X-Git-Url: http://git.samba.org/samba.git/?p=obnox%2Fwireshark%2Fwip.git;a=blobdiff_plain;f=packet-eth.c;h=8548317bde8fce6b383ffbcb8be5ce68d042a5e2;hp=5624e8032265f5ffec5a0b42bb4ce69c4ce51a8b;hb=279d0ab898de61ea418179026341dda23a3db4a2;hpb=ee837299c55701f67b8dfbf65cb0bbb88e240c39 diff --git a/packet-eth.c b/packet-eth.c index 5624e80322..8548317bde 100644 --- a/packet-eth.c +++ b/packet-eth.c @@ -1,12 +1,11 @@ /* packet-eth.c * Routines for ethernet packet disassembly * - * $Id: packet-eth.c,v 1.45 2000/11/13 05:11:16 guy Exp $ + * $Id: packet-eth.c,v 1.76 2002/08/26 19:08:59 guy Exp $ * * Ethereal - Network traffic analyzer - * By Gerald Combs + * By Gerald Combs * Copyright 1998 Gerald Combs - * * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -27,20 +26,19 @@ # include "config.h" #endif -#ifdef HAVE_SYS_TYPES_H -# include -#endif - #include -#include "packet.h" +#include +#include "prefs.h" #include "etypes.h" -#include "resolv.h" +#include #include "packet-eth.h" +#include "packet-ieee8023.h" #include "packet-ipx.h" #include "packet-isl.h" #include "packet-llc.h" -extern const value_string etype_vals[]; +/* Interpret capture file as FW1 monitor file */ +static gboolean eth_interpret_as_fw1_monitor = FALSE; /* protocols and header fields */ static int proto_eth = -1; @@ -54,16 +52,19 @@ static int hf_eth_trailer = -1; static gint ett_ieee8023 = -1; static gint ett_ether2 = -1; +static dissector_handle_t isl_handle; +static dissector_handle_t fw1_handle; + #define ETH_HEADER_SIZE 14 /* These are the Netware-ish names for the different Ethernet frame types. EthernetII: The ethernet with a Type field instead of a length field Ethernet802.2: An 802.3 header followed by an 802.2 header Ethernet802.3: A raw 802.3 packet. IPX/SPX can be the only payload. - There's not 802.2 hdr in this. + There's no 802.2 hdr in this. EthernetSNAP: Basically 802.2, just with 802.2SNAP. For our purposes, there's no difference between 802.2 and 802.2SNAP, since we just - pass it down to dissect_llc(). -- Gilbert + pass it down to the LLC dissector. -- Gilbert */ #define ETHERNET_II 0 #define ETHERNET_802_2 1 @@ -71,12 +72,12 @@ static gint ett_ether2 = -1; #define ETHERNET_SNAP 3 void -capture_eth(const u_char *pd, int offset, packet_counts *ld) +capture_eth(const guchar *pd, int offset, int len, packet_counts *ld) { guint16 etype, length; int ethhdr_type; /* the type of ethernet frame */ - if (!BYTES_ARE_IN_FRAME(offset, ETH_HEADER_SIZE)) { + if (!BYTES_ARE_IN_FRAME(offset, len, ETH_HEADER_SIZE)) { ld->other++; return; } @@ -106,7 +107,7 @@ capture_eth(const u_char *pd, int offset, packet_counts *ld) 01-00-0C-00-00 for ISL frames. */ if (pd[offset] == 0x01 && pd[offset+1] == 0x00 && pd[offset+2] == 0x0C && pd[offset+3] == 0x00 && pd[offset+4] == 0x00) { - capture_isl(pd, offset, ld); + capture_isl(pd, offset, len, ld); return; } @@ -116,10 +117,8 @@ capture_eth(const u_char *pd, int offset, packet_counts *ld) and set the payload and captured-payload lengths to the minima of the total length and the frame lengths. */ length += offset + ETH_HEADER_SIZE; - if (pi.len > length) - pi.len = length; - if (pi.captured_len > length) - pi.captured_len = length; + if (len > length) + len = length; } else { ethhdr_type = ETHERNET_II; } @@ -127,42 +126,29 @@ capture_eth(const u_char *pd, int offset, packet_counts *ld) switch (ethhdr_type) { case ETHERNET_802_3: - capture_ipx(pd, offset, ld); + capture_ipx(ld); break; case ETHERNET_802_2: - capture_llc(pd, offset, ld); + capture_llc(pd, offset, len, ld); break; case ETHERNET_II: - capture_ethertype(etype, offset, pd, ld); + capture_ethertype(etype, pd, offset, len, ld); break; } } -void +static void dissect_eth(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - int orig_captured_len; proto_item *ti; - guint8 *dst, *src; - const guint8 *pd; + const guint8 *dst, *src; - volatile guint16 etype; - volatile int ethhdr_type; /* the type of Ethernet frame */ - volatile int eth_offset; - volatile guint16 length; - tvbuff_t *volatile next_tvb; - tvbuff_t *volatile trailer_tvb; - proto_tree *volatile fh_tree; + guint16 etype; + volatile gboolean is_802_2; + proto_tree *volatile fh_tree = NULL; - CHECK_DISPLAY_AS_DATA(proto_eth, tvb, pinfo, tree); - - tvb_compat(tvb, &pd, (int*)ð_offset); - - pinfo->current_proto = "Ethernet"; - orig_captured_len = pinfo->captured_len; - - if (check_col(pinfo->fd, COL_PROTOCOL)) - col_add_str(pinfo->fd, COL_PROTOCOL, "Ethernet"); + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, "Ethernet"); src = tvb_get_ptr(tvb, 6, 6); dst = tvb_get_ptr(tvb, 0, 6); @@ -175,7 +161,18 @@ dissect_eth(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) /* either ethernet802.3 or ethernet802.2 */ if (etype <= IEEE_802_3_MAX_LEN) { - length = etype; + /* Oh, yuck. Cisco ISL frames require special interpretation of the + destination address field; fortunately, they can be recognized by + checking the first 5 octets of the destination address, which are + 01-00-0C-00-00 for ISL frames. */ + if ( tvb_get_guint8(tvb, 0) == 0x01 && + tvb_get_guint8(tvb, 1) == 0x00 && + tvb_get_guint8(tvb, 2) == 0x0C && + tvb_get_guint8(tvb, 3) == 0x00 && + tvb_get_guint8(tvb, 4) == 0x00 ) { + call_dissector(isl_handle, tvb, pinfo, tree); + return; + } /* Is there an 802.2 layer? I can tell by looking at the first 2 bytes after the 802.3 header. If they are 0xffff, then what @@ -183,10 +180,10 @@ dissect_eth(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) (IPX/SPX is they only thing that can be contained inside a straight 802.3 packet). A non-0xffff value means that there's an 802.2 layer inside the 802.3 layer */ - ethhdr_type = ETHERNET_802_2; + is_802_2 = TRUE; TRY { if (tvb_get_ntohs(tvb, 14) == 0xffff) { - ethhdr_type = ETHERNET_802_3; + is_802_2 = FALSE; } } CATCH2(BoundsError, ReportedBoundsError) { @@ -195,111 +192,51 @@ dissect_eth(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) } ENDTRY; - /* Oh, yuck. Cisco ISL frames require special interpretation of the - destination address field; fortunately, they can be recognized by - checking the first 5 octets of the destination address, which are - 01-00-0C-00-00 for ISL frames. */ - if ( tvb_get_guint8(tvb, 0) == 0x01 && - tvb_get_guint8(tvb, 1) == 0x00 && - tvb_get_guint8(tvb, 2) == 0x0C && - tvb_get_guint8(tvb, 3) == 0x00 && - tvb_get_guint8(tvb, 4) == 0x00 ) { - dissect_isl(pd, eth_offset, pinfo->fd, tree); - return; - } - - if (check_col(pinfo->fd, COL_INFO)) { - col_add_fstr(pinfo->fd, COL_INFO, "IEEE 802.3 %s", - (ethhdr_type == ETHERNET_802_3 ? "Raw " : "")); + if (check_col(pinfo->cinfo, COL_INFO)) { + col_add_fstr(pinfo->cinfo, COL_INFO, "IEEE 802.3 Ethernet %s", + (is_802_2 ? "" : "Raw ")); } if (tree) { + ti = proto_tree_add_protocol_format(tree, proto_eth, tvb, 0, ETH_HEADER_SIZE, + "IEEE 802.3 Ethernet %s", (is_802_2 ? "" : "Raw ")); - ti = proto_tree_add_protocol_format(tree, proto_eth, tvb, 0, ETH_HEADER_SIZE, - "IEEE 802.3 %s", (ethhdr_type == ETHERNET_802_3 ? "Raw " : "")); - - fh_tree = proto_item_add_subtree(ti, ett_ieee8023); + fh_tree = proto_item_add_subtree(ti, ett_ieee8023); - proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst); - proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src); + proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst); + proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src); /* add items for eth.addr filter */ - proto_tree_add_ether_hidden(fh_tree, hf_eth_addr, tvb, 0, 6, dst); - proto_tree_add_ether_hidden(fh_tree, hf_eth_addr, tvb, 6, 6, src); - - proto_tree_add_uint(fh_tree, hf_eth_len, tvb, 12, 2, length); + proto_tree_add_ether_hidden(fh_tree, hf_eth_addr, tvb, 0, 6, dst); + proto_tree_add_ether_hidden(fh_tree, hf_eth_addr, tvb, 6, 6, src); } - /* Convert the LLC length from the 802.3 header to a total - frame length, by adding in the size of any data that preceded - the Ethernet header, and adding in the Ethernet header size, - and set the payload and captured-payload lengths to the minima - of the total length and the frame lengths. */ - length += eth_offset + ETH_HEADER_SIZE; - if (pi.len > length) - pi.len = length; - if (pi.captured_len > length) - pi.captured_len = length; + dissect_802_3(etype, is_802_2, tvb, ETH_HEADER_SIZE, pinfo, tree, fh_tree, + hf_eth_len, hf_eth_trailer); } else { - ethhdr_type = ETHERNET_II; - if (check_col(pinfo->fd, COL_INFO)) - col_add_str(pinfo->fd, COL_INFO, "Ethernet II"); - if (tree) { + if (eth_interpret_as_fw1_monitor) { + call_dissector(fw1_handle, tvb, pinfo, tree); + return; + } - ti = proto_tree_add_protocol_format(tree, proto_eth, tvb, 0, ETH_HEADER_SIZE, - "Ethernet II"); + if (check_col(pinfo->cinfo, COL_INFO)) + col_set_str(pinfo->cinfo, COL_INFO, "Ethernet II"); + if (tree) { + ti = proto_tree_add_protocol_format(tree, proto_eth, tvb, 0, ETH_HEADER_SIZE, + "Ethernet II, Src: %s, Dst: %s", + ether_to_str(src), ether_to_str(dst)); - fh_tree = proto_item_add_subtree(ti, ett_ether2); + fh_tree = proto_item_add_subtree(ti, ett_ether2); - proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst); - proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src); + proto_tree_add_ether(fh_tree, hf_eth_dst, tvb, 0, 6, dst); + proto_tree_add_ether(fh_tree, hf_eth_src, tvb, 6, 6, src); /* add items for eth.addr filter */ - proto_tree_add_ether_hidden(fh_tree, hf_eth_addr, tvb, 0, 6, dst); - proto_tree_add_ether_hidden(fh_tree, hf_eth_addr, tvb, 6, 6, src); + proto_tree_add_ether_hidden(fh_tree, hf_eth_addr, tvb, 0, 6, dst); + proto_tree_add_ether_hidden(fh_tree, hf_eth_addr, tvb, 6, 6, src); } - } - eth_offset += ETH_HEADER_SIZE; - - /* Give the next dissector only 'length' number of bytes */ - if (etype <= IEEE_802_3_MAX_LEN) { - TRY { - next_tvb = tvb_new_subset(tvb, ETH_HEADER_SIZE, etype, etype); - trailer_tvb = tvb_new_subset(tvb, ETH_HEADER_SIZE + etype, -1, -1); - } - CATCH2(BoundsError, ReportedBoundsError) { - next_tvb = tvb_new_subset(tvb, ETH_HEADER_SIZE, -1, etype); - } - ENDTRY; - } - else { - next_tvb = NULL; /* "ethertype()" will create the next tvb for us */ - trailer_tvb = NULL; /* we don't know how big the trailer is */ - } - switch (ethhdr_type) { - case ETHERNET_802_3: - dissect_ipx(next_tvb, pinfo, tree); - break; - case ETHERNET_802_2: - dissect_llc(next_tvb, pinfo, tree); - break; - case ETHERNET_II: - ethertype(etype, tvb, ETH_HEADER_SIZE, pinfo, tree, fh_tree, hf_eth_type); - break; - } - - /* If there's some bytes left over, mark them. */ - if (trailer_tvb && tree) { - int trailer_length; - const guint8 *ptr; - - trailer_length = tvb_length(trailer_tvb); - if (trailer_length > 0) { - ptr = tvb_get_ptr(trailer_tvb, 0, trailer_length); - proto_tree_add_bytes(fh_tree, hf_eth_trailer, tvb, ETH_HEADER_SIZE + etype, - trailer_length, ptr); - } + ethertype(etype, tvb, ETH_HEADER_SIZE, pinfo, tree, fh_tree, hf_eth_type, + hf_eth_trailer); } - } void @@ -309,35 +246,63 @@ proto_register_eth(void) { &hf_eth_dst, { "Destination", "eth.dst", FT_ETHER, BASE_NONE, NULL, 0x0, - "Destination Hardware Address" }}, + "Destination Hardware Address", HFILL }}, { &hf_eth_src, { "Source", "eth.src", FT_ETHER, BASE_NONE, NULL, 0x0, - "Source Hardware Address" }}, + "Source Hardware Address", HFILL }}, { &hf_eth_len, { "Length", "eth.len", FT_UINT16, BASE_DEC, NULL, 0x0, - "" }}, + "", HFILL }}, /* registered here but handled in ethertype.c */ { &hf_eth_type, { "Type", "eth.type", FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0, - "" }}, + "", HFILL }}, { &hf_eth_addr, { "Source or Destination Address", "eth.addr", FT_ETHER, BASE_NONE, NULL, 0x0, - "Source or Destination Hardware Address" }}, + "Source or Destination Hardware Address", HFILL }}, { &hf_eth_trailer, { "Trailer", "eth.trailer", FT_BYTES, BASE_NONE, NULL, 0x0, - "Ethernet Trailer or Checksum" }}, + "Ethernet Trailer or Checksum", HFILL }}, }; static gint *ett[] = { &ett_ieee8023, &ett_ether2, }; + module_t *eth_module; - proto_eth = proto_register_protocol ("Ethernet", "eth" ); + proto_eth = proto_register_protocol("Ethernet", "Ethernet", "eth"); proto_register_field_array(proto_eth, hf, array_length(hf)); proto_register_subtree_array(ett, array_length(ett)); + + /* Register configuration preferences */ + eth_module = prefs_register_protocol(proto_eth, NULL); + prefs_register_bool_preference(eth_module, "interpret_as_fw1_monitor", + "Interpret as FireWall-1 monitor file", +"Whether the capture file should be interpreted as a CheckPoint FireWall-1 monitor file", + ð_interpret_as_fw1_monitor); + + register_dissector("eth", dissect_eth, proto_eth); +} + +void +proto_reg_handoff_eth(void) +{ + dissector_handle_t eth_handle; + + /* + * Get a handle for the ISL dissector. + */ + isl_handle = find_dissector("isl"); + fw1_handle = find_dissector("fw1"); + + eth_handle = find_dissector("eth"); + dissector_add("wtap_encap", WTAP_ENCAP_ETHERNET, eth_handle); + dissector_add("ethertype", ETHERTYPE_ETHBRIDGE, eth_handle); + dissector_add("chdlctype", ETHERTYPE_ETHBRIDGE, eth_handle); + dissector_add("gre.proto", ETHERTYPE_ETHBRIDGE, eth_handle); }