X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/4bec97f457e593be925e92fa28d73af6a57d81cf..a8c33a5850cd9d2f39e56c06b645c283225d78c4:/print-fr.c diff --git a/print-fr.c b/print-fr.c index 03f2ce4e..59d39417 100644 --- a/print-fr.c +++ b/print-fr.c @@ -19,92 +19,148 @@ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#ifndef lint -static const char rcsid[] = - "@(#)$Header: /tcpdump/master/tcpdump/print-fr.c,v 1.11 2002-12-19 09:39:12 guy Exp $ (LBL)"; -#endif +/* \summary: Frame Relay printer */ #ifdef HAVE_CONFIG_H -#include "config.h" +#include #endif -#include - -struct mbuf; -struct rtentry; +#include "netdissect-stdinc.h" #include #include -#include -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" #include "ethertype.h" +#include "llc.h" +#include "nlpid.h" #include "extract.h" +#include "oui.h" -static void q933_print(const u_char *, int); +static void frf15_print(netdissect_options *ndo, const u_char *, u_int); -#define FR_CR_BIT 0x02 -#define FR_EA_BIT(p) ((p)&0x01) -#define FR_FECN 0x08 -#define FR_BECN 0x04 -#define FR_DE 0x02 -#define FR_DLCI(b0, b1) ((((b0)&0xFC)<<2)+(((b1)&0xF0)>>4)) +/* + * the frame relay header has a variable length + * + * the EA bit determines if there is another byte + * in the header + * + * minimum header length is 2 bytes + * maximum header length is 4 bytes + * + * 7 6 5 4 3 2 1 0 + * +----+----+----+----+----+----+----+----+ + * | DLCI (6 bits) | CR | EA | + * +----+----+----+----+----+----+----+----+ + * | DLCI (4 bits) |FECN|BECN| DE | EA | + * +----+----+----+----+----+----+----+----+ + * | DLCI (7 bits) | EA | + * +----+----+----+----+----+----+----+----+ + * | DLCI (6 bits) |SDLC| EA | + * +----+----+----+----+----+----+----+----+ + */ -/* find out how many bytes are there in a frame */ -static u_int -fr_addr_len(const u_char *p) -{ - u_int i=0; - - while (!FR_EA_BIT(p[i]) && i++ && !FR_EA_BIT(p[i+1])) i++; - return (i+1); -} +#define FR_EA_BIT 0x01 + +#define FR_CR_BIT 0x02000000 +#define FR_DE_BIT 0x00020000 +#define FR_BECN_BIT 0x00040000 +#define FR_FECN_BIT 0x00080000 +#define FR_SDLC_BIT 0x00000002 -/* the following is for framerelay */ -#define NLPID_LEN 1 /* NLPID is one byte long */ -#define NLPID_Q933 0x08 -#define NLPID_LMI 0x09 -#define NLPID_SNAP 0x80 -#define NLPID_CLNP 0x81 -#define NLPID_ESIS 0x82 -#define NLPID_ISIS 0x83 -#define NLPID_CONS 0x84 -#define NLPID_IDRP 0x85 -#define NLPID_X25_ESIS 0x8a -#define NLPID_IP 0xcc +static const struct tok fr_header_flag_values[] = { + { FR_CR_BIT, "C!" }, + { FR_DE_BIT, "DE" }, + { FR_BECN_BIT, "BECN" }, + { FR_FECN_BIT, "FECN" }, + { FR_SDLC_BIT, "sdlcore" }, + { 0, NULL } +}; -static const char *fr_nlpids[256]; +/* FRF.15 / FRF.16 */ +#define MFR_B_BIT 0x80 +#define MFR_E_BIT 0x40 +#define MFR_C_BIT 0x20 +#define MFR_BEC_MASK (MFR_B_BIT | MFR_E_BIT | MFR_C_BIT) +#define MFR_CTRL_FRAME (MFR_B_BIT | MFR_E_BIT | MFR_C_BIT) +#define MFR_FRAG_FRAME (MFR_B_BIT | MFR_E_BIT ) -static void -init_fr_nlpids(void) +static const struct tok frf_flag_values[] = { + { MFR_B_BIT, "Begin" }, + { MFR_E_BIT, "End" }, + { MFR_C_BIT, "Control" }, + { 0, NULL } +}; + +/* Finds out Q.922 address length, DLCI and flags. Returns 1 on success, + * 0 on invalid address, -1 on truncated packet + * save the flags dep. on address length + */ +static int parse_q922_header(netdissect_options *ndo, + const u_char *p, u_int *dlci, + u_int *addr_len, uint32_t *flags, u_int length) { - int i; - static int fr_nlpid_flag = 0; - - if (!fr_nlpid_flag) { - for (i=0; i < 256; i++) - fr_nlpids[i] = NULL; - fr_nlpids[NLPID_Q933] = "Q.933"; - fr_nlpids[NLPID_LMI] = "LMI"; - fr_nlpids[NLPID_SNAP] = "SNAP"; - fr_nlpids[NLPID_CLNP] = "CLNP"; - fr_nlpids[NLPID_ESIS] = "ESIS"; - fr_nlpids[NLPID_ISIS] = "ISIS"; - fr_nlpids[NLPID_CONS] = "CONS"; - fr_nlpids[NLPID_IDRP] = "IDRP"; - fr_nlpids[NLPID_X25_ESIS] = "X25_ESIS"; - fr_nlpids[NLPID_IP] = "IP"; + if (!ND_TTEST_1(p) || length < 1) + return -1; + if ((GET_U_1(p) & FR_EA_BIT)) + return 0; + + if (!ND_TTEST_1(p + 1) || length < 2) + return -1; + *addr_len = 2; + *dlci = ((GET_U_1(p) & 0xFC) << 2) | ((GET_U_1(p + 1) & 0xF0) >> 4); + + *flags = ((GET_U_1(p) & 0x02) << 24) | /* CR flag */ + ((GET_U_1(p + 1) & 0x0e) << 16); /* FECN,BECN,DE flags */ + + if (GET_U_1(p + 1) & FR_EA_BIT) + return 1; /* 2-byte Q.922 address */ + + p += 2; + length -= 2; + if (!ND_TTEST_1(p) || length < 1) + return -1; + (*addr_len)++; /* 3- or 4-byte Q.922 address */ + if ((GET_U_1(p) & FR_EA_BIT) == 0) { + *dlci = (*dlci << 7) | (GET_U_1(p) >> 1); + (*addr_len)++; /* 4-byte Q.922 address */ + p++; + length--; } - fr_nlpid_flag = 1; + + if (!ND_TTEST_1(p) || length < 1) + return -1; + if ((GET_U_1(p) & FR_EA_BIT) == 0) + return 0; /* more than 4 bytes of Q.922 address? */ + + *flags = *flags | (GET_U_1(p) & 0x02); /* SDLC flag */ + + *dlci = (*dlci << 6) | (GET_U_1(p) >> 2); + + return 1; } -/* Framerelay packet structure */ +const char * +q922_string(netdissect_options *ndo, const u_char *p, u_int length) +{ + + static u_int dlci, addr_len; + static uint32_t flags; + static char buffer[sizeof("DLCI xxxxxxxxxx")]; + memset(buffer, 0, sizeof(buffer)); + + if (parse_q922_header(ndo, p, &dlci, &addr_len, &flags, length) == 1){ + snprintf(buffer, sizeof(buffer), "DLCI %u", dlci); + } + + return buffer; +} + + +/* Frame Relay packet structure, with flags and CRC removed -/* - +---------------------------+ - | flag (7E hexadecimal) | +---------------------------+ | Q.922 Address* | +-- --+ @@ -123,161 +179,466 @@ init_fr_nlpids(void) | . | | . | +---------------------------+ - | Frame Check Sequence | - +-- . --+ - | (two octets) | - +---------------------------+ - | flag (7E hexadecimal) | - +---------------------------+ * Q.922 addresses, as presently defined, are two octets and contain a 10-bit DLCI. In some networks Q.922 addresses may optionally be increased to three or four octets. - */ -#define FR_PROTOCOL(p) fr_protocol((p)) - -static u_int -fr_hdrlen(const u_char *p) +static void +fr_hdr_print(netdissect_options *ndo, int length, u_int addr_len, + u_int dlci, uint32_t flags, uint16_t nlpid) { - u_int hlen; - hlen = fr_addr_len(p)+1; /* addr_len + 0x03 + padding */ - if (p[hlen]) - return hlen; - else - return hlen+1; + if (ndo->ndo_qflag) { + ND_PRINT("Q.922, DLCI %u, length %u: ", + dlci, + length); + } else { + if (nlpid <= 0xff) /* if its smaller than 256 then its a NLPID */ + ND_PRINT("Q.922, hdr-len %u, DLCI %u, Flags [%s], NLPID %s (0x%02x), length %u: ", + addr_len, + dlci, + bittok2str(fr_header_flag_values, "none", flags), + tok2str(nlpid_values,"unknown", nlpid), + nlpid, + length); + else /* must be an ethertype */ + ND_PRINT("Q.922, hdr-len %u, DLCI %u, Flags [%s], cisco-ethertype %s (0x%04x), length %u: ", + addr_len, + dlci, + bittok2str(fr_header_flag_values, "none", flags), + tok2str(ethertype_values, "unknown", nlpid), + nlpid, + length); + } } -#define LAYER2_LEN(p) (fr_hdrlen((p))+NLPID_LEN) - -static int -fr_protocol(const u_char *p) +u_int +fr_if_print(netdissect_options *ndo, + const struct pcap_pkthdr *h, const u_char *p) { - int hlen; - - hlen = fr_addr_len(p) + 1; - if (p[hlen]) /* check for padding */ - return p[hlen]; - else - return p[hlen+1]; -} + u_int length = h->len; + u_int caplen = h->caplen; -static char * -fr_flags(const u_char *p) -{ - static char flags[1+1+4+1+4+1+2+1]; - - if (p[0] & FR_CR_BIT) - strcpy(flags, "C"); - else - strcpy(flags, "R"); - if (p[1] & FR_FECN) - strcat(flags, ",FECN"); - if (p[1] & FR_BECN) - strcat(flags, ",BECN"); - if (p[1] & FR_DE) - strcat(flags, ",DE"); - return flags; + ndo->ndo_protocol = "fr_if"; + ND_TCHECK_4(p); /* minimum frame header length */ + + if ((length = fr_print(ndo, p, length)) == 0) + return (0); + else + return length; +trunc: + nd_print_trunc(ndo); + return caplen; } -static const char * -fr_protostring(u_int8_t proto) +u_int +fr_print(netdissect_options *ndo, + const u_char *p, u_int length) { - static char buf[5+1+2+1]; + int ret; + uint16_t extracted_ethertype; + u_int dlci; + u_int addr_len; + uint16_t nlpid; + u_int hdr_len; + uint32_t flags; - if (nflag || fr_nlpids[proto] == NULL) { - sprintf(buf, "proto-%02x", proto); - return buf; + ndo->ndo_protocol = "fr"; + ret = parse_q922_header(ndo, p, &dlci, &addr_len, &flags, length); + if (ret == -1) + goto trunc; + if (ret == 0) { + ND_PRINT("Q.922, invalid address"); + return 0; } - return fr_nlpids[proto]; -} -static void -fr_hdr_print(const u_char *p, int length) -{ - u_int8_t proto; - - proto = FR_PROTOCOL(p); - - init_fr_nlpids(); - /* this is kinda kludge since it assumed that DLCI is two bytes. */ - if (qflag) - (void)printf("DLCI-%u-%s %d: ", - FR_DLCI(p[0], p[1]), fr_flags(p), length); - else - (void)printf("DLCI-%u-%s %s %d: ", - FR_DLCI(p[0], p[1]), fr_flags(p), - fr_protostring(proto), length); -} + ND_TCHECK_1(p + addr_len); + if (length < addr_len + 1) + goto trunc; -u_int -fr_if_print(const struct pcap_pkthdr *h, register const u_char *p) -{ - register u_int length = h->len; - register u_int caplen = h->caplen; - u_char protocol; - int layer2_len; - u_short extracted_ethertype; - u_int32_t orgcode; - register u_short et; - - if (caplen < fr_hdrlen(p)) { - printf("[|fr]"); - return (caplen); - } + if (GET_U_1(p + addr_len) != LLC_UI && dlci != 0) { + /* + * Let's figure out if we have Cisco-style encapsulation, + * with an Ethernet type (Cisco HDLC type?) following the + * address. + */ + if (!ND_TTEST_2(p + addr_len) || length < addr_len + 2) { + /* no Ethertype */ + ND_PRINT("UI %02x! ", GET_U_1(p + addr_len)); + } else { + extracted_ethertype = GET_BE_U_2(p + addr_len); + + if (ndo->ndo_eflag) + fr_hdr_print(ndo, length, addr_len, dlci, + flags, extracted_ethertype); - if (eflag) - fr_hdr_print(p, length); + if (ethertype_print(ndo, extracted_ethertype, + p+addr_len+ETHERTYPE_LEN, + length-addr_len-ETHERTYPE_LEN, + ND_BYTES_AVAILABLE_AFTER(p)-addr_len-ETHERTYPE_LEN, + NULL, NULL) == 0) + /* ether_type not known, probably it wasn't one */ + ND_PRINT("UI %02x! ", GET_U_1(p + addr_len)); + else + return addr_len + 2; + } + } - protocol = FR_PROTOCOL(p); - layer2_len = LAYER2_LEN(p); - p += layer2_len; - length -= layer2_len; - caplen -= layer2_len; + ND_TCHECK_1(p + addr_len + 1); + if (length < addr_len + 2) + goto trunc; + + if (GET_U_1(p + addr_len + 1) == 0) { + /* + * Assume a pad byte after the control (UI) byte. + * A pad byte should only be used with 3-byte Q.922. + */ + if (addr_len != 3) + ND_PRINT("Pad! "); + hdr_len = addr_len + 1 /* UI */ + 1 /* pad */ + 1 /* NLPID */; + } else { + /* + * Not a pad byte. + * A pad byte should be used with 3-byte Q.922. + */ + if (addr_len == 3) + ND_PRINT("No pad! "); + hdr_len = addr_len + 1 /* UI */ + 1 /* NLPID */; + } - switch (protocol) { + ND_TCHECK_1(p + hdr_len - 1); + if (length < hdr_len) + goto trunc; + nlpid = GET_U_1(p + hdr_len - 1); + if (ndo->ndo_eflag) + fr_hdr_print(ndo, length, addr_len, dlci, flags, nlpid); + p += hdr_len; + length -= hdr_len; + + switch (nlpid) { case NLPID_IP: - ip_print(p, length); + ip_print(ndo, p, length); + break; + + case NLPID_IP6: + ip6_print(ndo, p, length); break; case NLPID_CLNP: case NLPID_ESIS: case NLPID_ISIS: - isoclns_print(p, length, caplen, NULL, NULL); + isoclns_print(ndo, p - 1, length + 1); /* OSI printers need the NLPID field */ break; case NLPID_SNAP: - orgcode = EXTRACT_24BITS(p); - et = EXTRACT_16BITS(p + 3); - if (snap_print((const u_char *)(p + 5), length - 5, - caplen - 5, &extracted_ethertype, orgcode, et, - 0) == 0) { + if (snap_print(ndo, p, length, ND_BYTES_AVAILABLE_AFTER(p), NULL, NULL, 0) == 0) { /* ether_type not known, print raw packet */ - if (!eflag) - fr_hdr_print(p - layer2_len, length + layer2_len); - if (extracted_ethertype) { - printf("(SNAP %s) ", - etherproto_string(htons(extracted_ethertype))); - } - if (!xflag && !qflag) - default_print(p - layer2_len, caplen + layer2_len); + if (!ndo->ndo_eflag) + fr_hdr_print(ndo, length + hdr_len, hdr_len, + dlci, flags, nlpid); + if (!ndo->ndo_suppress_default_print) + ND_DEFAULTPRINT(p - hdr_len, length + hdr_len); } break; - case NLPID_Q933: - q933_print(p, length); + case NLPID_Q933: + q933_print(ndo, p, length); break; + case NLPID_MFR: + frf15_print(ndo, p, length); + break; + + case NLPID_PPP: + ppp_print(ndo, p, length); + break; + default: - if (!eflag) - fr_hdr_print(p - layer2_len, length + layer2_len); - if (!xflag) - default_print(p, caplen); + if (!ndo->ndo_eflag) + fr_hdr_print(ndo, length + hdr_len, addr_len, + dlci, flags, nlpid); + if (!ndo->ndo_xflag) + ND_DEFAULTPRINT(p, length); } - return (layer2_len); + return hdr_len; + +trunc: + nd_print_trunc(ndo); + return 0; + +} + +u_int +mfr_if_print(netdissect_options *ndo, + const struct pcap_pkthdr *h, const u_char *p) +{ + u_int length = h->len; + u_int caplen = h->caplen; + + ndo->ndo_protocol = "mfr_if"; + ND_TCHECK_2(p); /* minimum frame header length */ + + if ((length = mfr_print(ndo, p, length)) == 0) + return (0); + else + return length; +trunc: + nd_print_trunc(ndo); + return caplen; +} + + +#define MFR_CTRL_MSG_ADD_LINK 1 +#define MFR_CTRL_MSG_ADD_LINK_ACK 2 +#define MFR_CTRL_MSG_ADD_LINK_REJ 3 +#define MFR_CTRL_MSG_HELLO 4 +#define MFR_CTRL_MSG_HELLO_ACK 5 +#define MFR_CTRL_MSG_REMOVE_LINK 6 +#define MFR_CTRL_MSG_REMOVE_LINK_ACK 7 + +static const struct tok mfr_ctrl_msg_values[] = { + { MFR_CTRL_MSG_ADD_LINK, "Add Link" }, + { MFR_CTRL_MSG_ADD_LINK_ACK, "Add Link ACK" }, + { MFR_CTRL_MSG_ADD_LINK_REJ, "Add Link Reject" }, + { MFR_CTRL_MSG_HELLO, "Hello" }, + { MFR_CTRL_MSG_HELLO_ACK, "Hello ACK" }, + { MFR_CTRL_MSG_REMOVE_LINK, "Remove Link" }, + { MFR_CTRL_MSG_REMOVE_LINK_ACK, "Remove Link ACK" }, + { 0, NULL } +}; + +#define MFR_CTRL_IE_BUNDLE_ID 1 +#define MFR_CTRL_IE_LINK_ID 2 +#define MFR_CTRL_IE_MAGIC_NUM 3 +#define MFR_CTRL_IE_TIMESTAMP 5 +#define MFR_CTRL_IE_VENDOR_EXT 6 +#define MFR_CTRL_IE_CAUSE 7 + +static const struct tok mfr_ctrl_ie_values[] = { + { MFR_CTRL_IE_BUNDLE_ID, "Bundle ID"}, + { MFR_CTRL_IE_LINK_ID, "Link ID"}, + { MFR_CTRL_IE_MAGIC_NUM, "Magic Number"}, + { MFR_CTRL_IE_TIMESTAMP, "Timestamp"}, + { MFR_CTRL_IE_VENDOR_EXT, "Vendor Extension"}, + { MFR_CTRL_IE_CAUSE, "Cause"}, + { 0, NULL } +}; + +#define MFR_ID_STRING_MAXLEN 50 + +struct ie_tlv_header_t { + uint8_t ie_type; + uint8_t ie_len; +}; + +u_int +mfr_print(netdissect_options *ndo, + const u_char *p, u_int length) +{ + u_int tlen,idx,hdr_len = 0; + uint16_t sequence_num; + uint8_t ie_type,ie_len; + const uint8_t *tptr; + + +/* + * FRF.16 Link Integrity Control Frame + * + * 7 6 5 4 3 2 1 0 + * +----+----+----+----+----+----+----+----+ + * | B | E | C=1| 0 0 0 0 | EA | + * +----+----+----+----+----+----+----+----+ + * | 0 0 0 0 0 0 0 0 | + * +----+----+----+----+----+----+----+----+ + * | message type | + * +----+----+----+----+----+----+----+----+ + */ + + ndo->ndo_protocol = "mfr"; + + if (length < 4) { /* minimum frame header length */ + ND_PRINT("[length %u < 4]", length); + nd_print_invalid(ndo); + return length; + } + ND_TCHECK_4(p); + + if ((GET_U_1(p) & MFR_BEC_MASK) == MFR_CTRL_FRAME && GET_U_1(p + 1) == 0) { + ND_PRINT("FRF.16 Control, Flags [%s], %s, length %u", + bittok2str(frf_flag_values,"none",(GET_U_1(p) & MFR_BEC_MASK)), + tok2str(mfr_ctrl_msg_values,"Unknown Message (0x%02x)",GET_U_1(p + 2)), + length); + tptr = p + 3; + tlen = length -3; + hdr_len = 3; + + if (!ndo->ndo_vflag) + return hdr_len; + + while (tlen>sizeof(struct ie_tlv_header_t)) { + ND_TCHECK_LEN(tptr, sizeof(struct ie_tlv_header_t)); + ie_type=GET_U_1(tptr); + ie_len=GET_U_1(tptr + 1); + + ND_PRINT("\n\tIE %s (%u), length %u: ", + tok2str(mfr_ctrl_ie_values,"Unknown",ie_type), + ie_type, + ie_len); + + /* infinite loop check */ + if (ie_type == 0 || ie_len <= sizeof(struct ie_tlv_header_t)) + return hdr_len; + + ND_TCHECK_LEN(tptr, ie_len); + tptr+=sizeof(struct ie_tlv_header_t); + /* tlv len includes header */ + ie_len-=sizeof(struct ie_tlv_header_t); + tlen-=sizeof(struct ie_tlv_header_t); + + switch (ie_type) { + + case MFR_CTRL_IE_MAGIC_NUM: + /* FRF.16.1 Section 3.4.3 Magic Number Information Element */ + if (ie_len != 4) { + ND_PRINT("[IE data length %d != 4]", ie_len); + nd_print_invalid(ndo); + break; + } + ND_PRINT("0x%08x", GET_BE_U_4(tptr)); + break; + + case MFR_CTRL_IE_BUNDLE_ID: /* same message format */ + case MFR_CTRL_IE_LINK_ID: + for (idx = 0; idx < ie_len && idx < MFR_ID_STRING_MAXLEN; idx++) { + if (GET_U_1(tptr + idx) != 0) /* don't print null termination */ + fn_print_char(ndo, GET_U_1(tptr + idx)); + else + break; + } + break; + + case MFR_CTRL_IE_TIMESTAMP: + if (ie_len == sizeof(struct timeval)) { + ts_print(ndo, (const struct timeval *)tptr); + break; + } + /* fall through and hexdump if no unix timestamp */ + ND_FALL_THROUGH; + + /* + * FIXME those are the defined IEs that lack a decoder + * you are welcome to contribute code ;-) + */ + + case MFR_CTRL_IE_VENDOR_EXT: + case MFR_CTRL_IE_CAUSE: + + default: + if (ndo->ndo_vflag <= 1) + print_unknown_data(ndo, tptr, "\n\t ", ie_len); + break; + } + + /* do we want to see a hexdump of the IE ? */ + if (ndo->ndo_vflag > 1 ) + print_unknown_data(ndo, tptr, "\n\t ", ie_len); + + tlen-=ie_len; + tptr+=ie_len; + } + return hdr_len; + } +/* + * FRF.16 Fragmentation Frame + * + * 7 6 5 4 3 2 1 0 + * +----+----+----+----+----+----+----+----+ + * | B | E | C=0|seq. (high 4 bits) | EA | + * +----+----+----+----+----+----+----+----+ + * | sequence (low 8 bits) | + * +----+----+----+----+----+----+----+----+ + * | DLCI (6 bits) | CR | EA | + * +----+----+----+----+----+----+----+----+ + * | DLCI (4 bits) |FECN|BECN| DE | EA | + * +----+----+----+----+----+----+----+----+ + */ + + sequence_num = (GET_U_1(p)&0x1e)<<7 | GET_U_1(p + 1); + /* whole packet or first fragment ? */ + if ((GET_U_1(p) & MFR_BEC_MASK) == MFR_FRAG_FRAME || + (GET_U_1(p) & MFR_BEC_MASK) == MFR_B_BIT) { + ND_PRINT("FRF.16 Frag, seq %u, Flags [%s], ", + sequence_num, + bittok2str(frf_flag_values,"none",(GET_U_1(p) & MFR_BEC_MASK))); + hdr_len = 2; + fr_print(ndo, p+hdr_len,length-hdr_len); + return hdr_len; + } + + /* must be a middle or the last fragment */ + ND_PRINT("FRF.16 Frag, seq %u, Flags [%s]", + sequence_num, + bittok2str(frf_flag_values,"none",(GET_U_1(p) & MFR_BEC_MASK))); + print_unknown_data(ndo, p, "\n\t", length); + + return hdr_len; + +trunc: + nd_print_trunc(ndo); + return length; +} + +/* an NLPID of 0xb1 indicates a 2-byte + * FRF.15 header + * + * 7 6 5 4 3 2 1 0 + * +----+----+----+----+----+----+----+----+ + * ~ Q.922 header ~ + * +----+----+----+----+----+----+----+----+ + * | NLPID (8 bits) | NLPID=0xb1 + * +----+----+----+----+----+----+----+----+ + * | B | E | C |seq. (high 4 bits) | R | + * +----+----+----+----+----+----+----+----+ + * | sequence (low 8 bits) | + * +----+----+----+----+----+----+----+----+ + */ + +#define FR_FRF15_FRAGTYPE 0x01 + +static void +frf15_print(netdissect_options *ndo, + const u_char *p, u_int length) +{ + uint16_t sequence_num, flags; + + if (length < 2) + goto trunc; + ND_TCHECK_2(p); + + flags = GET_U_1(p)&MFR_BEC_MASK; + sequence_num = (GET_U_1(p)&0x1e)<<7 | GET_U_1(p + 1); + + ND_PRINT("FRF.15, seq 0x%03x, Flags [%s],%s Fragmentation, length %u", + sequence_num, + bittok2str(frf_flag_values,"none",flags), + GET_U_1(p)&FR_FRF15_FRAGTYPE ? "Interface" : "End-to-End", + length); + +/* TODO: + * depending on all permutations of the B, E and C bit + * dig as deep as we can - e.g. on the first (B) fragment + * there is enough payload to print the IP header + * on non (B) fragments it depends if the fragmentation + * model is end-to-end or interface based wether we want to print + * another Q.922 header + */ + return; + +trunc: + nd_print_trunc(ndo); } /* @@ -285,13 +646,13 @@ fr_if_print(const struct pcap_pkthdr *h, register const u_char *p) */ /* Q.933 packet format - Format of Other Protocols + Format of Other Protocols using Q.933 NLPID - +-------------------------------+ - | Q.922 Address | + +-------------------------------+ + | Q.922 Address | + +---------------+---------------+ + |Control 0x03 | NLPID 0x08 | +---------------+---------------+ - |Control 0x03 | NLPID 0x08 | - +---------------+---------------+ | L2 Protocol ID | | octet 1 | octet 2 | +-------------------------------+ @@ -327,104 +688,467 @@ fr_if_print(const struct pcap_pkthdr *h, register const u_char *p) #define MSG_TYPE_STATUS 0x7D #define MSG_TYPE_STATUS_ENQ 0x75 -#define ONE_BYTE_IE_MASK 0xF0 +static const struct tok fr_q933_msg_values[] = { + { MSG_TYPE_ESC_TO_NATIONAL, "ESC to National" }, + { MSG_TYPE_ALERT, "Alert" }, + { MSG_TYPE_CALL_PROCEEDING, "Call proceeding" }, + { MSG_TYPE_CONNECT, "Connect" }, + { MSG_TYPE_CONNECT_ACK, "Connect ACK" }, + { MSG_TYPE_PROGRESS, "Progress" }, + { MSG_TYPE_SETUP, "Setup" }, + { MSG_TYPE_DISCONNECT, "Disconnect" }, + { MSG_TYPE_RELEASE, "Release" }, + { MSG_TYPE_RELEASE_COMPLETE, "Release Complete" }, + { MSG_TYPE_RESTART, "Restart" }, + { MSG_TYPE_RESTART_ACK, "Restart ACK" }, + { MSG_TYPE_STATUS, "Status Reply" }, + { MSG_TYPE_STATUS_ENQ, "Status Enquiry" }, + { 0, NULL } +}; + +#define IE_IS_SINGLE_OCTET(iecode) ((iecode) & 0x80) +#define IE_IS_SHIFT(iecode) (((iecode) & 0xF0) == 0x90) +#define IE_SHIFT_IS_NON_LOCKING(iecode) ((iecode) & 0x08) +#define IE_SHIFT_IS_LOCKING(iecode) (!(IE_SHIFT_IS_NON_LOCKING(iecode))) +#define IE_SHIFT_CODESET(iecode) ((iecode) & 0x07) + +#define FR_LMI_ANSI_REPORT_TYPE_IE 0x01 +#define FR_LMI_ANSI_LINK_VERIFY_IE_91 0x19 /* details? */ +#define FR_LMI_ANSI_LINK_VERIFY_IE 0x03 +#define FR_LMI_ANSI_PVC_STATUS_IE 0x07 -/* See L2 protocol ID picture above */ -struct q933_header { - u_int8_t call_ref; /* usually is 0 for framerelay PVC */ - u_int8_t msg_type; +#define FR_LMI_CCITT_REPORT_TYPE_IE 0x51 +#define FR_LMI_CCITT_LINK_VERIFY_IE 0x53 +#define FR_LMI_CCITT_PVC_STATUS_IE 0x57 + +static const struct tok fr_q933_ie_values_codeset_0_5[] = { + { FR_LMI_ANSI_REPORT_TYPE_IE, "ANSI Report Type" }, + { FR_LMI_ANSI_LINK_VERIFY_IE_91, "ANSI Link Verify" }, + { FR_LMI_ANSI_LINK_VERIFY_IE, "ANSI Link Verify" }, + { FR_LMI_ANSI_PVC_STATUS_IE, "ANSI PVC Status" }, + { FR_LMI_CCITT_REPORT_TYPE_IE, "CCITT Report Type" }, + { FR_LMI_CCITT_LINK_VERIFY_IE, "CCITT Link Verify" }, + { FR_LMI_CCITT_PVC_STATUS_IE, "CCITT PVC Status" }, + { 0, NULL } }; -#define REPORT_TYPE_IE 0x01 -#define LINK_VERIFY_IE_91 0x19 -#define LINK_VERIFY_IE_94 0x03 -#define PVC_STATUS_IE 0x07 +#define FR_LMI_REPORT_TYPE_IE_FULL_STATUS 0 +#define FR_LMI_REPORT_TYPE_IE_LINK_VERIFY 1 +#define FR_LMI_REPORT_TYPE_IE_ASYNC_PVC 2 -#define MAX_IE_SIZE +static const struct tok fr_lmi_report_type_ie_values[] = { + { FR_LMI_REPORT_TYPE_IE_FULL_STATUS, "Full Status" }, + { FR_LMI_REPORT_TYPE_IE_LINK_VERIFY, "Link verify" }, + { FR_LMI_REPORT_TYPE_IE_ASYNC_PVC, "Async PVC Status" }, + { 0, NULL } +}; -struct common_ie_header { - u_int8_t ie_id; - u_int8_t ie_len; +/* array of 16 codesets - currently we only support codepage 0 and 5 */ +static const struct tok *fr_q933_ie_codesets[] = { + fr_q933_ie_values_codeset_0_5, + NULL, + NULL, + NULL, + NULL, + fr_q933_ie_values_codeset_0_5, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL }; -#define FULL_STATUS 0 -#define LINK_VERIFY 1 -#define ASYNC_PVC 2 +static int fr_q933_print_ie_codeset_0_5(netdissect_options *ndo, u_int iecode, + u_int ielength, const u_char *p); -static void -q933_print(const u_char *p, int length) +typedef int (*codeset_pr_func_t)(netdissect_options *, u_int iecode, + u_int ielength, const u_char *p); + +/* array of 16 codesets - currently we only support codepage 0 and 5 */ +static const codeset_pr_func_t fr_q933_print_ie_codeset[] = { + fr_q933_print_ie_codeset_0_5, + NULL, + NULL, + NULL, + NULL, + fr_q933_print_ie_codeset_0_5, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL +}; + +/* + * ITU-T Q.933. + * + * p points to octet 2, the octet containing the length of the + * call reference value, so p[n] is octet n+2 ("octet X" is as + * used in Q.931/Q.933). + * + * XXX - actually used both for Q.931 and Q.933. + */ +void +q933_print(netdissect_options *ndo, + const u_char *p, u_int length) { - struct q933_header *header = (struct q933_header *)(p+1); - const u_char *ptemp = p; - int ie_len; - const char *decode_str; - char temp_str[255]; - struct common_ie_header *ie_p; - + u_int olen; + u_int call_ref_length, i; + uint8_t call_ref[15]; /* maximum length - length field is 4 bits */ + u_int msgtype; + u_int iecode; + u_int ielength; + u_int codeset = 0; + u_int is_ansi = 0; + u_int ie_is_known; + u_int non_locking_shift; + u_int unshift_codeset; + + ndo->ndo_protocol = "q.933"; + ND_PRINT("%s", ndo->ndo_eflag ? "" : "Q.933"); + + if (length == 0 || !ND_TTEST_1(p)) { + if (!ndo->ndo_eflag) + ND_PRINT(", "); + ND_PRINT("length %u", length); + goto trunc; + } + + /* + * Get the length of the call reference value. + */ + olen = length; /* preserve the original length for display */ + call_ref_length = GET_U_1(p) & 0x0f; + p++; + length--; + + /* + * Get the call reference value. + */ + for (i = 0; i < call_ref_length; i++) { + if (length == 0 || !ND_TTEST_1(p)) { + if (!ndo->ndo_eflag) + ND_PRINT(", "); + ND_PRINT("length %u", olen); + goto trunc; + } + call_ref[i] = GET_U_1(p); + p++; + length--; + } + + /* + * Get the message type. + */ + if (length == 0 || !ND_TTEST_1(p)) { + if (!ndo->ndo_eflag) + ND_PRINT(", "); + ND_PRINT("length %u", olen); + goto trunc; + } + msgtype = GET_U_1(p); + p++; + length--; + + /* + * Peek ahead to see if we start with a shift. + */ + non_locking_shift = 0; + unshift_codeset = codeset; + if (length != 0) { + if (!ND_TTEST_1(p)) { + if (!ndo->ndo_eflag) + ND_PRINT(", "); + ND_PRINT("length %u", olen); + goto trunc; + } + iecode = GET_U_1(p); + if (IE_IS_SHIFT(iecode)) { + /* + * It's a shift. Skip over it. + */ + p++; + length--; + + /* + * Get the codeset. + */ + codeset = IE_SHIFT_CODESET(iecode); + + /* + * If it's a locking shift to codeset 5, + * mark this as ANSI. (XXX - 5 is actually + * for national variants in general, not + * the US variant in particular, but maybe + * this is more American exceptionalism. :-)) + */ + if (IE_SHIFT_IS_LOCKING(iecode)) { + /* + * It's a locking shift. + */ + if (codeset == 5) { + /* + * It's a locking shift to + * codeset 5, so this is + * T1.617 Annex D. + */ + is_ansi = 1; + } + } else { + /* + * It's a non-locking shift. + * Remember the current codeset, so we + * can revert to it after the next IE. + */ + non_locking_shift = 1; + unshift_codeset = 0; + } + } + } + /* printing out header part */ - printf("Call Ref: %02x, MSG Type: %02x", - header->call_ref, header->msg_type); - switch(header->msg_type) { - case MSG_TYPE_STATUS: - decode_str = "STATUS REPLY"; - break; - case MSG_TYPE_STATUS_ENQ: - decode_str = "STATUS ENQUIRY"; - break; - default: - decode_str = "UNKNOWN MSG Type"; + if (!ndo->ndo_eflag) + ND_PRINT(", "); + ND_PRINT("%s, codeset %u", is_ansi ? "ANSI" : "CCITT", codeset); + + if (call_ref_length != 0) { + ND_TCHECK_1(p); + if (call_ref_length > 1 || GET_U_1(p) != 0) { + /* + * Not a dummy call reference. + */ + ND_PRINT(", Call Ref: 0x"); + for (i = 0; i < call_ref_length; i++) + ND_PRINT("%02x", call_ref[i]); + } } - printf(" %s\n", decode_str); - - length = length - 3; - ptemp = ptemp + 3; - - /* Loop through the rest of IE */ - while( length > 0 ) { - if (ptemp[0] & ONE_BYTE_IE_MASK) { - ie_len = 1; - printf("\t\tOne byte IE: %02x, Content %02x\n", - (*ptemp & 0x70)>>4, (*ptemp & 0x0F)); + if (ndo->ndo_vflag) { + ND_PRINT(", %s (0x%02x), length %u", + tok2str(fr_q933_msg_values, + "unknown message", msgtype), + msgtype, + olen); + } else { + ND_PRINT(", %s", + tok2str(fr_q933_msg_values, + "unknown message 0x%02x", msgtype)); + } + + /* Loop through the rest of the IEs */ + while (length != 0) { + /* + * What's the state of any non-locking shifts? + */ + if (non_locking_shift == 1) { + /* + * There's a non-locking shift in effect for + * this IE. Count it, so we reset the codeset + * before the next IE. + */ + non_locking_shift = 2; + } else if (non_locking_shift == 2) { + /* + * Unshift. + */ + codeset = unshift_codeset; + non_locking_shift = 0; + } + + /* + * Get the first octet of the IE. + */ + if (!ND_TTEST_1(p)) { + if (!ndo->ndo_vflag) { + ND_PRINT(", length %u", olen); + } + goto trunc; + } + iecode = GET_U_1(p); + p++; length--; - ptemp++; - } - else { /* Multi-byte IE */ - ie_p = (struct common_ie_header *)ptemp; - switch (ie_p->ie_id) { - case REPORT_TYPE_IE: - switch(ptemp[2]) { - case FULL_STATUS: - decode_str = "FULL STATUS"; - break; - case LINK_VERIFY: - decode_str = "LINK VERIFY"; - break; - case ASYNC_PVC: - decode_str = "Async PVC Status"; - break; - default: - decode_str = "Reserved Value"; - } - break; - case LINK_VERIFY_IE_91: - case LINK_VERIFY_IE_94: - snprintf(temp_str, sizeof (temp_str), "TX Seq: %3d, RX Seq: %3d", - ptemp[2], ptemp[3]); - decode_str = temp_str; - break; - case PVC_STATUS_IE: - snprintf(temp_str, sizeof (temp_str), "DLCI %d: status %s %s", - ((ptemp[2]&0x3f)<<4)+ ((ptemp[3]&0x78)>>3), - ptemp[4] & 0x8 ?"new,":" ", - ptemp[4] & 0x2 ?"Active":"Inactive"); - break; - default: - decode_str = "Non-decoded Value"; + + /* Single-octet IE? */ + if (IE_IS_SINGLE_OCTET(iecode)) { + /* + * Yes. Is it a shift? + */ + if (IE_IS_SHIFT(iecode)) { + /* + * Yes. Is it locking? + */ + if (IE_SHIFT_IS_LOCKING(iecode)) { + /* + * Yes. + */ + non_locking_shift = 0; + } else { + /* + * No. Remember the current + * codeset, so we can revert + * to it after the next IE. + */ + non_locking_shift = 1; + unshift_codeset = codeset; + } + + /* + * Get the codeset. + */ + codeset = IE_SHIFT_CODESET(iecode); + } + } else { + /* + * No. Get the IE length. + */ + if (length == 0 || !ND_TTEST_1(p)) { + if (!ndo->ndo_vflag) { + ND_PRINT(", length %u", olen); + } + goto trunc; + } + ielength = GET_U_1(p); + p++; + length--; + + /* lets do the full IE parsing only in verbose mode + * however some IEs (DLCI Status, Link Verify) + * are also interesting in non-verbose mode */ + if (ndo->ndo_vflag) { + ND_PRINT("\n\t%s IE (0x%02x), length %u: ", + tok2str(fr_q933_ie_codesets[codeset], + "unknown", iecode), + iecode, + ielength); + } + + /* sanity checks */ + if (iecode == 0 || ielength == 0) { + return; + } + if (length < ielength || !ND_TTEST_LEN(p, ielength)) { + if (!ndo->ndo_vflag) { + ND_PRINT(", length %u", olen); + } + goto trunc; + } + + ie_is_known = 0; + if (fr_q933_print_ie_codeset[codeset] != NULL) { + ie_is_known = fr_q933_print_ie_codeset[codeset](ndo, iecode, ielength, p); + } + + if (ie_is_known) { + /* + * Known IE; do we want to see a hexdump + * of it? + */ + if (ndo->ndo_vflag > 1) { + /* Yes. */ + print_unknown_data(ndo, p, "\n\t ", ielength); + } + } else { + /* + * Unknown IE; if we're printing verbosely, + * print its content in hex. + */ + if (ndo->ndo_vflag >= 1) { + print_unknown_data(ndo, p, "\n\t", ielength); + } + } + + length -= ielength; + p += ielength; } - printf("\t\tIE: %02X Len: %d, %s\n", - ie_p->ie_id, ie_p->ie_len, decode_str); - length = length - ie_p->ie_len - 2; - ptemp = ptemp + ie_p->ie_len + 2; + } + if (!ndo->ndo_vflag) { + ND_PRINT(", length %u", olen); + } + return; + +trunc: + nd_print_trunc(ndo); +} + +static int +fr_q933_print_ie_codeset_0_5(netdissect_options *ndo, u_int iecode, + u_int ielength, const u_char *p) +{ + u_int dlci; + + switch (iecode) { + + case FR_LMI_ANSI_REPORT_TYPE_IE: /* fall through */ + case FR_LMI_CCITT_REPORT_TYPE_IE: + if (ielength < 1) { + if (!ndo->ndo_vflag) { + ND_PRINT(", "); + } + ND_PRINT("Invalid REPORT TYPE IE"); + return 1; + } + if (ndo->ndo_vflag) { + ND_PRINT("%s (%u)", + tok2str(fr_lmi_report_type_ie_values,"unknown",GET_U_1(p)), + GET_U_1(p)); + } + return 1; + + case FR_LMI_ANSI_LINK_VERIFY_IE: /* fall through */ + case FR_LMI_CCITT_LINK_VERIFY_IE: + case FR_LMI_ANSI_LINK_VERIFY_IE_91: + if (!ndo->ndo_vflag) { + ND_PRINT(", "); + } + if (ielength < 2) { + ND_PRINT("Invalid LINK VERIFY IE"); + return 1; + } + ND_PRINT("TX Seq: %3d, RX Seq: %3d", GET_U_1(p), GET_U_1(p + 1)); + return 1; + + case FR_LMI_ANSI_PVC_STATUS_IE: /* fall through */ + case FR_LMI_CCITT_PVC_STATUS_IE: + if (!ndo->ndo_vflag) { + ND_PRINT(", "); } + /* now parse the DLCI information element. */ + if ((ielength < 3) || + (GET_U_1(p) & 0x80) || + ((ielength == 3) && !(GET_U_1(p + 1) & 0x80)) || + ((ielength == 4) && + ((GET_U_1(p + 1) & 0x80) || !(GET_U_1(p + 2) & 0x80))) || + ((ielength == 5) && + ((GET_U_1(p + 1) & 0x80) || (GET_U_1(p + 2) & 0x80) || + !(GET_U_1(p + 3) & 0x80))) || + (ielength > 5) || + !(GET_U_1(p + ielength - 1) & 0x80)) { + ND_PRINT("Invalid DLCI in PVC STATUS IE"); + return 1; + } + + dlci = ((GET_U_1(p) & 0x3F) << 4) | ((GET_U_1(p + 1) & 0x78) >> 3); + if (ielength == 4) { + dlci = (dlci << 6) | ((GET_U_1(p + 2) & 0x7E) >> 1); + } + else if (ielength == 5) { + dlci = (dlci << 13) | (GET_U_1(p + 2) & 0x7F) | ((GET_U_1(p + 3) & 0x7E) >> 1); + } + + ND_PRINT("DLCI %u: status %s%s", dlci, + GET_U_1(p + ielength - 1) & 0x8 ? "New, " : "", + GET_U_1(p + ielength - 1) & 0x2 ? "Active" : "Inactive"); + return 1; } + + return 0; }