]> The Tcpdump Group git mirrors - tcpdump/blob - print-llc.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Support RFC 2684 bridging of Ethernet, 802.5 Token Ring, and FDDI, and
[tcpdump] / print-llc.c
1 /*
2 * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Code by Matt Thomas, Digital Equipment Corporation
22 * with an awful lot of hacking by Jeffrey Mogul, DECWRL
23 */
24
25 #ifndef lint
26 static const char rcsid[] =
27 "@(#) $Header: /tcpdump/master/tcpdump/print-llc.c,v 1.45 2002-04-07 09:50:33 guy Exp $";
28 #endif
29
30 #ifdef HAVE_CONFIG_H
31 #include "config.h"
32 #endif
33
34 #include <sys/param.h>
35 #include <sys/time.h>
36
37 #include <netinet/in.h>
38
39 #include <ctype.h>
40 #include <netdb.h>
41 #include <stdio.h>
42 #include <string.h>
43
44 #include "interface.h"
45 #include "addrtoname.h"
46 #include "extract.h" /* must come after interface.h */
47
48 #include "llc.h"
49 #include "ethertype.h"
50
51 static struct tok cmd2str[] = {
52 { LLC_UI, "ui" },
53 { LLC_TEST, "test" },
54 { LLC_XID, "xid" },
55 { LLC_UA, "ua" },
56 { LLC_DISC, "disc" },
57 { LLC_DM, "dm" },
58 { LLC_SABME, "sabme" },
59 { LLC_FRMR, "frmr" },
60 { 0, NULL }
61 };
62
63 /*
64 * Returns non-zero IFF it succeeds in printing the header
65 */
66 int
67 llc_print(const u_char *p, u_int length, u_int caplen,
68 const u_char *esrc, const u_char *edst, u_short *extracted_ethertype)
69 {
70 struct llc llc;
71 register u_short et;
72 u_int16_t control;
73 register int ret;
74
75 if (caplen < 3) {
76 (void)printf("[|llc]");
77 default_print((u_char *)p, caplen);
78 return(0);
79 }
80
81 /* Watch out for possible alignment problems */
82 memcpy((char *)&llc, (char *)p, min(caplen, sizeof(llc)));
83
84 if (llc.ssap == LLCSAP_GLOBAL && llc.dsap == LLCSAP_GLOBAL) {
85 /*
86 * This is an Ethernet_802.3 IPX frame; it has an
87 * 802.3 header (i.e., an Ethernet header where the
88 * type/length field is <= ETHERMTU, i.e. it's a length
89 * field, not a type field), but has no 802.2 header -
90 * the IPX packet starts right after the Ethernet header,
91 * with a signature of two bytes of 0xFF (which is
92 * LLCSAP_GLOBAL).
93 *
94 * (It might also have been an Ethernet_802.3 IPX at
95 * one time, but got bridged onto another network,
96 * such as an 802.11 network; this has appeared in at
97 * least one capture file.)
98 */
99 printf("(NOV-802.3) ");
100 ipx_print(p, length);
101 return (1);
102 }
103
104 if (llc.ssap == LLCSAP_8021D && llc.dsap == LLCSAP_8021D) {
105 stp_print(p, length);
106 return (1);
107 }
108
109 if (llc.ssap == LLCSAP_IPX && llc.dsap == LLCSAP_IPX &&
110 llc.llcui == LLC_UI) {
111 /*
112 * This is an Ethernet_802.2 IPX frame, with an 802.3
113 * header and an 802.2 LLC header with the source and
114 * destination SAPs being the IPX SAP.
115 *
116 * Skip DSAP, LSAP, and control field.
117 */
118 printf("(NOV-802.2) ");
119 p += 3;
120 length -= 3;
121 caplen -= 3;
122 ipx_print(p, length);
123 return (1);
124 }
125
126 #ifdef TCPDUMP_DO_SMB
127 if (llc.ssap == LLCSAP_NETBEUI && llc.dsap == LLCSAP_NETBEUI
128 && (!(llc.llcu & LLC_S_FMT) || llc.llcu == LLC_U_FMT)) {
129 /*
130 * we don't actually have a full netbeui parser yet, but the
131 * smb parser can handle many smb-in-netbeui packets, which
132 * is very useful, so we call that
133 *
134 * We don't call it for S frames, however, just I frames
135 * (which are frames that don't have the low-order bit,
136 * LLC_S_FMT, set in the first byte of the control field)
137 * and UI frames (whose control field is just 3, LLC_U_FMT).
138 */
139
140 /*
141 * Skip the DSAP and LSAP.
142 */
143 p += 2;
144 length -= 2;
145 caplen -= 2;
146
147 /*
148 * OK, what type of LLC frame is this? The length
149 * of the control field depends on that - I frames
150 * have a two-byte control field, and U frames have
151 * a one-byte control field.
152 */
153 if (llc.llcu == LLC_U_FMT) {
154 control = llc.llcu;
155 p += 1;
156 length -= 1;
157 caplen -= 1;
158 } else {
159 /*
160 * The control field in I and S frames is
161 * little-endian.
162 */
163 control = EXTRACT_LE_16BITS(&llc.llcu);
164 p += 2;
165 length -= 2;
166 caplen -= 2;
167 }
168 netbeui_print(control, p, length);
169 return (1);
170 }
171 #endif
172 if (llc.ssap == LLCSAP_ISONS && llc.dsap == LLCSAP_ISONS
173 && llc.llcui == LLC_UI) {
174 isoclns_print(p + 3, length - 3, caplen - 3, esrc, edst);
175 return (1);
176 }
177
178 if (llc.ssap == LLCSAP_SNAP && llc.dsap == LLCSAP_SNAP
179 && llc.llcui == LLC_UI) {
180 u_int32_t orgcode;
181
182 if (caplen < sizeof(llc)) {
183 (void)printf("[|llc-snap]");
184 default_print((u_char *)p, caplen);
185 return (0);
186 }
187 if (vflag)
188 (void)printf("snap %s ", protoid_string(llc.llcpi));
189
190 caplen -= sizeof(llc);
191 length -= sizeof(llc);
192 p += sizeof(llc);
193
194 orgcode = EXTRACT_24BITS(&llc.llc_orgcode[0]);
195 et = EXTRACT_16BITS(&llc.llc_ethertype[0]);
196 switch (orgcode) {
197 case OUI_ENCAP_ETHER:
198 case OUI_CISCO_90:
199 /*
200 * This is an encapsulated Ethernet packet,
201 * or a packet bridged by some piece of
202 * Cisco hardware; the protocol ID is
203 * an Ethernet protocol type.
204 */
205 ret = ether_encap_print(et, p, length, caplen,
206 extracted_ethertype);
207 if (ret)
208 return (ret);
209 break;
210
211 case OUI_APPLETALK:
212 if (et == ETHERTYPE_ATALK) {
213 /*
214 * No, I have no idea why Apple used one
215 * of their own OUIs, rather than
216 * 0x000000, and an Ethernet packet
217 * type, for Appletalk data packets,
218 * but used 0x000000 and an Ethernet
219 * packet type for AARP packets.
220 */
221 ret = ether_encap_print(et, p, length, caplen,
222 extracted_ethertype);
223 if (ret)
224 return (ret);
225 }
226 break;
227
228 case OUI_CISCO:
229 if (et == PID_CISCO_CDP) {
230 cdp_print(p, length, caplen, esrc, edst);
231 return 1;
232 }
233 break;
234
235 case OUI_RFC2684:
236 switch (et) {
237
238 case PID_RFC2684_ETH_FCS:
239 case PID_RFC2684_ETH_NOFCS:
240 /*
241 * XXX - remove the last two bytes for
242 * PID_RFC2684_ETH_FCS?
243 */
244 /*
245 * Skip the padding.
246 */
247 caplen -= 2;
248 length -= 2;
249 p += 2;
250
251 /*
252 * What remains is an Ethernet packet.
253 */
254 ether_print(p, length, caplen);
255 return (1);
256
257 case PID_RFC2684_802_5_FCS:
258 case PID_RFC2684_802_5_NOFCS:
259 /*
260 * XXX - remove the last two bytes for
261 * PID_RFC2684_ETH_FCS?
262 */
263 /*
264 * Skip the padding, but not the Access
265 * Control field.
266 */
267 caplen -= 2;
268 length -= 2;
269 p += 2;
270
271 /*
272 * What remains is an 802.5 Token Ring
273 * packet.
274 */
275 token_print(p, length, caplen);
276 return (1);
277
278 case PID_RFC2684_FDDI_FCS:
279 case PID_RFC2684_FDDI_NOFCS:
280 /*
281 * XXX - remove the last two bytes for
282 * PID_RFC2684_ETH_FCS?
283 */
284 /*
285 * Skip the padding.
286 */
287 caplen -= 3;
288 length -= 3;
289 p += 3;
290
291 /*
292 * What remains is an FDDI packet.
293 */
294 fddi_print(p, length, caplen);
295 return (1);
296
297 case PID_RFC2684_BPDU:
298 stp_print(p, length);
299 return (1);
300 }
301 }
302 }
303
304 if ((llc.ssap & ~LLC_GSAP) == llc.dsap) {
305 if (eflag || esrc == NULL || edst == NULL)
306 (void)printf("%s ", llcsap_string(llc.dsap));
307 else
308 (void)printf("%s > %s %s ",
309 etheraddr_string(esrc),
310 etheraddr_string(edst),
311 llcsap_string(llc.dsap));
312 } else {
313 if (eflag || esrc == NULL || edst == NULL)
314 (void)printf("%s > %s ",
315 llcsap_string(llc.ssap & ~LLC_GSAP),
316 llcsap_string(llc.dsap));
317 else
318 (void)printf("%s %s > %s %s ",
319 etheraddr_string(esrc),
320 llcsap_string(llc.ssap & ~LLC_GSAP),
321 etheraddr_string(edst),
322 llcsap_string(llc.dsap));
323 }
324
325 if ((llc.llcu & LLC_U_FMT) == LLC_U_FMT) {
326 u_int16_t cmd;
327 const char *m;
328 char f;
329
330 cmd = LLC_U_CMD(llc.llcu);
331 m = tok2str(cmd2str, "%02x", cmd);
332 switch ((llc.ssap & LLC_GSAP) | (llc.llcu & LLC_U_POLL)) {
333 case 0: f = 'C'; break;
334 case LLC_GSAP: f = 'R'; break;
335 case LLC_U_POLL: f = 'P'; break;
336 case LLC_GSAP|LLC_U_POLL: f = 'F'; break;
337 default: f = '?'; break;
338 }
339
340 printf("%s/%c", m, f);
341
342 p += 3;
343 length -= 3;
344 caplen -= 3;
345
346 if ((llc.llcu & ~LLC_U_POLL) == LLC_XID) {
347 if (*p == LLC_XID_FI) {
348 printf(": %02x %02x", p[1], p[2]);
349 p += 3;
350 length -= 3;
351 caplen -= 3;
352 }
353 }
354 } else {
355 char f;
356
357 /*
358 * The control field in I and S frames is little-endian.
359 */
360 control = EXTRACT_LE_16BITS(&llc.llcu);
361 switch ((llc.ssap & LLC_GSAP) | (control & LLC_IS_POLL)) {
362 case 0: f = 'C'; break;
363 case LLC_GSAP: f = 'R'; break;
364 case LLC_IS_POLL: f = 'P'; break;
365 case LLC_GSAP|LLC_IS_POLL: f = 'F'; break;
366 default: f = '?'; break;
367 }
368
369 if ((control & LLC_S_FMT) == LLC_S_FMT) {
370 static char *llc_s[] = { "rr", "rej", "rnr", "03" };
371 (void)printf("%s (r=%d,%c)",
372 llc_s[LLC_S_CMD(control)],
373 LLC_IS_NR(control),
374 f);
375 } else {
376 (void)printf("I (s=%d,r=%d,%c)",
377 LLC_I_NS(control),
378 LLC_IS_NR(control),
379 f);
380 }
381 p += 4;
382 length -= 4;
383 caplen -= 4;
384 }
385 (void)printf(" len=%d", length);
386 return(1);
387 }
[mirror] the TCPdump network dissector