:34:42 +00:00
|
|
|
call_dissector(llc_handle, next_tvb, pinfo, tree);
|
2000-05-15 06:22:07 +00:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
/* non-MAC, non-LLC, i.e., "Reserved" */
|
2001-11-26 04:52:51 +00:00
|
|
|
call_dissector(data_handle,next_tvb, pinfo, tree);
|
2000-05-15 06:22:07 +00:00
|
|
|
break;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
2003-01-22 01:17:01 +00:00
|
|
|
|
|
|
|
tap_queue_packet(tr_tap, pinfo, trh);
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* this routine is taken from the Linux net/802/tr.c code, which shows
|
1999-08-20 06:55:20 +00:00
|
|
|
ring-bridge pairs in the /proc/net/tr_rif virtual file. */
|
1998-09-16 02:39:15 +00:00
|
|
|
static void
|
2000-05-15 06:22:07 +00:00
|
|
|
add_ring_bridge_pairs(int rcf_len, tvbuff_t *tvb, proto_tree *tree)
|
1998-09-16 02:39:15 +00:00
|
|
|
{
|
2008-05-15 13:22:06 +00:00
|
|
|
proto_item *hidden_item;
|
1998-09-16 02:39:15 +00:00
|
|
|
int j, size;
|
1999-09-22 05:40:12 +00:00
|
|
|
int segment, brdgnmb, unprocessed_rif;
|
1999-08-10 02:54:59 +00:00
|
|
|
int buff_offset=0;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2000-05-15 06:22:07 +00:00
|
|
|
#define RIF_OFFSET 16
|
|
|
|
#define RIF_BYTES_TO_PROCESS 30
|
1999-09-22 05:40:12 +00:00
|
|
|
|
2005-08-18 08:55:22 +00:00
|
|
|
char *buffer;
|
|
|
|
#define MAX_BUF_LEN 3 + (RIF_BYTES_TO_PROCESS / 2) * 6 + 1
|
1999-09-22 05:40:12 +00:00
|
|
|
|
2005-08-18 08:55:22 +00:00
|
|
|
buffer=ep_alloc(MAX_BUF_LEN);
|
1999-09-22 05:40:12 +00:00
|
|
|
/* Only process so many bytes of RIF, as per TR spec, and not overflow
|
|
|
|
* static buffer above */
|
|
|
|
unprocessed_rif = rcf_len - RIF_BYTES_TO_PROCESS;
|
|
|
|
rcf_len = MIN(rcf_len, RIF_BYTES_TO_PROCESS);
|
|
|
|
|
|
|
|
/* Ignore the 2 RCF bytes, since they don't make up the ring/bride pairs */
|
1998-09-16 02:39:15 +00:00
|
|
|
rcf_len -= 2;
|
|
|
|
|
1999-08-10 02:54:59 +00:00
|
|
|
for(j = 1; j < rcf_len - 1; j += 2) {
|
1998-09-16 02:39:15 +00:00
|
|
|
if (j==1) {
|
2000-05-15 06:22:07 +00:00
|
|
|
segment = tvb_get_ntohs(tvb, RIF_OFFSET) >> 4;
|
2005-08-18 08:55:22 +00:00
|
|
|
size = g_snprintf(buffer, MAX_BUF_LEN, "%03X",segment);
|
2006-01-16 07:59:44 +00:00
|
|
|
size = MIN(size, MAX_BUF_LEN - 1);
|
2008-05-15 13:22:06 +00:00
|
|
|
hidden_item = proto_tree_add_uint(tree, hf_tr_rif_ring, tvb, TR_MIN_HEADER_LEN + 2, 2, segment);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
1998-09-16 02:39:15 +00:00
|
|
|
buff_offset += size;
|
|
|
|
}
|
2000-05-15 06:22:07 +00:00
|
|
|
segment = tvb_get_ntohs(tvb, RIF_OFFSET + 1 + j) >> 4;
|
|
|
|
brdgnmb = tvb_get_guint8(tvb, RIF_OFFSET + j) & 0x0f;
|
2005-08-18 08:55:22 +00:00
|
|
|
size = g_snprintf(buffer+buff_offset, MAX_BUF_LEN-buff_offset, "-%01X-%03X",brdgnmb,segment);
|
2006-01-16 07:59:44 +00:00
|
|
|
size = MIN(size, MAX_BUF_LEN-buff_offset-1);
|
2008-05-15 13:22:06 +00:00
|
|
|
hidden_item = proto_tree_add_uint(tree, hf_tr_rif_ring, tvb, TR_MIN_HEADER_LEN + 3 + j, 2, segment);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
|
|
|
hidden_item = proto_tree_add_uint(tree, hf_tr_rif_bridge, tvb, TR_MIN_HEADER_LEN + 2 + j, 1, brdgnmb);
|
|
|
|
PROTO_ITEM_SET_HIDDEN(hidden_item);
|
2002-08-28 21:04:11 +00:00
|
|
|
buff_offset += size;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
2000-05-31 05:09:07 +00:00
|
|
|
proto_tree_add_string(tree, hf_tr_rif, tvb, TR_MIN_HEADER_LEN + 2, rcf_len, buffer);
|
1999-09-22 05:40:12 +00:00
|
|
|
|
|
|
|
if (unprocessed_rif > 0) {
|
2000-05-15 06:22:07 +00:00
|
|
|
proto_tree_add_text(tree, tvb, TR_MIN_HEADER_LEN + RIF_BYTES_TO_PROCESS, unprocessed_rif,
|
1999-09-22 05:40:12 +00:00
|
|
|
"Extra RIF bytes beyond spec: %d", unprocessed_rif);
|
|
|
|
}
|
1999-07-07 22:52:57 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
void
|
|
|
|
proto_register_tr(void)
|
|
|
|
{
|
1999-07-15 15:33:52 +00:00
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_tr_ac,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Access Control", "tr.ac", FT_UINT8, BASE_HEX, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_priority,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Priority", "tr.priority", FT_UINT8, BASE_DEC, NULL, 0xe0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_frame,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Frame", "tr.frame", FT_BOOLEAN, 8, TFS(&ac_truth), 0x10,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_monitor_cnt,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Monitor Count", "tr.monitor_cnt", FT_UINT8, BASE_DEC, NULL, 0x08,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_priority_reservation,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Priority Reservation","tr.priority_reservation", FT_UINT8, BASE_DEC, NULL, 0x07,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_fc,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Frame Control", "tr.fc", FT_UINT8, BASE_HEX, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_fc_type,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Frame Type", "tr.frame_type", FT_UINT8, BASE_DEC, VALS(frame_vals), 0xc0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_fc_pcf,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Frame PCF", "tr.frame_pcf", FT_UINT8, BASE_DEC, VALS(pcf_vals), 0x0f,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_dst,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Destination", "tr.dst", FT_ETHER, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Destination Hardware Address", HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_src,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source", "tr.src", FT_ETHER, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Source Hardware Address", HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
2000-03-20 22:22:45 +00:00
|
|
|
{ &hf_tr_addr,
|
|
|
|
{ "Source or Destination Address", "tr.addr", FT_ETHER, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Source or Destination Hardware Address", HFILL }},
|
2000-03-20 22:22:45 +00:00
|
|
|
|
1999-07-15 15:33:52 +00:00
|
|
|
{ &hf_tr_sr,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source Routed", "tr.sr", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_rif_bytes,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "RIF Bytes", "tr.rif_bytes", FT_UINT8, BASE_DEC, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
"Number of bytes in Routing Information Fields, including the two bytes of Routing Control Field", HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_broadcast,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Broadcast Type", "tr.broadcast", FT_UINT8, BASE_DEC, VALS(broadcast_vals), 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Type of Token-Ring Broadcast", HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_max_frame_size,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Maximum Frame Size", "tr.max_frame_size", FT_UINT8, BASE_DEC, VALS(max_frame_size_vals),
|
|
|
|
0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_direction,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Direction", "tr.direction", FT_UINT8, BASE_DEC, VALS(direction_vals), 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Direction of RIF", HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_rif,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Ring-Bridge Pairs", "tr.rif", FT_STRING, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"String representing Ring-Bridge Pairs", HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_rif_ring,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "RIF Ring", "tr.rif.ring", FT_UINT16, BASE_HEX, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
{ &hf_tr_rif_bridge,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "RIF Bridge", "tr.rif.bridge", FT_UINT8, BASE_HEX, NULL, 0x0,
|
From Kovarththanan Rajaratnam via bug 3548:
(1) Trailing/leading spaces are removed from 'name's/'blurb's
(2) Duplicate 'blurb's are replaced with NULL
(3) Empty ("") 'blurb's are replaced with NULL
(4) BASE_NONE, NULL, 0x0 are used for 'display', 'strings' and 'bitmask' fields
for FT_NONE, FT_BYTES, FT_IPv4, FT_IPv6, FT_ABSOLUTE_TIME, FT_RELATIVE_TIME,
FT_PROTOCOL, FT_STRING and FT_STRINGZ field types
(5) Only allow non-zero value for 'display' if 'bitmask' is non-zero
svn path=/trunk/; revision=28770
2009-06-18 21:30:42 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-07 22:52:57 +00:00
|
|
|
};
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_token_ring,
|
|
|
|
&ett_token_ring_ac,
|
|
|
|
&ett_token_ring_fc,
|
|
|
|
};
|
2003-02-08 05:31:05 +00:00
|
|
|
module_t *tr_module;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_tr = proto_register_protocol("Token-Ring", "Token-Ring", "tr");
|
1999-07-07 22:52:57 +00:00
|
|
|
proto_register_field_array(proto_tr, hf, array_length(hf));
|
1999-11-16 11:44:20 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2003-02-08 05:31:05 +00:00
|
|
|
|
|
|
|
/* Register configuration options */
|
|
|
|
tr_module = prefs_register_protocol(proto_tr, NULL);
|
|
|
|
prefs_register_bool_preference(tr_module, "fix_linux_botches",
|
|
|
|
"Attempt to compensate for Linux mangling of the link-layer header",
|
|
|
|
"Whether Linux mangling of the link-layer header should be checked for and worked around",
|
|
|
|
&fix_linux_botches);
|
|
|
|
|
2001-01-10 09:07:35 +00:00
|
|
|
register_dissector("tr", dissect_tr, proto_tr);
|
2003-01-22 01:17:01 +00:00
|
|
|
tr_tap=register_tap("tr");
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
2000-11-29 05:16:15 +00:00
|
|
|
void
|
|
|
|
proto_reg_handoff_tr(void)
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t tr_handle;
|
|
|
|
|
2001-01-03 10:34:42 +00:00
|
|
|
/*
|
|
|
|
* Get handles for the TR MAC and LLC dissectors.
|
|
|
|
*/
|
|
|
|
trmac_handle = find_dissector("trmac");
|
|
|
|
llc_handle = find_dissector("llc");
|
2001-11-26 04:52:51 +00:00
|
|
|
data_handle = find_dissector("data");
|
2001-01-03 10:34:42 +00:00
|
|
|
|
2001-12-03 04:00:26 +00:00
|
|
|
tr_handle = find_dissector("tr");
|
|
|
|
dissector_add("wtap_encap", WTAP_ENCAP_TOKEN_RING, tr_handle);
|
2000-11-29 05:16:15 +00:00
|
|
|
}
|