2007-01-20 16:46:42 +00:00
|
|
|
/* packet-ethertype.c
|
2009-05-05 21:05:06 +00:00
|
|
|
* Routines for processing Ethernet payloads and payloads like Ethernet
|
|
|
|
|
* payloads (i.e., payloads when there could be an Ethernet trailer and
|
|
|
|
|
* possibly an FCS).
|
1998-09-16 02:39:15 +00:00
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
2001-11-13 23:55:44 +00:00
|
|
|
* Gilbert Ramirez <gram@alumni.rice.edu>
|
1998-09-16 02:39:15 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
1998-09-16 02:39:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
2007-01-20 16:46:42 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
1998-09-16 02:39:15 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
# include "config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2003-08-21 21:05:30 +00:00
|
|
|
#include "packet-eth.h"
|
2004-02-21 00:33:31 +00:00
|
|
|
#include "packet-frame.h"
|
2000-04-13 19:38:55 +00:00
|
|
|
#include "packet-ip.h"
|
2002-10-22 22:04:23 +00:00
|
|
|
#include "packet-ipv6.h"
|
2000-04-13 19:38:55 +00:00
|
|
|
#include "packet-ipx.h"
|
|
|
|
|
#include "packet-vlan.h"
|
2007-08-17 21:21:18 +00:00
|
|
|
#include "packet-ieee8021ah.h"
|
2000-04-13 19:38:55 +00:00
|
|
|
#include "packet-vines.h"
|
2005-09-17 00:02:31 +00:00
|
|
|
#include <epan/etypes.h>
|
|
|
|
|
#include <epan/ppptypes.h>
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
|
|
|
|
|
static dissector_table_t ethertype_dissector_table;
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2001-11-26 04:52:51 +00:00
|
|
|
static dissector_handle_t data_handle;
|
|
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
const value_string etype_vals[] = {
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_IP, "IP" },
|
|
|
|
|
{ETHERTYPE_IPv6, "IPv6" },
|
|
|
|
|
{ETHERTYPE_WLCCP, "Cisco Wireless Lan Context Control Protocol" },
|
2008-02-27 21:52:17 +00:00
|
|
|
{ETHERTYPE_CENTRINO_PROMISC, "IEEE 802.11 (Centrino promiscuous)" },
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_XNS_IDP, "XNS Internet Datagram Protocol" },
|
|
|
|
|
{ETHERTYPE_X25L3, "X.25 Layer 3" },
|
|
|
|
|
{ETHERTYPE_ARP, "ARP" },
|
|
|
|
|
{ETHERTYPE_WOL, "Wake on LAN" },
|
|
|
|
|
{ETHERTYPE_WMX_M2M, "WiMax Mac-to-Mac" },
|
|
|
|
|
{ETHERTYPE_EPL_V1, "EPL_V1" },
|
|
|
|
|
{ETHERTYPE_REVARP, "RARP" },
|
|
|
|
|
{ETHERTYPE_DEC_LB, "DEC LanBridge" },
|
|
|
|
|
{ETHERTYPE_ATALK, "Appletalk" },
|
|
|
|
|
{ETHERTYPE_SNA, "SNA-over-Ethernet" },
|
2009-07-09 20:44:28 +00:00
|
|
|
{ETHERTYPE_DLR, "EtherNet/IP Device Level Ring" },
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_AARP, "AARP" },
|
|
|
|
|
{ETHERTYPE_IPX, "Netware IPX/SPX" },
|
|
|
|
|
{ETHERTYPE_VINES_IP, "Vines IP" },
|
|
|
|
|
{ETHERTYPE_VINES_ECHO, "Vines Echo" },
|
|
|
|
|
{ETHERTYPE_TRAIN, "Netmon Train" },
|
|
|
|
|
{ETHERTYPE_LOOP, "Loopback" }, /* Ethernet Loopback */
|
|
|
|
|
{ETHERTYPE_FOUNDRY, "Foundry proprietary" },
|
|
|
|
|
{ETHERTYPE_WCP, "Wellfleet Compression Protocol" },
|
|
|
|
|
{ETHERTYPE_STP, "Spanning Tree Protocol" },
|
|
|
|
|
{ETHERTYPE_ISMP, "Cabletron Interswitch Message Protocol" },
|
2008-02-27 21:52:17 +00:00
|
|
|
{ETHERTYPE_ISMP_TBFLOOD, "Cabletron SFVLAN 1.8 Tag-Based Flood" },
|
2003-10-08 06:44:15 +00:00
|
|
|
/* for ISMP, see RFC 2641, RFC 2642, RFC 2643 */
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_PPPOED, "PPPoE Discovery" },
|
|
|
|
|
{ETHERTYPE_PPPOES, "PPPoE Session" },
|
|
|
|
|
{ETHERTYPE_INTEL_ANS, "Intel ANS probe" },
|
2008-02-27 21:52:17 +00:00
|
|
|
{ETHERTYPE_MS_NLB_HEARTBEAT, "MS NLB heartbeat" },
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_HOMEPLUG, "Homeplug" },
|
|
|
|
|
{ETHERTYPE_VLAN, "802.1Q Virtual LAN" },
|
2007-08-17 21:21:18 +00:00
|
|
|
{ETHERTYPE_IEEE_802_1AD, "802.1ad Provider Bridge (Q-in-Q)"},
|
|
|
|
|
{ETHERTYPE_IEEE_802_1AH, "802.1ah Provider Backbone Bridge (mac-in-mac)"},
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_EAPOL, "802.1X Authentication" },
|
|
|
|
|
{ETHERTYPE_RSN_PREAUTH, "802.11i Pre-Authentication" },
|
|
|
|
|
{ETHERTYPE_MPLS, "MPLS label switched packet" },
|
|
|
|
|
{ETHERTYPE_MPLS_MULTI, "MPLS multicast label switched packet" },
|
2008-02-27 21:52:17 +00:00
|
|
|
{ETHERTYPE_3C_NBP_DGRAM, "3Com NBP Datagram" },
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_DEC, "DEC proto" },
|
|
|
|
|
{ETHERTYPE_DNA_DL, "DEC DNA Dump/Load" },
|
|
|
|
|
{ETHERTYPE_DNA_RC, "DEC DNA Remote Console" },
|
|
|
|
|
{ETHERTYPE_DNA_RT, "DEC DNA Routing" },
|
|
|
|
|
{ETHERTYPE_LAT, "DEC LAT" },
|
|
|
|
|
{ETHERTYPE_DEC_DIAG, "DEC Diagnostics" },
|
|
|
|
|
{ETHERTYPE_DEC_CUST, "DEC Customer use" },
|
|
|
|
|
{ETHERTYPE_DEC_SCA, "DEC LAVC/SCA" },
|
|
|
|
|
{ETHERTYPE_DEC_LAST, "DEC LAST" },
|
|
|
|
|
{ETHERTYPE_ETHBRIDGE, "Transparent Ethernet bridging" },
|
|
|
|
|
{ETHERTYPE_CGMP, "Cisco Group Management Protocol" },
|
2009-04-13 18:32:24 +00:00
|
|
|
{ETHERTYPE_MAC_CONTROL, "MAC Control" },
|
|
|
|
|
{ETHERTYPE_SLOW_PROTOCOLS, "Slow Protocols" },
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_RTMAC, "Real-Time Media Access Control" },
|
|
|
|
|
{ETHERTYPE_RTCFG, "Real-Time Configuration Protocol" },
|
2008-02-27 21:52:17 +00:00
|
|
|
{ETHERTYPE_CDMA2000_A10_UBS, "CDMA2000 A10 Unstructured byte stream" },
|
2009-04-13 18:32:24 +00:00
|
|
|
{ETHERTYPE_PROFINET, "PROFINET"},
|
|
|
|
|
{ETHERTYPE_AOE, "ATA over Ethernet" },
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_ECATF, "EtherCAT frame" },
|
2009-04-13 18:32:24 +00:00
|
|
|
{ETHERTYPE_TELKONET, "Telkonet powerline" },
|
|
|
|
|
{ETHERTYPE_EPL_V2, "ETHERNET Powerlink v2" },
|
|
|
|
|
{ETHERTYPE_XIMETA, "XiMeta Technology" },
|
|
|
|
|
{ETHERTYPE_CSM_ENCAPS, "CSM_ENCAPS Protocol" },
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_IEEE802_OUI_EXTENDED, "IEEE 802a OUI Extended Ethertype" },
|
2008-02-27 21:52:17 +00:00
|
|
|
{ETHERTYPE_IEC61850_GOOSE, "IEC 61850/GOOSE" },
|
|
|
|
|
{ETHERTYPE_IEC61850_GSE, "IEC 61850/GSE management services" },
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_IEC61850_SV, "IEC 61850/SV (Sampled Value Transmission" },
|
|
|
|
|
{ETHERTYPE_TIPC, "Transparent Inter Process Communication" },
|
|
|
|
|
{ETHERTYPE_LLDP, "802.1 Link Layer Discovery Protocol (LLDP)" },
|
|
|
|
|
{ETHERTYPE_3GPP2, "CDMA2000 A10 3GPP2 Packet" },
|
2008-12-10 07:00:26 +00:00
|
|
|
{ETHERTYPE_TTE_PCF, "TTEthernet Protocol Control Frame" },
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_LLTD, "Link Layer Topology Discovery (LLTD)" },
|
|
|
|
|
{ETHERTYPE_WSMP, "(WAVE) Short Message Protocol (WSM)" },
|
|
|
|
|
{ETHERTYPE_COBRANET, "Cirrus Cobranet Packet" },
|
|
|
|
|
{ETHERTYPE_NSRP, "Juniper Netscreen Redundant Protocol" },
|
2001-06-14 20:37:07 +00:00
|
|
|
/*
|
2001-06-15 20:23:41 +00:00
|
|
|
* NDISWAN on Windows translates Ethernet frames from higher-level
|
|
|
|
|
* protocols into PPP frames to hand to the PPP driver, and translates
|
|
|
|
|
* PPP frames from the PPP driver to hand to the higher-level protocols.
|
|
|
|
|
*
|
|
|
|
|
* Apparently the PPP driver, on at least some versions of Windows,
|
|
|
|
|
* passes frames for internal-to-PPP protocols up through NDISWAN;
|
|
|
|
|
* the protocol type field appears to be passed through unchanged
|
|
|
|
|
* (unlike what's done with, for example, the protocol type field
|
|
|
|
|
* for IP, which is mapped from its PPP value to its Ethernet value).
|
|
|
|
|
*
|
|
|
|
|
* This means that we may see, on Ethernet captures, frames for
|
|
|
|
|
* protocols internal to PPP, so we list as "Ethernet" protocol
|
|
|
|
|
* types the PPP protocol types we've seen.
|
2001-06-14 20:37:07 +00:00
|
|
|
*/
|
2008-02-27 21:52:17 +00:00
|
|
|
{PPP_IPCP, "PPP IP Control Protocol" },
|
|
|
|
|
{PPP_LCP, "PPP Link Control Protocol" },
|
|
|
|
|
{PPP_PAP, "PPP Password Authentication Protocol" },
|
|
|
|
|
{PPP_CCP, "PPP Compression Control Protocol" },
|
|
|
|
|
{ETHERTYPE_LLT, "Veritas Low Latency Transport (not officially registered)"},
|
|
|
|
|
{ETHERTYPE_CFM, "IEEE 802.1ag Connectivity Fault Management (CFM) protocol" },
|
2008-08-14 17:03:30 +00:00
|
|
|
{ETHERTYPE_FCOE, "Fibre Channel over Ethernet" },
|
2008-07-15 20:56:22 +00:00
|
|
|
{ETHERTYPE_FIP, "FCoE Initialization Protocol" },
|
2008-02-27 21:52:17 +00:00
|
|
|
{ETHERTYPE_PTP, "PTPv2 over Ethernet (IEEE1588)"},
|
|
|
|
|
{ETHERTYPE_PRP, "Parallel Redundancy Protocol (IEC62439 Chapter 6)"},
|
|
|
|
|
{0, NULL } };
|
1998-11-03 07:45:10 +00:00
|
|
|
|
2007-12-16 00:35:34 +00:00
|
|
|
static void add_dix_trailer(packet_info *pinfo, proto_tree *fh_tree,
|
|
|
|
|
int trailer_id, tvbuff_t *tvb, tvbuff_t *next_tvb, int offset_after_etype,
|
|
|
|
|
guint length_before, gint fcs_len);
|
In "ethertype()", catch exceptions from the dissector we call, and, if
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
2001-01-18 08:38:10 +00:00
|
|
|
|
1999-02-09 00:35:38 +00:00
|
|
|
void
|
2002-08-02 23:36:07 +00:00
|
|
|
capture_ethertype(guint16 etype, const guchar *pd, int offset, int len,
|
2001-11-20 21:59:18 +00:00
|
|
|
packet_counts *ld)
|
1999-02-09 00:35:38 +00:00
|
|
|
{
|
|
|
|
|
switch (etype) {
|
2002-10-14 17:33:50 +00:00
|
|
|
case ETHERTYPE_ARP:
|
|
|
|
|
ld->arp++;
|
|
|
|
|
break;
|
1999-02-09 00:35:38 +00:00
|
|
|
case ETHERTYPE_IP:
|
2001-11-20 21:59:18 +00:00
|
|
|
capture_ip(pd, offset, len, ld);
|
1999-02-09 00:35:38 +00:00
|
|
|
break;
|
2002-10-22 22:04:23 +00:00
|
|
|
case ETHERTYPE_IPv6:
|
|
|
|
|
capture_ipv6(pd, offset, len, ld);
|
|
|
|
|
break;
|
1999-11-30 23:56:37 +00:00
|
|
|
case ETHERTYPE_IPX:
|
2002-04-24 06:03:34 +00:00
|
|
|
capture_ipx(ld);
|
1999-11-30 23:56:37 +00:00
|
|
|
break;
|
1999-12-05 20:05:45 +00:00
|
|
|
case ETHERTYPE_VLAN:
|
2001-11-20 21:59:18 +00:00
|
|
|
capture_vlan(pd, offset, len, ld);
|
1999-12-05 20:05:45 +00:00
|
|
|
break;
|
2007-08-17 21:21:18 +00:00
|
|
|
case ETHERTYPE_IEEE_802_1AD:
|
|
|
|
|
case ETHERTYPE_IEEE_802_1AH:
|
|
|
|
|
capture_ieee8021ah(pd, offset, len, ld);
|
|
|
|
|
break;
|
2003-04-22 08:50:07 +00:00
|
|
|
case ETHERTYPE_VINES_IP:
|
|
|
|
|
case ETHERTYPE_VINES_ECHO:
|
2002-04-24 06:03:34 +00:00
|
|
|
capture_vines(ld);
|
2000-01-20 21:34:16 +00:00
|
|
|
break;
|
1999-02-09 00:35:38 +00:00
|
|
|
default:
|
|
|
|
|
ld->other++;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-01-18 07:44:41 +00:00
|
|
|
void
|
|
|
|
|
ethertype(guint16 etype, tvbuff_t *tvb, int offset_after_etype,
|
|
|
|
|
packet_info *pinfo, proto_tree *tree, proto_tree *fh_tree,
|
2003-10-01 07:11:49 +00:00
|
|
|
int etype_id, int trailer_id, int fcs_len)
|
1998-09-16 02:39:15 +00:00
|
|
|
{
|
2005-06-26 19:56:52 +00:00
|
|
|
const char *description;
|
2008-07-13 18:56:54 +00:00
|
|
|
tvbuff_t *volatile next_tvb;
|
In "ethertype()", catch exceptions from the dissector we call, and, if
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
2001-01-18 08:38:10 +00:00
|
|
|
guint length_before;
|
2008-07-13 18:56:54 +00:00
|
|
|
gint captured_length, reported_length;
|
2005-05-30 20:58:20 +00:00
|
|
|
volatile gboolean dissector_found = FALSE;
|
2008-11-22 15:55:01 +00:00
|
|
|
const char *volatile saved_proto;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2003-08-21 21:05:30 +00:00
|
|
|
/* Add the Ethernet type to the protocol tree */
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
if (tree) {
|
2001-01-18 07:44:41 +00:00
|
|
|
proto_tree_add_uint(fh_tree, etype_id, tvb,
|
|
|
|
|
offset_after_etype - 2, 2, etype);
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
}
|
|
|
|
|
|
2008-07-13 18:56:54 +00:00
|
|
|
/* Get the captured length and reported length of the data
|
|
|
|
|
after the Ethernet type. */
|
|
|
|
|
captured_length = tvb_length_remaining(tvb, offset_after_etype);
|
|
|
|
|
reported_length = tvb_reported_length_remaining(tvb,
|
|
|
|
|
offset_after_etype);
|
2000-05-19 04:54:36 +00:00
|
|
|
|
2008-07-13 18:56:54 +00:00
|
|
|
/* Remember how much data there is after the Ethernet type,
|
|
|
|
|
including any trailer and FCS. */
|
|
|
|
|
length_before = reported_length;
|
|
|
|
|
|
|
|
|
|
/* Construct a tvbuff for the payload after the Ethernet type.
|
|
|
|
|
If the FCS length is positive, remove the FCS.
|
|
|
|
|
(If it's zero, there's no FCS; if it's negative,
|
|
|
|
|
we don't know whether there's an FCS, so we'll
|
|
|
|
|
guess based on the length of the trailer.) */
|
|
|
|
|
if (fcs_len > 0) {
|
|
|
|
|
if (captured_length >= 0 && reported_length >= 0) {
|
|
|
|
|
if (reported_length >= fcs_len)
|
|
|
|
|
reported_length -= fcs_len;
|
|
|
|
|
if (captured_length > reported_length)
|
|
|
|
|
captured_length = reported_length;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset_after_etype, captured_length,
|
|
|
|
|
reported_length);
|
2001-02-01 07:34:33 +00:00
|
|
|
|
2008-07-13 18:56:54 +00:00
|
|
|
pinfo->ethertype = etype;
|
2001-01-18 07:44:41 +00:00
|
|
|
|
In "ethertype()", catch exceptions from the dissector we call, and, if
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
2001-01-18 08:38:10 +00:00
|
|
|
/* Look for sub-dissector, and call it if found.
|
2004-02-21 00:33:31 +00:00
|
|
|
Catch exceptions, so that if the reported length of "next_tvb"
|
|
|
|
|
was reduced by some dissector before an exception was thrown,
|
|
|
|
|
we can still put in an item for the trailer. */
|
2004-02-21 05:12:45 +00:00
|
|
|
saved_proto = pinfo->current_proto;
|
In "ethertype()", catch exceptions from the dissector we call, and, if
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
2001-01-18 08:38:10 +00:00
|
|
|
TRY {
|
|
|
|
|
dissector_found = dissector_try_port(ethertype_dissector_table,
|
|
|
|
|
etype, next_tvb, pinfo, tree);
|
|
|
|
|
}
|
2004-02-21 00:33:31 +00:00
|
|
|
CATCH(BoundsError) {
|
|
|
|
|
/* Somebody threw BoundsError, which means that:
|
|
|
|
|
|
|
|
|
|
1) a dissector was found, so we don't need to
|
|
|
|
|
dissect the payload as data or update the
|
|
|
|
|
protocol or info columns;
|
|
|
|
|
|
|
|
|
|
2) dissecting the payload found that the packet was
|
|
|
|
|
cut off by a snapshot length before the end of
|
|
|
|
|
the payload. The trailer comes after the payload,
|
|
|
|
|
so *all* of the trailer is cut off, and we'll
|
|
|
|
|
just get another BoundsError if we add the trailer.
|
|
|
|
|
|
|
|
|
|
Therefore, we just rethrow the exception so it gets
|
|
|
|
|
reported; we don't dissect the trailer or do anything
|
|
|
|
|
else. */
|
|
|
|
|
RETHROW;
|
|
|
|
|
}
|
2007-01-15 05:16:13 +00:00
|
|
|
CATCH(OutOfMemoryError) {
|
|
|
|
|
RETHROW;
|
|
|
|
|
}
|
2004-02-21 00:33:31 +00:00
|
|
|
CATCH_ALL {
|
|
|
|
|
/* Somebody threw an exception other than BoundsError, which
|
|
|
|
|
means that a dissector was found, so we don't need to
|
|
|
|
|
dissect the payload as data or update the protocol or info
|
|
|
|
|
columns. We just show the exception and then drive on
|
|
|
|
|
to show the trailer, after noting that a dissector was
|
2004-02-21 05:12:45 +00:00
|
|
|
found and restoring the protocol value that was in effect
|
|
|
|
|
before we called the subdissector. */
|
2005-01-16 16:06:15 +00:00
|
|
|
show_exception(next_tvb, pinfo, tree, EXCEPT_CODE, GET_MESSAGE);
|
2004-02-21 05:12:45 +00:00
|
|
|
dissector_found = TRUE;
|
|
|
|
|
pinfo->current_proto = saved_proto;
|
In "ethertype()", catch exceptions from the dissector we call, and, if
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
2001-01-18 08:38:10 +00:00
|
|
|
}
|
|
|
|
|
ENDTRY;
|
|
|
|
|
|
|
|
|
|
if (!dissector_found) {
|
Allow either old-style (pre-tvbuff) or new-style (tvbuffified)
dissectors to be registered as dissectors for particular ports,
registered as heuristic dissectors, and registered as dissectors for
conversations, and have routines to be used both by old-style and
new-style dissectors to call registered dissectors.
Have the code that calls those dissectors translate the arguments as
necessary. (For conversation dissectors, replace
"find_conversation_dissector()", which just returns a pointer to the
dissector, with "old_try_conversation_dissector()" and
"try_conversation_dissector()", which actually call the dissector, so
that there's a single place at which we can do that translation. Also
make "dissector_lookup()" static and, instead of calling it and, if it
returns a non-null pointer, calling that dissector, just use
"old_dissector_try_port()" or "dissector_try_port()", for the same
reason.)
This allows some dissectors that took old-style arguments and
immediately translated them to new-style arguments to just take
new-style arguments; make them do so. It also allows some new-style
dissectors not to have to translate arguments before calling routines to
look up and call dissectors; make them not do so.
Get rid of checks for too-short frames in new-style dissectors - the
tvbuff code does those checks for you.
Give the routines to register old-style dissectors, and to call
dissectors from old-style dissectors, names beginning with "old_", with
the routines for new-style dissectors not having the "old_". Update the
dissectors that use those routines appropriately.
Rename "dissect_data()" to "old_dissect_data()", and
"dissect_data_tvb()" to "dissect_data()".
svn path=/trunk/; revision=2218
2000-08-07 03:21:25 +00:00
|
|
|
/* No sub-dissector found.
|
|
|
|
|
Label rest of packet as "Data" */
|
2001-11-26 04:52:51 +00:00
|
|
|
call_dissector(data_handle,next_tvb, pinfo, tree);
|
1999-06-22 22:02:39 +00:00
|
|
|
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
/* Label protocol */
|
2004-09-23 18:48:11 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
|
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_PROTOCOL, "0x%04x",
|
|
|
|
|
etype);
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
}
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
description = match_strval(etype, etype_vals);
|
|
|
|
|
if (description) {
|
2009-07-09 20:44:28 +00:00
|
|
|
col_add_str(pinfo->cinfo, COL_INFO,
|
In "ethertype()", catch exceptions from the dissector we call, and, if
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
2001-01-18 08:38:10 +00:00
|
|
|
description);
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
|
2007-12-16 00:35:34 +00:00
|
|
|
add_dix_trailer(pinfo, fh_tree, trailer_id, tvb, next_tvb, offset_after_etype,
|
2003-10-01 07:11:49 +00:00
|
|
|
length_before, fcs_len);
|
In "ethertype()", catch exceptions from the dissector we call, and, if
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
2001-01-18 08:38:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2007-12-16 00:35:34 +00:00
|
|
|
add_dix_trailer(packet_info *pinfo, proto_tree *fh_tree, int trailer_id,
|
|
|
|
|
tvbuff_t *tvb, tvbuff_t *next_tvb, int offset_after_etype,
|
|
|
|
|
guint length_before, gint fcs_len)
|
In "ethertype()", catch exceptions from the dissector we call, and, if
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
2001-01-18 08:38:10 +00:00
|
|
|
{
|
|
|
|
|
guint length;
|
2007-11-27 21:23:45 +00:00
|
|
|
tvbuff_t *trailer_tvb;
|
In "ethertype()", catch exceptions from the dissector we call, and, if
we get an exception, add in any trailer we and then rethrow the
exception, so that the trailer will be put into the tree even if some
subdissector threw an exception. (Yes, an exception can be thrown even
in a frame with a trailer; you could have a frame, all of which was
captured, that has an IP datagram containing a UDP datagram, and if the
UDP payload isn't big enough for the type of packet it's supposed to be,
a ReportedBoundsError exception can be thrown.)
svn path=/trunk/; revision=2917
2001-01-18 08:38:10 +00:00
|
|
|
|
|
|
|
|
if (fh_tree == NULL)
|
|
|
|
|
return; /* we're not building a protocol tree */
|
|
|
|
|
|
2001-01-18 07:44:41 +00:00
|
|
|
/* OK, how much is there in that tvbuff now? */
|
|
|
|
|
length = tvb_reported_length(next_tvb);
|
|
|
|
|
|
|
|
|
|
/* If there's less than there was before, what's left is
|
|
|
|
|
a trailer. */
|
|
|
|
|
if (length < length_before) {
|
|
|
|
|
/*
|
2004-01-28 20:09:44 +00:00
|
|
|
* Is any of the padding present in the tvbuff?
|
2001-01-18 07:44:41 +00:00
|
|
|
*/
|
2004-01-28 20:09:44 +00:00
|
|
|
if (tvb_offset_exists(tvb, offset_after_etype + length)) {
|
|
|
|
|
/*
|
|
|
|
|
* Yes - create a tvbuff for the padding.
|
|
|
|
|
*/
|
2001-01-18 07:44:41 +00:00
|
|
|
trailer_tvb = tvb_new_subset(tvb,
|
|
|
|
|
offset_after_etype + length, -1, -1);
|
2004-01-28 20:09:44 +00:00
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* No - don't bother showing the trailer.
|
|
|
|
|
* XXX - show a Short Frame indication?
|
|
|
|
|
*/
|
2001-01-18 07:44:41 +00:00
|
|
|
trailer_tvb = NULL;
|
|
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
trailer_tvb = NULL; /* no trailer */
|
|
|
|
|
|
2007-12-16 00:35:34 +00:00
|
|
|
add_ethernet_trailer(pinfo, fh_tree, trailer_id, tvb, trailer_tvb, fcs_len);
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
}
|
1999-06-22 22:02:39 +00:00
|
|
|
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
void
|
|
|
|
|
proto_register_ethertype(void)
|
|
|
|
|
{
|
|
|
|
|
/* subdissector code */
|
2001-12-08 06:41:48 +00:00
|
|
|
ethertype_dissector_table = register_dissector_table("ethertype",
|
|
|
|
|
"Ethertype", FT_UINT16, BASE_HEX);
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
}
|
2001-11-26 04:52:51 +00:00
|
|
|
|
|
|
|
|
void
|
2003-10-01 07:11:49 +00:00
|
|
|
proto_reg_handoff_ethertype(void)
|
|
|
|
|
{
|
|
|
|
|
data_handle = find_dissector("data");
|
2001-11-26 04:52:51 +00:00
|
|
|
}
|