epan/dissectors/pidl/ C99 drsuapi
[wireshark-sm.git] / epan / dissectors / packet-homepna.c
blob6803a2fb0377445ad837cff7892455f261899a9c
1 /* packet-homepna.c
3 * ITU-T Rec. G.9954 (renumbered from G.989.2)
4 * https://www.itu.int/rec/T-REC-G.9954/en
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * SPDX-License-Identifier: GPL-2.0-or-later
13 #include "config.h"
15 #include <epan/packet.h>
16 #include <epan/etypes.h>
18 void proto_register_homepna(void);
19 void proto_reg_handoff_homepna(void);
21 static dissector_handle_t homepna_handle;
23 static int proto_homepna;
25 static int hf_homepna_type;
26 static int hf_homepna_length;
27 static int hf_homepna_version;
28 static int hf_homepna_data;
29 static int hf_homepna_etype;
30 static int hf_homepna_trailer;
32 static int ett_homepna;
34 static dissector_handle_t ethertype_handle;
36 static const range_string homepna_type_rvals[] = {
37 { 0, 0, "Non-standard" },
38 { 1, 1, "Rate Request Control Frame" },
39 { 2, 2, "Link Integrity Short Frame" },
40 { 3, 3, "Capabilities Announcement" },
41 { 4, 4, "LARQ" },
42 { 5, 5, "Vendor-specific short format type" },
43 { 6, 127, "Reserved for future use by the ITU-T" },
44 { 128, 32767, "Reserved for future use by the ITU-T" },
45 { 32768, 32768, "Reserved for future use by the ITU-T" },
46 { 32769, 32769, "Vendor-specific long-format" },
47 { 32770, 65535, "Reserved for future use by the ITU-T" },
48 { 0, 0, NULL }
51 typedef enum
53 HOMEPNA_FORMAT_SHORT,
54 HOMEPNA_FORMAT_LONG
55 } homepna_format_e;
57 static int
58 dissect_homepna(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
61 * XXX: Ethertype 0x886C is assigned by IEEE to HomePNA, which was
62 * originally developed by Epigram and bought by Broadcom.
63 * Broadcom *also* uses 0x886C in their Wi-Fi firmware for certain
64 * event frames with an entirely different unregistered protocol,
65 * and at least up to certain firmware versions, there was an
66 * exploit based on these so people might want to dissect them.
67 * https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html
68 * https://github.com/kanstrup/bcmdhd-dissector/
69 * https://android.googlesource.com/kernel/common.git/+/bcmdhd-3.10/drivers/net/wireless/bcmdhd/include/proto/ethernet.h
70 * There's an example at
71 * https://gitlab.com/wireshark/wireshark/-/issues/12759
72 * We could eventually have a dissector for that; right now this
73 * dissectors will incorrectly dissect such packets and probably call
74 * them malformed.
77 proto_tree *ti;
78 proto_tree *homepna_tree;
79 int offset = 0;
80 uint32_t control_length;
81 homepna_format_e homepna_format = HOMEPNA_FORMAT_SHORT;
82 uint16_t protocol;
83 ethertype_data_t ethertype_data;
85 if (tvb_captured_length(tvb) < 4)
86 return 0;
88 col_set_str(pinfo->cinfo, COL_PROTOCOL, "HomePNA");
89 col_clear(pinfo->cinfo, COL_INFO);
91 ti = proto_tree_add_item(tree, proto_homepna, tvb, 0, -1, ENC_NA);
92 homepna_tree = proto_item_add_subtree(ti, ett_homepna);
94 if (tvb_get_uint8(tvb, offset) > 127)
95 homepna_format = HOMEPNA_FORMAT_LONG;
97 if (homepna_format == HOMEPNA_FORMAT_SHORT)
99 proto_tree_add_item(homepna_tree, hf_homepna_type, tvb, offset, 1, ENC_BIG_ENDIAN);
100 offset += 1;
101 proto_tree_add_item_ret_uint(homepna_tree, hf_homepna_length, tvb, offset, 1, ENC_BIG_ENDIAN, &control_length);
102 offset += 1;
104 else
106 proto_tree_add_item(homepna_tree, hf_homepna_type, tvb, offset, 2, ENC_BIG_ENDIAN);
107 offset += 2;
108 proto_tree_add_item_ret_uint(homepna_tree, hf_homepna_length, tvb, offset, 2, ENC_BIG_ENDIAN, &control_length);
109 offset += 2;
112 proto_tree_add_item(homepna_tree, hf_homepna_version, tvb, offset, 1, ENC_BIG_ENDIAN);
113 offset += 1;
115 proto_tree_add_item(homepna_tree, hf_homepna_data, tvb, offset, control_length-3, ENC_NA);
116 offset += (control_length-2);
118 protocol = tvb_get_ntohs(tvb, offset);
119 proto_tree_add_uint(homepna_tree, hf_homepna_etype, tvb, offset, 2, protocol);
121 offset += 2;
122 if (protocol == 0) {
123 /* No next layer protocol. Set our length here so the previous
124 * dissector can find any padding, trailer, and FCS.
126 proto_item_set_len(ti, offset);
127 set_actual_length(tvb, offset);
128 } else {
129 ethertype_data.etype = protocol;
130 ethertype_data.payload_offset = offset;
131 ethertype_data.fh_tree = homepna_tree;
132 ethertype_data.trailer_id = hf_homepna_trailer;
133 ethertype_data.fcs_len = 0;
135 call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, &ethertype_data);
138 return tvb_captured_length(tvb);
141 void
142 proto_register_homepna(void)
144 static hf_register_info hf[] = {
145 { &hf_homepna_type,
146 { "Type", "hpna.type", FT_UINT16, BASE_DEC|BASE_RANGE_STRING, RVALS(homepna_type_rvals), 0x0,
147 NULL, HFILL}},
148 { &hf_homepna_length,
149 { "Length", "hpna.length", FT_UINT16, BASE_DEC, NULL, 0x0,
150 NULL, HFILL}},
151 { &hf_homepna_version,
152 { "Version", "hpna.version", FT_UINT8, BASE_DEC, NULL, 0x0,
153 NULL, HFILL}},
154 { &hf_homepna_data,
155 { "Data", "hpna.data", FT_BYTES, BASE_NONE, NULL, 0x0,
156 NULL, HFILL}},
157 { &hf_homepna_etype,
158 { "Ethertype", "hpna.etype", FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0,
159 NULL, HFILL}},
160 { &hf_homepna_trailer,
161 { "Trailer", "hpna.trailer", FT_BYTES, BASE_NONE, NULL, 0x0,
162 NULL, HFILL}},
166 static int *ett[] = {
167 &ett_homepna,
170 proto_homepna = proto_register_protocol("HomePNA, wlan link local tunnel", "HomePNA", "hpna");
171 proto_register_field_array(proto_homepna, hf, array_length(hf));
172 proto_register_subtree_array(ett, array_length(ett));
174 homepna_handle = register_dissector("hpna", dissect_homepna, proto_homepna);
178 void
179 proto_reg_handoff_homepna(void)
181 dissector_add_uint("ethertype", ETHERTYPE_LINK_CTL, homepna_handle);
183 ethertype_handle = find_dissector_add_dependency("ethertype", proto_homepna);
187 * Editor modelines - https://www.wireshark.org/tools/modelines.html
189 * Local variables:
190 * c-basic-offset: 4
191 * tab-width: 8
192 * indent-tabs-mode: nil
193 * End:
195 * vi: set shiftwidth=4 tabstop=8 expandtab:
196 * :indentSize=4:tabSize=8:noTabs=true: