osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/epan/dissectors/packet-vlan.c

483 lines
16 KiB
C
Raw Blame History

/* packet-vlan.c
* Routines for VLAN 802.1Q ethernet header disassembly
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "config.h"
#include <epan/packet.h>
#include <epan/capture_dissectors.h>
#include <wsutil/pint.h>
#include <epan/expert.h>
#include "packet-ieee8023.h"
#include "packet-ipx.h"
#include "packet-llc.h"
#include <epan/etypes.h>
#include <epan/prefs.h>
#include <epan/to_str.h>
#include <epan/addr_resolv.h>
#include <epan/proto_data.h>
void proto_register_vlan(void);
void proto_reg_handoff_vlan(void);
static unsigned int q_in_q_ethertype = ETHERTYPE_QINQ_OLD;
static gboolean vlan_summary_in_tree = TRUE;
enum version_value {
IEEE_8021Q_1998,
IEEE_8021Q_2005,
IEEE_8021Q_2011
};
static gint vlan_version = (gint)IEEE_8021Q_2011;
enum priority_drop_value {
Priority_Drop_8P0D,
Priority_Drop_7P1D,
Priority_Drop_6P2D,
Priority_Drop_5P3D,
};
static gint vlan_priority_drop = (gint)Priority_Drop_8P0D;
static dissector_handle_t vlan_handle;
static dissector_handle_t ethertype_handle;
static capture_dissector_handle_t llc_cap_handle;
static capture_dissector_handle_t ipx_cap_handle;
static int proto_vlan;
static int hf_vlan_cfi = -1;
static int hf_vlan_dei = -1;
static int hf_vlan_etype = -1;
static int hf_vlan_id = -1;
static int hf_vlan_id_name = -1;
static int hf_vlan_len = -1;
static int hf_vlan_priority = -1;
static int hf_vlan_priority_5 = -1;
static int hf_vlan_priority_6 = -1;
static int hf_vlan_priority_7 = -1;
static int hf_vlan_priority_old = -1;
static int hf_vlan_trailer = -1;
static gint ett_vlan = -1;
static expert_field ei_vlan_len = EI_INIT;
static expert_field ei_vlan_too_many_tags = EI_INIT;
/* From Table G-2 of IEEE standard 802.1D-2004 */
/* Note that 0 is the default priority, but is above 1 and 2.
* Priority order from lowest to highest is 1,2,0,3,4,5,6,7 */
static const value_string pri_vals_old[] = {
{ 0, "Best Effort (default)" },
{ 1, "Background" },
{ 2, "Spare" },
{ 3, "Excellent Effort" },
{ 4, "Controlled Load" },
{ 5, "Video, < 100ms latency and jitter" },
{ 6, "Voice, < 10ms latency and jitter" },
{ 7, "Network Control" },
{ 0, NULL }
};
/* From Table G-2 of IEEE standard 802.1Q-2005 (and I-2 of 2011 and 2014 revisions) */
/* Note that 0 is still the default, but priority 2 was moved from below 0 to
* above it. The new order from lowest to highest is 1,0,2,3,4,5,6,7 */
static const value_string pri_vals[] = {
{ 0, "Best Effort (default)" },
{ 1, "Background" },
{ 2, "Excellent Effort" },
{ 3, "Critical Applications" },
{ 4, "Video, < 100ms latency and jitter" },
{ 5, "Voice, < 10ms latency and jitter" },
{ 6, "Internetwork Control" },
{ 7, "Network Control" },
{ 0, NULL }
};
/* From Tables G-2,3 of IEEE standard 802.1Q-2005 (and I-2,3,7 of 2011 and 2014 revisions) */
static const value_string pri_vals_7[] = {
{ 0, "Best Effort (default)" },
{ 1, "Background" },
{ 2, "Excellent Effort" },
{ 3, "Critical Applications" },
{ 4, "Voice, < 10ms latency and jitter, Drop Eligible" },
{ 5, "Voice, < 10ms latency and jitter" },
{ 6, "Internetwork Control" },
{ 7, "Network Control" },
{ 0, NULL }
};
/* From Tables G-2,3 of IEEE standard 802.1Q-2005 (and I-2,3,7 of 2011 and 2015 revisions) */
static const value_string pri_vals_6[] = {
{ 0, "Best Effort (default)" },
{ 1, "Background" },
{ 2, "Critical Applications, Drop Eligible" },
{ 3, "Critical Applications" },
{ 4, "Voice, < 10ms latency and jitter, Drop Eligible" },
{ 5, "Voice, < 10ms latency and jitter" },
{ 6, "Internetwork Control" },
{ 7, "Network Control" },
{ 0, NULL }
};
/* From Tables G-2,3 of IEEE standard 802.1Q-2005 (and I-2,3,7 of 2011 and 2015 revisions) */
static const value_string pri_vals_5[] = {
{ 0, "Best Effort (default), Drop Eligible" },
{ 1, "Best Effort (default)" },
{ 2, "Critical Applications, Drop Eligible" },
{ 3, "Critical Applications" },
{ 4, "Voice, < 10ms latency and jitter, Drop Eligible" },
{ 5, "Voice, < 10ms latency and jitter" },
{ 6, "Internetwork Control" },
{ 7, "Network Control" },
{ 0, NULL }
};
/* True is non-canonical (i.e., bit-reversed MACs like Token Ring) since usually 0 and canonical. */
static const true_false_string tfs_noncanonical_canonical = { "Non-canonical", "Canonical" };
static const true_false_string tfs_eligible_ineligible = { "Eligible", "Ineligible" };
#define VLAN_MAX_NESTED_TAGS 20
static gboolean
capture_vlan(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_ ) {
guint16 encap_proto;
if ( !BYTES_ARE_IN_FRAME(offset,len,5) )
return FALSE;
encap_proto = pntoh16( &pd[offset+2] );
if ( encap_proto <= IEEE_802_3_MAX_LEN) {
if ( pd[offset+4] == 0xff && pd[offset+5] == 0xff ) {
return call_capture_dissector(ipx_cap_handle, pd,offset+4,len, cpinfo, pseudo_header);
} else {
return call_capture_dissector(llc_cap_handle, pd,offset+4,len, cpinfo, pseudo_header);
}
}
return try_capture_dissector("ethertype", encap_proto, pd, offset+4, len, cpinfo, pseudo_header);
}
static void
columns_set_vlan(column_info *cinfo, guint16 tci)
{
char id_str[16];
guint32_to_str_buf(tci & 0xFFF, id_str, sizeof(id_str));
if (vlan_version < IEEE_8021Q_2011) {
col_add_fstr(cinfo, COL_INFO,
"PRI: %d CFI: %d ID: %s",
(tci >> 13), ((tci >> 12) & 1), id_str);
} else {
col_add_fstr(cinfo, COL_INFO,
"PRI: %d DEI: %d ID: %s",
(tci >> 13), ((tci >> 12) & 1), id_str);
}
col_add_str(cinfo, COL_8021Q_VLAN_ID, id_str);
}
static int
dissect_vlan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
proto_item *ti;
guint16 tci, vlan_id;
guint16 encap_proto;
gboolean is_802_2;
proto_tree *vlan_tree;
proto_item *item;
guint vlan_nested_count;
int hf1, hf2;
int * const flags[] = {
&hf1,
&hf2,
&hf_vlan_id,
NULL
};
col_set_str(pinfo->cinfo, COL_PROTOCOL, "VLAN");
col_clear(pinfo->cinfo, COL_INFO);
tci = tvb_get_ntohs( tvb, 0 );
vlan_id = tci & 0xFFF;
/* Add the VLAN Id if it's the first one*/
if (pinfo->vlan_id == 0) {
pinfo->vlan_id = vlan_id;
}
columns_set_vlan(pinfo->cinfo, tci);
vlan_tree = NULL;
ti = proto_tree_add_item(tree, proto_vlan, tvb, 0, 4, ENC_NA);
vlan_nested_count = p_get_proto_depth(pinfo, proto_vlan);
if (++vlan_nested_count > VLAN_MAX_NESTED_TAGS) {
expert_add_info(pinfo, ti, &ei_vlan_too_many_tags);
return tvb_captured_length(tvb);
}
p_set_proto_depth(pinfo, proto_vlan, vlan_nested_count);
if (tree) {
if (vlan_summary_in_tree) {
if (vlan_version < IEEE_8021Q_2011) {
proto_item_append_text(ti, ", PRI: %u, CFI: %u, ID: %u",
(tci >> 13), ((tci >> 12) & 1), vlan_id);
} else {
proto_item_append_text(ti, ", PRI: %u, DEI: %u, ID: %u",
(tci >> 13), ((tci >> 12) & 1), vlan_id);
}
}
vlan_tree = proto_item_add_subtree(ti, ett_vlan);
if (vlan_version == IEEE_8021Q_1998) {
hf1 = hf_vlan_priority_old;
hf2 = hf_vlan_cfi;
} else {
switch (vlan_priority_drop) {
case Priority_Drop_8P0D:
hf1 = hf_vlan_priority;
break;
case Priority_Drop_7P1D:
hf1 = hf_vlan_priority_7;
break;
case Priority_Drop_6P2D:
hf1 = hf_vlan_priority_6;
break;
case Priority_Drop_5P3D:
hf1 = hf_vlan_priority_5;
break;
}
if (vlan_version == IEEE_8021Q_2005) {
hf2 = hf_vlan_cfi;
} else {
hf2 = hf_vlan_dei;
}
}
proto_tree_add_bitmask_list(vlan_tree, tvb, 0, 2, flags, ENC_BIG_ENDIAN);
if (gbl_resolv_flags.vlan_name) {
item = proto_tree_add_string(vlan_tree, hf_vlan_id_name, tvb, 0, 2,
get_vlan_name(pinfo->pool, vlan_id));
proto_item_set_generated(item);
}
/* TODO: If the CFI is set on Ethernet (or FDDI MAC and not source routed,
* i.e. the RII bit in the source MAC address is 0, then a E-RIF follows.
* Only true before version 2011 since the CFI was replaced with DEI
* (Since who needs VLANs that bridge Token Ring and FDDI these days?) */
}
encap_proto = tvb_get_ntohs(tvb, 2);
if (encap_proto <= IEEE_802_3_MAX_LEN) {
/* Is there an 802.2 layer? I can tell by looking at the first 2
bytes after the VLAN header. If they are 0xffff, then what
follows the VLAN header is an IPX payload, meaning no 802.2.
(IPX/SPX is they only thing that can be contained inside a
straight 802.3 packet, so presumably the same applies for
Ethernet VLAN packets). A non-0xffff value means that there's an
802.2 layer inside the VLAN layer */
is_802_2 = TRUE;
/* Don't throw an exception for this check (even a BoundsError) */
if (tvb_captured_length_remaining(tvb, 4) >= 2) {
if (tvb_get_ntohs(tvb, 4) == 0xffff) {
is_802_2 = FALSE;
}
}
dissect_802_3(encap_proto, is_802_2, tvb, 4, pinfo, tree, vlan_tree,
hf_vlan_len, hf_vlan_trailer, &ei_vlan_len, 0);
} else {
ethertype_data_t ethertype_data;
proto_tree_add_uint(vlan_tree, hf_vlan_etype, tvb, 2, 2, encap_proto);
ethertype_data.etype = encap_proto;
ethertype_data.payload_offset = 4;
ethertype_data.fh_tree = vlan_tree;
ethertype_data.trailer_id = hf_vlan_trailer;
ethertype_data.fcs_len = 0;
call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, &ethertype_data);
}
return tvb_captured_length(tvb);
}
void
proto_register_vlan(void)
{
static hf_register_info hf[] = {
{ &hf_vlan_priority_old,
{ "Priority", "vlan.priority",
FT_UINT16, BASE_DEC, VALS(pri_vals_old), 0xE000,
"Descriptions are recommendations from IEEE standard 802.1D-2004", HFILL }
},
{ &hf_vlan_priority,
{ "Priority", "vlan.priority",
FT_UINT16, BASE_DEC, VALS(pri_vals), 0xE000,
"Descriptions are recommendations from IEEE standard 802.1Q-2014", HFILL }
},
{ &hf_vlan_priority_7,
{ "Priority", "vlan.priority",
FT_UINT16, BASE_DEC, VALS(pri_vals_7), 0xE000,
"Descriptions are recommendations from IEEE standard 802.1Q-2014", HFILL }
},
{ &hf_vlan_priority_6,
{ "Priority", "vlan.priority",
FT_UINT16, BASE_DEC, VALS(pri_vals_6), 0xE000,
"Descriptions are recommendations from IEEE standard 802.1Q-2014", HFILL }
},
{ &hf_vlan_priority_5,
{ "Priority", "vlan.priority",
FT_UINT16, BASE_DEC, VALS(pri_vals_5), 0xE000,
"Descriptions are recommendations from IEEE standard 802.1Q-2014", HFILL }
},
{ &hf_vlan_cfi,
{ "CFI", "vlan.cfi",
FT_BOOLEAN, 16, TFS(&tfs_noncanonical_canonical), 0x1000,
"Canonical Format Identifier", HFILL }
},
{ &hf_vlan_dei,
{ "DEI", "vlan.dei",
FT_BOOLEAN, 16, TFS(&tfs_eligible_ineligible), 0x1000,
"Drop Eligible Indicator", HFILL }
},
{ &hf_vlan_id,
{ "ID", "vlan.id",
FT_UINT16, BASE_DEC, NULL, 0x0FFF,
"VLAN ID", HFILL }
},
{ &hf_vlan_id_name,
{ "Name", "vlan.id_name",
FT_STRING, BASE_NONE, NULL, 0x0,
"VLAN ID Name", HFILL }
},
{ &hf_vlan_etype,
{ "Type", "vlan.etype",
FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0,
"Ethertype", HFILL }
},
{ &hf_vlan_len,
{ "Length", "vlan.len",
FT_UINT16, BASE_DEC, NULL, 0x0,
NULL, HFILL }
},
{ &hf_vlan_trailer,
{ "Trailer", "vlan.trailer",
FT_BYTES, BASE_NONE, NULL, 0x0,
"VLAN Trailer", HFILL }
},
};
static gint *ett[] = {
&ett_vlan
};
static ei_register_info ei[] = {
{ &ei_vlan_len, { "vlan.len.past_end", PI_MALFORMED, PI_ERROR, "Length field value goes past the end of the payload", EXPFILL }},
{ &ei_vlan_too_many_tags, { "vlan.too_many_tags", PI_UNDECODED, PI_WARN, "Too many nested VLAN tags", EXPFILL }},
};
static const enum_val_t version_vals[] = {
{"1998", "IEEE 802.1Q-1998", IEEE_8021Q_1998},
{"2005", "IEEE 802.1Q-2005", IEEE_8021Q_2005},
{"2011", "IEEE 802.1Q-2011", IEEE_8021Q_2011},
{NULL, NULL, -1}
};
static const enum_val_t priority_drop_vals[] = {
{"8p0d", "8 Priorities, 0 Drop Eligible", Priority_Drop_8P0D},
{"7p1d", "7 Priorities, 1 Drop Eligible", Priority_Drop_7P1D},
{"6p2d", "6 Priorities, 2 Drop Eligible", Priority_Drop_6P2D},
{"5p3d", "5 Priorities, 3 Drop Eligible", Priority_Drop_5P3D},
{NULL, NULL, -1}
};
module_t *vlan_module;
expert_module_t* expert_vlan;
proto_vlan = proto_register_protocol("802.1Q Virtual LAN", "VLAN", "vlan");
proto_register_field_array(proto_vlan, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
expert_vlan = expert_register_protocol(proto_vlan);
expert_register_field_array(expert_vlan, ei, array_length(ei));
vlan_module = prefs_register_protocol(proto_vlan, proto_reg_handoff_vlan);
prefs_register_bool_preference(vlan_module, "summary_in_tree",
"Show vlan summary in protocol tree",
"Whether the vlan summary line should be shown in the protocol tree",
&vlan_summary_in_tree);
prefs_register_uint_preference(vlan_module, "qinq_ethertype",
"802.1QinQ Ethertype (in hex)",
"The (hexadecimal) Ethertype used to indicate 802.1QinQ VLAN in VLAN tunneling.",
16, &q_in_q_ethertype);
prefs_register_enum_preference(vlan_module, "version",
"IEEE 802.1Q version",
"IEEE 802.1Q specification version used (802.1Q-1998 uses 802.1D-2004 for PRI values)",
&vlan_version, version_vals, TRUE);
prefs_register_enum_preference(vlan_module, "priority_drop",
"Priorities and drop eligibility",
"Number of priorities supported, and number of those drop eligible (not used for 802.1Q-1998)",
&vlan_priority_drop, priority_drop_vals, FALSE);
vlan_handle = register_dissector("vlan", dissect_vlan, proto_vlan);
}
void
proto_reg_handoff_vlan(void)
{
static gboolean prefs_initialized = FALSE;
static unsigned int old_q_in_q_ethertype;
capture_dissector_handle_t vlan_cap_handle;
if (!prefs_initialized)
{
dissector_add_uint("ethertype", ETHERTYPE_VLAN, vlan_handle);
vlan_cap_handle = create_capture_dissector_handle(capture_vlan, proto_vlan);
capture_dissector_add_uint("ethertype", ETHERTYPE_VLAN, vlan_cap_handle);
prefs_initialized = TRUE;
}
else
{
dissector_delete_uint("ethertype", old_q_in_q_ethertype, vlan_handle);
}
old_q_in_q_ethertype = q_in_q_ethertype;
ethertype_handle = find_dissector_add_dependency("ethertype", proto_vlan);
dissector_add_uint("ethertype", q_in_q_ethertype, vlan_handle);
llc_cap_handle = find_capture_dissector("llc");
ipx_cap_handle = find_capture_dissector("ipx");
}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
*
* Local Variables:
* c-basic-offset: 2
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* ex: set shiftwidth=2 tabstop=8 expandtab:
* :indentSize=2:tabSize=8:noTabs=true:
*/
View Git Blame Copy Permalink