search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / dissectors / packet-sll.c
blob059dfa86303eef4cd92c5ce21297e803df43e200
1 /* packet-sll.c
2 * Routines for disassembly of packets from Linux "cooked mode" captures
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10 #include "config.h"
11
12 #include <epan/packet.h>
13 #include <epan/capture_dissectors.h>
14 #include <epan/conversation_table.h>
15 #include <epan/arptypes.h>
16 #include <wsutil/pint.h>
17 #include "packet-sll.h"
18 #include "packet-ipx.h"
19 #include "packet-llc.h"
20 #include "packet-eth.h"
21 #include "packet-ppp.h"
22 #include "packet-gre.h"
23 #include "packet-arp.h"
24 #include <epan/addr_resolv.h>
25 #include <epan/etypes.h>
26 #include <epan/arptypes.h>
27 #include <epan/decode_as.h>
28 #include <epan/proto_data.h>
29
30 void proto_register_sll(void);
31 void proto_reg_handoff_sll(void);
32
33 typedef struct sll_tap_data {
34 address src_address;
35 } sll_tap_data;
36
37 /*
38 * A LINKTYPE_LINUX_SLL fake link-layer header.
39 */
40 #define SLL_HEADER_SIZE 16 /* total header length */
41
42 /*
43 * A LINKTYPE_LINUX_SLL fake link-layer header.
44 */
45 #define SLL2_HEADER_SIZE 20 /* total header length */
46
47 #define SLL_ADDRLEN 8 /* length of address field */
48
49 /*
50 * The LINUX_SLL_ values for "sll_pkttype".
51 */
52 #define LINUX_SLL_HOST 0
53 #define LINUX_SLL_BROADCAST 1
54 #define LINUX_SLL_MULTICAST 2
55 #define LINUX_SLL_OTHERHOST 3
56 #define LINUX_SLL_OUTGOING 4
57
58 static const value_string packet_type_vals[] = {
59 { LINUX_SLL_HOST, "Unicast to us" },
60 { LINUX_SLL_BROADCAST, "Broadcast" },
61 { LINUX_SLL_MULTICAST, "Multicast" },
62 { LINUX_SLL_OTHERHOST, "Unicast to another host" },
63 { LINUX_SLL_OUTGOING, "Sent by us" },
64 { 0, NULL }
65 };
66
67 static const value_string ltype_vals[] = {
68 { LINUX_SLL_P_802_3, "Raw 802.3" },
69 { LINUX_SLL_P_ETHERNET, "Ethernet" },
70 { LINUX_SLL_P_802_2, "802.2 LLC" },
71 { LINUX_SLL_P_PPPHDLC, "PPP (HDLC)" },
72 { LINUX_SLL_P_CAN, "CAN" },
73 { LINUX_SLL_P_CANFD, "CAN FD" },
74 { LINUX_SLL_P_IRDA_LAP, "IrDA LAP" },
75 { LINUX_SLL_P_ISI, "ISI" },
76 { LINUX_SLL_P_IEEE802154, "IEEE 802.15.4" },
77 { LINUX_SLL_P_MCTP, "MCTP" },
78 { 0, NULL }
79 };
80
81
82 static dissector_handle_t sll_handle;
83 static dissector_handle_t sll2_handle;
84 static dissector_handle_t ethertype_handle;
85 static dissector_handle_t netlink_handle;
86
87 static int proto_sll;
88 static int sll_tap;
89
90 static int hf_sll_etype;
91 static int hf_sll_gretype;
92 static int hf_sll_halen;
93 static int hf_sll_hatype;
94 static int hf_sll_ifindex;
95 static int hf_sll_ltype;
96 static int hf_sll_pkttype;
97 static int hf_sll_src_eth;
98 static int hf_sll_src_ipv4;
99 static int hf_sll_src_other;
100 static int hf_sll_trailer;
101 static int hf_sll_unused;
102
103 static int ett_sll;
104
105 static dissector_table_t sll_hatype_dissector_table;
106 static dissector_table_t sll_ltype_dissector_table;
107 static dissector_table_t gre_dissector_table;
108
109 static void sll_prompt(packet_info *pinfo, char* result)
110 {
111 snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "SLL protocol type 0x%04x as",
112 GPOINTER_TO_UINT(p_get_proto_data(pinfo->pool, pinfo, proto_sll, 0)));
113 }
114
115 static void *sll_value(packet_info *pinfo)
116 {
117 return p_get_proto_data(pinfo->pool, pinfo, proto_sll, 0);
118 }
119
120 static const char* sll_conv_get_filter_type(conv_item_t* conv, conv_filter_type_e filter)
121 {
122 if ((filter == CONV_FT_SRC_ADDRESS) && (conv->src_address.type == AT_ETHER))
123 return "sll.src.eth";
124
125 if ((filter == CONV_FT_ANY_ADDRESS) && (conv->src_address.type == AT_ETHER))
126 return "sll.src.eth";
127
128 if ((filter == CONV_FT_SRC_ADDRESS) && (conv->src_address.type == AT_IPv4))
129 return "sll.src.ipv4";
130
131 if ((filter == CONV_FT_ANY_ADDRESS) && (conv->src_address.type == AT_IPv4))
132 return "sll.src.ipv4";
133
134 return CONV_FILTER_INVALID;
135 }
136
137 static ct_dissector_info_t sll_ct_dissector_info = {&sll_conv_get_filter_type};
138 static address no_dst = ADDRESS_INIT_NONE;
139
140 static tap_packet_status
141 sll_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip, tap_flags_t flags)
142 {
143 conv_hash_t *hash = (conv_hash_t*) pct;
144 hash->flags = flags;
145
146 const sll_tap_data *tap_data = (const sll_tap_data*)vip;
147
148 add_conversation_table_data(hash, &tap_data->src_address, &no_dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->abs_ts, &sll_ct_dissector_info, CONVERSATION_NONE);
149
150 return TAP_PACKET_REDRAW;
151 }
152
153 static const char* sll_endpoint_get_filter_type(endpoint_item_t* endpoint, conv_filter_type_e filter)
154 {
155 if ((filter == CONV_FT_SRC_ADDRESS) && (endpoint->myaddress.type == AT_ETHER))
156 return "sll.src.eth";
157
158 if ((filter == CONV_FT_ANY_ADDRESS) && (endpoint->myaddress.type == AT_ETHER))
159 return "sll.src.eth";
160
161 if ((filter == CONV_FT_SRC_ADDRESS) && (endpoint->myaddress.type == AT_IPv4))
162 return "sll.src.ipv4";
163
164 if ((filter == CONV_FT_ANY_ADDRESS) && (endpoint->myaddress.type == AT_IPv4))
165 return "sll.src.ipv4";
166
167 return CONV_FILTER_INVALID;
168 }
169
170 static et_dissector_info_t sll_endpoint_dissector_info = {&sll_endpoint_get_filter_type};
171
172 static tap_packet_status
173 sll_endpoint_packet(void *pit, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip, tap_flags_t flags)
174 {
175 conv_hash_t *hash = (conv_hash_t*) pit;
176 hash->flags = flags;
177
178 const sll_tap_data *tap_data = (const sll_tap_data*)vip;
179
180 add_endpoint_table_data(hash, &tap_data->src_address, 0, true, 1, pinfo->fd->pkt_len, &sll_endpoint_dissector_info, ENDPOINT_NONE);
181
182 return TAP_PACKET_REDRAW;
183 }
184
185 static bool
186 capture_sll(const unsigned char *pd, int offset _U_, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_)
187 {
188 uint16_t hatype;
189 uint16_t protocol;
190
191 if (!BYTES_ARE_IN_FRAME(0, len, SLL_HEADER_SIZE))
192 return false;
193
194 protocol = pntoh16(&pd[14]);
195 if (protocol <= 1536) { /* yes, 1536 - that's how Linux does it */
196 /*
197 * "proto" is *not* a length field, it's a Linux internal
198 * protocol type.
199 */
200 hatype = pntoh16(&pd[2]);
201 if (try_capture_dissector("sll.hatype", hatype, pd,
202 SLL_HEADER_SIZE, len, cpinfo, pseudo_header))
203 return true;
204 return try_capture_dissector("sll.ltype", protocol, pd, SLL_HEADER_SIZE, len, cpinfo, pseudo_header);
205 } else {
206 return try_capture_dissector("ethertype", protocol, pd, SLL_HEADER_SIZE, len, cpinfo, pseudo_header);
207 }
208 return false;
209 }
210
211 static bool
212 capture_sll2(const unsigned char *pd, int offset _U_, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_)
213 {
214 uint16_t hatype;
215 uint16_t protocol;
216
217 if (!BYTES_ARE_IN_FRAME(0, len, SLL2_HEADER_SIZE))
218 return false;
219
220 protocol = pntoh16(&pd[0]);
221 if (protocol <= 1536) { /* yes, 1536 - that's how Linux does it */
222 /*
223 * "proto" is *not* a length field, it's a Linux internal
224 * protocol type.
225 */
226 hatype = pntoh16(&pd[8]);
227 if (try_capture_dissector("sll.hatype", hatype, pd,
228 SLL2_HEADER_SIZE, len, cpinfo, pseudo_header))
229 return true;
230 return try_capture_dissector("sll.ltype", protocol, pd, SLL2_HEADER_SIZE, len, cpinfo, pseudo_header);
231 } else {
232 return try_capture_dissector("ethertype", protocol, pd, SLL2_HEADER_SIZE, len, cpinfo, pseudo_header);
233 }
234 return false;
235 }
236
237 static void
238 add_ll_address(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb,
239 int halen_offset, int halen_len, sll_tap_data *tap_data)
240 {
241 uint32_t ha_len;
242 int ha_offset = halen_offset + halen_len;
243
244 /*
245 * XXX - check the link-layer address type value?
246 * For now, we just assume ha_len 4 is IPv4 and ha_len 6
247 * is Ethernet.
248 */
249 proto_tree_add_item_ret_uint(tree, hf_sll_halen, tvb, halen_offset, halen_len, ENC_BIG_ENDIAN, &ha_len);
250
251 switch (ha_len) {
252 case 4:
253 set_address_tvb(&pinfo->dl_src, AT_IPv4, 4, tvb, ha_offset);
254 copy_address_shallow(&pinfo->src, &pinfo->dl_src);
255 copy_address_wmem(wmem_file_scope(), &tap_data->src_address, &pinfo->src);
256 proto_tree_add_item(tree, hf_sll_src_ipv4, tvb, ha_offset, 4, ENC_BIG_ENDIAN);
257 break;
258 case 6:
259 set_address_tvb(&pinfo->dl_src, AT_ETHER, 6, tvb, ha_offset);
260 copy_address_shallow(&pinfo->src, &pinfo->dl_src);
261 copy_address_wmem(wmem_file_scope(), &tap_data->src_address, &pinfo->src);
262 proto_tree_add_item(tree, hf_sll_src_eth, tvb, ha_offset, 6, ENC_NA);
263 break;
264 case 0:
265 break;
266 default:
267 proto_tree_add_item(tree, hf_sll_src_other, tvb,
268 ha_offset, ha_len > 8 ? 8 : ha_len, ENC_NA);
269 break;
270 }
271
272 /* Not all bytes of SLL_ADDRLEN have been used. Add remaining as unused */
273 if (ha_len < SLL_ADDRLEN)
274 proto_tree_add_item(tree, hf_sll_unused, tvb, ha_offset + ha_len,
275 SLL_ADDRLEN - ha_len, ENC_NA);
276 }
277
278 static uint16_t
279 add_protocol_type(proto_tree *fh_tree, tvbuff_t *tvb, int protocol_offset,
280 int hatype)
281 {
282 uint16_t protocol;
283
284 protocol = tvb_get_ntohs(tvb, protocol_offset);
285 if (protocol <= 1536) { /* yes, 1536 - that's how Linux does it */
286 /*
287 * "proto" is *not* a length field, it's a Linux internal
288 * protocol type.
289 * We therefore cannot say how much of the packet will
290 * be trailer data.
291 * XXX - do the same thing we do for packets with Ethertypes?
292 */
293 proto_tree_add_uint(fh_tree, hf_sll_ltype, tvb,
294 protocol_offset, 2, protocol);
295 } else {
296 switch (hatype) {
297
298 case ARPHRD_IPGRE:
299 /*
300 * XXX - the link-layer header appears to consist
301 * of an IPv4 header followed by a bunch of stuff
302 * that includes the GRE flags and version, but
303 * cooked captures strip the link-layer header,
304 * so we can't provide the flags and version to
305 * the dissector.
306 */
307 proto_tree_add_uint(fh_tree, hf_sll_gretype, tvb,
308 protocol_offset, 2, protocol);
309 break;
310
311 default:
312 proto_tree_add_uint(fh_tree, hf_sll_etype, tvb,
313 protocol_offset, 2, protocol);
314 break;
315 }
316 }
317 return protocol;
318 }
319
320 static void
321 dissect_payload(proto_tree *tree, packet_info *pinfo, proto_tree *fh_tree,
322 tvbuff_t *tvb, int header_size, int hatype, uint16_t protocol)
323 {
324 tvbuff_t *next_tvb;
325 ethertype_data_t ethertype_data;
326
327 next_tvb = tvb_new_subset_remaining(tvb, header_size);
328 if (protocol <= 1536) { /* yes, 1536 - that's how Linux does it */
329 /*
330 * "proto" is *not* a length field, it's a Linux internal
331 * protocol type.
332 * We therefore cannot say how much of the packet will
333 * be trailer data.
334 * XXX - do the same thing we do for packets with Ethertypes?
335 */
336 if (!dissector_try_uint(sll_hatype_dissector_table, hatype,
337 next_tvb, pinfo, tree)) {
338 p_add_proto_data(pinfo->pool, pinfo, proto_sll, 0, GUINT_TO_POINTER((unsigned)protocol));
339 if (!dissector_try_uint(sll_ltype_dissector_table,
340 protocol, next_tvb, pinfo, tree)) {
341 call_data_dissector(next_tvb, pinfo, tree);
342 }
343 }
344 } else {
345 switch (hatype) {
346
347 case ARPHRD_IPGRE:
348 /*
349 * XXX - the link-layer header appears to consist
350 * of an IPv4 header followed by a bunch of stuff
351 * that includes the GRE flags and version, but
352 * cooked captures strip the link-layer header,
353 * so we can't provide the flags and version to
354 * the dissector.
355 */
356 dissector_try_uint(gre_dissector_table, protocol,
357 next_tvb, pinfo, tree);
358 break;
359
360 default:
361 ethertype_data.etype = protocol;
362 ethertype_data.payload_offset = header_size;
363 ethertype_data.fh_tree = fh_tree;
364 ethertype_data.trailer_id = hf_sll_trailer;
365 ethertype_data.fcs_len = 0;
366
367 call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, &ethertype_data);
368 break;
369 }
370 }
371 }
372
373 static int
374 dissect_sll_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int encap)
375 {
376 uint16_t pkttype;
377 uint16_t protocol;
378 uint16_t hatype;
379 int header_size;
380 int version;
381 proto_item *ti;
382 proto_tree *fh_tree;
383 sll_tap_data* tap_data;
384
385 switch (encap) {
386
387 case WTAP_ENCAP_SLL:
388 pkttype = tvb_get_ntohs(tvb, 0);
389 header_size = SLL_HEADER_SIZE;
390 version = 1;
391 break;
392
393 case WTAP_ENCAP_SLL2:
394 pkttype = tvb_get_ntohs(tvb, 10);
395 header_size = SLL2_HEADER_SIZE;
396 version = 2;
397 break;
398
399 default:
400 DISSECTOR_ASSERT_NOT_REACHED();
401 }
402
403 /*
404 * Set "pinfo->p2p_dir" if the packet wasn't received
405 * promiscuously.
406 */
407 switch (pkttype) {
408
409 case LINUX_SLL_HOST:
410 case LINUX_SLL_BROADCAST:
411 case LINUX_SLL_MULTICAST:
412 pinfo->p2p_dir = P2P_DIR_RECV;
413 break;
414
415 case LINUX_SLL_OUTGOING:
416 pinfo->p2p_dir = P2P_DIR_SENT;
417 break;
418 }
419
420 switch (encap) {
421
422 case WTAP_ENCAP_SLL:
423 hatype = tvb_get_ntohs(tvb, 2);
424 break;
425
426 case WTAP_ENCAP_SLL2:
427 hatype = tvb_get_ntohs(tvb, 8);
428 break;
429
430 default:
431 DISSECTOR_ASSERT_NOT_REACHED();
432 }
433
434 /*
435 * XXX - special purpose hack. Netlink packets have a hardware
436 * address type of ARPHRD_NETLINK, but the protocol type value
437 * indicates the Netlink message type; we just hand the netlink
438 * dissector our *entire* packet.
439 *
440 * That's different from link-layer types such as 802.11+radiotap,
441 * where the payload follows the complete SLL header, and the
442 * protocol field in the SLL header is irrelevant; for those,
443 * we have the sll.hatype dissector table.
444 */
445 if (hatype == ARPHRD_NETLINK) {
446 return call_dissector(netlink_handle, tvb, pinfo, tree);
447 }
448
449 col_set_str(pinfo->cinfo, COL_PROTOCOL, "SLL");
450 col_clear(pinfo->cinfo, COL_INFO);
451
452 col_add_str(pinfo->cinfo, COL_INFO,
453 val_to_str(pkttype, packet_type_vals, "Unknown (%u)"));
454
455 ti = proto_tree_add_protocol_format(tree, proto_sll, tvb, 0,
456 header_size, "Linux cooked capture v%d", version);
457 fh_tree = proto_item_add_subtree(ti, ett_sll);
458 tap_data = wmem_new0(wmem_file_scope(), sll_tap_data);
459
460 switch (encap) {
461
462 case WTAP_ENCAP_SLL:
463 proto_tree_add_item(fh_tree, hf_sll_pkttype, tvb, 0, 2, ENC_BIG_ENDIAN);
464
465 proto_tree_add_uint(fh_tree, hf_sll_hatype, tvb, 2, 2, hatype);
466
467 add_ll_address(fh_tree, pinfo, tvb, 4, 2, tap_data);
468
469 protocol = add_protocol_type(fh_tree, tvb, 14, hatype);
470
471 dissect_payload(tree, pinfo, fh_tree, tvb, SLL_HEADER_SIZE, hatype, protocol);
472 break;
473
474 case WTAP_ENCAP_SLL2:
475 protocol = add_protocol_type(fh_tree, tvb, 0, hatype);
476
477 proto_tree_add_item(fh_tree, hf_sll_ifindex, tvb, 4, 4, ENC_BIG_ENDIAN);
478
479 proto_tree_add_uint(fh_tree, hf_sll_hatype, tvb, 8, 2, hatype);
480
481 proto_tree_add_item(fh_tree, hf_sll_pkttype, tvb, 10, 1, ENC_BIG_ENDIAN);
482
483 add_ll_address(fh_tree, pinfo, tvb, 11, 1, tap_data);
484
485 dissect_payload(tree, pinfo, fh_tree, tvb, SLL2_HEADER_SIZE, hatype, protocol);
486 break;
487
488 default:
489 DISSECTOR_ASSERT_NOT_REACHED();
490 }
491
492 tap_queue_packet(sll_tap, pinfo, tap_data);
493
494 return tvb_captured_length(tvb);
495 }
496
497 static int
498 dissect_sll_v1(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
499 {
500 return dissect_sll_common(tvb, pinfo, tree, WTAP_ENCAP_SLL);
501 }
502
503 static int
504 dissect_sll_v2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
505 {
506 return dissect_sll_common(tvb, pinfo, tree, WTAP_ENCAP_SLL2);
507 }
508
509 void
510 proto_register_sll(void)
511 {
512 static hf_register_info hf[] = {
513 { &hf_sll_pkttype,
514 { "Packet type", "sll.pkttype",
515 FT_UINT16, BASE_DEC, VALS(packet_type_vals), 0x0,
516 NULL, HFILL }
517 },
518 { &hf_sll_hatype,
519 { "Link-layer address type", "sll.hatype",
520 FT_UINT16, BASE_DEC, VALS(arp_hrd_vals), 0x0,
521 NULL, HFILL }
522 },
523 { &hf_sll_halen,
524 { "Link-layer address length", "sll.halen",
525 FT_UINT16, BASE_DEC, NULL, 0x0,
526 NULL, HFILL }
527 },
528 { &hf_sll_src_eth,
529 { "Source", "sll.src.eth",
530 FT_ETHER, BASE_NONE, NULL, 0x0,
531 "Source link-layer address", HFILL }
532 },
533 { &hf_sll_src_ipv4,
534 { "Source", "sll.src.ipv4",
535 FT_IPv4, BASE_NONE, NULL, 0x0,
536 "Source link-layer address", HFILL }
537 },
538 { &hf_sll_src_other,
539 { "Source", "sll.src.other",
540 FT_BYTES, BASE_NONE, NULL, 0x0,
541 "Source link-layer address", HFILL }
542 },
543 { &hf_sll_unused,
544 { "Unused", "sll.unused",
545 FT_BYTES, BASE_NONE, NULL, 0x0,
546 "Unused bytes", HFILL }
547 },
548 { &hf_sll_ltype,
549 { "Protocol", "sll.ltype",
550 FT_UINT16, BASE_HEX, VALS(ltype_vals), 0x0,
551 "Linux protocol type", HFILL }
552 },
553 { &hf_sll_gretype,
554 { "Protocol", "sll.gretype",
555 FT_UINT16, BASE_HEX, VALS(gre_typevals), 0x0,
556 "GRE protocol type", HFILL }
557 },
558 { &hf_sll_etype,
559 { "Protocol", "sll.etype",
560 FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0,
561 "Ethernet protocol type", HFILL }
562 },
563 { &hf_sll_trailer,
564 { "Trailer", "sll.trailer",
565 FT_BYTES, BASE_NONE, NULL, 0x0,
566 NULL, HFILL }
567 },
568 { &hf_sll_ifindex,
569 { "Interface index", "sll.ifindex",
570 FT_UINT32, BASE_DEC, NULL, 0x0,
571 NULL, HFILL }
572 },
573 };
574
575 static int *ett[] = {
576 &ett_sll
577 };
578
579 /* Decode As handling */
580 static build_valid_func sll_da_build_value[1] = {sll_value};
581 static decode_as_value_t sll_da_values = {sll_prompt, 1, sll_da_build_value};
582 static decode_as_t sll_da = {"sll.ltype", "sll.ltype", 1, 0, &sll_da_values, NULL, NULL,
583 decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL};
584
585 proto_sll = proto_register_protocol("Linux cooked-mode capture", "SLL", "sll" );
586 proto_register_field_array(proto_sll, hf, array_length(hf));
587 proto_register_subtree_array(ett, array_length(ett));
588
589 sll_handle = register_dissector("sll_v1", dissect_sll_v1, proto_sll);
590 sll2_handle = register_dissector("sll_v2", dissect_sll_v2, proto_sll);
591 sll_tap = register_tap("sll");
592
593 /*
594 * Sigh.
595 *
596 * For some packets, the link-layer header *isn't* been stripped
597 * off in a cooked capture; the hardware address type is the
598 * device ARPTYPE, so, for those packets, we should call the
599 * dissector for that value.
600 *
601 * We define a "sll.hatype" dissector table; we try dissecting
602 * with that first, and then try the protocol type if nothing
603 * is found in sll.hatype.
604 */
605 sll_hatype_dissector_table = register_dissector_table (
606 "sll.hatype",
607 "Linux SLL ARPHRD_ type",
608 proto_sll, FT_UINT16,
609 BASE_DEC
610 );
611 register_capture_dissector_table("sll.hatype", "Linux SLL ARPHRD_ type");
612
613 sll_ltype_dissector_table = register_dissector_table (
614 "sll.ltype",
615 "Linux SLL protocol type",
616 proto_sll, FT_UINT16,
617 BASE_HEX
618 );
619 register_capture_dissector_table("sll.ltype", "Linux SLL protocol");
620
621 register_conversation_table(proto_sll, true, sll_conversation_packet, sll_endpoint_packet);
622
623 register_decode_as(&sll_da);
624 }
625
626 void
627 proto_reg_handoff_sll(void)
628 {
629 capture_dissector_handle_t sll_cap_handle;
630 capture_dissector_handle_t sll2_cap_handle;
631
632 /*
633 * Get handles for the IPX and LLC dissectors.
634 */
635 gre_dissector_table = find_dissector_table("gre.proto");
636 ethertype_handle = find_dissector_add_dependency("ethertype", proto_sll);
637 netlink_handle = find_dissector_add_dependency("netlink", proto_sll);
638
639 dissector_add_uint("wtap_encap", WTAP_ENCAP_SLL, sll_handle);
640 dissector_add_uint("wtap_encap", WTAP_ENCAP_SLL2, sll2_handle);
641 sll_cap_handle = create_capture_dissector_handle(capture_sll, proto_sll);
642 capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_SLL, sll_cap_handle);
643 sll2_cap_handle = create_capture_dissector_handle(capture_sll2, proto_sll);
644 capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_SLL2, sll2_cap_handle);
645 }
646
647 /*
648 * Editor modelines - https://www.wireshark.org/tools/modelines.html
649 *
650 * Local variables:
651 * c-basic-offset: 8
652 * tab-width: 8
653 * indent-tabs-mode: t
654 * End:
655 *
656 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
657 * :indentSize=8:tabSize=8:noTabs=false:
658 */
Metzes wireshark repo