osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Add an X.29 dissector. 

The Q bit in X.25 doesn't mean "this is QLLC traffic", it's just a "this
packet is special" indication.  Have the X.25 dissector pass as the
"private_data" pointer a pointer to a gboolean indicating whether the Q
bit was set or not.  Replace the "decode non-Q-bit traffic as SNA"
option with a "decode traffic as QLLC/SNA if we didn't see the Call
Request packet and thus don't know what it is" option, which hands
traffic to the QLLC dissector for that traffic.  Have the QLLC dissector
hand traffic to the SNA dissector if the Q bit isn't set.

Arrange that we determine whether the Q bit is set regardless of whether
we're building the protocol tree or not.

If we don't just dissect traffic as QLLC/SNA if we didn't see the Call
Request packet, check not only for 0x45 (as an indication that it's
probably IP), check also for NLPID_ISO8473_CLNP and treat that as an
indication that it's probably OSI CLNP.

svn path=/trunk/; revision=6854
This commit is contained in:
Guy Harris 2003-01-06 02:24:57 +00:00
parent 28e7a23569
commit 0551b7030f
5 changed files with 366 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Makefile.am
View File

@ -1,7 +1,7 @@
# Makefile.am
# Automake file for Ethereal
#
# $Id: Makefile.am,v 1.533 2003/01/03 22:31:23 guy Exp $
# $Id: Makefile.am,v 1.534 2003/01/06 02:24:56 guy Exp $
#
# Ethereal - Network traffic analyzer
# By Gerald Combs <gerald@ethereal.com>
@ -381,6 +381,7 @@ DISSECTOR_SRC = \
packet-wtp.c \
packet-x11.c \
packet-x25.c \
packet-x29.c \
packet-xdmcp.c \
packet-xot.c \
packet-xyplex.c \

3
Makefile.nmake
View File

@ -1,7 +1,7 @@
## Makefile for building ethereal.exe with Microsoft C and nmake
## Use: $(MAKE) /$(MAKEFLAGS) -f makefile.nmake
#
# $Id: Makefile.nmake,v 1.267 2003/01/03 22:31:24 guy Exp $
# $Id: Makefile.nmake,v 1.268 2003/01/06 02:24:57 guy Exp $
include config.nmake
include <win32.mak>
@ -324,6 +324,7 @@ DISSECTOR_SRC = \
packet-wtp.c \
packet-x11.c \
packet-x25.c \
packet-x29.c \
packet-xdmcp.c \
packet-xot.c \
packet-xyplex.c \

52
packet-qllc.c
View File

@ -2,7 +2,7 @@
* Routines for QLLC protocol - Qualified? LLC
* Gilbert Ramirez <gram@alumni.rice.edu>
*
* $Id: packet-qllc.c,v 1.7 2002/08/28 21:00:26 jmayer Exp $
* $Id: packet-qllc.c,v 1.8 2003/01/06 02:24:57 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -30,13 +30,14 @@
#include <glib.h>
#include <epan/packet.h>
static int proto_qllc = -1;
static int hf_qllc_address = -1;
static int hf_qllc_control = -1;
static gint ett_qllc = -1;
static dissector_handle_t sna_handle;
#define QSM 0x93
#define QDISC 0x53
#define QXID 0xbf
@ -75,29 +76,36 @@ static const value_string qllc_control_vals[] = {
static void
dissect_qllc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
proto_tree *qllc_tree = NULL;
proto_item *qllc_ti = NULL;
guint8 address, ctrl;
gboolean command = FALSE;
proto_tree *qllc_tree = NULL;
proto_item *qllc_ti = NULL;
gboolean *q_bit_set = pinfo->private_data;
guint8 address, ctrl;
gboolean command = FALSE;
/* Summary information */
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "QLLC");
if (check_col(pinfo->cinfo, COL_INFO))
col_clear(pinfo->cinfo, COL_INFO);
/*
* If the Q bit isn't set, this is just SNA data.
*/
if (!(*q_bit_set)) {
call_dissector(sna_handle, tvb, pinfo, tree);
return;
}
if (tree) {
qllc_ti = proto_tree_add_item(tree, proto_qllc, tvb, 0, -1,
FALSE);
qllc_tree = proto_item_add_subtree(qllc_ti, ett_qllc);
/* Summary information */
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "QLLC");
if (check_col(pinfo->cinfo, COL_INFO))
col_clear(pinfo->cinfo, COL_INFO);
if (tree) {
qllc_ti = proto_tree_add_item(tree, proto_qllc, tvb, 0, -1, FALSE);
qllc_tree = proto_item_add_subtree(qllc_ti, ett_qllc);
}
/* Get the address; we need it to determine if this is a
* COMMAND or a RESPONSE */
address = tvb_get_guint8(tvb, 0);
if (tree) {
proto_tree_add_item(qllc_tree, hf_qllc_address, tvb, 0, 1, FALSE);
proto_tree_add_item(qllc_tree, hf_qllc_address, tvb, 0, 1, FALSE);
}
/* The address field equals X'FF' in commands (except QRR)
@ -155,22 +163,19 @@ dissect_qllc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
if (ctrl == QXID || ctrl == QTEST || ctrl == QFRMR) {
/* yes */
}
}
void
proto_register_qllc(void)
{
static hf_register_info hf[] = {
{ &hf_qllc_address,
{ &hf_qllc_address,
{ "Address Field", "qllc.address", FT_UINT8, BASE_HEX, NULL, 0x0,
"", HFILL }},
{ &hf_qllc_control,
{ "Control Field", "qllc.control", FT_UINT8, BASE_HEX,
VALS(qllc_control_vals), 0x0, "", HFILL }},
VALS(qllc_control_vals), 0x0, "", HFILL }},
};
static gint *ett[] = {
@ -184,3 +189,8 @@ proto_register_qllc(void)
register_dissector("qllc", dissect_qllc, proto_qllc);
}
void
proto_reg_handoff_qllc(void)
{
sna_handle = find_dissector("sna");
}

81
packet-x25.c
View File

@ -1,8 +1,8 @@
/* packet-x25.c
* Routines for x25 packet disassembly
* Routines for X.25 packet disassembly
* Olivier Abad <oabad@noos.fr>
*
* $Id: packet-x25.c,v 1.71 2002/11/08 01:00:04 guy Exp $
* $Id: packet-x25.c,v 1.72 2003/01/06 02:24:57 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
@ -160,13 +160,13 @@ static const value_string vals_x25_type[] = {
};
static dissector_handle_t ip_handle;
static dissector_handle_t clnp_handle;
static dissector_handle_t ositp_handle;
static dissector_handle_t sna_handle;
static dissector_handle_t qllc_handle;
static dissector_handle_t data_handle;
/* Preferences */
static gboolean non_q_bit_is_sna = FALSE;
static gboolean payload_is_qllc_sna = FALSE;
static dissector_table_t x25_subdissector_table;
static heur_dissector_list_t x25_heur_subdissector_list;
@ -1406,6 +1406,7 @@ dissect_x25_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
char *short_name = NULL, *long_name = NULL;
tvbuff_t *next_tvb;
gboolean q_bit_set = FALSE;
void *saved_private_data;
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "X.25");
@ -1433,6 +1434,10 @@ dissect_x25_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
}
pkt_type = tvb_get_guint8(tvb, 2);
if ((pkt_type & 0x01) == X25_DATA) {
if (bytes0_1 & 0x8000)
q_bit_set = TRUE;
}
if (tree) {
ti = proto_tree_add_item(tree, proto_x25, tvb, 0, x25_pkt_len, FALSE);
@ -1443,9 +1448,6 @@ dissect_x25_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
if ((pkt_type & 0x01) == X25_DATA) {
proto_tree_add_boolean(gfi_tree, hf_x25_qbit, tvb, 0, 2,
bytes0_1);
if (bytes0_1 & 0x8000) {
q_bit_set = TRUE;
}
}
else if (pkt_type == X25_CALL_REQUEST ||
pkt_type == X25_CALL_ACCEPTED ||
@ -1676,7 +1678,7 @@ dissect_x25_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
case PRT_ID_ISO_8073:
/* ISO 8073 COTP */
x25_hash_add_proto_start(vc, pinfo->fd->num, ositp_handle);
/* XXX - disssect the rest of the user data as COTP?
/* XXX - dissect the rest of the user data as COTP?
That needs support for NCM TPDUs, etc. */
break;
@ -1698,10 +1700,12 @@ dissect_x25_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
localoffset++;
/*
* What's the dissector handle for this SPI?
* Is there a dissector handle for this SPI?
* If so, assign it to this virtual circuit.
*/
dissect = dissector_get_port_handle(x25_subdissector_table, spi);
x25_hash_add_proto_start(vc, pinfo->fd->num, dissect);
if (dissect != NULL)
x25_hash_add_proto_start(vc, pinfo->fd->num, dissect);
}
if (localoffset < tvb_length(tvb)) {
if (userdata_tree) {
@ -2118,40 +2122,53 @@ dissect_x25_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
next_tvb = tvb_new_subset(tvb, localoffset, -1, -1);
/* QLLC ? */
if (q_bit_set) {
call_dissector(qllc_handle, next_tvb, pinfo, tree);
return;
}
saved_private_data = pinfo->private_data;
pinfo->private_data = &q_bit_set;
/* See if there's already a dissector for this circuit. */
if (try_circuit_dissector(CT_X25, vc, pinfo->fd->num, next_tvb, pinfo, tree))
return; /* found it and dissected it */
if (try_circuit_dissector(CT_X25, vc, pinfo->fd->num, next_tvb, pinfo,
tree)) {
pinfo->private_data = saved_private_data;
return; /* found it and dissected it */
}
/* Did the user suggest SNA-over-X.25? */
if (non_q_bit_is_sna) {
/* Yes - dissect it as SNA. */
x25_hash_add_proto_start(vc, pinfo->fd->num, sna_handle);
call_dissector(sna_handle, next_tvb, pinfo, tree);
/* Did the user suggest QLLC/SNA? */
if (payload_is_qllc_sna) {
/* Yes - dissect it as QLLC/SNA. */
x25_hash_add_proto_start(vc, pinfo->fd->num, qllc_handle);
call_dissector(qllc_handle, next_tvb, pinfo, tree);
pinfo->private_data = saved_private_data;
return;
}
/* If the Call Req. has not been captured, and the payload begins
with what appears to be an IP header, assume these packets carry
IP */
if (tvb_get_guint8(tvb, localoffset) == 0x45) {
/* If the Call Req. has not been captured, let's look at the first
byte of the payload to see if this looks like IP or CLNP. */
switch (tvb_get_guint8(tvb, localoffset)) {
case 0x45:
/* Looks like an IP header */
x25_hash_add_proto_start(vc, pinfo->fd->num, ip_handle);
call_dissector(ip_handle, next_tvb, pinfo, tree);
pinfo->private_data = saved_private_data;
return;
case NLPID_ISO8473_CLNP:
x25_hash_add_proto_start(vc, pinfo->fd->num, clnp_handle);
call_dissector(clnp_handle, next_tvb, pinfo, tree);
pinfo->private_data = saved_private_data;
return;
}
/* Try the heuristic dissectors. */
if (dissector_try_heuristic(x25_heur_subdissector_list, next_tvb, pinfo,
tree))
tree)) {
pinfo->private_data = saved_private_data;
return;
}
/* All else failed; dissect it as raw data */
call_dissector(data_handle, next_tvb, pinfo, tree);
pinfo->private_data = saved_private_data;
}
/*
@ -2264,9 +2281,11 @@ proto_register_x25(void)
/* Preferences */
x25_module = prefs_register_protocol(proto_x25, NULL);
prefs_register_bool_preference(x25_module, "non_q_bit_is_sna",
"When Q-bit is 0, payload is SNA", "When Q-bit is 0, payload is SNA",
&non_q_bit_is_sna);
prefs_register_obsolete_preference(x25_module, "non_q_bit_is_sna");
prefs_register_bool_preference(x25_module, "payload_is_qllc_sna",
"Default to QLLC/SNA",
"If CALL REQUEST not seen or didn't specify protocol, dissect as QLLC/SNA",
&payload_is_qllc_sna);
}
void
@ -2278,8 +2297,8 @@ proto_reg_handoff_x25(void)
* Get handles for various dissectors.
*/
ip_handle = find_dissector("ip");
clnp_handle = find_dissector("clnp");
ositp_handle = find_dissector("ositp");
sna_handle = find_dissector("sna");
qllc_handle = find_dissector("qllc");
data_handle = find_dissector("data");

281
packet-x29.c Normal file
View File

@ -0,0 +1,281 @@
/* packet-x29.c
* Routines for X.29 packet dissection
*
* $Id: packet-x29.c,v 1.1 2003/01/06 02:24:57 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdio.h>
#include <string.h>
#include <glib.h>
#include <epan/packet.h>
#include <epan/strutil.h>
#include "nlpid.h"
static int proto_x29 = -1;
static int hf_msg_code = -1;
static int hf_error_type = -1;
static int hf_inv_msg_code = -1;
static gint ett_x29 = -1;
/*
* PAD messages.
*/
#define SET_MSG 0x02
#define READ_MSG 0x04
#define SET_AND_READ_MSG 0x06
#define PARAMETER_IND_MSG 0x00
#define INV_TO_CLEAR_MSG 0x01
#define BREAK_IND_MSG 0x03
#define RESELECTION_MSG 0x07
#define ERROR_MSG 0x05
#define RESEL_WITH_TOA_NPI_MSG 0x08
static const value_string message_code_vals[] = {
{ SET_MSG, "Set" },
{ READ_MSG, "Read" },
{ SET_AND_READ_MSG, "Set and read" },
{ PARAMETER_IND_MSG, "Parameter indication" },
{ INV_TO_CLEAR_MSG, "Invitation to clear" },
{ BREAK_IND_MSG, "Indication of break" },
{ RESELECTION_MSG, "Reselection" },
{ ERROR_MSG, "Error" },
{ RESEL_WITH_TOA_NPI_MSG, "Reselection with TOA/NPI" },
{ 0, NULL }
};
static const value_string error_type_vals[] = {
{ 0x00, "Received PAD message contained less than eight bits" },
{ 0x02, "Unrecognized message code in received PAD message" },
{ 0x04, "Parameter field format was incorrect or incompatible with message code" },
{ 0x06, "Received PAD message did not contain an integral number of octets" },
{ 0x08, "Received Parameter Indication PAD message was unsolicited" },
{ 0x0A, "Received PAD message was too long" },
{ 0x0C, "Unauthorized reselection PAD message" },
{ 0, NULL },
};
static void
dissect_x29(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
int offset = 0;
proto_tree *x29_tree = NULL;
proto_item *ti;
gboolean *q_bit_set = pinfo->private_data;
guint8 msg_code;
guint8 error_type;
guint8 type_ref;
gint next_offset;
int linelen;
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "X.29");
if (check_col(pinfo->cinfo, COL_INFO))
col_clear(pinfo->cinfo, COL_INFO);
if (tree) {
ti = proto_tree_add_item(tree, proto_x29, tvb, offset, -1,
FALSE);
x29_tree = proto_item_add_subtree(ti, ett_x29);
}
if (*q_bit_set) {
/*
* Q bit set - this is a PAD message.
*/
msg_code = tvb_get_guint8(tvb, offset);
if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "%s PAD message",
val_to_str(msg_code, message_code_vals,
"Unknown (0x%02x)"));
}
proto_tree_add_uint(x29_tree, hf_msg_code, tvb,
offset, 1, msg_code);
offset++;
switch (msg_code) {
case SET_MSG:
case READ_MSG:
case SET_AND_READ_MSG:
case PARAMETER_IND_MSG:
/*
* XXX - dissect the references as per X.3.
*/
while (tvb_reported_length_remaining(tvb, offset) > 0) {
proto_tree_add_text(x29_tree, tvb, offset, 2,
"Parameter %u, value %u",
tvb_get_guint8(tvb, offset),
tvb_get_guint8(tvb, offset + 1));
offset += 2;
}
break;
case INV_TO_CLEAR_MSG:
/*
* No data for this message.
*/
break;
case ERROR_MSG:
error_type = tvb_get_guint8(tvb, offset);
proto_tree_add_uint(x29_tree, hf_error_type, tvb,
offset, 1, error_type);
offset++;
if (error_type != 0) {
proto_tree_add_item(x29_tree, hf_inv_msg_code,
tvb, offset, 1, FALSE);
}
break;
case BREAK_IND_MSG:
if (tvb_reported_length_remaining(tvb, offset) > 0) {
type_ref = tvb_get_guint8(tvb, offset);
switch (type_ref) {
case 0x01: /* change in PAD Aspect */
/*
* XXX - dissect as per X.28.
*/
proto_tree_add_text(x29_tree, tvb,
offset, 1, "Type reference: Change in PAD Aspect");
offset++;
proto_tree_add_text(x29_tree, tvb,
offset, 1, "Type of aspect: 0x%02x",
type_ref);
offset++;
break;
case 0x08: /* break */
proto_tree_add_text(x29_tree, tvb,
offset, 1, "Type reference: Break");
offset++;
proto_tree_add_text(x29_tree, tvb,
offset, 1, "Break value: 0x%02x",
type_ref);
offset++;
break;
default:
proto_tree_add_text(x29_tree, tvb,
offset, 1, "Unknown type reference (0x%02x)",
type_ref);
offset++;
proto_tree_add_text(x29_tree, tvb,
offset, 1, "Type value: 0x%02x",
type_ref);
offset++;
break;
}
}
break;
case RESELECTION_MSG:
/*
* XXX - dissect me.
*/
proto_tree_add_text(x29_tree, tvb, offset, -1,
"Reselection message data");
break;
case RESEL_WITH_TOA_NPI_MSG:
/*
* XXX - dissect me.
*/
proto_tree_add_text(x29_tree, tvb, offset, -1,
"Reselection message data");
break;
default:
proto_tree_add_text(x29_tree, tvb, offset, -1,
"PAD message data");
break;
}
} else {
/*
* Q bit not set - this is data.
*/
if (check_col(pinfo->cinfo, COL_INFO))
col_add_fstr(pinfo->cinfo, COL_INFO, "Data ...");
if (tree) {
while (tvb_offset_exists(tvb, offset)) {
/*
* Find the end of the line.
*/
linelen = tvb_find_line_end(tvb, offset, -1,
&next_offset, FALSE);
/*
* Now compute the length of the line
* *including* the end-of-line indication,
* if any; we display it all.
*/
linelen = next_offset - offset;
proto_tree_add_text(x29_tree, tvb, offset,
linelen, "Data: %s",
tvb_format_text(tvb, offset, linelen));
offset = next_offset;
}
}
}
}
void
proto_register_x29(void)
{
static hf_register_info hf[] = {
{ &hf_msg_code,
{ "Message code", "x29.msg_code", FT_UINT8, BASE_HEX,
VALS(message_code_vals), 0x0, "X.29 PAD message code",
HFILL }},
{ &hf_error_type,
{ "Error type", "x29.error_type", FT_UINT8, BASE_HEX,
VALS(error_type_vals), 0x0, "X.29 error PAD message error type",
HFILL }},
{ &hf_inv_msg_code,
{ "Invalid message code", "x29.inv_msg_code", FT_UINT8, BASE_HEX,
VALS(message_code_vals), 0x0, "X.29 Error PAD message invalid message code",
HFILL }},
};
static gint *ett[] = {
&ett_x29,
};
proto_x29 = proto_register_protocol("X.29", "X.29", "x.29");
proto_register_field_array(proto_x29, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
}
void
proto_reg_handoff_x29(void)
{
dissector_handle_t x29_handle;
x29_handle = create_dissector_handle(dissect_x29, proto_x29);
dissector_add("x.25.spi", NLPID_SPI_X_29, x29_handle);
}