diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:34:10 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:34:10 +0000 |
commit | e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc (patch) | |
tree | 68cb5ef9081156392f1dd62a00c6ccc1451b93df /epan/dissectors/packet-llc.c | |
parent | Initial commit. (diff) | |
download | wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.tar.xz wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.zip |
Adding upstream version 4.2.2.upstream/4.2.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'epan/dissectors/packet-llc.c')
-rw-r--r-- | epan/dissectors/packet-llc.c | 960 |
1 files changed, 960 insertions, 0 deletions
diff --git a/epan/dissectors/packet-llc.c b/epan/dissectors/packet-llc.c new file mode 100644 index 00000000..df0ce1be --- /dev/null +++ b/epan/dissectors/packet-llc.c @@ -0,0 +1,960 @@ +/* packet-llc.c + * Routines for IEEE 802.2 LLC layer + * Gilbert Ramirez <gram@alumni.rice.edu> + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" + +#include <epan/packet.h> +#include <epan/capture_dissectors.h> +#include <wsutil/pint.h> +#include <epan/oui.h> +#include <epan/xdlc.h> +#include <epan/llcsaps.h> +#include <epan/bridged_pids.h> +#include <epan/ppptypes.h> +#include <epan/arcnet_pids.h> +#include <epan/nlpid.h> +#include <epan/addr_resolv.h> +#include "packet-fc.h" +#include "packet-ip.h" +#include "packet-ipx.h" +#include "packet-netbios.h" +#include "packet-sll.h" +#include "packet-juniper.h" + +#include "packet-llc.h" + +void proto_register_basicxid(void); +void proto_register_llc(void); +void proto_reg_handoff_llc(void); + +#define UDP_PORT_LLC_RANGE "12000-12004" + +static int proto_llc = -1; +static int hf_llc_dsap = -1; +static int hf_llc_ssap = -1; +static int hf_llc_dsap_sap = -1; +static int hf_llc_dsap_ig = -1; +static int hf_llc_ssap_sap = -1; +static int hf_llc_ssap_cr = -1; +static int hf_llc_ctrl = -1; +static int hf_llc_n_r = -1; +static int hf_llc_n_s = -1; +static int hf_llc_p = -1; +static int hf_llc_p_ext = -1; +static int hf_llc_f = -1; +static int hf_llc_f_ext = -1; +static int hf_llc_s_ftype = -1; +static int hf_llc_u_modifier_cmd = -1; +static int hf_llc_u_modifier_resp = -1; +static int hf_llc_ftype_i = -1; +static int hf_llc_ftype_s_u = -1; +static int hf_llc_ftype_s_u_ext = -1; +static int hf_llc_type = -1; +static int hf_llc_oui = -1; +static int hf_llc_pid = -1; + +static int proto_basicxid = -1; +static int hf_llc_xid_format = -1; +static int hf_llc_xid_types = -1; +static int hf_llc_xid_wsize = -1; + +static gint ett_llc = -1; +static gint ett_llc_dsap = -1; +static gint ett_llc_ssap = -1; +static gint ett_llc_ctrl = -1; +static gint ett_llc_basicxid = -1; + +static dissector_table_t dsap_subdissector_table; +static dissector_table_t xid_subdissector_table; + +static dissector_table_t ethertype_subdissector_table; +static dissector_table_t hpteam_subdissector_table; +static dissector_table_t other_control_dissector_table; + +static dissector_handle_t bpdu_handle; +static dissector_handle_t eth_withoutfcs_handle; +static dissector_handle_t eth_withfcs_handle; +static dissector_handle_t fddi_handle; +static dissector_handle_t tr_handle; +static dissector_handle_t turbo_handle; +static dissector_handle_t mesh_handle; +static dissector_handle_t llc_handle; +static dissector_handle_t epd_llc_handle; + +/* + * Group/Individual bit, in the DSAP. + */ +#define DSAP_GI_BIT 0x01 + +/* + * Command/Response bit, in the SSAP. + * + * The low-order bit of the SSAP apparently determines whether this + * is a request or a response. (RFC 1390, "Transmission of IP and + * ARP over FDDI Networks", says + * + * Command frames are identified by having the low order + * bit of the SSAP address reset to zero. Response frames + * have the low order bit of the SSAP address set to one. + * + * and a page I've seen seems to imply that's part of 802.2.) + */ +#define SSAP_CR_BIT 0x01 + +/* + * Mask to extrace the SAP number from the DSAP or the SSAP. + */ +#define SAP_MASK 0xFE + +/* + * These are for SSAP and DSAP, wth last bit always zero. + * XXX - some DSAPs come in separate "individual" and "group" versions, + * with the last bit 0 and 1, respectively (e.g., LLC Sub-layer Management, + * IBM SNA Path Control, IBM Net Management), but, whilst 0xFE is + * the ISO Network Layer Protocol, 0xFF is the Global LSAP. + */ +const value_string sap_vals[] = { + { SAP_NULL, "NULL LSAP" }, + { SAP_NULL+1, "NULL LSAP" }, + { SAP_LLC_SLMGMT, "LLC Sub-Layer Management" }, + { SAP_SNA_PATHCTRL, "SNA Path Control" }, + { SAP_IP, "TCP/IP" }, + { SAP_SNA1, "SNA" }, + { SAP_SNA2, "SNA" }, + { SAP_PROWAY_NM_INIT, "PROWAY (IEC955) Network Management and Initialization" }, + { SAP_NETWARE1, "NetWare (unofficial?)" }, + { SAP_OSINL1, "ISO Network Layer (OSLAN 1)" }, + { SAP_TI, "Texas Instruments" }, + { SAP_OSINL2, "ISO Network Layer (unofficial?)" }, + { SAP_OSINL3, "ISO Network Layer (unofficial?)" }, + { SAP_BPDU, "Spanning Tree BPDU" }, + { SAP_RS511, "EIA RS-511 Manufacturing Message Service" }, + { SAP_OSINL4, "ISO Network Layer (OSLAN 2)" }, + { SAP_X25, "ISO 8208 (X.25 over 802.2)" }, + /* + * XXX - setting the group bit of SAP_X25 make 0x7F; is this just + * a group version of that? + */ + { 0x7F, "ISO 802.2" }, + { SAP_XNS, "XNS" }, + { SAP_BACNET, "BACnet" }, + { SAP_NESTAR, "Nestar" }, + { SAP_PROWAY_ASLM, "PROWAY (IEC955) Active Station List Maintenance" }, + { SAP_ARP, "ARP" }, /* XXX - hand to "dissect_arp()"? */ + { SAP_HPJD, "HP JetDirect Printer" }, + { SAP_SNAP, "SNAP" }, + { SAP_VINES1, "Banyan Vines" }, + { SAP_VINES2, "Banyan Vines" }, + { SAP_NETWARE2, "NetWare" }, + { SAP_NETBIOS, "NetBIOS" }, + { SAP_IBMNM, "IBM Net Management" }, + { SAP_HPEXT, "HP Extended LLC" }, + { SAP_UB, "Ungermann-Bass" }, + { SAP_RPL, "Remote Program Load" }, + { SAP_OSINL5, "ISO Network Layer" }, + { SAP_GLOBAL, "Global LSAP" }, + { 0x00, NULL } +}; + +static const value_string format_vals[] = { + { 0x81, "LLC basic format" }, + { 0, NULL } +}; + +/* + * Mask to extract the type from XID frame. + */ +#define TYPES_MASK 0x1F + +static const value_string type_vals[] = { + { 1, "Type 1 LLC (Class I LLC)" }, + { 2, "Type 2 LLC" }, + { 3, "Type 1 and Type 2 LLCs (Class II LLC)" }, + { 4, "Type 3 LLC" }, + { 5, "Type 1 and Type 3 LLCs (Class III LLC)" }, + { 6, "Type 2 and Type 3 LLCs" }, + { 7, "Type 1 and Type 2 and Type 3 LLCs (Class IV LLC)" }, + { 0, NULL } +}; + +/* + * Hash table for translating OUIs to an oui_info_t. + */ +static wmem_map_t *oui_info_table = NULL; + +/* + * Decode the SAP value as a bitfield into a string, skipping the GI/CR bit. + * Ordinarily, this could be done easily by specifying a bitmask in the + * corresponding hf_ entry for the DSAP/SSAP value and simply using a + * proto_tree_add_... function to add the item into a proto tree. The + * problem is that the proto_tree_add_... functions always bitshift the + * value if a bitmask is specified. A SAP value always comprises the entire + * octet, however, and must not be shifted. Therefore, using a simple + * proto_tree_add_... function to display the topmost 7 bits of the SAP + * value as a bitfield produces incorrect results (while the bitfield is + * displayed correctly, Wireshark uses the bitshifted value to display the + * associated name and for filtering purposes). This function calls a + * BASE_CUSTOM routine to decode the SAP value as a bitfield + * counter-balancing the bitshift of the original value. + */ + +static void +llc_sap_value( gchar *result, guint32 sap ) +{ + snprintf( result, ITEM_LABEL_LENGTH, "%s", val_to_str_const(sap<<1, sap_vals, "Unknown")); +} + +/* + * Add an entry for a new OUI. + */ +void +llc_add_oui(guint32 oui, const char *table_name, const char *table_ui_name, + hf_register_info *hf_item, const int proto) +{ + oui_info_t *new_info; + + new_info = wmem_new(wmem_epan_scope(), oui_info_t); + new_info->table = register_dissector_table(table_name, + table_ui_name, proto, FT_UINT16, BASE_HEX); + new_info->field_info = hf_item; + + /* + * Create the hash table for OUI information, if it doesn't + * already exist. + */ + if (oui_info_table == NULL) { + oui_info_table = wmem_map_new(wmem_epan_scope(), g_direct_hash, + g_direct_equal); + } + wmem_map_insert(oui_info_table, GUINT_TO_POINTER(oui), new_info); +} + +static gboolean +capture_snap(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_) +{ + guint32 oui; + guint16 etype; + + if (!BYTES_ARE_IN_FRAME(offset, len, 5)) + return FALSE; + + oui = pd[offset] << 16 | pd[offset+1] << 8 | pd[offset+2]; + etype = pntoh16(&pd[offset+3]); + switch (oui) { + + case OUI_ENCAP_ETHER: + case OUI_CISCO_90: + return try_capture_dissector("ethertype", etype, pd, offset+5, len, cpinfo, pseudo_header); + + case OUI_CISCO: + return try_capture_dissector("ethertype", etype, pd, offset+5, len, cpinfo, pseudo_header); + + case OUI_MARVELL: + /* + * OLPC packet. The PID is an Ethertype, but + * there's a mesh header between the PID and + * the payload. (We assume the header is + * 5 bytes, for now). + */ + return try_capture_dissector("ethertype", etype, pd, offset+5+5, len, cpinfo, pseudo_header); + } + + return FALSE; +} + +static gboolean +capture_llc(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_) { + + int is_snap; + guint16 control; + int llc_header_len; + + if (!BYTES_ARE_IN_FRAME(offset, len, 2)) + return FALSE; + + is_snap = (pd[offset] == SAP_SNAP) && (pd[offset+1] == SAP_SNAP); + llc_header_len = 2; /* DSAP + SSAP */ + + /* + * XXX - the page referred to in the comment above about the + * Command/Response bit also implies that LLC Type 2 always + * uses extended operation, so we don't need to determine + * whether it's basic or extended operation; is that the case? + */ + control = get_xdlc_control(pd, offset+2, pd[offset+1] & SSAP_CR_BIT); + llc_header_len += XDLC_CONTROL_LEN(control, TRUE); + if (!BYTES_ARE_IN_FRAME(offset, len, llc_header_len)) + return FALSE; + + if (!XDLC_IS_INFORMATION(control)) + return FALSE; + + if (is_snap) + return capture_snap(pd, offset+llc_header_len, len, cpinfo, pseudo_header); + + /* non-SNAP */ + return try_capture_dissector("llc.dsap", pd[offset], pd, offset + llc_header_len, len, cpinfo, pseudo_header); +} + +/* Used only for U frames */ +static const xdlc_cf_items llc_cf_items = { + NULL, + NULL, + &hf_llc_p, + &hf_llc_f, + NULL, + &hf_llc_u_modifier_cmd, + &hf_llc_u_modifier_resp, + NULL, + &hf_llc_ftype_s_u +}; + +/* Used only for I and S frames */ +static const xdlc_cf_items llc_cf_items_ext = { + &hf_llc_n_r, + &hf_llc_n_s, + &hf_llc_p_ext, + &hf_llc_f_ext, + &hf_llc_s_ftype, + NULL, + NULL, + &hf_llc_ftype_i, + &hf_llc_ftype_s_u_ext +}; + +static int +dissect_basicxid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) +{ + proto_tree *xid_tree = NULL; + proto_item *ti = NULL; + guint8 format, types, wsize; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "XID"); + col_clear(pinfo->cinfo, COL_INFO); + + format = tvb_get_guint8(tvb, 0); + + ti = proto_tree_add_item(tree, proto_basicxid, tvb, 0, -1, ENC_NA); + xid_tree = proto_item_add_subtree(ti, ett_llc_basicxid); + proto_tree_add_uint(xid_tree, hf_llc_xid_format, tvb, 0, 1, format); + + col_append_str(pinfo->cinfo, COL_INFO, "Basic Format"); + + types = tvb_get_guint8(tvb, 1); + proto_tree_add_uint(xid_tree, hf_llc_xid_types, tvb, 1, + 1, types & TYPES_MASK); + + col_append_fstr(pinfo->cinfo, COL_INFO, + "; %s", val_to_str(types & TYPES_MASK, type_vals, "0x%02x") + ); + + wsize = tvb_get_guint8(tvb, 2); + proto_tree_add_uint(xid_tree, hf_llc_xid_wsize, tvb, 2, + 1, (wsize & 0xFE) >> 1); + + col_append_fstr(pinfo->cinfo, COL_INFO, + "; Window Size %d", (wsize & 0xFE) >> 1); + return tvb_captured_length(tvb); +} + +/* + * IEEE Std 802.2-1998 and ISO/IEC 8802-2. + * + * This is what IEEE Std 802-2014 describes in section 5.2.2 "LLC sublayer" + * as "LLC protocol discrimination (LPD)". + */ +static int +dissect_llc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +{ + proto_tree *llc_tree; + proto_tree *field_tree; + proto_item *ti, *sap_item; + int is_snap; + guint16 control; + int llc_header_len; + guint8 dsap, ssap, format; + tvbuff_t *next_tvb; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "LLC"); + col_clear(pinfo->cinfo, COL_INFO); + + dsap = tvb_get_guint8(tvb, 0); + + ti = proto_tree_add_item(tree, proto_llc, tvb, 0, -1, ENC_NA); + llc_tree = proto_item_add_subtree(ti, ett_llc); + + sap_item = proto_tree_add_item(llc_tree, hf_llc_dsap, tvb, 0, 1, ENC_BIG_ENDIAN); + field_tree = proto_item_add_subtree(sap_item, ett_llc_dsap); + proto_tree_add_item(field_tree, hf_llc_dsap_sap, tvb, 0, 1, ENC_BIG_ENDIAN); + proto_tree_add_item(field_tree, hf_llc_dsap_ig, tvb, 0, 1, ENC_NA); + + ssap = tvb_get_guint8(tvb, 1); + sap_item = proto_tree_add_item(llc_tree, hf_llc_ssap, tvb, 1, 1, ENC_BIG_ENDIAN); + field_tree = proto_item_add_subtree(sap_item, ett_llc_ssap); + proto_tree_add_item(field_tree, hf_llc_ssap_sap, tvb, 1, 1, ENC_BIG_ENDIAN); + proto_tree_add_item(field_tree, hf_llc_ssap_cr, tvb, 1, 1, ENC_NA); + + is_snap = (dsap == SAP_SNAP) && (ssap == SAP_SNAP); + llc_header_len = 2; /* DSAP + SSAP */ + + /* + * XXX - the page referred to in the comment above about the + * Command/Response bit also implies that LLC Type 2 always + * uses extended operation, so we don't need to determine + * whether it's basic or extended operation; is that the case? + */ + control = dissect_xdlc_control(tvb, 2, pinfo, llc_tree, + hf_llc_ctrl, ett_llc_ctrl, + &llc_cf_items, &llc_cf_items_ext, + NULL, NULL, ssap & SSAP_CR_BIT, TRUE, FALSE); + llc_header_len += XDLC_CONTROL_LEN(control, TRUE); + if (is_snap) + llc_header_len += 5; /* 3 bytes of OUI, 2 bytes of protocol ID */ + + if (tree) + proto_item_set_len(ti, llc_header_len); + + if (is_snap) { + dissect_snap(tvb, 2+XDLC_CONTROL_LEN(control, TRUE), pinfo, tree, llc_tree, control, + hf_llc_oui, hf_llc_type, hf_llc_pid, 2); + } + else { + col_append_fstr(pinfo->cinfo, COL_INFO, + "; DSAP %s %s, SSAP %s %s", + val_to_str(dsap & SAP_MASK, sap_vals, "0x%02x"), + dsap & DSAP_GI_BIT ? + "Group" : "Individual", + val_to_str(ssap & SAP_MASK, sap_vals, "0x%02x"), + ssap & SSAP_CR_BIT ? + "Response" : "Command" + ); + + if (tvb_reported_length_remaining(tvb, llc_header_len) > 0) { + next_tvb = tvb_new_subset_remaining(tvb, llc_header_len); + if (XDLC_IS_INFORMATION(control)) { + /* + * Non-SNAP I or UI frame. + * Try the regular LLC subdissector table + * with the DSAP. + */ + if (!dissector_try_uint(dsap_subdissector_table, + dsap, next_tvb, pinfo, tree)) { + call_data_dissector(next_tvb, pinfo, tree); + } + } else if ((control & (XDLC_U_MODIFIER_MASK|XDLC_U)) + == (XDLC_XID|XDLC_U)) { + /* + * Non-SNAP XID frame. + * Test for LLC basic format first + */ + format = tvb_get_guint8(next_tvb, 0); + if (format == 0x81) { + dissect_basicxid(next_tvb, pinfo, tree, data); + } else { + /* + * Try the XID LLC subdissector table + * with the DSAP. + */ + if (!dissector_try_uint( + xid_subdissector_table, dsap, + next_tvb, pinfo, tree)) { + call_data_dissector(next_tvb, pinfo, tree); + } + } + } else { + if (!dissector_try_uint( + other_control_dissector_table, control, + next_tvb, pinfo, tree)) { + call_data_dissector(next_tvb, pinfo, tree); + } + } + } + } + return tvb_captured_length(tvb); +} + +/* + * Dissect SNAP header; used elsewhere, e.g. in the Frame Relay dissector. + */ +void +dissect_snap(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, + proto_tree *snap_tree, int control, int hf_oui, int hf_type, int hf_pid, + int bridge_pad) +{ + guint32 oui; + const gchar *oui_str; + guint16 etype; + tvbuff_t *next_tvb; + oui_info_t *oui_info; + dissector_table_t subdissector_table; + int hf; + int mesh_header_len; + + /* + * XXX - what about non-UI frames? + */ + etype = tvb_get_ntohs(tvb, offset+3); + + proto_tree_add_item_ret_uint(snap_tree, hf_oui, tvb, offset, 3, ENC_BIG_ENDIAN, &oui); + oui_str = uint_get_manuf_name_if_known(oui); + + col_append_fstr(pinfo->cinfo, COL_INFO, + "; SNAP, OUI 0x%06X (%s), PID 0x%04X", + oui, oui_str ? oui_str : "Unknown", etype); + + switch (oui) { + + case OUI_HP_2: + /* + * We don't use the standard SNAP OUI mechanism here + * because that only calls the subdissector for + * information frames, and, according to the HP document + * at + * + * http://www.hp.com/sbso/bus_protect/teaming.pdf + * + * the heartbeats are sent to 03-00-C7-00-00-EE in SNAP + * frames in unnumbered TEST frames, not information + * frames (numbered or unnumbered). + * + * See the comment in epan/dissectors/packet-hpteam.c + * for more details. + */ + oui_info = get_snap_oui_info(oui); + hf = *oui_info->field_info->p_id; + proto_tree_add_uint(snap_tree, hf, tvb, offset+3, 2, etype); + next_tvb = tvb_new_subset_remaining(tvb, offset+5); + + if(!dissector_try_uint(hpteam_subdissector_table,etype, next_tvb, pinfo, tree)) + call_data_dissector(next_tvb, pinfo, tree); + break; + + case OUI_ENCAP_ETHER: + case OUI_CISCO_90: + if (XDLC_IS_INFORMATION(control)) { + if (tree) { + proto_tree_add_uint(snap_tree, hf_type, + tvb, offset+3, 2, etype); + } + next_tvb = tvb_new_subset_remaining(tvb, offset+5); + if (!dissector_try_uint(ethertype_subdissector_table, + etype, next_tvb, pinfo, tree)) + call_data_dissector(next_tvb, pinfo, tree); + } else { + next_tvb = tvb_new_subset_remaining(tvb, offset+5); + call_data_dissector(next_tvb, pinfo, tree); + } + break; + + case OUI_IEEE_802_1: + /* + * MAC frames bridged over ATM (RFC 2684) or Frame Relay + * (RFC 2427). + * + * We have to figure out how much padding to put + * into the frame. We were handed a "bridge_pad" + * argument which should be 0 for Frame Relay and + * 2 for ATM; we add to that the amount of padding + * common to both bridging types. + */ + if (tree) { + proto_tree_add_uint(snap_tree, hf_pid, tvb, offset+3, 2, + etype); + } + + switch (etype) { + + case BPID_ETH_WITH_FCS: + next_tvb = tvb_new_subset_remaining(tvb, offset+5+bridge_pad); + call_dissector(eth_withfcs_handle, next_tvb, pinfo, + tree); + break; + + case BPID_ETH_WITHOUT_FCS: + next_tvb = tvb_new_subset_remaining(tvb, offset+5+bridge_pad); + call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, tree); + break; + + case BPID_802_5_WITH_FCS: + case BPID_802_5_WITHOUT_FCS: + /* + * We treat the last padding byte as the Access + * Control byte, as that's what the Token + * Ring dissector expects the first byte to + * be. + */ + next_tvb = tvb_new_subset_remaining(tvb, offset+5+bridge_pad); + call_dissector(tr_handle, next_tvb, pinfo, tree); + break; + + case BPID_FDDI_WITH_FCS: + case BPID_FDDI_WITHOUT_FCS: + next_tvb = tvb_new_subset_remaining(tvb, offset+5+1+bridge_pad); + call_dissector(fddi_handle, next_tvb, pinfo, tree); + break; + + case BPID_BPDU: + next_tvb = tvb_new_subset_remaining(tvb, offset+5); + call_dissector(bpdu_handle, next_tvb, pinfo, tree); + break; + + default: + next_tvb = tvb_new_subset_remaining(tvb, offset+5); + call_data_dissector(next_tvb, pinfo, tree); + break; + } + break; + + case OUI_CABLE_BPDU: /* DOCSIS cable modem spanning tree BPDU */ + if (tree) { + proto_tree_add_uint(snap_tree, hf_pid, tvb, offset+3, 2, + etype); + } + next_tvb = tvb_new_subset_remaining(tvb, offset+5); + call_dissector(bpdu_handle, next_tvb, pinfo, tree); + break; + + case OUI_TURBOCELL: + next_tvb = tvb_new_subset_remaining(tvb, offset+3); + call_dissector(turbo_handle, next_tvb, pinfo, tree); + break; + + case OUI_MARVELL: + /* + * OLPC packet. The PID is an Ethertype, but + * there's a mesh header between the PID and + * the payload. + */ + if (XDLC_IS_INFORMATION(control)) { + if (tree) { + proto_tree_add_uint(snap_tree, hf_type, + tvb, offset+3, 2, etype); + } + next_tvb = tvb_new_subset_remaining(tvb, offset+5); + mesh_header_len = call_dissector(mesh_handle, + next_tvb, pinfo, tree); + next_tvb = tvb_new_subset_remaining(tvb, offset+5+mesh_header_len); + if (!dissector_try_uint(ethertype_subdissector_table, + etype, next_tvb, pinfo, tree)) + call_data_dissector(next_tvb, pinfo, tree); + } else { + next_tvb = tvb_new_subset_remaining(tvb, offset+5); + call_data_dissector(next_tvb, pinfo, tree); + } + break; + + default: + /* + * Do we have information for this OUI? + */ + oui_info = get_snap_oui_info(oui); + if (oui_info != NULL) { + /* + * Yes - use it. + */ + hf = *oui_info->field_info->p_id; + subdissector_table = oui_info->table; + } else { + /* + * No, use hf_pid for the PID and just dissect + * the payload as data. + */ + hf = hf_pid; + subdissector_table = NULL; + } + if (tree) { + proto_tree_add_uint(snap_tree, hf, tvb, offset+3, 2, + etype); + } + next_tvb = tvb_new_subset_remaining(tvb, offset+5); + if (XDLC_IS_INFORMATION(control)) { + if (subdissector_table != NULL) { + /* do lookup with the subdissector table */ + if (dissector_try_uint(subdissector_table, + etype, next_tvb, pinfo, tree)) + break; + } + } + call_data_dissector(next_tvb, pinfo, tree); + break; + } +} + +/* + * Return the oui_info_t for the PID for a particular OUI value, or NULL + * if there isn't one. + */ +oui_info_t * +get_snap_oui_info(guint32 oui) +{ + if (oui_info_table != NULL) { + return (oui_info_t *)wmem_map_lookup(oui_info_table, + GUINT_TO_POINTER(oui)); + } else + return NULL; +} + +/* + * This is what IEEE Std 802-2014 describes in section 5.2.2 "LLC sublayer" + * as "EtherType protocol discrimination (EPD)". + */ +static int +dissect_epd_llc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + proto_tree *llc_tree; + proto_item *ti; + guint32 etype; + tvbuff_t *next_tvb; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "LLC"); + col_clear(pinfo->cinfo, COL_INFO); + + ti = proto_tree_add_item(tree, proto_llc, tvb, 0, 2, ENC_NA); + llc_tree = proto_item_add_subtree(ti, ett_llc); + proto_tree_add_item_ret_uint(llc_tree, hf_llc_type, tvb, 0, 2, ENC_BIG_ENDIAN, &etype); + next_tvb = tvb_new_subset_remaining(tvb, 2); + if (dissector_try_uint(ethertype_subdissector_table, etype, next_tvb, + pinfo, tree) == 0) + call_data_dissector(next_tvb, pinfo, tree); + return tvb_captured_length(tvb); +} + +void +proto_register_llc(void) +{ + static struct true_false_string ig_bit = { "Group", "Individual" }; + static struct true_false_string cr_bit = { "Response", "Command" }; + + static hf_register_info hf[] = { + { &hf_llc_dsap, + { "DSAP", "llc.dsap", FT_UINT8, BASE_HEX, + VALS(sap_vals), 0x0, "Destination Service Access Point", HFILL }}, + + { &hf_llc_dsap_sap, + { "SAP", "llc.dsap.sap", FT_UINT8, BASE_CUSTOM, + CF_FUNC(llc_sap_value), 0xFE, "Service Access Point", HFILL }}, + + { &hf_llc_dsap_ig, + { "IG Bit", "llc.dsap.ig", FT_BOOLEAN, 8, + TFS(&ig_bit), DSAP_GI_BIT, "Individual/Group", HFILL }}, + + { &hf_llc_ssap, + { "SSAP", "llc.ssap", FT_UINT8, BASE_HEX, + VALS(sap_vals), 0x0, "Source Service Access Point", HFILL }}, + + { &hf_llc_ssap_sap, + { "SAP", "llc.ssap.sap", FT_UINT8, BASE_CUSTOM, + CF_FUNC(llc_sap_value), 0xFE, "Service Access Point", HFILL }}, + + { &hf_llc_ssap_cr, + { "CR Bit", "llc.ssap.cr", FT_BOOLEAN, 8, + TFS(&cr_bit), SSAP_CR_BIT, "Command/Response", HFILL }}, + + { &hf_llc_ctrl, + { "Control", "llc.control", FT_UINT16, BASE_HEX, + NULL, 0x0, NULL, HFILL }}, + + { &hf_llc_n_r, + { "N(R)", "llc.control.n_r", FT_UINT16, BASE_DEC, + NULL, XDLC_N_R_EXT_MASK, NULL, HFILL }}, + + { &hf_llc_n_s, + { "N(S)", "llc.control.n_s", FT_UINT16, BASE_DEC, + NULL, XDLC_N_S_EXT_MASK, NULL, HFILL }}, + + { &hf_llc_p, + { "Poll", "llc.control.p", FT_BOOLEAN, 8, + TFS(&tfs_set_notset), XDLC_P_F, NULL, HFILL }}, + + { &hf_llc_p_ext, + { "Poll", "llc.control.p", FT_BOOLEAN, 16, + TFS(&tfs_set_notset), XDLC_P_F_EXT, NULL, HFILL }}, + + { &hf_llc_f, + { "Final", "llc.control.f", FT_BOOLEAN, 8, + TFS(&tfs_set_notset), XDLC_P_F, NULL, HFILL }}, + + { &hf_llc_f_ext, + { "Final", "llc.control.f", FT_BOOLEAN, 16, + TFS(&tfs_set_notset), XDLC_P_F_EXT, NULL, HFILL }}, + + { &hf_llc_s_ftype, + { "Supervisory frame type", "llc.control.s_ftype", FT_UINT16, BASE_HEX, + VALS(stype_vals), XDLC_S_FTYPE_MASK, NULL, HFILL }}, + + { &hf_llc_u_modifier_cmd, + { "Command", "llc.control.u_modifier_cmd", FT_UINT8, BASE_HEX, + VALS(modifier_vals_cmd), XDLC_U_MODIFIER_MASK, NULL, HFILL }}, + + { &hf_llc_u_modifier_resp, + { "Response", "llc.control.u_modifier_resp", FT_UINT8, BASE_HEX, + VALS(modifier_vals_resp), XDLC_U_MODIFIER_MASK, NULL, HFILL }}, + + { &hf_llc_ftype_i, + { "Frame type", "llc.control.ftype", FT_UINT16, BASE_HEX, + VALS(ftype_vals), XDLC_I_MASK, NULL, HFILL }}, + + { &hf_llc_ftype_s_u, + { "Frame type", "llc.control.ftype", FT_UINT8, BASE_HEX, + VALS(ftype_vals), XDLC_S_U_MASK, NULL, HFILL }}, + + { &hf_llc_ftype_s_u_ext, + { "Frame type", "llc.control.ftype", FT_UINT16, BASE_HEX, + VALS(ftype_vals), XDLC_S_U_MASK, NULL, HFILL }}, + + /* registered here but handled in ethertype.c */ + { &hf_llc_type, + { "Type", "llc.type", FT_UINT16, BASE_HEX, + VALS(etype_vals), 0x0, NULL, HFILL }}, + + { &hf_llc_oui, + { "Organization Code", "llc.oui", FT_UINT24, BASE_OUI, + NULL, 0x0, NULL, HFILL }}, + + { &hf_llc_pid, + { "Protocol ID", "llc.pid", FT_UINT16, BASE_HEX, + NULL, 0x0, NULL, HFILL }} + }; + static gint *ett[] = { + &ett_llc, + &ett_llc_dsap, + &ett_llc_ssap, + &ett_llc_ctrl, + }; + + proto_llc = proto_register_protocol("Logical-Link Control", "LLC", "llc"); + proto_register_field_array(proto_llc, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + /* subdissector code */ + dsap_subdissector_table = register_dissector_table("llc.dsap", + "LLC SAP", proto_llc, FT_UINT8, BASE_HEX); + xid_subdissector_table = register_dissector_table("llc.xid_dsap", + "LLC XID SAP", proto_llc, FT_UINT8, BASE_HEX); + other_control_dissector_table = register_dissector_table("llc.control", + "LLC Control", proto_llc, FT_UINT16, BASE_HEX); + register_capture_dissector_table("llc.dsap", "LLC"); + + llc_handle = register_dissector("llc", dissect_llc, proto_llc); + epd_llc_handle = register_dissector("epd_llc", dissect_epd_llc, + proto_llc); + + register_capture_dissector("llc", capture_llc, proto_llc); +} + +void +proto_register_basicxid(void) +{ + static hf_register_info hf[] = { + { &hf_llc_xid_format, + { "XID Format", "basicxid.llc.xid.format", FT_UINT8, BASE_HEX, + VALS(format_vals), 0x0, NULL, HFILL }}, + + { &hf_llc_xid_types, + { "LLC Types/Classes", "basicxid.llc.xid.types", FT_UINT8, BASE_HEX, + VALS(type_vals), 0x0, NULL, HFILL }}, + + { &hf_llc_xid_wsize, + { "Receive Window Size", "basicxid.llc.xid.wsize", FT_UINT8, BASE_DEC, + NULL, 0x0, NULL, HFILL }} + }; + static gint *ett[] = { + &ett_llc_basicxid + }; + + proto_basicxid = proto_register_protocol("Logical-Link Control Basic Format XID", "Basic Format XID", "basicxid"); + proto_register_field_array(proto_basicxid, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + register_dissector("basicxid", dissect_basicxid, proto_basicxid); +} + +static void +register_hf(gpointer key _U_, gpointer value, gpointer user_data _U_) +{ + oui_info_t *info = (oui_info_t *)value; + + proto_register_field_array(proto_llc, info->field_info, 1); +} + +void +proto_reg_handoff_llc(void) +{ + capture_dissector_handle_t llc_cap_handle; + capture_dissector_handle_t llc_snap_handle; + + /* + * Get handles for the BPDU, Ethernet, FDDI, Token Ring and + * Turbocell dissectors. + */ + bpdu_handle = find_dissector_add_dependency("bpdu", proto_llc); + eth_withoutfcs_handle = find_dissector_add_dependency("eth_withoutfcs", proto_llc); + eth_withfcs_handle = find_dissector_add_dependency("eth_withfcs", proto_llc); + fddi_handle = find_dissector_add_dependency("fddi", proto_llc); + tr_handle = find_dissector_add_dependency("tr", proto_llc); + turbo_handle = find_dissector_add_dependency("turbocell", proto_llc); + mesh_handle = find_dissector_add_dependency("mesh", proto_llc); + + /* + * Get the Ethertype dissector table. + */ + ethertype_subdissector_table = find_dissector_table("ethertype"); + hpteam_subdissector_table = find_dissector_table("llc.hpteam_pid"); + + dissector_add_uint("wtap_encap", WTAP_ENCAP_ATM_RFC1483, llc_handle); + dissector_add_uint("sll.ltype", LINUX_SLL_P_802_2, llc_handle); + /* RFC 2043 */ + dissector_add_uint("ppp.protocol", PPP_LLC, llc_handle); + /* RFC 2353 */ + dissector_add_uint_range_with_preference("udp.port", UDP_PORT_LLC_RANGE, llc_handle); + /* IP-over-FC when we have the full FC frame */ + dissector_add_uint("fc.ftype", FC_FTYPE_IP, llc_handle); + + dissector_add_uint("atm.aal5.type", TRAF_LLCMX, llc_handle); + + /* + * BACNET-over-ARCNET is really BACNET-over-802.2 LLC-over-ARCNET, + * apparently. + */ + dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_BACNET, llc_handle); + dissector_add_uint("ethertype", ETHERTYPE_JUMBO_LLC, llc_handle); + + dissector_add_uint("juniper.proto", JUNIPER_PROTO_LLC, llc_handle); + dissector_add_uint("juniper.proto", JUNIPER_PROTO_LLC_SNAP, llc_handle); + + llc_cap_handle = find_capture_dissector("llc"); + capture_dissector_add_uint("ethertype", ETHERTYPE_JUMBO_LLC, llc_cap_handle); + capture_dissector_add_uint("atm.aal5.type", TRAF_LLCMX, llc_cap_handle); + capture_dissector_add_uint("sll.ltype", LINUX_SLL_P_802_2, llc_cap_handle); + + llc_snap_handle = register_capture_dissector("llc_snap", capture_snap, proto_llc); + capture_dissector_add_uint("fr.nlpid", NLPID_SNAP, llc_snap_handle); + + + /* + * Register all the fields for PIDs for various OUIs. + */ + if (oui_info_table != NULL) + wmem_map_foreach(oui_info_table, register_hf, NULL); +} + +/* + * Editor modelines - https://www.wireshark.org/tools/modelines.html + * + * Local variables: + * c-basic-offset: 8 + * tab-width: 8 + * indent-tabs-mode: t + * End: + * + * vi: set shiftwidth=8 tabstop=8 noexpandtab: + * :indentSize=8:tabSize=8:noTabs=false: + */ |