search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dcerpc-netlogon: maintain netlogon_auth_vars for NetrServerAuthenticateKerberos
[wireshark-sm.git] / epan / dissectors / packet-llc.c
blob02fffb58fbff0acc365abffa1d4c1e069abe614d
1 /* packet-llc.c
2 * Routines for IEEE 802.2 LLC layer
3 * Gilbert Ramirez <gram@alumni.rice.edu>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #include "config.h"
13
14 #include <epan/packet.h>
15 #include <epan/capture_dissectors.h>
16 #include <wsutil/pint.h>
17 #include <epan/oui.h>
18 #include <epan/xdlc.h>
19 #include <epan/llcsaps.h>
20 #include <epan/bridged_pids.h>
21 #include <epan/ppptypes.h>
22 #include <epan/arcnet_pids.h>
23 #include <epan/nlpid.h>
24 #include <epan/addr_resolv.h>
25 #include <epan/tfs.h>
26 #include <wsutil/array.h>
27 #include "packet-fc.h"
28 #include "packet-sll.h"
29 #include "packet-juniper.h"
30
31 #include "packet-llc.h"
32
33 void proto_register_basicxid(void);
34 void proto_register_llc(void);
35 void proto_reg_handoff_llc(void);
36
37 #define UDP_PORT_LLC_RANGE "12000-12004"
38
39 static int proto_llc;
40 static int hf_llc_dsap;
41 static int hf_llc_ssap;
42 static int hf_llc_dsap_sap;
43 static int hf_llc_dsap_ig;
44 static int hf_llc_ssap_sap;
45 static int hf_llc_ssap_cr;
46 static int hf_llc_ctrl;
47 static int hf_llc_n_r;
48 static int hf_llc_n_s;
49 static int hf_llc_p;
50 static int hf_llc_p_ext;
51 static int hf_llc_f;
52 static int hf_llc_f_ext;
53 static int hf_llc_s_ftype;
54 static int hf_llc_u_modifier_cmd;
55 static int hf_llc_u_modifier_resp;
56 static int hf_llc_ftype_i;
57 static int hf_llc_ftype_s_u;
58 static int hf_llc_ftype_s_u_ext;
59 static int hf_llc_type;
60 static int hf_llc_oui;
61 static int hf_llc_pid;
62
63 static int proto_basicxid;
64 static int hf_llc_xid_format;
65 static int hf_llc_xid_types;
66 static int hf_llc_xid_wsize;
67
68 static int ett_llc;
69 static int ett_llc_dsap;
70 static int ett_llc_ssap;
71 static int ett_llc_ctrl;
72 static int ett_llc_basicxid;
73
74 static dissector_table_t dsap_subdissector_table;
75 static dissector_table_t xid_subdissector_table;
76
77 static dissector_table_t ethertype_subdissector_table;
78 static dissector_table_t hpteam_subdissector_table;
79 static dissector_table_t other_control_dissector_table;
80
81 static dissector_handle_t bpdu_handle;
82 static dissector_handle_t eth_withoutfcs_handle;
83 static dissector_handle_t eth_withfcs_handle;
84 static dissector_handle_t fddi_handle;
85 static dissector_handle_t tr_handle;
86 static dissector_handle_t turbo_handle;
87 static dissector_handle_t mesh_handle;
88 static dissector_handle_t llc_handle;
89 static dissector_handle_t epd_llc_handle;
90
91 /*
92 * Group/Individual bit, in the DSAP.
93 */
94 #define DSAP_GI_BIT 0x01
95
96 /*
97 * Command/Response bit, in the SSAP.
98 *
99 * The low-order bit of the SSAP apparently determines whether this
100 * is a request or a response. (RFC 1390, "Transmission of IP and
101 * ARP over FDDI Networks", says
102 *
103 * Command frames are identified by having the low order
104 * bit of the SSAP address reset to zero. Response frames
105 * have the low order bit of the SSAP address set to one.
106 *
107 * and a page I've seen seems to imply that's part of 802.2.)
108 */
109 #define SSAP_CR_BIT 0x01
110
111 /*
112 * Mask to extrace the SAP number from the DSAP or the SSAP.
113 */
114 #define SAP_MASK 0xFE
115
116 /*
117 * These are for SSAP and DSAP, wth last bit always zero.
118 * XXX - some DSAPs come in separate "individual" and "group" versions,
119 * with the last bit 0 and 1, respectively (e.g., LLC Sub-layer Management,
120 * IBM SNA Path Control, IBM Net Management), but, whilst 0xFE is
121 * the ISO Network Layer Protocol, 0xFF is the Global LSAP.
122 */
123 const value_string sap_vals[] = {
124 { SAP_NULL, "NULL LSAP" },
125 { SAP_NULL+1, "NULL LSAP" },
126 { SAP_LLC_SLMGMT, "LLC Sub-Layer Management" },
127 { SAP_SNA_PATHCTRL, "SNA Path Control" },
128 { SAP_IP, "TCP/IP" },
129 { SAP_SNA1, "SNA" },
130 { SAP_SNA2, "SNA" },
131 { SAP_PROWAY_NM_INIT, "PROWAY (IEC955) Network Management and Initialization" },
132 { SAP_NETWARE1, "NetWare (unofficial?)" },
133 { SAP_OSINL1, "ISO Network Layer (OSLAN 1)" },
134 { SAP_TI, "Texas Instruments" },
135 { SAP_OSINL2, "ISO Network Layer (unofficial?)" },
136 { SAP_OSINL3, "ISO Network Layer (unofficial?)" },
137 { SAP_BPDU, "Spanning Tree BPDU" },
138 { SAP_RS511, "EIA RS-511 Manufacturing Message Service" },
139 { SAP_OSINL4, "ISO Network Layer (OSLAN 2)" },
140 { SAP_X25, "ISO 8208 (X.25 over 802.2)" },
141 /*
142 * XXX - setting the group bit of SAP_X25 make 0x7F; is this just
143 * a group version of that?
144 */
145 { 0x7F, "ISO 802.2" },
146 { SAP_XNS, "XNS" },
147 { SAP_BACNET, "BACnet" },
148 { SAP_NESTAR, "Nestar" },
149 { SAP_PROWAY_ASLM, "PROWAY (IEC955) Active Station List Maintenance" },
150 { SAP_ARP, "ARP" }, /* XXX - hand to "dissect_arp()"? */
151 { SAP_HPJD, "HP JetDirect Printer" },
152 { SAP_SNAP, "SNAP" },
153 { SAP_VINES1, "Banyan Vines" },
154 { SAP_VINES2, "Banyan Vines" },
155 { SAP_NETWARE2, "NetWare" },
156 { SAP_NETBIOS, "NetBIOS" },
157 { SAP_IBMNM, "IBM Net Management" },
158 { SAP_HPEXT, "HP Extended LLC" },
159 { SAP_UB, "Ungermann-Bass" },
160 { SAP_RPL, "Remote Program Load" },
161 { SAP_OSINL5, "ISO Network Layer" },
162 { SAP_GLOBAL, "Global LSAP" },
163 { 0x00, NULL }
164 };
165
166 static const value_string format_vals[] = {
167 { 0x81, "LLC basic format" },
168 { 0, NULL }
169 };
170
171 /*
172 * Mask to extract the type from XID frame.
173 */
174 #define TYPES_MASK 0x1F
175
176 static const value_string type_vals[] = {
177 { 1, "Type 1 LLC (Class I LLC)" },
178 { 2, "Type 2 LLC" },
179 { 3, "Type 1 and Type 2 LLCs (Class II LLC)" },
180 { 4, "Type 3 LLC" },
181 { 5, "Type 1 and Type 3 LLCs (Class III LLC)" },
182 { 6, "Type 2 and Type 3 LLCs" },
183 { 7, "Type 1 and Type 2 and Type 3 LLCs (Class IV LLC)" },
184 { 0, NULL }
185 };
186
187 /*
188 * Hash table for translating OUIs to an oui_info_t.
189 */
190 static wmem_map_t *oui_info_table;
191
192 /*
193 * Decode the SAP value as a bitfield into a string, skipping the GI/CR bit.
194 * Ordinarily, this could be done easily by specifying a bitmask in the
195 * corresponding hf_ entry for the DSAP/SSAP value and simply using a
196 * proto_tree_add_... function to add the item into a proto tree. The
197 * problem is that the proto_tree_add_... functions always bitshift the
198 * value if a bitmask is specified. A SAP value always comprises the entire
199 * octet, however, and must not be shifted. Therefore, using a simple
200 * proto_tree_add_... function to display the topmost 7 bits of the SAP
201 * value as a bitfield produces incorrect results (while the bitfield is
202 * displayed correctly, Wireshark uses the bitshifted value to display the
203 * associated name and for filtering purposes). This function calls a
204 * BASE_CUSTOM routine to decode the SAP value as a bitfield
205 * counter-balancing the bitshift of the original value.
206 */
207
208 static void
209 llc_sap_value( char *result, uint32_t sap )
210 {
211 snprintf( result, ITEM_LABEL_LENGTH, "%s", val_to_str_const(sap<<1, sap_vals, "Unknown"));
212 }
213
214 /*
215 * Add an entry for a new OUI.
216 */
217 void
218 llc_add_oui(uint32_t oui, const char *table_name, const char *table_ui_name,
219 hf_register_info *hf_item, const int proto)
220 {
221 oui_info_t *new_info;
222
223 new_info = wmem_new(wmem_epan_scope(), oui_info_t);
224 new_info->table = register_dissector_table(table_name,
225 table_ui_name, proto, FT_UINT16, BASE_HEX);
226 new_info->field_info = hf_item;
227
228 /*
229 * Create the hash table for OUI information, if it doesn't
230 * already exist.
231 */
232 if (oui_info_table == NULL) {
233 oui_info_table = wmem_map_new(wmem_epan_scope(), g_direct_hash,
234 g_direct_equal);
235 }
236 wmem_map_insert(oui_info_table, GUINT_TO_POINTER(oui), new_info);
237 }
238
239 static bool
240 capture_snap(const unsigned char *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_)
241 {
242 uint32_t oui;
243 uint16_t etype;
244
245 if (!BYTES_ARE_IN_FRAME(offset, len, 5))
246 return false;
247
248 oui = pd[offset] << 16 | pd[offset+1] << 8 | pd[offset+2];
249 etype = pntoh16(&pd[offset+3]);
250 switch (oui) {
251
252 case OUI_ENCAP_ETHER:
253 case OUI_CISCO_90:
254 return try_capture_dissector("ethertype", etype, pd, offset+5, len, cpinfo, pseudo_header);
255
256 case OUI_CISCO:
257 return try_capture_dissector("ethertype", etype, pd, offset+5, len, cpinfo, pseudo_header);
258
259 case OUI_MARVELL:
260 /*
261 * OLPC packet. The PID is an Ethertype, but
262 * there's a mesh header between the PID and
263 * the payload. (We assume the header is
264 * 5 bytes, for now).
265 */
266 return try_capture_dissector("ethertype", etype, pd, offset+5+5, len, cpinfo, pseudo_header);
267 }
268
269 return false;
270 }
271
272 static bool
273 capture_llc(const unsigned char *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_) {
274
275 int is_snap;
276 uint16_t control;
277 int llc_header_len;
278
279 if (!BYTES_ARE_IN_FRAME(offset, len, 2))
280 return false;
281
282 is_snap = (pd[offset] == SAP_SNAP) && (pd[offset+1] == SAP_SNAP);
283 llc_header_len = 2; /* DSAP + SSAP */
284
285 /*
286 * XXX - the page referred to in the comment above about the
287 * Command/Response bit also implies that LLC Type 2 always
288 * uses extended operation, so we don't need to determine
289 * whether it's basic or extended operation; is that the case?
290 */
291 control = get_xdlc_control(pd, offset+2, pd[offset+1] & SSAP_CR_BIT);
292 llc_header_len += XDLC_CONTROL_LEN(control, true);
293 if (!BYTES_ARE_IN_FRAME(offset, len, llc_header_len))
294 return false;
295
296 if (!XDLC_IS_INFORMATION(control))
297 return false;
298
299 if (is_snap)
300 return capture_snap(pd, offset+llc_header_len, len, cpinfo, pseudo_header);
301
302 /* non-SNAP */
303 return try_capture_dissector("llc.dsap", pd[offset], pd, offset + llc_header_len, len, cpinfo, pseudo_header);
304 }
305
306 /* Used only for U frames */
307 static const xdlc_cf_items llc_cf_items = {
308 NULL,
309 NULL,
310 &hf_llc_p,
311 &hf_llc_f,
312 NULL,
313 &hf_llc_u_modifier_cmd,
314 &hf_llc_u_modifier_resp,
315 NULL,
316 &hf_llc_ftype_s_u
317 };
318
319 /* Used only for I and S frames */
320 static const xdlc_cf_items llc_cf_items_ext = {
321 &hf_llc_n_r,
322 &hf_llc_n_s,
323 &hf_llc_p_ext,
324 &hf_llc_f_ext,
325 &hf_llc_s_ftype,
326 NULL,
327 NULL,
328 &hf_llc_ftype_i,
329 &hf_llc_ftype_s_u_ext
330 };
331
332 static int
333 dissect_basicxid(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
334 {
335 proto_tree *xid_tree = NULL;
336 proto_item *ti = NULL;
337 uint8_t format, types, wsize;
338
339 col_set_str(pinfo->cinfo, COL_PROTOCOL, "XID");
340 col_clear(pinfo->cinfo, COL_INFO);
341
342 format = tvb_get_uint8(tvb, 0);
343
344 ti = proto_tree_add_item(tree, proto_basicxid, tvb, 0, -1, ENC_NA);
345 xid_tree = proto_item_add_subtree(ti, ett_llc_basicxid);
346 proto_tree_add_uint(xid_tree, hf_llc_xid_format, tvb, 0, 1, format);
347
348 col_append_str(pinfo->cinfo, COL_INFO, "Basic Format");
349
350 types = tvb_get_uint8(tvb, 1);
351 proto_tree_add_uint(xid_tree, hf_llc_xid_types, tvb, 1,
352 1, types & TYPES_MASK);
353
354 col_append_fstr(pinfo->cinfo, COL_INFO,
355 "; %s", val_to_str(types & TYPES_MASK, type_vals, "0x%02x")
356 );
357
358 wsize = tvb_get_uint8(tvb, 2);
359 proto_tree_add_uint(xid_tree, hf_llc_xid_wsize, tvb, 2,
360 1, (wsize & 0xFE) >> 1);
361
362 col_append_fstr(pinfo->cinfo, COL_INFO,
363 "; Window Size %d", (wsize & 0xFE) >> 1);
364 return tvb_captured_length(tvb);
365 }
366
367 /*
368 * IEEE Std 802.2-1998 and ISO/IEC 8802-2.
369 *
370 * This is what IEEE Std 802-2014 describes in section 5.2.2 "LLC sublayer"
371 * as "LLC protocol discrimination (LPD)".
372 */
373 static int
374 dissect_llc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
375 {
376 proto_tree *llc_tree;
377 proto_tree *field_tree;
378 proto_item *ti, *sap_item;
379 int is_snap;
380 uint16_t control;
381 int llc_header_len;
382 uint8_t dsap, ssap, format;
383 tvbuff_t *next_tvb;
384
385 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LLC");
386 col_clear(pinfo->cinfo, COL_INFO);
387
388 dsap = tvb_get_uint8(tvb, 0);
389
390 ti = proto_tree_add_item(tree, proto_llc, tvb, 0, -1, ENC_NA);
391 llc_tree = proto_item_add_subtree(ti, ett_llc);
392
393 sap_item = proto_tree_add_item(llc_tree, hf_llc_dsap, tvb, 0, 1, ENC_BIG_ENDIAN);
394 field_tree = proto_item_add_subtree(sap_item, ett_llc_dsap);
395 proto_tree_add_item(field_tree, hf_llc_dsap_sap, tvb, 0, 1, ENC_BIG_ENDIAN);
396 proto_tree_add_item(field_tree, hf_llc_dsap_ig, tvb, 0, 1, ENC_NA);
397
398 ssap = tvb_get_uint8(tvb, 1);
399 sap_item = proto_tree_add_item(llc_tree, hf_llc_ssap, tvb, 1, 1, ENC_BIG_ENDIAN);
400 field_tree = proto_item_add_subtree(sap_item, ett_llc_ssap);
401 proto_tree_add_item(field_tree, hf_llc_ssap_sap, tvb, 1, 1, ENC_BIG_ENDIAN);
402 proto_tree_add_item(field_tree, hf_llc_ssap_cr, tvb, 1, 1, ENC_NA);
403
404 is_snap = (dsap == SAP_SNAP) && (ssap == SAP_SNAP);
405 llc_header_len = 2; /* DSAP + SSAP */
406
407 /*
408 * XXX - the page referred to in the comment above about the
409 * Command/Response bit also implies that LLC Type 2 always
410 * uses extended operation, so we don't need to determine
411 * whether it's basic or extended operation; is that the case?
412 */
413 control = dissect_xdlc_control(tvb, 2, pinfo, llc_tree,
414 hf_llc_ctrl, ett_llc_ctrl,
415 &llc_cf_items, &llc_cf_items_ext,
416 NULL, NULL, ssap & SSAP_CR_BIT, true, false);
417 llc_header_len += XDLC_CONTROL_LEN(control, true);
418 if (is_snap)
419 llc_header_len += 5; /* 3 bytes of OUI, 2 bytes of protocol ID */
420
421 if (tree)
422 proto_item_set_len(ti, llc_header_len);
423
424 if (is_snap) {
425 dissect_snap(tvb, 2+XDLC_CONTROL_LEN(control, true), pinfo, tree, llc_tree, control,
426 hf_llc_oui, hf_llc_type, hf_llc_pid, 2);
427 }
428 else {
429 col_append_fstr(pinfo->cinfo, COL_INFO,
430 "; DSAP %s %s, SSAP %s %s",
431 val_to_str(dsap & SAP_MASK, sap_vals, "0x%02x"),
432 dsap & DSAP_GI_BIT ?
433 "Group" : "Individual",
434 val_to_str(ssap & SAP_MASK, sap_vals, "0x%02x"),
435 ssap & SSAP_CR_BIT ?
436 "Response" : "Command"
437 );
438
439 if (tvb_reported_length_remaining(tvb, llc_header_len) > 0) {
440 next_tvb = tvb_new_subset_remaining(tvb, llc_header_len);
441 if (XDLC_IS_INFORMATION(control)) {
442 /*
443 * Non-SNAP I or UI frame.
444 * Try the regular LLC subdissector table
445 * with the DSAP.
446 */
447 if (!dissector_try_uint(dsap_subdissector_table,
448 dsap, next_tvb, pinfo, tree)) {
449 call_data_dissector(next_tvb, pinfo, tree);
450 }
451 } else if ((control & (XDLC_U_MODIFIER_MASK|XDLC_U))
452 == (XDLC_XID|XDLC_U)) {
453 /*
454 * Non-SNAP XID frame.
455 * Test for LLC basic format first
456 */
457 format = tvb_get_uint8(next_tvb, 0);
458 if (format == 0x81) {
459 dissect_basicxid(next_tvb, pinfo, tree, data);
460 } else {
461 /*
462 * Try the XID LLC subdissector table
463 * with the DSAP.
464 */
465 if (!dissector_try_uint(
466 xid_subdissector_table, dsap,
467 next_tvb, pinfo, tree)) {
468 call_data_dissector(next_tvb, pinfo, tree);
469 }
470 }
471 } else {
472 if (!dissector_try_uint(
473 other_control_dissector_table, control,
474 next_tvb, pinfo, tree)) {
475 call_data_dissector(next_tvb, pinfo, tree);
476 }
477 }
478 }
479 }
480 return tvb_captured_length(tvb);
481 }
482
483 /*
484 * Dissect SNAP header; used elsewhere, e.g. in the Frame Relay dissector.
485 */
486 void
487 dissect_snap(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree,
488 proto_tree *snap_tree, int control, int hf_oui, int hf_type, int hf_pid,
489 int bridge_pad)
490 {
491 uint32_t oui;
492 const char *oui_str;
493 uint16_t etype;
494 tvbuff_t *next_tvb;
495 oui_info_t *oui_info;
496 dissector_table_t subdissector_table;
497 int hf;
498 int mesh_header_len;
499
500 /*
501 * XXX - what about non-UI frames?
502 */
503 etype = tvb_get_ntohs(tvb, offset+3);
504
505 proto_tree_add_item_ret_uint(snap_tree, hf_oui, tvb, offset, 3, ENC_BIG_ENDIAN, &oui);
506 oui_str = uint_get_manuf_name_if_known(oui);
507
508 col_append_fstr(pinfo->cinfo, COL_INFO,
509 "; SNAP, OUI 0x%06X (%s), PID 0x%04X",
510 oui, oui_str ? oui_str : "Unknown", etype);
511
512 switch (oui) {
513
514 case OUI_HP_2:
515 /*
516 * We don't use the standard SNAP OUI mechanism here
517 * because that only calls the subdissector for
518 * information frames, and, according to the HP document
519 * at
520 *
521 * http://www.hp.com/sbso/bus_protect/teaming.pdf
522 *
523 * the heartbeats are sent to 03-00-C7-00-00-EE in SNAP
524 * frames in unnumbered TEST frames, not information
525 * frames (numbered or unnumbered).
526 *
527 * See the comment in epan/dissectors/packet-hpteam.c
528 * for more details.
529 */
530 oui_info = get_snap_oui_info(oui);
531 hf = *oui_info->field_info->p_id;
532 proto_tree_add_uint(snap_tree, hf, tvb, offset+3, 2, etype);
533 next_tvb = tvb_new_subset_remaining(tvb, offset+5);
534
535 if(!dissector_try_uint(hpteam_subdissector_table,etype, next_tvb, pinfo, tree))
536 call_data_dissector(next_tvb, pinfo, tree);
537 break;
538
539 case OUI_ENCAP_ETHER:
540 case OUI_CISCO_90:
541 if (XDLC_IS_INFORMATION(control)) {
542 if (tree) {
543 proto_tree_add_uint(snap_tree, hf_type,
544 tvb, offset+3, 2, etype);
545 }
546 next_tvb = tvb_new_subset_remaining(tvb, offset+5);
547 if (!dissector_try_uint(ethertype_subdissector_table,
548 etype, next_tvb, pinfo, tree))
549 call_data_dissector(next_tvb, pinfo, tree);
550 } else {
551 next_tvb = tvb_new_subset_remaining(tvb, offset+5);
552 call_data_dissector(next_tvb, pinfo, tree);
553 }
554 break;
555
556 case OUI_IEEE_802_1:
557 /*
558 * MAC frames bridged over ATM (RFC 2684) or Frame Relay
559 * (RFC 2427).
560 *
561 * We have to figure out how much padding to put
562 * into the frame. We were handed a "bridge_pad"
563 * argument which should be 0 for Frame Relay and
564 * 2 for ATM; we add to that the amount of padding
565 * common to both bridging types.
566 */
567 if (tree) {
568 proto_tree_add_uint(snap_tree, hf_pid, tvb, offset+3, 2,
569 etype);
570 }
571
572 switch (etype) {
573
574 case BPID_ETH_WITH_FCS:
575 next_tvb = tvb_new_subset_remaining(tvb, offset+5+bridge_pad);
576 call_dissector(eth_withfcs_handle, next_tvb, pinfo,
577 tree);
578 break;
579
580 case BPID_ETH_WITHOUT_FCS:
581 next_tvb = tvb_new_subset_remaining(tvb, offset+5+bridge_pad);
582 call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, tree);
583 break;
584
585 case BPID_802_5_WITH_FCS:
586 case BPID_802_5_WITHOUT_FCS:
587 /*
588 * We treat the last padding byte as the Access
589 * Control byte, as that's what the Token
590 * Ring dissector expects the first byte to
591 * be.
592 */
593 next_tvb = tvb_new_subset_remaining(tvb, offset+5+bridge_pad);
594 call_dissector(tr_handle, next_tvb, pinfo, tree);
595 break;
596
597 case BPID_FDDI_WITH_FCS:
598 case BPID_FDDI_WITHOUT_FCS:
599 next_tvb = tvb_new_subset_remaining(tvb, offset+5+1+bridge_pad);
600 call_dissector(fddi_handle, next_tvb, pinfo, tree);
601 break;
602
603 case BPID_BPDU:
604 next_tvb = tvb_new_subset_remaining(tvb, offset+5);
605 call_dissector(bpdu_handle, next_tvb, pinfo, tree);
606 break;
607
608 default:
609 next_tvb = tvb_new_subset_remaining(tvb, offset+5);
610 call_data_dissector(next_tvb, pinfo, tree);
611 break;
612 }
613 break;
614
615 case OUI_CABLE_BPDU: /* DOCSIS cable modem spanning tree BPDU */
616 if (tree) {
617 proto_tree_add_uint(snap_tree, hf_pid, tvb, offset+3, 2,
618 etype);
619 }
620 next_tvb = tvb_new_subset_remaining(tvb, offset+5);
621 call_dissector(bpdu_handle, next_tvb, pinfo, tree);
622 break;
623
624 case OUI_TURBOCELL:
625 next_tvb = tvb_new_subset_remaining(tvb, offset+3);
626 call_dissector(turbo_handle, next_tvb, pinfo, tree);
627 break;
628
629 case OUI_MARVELL:
630 /*
631 * OLPC packet. The PID is an Ethertype, but
632 * there's a mesh header between the PID and
633 * the payload.
634 */
635 if (XDLC_IS_INFORMATION(control)) {
636 if (tree) {
637 proto_tree_add_uint(snap_tree, hf_type,
638 tvb, offset+3, 2, etype);
639 }
640 next_tvb = tvb_new_subset_remaining(tvb, offset+5);
641 mesh_header_len = call_dissector(mesh_handle,
642 next_tvb, pinfo, tree);
643 next_tvb = tvb_new_subset_remaining(tvb, offset+5+mesh_header_len);
644 if (!dissector_try_uint(ethertype_subdissector_table,
645 etype, next_tvb, pinfo, tree))
646 call_data_dissector(next_tvb, pinfo, tree);
647 } else {
648 next_tvb = tvb_new_subset_remaining(tvb, offset+5);
649 call_data_dissector(next_tvb, pinfo, tree);
650 }
651 break;
652
653 default:
654 /*
655 * Do we have information for this OUI?
656 */
657 oui_info = get_snap_oui_info(oui);
658 if (oui_info != NULL) {
659 /*
660 * Yes - use it.
661 */
662 hf = *oui_info->field_info->p_id;
663 subdissector_table = oui_info->table;
664 } else {
665 /*
666 * No, use hf_pid for the PID and just dissect
667 * the payload as data.
668 */
669 hf = hf_pid;
670 subdissector_table = NULL;
671 }
672 if (tree) {
673 proto_tree_add_uint(snap_tree, hf, tvb, offset+3, 2,
674 etype);
675 }
676 next_tvb = tvb_new_subset_remaining(tvb, offset+5);
677 if (XDLC_IS_INFORMATION(control)) {
678 if (subdissector_table != NULL) {
679 /* do lookup with the subdissector table */
680 if (dissector_try_uint(subdissector_table,
681 etype, next_tvb, pinfo, tree))
682 break;
683 }
684 }
685 call_data_dissector(next_tvb, pinfo, tree);
686 break;
687 }
688 }
689
690 /*
691 * Return the oui_info_t for the PID for a particular OUI value, or NULL
692 * if there isn't one.
693 */
694 oui_info_t *
695 get_snap_oui_info(uint32_t oui)
696 {
697 if (oui_info_table != NULL) {
698 return (oui_info_t *)wmem_map_lookup(oui_info_table,
699 GUINT_TO_POINTER(oui));
700 } else
701 return NULL;
702 }
703
704 /*
705 * This is what IEEE Std 802-2014 describes in section 5.2.2 "LLC sublayer"
706 * as "EtherType protocol discrimination (EPD)".
707 */
708 static int
709 dissect_epd_llc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
710 {
711 proto_tree *llc_tree;
712 proto_item *ti;
713 uint32_t etype;
714 tvbuff_t *next_tvb;
715
716 col_set_str(pinfo->cinfo, COL_PROTOCOL, "LLC");
717 col_clear(pinfo->cinfo, COL_INFO);
718
719 ti = proto_tree_add_item(tree, proto_llc, tvb, 0, 2, ENC_NA);
720 llc_tree = proto_item_add_subtree(ti, ett_llc);
721 proto_tree_add_item_ret_uint(llc_tree, hf_llc_type, tvb, 0, 2, ENC_BIG_ENDIAN, &etype);
722 next_tvb = tvb_new_subset_remaining(tvb, 2);
723 if (dissector_try_uint(ethertype_subdissector_table, etype, next_tvb,
724 pinfo, tree) == 0)
725 call_data_dissector(next_tvb, pinfo, tree);
726 return tvb_captured_length(tvb);
727 }
728
729 void
730 proto_register_llc(void)
731 {
732 static struct true_false_string ig_bit = { "Group", "Individual" };
733 static struct true_false_string cr_bit = { "Response", "Command" };
734
735 static hf_register_info hf[] = {
736 { &hf_llc_dsap,
737 { "DSAP", "llc.dsap", FT_UINT8, BASE_HEX,
738 VALS(sap_vals), 0x0, "Destination Service Access Point", HFILL }},
739
740 { &hf_llc_dsap_sap,
741 { "SAP", "llc.dsap.sap", FT_UINT8, BASE_CUSTOM,
742 CF_FUNC(llc_sap_value), 0xFE, "Service Access Point", HFILL }},
743
744 { &hf_llc_dsap_ig,
745 { "IG Bit", "llc.dsap.ig", FT_BOOLEAN, 8,
746 TFS(&ig_bit), DSAP_GI_BIT, "Individual/Group", HFILL }},
747
748 { &hf_llc_ssap,
749 { "SSAP", "llc.ssap", FT_UINT8, BASE_HEX,
750 VALS(sap_vals), 0x0, "Source Service Access Point", HFILL }},
751
752 { &hf_llc_ssap_sap,
753 { "SAP", "llc.ssap.sap", FT_UINT8, BASE_CUSTOM,
754 CF_FUNC(llc_sap_value), 0xFE, "Service Access Point", HFILL }},
755
756 { &hf_llc_ssap_cr,
757 { "CR Bit", "llc.ssap.cr", FT_BOOLEAN, 8,
758 TFS(&cr_bit), SSAP_CR_BIT, "Command/Response", HFILL }},
759
760 { &hf_llc_ctrl,
761 { "Control", "llc.control", FT_UINT16, BASE_HEX,
762 NULL, 0x0, NULL, HFILL }},
763
764 { &hf_llc_n_r,
765 { "N(R)", "llc.control.n_r", FT_UINT16, BASE_DEC,
766 NULL, XDLC_N_R_EXT_MASK, NULL, HFILL }},
767
768 { &hf_llc_n_s,
769 { "N(S)", "llc.control.n_s", FT_UINT16, BASE_DEC,
770 NULL, XDLC_N_S_EXT_MASK, NULL, HFILL }},
771
772 { &hf_llc_p,
773 { "Poll", "llc.control.p", FT_BOOLEAN, 8,
774 TFS(&tfs_set_notset), XDLC_P_F, NULL, HFILL }},
775
776 { &hf_llc_p_ext,
777 { "Poll", "llc.control.p", FT_BOOLEAN, 16,
778 TFS(&tfs_set_notset), XDLC_P_F_EXT, NULL, HFILL }},
779
780 { &hf_llc_f,
781 { "Final", "llc.control.f", FT_BOOLEAN, 8,
782 TFS(&tfs_set_notset), XDLC_P_F, NULL, HFILL }},
783
784 { &hf_llc_f_ext,
785 { "Final", "llc.control.f", FT_BOOLEAN, 16,
786 TFS(&tfs_set_notset), XDLC_P_F_EXT, NULL, HFILL }},
787
788 { &hf_llc_s_ftype,
789 { "Supervisory frame type", "llc.control.s_ftype", FT_UINT16, BASE_HEX,
790 VALS(stype_vals), XDLC_S_FTYPE_MASK, NULL, HFILL }},
791
792 { &hf_llc_u_modifier_cmd,
793 { "Command", "llc.control.u_modifier_cmd", FT_UINT8, BASE_HEX,
794 VALS(modifier_vals_cmd), XDLC_U_MODIFIER_MASK, NULL, HFILL }},
795
796 { &hf_llc_u_modifier_resp,
797 { "Response", "llc.control.u_modifier_resp", FT_UINT8, BASE_HEX,
798 VALS(modifier_vals_resp), XDLC_U_MODIFIER_MASK, NULL, HFILL }},
799
800 { &hf_llc_ftype_i,
801 { "Frame type", "llc.control.ftype", FT_UINT16, BASE_HEX,
802 VALS(ftype_vals), XDLC_I_MASK, NULL, HFILL }},
803
804 { &hf_llc_ftype_s_u,
805 { "Frame type", "llc.control.ftype", FT_UINT8, BASE_HEX,
806 VALS(ftype_vals), XDLC_S_U_MASK, NULL, HFILL }},
807
808 { &hf_llc_ftype_s_u_ext,
809 { "Frame type", "llc.control.ftype", FT_UINT16, BASE_HEX,
810 VALS(ftype_vals), XDLC_S_U_MASK, NULL, HFILL }},
811
812 /* registered here but handled in ethertype.c */
813 { &hf_llc_type,
814 { "Type", "llc.type", FT_UINT16, BASE_HEX,
815 VALS(etype_vals), 0x0, NULL, HFILL }},
816
817 { &hf_llc_oui,
818 { "Organization Code", "llc.oui", FT_UINT24, BASE_OUI,
819 NULL, 0x0, NULL, HFILL }},
820
821 { &hf_llc_pid,
822 { "Protocol ID", "llc.pid", FT_UINT16, BASE_HEX,
823 NULL, 0x0, NULL, HFILL }}
824 };
825 static int *ett[] = {
826 &ett_llc,
827 &ett_llc_dsap,
828 &ett_llc_ssap,
829 &ett_llc_ctrl,
830 };
831
832 proto_llc = proto_register_protocol("Logical-Link Control", "LLC", "llc");
833 proto_register_field_array(proto_llc, hf, array_length(hf));
834 proto_register_subtree_array(ett, array_length(ett));
835
836 /* subdissector code */
837 dsap_subdissector_table = register_dissector_table("llc.dsap",
838 "LLC SAP", proto_llc, FT_UINT8, BASE_HEX);
839 xid_subdissector_table = register_dissector_table("llc.xid_dsap",
840 "LLC XID SAP", proto_llc, FT_UINT8, BASE_HEX);
841 other_control_dissector_table = register_dissector_table("llc.control",
842 "LLC Control", proto_llc, FT_UINT16, BASE_HEX);
843 register_capture_dissector_table("llc.dsap", "LLC");
844
845 llc_handle = register_dissector("llc", dissect_llc, proto_llc);
846 epd_llc_handle = register_dissector("epd_llc", dissect_epd_llc,
847 proto_llc);
848
849 register_capture_dissector("llc", capture_llc, proto_llc);
850 }
851
852 void
853 proto_register_basicxid(void)
854 {
855 static hf_register_info hf[] = {
856 { &hf_llc_xid_format,
857 { "XID Format", "basicxid.llc.xid.format", FT_UINT8, BASE_HEX,
858 VALS(format_vals), 0x0, NULL, HFILL }},
859
860 { &hf_llc_xid_types,
861 { "LLC Types/Classes", "basicxid.llc.xid.types", FT_UINT8, BASE_HEX,
862 VALS(type_vals), 0x0, NULL, HFILL }},
863
864 { &hf_llc_xid_wsize,
865 { "Receive Window Size", "basicxid.llc.xid.wsize", FT_UINT8, BASE_DEC,
866 NULL, 0x0, NULL, HFILL }}
867 };
868 static int *ett[] = {
869 &ett_llc_basicxid
870 };
871
872 proto_basicxid = proto_register_protocol("Logical-Link Control Basic Format XID", "Basic Format XID", "basicxid");
873 proto_register_field_array(proto_basicxid, hf, array_length(hf));
874 proto_register_subtree_array(ett, array_length(ett));
875
876 register_dissector("basicxid", dissect_basicxid, proto_basicxid);
877 }
878
879 static void
880 register_hf(void *key _U_, void *value, void *user_data _U_)
881 {
882 oui_info_t *info = (oui_info_t *)value;
883
884 proto_register_field_array(proto_llc, info->field_info, 1);
885 }
886
887 void
888 proto_reg_handoff_llc(void)
889 {
890 capture_dissector_handle_t llc_cap_handle;
891 capture_dissector_handle_t llc_snap_handle;
892
893 /*
894 * Get handles for the BPDU, Ethernet, FDDI, Token Ring and
895 * Turbocell dissectors.
896 */
897 bpdu_handle = find_dissector_add_dependency("bpdu", proto_llc);
898 eth_withoutfcs_handle = find_dissector_add_dependency("eth_withoutfcs", proto_llc);
899 eth_withfcs_handle = find_dissector_add_dependency("eth_withfcs", proto_llc);
900 fddi_handle = find_dissector_add_dependency("fddi", proto_llc);
901 tr_handle = find_dissector_add_dependency("tr", proto_llc);
902 turbo_handle = find_dissector_add_dependency("turbocell", proto_llc);
903 mesh_handle = find_dissector_add_dependency("mesh", proto_llc);
904
905 /*
906 * Get the Ethertype dissector table.
907 */
908 ethertype_subdissector_table = find_dissector_table("ethertype");
909 hpteam_subdissector_table = find_dissector_table("llc.hpteam_pid");
910
911 dissector_add_uint("wtap_encap", WTAP_ENCAP_ATM_RFC1483, llc_handle);
912 dissector_add_uint("sll.ltype", LINUX_SLL_P_802_2, llc_handle);
913 /* RFC 2043 */
914 dissector_add_uint("ppp.protocol", PPP_LLC, llc_handle);
915 /* RFC 2353 */
916 dissector_add_uint_range_with_preference("udp.port", UDP_PORT_LLC_RANGE, llc_handle);
917 /* IP-over-FC when we have the full FC frame */
918 dissector_add_uint("fc.ftype", FC_FTYPE_IP, llc_handle);
919
920 dissector_add_uint("atm.aal5.type", TRAF_LLCMX, llc_handle);
921
922 /*
923 * BACNET-over-ARCNET is really BACNET-over-802.2 LLC-over-ARCNET,
924 * apparently.
925 */
926 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_BACNET, llc_handle);
927 dissector_add_uint("ethertype", ETHERTYPE_JUMBO_LLC, llc_handle);
928
929 dissector_add_uint("juniper.proto", JUNIPER_PROTO_LLC, llc_handle);
930 dissector_add_uint("juniper.proto", JUNIPER_PROTO_LLC_SNAP, llc_handle);
931
932 llc_cap_handle = find_capture_dissector("llc");
933 capture_dissector_add_uint("ethertype", ETHERTYPE_JUMBO_LLC, llc_cap_handle);
934 capture_dissector_add_uint("atm.aal5.type", TRAF_LLCMX, llc_cap_handle);
935 capture_dissector_add_uint("sll.ltype", LINUX_SLL_P_802_2, llc_cap_handle);
936
937 llc_snap_handle = register_capture_dissector("llc_snap", capture_snap, proto_llc);
938 capture_dissector_add_uint("fr.nlpid", NLPID_SNAP, llc_snap_handle);
939
940
941 /*
942 * Register all the fields for PIDs for various OUIs.
943 */
944 if (oui_info_table != NULL)
945 wmem_map_foreach(oui_info_table, register_hf, NULL);
946 }
947
948 /*
949 * Editor modelines - https://www.wireshark.org/tools/modelines.html
950 *
951 * Local variables:
952 * c-basic-offset: 8
953 * tab-width: 8
954 * indent-tabs-mode: t
955 * End:
956 *
957 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
958 * :indentSize=8:tabSize=8:noTabs=false:
959 */
Metzes wireshark repo