packet-bpdu.c

   1 /* packet-bpdu.c
   2  * Routines for BPDU (Spanning Tree Protocol) disassembly
   3  *
   4  * $Id: packet-bpdu.c,v 1.27 2001/07/23 18:21:30 guy Exp $
   5  *
   6  * Copyright 1999 Christophe Tronche <ch.tronche@computer.org>
   7  *
   8  * Ethereal - Network traffic analyzer
   9  * By Gerald Combs <gerald@ethereal.com>
  10  * Copyright 1998 Gerald Combs
  11  *
  12  *
  13  * This program is free software; you can redistribute it and/or
  14  * modify it under the terms of the GNU General Public License
  15  * as published by the Free Software Foundation; either version 2
  16  * of the License, or (at your option) any later version.
  17  *
  18  * This program is distributed in the hope that it will be useful,
  19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  21  * GNU General Public License for more details.
  22  *
  23  * You should have received a copy of the GNU General Public License
  24  * along with this program; if not, write to the Free Software
  25  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  26  */
  27
  28 #ifdef HAVE_CONFIG_H
  29 # include "config.h"
  30 #endif
  31
  32 #ifdef HAVE_SYS_TYPES_H
  33 # include <sys/types.h>
  34 #endif
  35
  36 #ifdef HAVE_NETINET_IN_H
  37 # include <netinet/in.h>
  38 #endif
  39
  40 #include <stdio.h>
  41 #include <string.h>
  42 #include <glib.h>
  43 #include "packet.h"
  44 #include "llcsaps.h"
  45 #include "ppptypes.h"
  46 #include "resolv.h"
  47
  48 /* Offsets of fields within a BPDU */
  49
  50 #define BPDU_IDENTIFIER          0
  51 #define BPDU_VERSION_IDENTIFIER  2
  52 #define BPDU_TYPE                3
  53 #define BPDU_FLAGS               4
  54 #define BPDU_ROOT_IDENTIFIER     5
  55 #define BPDU_ROOT_PATH_COST     13
  56 #define BPDU_BRIDGE_IDENTIFIER  17
  57 #define BPDU_PORT_IDENTIFIER    25
  58 #define BPDU_MESSAGE_AGE        27
  59 #define BPDU_MAX_AGE            29
  60 #define BPDU_HELLO_TIME         31
  61 #define BPDU_FORWARD_DELAY      33
  62
  63 static int proto_bpdu = -1;
  64 static int hf_bpdu_proto_id = -1;
  65 static int hf_bpdu_version_id = -1;
  66 static int hf_bpdu_type = -1;
  67 static int hf_bpdu_flags = -1;
  68 static int hf_bpdu_root_mac = -1;
  69 static int hf_bpdu_root_cost = -1;
  70 static int hf_bpdu_bridge_mac = -1;
  71 static int hf_bpdu_port_id = -1;
  72 static int hf_bpdu_msg_age = -1;
  73 static int hf_bpdu_max_age = -1;
  74 static int hf_bpdu_hello_time = -1;
  75 static int hf_bpdu_forward_delay = -1;
  76
  77 static gint ett_bpdu = -1;
  78
  79 static dissector_handle_t gvrp_handle;
  80 static dissector_handle_t gmrp_handle;
  81
  82 static void
  83 dissect_bpdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) {
  84       guint16 protocol_identifier;
  85       guint8  protocol_version_identifier;
  86       guint8  bpdu_type;
  87       guint8  flags;
  88       guint16 root_identifier_bridge_priority;
  89       const guint8  *root_identifier_mac;
  90       gchar   *root_identifier_mac_str;
  91       guint32 root_path_cost;
  92       guint16 bridge_identifier_bridge_priority;
  93       const guint8  *bridge_identifier_mac;
  94       gchar   *bridge_identifier_mac_str;
  95       guint16 port_identifier;
  96       double message_age;
  97       double max_age;
  98       double hello_time;
  99       double forward_delay;
 100
 101       proto_tree *bpdu_tree;
 102       proto_item *ti;
 103
 104       /* GARP application frames require special interpretation of the
 105          destination address field; otherwise, they will be mistaken as
 106          BPDU frames.
 107          Fortunately, they can be recognized by checking the first 6 octets
 108          of the destination address, which are in the range from
 109          01-80-C2-00-00-20 to 01-80-C2-00-00-2F.
 110
 111          Yes - we *do* need to check the destination address type;
 112          on Linux cooked captures, there *is* no destination address,
 113          so it's AT_NONE. */
 114       if (pinfo->dl_dst.type == AT_ETHER &&
 115           pinfo->dl_dst.data[0] == 0x01 && pinfo->dl_dst.data[1] == 0x80 &&
 116           pinfo->dl_dst.data[2] == 0xC2 && pinfo->dl_dst.data[3] == 0x00 &&
 117           pinfo->dl_dst.data[4] == 0x00 && ((pinfo->dl_dst.data[5] & 0x20) == 0x20)) {
 118
 119             protocol_identifier = tvb_get_ntohs(tvb, BPDU_IDENTIFIER);
 120
 121             switch (pinfo->dl_dst.data[5]) {
 122
 123             case 0x20:
 124                    /* for GMRP */
 125                   call_dissector(gmrp_handle, tvb, pinfo, tree);
 126                   return;
 127
 128             case 0x21:
 129                   /* for GVRP */
 130                   call_dissector(gvrp_handle, tvb, pinfo, tree);
 131                   return;
 132             }
 133
 134             pinfo->current_proto = "GARP";
 135
 136             if (check_col(pinfo->fd, COL_PROTOCOL)) {
 137                     col_set_str(pinfo->fd, COL_PROTOCOL, "GARP");
 138                     /* Generic Attribute Registration Protocol */
 139             }
 140
 141             if (check_col(pinfo->fd, COL_INFO)) {
 142                     col_add_fstr(pinfo->fd, COL_INFO,
 143                         "Unknown GARP application (0x%02X)",
 144                         pinfo->dl_dst.data[5]);
 145             }
 146
 147             return;
 148       }
 149
 150       if (check_col(pinfo->fd, COL_PROTOCOL)) {
 151             col_set_str(pinfo->fd, COL_PROTOCOL, "STP"); /* Spanning Tree Protocol */
 152       }
 153       if (check_col(pinfo->fd, COL_INFO)) {
 154             col_clear(pinfo->fd, COL_INFO);
 155       }
 156
 157       bpdu_type = tvb_get_guint8(tvb, BPDU_TYPE);
 158       if (bpdu_type == 0) {
 159             flags = tvb_get_guint8(tvb, BPDU_FLAGS);
 160             root_identifier_bridge_priority = tvb_get_ntohs(tvb,
 161                 BPDU_ROOT_IDENTIFIER);
 162             root_identifier_mac = tvb_get_ptr(tvb, BPDU_ROOT_IDENTIFIER + 2, 6);
 163             root_identifier_mac_str = ether_to_str(root_identifier_mac);
 164             root_path_cost = tvb_get_ntohl(tvb, BPDU_ROOT_PATH_COST);
 165             port_identifier = tvb_get_ntohs(tvb, BPDU_PORT_IDENTIFIER);
 166       } else {
 167             /* Squelch GCC complaints. */
 168             flags = 0;
 169             root_identifier_bridge_priority = 0;
 170             root_identifier_mac = NULL;
 171             root_identifier_mac_str = NULL;
 172             root_path_cost = 0;
 173             port_identifier = 0;
 174       }
 175
 176       if (check_col(pinfo->fd, COL_INFO)) {
 177             if (bpdu_type == 0)
 178                   col_add_fstr(pinfo->fd, COL_INFO, "Conf. %sRoot = %d/%s  Cost = %d  Port = 0x%04x",
 179                                flags & 0x1 ? "TC + " : "",
 180                                root_identifier_bridge_priority, root_identifier_mac_str, root_path_cost,
 181                                port_identifier);
 182             else if (bpdu_type == 0x80)
 183                   col_add_fstr(pinfo->fd, COL_INFO, "Topology Change Notification");
 184       }
 185
 186       if (tree) {
 187             ti = proto_tree_add_protocol_format(tree, proto_bpdu, tvb, 0, 35,
 188                                 "Spanning Tree Protocol");
 189             bpdu_tree = proto_item_add_subtree(ti, ett_bpdu);
 190
 191             protocol_identifier = tvb_get_ntohs(tvb, BPDU_IDENTIFIER);
 192             proto_tree_add_uint_format(bpdu_tree, hf_bpdu_proto_id, tvb,
 193                                        BPDU_IDENTIFIER, 2,
 194                                        protocol_identifier,
 195                                        "Protocol Identifier: 0x%04x (%s)",
 196                                        protocol_identifier,
 197                                        protocol_identifier == 0 ?
 198                                        "Spanning Tree" : "Unknown Protocol");
 199
 200             protocol_version_identifier = tvb_get_guint8(tvb, BPDU_VERSION_IDENTIFIER);
 201             proto_tree_add_uint(bpdu_tree, hf_bpdu_version_id, tvb,
 202                                 BPDU_VERSION_IDENTIFIER, 1,
 203                                 protocol_version_identifier);
 204             if (protocol_version_identifier != 0)
 205                   proto_tree_add_text(bpdu_tree, tvb, BPDU_VERSION_IDENTIFIER, 1,
 206                   "   (Warning: this version of Ethereal only knows about version = 0)");
 207             proto_tree_add_uint_format(bpdu_tree, hf_bpdu_type, tvb,
 208                                        BPDU_TYPE, 1,
 209                                        bpdu_type,
 210                                        "BPDU Type: 0x%02x (%s)",
 211                                        bpdu_type,
 212                                        bpdu_type == 0 ? "Configuration" :
 213                                        bpdu_type == 0x80 ? "Topology Change Notification" : "Unknown");
 214
 215             if (bpdu_type != 0) {
 216               dissect_data(tvb, BPDU_TYPE + 1, pinfo, tree);
 217               return;
 218             }
 219
 220             bridge_identifier_bridge_priority = tvb_get_ntohs(tvb, BPDU_BRIDGE_IDENTIFIER);
 221             bridge_identifier_mac = tvb_get_ptr(tvb, BPDU_BRIDGE_IDENTIFIER + 2, 6);
 222             bridge_identifier_mac_str = ether_to_str(bridge_identifier_mac);
 223             message_age = tvb_get_ntohs(tvb, BPDU_MESSAGE_AGE) / 256.0;
 224             max_age = tvb_get_ntohs(tvb, BPDU_MAX_AGE) / 256.0;
 225             hello_time = tvb_get_ntohs(tvb, BPDU_HELLO_TIME) / 256.0;
 226             forward_delay = tvb_get_ntohs(tvb, BPDU_FORWARD_DELAY) / 256.0;
 227
 228             proto_tree_add_uint(bpdu_tree, hf_bpdu_flags, tvb,
 229                                 BPDU_FLAGS, 1, flags);
 230             if (flags & 0x80)
 231                   proto_tree_add_text(bpdu_tree, tvb, BPDU_FLAGS, 1, "   1... ....  Topology Change Acknowledgment");
 232             if (flags & 0x01)
 233                   proto_tree_add_text(bpdu_tree, tvb, BPDU_FLAGS, 1, "   .... ...1  Topology Change");
 234
 235             proto_tree_add_ether_hidden(bpdu_tree, hf_bpdu_root_mac, tvb,
 236                                        BPDU_ROOT_IDENTIFIER + 2, 6,
 237                                        root_identifier_mac);
 238             proto_tree_add_text(bpdu_tree, tvb,
 239                                 BPDU_ROOT_IDENTIFIER, 8,
 240                                 "Root Identifier: %d / %s",
 241                                 root_identifier_bridge_priority,
 242                                 root_identifier_mac_str);
 243             proto_tree_add_uint(bpdu_tree, hf_bpdu_root_cost, tvb,
 244                                 BPDU_ROOT_PATH_COST, 4,
 245                                 root_path_cost);
 246             proto_tree_add_text(bpdu_tree, tvb,
 247                                 BPDU_BRIDGE_IDENTIFIER, 8,
 248                                 "Bridge Identifier: %d / %s",
 249                                 bridge_identifier_bridge_priority,
 250                                 bridge_identifier_mac_str);
 251             proto_tree_add_ether_hidden(bpdu_tree, hf_bpdu_bridge_mac, tvb,
 252                                        BPDU_BRIDGE_IDENTIFIER + 2, 6,
 253                                        bridge_identifier_mac);
 254             proto_tree_add_uint(bpdu_tree, hf_bpdu_port_id, tvb,
 255                                 BPDU_PORT_IDENTIFIER, 2,
 256                                 port_identifier);
 257             proto_tree_add_double(bpdu_tree, hf_bpdu_msg_age, tvb,
 258                                 BPDU_MESSAGE_AGE, 2,
 259                                 message_age);
 260             proto_tree_add_double(bpdu_tree, hf_bpdu_max_age, tvb,
 261                                 BPDU_MAX_AGE, 2,
 262                                 max_age);
 263             proto_tree_add_double(bpdu_tree, hf_bpdu_hello_time, tvb,
 264                                 BPDU_HELLO_TIME, 2,
 265                                 hello_time);
 266             proto_tree_add_double(bpdu_tree, hf_bpdu_forward_delay, tvb,
 267                                 BPDU_FORWARD_DELAY, 2,
 268                                 forward_delay);
 269       }
 270 }
 271
 272 void
 273 proto_register_bpdu(void)
 274 {
 275
 276   static hf_register_info hf[] = {
 277     { &hf_bpdu_proto_id,
 278       { "Protocol Identifier",          "stp.protocol",
 279         FT_UINT16,      BASE_HEX,       NULL,   0x0,
 280         "", HFILL }},
 281     { &hf_bpdu_version_id,
 282       { "Protocol Version Identifier",  "stp.version",
 283         FT_UINT8,       BASE_DEC,       NULL,   0x0,
 284         "", HFILL }},
 285     { &hf_bpdu_type,
 286       { "BPDU type",                    "stp.type",
 287         FT_UINT8,       BASE_HEX,       NULL,   0x0,
 288         "", HFILL }},
 289     { &hf_bpdu_flags,
 290       { "BPDU flags",                   "stp.flags",
 291         FT_UINT8,       BASE_HEX,       NULL,   0x0,
 292         "", HFILL }},
 293     { &hf_bpdu_root_mac,
 294       { "Root Identifier",              "stp.root.hw",
 295         FT_ETHER,       BASE_NONE,      NULL,   0x0,
 296         "", HFILL }},
 297     { &hf_bpdu_root_cost,
 298       { "Root Path Cost",               "stp.root.cost",
 299         FT_UINT32,      BASE_DEC,       NULL,   0x0,
 300         "", HFILL }},
 301     { &hf_bpdu_bridge_mac,
 302       { "Bridge Identifier",            "stp.bridge.hw",
 303         FT_ETHER,       BASE_NONE,      NULL,   0x0,
 304         "", HFILL }},
 305     { &hf_bpdu_port_id,
 306       { "Port identifier",              "stp.port",
 307         FT_UINT16,      BASE_HEX,       NULL,   0x0,
 308         "", HFILL }},
 309     { &hf_bpdu_msg_age,
 310       { "Message Age",                  "stp.msg_age",
 311         FT_DOUBLE,      BASE_NONE,      NULL,   0x0,
 312         "", HFILL }},
 313     { &hf_bpdu_max_age,
 314       { "Max Age",                      "stp.max_age",
 315         FT_DOUBLE,      BASE_NONE,      NULL,   0x0,
 316         "", HFILL }},
 317     { &hf_bpdu_hello_time,
 318       { "Hello Time",                   "stp.hello",
 319         FT_DOUBLE,      BASE_NONE,      NULL,   0x0,
 320         "", HFILL }},
 321     { &hf_bpdu_forward_delay,
 322       { "Forward Delay",                "stp.forward",
 323         FT_DOUBLE,      BASE_NONE,      NULL,   0x0,
 324         "", HFILL }},
 325   };
 326   static gint *ett[] = {
 327     &ett_bpdu,
 328   };
 329
 330   proto_bpdu = proto_register_protocol("Spanning Tree Protocol", "STP", "stp");
 331   proto_register_field_array(proto_bpdu, hf, array_length(hf));
 332   proto_register_subtree_array(ett, array_length(ett));
 333
 334   register_dissector("bpdu", dissect_bpdu, proto_bpdu);
 335 }
 336
 337 void
 338 proto_reg_handoff_bpdu(void)
 339 {
 340   /*
 341    * Get handle for the GVRP dissector.
 342    */
 343   gvrp_handle = find_dissector("gvrp");
 344
 345   /*
 346    * Get handle for the GMRP dissector.
 347    */
 348   gmrp_handle = find_dissector("gmrp");
 349
 350   dissector_add("llc.dsap", SAP_BPDU, dissect_bpdu, proto_bpdu);
 351   dissector_add("ppp.protocol", PPP_BPDU, dissect_bpdu, proto_bpdu);
 352 }