2 * Routines for BPDU (Spanning Tree Protocol) disassembly
4 * $Id: packet-bpdu.c,v 1.35 2002/03/31 21:33:51 guy Exp $
6 * Copyright 1999 Christophe Tronche <ch.tronche@computer.org>
8 * Ethereal - Network traffic analyzer
9 * By Gerald Combs <gerald@ethereal.com>
10 * Copyright 1998 Gerald Combs
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version 2
15 * of the License, or (at your option) any later version.
17 * This program is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #ifdef HAVE_SYS_TYPES_H
32 # include <sys/types.h>
35 #ifdef HAVE_NETINET_IN_H
36 # include <netinet/in.h>
42 #include <epan/packet.h>
45 #include <epan/resolv.h>
47 /* Offsets of fields within a BPDU */
49 #define BPDU_IDENTIFIER 0
50 #define BPDU_VERSION_IDENTIFIER 2
53 #define BPDU_ROOT_IDENTIFIER 5
54 #define BPDU_ROOT_PATH_COST 13
55 #define BPDU_BRIDGE_IDENTIFIER 17
56 #define BPDU_PORT_IDENTIFIER 25
57 #define BPDU_MESSAGE_AGE 27
58 #define BPDU_MAX_AGE 29
59 #define BPDU_HELLO_TIME 31
60 #define BPDU_FORWARD_DELAY 33
61 #define BPDU_VERSION_1_LENGTH 35
63 #define CONF_BPDU_SIZE 35
64 #define TC_BPDU_SIZE 4
65 #define RST_BPDU_SIZE 36
69 #define BPDU_FLAGS_TCACK 0x80
70 #define BPDU_FLAGS_AGREEMENT 0x40
71 #define BPDU_FLAGS_FORWARDING 0x20
72 #define BPDU_FLAGS_LEARNING 0x10
73 #define BPDU_FLAGS_PORT_ROLE_MASK 0x0C
74 #define BPDU_FLAGS_PORT_ROLE_SHIFT 2
75 #define BPDU_FLAGS_PROPOSAL 0x02
76 #define BPDU_FLAGS_TC 0x01
78 static int proto_bpdu = -1;
79 static int hf_bpdu_proto_id = -1;
80 static int hf_bpdu_version_id = -1;
81 static int hf_bpdu_type = -1;
82 static int hf_bpdu_flags = -1;
83 static int hf_bpdu_flags_tcack = -1;
84 static int hf_bpdu_flags_agreement = -1;
85 static int hf_bpdu_flags_forwarding = -1;
86 static int hf_bpdu_flags_learning = -1;
87 static int hf_bpdu_flags_port_role = -1;
88 static int hf_bpdu_flags_proposal = -1;
89 static int hf_bpdu_flags_tc = -1;
90 static int hf_bpdu_root_mac = -1;
91 static int hf_bpdu_root_cost = -1;
92 static int hf_bpdu_bridge_mac = -1;
93 static int hf_bpdu_port_id = -1;
94 static int hf_bpdu_msg_age = -1;
95 static int hf_bpdu_max_age = -1;
96 static int hf_bpdu_hello_time = -1;
97 static int hf_bpdu_forward_delay = -1;
98 static int hf_bpdu_version_1_length = -1;
100 static gint ett_bpdu = -1;
101 static gint ett_bpdu_flags = -1;
103 static dissector_handle_t gvrp_handle;
104 static dissector_handle_t gmrp_handle;
105 static dissector_handle_t data_handle;
107 static const value_string protocol_id_vals[] = {
108 { 0, "Spanning Tree Protocol" },
112 #define BPDU_TYPE_CONF 0x00
113 #define BPDU_TYPE_RST 0x02
114 #define BPDU_TYPE_TOPOLOGY_CHANGE 0x80
116 static const value_string bpdu_type_vals[] = {
117 { BPDU_TYPE_CONF, "Configuration" },
118 { BPDU_TYPE_RST, "Rapid Spanning Tree" },
119 { BPDU_TYPE_TOPOLOGY_CHANGE, "Topology Change Notification" },
123 static const value_string role_vals[] = {
124 { 1, "Alternate or Backup" },
130 static const char initial_sep[] = " (";
131 static const char cont_sep[] = ", ";
133 #define APPEND_BOOLEAN_FLAG(flag, item, string) \
136 proto_item_append_text(item, string, sep); \
141 dissect_bpdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
143 guint16 protocol_identifier;
144 guint8 protocol_version_identifier;
147 guint16 root_identifier_bridge_priority;
148 const guint8 *root_identifier_mac;
149 gchar *root_identifier_mac_str;
150 guint32 root_path_cost;
151 guint16 bridge_identifier_bridge_priority;
152 const guint8 *bridge_identifier_mac;
153 gchar *bridge_identifier_mac_str;
154 guint16 port_identifier;
158 double forward_delay;
160 proto_tree *bpdu_tree;
161 proto_item *bpdu_item;
162 proto_tree *flags_tree;
163 proto_item *flags_item;
167 /* GARP application frames require special interpretation of the
168 destination address field; otherwise, they will be mistaken as
170 Fortunately, they can be recognized by checking the first 6 octets
171 of the destination address, which are in the range from
172 01-80-C2-00-00-20 to 01-80-C2-00-00-2F.
174 Yes - we *do* need to check the destination address type;
175 on Linux cooked captures, there *is* no destination address,
177 if (pinfo->dl_dst.type == AT_ETHER &&
178 pinfo->dl_dst.data[0] == 0x01 && pinfo->dl_dst.data[1] == 0x80 &&
179 pinfo->dl_dst.data[2] == 0xC2 && pinfo->dl_dst.data[3] == 0x00 &&
180 pinfo->dl_dst.data[4] == 0x00 && ((pinfo->dl_dst.data[5] & 0x20) == 0x20)) {
182 protocol_identifier = tvb_get_ntohs(tvb, BPDU_IDENTIFIER);
184 switch (pinfo->dl_dst.data[5]) {
188 call_dissector(gmrp_handle, tvb, pinfo, tree);
193 call_dissector(gvrp_handle, tvb, pinfo, tree);
197 pinfo->current_proto = "GARP";
199 if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
200 col_set_str(pinfo->cinfo, COL_PROTOCOL, "GARP");
201 /* Generic Attribute Registration Protocol */
204 if (check_col(pinfo->cinfo, COL_INFO)) {
205 col_add_fstr(pinfo->cinfo, COL_INFO,
206 "Unknown GARP application (0x%02X)",
207 pinfo->dl_dst.data[5]);
213 if (check_col(pinfo->cinfo, COL_PROTOCOL)) {
214 col_set_str(pinfo->cinfo, COL_PROTOCOL, "STP"); /* Spanning Tree Protocol */
216 if (check_col(pinfo->cinfo, COL_INFO)) {
217 col_clear(pinfo->cinfo, COL_INFO);
220 bpdu_type = tvb_get_guint8(tvb, BPDU_TYPE);
225 flags = tvb_get_guint8(tvb, BPDU_FLAGS);
226 root_identifier_bridge_priority = tvb_get_ntohs(tvb,
227 BPDU_ROOT_IDENTIFIER);
228 root_identifier_mac = tvb_get_ptr(tvb, BPDU_ROOT_IDENTIFIER + 2, 6);
229 root_identifier_mac_str = ether_to_str(root_identifier_mac);
230 root_path_cost = tvb_get_ntohl(tvb, BPDU_ROOT_PATH_COST);
231 port_identifier = tvb_get_ntohs(tvb, BPDU_PORT_IDENTIFIER);
235 /* Squelch GCC complaints. */
237 root_identifier_bridge_priority = 0;
238 root_identifier_mac = NULL;
239 root_identifier_mac_str = NULL;
245 if (check_col(pinfo->cinfo, COL_INFO)) {
249 col_add_fstr(pinfo->cinfo, COL_INFO, "Conf. %sRoot = %d/%s Cost = %d Port = 0x%04x",
250 flags & 0x1 ? "TC + " : "",
251 root_identifier_bridge_priority, root_identifier_mac_str, root_path_cost,
255 case BPDU_TYPE_TOPOLOGY_CHANGE:
256 col_add_fstr(pinfo->cinfo, COL_INFO, "Topology Change Notification");
260 col_add_fstr(pinfo->cinfo, COL_INFO, "RST. %sRoot = %d/%s Cost = %d Port = 0x%04x",
261 flags & 0x1 ? "TC + " : "",
262 root_identifier_bridge_priority, root_identifier_mac_str, root_path_cost,
267 col_add_fstr(pinfo->cinfo, COL_INFO, "Unknown BPDU type (%u)",
276 set_actual_length(tvb, CONF_BPDU_SIZE);
279 case BPDU_TYPE_TOPOLOGY_CHANGE:
280 set_actual_length(tvb, TC_BPDU_SIZE);
284 set_actual_length(tvb, RST_BPDU_SIZE);
289 bpdu_item = proto_tree_add_protocol_format(tree, proto_bpdu, tvb,
290 0, -1, "Spanning Tree Protocol");
291 bpdu_tree = proto_item_add_subtree(bpdu_item, ett_bpdu);
293 protocol_identifier = tvb_get_ntohs(tvb, BPDU_IDENTIFIER);
294 proto_tree_add_uint(bpdu_tree, hf_bpdu_proto_id, tvb,
295 BPDU_IDENTIFIER, 2, protocol_identifier);
297 protocol_version_identifier = tvb_get_guint8(tvb, BPDU_VERSION_IDENTIFIER);
298 proto_tree_add_uint(bpdu_tree, hf_bpdu_version_id, tvb,
299 BPDU_VERSION_IDENTIFIER, 1,
300 protocol_version_identifier);
301 switch (protocol_version_identifier) {
307 proto_tree_add_text(bpdu_tree, tvb, BPDU_VERSION_IDENTIFIER, 1,
308 " (Warning: this version of Ethereal only knows about versions 0 & 2)");
311 proto_tree_add_uint(bpdu_tree, hf_bpdu_type, tvb,
315 if (bpdu_type != BPDU_TYPE_CONF && bpdu_type != BPDU_TYPE_RST) {
316 call_dissector(data_handle,tvb_new_subset(tvb, BPDU_TYPE + 1,-1,tvb_reported_length_remaining(tvb,BPDU_TYPE + 1)), pinfo, tree);
320 rstp_bpdu = (bpdu_type == BPDU_TYPE_RST);
321 bridge_identifier_bridge_priority = tvb_get_ntohs(tvb, BPDU_BRIDGE_IDENTIFIER);
322 bridge_identifier_mac = tvb_get_ptr(tvb, BPDU_BRIDGE_IDENTIFIER + 2, 6);
323 bridge_identifier_mac_str = ether_to_str(bridge_identifier_mac);
325 flags_item = proto_tree_add_uint(bpdu_tree, hf_bpdu_flags, tvb,
326 BPDU_FLAGS, 1, flags);
327 flags_tree = proto_item_add_subtree(flags_item, ett_bpdu_flags);
329 APPEND_BOOLEAN_FLAG(flags & BPDU_FLAGS_TCACK, flags_item,
330 "%sTopology Change Acknowledgment");
331 proto_tree_add_boolean(flags_tree, hf_bpdu_flags_tcack, tvb,
332 BPDU_FLAGS, 1, flags);
334 APPEND_BOOLEAN_FLAG(flags & BPDU_FLAGS_AGREEMENT, flags_item,
336 proto_tree_add_boolean(flags_tree, hf_bpdu_flags_agreement, tvb,
337 BPDU_FLAGS, 1, flags);
338 APPEND_BOOLEAN_FLAG(flags & BPDU_FLAGS_FORWARDING, flags_item,
340 proto_tree_add_boolean(flags_tree, hf_bpdu_flags_forwarding, tvb,
341 BPDU_FLAGS, 1, flags);
342 APPEND_BOOLEAN_FLAG(flags & BPDU_FLAGS_LEARNING, flags_item,
344 proto_tree_add_boolean(flags_tree, hf_bpdu_flags_learning, tvb,
345 BPDU_FLAGS, 1, flags);
349 port_role = (flags & BPDU_FLAGS_PORT_ROLE_MASK) >> BPDU_FLAGS_PORT_ROLE_SHIFT;
350 proto_item_append_text(flags_item, "%sPort Role: %s", sep,
351 val_to_str(port_role, role_vals,
355 proto_tree_add_uint(flags_tree, hf_bpdu_flags_port_role, tvb,
356 BPDU_FLAGS, 1, flags);
357 APPEND_BOOLEAN_FLAG(flags & BPDU_FLAGS_PROPOSAL, flags_item,
359 proto_tree_add_boolean(flags_tree, hf_bpdu_flags_proposal, tvb,
360 BPDU_FLAGS, 1, flags);
362 APPEND_BOOLEAN_FLAG(flags & BPDU_FLAGS_TC, flags_item,
363 "%sTopology Change");
364 proto_tree_add_boolean(flags_tree, hf_bpdu_flags_tc, tvb,
365 BPDU_FLAGS, 1, flags);
366 if (sep != initial_sep) {
367 /* We put something in; put in the terminating ")" */
368 proto_item_append_text(flags_item, ")");
371 proto_tree_add_ether_hidden(bpdu_tree, hf_bpdu_root_mac, tvb,
372 BPDU_ROOT_IDENTIFIER + 2, 6,
373 root_identifier_mac);
374 proto_tree_add_text(bpdu_tree, tvb,
375 BPDU_ROOT_IDENTIFIER, 8,
376 "Root Identifier: %d / %s",
377 root_identifier_bridge_priority,
378 root_identifier_mac_str);
379 proto_tree_add_uint(bpdu_tree, hf_bpdu_root_cost, tvb,
380 BPDU_ROOT_PATH_COST, 4,
382 proto_tree_add_text(bpdu_tree, tvb,
383 BPDU_BRIDGE_IDENTIFIER, 8,
384 "Bridge Identifier: %d / %s",
385 bridge_identifier_bridge_priority,
386 bridge_identifier_mac_str);
387 proto_tree_add_ether_hidden(bpdu_tree, hf_bpdu_bridge_mac, tvb,
388 BPDU_BRIDGE_IDENTIFIER + 2, 6,
389 bridge_identifier_mac);
390 proto_tree_add_uint(bpdu_tree, hf_bpdu_port_id, tvb,
391 BPDU_PORT_IDENTIFIER, 2,
393 message_age = tvb_get_ntohs(tvb, BPDU_MESSAGE_AGE) / 256.0;
394 proto_tree_add_double(bpdu_tree, hf_bpdu_msg_age, tvb,
397 max_age = tvb_get_ntohs(tvb, BPDU_MAX_AGE) / 256.0;
398 proto_tree_add_double(bpdu_tree, hf_bpdu_max_age, tvb,
401 hello_time = tvb_get_ntohs(tvb, BPDU_HELLO_TIME) / 256.0;
402 proto_tree_add_double(bpdu_tree, hf_bpdu_hello_time, tvb,
405 forward_delay = tvb_get_ntohs(tvb, BPDU_FORWARD_DELAY) / 256.0;
406 proto_tree_add_double(bpdu_tree, hf_bpdu_forward_delay, tvb,
407 BPDU_FORWARD_DELAY, 2,
410 proto_tree_add_item(bpdu_tree, hf_bpdu_version_1_length, tvb,
411 BPDU_VERSION_1_LENGTH, 1, FALSE);
416 static const true_false_string yesno = {
422 proto_register_bpdu(void)
425 static hf_register_info hf[] = {
427 { "Protocol Identifier", "stp.protocol",
428 FT_UINT16, BASE_HEX, VALS(&protocol_id_vals), 0x0,
430 { &hf_bpdu_version_id,
431 { "Protocol Version Identifier", "stp.version",
432 FT_UINT8, BASE_DEC, NULL, 0x0,
435 { "BPDU Type", "stp.type",
436 FT_UINT8, BASE_HEX, VALS(&bpdu_type_vals), 0x0,
439 { "BPDU flags", "stp.flags",
440 FT_UINT8, BASE_HEX, NULL, 0x0,
442 { &hf_bpdu_flags_tcack,
443 { "Topology Change Acknowledgment", "stp.flags.tcack",
444 FT_BOOLEAN, 8, TFS(&yesno), BPDU_FLAGS_TCACK,
446 { &hf_bpdu_flags_agreement,
447 { "Agreement", "stp.flags.agreement",
448 FT_BOOLEAN, 8, TFS(&yesno), BPDU_FLAGS_AGREEMENT,
450 { &hf_bpdu_flags_forwarding,
451 { "Forwarding", "stp.flags.forwarding",
452 FT_BOOLEAN, 8, TFS(&yesno), BPDU_FLAGS_FORWARDING,
454 { &hf_bpdu_flags_learning,
455 { "Learning", "stp.flags.learning",
456 FT_BOOLEAN, 8, TFS(&yesno), BPDU_FLAGS_LEARNING,
458 { &hf_bpdu_flags_port_role,
459 { "Port Role", "stp.flags.port_role",
460 FT_UINT8, BASE_DEC, VALS(role_vals), BPDU_FLAGS_PORT_ROLE_MASK,
462 { &hf_bpdu_flags_proposal,
463 { "Proposal", "stp.flags.proposal",
464 FT_BOOLEAN, 8, TFS(&yesno), BPDU_FLAGS_PROPOSAL,
467 { "Topology Change", "stp.flags.tc",
468 FT_BOOLEAN, 8, TFS(&yesno), BPDU_FLAGS_TC,
471 { "Root Identifier", "stp.root.hw",
472 FT_ETHER, BASE_NONE, NULL, 0x0,
474 { &hf_bpdu_root_cost,
475 { "Root Path Cost", "stp.root.cost",
476 FT_UINT32, BASE_DEC, NULL, 0x0,
478 { &hf_bpdu_bridge_mac,
479 { "Bridge Identifier", "stp.bridge.hw",
480 FT_ETHER, BASE_NONE, NULL, 0x0,
483 { "Port identifier", "stp.port",
484 FT_UINT16, BASE_HEX, NULL, 0x0,
487 { "Message Age", "stp.msg_age",
488 FT_DOUBLE, BASE_NONE, NULL, 0x0,
491 { "Max Age", "stp.max_age",
492 FT_DOUBLE, BASE_NONE, NULL, 0x0,
494 { &hf_bpdu_hello_time,
495 { "Hello Time", "stp.hello",
496 FT_DOUBLE, BASE_NONE, NULL, 0x0,
498 { &hf_bpdu_forward_delay,
499 { "Forward Delay", "stp.forward",
500 FT_DOUBLE, BASE_NONE, NULL, 0x0,
502 { &hf_bpdu_version_1_length,
503 { "Version 1 Length", "stp.version_1_length",
504 FT_UINT8, BASE_DEC, NULL, 0x0,
507 static gint *ett[] = {
512 proto_bpdu = proto_register_protocol("Spanning Tree Protocol", "STP", "stp");
513 proto_register_field_array(proto_bpdu, hf, array_length(hf));
514 proto_register_subtree_array(ett, array_length(ett));
516 register_dissector("bpdu", dissect_bpdu, proto_bpdu);
520 proto_reg_handoff_bpdu(void)
522 dissector_handle_t bpdu_handle;
525 * Get handle for the GVRP dissector.
527 gvrp_handle = find_dissector("gvrp");
530 * Get handle for the GMRP dissector.
532 gmrp_handle = find_dissector("gmrp");
533 data_handle = find_dissector("data");
535 bpdu_handle = find_dissector("bpdu");
536 dissector_add("llc.dsap", SAP_BPDU, bpdu_handle);
537 dissector_add("ppp.protocol", PPP_BPDU, bpdu_handle);