epan/dissectors/packet-sll.c

   1 /* packet-sll.c
   2  * Routines for disassembly of packets from Linux "cooked mode" captures
   3  *
   4  * $Id$
   5  *
   6  * Ethereal - Network traffic analyzer
   7  * By Gerald Combs <gerald@ethereal.com>
   8  * Copyright 1998 Gerald Combs
   9  *
  10  * This program is free software; you can redistribute it and/or
  11  * modify it under the terms of the GNU General Public License
  12  * as published by the Free Software Foundation; either version 2
  13  * of the License, or (at your option) any later version.
  14  *
  15  * This program is distributed in the hope that it will be useful,
  16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18  * GNU General Public License for more details.
  19  *
  20  * You should have received a copy of the GNU General Public License
  21  * along with this program; if not, write to the Free Software
  22  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  23  */
  24
  25 #ifdef HAVE_CONFIG_H
  26 # include "config.h"
  27 #endif
  28
  29 #include <stdio.h>
  30 #include <string.h>
  31 #include <glib.h>
  32 #include <epan/packet.h>
  33 #include "packet-sll.h"
  34 #include "packet-ipx.h"
  35 #include "packet-llc.h"
  36 #include <epan/resolv.h>
  37 #include "etypes.h"
  38
  39 static int proto_sll = -1;
  40 static int hf_sll_pkttype = -1;
  41 static int hf_sll_hatype = -1;
  42 static int hf_sll_halen = -1;
  43 static int hf_sll_src_eth = -1;
  44 static int hf_sll_src_other = -1;
  45 static int hf_sll_ltype = -1;
  46 static int hf_sll_etype = -1;
  47 static int hf_sll_trailer = -1;
  48
  49 static gint ett_sll = -1;
  50
  51 /*
  52  * A DLT_LINUX_SLL fake link-layer header.
  53  */
  54 #define SLL_HEADER_SIZE 16              /* total header length */
  55 #define SLL_ADDRLEN     8               /* length of address field */
  56
  57 /*
  58  * The LINUX_SLL_ values for "sll_pkttype".
  59  */
  60 #define LINUX_SLL_HOST          0
  61 #define LINUX_SLL_BROADCAST     1
  62 #define LINUX_SLL_MULTICAST     2
  63 #define LINUX_SLL_OTHERHOST     3
  64 #define LINUX_SLL_OUTGOING      4
  65
  66 static const value_string packet_type_vals[] = {
  67         { LINUX_SLL_HOST,       "Unicast to us" },
  68         { LINUX_SLL_BROADCAST,  "Broadcast" },
  69         { LINUX_SLL_MULTICAST,  "Multicast" },
  70         { LINUX_SLL_OTHERHOST,  "Unicast to another host" },
  71         { LINUX_SLL_OUTGOING,   "Sent by us" },
  72         { 0,                    NULL }
  73 };
  74
  75 /*
  76  * The LINUX_SLL_ values for "sll_protocol".
  77  */
  78 #define LINUX_SLL_P_802_3       0x0001  /* Novell 802.3 frames without 802.2 LLC header */
  79 #define LINUX_SLL_P_802_2       0x0004  /* 802.2 frames (not D/I/X Ethernet) */
  80
  81 static const value_string ltype_vals[] = {
  82         { LINUX_SLL_P_802_3,    "Raw 802.3" },
  83         { LINUX_SLL_P_802_2,    "802.2 LLC" },
  84         { 0,                    NULL }
  85 };
  86
  87 static dissector_handle_t ipx_handle;
  88 static dissector_handle_t llc_handle;
  89 static dissector_handle_t data_handle;
  90
  91 void
  92 capture_sll(const guchar *pd, int len, packet_counts *ld)
  93 {
  94         guint16 protocol;
  95
  96         if (!BYTES_ARE_IN_FRAME(0, len, SLL_HEADER_SIZE)) {
  97                 ld->other++;
  98                 return;
  99         }
 100         protocol = pntohs(&pd[14]);
 101         if (protocol <= 1536) { /* yes, 1536 - that's how Linux does it */
 102                 /*
 103                  * "proto" is *not* a length field, it's a Linux internal
 104                  * protocol type.
 105                  */
 106                 switch (protocol) {
 107
 108                 case LINUX_SLL_P_802_2:
 109                         /*
 110                          * 802.2 LLC.
 111                          */
 112                         capture_llc(pd, len, SLL_HEADER_SIZE, ld);
 113                         break;
 114
 115                 case LINUX_SLL_P_802_3:
 116                         /*
 117                          * Novell IPX inside 802.3 with no 802.2 LLC
 118                          * header.
 119                          */
 120                         capture_ipx(ld);
 121                         break;
 122
 123                 default:
 124                         ld->other++;
 125                         break;
 126                 }
 127         } else
 128                 capture_ethertype(protocol, pd, SLL_HEADER_SIZE, len, ld);
 129 }
 130
 131 static void
 132 dissect_sll(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 133 {
 134         guint16 pkttype;
 135         guint16 protocol;
 136         guint16 hatype, halen;
 137         const guint8 *src;
 138         proto_item *ti;
 139         tvbuff_t *next_tvb;
 140         proto_tree *fh_tree = NULL;
 141
 142         if (check_col(pinfo->cinfo, COL_PROTOCOL))
 143                 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SLL");
 144         if (check_col(pinfo->cinfo, COL_INFO))
 145                 col_clear(pinfo->cinfo, COL_INFO);
 146
 147         pkttype = tvb_get_ntohs(tvb, 0);
 148
 149         /*
 150          * Set "pinfo->p2p_dir" if the packet wasn't received
 151          * promiscuously.
 152          */
 153         switch (pkttype) {
 154
 155         case LINUX_SLL_HOST:
 156         case LINUX_SLL_BROADCAST:
 157         case LINUX_SLL_MULTICAST:
 158                 pinfo->p2p_dir = P2P_DIR_RECV;
 159                 break;
 160
 161         case LINUX_SLL_OUTGOING:
 162                 pinfo->p2p_dir = P2P_DIR_SENT;
 163                 break;
 164         }
 165
 166         if (check_col(pinfo->cinfo, COL_INFO))
 167                 col_add_str(pinfo->cinfo, COL_INFO,
 168                     val_to_str(pkttype, packet_type_vals, "Unknown (%u)"));
 169
 170         if (tree) {
 171                 ti = proto_tree_add_protocol_format(tree, proto_sll, tvb, 0,
 172                     SLL_HEADER_SIZE, "Linux cooked capture");
 173                 fh_tree = proto_item_add_subtree(ti, ett_sll);
 174                 proto_tree_add_item(fh_tree, hf_sll_pkttype, tvb, 0, 2, FALSE);
 175         }
 176
 177         /*
 178          * XXX - check the link-layer address type value?
 179          * For now, we just assume 6 means Ethernet.
 180          */
 181         hatype = tvb_get_ntohs(tvb, 2);
 182         halen = tvb_get_ntohs(tvb, 4);
 183         if (tree) {
 184                 proto_tree_add_uint(fh_tree, hf_sll_hatype, tvb, 2, 2, hatype);
 185                 proto_tree_add_uint(fh_tree, hf_sll_halen, tvb, 4, 2, halen);
 186         }
 187         if (halen == 6) {
 188                 src = tvb_get_ptr(tvb, 6, 6);
 189                 SET_ADDRESS(&pinfo->dl_src, AT_ETHER, 6, src);
 190                 SET_ADDRESS(&pinfo->src, AT_ETHER, 6, src);
 191                 if (tree) {
 192                         proto_tree_add_ether(fh_tree, hf_sll_src_eth, tvb,
 193                             6, 6, src);
 194                 }
 195         } else {
 196                 if (tree) {
 197                         proto_tree_add_item(fh_tree, hf_sll_src_other, tvb,
 198                             6, halen, FALSE);
 199                 }
 200         }
 201
 202         protocol = tvb_get_ntohs(tvb, 14);
 203         if (protocol <= 1536) { /* yes, 1536 - that's how Linux does it */
 204                 /*
 205                  * "proto" is *not* a length field, it's a Linux internal
 206                  * protocol type.
 207                  * We therefore cannot say how much of the packet will
 208                  * be trailer data.
 209                  * XXX - do the same thing we do for packets with Ethertypes?
 210                  */
 211                 proto_tree_add_uint(fh_tree, hf_sll_ltype, tvb, 14, 2,
 212                     protocol);
 213
 214                 next_tvb = tvb_new_subset(tvb, SLL_HEADER_SIZE, -1, -1);
 215                 switch (protocol) {
 216
 217                 case LINUX_SLL_P_802_2:
 218                         /*
 219                          * 802.2 LLC.
 220                          */
 221                         call_dissector(llc_handle, next_tvb, pinfo, tree);
 222                         break;
 223
 224                 case LINUX_SLL_P_802_3:
 225                         /*
 226                          * Novell IPX inside 802.3 with no 802.2 LLC
 227                          * header.
 228                          */
 229                         call_dissector(ipx_handle, next_tvb, pinfo, tree);
 230                         break;
 231
 232                 default:
 233                         call_dissector(data_handle,next_tvb, pinfo, tree);
 234                         break;
 235                 }
 236         } else {
 237                 ethertype(protocol, tvb, SLL_HEADER_SIZE, pinfo, tree,
 238                     fh_tree, hf_sll_etype, hf_sll_trailer, 0);
 239         }
 240 }
 241
 242 void
 243 proto_register_sll(void)
 244 {
 245         static hf_register_info hf[] = {
 246                 { &hf_sll_pkttype,
 247                 { "Packet type",        "sll.pkttype", FT_UINT16, BASE_DEC,
 248                   VALS(packet_type_vals), 0x0, "Packet type", HFILL }},
 249
 250                 /* ARP hardware type?  With Linux extensions? */
 251                 { &hf_sll_hatype,
 252                 { "Link-layer address type",    "sll.hatype", FT_UINT16, BASE_DEC,
 253                   NULL, 0x0, "Link-layer address type", HFILL }},
 254
 255                 { &hf_sll_halen,
 256                 { "Link-layer address length",  "sll.halen", FT_UINT16, BASE_DEC,
 257                   NULL, 0x0, "Link-layer address length", HFILL }},
 258
 259                 /* Source address if it's an Ethernet-type address */
 260                 { &hf_sll_src_eth,
 261                 { "Source",     "sll.src.eth", FT_ETHER, BASE_NONE, NULL, 0x0,
 262                         "Source link-layer address", HFILL }},
 263
 264                 /* Source address if it's not an Ethernet-type address */
 265                 { &hf_sll_src_other,
 266                 { "Source",     "sll.src.other", FT_BYTES, BASE_HEX, NULL, 0x0,
 267                         "Source link-layer address", HFILL }},
 268
 269                 /* if the protocol field is an internal Linux protocol type */
 270                 { &hf_sll_ltype,
 271                 { "Protocol",   "sll.ltype", FT_UINT16, BASE_HEX,
 272                    VALS(ltype_vals), 0x0, "Linux protocol type", HFILL }},
 273
 274                 /* registered here but handled in ethertype.c */
 275                 { &hf_sll_etype,
 276                 { "Protocol",   "sll.etype", FT_UINT16, BASE_HEX,
 277                    VALS(etype_vals), 0x0, "Ethernet protocol type", HFILL }},
 278
 279                 { &hf_sll_trailer,
 280                 { "Trailer", "sll.trailer", FT_BYTES, BASE_NONE, NULL, 0x0,
 281                         "Trailer", HFILL }},
 282         };
 283         static gint *ett[] = {
 284                 &ett_sll,
 285         };
 286
 287         proto_sll = proto_register_protocol("Linux cooked-mode capture",
 288             "SLL", "sll" );
 289         proto_register_field_array(proto_sll, hf, array_length(hf));
 290         proto_register_subtree_array(ett, array_length(ett));
 291 }
 292
 293 void
 294 proto_reg_handoff_sll(void)
 295 {
 296         dissector_handle_t sll_handle;
 297
 298         /*
 299          * Get handles for the IPX and LLC dissectors.
 300          */
 301         llc_handle = find_dissector("llc");
 302         ipx_handle = find_dissector("ipx");
 303         data_handle = find_dissector("data");
 304
 305         sll_handle = create_dissector_handle(dissect_sll, proto_sll);
 306         dissector_add("wtap_encap", WTAP_ENCAP_SLL, sll_handle);
 307 }