2 * Routines for NetWare's IPX
3 * Gilbert Ramirez <gram@verdict.uthscsa.edu>
5 * $Id: packet-ipx.c,v 1.11 1998/10/14 05:18:30 gram Exp $
7 * Ethereal - Network traffic analyzer
8 * By Gerald Combs <gerald@unicom.net>
9 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
36 #ifdef HAVE_SYS_TYPES_H
37 # include <sys/types.h>
40 #ifdef HAVE_NETINET_IN_H
41 # include <netinet/in.h>
46 #include "packet-ipx.h"
48 /* The information in this module (IPX, SPX, NCP) comes from:
49 NetWare LAN Analysis, Second Edition
50 Laura A. Chappell and Dan E. Hakes
52 Novell Press, San Jose.
55 And from the ncpfs source code by Volker Lendecke
60 dissect_spx(const u_char *pd, int offset, frame_data *fd, GtkTree *tree);
63 dissect_ipxrip(const u_char *pd, int offset, frame_data *fd, GtkTree *tree);
66 dissect_sap(const u_char *pd, int offset, frame_data *fd, GtkTree *tree);
70 void (*func) (const u_char *, int, frame_data *, GtkTree *);
84 /* ================================================================= */
86 /* ================================================================= */
87 static struct port_info ports[] = {
88 { 0x0451, dissect_ncp, "NCP" },
89 { 0x0452, dissect_sap, "SAP" },
90 { 0x0453, dissect_ipxrip, "RIP" },
91 { 0x0455, NULL, "NetBIOS" },
92 { 0x0456, NULL, "Diagnostic" },
93 { 0x0457, NULL, "Serialization" },
94 { 0x0551, NULL, "NWLink SMB Name Query" },
95 { 0x0553, dissect_nwlink_dg,"NWLink SMB Datagram" },
96 { 0x055d, NULL, "Attachmate Gateway" },
97 { 0x0000, NULL, NULL }
101 port_text(guint16 port) {
104 while (ports[i].text != NULL) {
105 if (ports[i].port == port) {
106 return ports[i].text;
114 port_func(guint16 port) {
117 while (ports[i].text != NULL) {
118 if (ports[i].port == port) {
119 return ports[i].func;
127 ipx_packet_type(u_char val)
135 else if (val == 17) {
138 else if (val == 20) {
139 return "NetBIOS Broadcast";
141 else if (val >= 16 && val <= 31) {
142 return "Experimental Protocol";
150 ipxnet_to_string(const guint8 *ad)
152 static gchar str[3][12];
155 if (cur == &str[0][0]) {
157 } else if (cur == &str[1][0]) {
163 sprintf(cur, "%02X %02X %02X %02X", ad[0], ad[1], ad[2], ad[3]);
168 dissect_ipx(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
170 GtkWidget *ipx_tree, *ti;
174 guint16 dsocket, ssocket;
175 void (*dissect) (const u_char *, int, frame_data *, GtkTree *);
177 /* Calculate here for use in win_info[] and in tree */
178 dnet = ipxnet_to_string((guint8*)&pd[offset+6]);
179 snet = ipxnet_to_string((guint8*)&pd[offset+18]);
180 dsocket = pntohs(&pd[offset+16]);
182 if (fd->win_info[COL_NUM]) {
183 strcpy(fd->win_info[COL_PROTOCOL], "IPX");
184 sprintf(fd->win_info[COL_INFO], "%s (0x%04X)", port_text(dsocket), dsocket);
187 ipx_type = pd[offset+5];
190 ti = add_item_to_tree(GTK_WIDGET(tree), offset, 30,
191 "Internetwork Packet Exchange");
192 ipx_tree = gtk_tree_new();
193 add_subtree(ti, ipx_tree, ETT_IPX);
194 add_item_to_tree(ipx_tree, offset, 2, "Checksum: 0x%04X",
195 (pd[offset] << 8) | pd[offset+1]);
196 add_item_to_tree(ipx_tree, offset+2, 2, "Length: %d bytes",
197 (pd[offset+2] << 8) | pd[offset+3]);
198 add_item_to_tree(ipx_tree, offset+4, 1, "Transport Control: %d hops",
200 add_item_to_tree(ipx_tree, offset+5, 1, "Packet Type: %s",
201 ipx_packet_type(ipx_type));
202 add_item_to_tree(ipx_tree, offset+6, 4, "Destination Network: %s",
204 add_item_to_tree(ipx_tree, offset+10, 6, "Destination Node: %s",
205 ether_to_str((guint8*)&pd[offset+10]));
206 /*dsocket = ntohs(*((guint16*)&pd[offset+16]));*/
207 add_item_to_tree(ipx_tree, offset+16, 2,
208 "Destination Socket: %s (0x%04X)", port_text(dsocket), dsocket);
209 add_item_to_tree(ipx_tree, offset+18, 4, "Source Network: %s",
211 add_item_to_tree(ipx_tree, offset+22, 6, "Source Node: %s",
212 ether_to_str((guint8*)&pd[offset+22]));
213 ssocket = pntohs(&pd[offset+28]);
214 add_item_to_tree(ipx_tree, offset+28, 2,
215 "Source Socket: %s (0x%04X)", port_text(ssocket), ssocket);
221 dissect_spx(pd, offset, fd, tree);
225 dissect_ncp(pd, offset, fd, tree);
228 case 20: /* NetBIOS */
229 if (dsocket == 0x0455) {
230 dissect_nbipx_ns(pd, offset, fd, tree);
233 /* else fall through */
235 case 0: /* IPX, fall through to default */
237 dissect = port_func(dsocket);
239 dissect(pd, offset, fd, tree);
242 dissect_data(pd, offset, fd, tree);
249 /* ================================================================= */
251 /* ================================================================= */
253 spx_conn_ctrl(u_char ctrl)
257 static struct conn_info conns[] = {
258 { 0x10, "End-of-Message" },
259 { 0x20, "Attention" },
260 { 0x40, "Acknowledgment Required"},
261 { 0x80, "System Packet"}
264 while (conns[i].text != NULL) {
265 if (conns[i].ctrl == ctrl) {
266 return conns[i].text;
274 datastream(u_char type)
278 return "End-of-Connection";
280 return "End-of-Connection Acknowledgment";
282 return "Client-Defined";
287 dissect_spx(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
289 GtkWidget *spx_tree, *ti;
291 if (fd->win_info[COL_NUM]) {
292 strcpy(fd->win_info[COL_PROTOCOL], "SPX");
293 strcpy(fd->win_info[COL_INFO], "SPX");
297 ti = add_item_to_tree(GTK_WIDGET(tree), offset, 12,
298 "Sequenced Packet Exchange");
299 spx_tree = gtk_tree_new();
300 add_subtree(ti, spx_tree, ETT_SPX);
302 add_item_to_tree(spx_tree, offset, 1,
303 "Connection Control: %s (0x%02X)",
304 spx_conn_ctrl(pd[offset]), pd[offset]);
306 add_item_to_tree(spx_tree, offset+1, 1,
307 "Datastream Type: %s (0x%02X)",
308 datastream(pd[offset+1]), pd[offset+1]);
310 add_item_to_tree(spx_tree, offset+2, 2,
311 "Source Connection ID: %d", pntohs( &pd[offset+2] ) );
313 add_item_to_tree(spx_tree, offset+4, 2,
314 "Destination Connection ID: %d", pntohs( &pd[offset+4] ) );
316 add_item_to_tree(spx_tree, offset+6, 2,
317 "Sequence Number: %d", pntohs( &pd[offset+6] ) );
319 add_item_to_tree(spx_tree, offset+8, 2,
320 "Acknowledgment Number: %d", pntohs( &pd[offset+8] ) );
322 add_item_to_tree(spx_tree, offset+10, 2,
323 "Allocation Number: %d", pntohs( &pd[offset+10] ) );
326 dissect_data(pd, offset, fd, tree);
330 /* ================================================================= */
332 /* ================================================================= */
334 dissect_ipxrip(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
336 GtkWidget *rip_tree, *ti;
338 struct ipx_rt_def route;
341 char *rip_type[2] = { "Request", "Response" };
343 operation = pntohs(&pd[offset]) - 1;
345 if (fd->win_info[COL_NUM]) {
346 strcpy(fd->win_info[COL_PROTOCOL], "IPX RIP");
348 sprintf(fd->win_info[COL_INFO], rip_type[operation]);
351 strcpy(fd->win_info[COL_INFO], "Unknown Packet Type");
356 ti = add_item_to_tree(GTK_WIDGET(tree), offset, END_OF_FRAME,
357 "IPX Routing Information Protocol");
358 rip_tree = gtk_tree_new();
359 add_subtree(ti, rip_tree, ETT_IPXRIP);
362 add_item_to_tree(rip_tree, offset, 2,
363 "RIP packet type: %s", rip_type[operation]);
366 add_item_to_tree(rip_tree, offset, 2, "Unknown RIP packet type");
369 for (cursor = offset + 2; cursor < fd->cap_len; cursor += 8) {
370 memcpy(&route.network, &pd[cursor], 4);
371 route.hops = pntohs(&pd[cursor+4]);
372 route.ticks = pntohs(&pd[cursor+6]);
374 if (operation == IPX_RIP_REQUEST - 1) {
375 add_item_to_tree(rip_tree, cursor, 8,
376 "Route Vector: %s, %d hop%s, %d tick%s",
377 ipxnet_to_string((guint8*)&route.network),
378 route.hops, route.hops == 1 ? "" : "s",
379 route.ticks, route.ticks == 1 ? "" : "s");
382 add_item_to_tree(rip_tree, cursor, 8,
383 "Route Vector: %s, %d hop%s, %d tick%s (%d ms)",
384 ipxnet_to_string((guint8*)&route.network),
385 route.hops, route.hops == 1 ? "" : "s",
386 route.ticks, route.ticks == 1 ? "" : "s",
387 route.ticks * 1000 / 18);
395 /* ================================================================= */
397 /* ================================================================= */
399 server_type(guint16 type)
403 /* some of these are from ncpfs, others are from the book */
404 static struct server_info servers[] = {
406 { 0x0002, "User Group" },
407 { 0x0003, "Print Queue" },
408 { 0x0004, "File server" },
409 { 0x0005, "Job server" },
410 { 0x0007, "Print server" },
411 { 0x0008, "Archive server" },
412 { 0x0009, "Archive server" },
413 { 0x000a, "Job queue" },
414 { 0x000b, "Administration" },
415 { 0x0021, "NAS SNA gateway" },
416 { 0x0024, "Remote bridge" },
417 { 0x0026, "Bridge server" },
418 { 0x0027, "TCP/IP gateway" },
419 { 0x002d, "Time Synchronization VAP" },
420 { 0x002e, "Archive Server Dynamic SAP" },
421 { 0x0047, "Advertising print server" },
422 { 0x004b, "Btrieve VAP 5.0" },
423 { 0x004c, "SQL VAP" },
424 { 0x0050, "Btrieve VAP" },
425 { 0x0053, "Print Queue VAP" },
426 { 0x007a, "TES NetWare for VMS" },
427 { 0x0098, "NetWare access server" },
428 { 0x009a, "Named Pipes server" },
429 { 0x009e, "Portable NetWare Unix" },
430 { 0x0107, "NetWare 386" },
431 { 0x0111, "Test server" },
432 { 0x0133, "NetWare Name Service" },
433 { 0x0166, "NetWare management" },
434 { 0x026a, "NetWare management" },
435 { 0x026b, "Time synchronization" },
436 { 0x0278, "NetWare Directory server" },
437 { 0x055d, "Attachmate SNA gateway" },
441 while (servers[i].text != NULL) {
442 if (servers[i].type == type) {
443 return servers[i].text;
451 dissect_sap(const u_char *pd, int offset, frame_data *fd, GtkTree *tree) {
453 GtkWidget *sap_tree, *s_tree, *ti;
455 struct sap_query query;
456 struct sap_server_ident server;
458 char *sap_type[4] = { "General Query", "General Response",
459 "Nearest Query", "Nearest Response" };
461 query.query_type = pntohs(&pd[offset]);
462 query.server_type = pntohs(&pd[offset+2]);
464 if (fd->win_info[COL_NUM]) {
465 strcpy(fd->win_info[COL_PROTOCOL], "SAP");
466 if (query.query_type < 4) {
467 sprintf(fd->win_info[COL_INFO], sap_type[query.query_type - 1]);
470 strcpy(fd->win_info[COL_INFO], "Unknown Packet Type");
475 ti = add_item_to_tree(GTK_WIDGET(tree), offset, END_OF_FRAME,
476 "Service Advertising Protocol");
477 sap_tree = gtk_tree_new();
478 add_subtree(ti, sap_tree, ETT_IPXSAP);
480 if (query.query_type < 4) {
481 add_item_to_tree(sap_tree, offset, 2, sap_type[query.query_type - 1]);
484 add_item_to_tree(sap_tree, offset, 2,
485 "Unknown SAP Packet Type %d", query.query_type);
488 if (query.query_type == IPX_SAP_GENERAL_RESPONSE ||
489 query.query_type == IPX_SAP_NEAREST_RESPONSE) { /* responses */
491 for (cursor = offset + 2; cursor < fd->cap_len; cursor += 64) {
492 server.server_type = pntohs(&pd[cursor]);
493 memcpy(server.server_name, &pd[cursor+2], 48);
494 memcpy(&server.server_network, &pd[cursor+50], 4);
495 memcpy(&server.server_node, &pd[cursor+54], 6);
496 server.server_port = pntohs(&pd[cursor+60]);
497 server.intermediate_network = pntohs(&pd[cursor+62]);
499 ti = add_item_to_tree(GTK_WIDGET(sap_tree), cursor+2, 48,
500 "Server Name: %s", server.server_name);
501 s_tree = gtk_tree_new();
502 add_subtree(ti, s_tree, ETT_IPXSAP_SERVER);
504 add_item_to_tree(s_tree, cursor, 2, "Server Type: %s (0x%04X)",
505 server_type(server.server_type), server.server_type);
506 add_item_to_tree(s_tree, cursor+50, 4, "Network: %s",
507 ipxnet_to_string((guint8*)&pd[cursor+50]));
508 add_item_to_tree(s_tree, cursor+54, 6, "Node: %s",
509 ether_to_str((guint8*)&pd[cursor+54]));
510 add_item_to_tree(s_tree, cursor+60, 2, "Socket: %s (0x%04X)",
511 port_text(server.server_port), server.server_port);
512 add_item_to_tree(s_tree, cursor+62, 2,
513 "Intermediate Networks: %d",
514 server.intermediate_network);
518 add_item_to_tree(sap_tree, offset+2, 2, "Server Type: %s (0x%04X)",
519 server_type(query.server_type), query.server_type);