packet-sll.c

   1 /* packet-sll.c
   2  * Routines for disassembly of packets from Linux "cooked mode" captures
   3  *
   4  * $Id: packet-sll.c,v 1.1 2000/12/23 08:06:14 guy Exp $
   5  *
   6  * Ethereal - Network traffic analyzer
   7  * By Gerald Combs <gerald@zing.org>
   8  * Copyright 1998 Gerald Combs
   9  *
  10  *
  11  * This program is free software; you can redistribute it and/or
  12  * modify it under the terms of the GNU General Public License
  13  * as published by the Free Software Foundation; either version 2
  14  * of the License, or (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program; if not, write to the Free Software
  23  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  24  */
  25
  26 #ifdef HAVE_CONFIG_H
  27 # include "config.h"
  28 #endif
  29
  30 #ifdef HAVE_SYS_TYPES_H
  31 # include <sys/types.h>
  32 #endif
  33
  34 #include <stdio.h>
  35 #include <string.h>
  36 #include <glib.h>
  37 #include "packet.h"
  38 #include "packet-ipx.h"
  39 #include "packet-llc.h"
  40 #include "resolv.h"
  41
  42 static int proto_sll = -1;
  43 static int hf_sll_pkttype = -1;
  44 static int hf_sll_hatype = -1;
  45 static int hf_sll_halen = -1;
  46 static int hf_sll_src_eth = -1;
  47 static int hf_sll_src_other = -1;
  48 static int hf_sll_ltype = -1;
  49 static int hf_sll_etype = -1;
  50 static int hf_sll_trailer = -1;
  51
  52 static gint ett_sll = -1;
  53
  54 /*
  55  * A DLT_LINUX_SLL fake link-layer header.
  56  */
  57 #define SLL_HEADER_SIZE 16              /* total header length */
  58 #define SLL_ADDRLEN     8               /* length of address field */
  59
  60 /*
  61  * The LINUX_SLL_ values for "sll_pkttype".
  62  */
  63 #define LINUX_SLL_HOST          0
  64 #define LINUX_SLL_BROADCAST     1
  65 #define LINUX_SLL_MULTICAST     2
  66 #define LINUX_SLL_OTHERHOST     3
  67 #define LINUX_SLL_OUTGOING      4
  68
  69 static const value_string packet_type_vals[] = {
  70         { LINUX_SLL_HOST,       "Unicast to us" },
  71         { LINUX_SLL_BROADCAST,  "Broadcast" },
  72         { LINUX_SLL_MULTICAST,  "Multicast" },
  73         { LINUX_SLL_OTHERHOST,  "Unicast to another host" },
  74         { LINUX_SLL_OUTGOING,   "Sent by us" },
  75         { 0,                    NULL }
  76 };
  77
  78 /*
  79  * The LINUX_SLL_ values for "sll_protocol".
  80  */
  81 #define LINUX_SLL_P_802_3       0x0001  /* Novell 802.3 frames without 802.2 LLC header */
  82 #define LINUX_SLL_P_802_2       0x0004  /* 802.2 frames (not D/I/X Ethernet) */
  83
  84 static const value_string ltype_vals[] = {
  85         { LINUX_SLL_P_802_3,    "Raw 802.3" },
  86         { LINUX_SLL_P_802_2,    "802.2 LLC" },
  87         { 0,                    NULL }
  88 };
  89
  90 void
  91 capture_sll(const u_char *pd, packet_counts *ld)
  92 {
  93         guint16 protocol;
  94
  95         if (!BYTES_ARE_IN_FRAME(0, SLL_HEADER_SIZE)) {
  96                 ld->other++;
  97                 return;
  98         }
  99         protocol = pntohs(&pd[14]);
 100         if (protocol <= 1536) { /* yes, 1536 - that's how Linux does it */
 101                 /*
 102                  * "proto" is *not* a length field, it's a Linux internal
 103                  * protocol type.
 104                  */
 105                 switch (protocol) {
 106
 107                 case LINUX_SLL_P_802_2:
 108                         /*
 109                          * 802.2 LLC.
 110                          */
 111                         capture_llc(pd, SLL_HEADER_SIZE, ld);
 112                         break;
 113
 114                 case LINUX_SLL_P_802_3:
 115                         /*
 116                          * Novell IPX inside 802.3 with no 802.2 LLC
 117                          * header.
 118                          */
 119                         capture_ipx(pd, SLL_HEADER_SIZE, ld);
 120                         break;
 121
 122                 default:
 123                         ld->other++;
 124                         break;
 125                 }
 126         } else
 127                 capture_ethertype(protocol, SLL_HEADER_SIZE, pd, ld);
 128 }
 129
 130 static void
 131 dissect_sll(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 132 {
 133         guint16 pkttype;
 134         guint16 protocol;
 135         guint16 hatype, halen;
 136         guint8 *src;
 137         proto_item *ti;
 138         volatile guint16 length;
 139         tvbuff_t *volatile next_tvb;
 140         tvbuff_t *volatile trailer_tvb;
 141         proto_tree *volatile fh_tree = NULL;
 142         guint length_before;
 143
 144         CHECK_DISPLAY_AS_DATA(proto_sll, tvb, pinfo, tree);
 145
 146         pinfo->current_proto = "SLL";
 147         if (check_col(pinfo->fd, COL_PROTOCOL))
 148                 col_set_str(pinfo->fd, COL_PROTOCOL, "SLL");
 149
 150         pkttype = tvb_get_ntohs(tvb, 0);
 151
 152         if (check_col(pinfo->fd, COL_INFO))
 153                 col_add_str(pinfo->fd, COL_INFO,
 154                     val_to_str(pkttype, packet_type_vals, "Unknown (%u)"));
 155
 156         if (tree) {
 157                 ti = proto_tree_add_protocol_format(tree, proto_sll, tvb, 0,
 158                     SLL_HEADER_SIZE, "Linux cooked capture");
 159                 fh_tree = proto_item_add_subtree(ti, ett_sll);
 160                 proto_tree_add_item(fh_tree, hf_sll_pkttype, tvb, 0, 2, FALSE);
 161         }
 162
 163         /*
 164          * XXX - check the link-layer address type value?
 165          * For now, we just assume 6 means Ethernet.
 166          */
 167         hatype = tvb_get_ntohs(tvb, 2);
 168         halen = tvb_get_ntohs(tvb, 4);
 169         if (tree) {
 170                 proto_tree_add_uint(fh_tree, hf_sll_hatype, tvb, 2, 2, hatype);
 171                 proto_tree_add_uint(fh_tree, hf_sll_halen, tvb, 4, 2, halen);
 172         }
 173         if (halen == 6) {
 174                 src = tvb_get_ptr(tvb, 6, 6);
 175                 SET_ADDRESS(&pinfo->dl_src, AT_ETHER, 6, src);
 176                 SET_ADDRESS(&pinfo->src, AT_ETHER, 6, src);
 177                 if (tree) {
 178                         proto_tree_add_ether(fh_tree, hf_sll_src_eth, tvb,
 179                             6, 6, src);
 180                 }
 181         } else {
 182                 if (tree) {
 183                         proto_tree_add_bytes(fh_tree, hf_sll_src_other, tvb,
 184                             6, halen, tvb_get_ptr(tvb, 6, halen));
 185                 }
 186         }
 187
 188         protocol = tvb_get_ntohs(tvb, 14);
 189         if (protocol <= 1536) { /* yes, 1536 - that's how Linux does it */
 190                 /*
 191                  * "proto" is *not* a length field, it's a Linux internal
 192                  * protocol type.
 193                  * We therefore cannot say how much of the packet will
 194                  * be trailer data.
 195                  * XXX - do the same thing we do for packets with Ethertypes?
 196                  */
 197                 proto_tree_add_uint(fh_tree, hf_sll_ltype, tvb, 14, 2,
 198                     protocol);
 199
 200                 next_tvb = tvb_new_subset(tvb, SLL_HEADER_SIZE, -1, -1);
 201                 trailer_tvb = NULL;
 202                 switch (protocol) {
 203
 204                 case LINUX_SLL_P_802_2:
 205                         /*
 206                          * 802.2 LLC.
 207                          */
 208                         dissect_llc(next_tvb, pinfo, tree);
 209                         break;
 210
 211                 case LINUX_SLL_P_802_3:
 212                         /*
 213                          * Novell IPX inside 802.3 with no 802.2 LLC
 214                          * header.
 215                          */
 216                         dissect_ipx(next_tvb, pinfo, tree);
 217                         break;
 218
 219                 default:
 220                         dissect_data(next_tvb, 0, pinfo, tree);
 221                         break;
 222                 }
 223         } else {
 224                 length_before = tvb_reported_length(tvb);
 225                 length = ethertype(protocol, tvb, SLL_HEADER_SIZE, pinfo, tree,
 226                     fh_tree, hf_sll_etype) + SLL_HEADER_SIZE;
 227                 if (length < length_before) {
 228                         /*
 229                          * Create a tvbuff for the padding.
 230                          */
 231                         TRY {
 232                                 trailer_tvb = tvb_new_subset(tvb, length, -1,
 233                                     -1);
 234                         }
 235                         CATCH2(BoundsError, ReportedBoundsError) {
 236                                 /* The packet doesn't have "length" bytes
 237                                    worth of captured data left in it.  No
 238                                    trailer to display. */
 239                                 trailer_tvb = NULL;
 240                         }
 241                         ENDTRY;
 242                 } else {
 243                         /*
 244                          * There is no padding.
 245                          */
 246                         trailer_tvb = NULL;
 247                 }
 248         }
 249
 250         /* If there's some bytes left over, mark them. */
 251         if (trailer_tvb && tree) {
 252                 guint trailer_length;
 253
 254                 trailer_length = tvb_length(trailer_tvb);
 255                 if (trailer_length != 0) {
 256                         proto_tree_add_item(fh_tree, hf_sll_trailer,
 257                             trailer_tvb, 0, trailer_length, FALSE);
 258                 }
 259         }
 260 }
 261
 262 void
 263 proto_register_sll(void)
 264 {
 265         static hf_register_info hf[] = {
 266                 { &hf_sll_pkttype,
 267                 { "Packet type",        "sll.pkttype", FT_UINT16, BASE_DEC,
 268                   VALS(packet_type_vals), 0x0, "Packet type" }},
 269
 270                 /* ARP hardware type?  With Linux extensions? */
 271                 { &hf_sll_hatype,
 272                 { "Link-layer address type",    "sll.hatype", FT_UINT16, BASE_DEC,
 273                   NULL, 0x0, "Link-layer address type" }},
 274
 275                 { &hf_sll_halen,
 276                 { "Link-layer address length",  "sll.halen", FT_UINT16, BASE_DEC,
 277                   NULL, 0x0, "Link-layer address length" }},
 278
 279                 /* Source address if it's an Ethernet-type address */
 280                 { &hf_sll_src_eth,
 281                 { "Source",     "sll.src.eth", FT_ETHER, BASE_NONE, NULL, 0x0,
 282                         "Source link-layer address" }},
 283
 284                 /* Source address if it's not an Ethernet-type address */
 285                 { &hf_sll_src_other,
 286                 { "Source",     "sll.src.other", FT_BYTES, BASE_HEX, NULL, 0x0,
 287                         "Source link-layer address" }},
 288
 289                 /* if the protocol field is an internal Linux protocol type */
 290                 { &hf_sll_ltype,
 291                 { "Protocol",   "sll.ltype", FT_UINT16, BASE_HEX,
 292                    VALS(ltype_vals), 0x0, "Linux protocol type" }},
 293
 294                 /* registered here but handled in ethertype.c */
 295                 { &hf_sll_etype,
 296                 { "Protocol",   "sll.etype", FT_UINT16, BASE_HEX,
 297                    VALS(etype_vals), 0x0, "Ethernet protocol type" }},
 298
 299                 { &hf_sll_trailer,
 300                 { "Trailer", "sll.trailer", FT_BYTES, BASE_NONE, NULL, 0x0,
 301                         "Trailer" }},
 302         };
 303         static gint *ett[] = {
 304                 &ett_sll,
 305         };
 306
 307         proto_sll = proto_register_protocol("Linux cooked-mode capture", "sll" );
 308         proto_register_field_array(proto_sll, hf, array_length(hf));
 309         proto_register_subtree_array(ett, array_length(ett));
 310 }
 311
 312 void
 313 proto_reg_handoff_sll(void)
 314 {
 315         dissector_add("wtap_encap", WTAP_ENCAP_SLL, dissect_sll);
 316 }