2 * Routines for Turbocell Header dissection
3 * Copyright 2004, Colin Slater <kiltedtaco@xxxxxxxxx>
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
9 * SPDX-License-Identifier: GPL-2.0-or-later
12 /* This dissector was written entirely from reverse engineering captured
13 * packets. No documentation was used or supplied by Karlnet. Hence, this
14 * dissector is very incomplete. If you have any insight into decoding
15 * these packets, or if you can supply packet captures from turbocell
16 * networks, contact kiltedtaco@xxxxxxxxx */
18 /* 2008-08-05 : Added support for aggregate frames.
19 * AP mode, NWID and sat mode fields identification were
20 * taken from http://aphopper.sourceforge.net/turbocell.html
21 * everything else is based on (educated) guesses.
26 #include <epan/packet.h>
27 #include <epan/strutil.h>
29 #define TURBOCELL_TYPE_BEACON_NON_POLLING 0x00
30 #define TURBOCELL_TYPE_BEACON_NORMAL 0x40
31 #define TURBOCELL_TYPE_BEACON_POLLING 0x80
32 #define TURBOCELL_TYPE_BEACON_ISP 0xA0
34 #define TURBOCELL_TYPE_DATA 0x01
35 #define TURBOCELL_TYPE_MANAGEMENT 0x11
37 #define TURBOCELL_SATTELITE_MODE_DENY 0x1
38 #define TURBOCELL_SATTELITE_MODE_ALLOW 0x2
40 void proto_register_turbocell(void);
41 void proto_reg_handoff_turbocell(void);
43 static int proto_turbocell
;
44 static int proto_aggregate
;
46 static int hf_turbocell_type
;
47 static int hf_turbocell_dst
;
48 static int hf_turbocell_counter
;
49 static int hf_turbocell_name
;
50 static int hf_turbocell_nwid
;
51 static int hf_turbocell_satmode
;
52 static int hf_turbocell_unknown
;
53 static int hf_turbocell_timestamp
;
54 static int hf_turbocell_station
;
55 static int hf_turbocell_ip
;
57 static int hf_turbocell_aggregate_msdu_header_text
;
58 static int hf_turbocell_aggregate_msdu_len
;
59 static int hf_turbocell_aggregate_unknown1
;
60 static int hf_turbocell_aggregate_unknown2
;
61 static int hf_turbocell_aggregate_len
;
63 static int ett_turbocell
;
64 static int ett_network
;
65 static int ett_msdu_aggregation_parent_tree
;
66 static int ett_msdu_aggregation_subframe_tree
;
68 /* The ethernet dissector we hand off to */
69 static dissector_handle_t eth_handle
;
71 static const value_string turbocell_type_values
[] = {
72 { TURBOCELL_TYPE_BEACON_NON_POLLING
, "Beacon (Non-Polling Base Station)" },
73 { TURBOCELL_TYPE_BEACON_NORMAL
, "Beacon (Normal Base Station)" },
74 { TURBOCELL_TYPE_BEACON_POLLING
, "Beacon (Polling Base Station)" },
75 { TURBOCELL_TYPE_BEACON_ISP
, "Beacon (ISP Base Station)" },
76 { TURBOCELL_TYPE_DATA
, "Data Packet" },
77 { TURBOCELL_TYPE_MANAGEMENT
, "Management Packet" },
81 static const value_string turbocell_satmode_values
[] = {
82 { TURBOCELL_SATTELITE_MODE_DENY
, "Allowed to connect" },
83 { TURBOCELL_SATTELITE_MODE_ALLOW
, "NOT allowed to connect" },
89 dissect_turbocell(tvbuff_t
*tvb
, packet_info
*pinfo
, proto_tree
*tree
, void* data _U_
)
92 proto_item
*ti
, *name_item
;
93 proto_tree
*turbocell_tree
= NULL
, *network_tree
;
101 packet_type
= tvb_get_uint8(tvb
, 0);
103 if (!(packet_type
& 0x0F)){
104 col_set_str(pinfo
->cinfo
, COL_INFO
, "Turbocell Packet (Beacon)");
105 col_set_str(pinfo
->cinfo
, COL_PROTOCOL
, "Turbocell");
106 } else if ( packet_type
== TURBOCELL_TYPE_MANAGEMENT
) {
107 col_set_str(pinfo
->cinfo
, COL_INFO
, "Turbocell Packet (Management)");
108 col_set_str(pinfo
->cinfo
, COL_PROTOCOL
, "Turbocell");
109 } else if ( packet_type
== TURBOCELL_TYPE_DATA
) {
110 col_set_str(pinfo
->cinfo
, COL_INFO
, "Turbocell Packet (Data)");
111 col_set_str(pinfo
->cinfo
, COL_PROTOCOL
, "Turbocell");
113 col_set_str(pinfo
->cinfo
, COL_INFO
, "Turbocell Packet (Unknown)");
114 col_set_str(pinfo
->cinfo
, COL_PROTOCOL
, "Turbocell");
118 ti
= proto_tree_add_item(tree
, proto_turbocell
, tvb
, 0, 20, ENC_NA
);
120 turbocell_tree
= proto_item_add_subtree(ti
, ett_turbocell
);
122 proto_tree_add_item(turbocell_tree
, hf_turbocell_type
, tvb
, 0, 1, ENC_BIG_ENDIAN
);
123 proto_tree_add_item(turbocell_tree
, hf_turbocell_satmode
, tvb
, 1, 1, ENC_BIG_ENDIAN
);
124 proto_tree_add_item(turbocell_tree
, hf_turbocell_nwid
, tvb
, 1, 1, ENC_BIG_ENDIAN
);
126 /* it seem when we have this magic number,that means an alternate header version */
128 if (tvb_get_bits64(tvb
, 64,48,ENC_BIG_ENDIAN
) != INT64_C(0x000001fe23dc45ba)){
129 proto_tree_add_item(turbocell_tree
, hf_turbocell_counter
, tvb
, 0x02, 2, ENC_BIG_ENDIAN
);
130 proto_tree_add_item(turbocell_tree
, hf_turbocell_dst
, tvb
, 0x04, 6, ENC_NA
);
131 proto_tree_add_item(turbocell_tree
, hf_turbocell_timestamp
, tvb
, 0x0A, 3, ENC_BIG_ENDIAN
);
134 proto_tree_add_item(turbocell_tree
, hf_turbocell_timestamp
, tvb
, 0x02, 3, ENC_BIG_ENDIAN
);
135 proto_tree_add_item(turbocell_tree
, hf_turbocell_counter
, tvb
, 0x05, 3, ENC_BIG_ENDIAN
);
136 proto_tree_add_item(turbocell_tree
, hf_turbocell_dst
, tvb
, 0x08, 6, ENC_NA
);
139 proto_tree_add_item(turbocell_tree
, hf_turbocell_unknown
, tvb
, 0x0E, 2, ENC_BIG_ENDIAN
);
140 proto_tree_add_item(turbocell_tree
, hf_turbocell_ip
, tvb
, 0x10, 4, ENC_BIG_ENDIAN
);
144 remaining_length
=tvb_reported_length_remaining(tvb
, 0x14);
146 if (remaining_length
> 6) {
148 /* If the first character is a printable character that means we have a payload with network info */
149 /* I couldn't find anything in the header that would definitively indicate if payload is either data or network info */
150 /* Since the frame size is limited this should work ok */
152 if (tvb_get_uint8(tvb
, 0x14)>=0x20){
153 name_item
= proto_tree_add_item(turbocell_tree
, hf_turbocell_name
, tvb
, 0x14, 30, ENC_ASCII
);
154 network_tree
= proto_item_add_subtree(name_item
, ett_network
);
156 str_name
=tvb_get_stringz_enc(pinfo
->pool
, tvb
, 0x14, &str_len
, ENC_ASCII
);
157 col_append_fstr(pinfo
->cinfo
, COL_INFO
, ", Network=\"%s\"", format_text(pinfo
->pool
, str_name
, str_len
-1));
159 while(tvb_get_uint8(tvb
, 0x34 + 8*i
)==0x00 && (tvb_reported_length_remaining(tvb
,0x34 + 8*i
) > 6) && (i
<32)) {
160 proto_tree_add_item(network_tree
, hf_turbocell_station
, tvb
, 0x34 + 8*i
, 6, ENC_NA
);
164 /*Couldn't make sense of the apparently random data in the end*/
166 next_tvb
= tvb_new_subset_remaining(tvb
, 0x34 + 8*i
);
167 call_data_dissector(next_tvb
, pinfo
, tree
);
171 tvbuff_t
*msdu_tvb
= NULL
;
172 uint32_t msdu_offset
= 0x04;
174 uint16_t msdu_length
;
176 proto_item
*parent_item
;
177 proto_tree
*mpdu_tree
;
178 proto_tree
*subframe_tree
;
180 next_tvb
= tvb_new_subset_length(tvb
, 0x14, tvb_get_ntohs(tvb
, 0x14));
181 parent_item
= proto_tree_add_protocol_format(tree
, proto_aggregate
, next_tvb
, 0,
182 tvb_reported_length_remaining(next_tvb
, 0), "Turbocell Aggregate Frames");
183 mpdu_tree
= proto_item_add_subtree(parent_item
, ett_msdu_aggregation_parent_tree
);
184 proto_tree_add_item(mpdu_tree
, hf_turbocell_aggregate_len
, next_tvb
, 0x00, 2, ENC_BIG_ENDIAN
);
185 proto_tree_add_item(mpdu_tree
, hf_turbocell_aggregate_unknown1
, next_tvb
, 0x02, 2, ENC_BIG_ENDIAN
);
187 remaining_length
=tvb_reported_length_remaining(next_tvb
, msdu_offset
);
190 msdu_length
= (tvb_get_letohs(next_tvb
, msdu_offset
) & 0x0FFF);
191 if (msdu_length
==0) break;
192 parent_item
= proto_tree_add_uint_format(mpdu_tree
, hf_turbocell_aggregate_msdu_header_text
,
193 next_tvb
,msdu_offset
, msdu_length
+ 0x02,j
, "A-MSDU Subframe #%u", j
);
195 subframe_tree
= proto_item_add_subtree(parent_item
, ett_msdu_aggregation_subframe_tree
);
198 proto_tree_add_item(subframe_tree
, hf_turbocell_aggregate_msdu_len
, next_tvb
, msdu_offset
, 2, ENC_LITTLE_ENDIAN
);
199 proto_tree_add_item(subframe_tree
, hf_turbocell_aggregate_unknown2
, next_tvb
, msdu_offset
+1, 1, ENC_BIG_ENDIAN
);
202 remaining_length
-= 0x02;
203 msdu_tvb
= tvb_new_subset_length_caplen(next_tvb
, msdu_offset
, (msdu_length
>remaining_length
)?remaining_length
:msdu_length
, msdu_length
);
204 call_dissector(eth_handle
, msdu_tvb
, pinfo
, subframe_tree
);
205 msdu_offset
+= msdu_length
;
206 remaining_length
-= msdu_length
;
207 } while (remaining_length
> 6);
209 if (remaining_length
> 2) {
210 next_tvb
= tvb_new_subset_remaining(next_tvb
, msdu_offset
);
211 call_data_dissector(next_tvb
, pinfo
, tree
);
215 return tvb_captured_length(tvb
);
218 /* Register the protocol with Wireshark */
220 void proto_register_turbocell(void)
223 static hf_register_info hf
[] = {
224 { &hf_turbocell_type
,
225 { "Packet Type", "turbocell.type",
226 FT_UINT8
, BASE_HEX
, VALS(turbocell_type_values
), 0,
229 { &hf_turbocell_satmode
,
230 { "Satellite Mode", "turbocell.satmode",
231 FT_UINT8
, BASE_HEX
, VALS(turbocell_satmode_values
), 0xF0,
234 { &hf_turbocell_nwid
,
235 { "Network ID", "turbocell.nwid",
236 FT_UINT8
, BASE_DEC
, NULL
, 0x0F,
239 { &hf_turbocell_counter
,
240 { "Counter", "turbocell.counter",
241 FT_UINT24
, BASE_DEC_HEX
, NULL
, 0,
242 "Increments every frame (per station)", HFILL
}
245 { "Destination", "turbocell.dst",
246 FT_ETHER
, BASE_NONE
, NULL
, 0,
247 "Seems to be the destination", HFILL
}
251 { "IP", "turbocell.ip",
252 FT_IPv4
, BASE_NONE
, NULL
, 0,
253 "IP address of base station ?", HFILL
}
256 { &hf_turbocell_unknown
,
257 { "Unknown", "turbocell.unknown",
258 FT_UINT16
, BASE_HEX
, NULL
, 0,
259 "Always 0000", HFILL
}
262 { &hf_turbocell_timestamp
,
263 { "Timestamp (in 10 ms)", "turbocell.timestamp",
264 FT_UINT24
, BASE_DEC_HEX
, NULL
, 0,
265 "Timestamp per station (since connection?)", HFILL
}
267 { &hf_turbocell_name
,
268 { "Network Name", "turbocell.name",
269 FT_STRINGZ
, BASE_NONE
, NULL
, 0,
272 { &hf_turbocell_station
,
273 { "Station", "turbocell.station",
274 FT_ETHER
, BASE_NONE
, NULL
, 0,
275 "connected stations / satellites ?", HFILL
},
279 static hf_register_info aggregate_fields
[] = {
280 { &hf_turbocell_aggregate_msdu_header_text
,
281 {"MAC Service Data Unit (MSDU)", "turbocell_aggregate.msduheader",
282 FT_UINT16
, BASE_DEC
, 0, 0x0, NULL
, HFILL
}
284 { &hf_turbocell_aggregate_msdu_len
,
285 {"MSDU length", "turbocell_aggregate.msdulen",
286 FT_UINT16
, BASE_DEC_HEX
, 0, 0x0FFF, NULL
, HFILL
}
288 { &hf_turbocell_aggregate_len
,
289 { "Total Length", "turbocell_aggregate.len",
290 FT_UINT16
, BASE_DEC_HEX
, NULL
, 0,
291 "Total reported length", HFILL
}
293 { &hf_turbocell_aggregate_unknown1
,
294 { "Unknown", "turbocell_aggregate.unknown1",
295 FT_UINT16
, BASE_HEX
, NULL
, 0,
296 "Always 0x7856", HFILL
}
298 { &hf_turbocell_aggregate_unknown2
,
299 { "Unknown", "turbocell_aggregate.unknown2",
300 FT_UINT8
, BASE_HEX
, NULL
, 0xF0,
301 "have the values 0x4,0xC or 0x8", HFILL
}
305 static int *ett
[] = {
308 &ett_msdu_aggregation_parent_tree
,
309 &ett_msdu_aggregation_subframe_tree
312 proto_turbocell
= proto_register_protocol("Turbocell Header", "Turbocell", "turbocell");
314 proto_aggregate
= proto_register_protocol("Turbocell Aggregate Data",
315 "Turbocell Aggregate Data", "turbocell_aggregate");
316 proto_register_field_array(proto_aggregate
, aggregate_fields
, array_length(aggregate_fields
));
318 register_dissector("turbocell", dissect_turbocell
, proto_turbocell
);
320 proto_register_field_array(proto_turbocell
, hf
, array_length(hf
));
321 proto_register_subtree_array(ett
, array_length(ett
));
326 void proto_reg_handoff_turbocell(void)
328 eth_handle
= find_dissector_add_dependency("eth_withoutfcs", proto_turbocell
);
332 * Editor modelines - https://www.wireshark.org/tools/modelines.html
337 * indent-tabs-mode: nil
340 * vi: set shiftwidth=4 tabstop=8 expandtab:
341 * :indentSize=4:tabSize=8:noTabs=true:
