2000-12-23 08:06:16 +00:00
|
|
|
/* packet-sll.c
|
|
|
|
* Routines for disassembly of packets from Linux "cooked mode" captures
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2000-12-23 08:06:16 +00:00
|
|
|
*
|
|
|
|
* Ethereal - Network traffic analyzer
|
2001-11-20 21:59:18 +00:00
|
|
|
* By Gerald Combs <gerald@ethereal.com>
|
2000-12-23 08:06:16 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-12-23 08:06:16 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-12-23 08:06:16 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2000-12-23 08:06:16 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2001-11-20 21:59:18 +00:00
|
|
|
#include "packet-sll.h"
|
2000-12-23 08:06:16 +00:00
|
|
|
#include "packet-ipx.h"
|
|
|
|
#include "packet-llc.h"
|
2004-08-06 19:57:49 +00:00
|
|
|
#include <epan/addr_resolv.h>
|
2005-09-17 00:02:31 +00:00
|
|
|
#include <epan/etypes.h>
|
2000-12-23 08:06:16 +00:00
|
|
|
|
|
|
|
static int proto_sll = -1;
|
|
|
|
static int hf_sll_pkttype = -1;
|
|
|
|
static int hf_sll_hatype = -1;
|
|
|
|
static int hf_sll_halen = -1;
|
|
|
|
static int hf_sll_src_eth = -1;
|
|
|
|
static int hf_sll_src_other = -1;
|
|
|
|
static int hf_sll_ltype = -1;
|
|
|
|
static int hf_sll_etype = -1;
|
|
|
|
static int hf_sll_trailer = -1;
|
|
|
|
|
|
|
|
static gint ett_sll = -1;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* A DLT_LINUX_SLL fake link-layer header.
|
|
|
|
*/
|
|
|
|
#define SLL_HEADER_SIZE 16 /* total header length */
|
|
|
|
#define SLL_ADDRLEN 8 /* length of address field */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The LINUX_SLL_ values for "sll_pkttype".
|
|
|
|
*/
|
|
|
|
#define LINUX_SLL_HOST 0
|
|
|
|
#define LINUX_SLL_BROADCAST 1
|
|
|
|
#define LINUX_SLL_MULTICAST 2
|
|
|
|
#define LINUX_SLL_OTHERHOST 3
|
|
|
|
#define LINUX_SLL_OUTGOING 4
|
|
|
|
|
|
|
|
static const value_string packet_type_vals[] = {
|
|
|
|
{ LINUX_SLL_HOST, "Unicast to us" },
|
|
|
|
{ LINUX_SLL_BROADCAST, "Broadcast" },
|
|
|
|
{ LINUX_SLL_MULTICAST, "Multicast" },
|
|
|
|
{ LINUX_SLL_OTHERHOST, "Unicast to another host" },
|
|
|
|
{ LINUX_SLL_OUTGOING, "Sent by us" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The LINUX_SLL_ values for "sll_protocol".
|
|
|
|
*/
|
|
|
|
#define LINUX_SLL_P_802_3 0x0001 /* Novell 802.3 frames without 802.2 LLC header */
|
|
|
|
#define LINUX_SLL_P_802_2 0x0004 /* 802.2 frames (not D/I/X Ethernet) */
|
|
|
|
|
|
|
|
static const value_string ltype_vals[] = {
|
|
|
|
{ LINUX_SLL_P_802_3, "Raw 802.3" },
|
|
|
|
{ LINUX_SLL_P_802_2, "802.2 LLC" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
2001-01-09 09:59:28 +00:00
|
|
|
static dissector_handle_t ipx_handle;
|
2001-01-03 10:34:42 +00:00
|
|
|
static dissector_handle_t llc_handle;
|
2001-11-25 22:19:25 +00:00
|
|
|
static dissector_handle_t data_handle;
|
2001-01-03 10:34:42 +00:00
|
|
|
|
2000-12-23 08:06:16 +00:00
|
|
|
void
|
2002-08-02 23:36:07 +00:00
|
|
|
capture_sll(const guchar *pd, int len, packet_counts *ld)
|
2000-12-23 08:06:16 +00:00
|
|
|
{
|
|
|
|
guint16 protocol;
|
|
|
|
|
2001-11-20 21:59:18 +00:00
|
|
|
if (!BYTES_ARE_IN_FRAME(0, len, SLL_HEADER_SIZE)) {
|
2000-12-23 08:06:16 +00:00
|
|
|
ld->other++;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
protocol = pntohs(&pd[14]);
|
|
|
|
if (protocol <= 1536) { /* yes, 1536 - that's how Linux does it */
|
|
|
|
/*
|
|
|
|
* "proto" is *not* a length field, it's a Linux internal
|
|
|
|
* protocol type.
|
|
|
|
*/
|
|
|
|
switch (protocol) {
|
|
|
|
|
|
|
|
case LINUX_SLL_P_802_2:
|
|
|
|
/*
|
|
|
|
* 802.2 LLC.
|
|
|
|
*/
|
2001-11-20 21:59:18 +00:00
|
|
|
capture_llc(pd, len, SLL_HEADER_SIZE, ld);
|
2000-12-23 08:06:16 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case LINUX_SLL_P_802_3:
|
|
|
|
/*
|
|
|
|
* Novell IPX inside 802.3 with no 802.2 LLC
|
|
|
|
* header.
|
|
|
|
*/
|
2002-04-24 06:03:34 +00:00
|
|
|
capture_ipx(ld);
|
2000-12-23 08:06:16 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
ld->other++;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} else
|
2001-11-20 21:59:18 +00:00
|
|
|
capture_ethertype(protocol, pd, SLL_HEADER_SIZE, len, ld);
|
2000-12-23 08:06:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
dissect_sll(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
|
|
|
{
|
|
|
|
guint16 pkttype;
|
|
|
|
guint16 protocol;
|
|
|
|
guint16 hatype, halen;
|
2001-03-13 21:34:28 +00:00
|
|
|
const guint8 *src;
|
2000-12-23 08:06:16 +00:00
|
|
|
proto_item *ti;
|
2001-01-18 07:44:41 +00:00
|
|
|
tvbuff_t *next_tvb;
|
|
|
|
proto_tree *fh_tree = NULL;
|
2000-12-23 08:06:16 +00:00
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "SLL");
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
2000-12-23 08:06:16 +00:00
|
|
|
|
|
|
|
pkttype = tvb_get_ntohs(tvb, 0);
|
|
|
|
|
2003-12-22 20:26:21 +00:00
|
|
|
/*
|
|
|
|
* Set "pinfo->p2p_dir" if the packet wasn't received
|
|
|
|
* promiscuously.
|
|
|
|
*/
|
|
|
|
switch (pkttype) {
|
|
|
|
|
|
|
|
case LINUX_SLL_HOST:
|
|
|
|
case LINUX_SLL_BROADCAST:
|
|
|
|
case LINUX_SLL_MULTICAST:
|
|
|
|
pinfo->p2p_dir = P2P_DIR_RECV;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case LINUX_SLL_OUTGOING:
|
|
|
|
pinfo->p2p_dir = P2P_DIR_SENT;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_add_str(pinfo->cinfo, COL_INFO,
|
2000-12-23 08:06:16 +00:00
|
|
|
val_to_str(pkttype, packet_type_vals, "Unknown (%u)"));
|
|
|
|
|
|
|
|
if (tree) {
|
|
|
|
ti = proto_tree_add_protocol_format(tree, proto_sll, tvb, 0,
|
|
|
|
SLL_HEADER_SIZE, "Linux cooked capture");
|
|
|
|
fh_tree = proto_item_add_subtree(ti, ett_sll);
|
|
|
|
proto_tree_add_item(fh_tree, hf_sll_pkttype, tvb, 0, 2, FALSE);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX - check the link-layer address type value?
|
|
|
|
* For now, we just assume 6 means Ethernet.
|
|
|
|
*/
|
|
|
|
hatype = tvb_get_ntohs(tvb, 2);
|
|
|
|
halen = tvb_get_ntohs(tvb, 4);
|
|
|
|
if (tree) {
|
|
|
|
proto_tree_add_uint(fh_tree, hf_sll_hatype, tvb, 2, 2, hatype);
|
|
|
|
proto_tree_add_uint(fh_tree, hf_sll_halen, tvb, 4, 2, halen);
|
|
|
|
}
|
|
|
|
if (halen == 6) {
|
|
|
|
src = tvb_get_ptr(tvb, 6, 6);
|
|
|
|
SET_ADDRESS(&pinfo->dl_src, AT_ETHER, 6, src);
|
|
|
|
SET_ADDRESS(&pinfo->src, AT_ETHER, 6, src);
|
|
|
|
if (tree) {
|
|
|
|
proto_tree_add_ether(fh_tree, hf_sll_src_eth, tvb,
|
|
|
|
6, 6, src);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (tree) {
|
2001-07-16 05:16:58 +00:00
|
|
|
proto_tree_add_item(fh_tree, hf_sll_src_other, tvb,
|
|
|
|
6, halen, FALSE);
|
2000-12-23 08:06:16 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
protocol = tvb_get_ntohs(tvb, 14);
|
|
|
|
if (protocol <= 1536) { /* yes, 1536 - that's how Linux does it */
|
|
|
|
/*
|
|
|
|
* "proto" is *not* a length field, it's a Linux internal
|
|
|
|
* protocol type.
|
|
|
|
* We therefore cannot say how much of the packet will
|
|
|
|
* be trailer data.
|
|
|
|
* XXX - do the same thing we do for packets with Ethertypes?
|
|
|
|
*/
|
|
|
|
proto_tree_add_uint(fh_tree, hf_sll_ltype, tvb, 14, 2,
|
|
|
|
protocol);
|
|
|
|
|
|
|
|
next_tvb = tvb_new_subset(tvb, SLL_HEADER_SIZE, -1, -1);
|
|
|
|
switch (protocol) {
|
|
|
|
|
|
|
|
case LINUX_SLL_P_802_2:
|
|
|
|
/*
|
|
|
|
* 802.2 LLC.
|
|
|
|
*/
|
2001-01-03 10:34:42 +00:00
|
|
|
call_dissector(llc_handle, next_tvb, pinfo, tree);
|
2000-12-23 08:06:16 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
case LINUX_SLL_P_802_3:
|
|
|
|
/*
|
|
|
|
* Novell IPX inside 802.3 with no 802.2 LLC
|
|
|
|
* header.
|
|
|
|
*/
|
2001-01-09 09:59:28 +00:00
|
|
|
call_dissector(ipx_handle, next_tvb, pinfo, tree);
|
2000-12-23 08:06:16 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
2001-11-25 22:19:25 +00:00
|
|
|
call_dissector(data_handle,next_tvb, pinfo, tree);
|
2000-12-23 08:06:16 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
} else {
|
2001-01-18 07:44:41 +00:00
|
|
|
ethertype(protocol, tvb, SLL_HEADER_SIZE, pinfo, tree,
|
2003-10-01 07:11:49 +00:00
|
|
|
fh_tree, hf_sll_etype, hf_sll_trailer, 0);
|
2000-12-23 08:06:16 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_register_sll(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
|
|
|
{ &hf_sll_pkttype,
|
|
|
|
{ "Packet type", "sll.pkttype", FT_UINT16, BASE_DEC,
|
2001-06-18 02:18:27 +00:00
|
|
|
VALS(packet_type_vals), 0x0, "Packet type", HFILL }},
|
2000-12-23 08:06:16 +00:00
|
|
|
|
|
|
|
/* ARP hardware type? With Linux extensions? */
|
|
|
|
{ &hf_sll_hatype,
|
|
|
|
{ "Link-layer address type", "sll.hatype", FT_UINT16, BASE_DEC,
|
2001-06-18 02:18:27 +00:00
|
|
|
NULL, 0x0, "Link-layer address type", HFILL }},
|
2000-12-23 08:06:16 +00:00
|
|
|
|
|
|
|
{ &hf_sll_halen,
|
|
|
|
{ "Link-layer address length", "sll.halen", FT_UINT16, BASE_DEC,
|
2001-06-18 02:18:27 +00:00
|
|
|
NULL, 0x0, "Link-layer address length", HFILL }},
|
2000-12-23 08:06:16 +00:00
|
|
|
|
|
|
|
/* Source address if it's an Ethernet-type address */
|
|
|
|
{ &hf_sll_src_eth,
|
|
|
|
{ "Source", "sll.src.eth", FT_ETHER, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Source link-layer address", HFILL }},
|
2000-12-23 08:06:16 +00:00
|
|
|
|
|
|
|
/* Source address if it's not an Ethernet-type address */
|
|
|
|
{ &hf_sll_src_other,
|
|
|
|
{ "Source", "sll.src.other", FT_BYTES, BASE_HEX, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Source link-layer address", HFILL }},
|
2000-12-23 08:06:16 +00:00
|
|
|
|
|
|
|
/* if the protocol field is an internal Linux protocol type */
|
|
|
|
{ &hf_sll_ltype,
|
|
|
|
{ "Protocol", "sll.ltype", FT_UINT16, BASE_HEX,
|
2001-06-18 02:18:27 +00:00
|
|
|
VALS(ltype_vals), 0x0, "Linux protocol type", HFILL }},
|
2000-12-23 08:06:16 +00:00
|
|
|
|
|
|
|
/* registered here but handled in ethertype.c */
|
|
|
|
{ &hf_sll_etype,
|
|
|
|
{ "Protocol", "sll.etype", FT_UINT16, BASE_HEX,
|
2001-06-18 02:18:27 +00:00
|
|
|
VALS(etype_vals), 0x0, "Ethernet protocol type", HFILL }},
|
2000-12-23 08:06:16 +00:00
|
|
|
|
|
|
|
{ &hf_sll_trailer,
|
|
|
|
{ "Trailer", "sll.trailer", FT_BYTES, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Trailer", HFILL }},
|
2000-12-23 08:06:16 +00:00
|
|
|
};
|
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_sll,
|
|
|
|
};
|
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_sll = proto_register_protocol("Linux cooked-mode capture",
|
|
|
|
"SLL", "sll" );
|
2000-12-23 08:06:16 +00:00
|
|
|
proto_register_field_array(proto_sll, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_sll(void)
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t sll_handle;
|
|
|
|
|
2001-01-03 10:34:42 +00:00
|
|
|
/*
|
2001-01-09 09:59:28 +00:00
|
|
|
* Get handles for the IPX and LLC dissectors.
|
2001-01-03 10:34:42 +00:00
|
|
|
*/
|
|
|
|
llc_handle = find_dissector("llc");
|
2001-01-09 09:59:28 +00:00
|
|
|
ipx_handle = find_dissector("ipx");
|
2001-11-25 22:19:25 +00:00
|
|
|
data_handle = find_dissector("data");
|
2001-01-03 10:34:42 +00:00
|
|
|
|
2001-12-03 04:00:26 +00:00
|
|
|
sll_handle = create_dissector_handle(dissect_sll, proto_sll);
|
|
|
|
dissector_add("wtap_encap", WTAP_ENCAP_SLL, sll_handle);
|
2000-12-23 08:06:16 +00:00
|
|
|
}
|