1999-10-20 22:41:12 +00:00
|
|
|
/* packet-vlan.c
|
|
|
|
* Routines for VLAN 802.1Q ethernet header disassembly
|
|
|
|
*
|
2001-01-18 07:44:41 +00:00
|
|
|
* $Id: packet-vlan.c,v 1.30 2001/01/18 07:44:39 guy Exp $
|
1999-10-20 22:41:12 +00:00
|
|
|
*
|
|
|
|
* Ethereal - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@zing.org>
|
|
|
|
* Copyright 1998 Gerald Combs
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_SYS_TYPES_H
|
|
|
|
# include <sys/types.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef HAVE_NETINET_IN_H
|
|
|
|
# include <netinet/in.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <glib.h>
|
|
|
|
#include "packet.h"
|
2000-02-15 21:06:58 +00:00
|
|
|
#include "packet-ipx.h"
|
|
|
|
#include "packet-llc.h"
|
1999-12-03 21:28:11 +00:00
|
|
|
#include "etypes.h"
|
1999-10-20 22:41:12 +00:00
|
|
|
|
|
|
|
static int proto_vlan = -1;
|
|
|
|
static int hf_vlan_priority = -1;
|
|
|
|
static int hf_vlan_cfi = -1;
|
2000-11-12 05:58:34 +00:00
|
|
|
static int hf_vlan_id = -1;
|
|
|
|
static int hf_vlan_etype = -1;
|
|
|
|
static int hf_vlan_len = -1;
|
2000-11-13 04:44:14 +00:00
|
|
|
static int hf_vlan_trailer = -1;
|
1999-10-20 22:41:12 +00:00
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_vlan = -1;
|
|
|
|
|
2001-01-09 09:59:28 +00:00
|
|
|
static dissector_handle_t ipx_handle;
|
2001-01-03 10:34:42 +00:00
|
|
|
static dissector_handle_t llc_handle;
|
|
|
|
|
1999-12-05 20:05:45 +00:00
|
|
|
void
|
2000-01-23 08:55:37 +00:00
|
|
|
capture_vlan(const u_char *pd, int offset, packet_counts *ld ) {
|
1999-12-05 20:05:45 +00:00
|
|
|
guint32 encap_proto;
|
|
|
|
if ( !BYTES_ARE_IN_FRAME(offset,5) ) {
|
2000-01-23 08:55:37 +00:00
|
|
|
ld->other++;
|
1999-12-05 20:05:45 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
encap_proto = pntohs( &pd[offset+2] );
|
|
|
|
if ( encap_proto <= IEEE_802_3_MAX_LEN) {
|
|
|
|
if ( pd[offset+4] == 0xff && pd[offset+5] == 0xff ) {
|
2000-01-23 08:55:37 +00:00
|
|
|
capture_ipx(pd,offset+4,ld);
|
1999-12-05 20:05:45 +00:00
|
|
|
} else {
|
2000-01-23 08:55:37 +00:00
|
|
|
capture_llc(pd,offset+4,ld);
|
1999-12-05 20:05:45 +00:00
|
|
|
}
|
|
|
|
} else {
|
2000-01-23 08:55:37 +00:00
|
|
|
capture_ethertype(encap_proto, offset+4, pd, ld);
|
1999-12-05 20:05:45 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2000-04-16 22:59:37 +00:00
|
|
|
static void
|
2000-11-13 04:44:14 +00:00
|
|
|
dissect_vlan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
|
|
|
proto_tree *ti;
|
1999-11-05 18:50:52 +00:00
|
|
|
guint16 tci,encap_proto;
|
2000-11-13 04:44:14 +00:00
|
|
|
volatile gboolean is_802_2;
|
|
|
|
tvbuff_t *volatile next_tvb;
|
|
|
|
tvbuff_t *volatile trailer_tvb;
|
|
|
|
proto_tree *volatile vlan_tree;
|
1999-10-20 22:41:12 +00:00
|
|
|
|
2000-11-12 05:43:26 +00:00
|
|
|
CHECK_DISPLAY_AS_DATA(proto_vlan, tvb, pinfo, tree);
|
Add the "Edit:Protocols..." feature which currently only implements
the following:
It is now possible to enable/disable a particular protocol decoding
(i.e. the protocol dissector is void or not). When a protocol
is disabled, it is displayed as Data and of course, all linked
sub-protocols are disabled as well.
Disabling a protocol could be interesting:
- in case of buggy dissectors
- in case of wrong heuristics
- for performance reasons
- to decode the data as another protocol (TODO)
Currently (if I am not wrong), all dissectors but NFS can be disabled
(and dissectors that do not register protocols :-)
I do not like the way the RPC sub-dissectors are disabled (in the
sub-dissectors) since this could be done in the RPC dissector itself,
knowing the sub-protocol hfinfo entry (this is why, I've not modified
the NFS one yet).
Two functions are added in proto.c :
gboolean proto_is_protocol_enabled(int n);
void proto_set_decoding(int n, gboolean enabled);
and two MACROs which can be used in dissectors:
OLD_CHECK_DISPLAY_AS_DATA(index, pd, offset, fd, tree)
CHECK_DISPLAY_AS_DATA(index, tvb, pinfo, tree)
See also the XXX in proto_dlg.c and proto.c around the new functions.
svn path=/trunk/; revision=2267
2000-08-13 14:09:15 +00:00
|
|
|
|
2000-11-12 05:43:26 +00:00
|
|
|
pinfo->current_proto = "VLAN";
|
1999-10-20 22:41:12 +00:00
|
|
|
|
2000-11-12 05:43:26 +00:00
|
|
|
if (check_col(pinfo->fd, COL_PROTOCOL))
|
2000-11-19 08:54:37 +00:00
|
|
|
col_set_str(pinfo->fd, COL_PROTOCOL, "VLAN");
|
1999-10-20 22:41:12 +00:00
|
|
|
|
2000-11-12 05:43:26 +00:00
|
|
|
tci = tvb_get_ntohs( tvb, 0 );
|
|
|
|
encap_proto = tvb_get_ntohs( tvb, 2 );
|
1999-11-05 18:50:52 +00:00
|
|
|
|
2000-11-12 05:43:26 +00:00
|
|
|
if (check_col(pinfo->fd, COL_INFO)) {
|
|
|
|
col_add_fstr(pinfo->fd, COL_INFO, "PRI: %d CFI: %d ID: %d",
|
1999-11-05 18:50:52 +00:00
|
|
|
(tci >> 13), ((tci >> 12) & 1), (tci & 0xFFF));
|
1999-10-20 22:41:12 +00:00
|
|
|
}
|
|
|
|
|
2000-11-13 04:44:14 +00:00
|
|
|
vlan_tree = NULL;
|
|
|
|
|
1999-10-20 22:41:12 +00:00
|
|
|
if (tree) {
|
2000-11-12 05:43:26 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_vlan, tvb, 0, 4, FALSE);
|
1999-11-16 11:44:20 +00:00
|
|
|
vlan_tree = proto_item_add_subtree(ti, ett_vlan);
|
1999-10-20 22:41:12 +00:00
|
|
|
|
2000-11-12 05:43:26 +00:00
|
|
|
proto_tree_add_uint(vlan_tree, hf_vlan_priority, tvb, 0, 2, tci);
|
|
|
|
proto_tree_add_uint(vlan_tree, hf_vlan_cfi, tvb, 0, 2, tci);
|
|
|
|
proto_tree_add_uint(vlan_tree, hf_vlan_id, tvb, 0, 2, tci);
|
1999-10-20 22:41:12 +00:00
|
|
|
}
|
|
|
|
|
1999-12-03 21:28:11 +00:00
|
|
|
if ( encap_proto <= IEEE_802_3_MAX_LEN) {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
/* Give the next dissector only 'encap_proto' number of bytes */
|
2000-11-12 05:58:34 +00:00
|
|
|
proto_tree_add_uint(vlan_tree, hf_vlan_len, tvb, 2, 2, encap_proto);
|
2000-11-13 04:44:14 +00:00
|
|
|
TRY {
|
|
|
|
next_tvb = tvb_new_subset(tvb, 4, encap_proto, encap_proto);
|
|
|
|
trailer_tvb = tvb_new_subset(tvb, 4 + encap_proto, -1, -1);
|
|
|
|
}
|
|
|
|
CATCH2(BoundsError, ReportedBoundsError) {
|
2000-11-13 05:22:58 +00:00
|
|
|
/* Either:
|
|
|
|
|
|
|
|
the packet doesn't have "encap_proto" bytes worth of
|
|
|
|
captured data left in it - or it may not even have
|
|
|
|
"encap_proto" bytes worth of data in it, period -
|
|
|
|
so the "tvb_new_subset()" creating "next_tvb"
|
|
|
|
threw an exception
|
|
|
|
|
|
|
|
or
|
|
|
|
|
|
|
|
the packet has exactly "encap_proto" bytes worth of
|
|
|
|
captured data left in it, so the "tvb_new_subset()"
|
|
|
|
creating "trailer_tvb" threw an exception.
|
|
|
|
|
|
|
|
In either case, this means that all the data in the frame
|
|
|
|
is within the length value, so we give all the data to the
|
|
|
|
next protocol and have no trailer. */
|
2000-11-13 04:44:14 +00:00
|
|
|
next_tvb = tvb_new_subset(tvb, 4, -1, encap_proto);
|
2000-11-13 05:22:58 +00:00
|
|
|
trailer_tvb = NULL;
|
2000-11-13 04:44:14 +00:00
|
|
|
}
|
|
|
|
ENDTRY;
|
|
|
|
|
|
|
|
/* Is there an 802.2 layer? I can tell by looking at the first 2
|
|
|
|
bytes after the VLAN header. If they are 0xffff, then what
|
|
|
|
follows the VLAN header is an IPX payload, meaning no 802.2.
|
|
|
|
(IPX/SPX is they only thing that can be contained inside a
|
|
|
|
straight 802.3 packet, so presumably the same applies for
|
|
|
|
Ethernet VLAN packets). A non-0xffff value means that there's an
|
|
|
|
802.2 layer inside the VLAN layer */
|
|
|
|
is_802_2 = TRUE;
|
|
|
|
TRY {
|
|
|
|
if (tvb_get_ntohs(next_tvb, 2) == 0xffff) {
|
|
|
|
is_802_2 = FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
CATCH2(BoundsError, ReportedBoundsError) {
|
|
|
|
; /* do nothing */
|
|
|
|
|
|
|
|
}
|
|
|
|
ENDTRY;
|
|
|
|
if (is_802_2 ) {
|
|
|
|
/* 802.2 LLC */
|
2001-01-03 10:34:42 +00:00
|
|
|
call_dissector(llc_handle, next_tvb, pinfo, tree);
|
2000-11-13 04:44:14 +00:00
|
|
|
} else {
|
2001-01-09 09:59:28 +00:00
|
|
|
call_dissector(ipx_handle, next_tvb, pinfo, tree);
|
2000-11-13 04:44:14 +00:00
|
|
|
}
|
|
|
|
|
2001-01-18 07:44:41 +00:00
|
|
|
/* If there's some bytes left over, mark them. */
|
|
|
|
if (trailer_tvb && tree) {
|
|
|
|
int trailer_length;
|
|
|
|
const guint8 *ptr;
|
2000-11-13 04:44:14 +00:00
|
|
|
|
2001-01-18 07:44:41 +00:00
|
|
|
trailer_length = tvb_length(trailer_tvb);
|
|
|
|
if (trailer_length > 0) {
|
|
|
|
ptr = tvb_get_ptr(trailer_tvb, 0, trailer_length);
|
|
|
|
proto_tree_add_bytes(vlan_tree, hf_vlan_trailer, trailer_tvb, 0,
|
|
|
|
trailer_length, ptr);
|
|
|
|
}
|
1999-12-03 21:28:11 +00:00
|
|
|
}
|
2001-01-18 07:44:41 +00:00
|
|
|
} else {
|
|
|
|
ethertype(encap_proto, tvb, 4, pinfo, tree, vlan_tree,
|
|
|
|
hf_vlan_etype, hf_vlan_trailer);
|
1999-12-03 21:28:11 +00:00
|
|
|
}
|
1999-10-20 22:41:12 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_vlan(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_vlan_priority, {
|
1999-11-10 05:42:06 +00:00
|
|
|
"Priority", "vlan.priority", FT_UINT16, BASE_BIN,
|
1999-10-20 22:41:12 +00:00
|
|
|
0, 0xE000, "Priority" }},
|
|
|
|
{ &hf_vlan_cfi, {
|
1999-11-10 05:42:06 +00:00
|
|
|
"CFI", "vlan.cfi", FT_UINT16, BASE_BIN,
|
2000-11-12 05:58:34 +00:00
|
|
|
0, 0x1000, "CFI" }}, /* XXX - Boolean? */
|
1999-10-20 22:41:12 +00:00
|
|
|
{ &hf_vlan_id, {
|
1999-11-10 05:42:06 +00:00
|
|
|
"ID", "vlan.id", FT_UINT16, BASE_BIN,
|
1999-10-20 22:41:12 +00:00
|
|
|
0, 0x0FFF, "ID" }},
|
2000-11-12 05:58:34 +00:00
|
|
|
{ &hf_vlan_etype, {
|
|
|
|
"Type", "vlan.etype", FT_UINT16, BASE_HEX,
|
|
|
|
VALS(etype_vals), 0x0, "Type" }},
|
|
|
|
{ &hf_vlan_len, {
|
|
|
|
"Length", "vlan.len", FT_UINT16, BASE_DEC,
|
2000-11-13 04:44:14 +00:00
|
|
|
NULL, 0x0, "Length" }},
|
|
|
|
{ &hf_vlan_trailer, {
|
|
|
|
"Trailer", "vlan.trailer", FT_BYTES, BASE_NONE,
|
|
|
|
NULL, 0x0, "VLAN Trailer" }}
|
1999-10-20 22:41:12 +00:00
|
|
|
};
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_vlan,
|
|
|
|
};
|
1999-10-20 22:41:12 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_vlan = proto_register_protocol("802.1q Virtual LAN", "VLAN", "vlan");
|
1999-10-20 22:41:12 +00:00
|
|
|
proto_register_field_array(proto_vlan, hf, array_length(hf));
|
1999-11-16 11:44:20 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
1999-10-20 22:41:12 +00:00
|
|
|
}
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_vlan(void)
|
|
|
|
{
|
2001-01-03 10:34:42 +00:00
|
|
|
/*
|
2001-01-09 09:59:28 +00:00
|
|
|
* Get handles for the IPX and LLC dissectors.
|
2001-01-03 10:34:42 +00:00
|
|
|
*/
|
|
|
|
llc_handle = find_dissector("llc");
|
2001-01-09 09:59:28 +00:00
|
|
|
ipx_handle = find_dissector("ipx");
|
2001-01-03 10:34:42 +00:00
|
|
|
|
2001-01-09 06:32:10 +00:00
|
|
|
dissector_add("ethertype", ETHERTYPE_VLAN, dissect_vlan, proto_vlan);
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
}
|