X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/ec799d60f6cd3f41041b57efe3963c28dda94d4a..a8c33a5850cd9d2f39e56c06b645c283225d78c4:/print-llc.c diff --git a/print-llc.c b/print-llc.c index d20fbdf1..750a8ccd 100644 --- a/print-llc.c +++ b/print-llc.c @@ -22,29 +22,23 @@ * with an awful lot of hacking by Jeffrey Mogul, DECWRL */ -#ifndef lint -static const char rcsid[] _U_ = - "@(#) $Header: /tcpdump/master/tcpdump/print-llc.c,v 1.75 2007-04-13 09:43:11 hannes Exp $"; -#endif +/* \summary: IEEE 802.2 LLC printer */ #ifdef HAVE_CONFIG_H -#include "config.h" +#include #endif -#include - -#include -#include +#include "netdissect-stdinc.h" -#include "interface.h" +#include "netdissect.h" #include "addrtoname.h" -#include "extract.h" /* must come after interface.h */ +#include "extract.h" #include "llc.h" #include "ethertype.h" #include "oui.h" -static struct tok llc_values[] = { +static const struct tok llc_values[] = { { LLCSAP_NULL, "Null" }, { LLCSAP_GLOBAL, "Global" }, { LLCSAP_8021B_I, "802.1B I" }, @@ -63,7 +57,7 @@ static struct tok llc_values[] = { { 0, NULL }, }; -static struct tok llc_cmd_values[] = { +static const struct tok llc_cmd_values[] = { { LLC_UI, "ui" }, { LLC_TEST, "test" }, { LLC_XID, "xid" }, @@ -75,7 +69,7 @@ static struct tok llc_cmd_values[] = { { 0, NULL } }; -static const struct tok llc_flag_values[] = { +static const struct tok llc_flag_values[] = { { 0, "Command" }, { LLC_GSAP, "Response" }, { LLC_U_POLL, "Poll" }, @@ -86,14 +80,14 @@ static const struct tok llc_flag_values[] = { }; -static const struct tok llc_ig_flag_values[] = { +static const struct tok llc_ig_flag_values[] = { { 0, "Individual" }, { LLC_IG, "Group" }, { 0, NULL } }; -static const struct tok llc_supervisory_values[] = { +static const struct tok llc_supervisory_values[] = { { 0, "Receiver Ready" }, { 1, "Receiver not Ready" }, { 2, "Reject" }, @@ -101,16 +95,17 @@ static const struct tok llc_supervisory_values[] = { }; -static const struct tok cisco_values[] = { +static const struct tok cisco_values[] = { { PID_CISCO_CDP, "CDP" }, { PID_CISCO_VTP, "VTP" }, { PID_CISCO_DTP, "DTP" }, { PID_CISCO_UDLD, "UDLD" }, { PID_CISCO_PVST, "PVST" }, + { PID_CISCO_VLANBRIDGE, "VLAN Bridge" }, { 0, NULL } }; -static const struct tok bridged_values[] = { +static const struct tok bridged_values[] = { { PID_RFC2684_ETH_FCS, "Ethernet + FCS" }, { PID_RFC2684_ETH_NOFCS, "Ethernet w/o FCS" }, { PID_RFC2684_802_4_FCS, "802.4 + FCS" }, @@ -125,12 +120,12 @@ static const struct tok bridged_values[] = { { 0, NULL }, }; -static const struct tok null_values[] = { +static const struct tok null_values[] = { { 0, NULL } }; struct oui_tok { - u_int32_t oui; + uint32_t oui; const struct tok *tok; }; @@ -144,27 +139,36 @@ static const struct oui_tok oui_to_tok[] = { }; /* - * Returns non-zero IFF it succeeds in printing the header + * If we printed information about the payload, returns the length of the LLC + * header, plus the length of any SNAP header following it. + * + * Otherwise (for example, if the packet has unknown SAPs or has a SNAP + * header with an unknown OUI/PID combination), returns the *negative* + * of that value. */ int -llc_print(const u_char *p, u_int length, u_int caplen, - const u_char *esrc, const u_char *edst, u_short *extracted_ethertype) +llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, + const struct lladdr_info *src, const struct lladdr_info *dst) { - u_int8_t dsap_field, dsap, ssap_field, ssap; - u_int16_t control; + uint8_t dsap_field, dsap, ssap_field, ssap; + uint16_t control; + int hdrlen; int is_u; - register int ret; - - *extracted_ethertype = 0; + ndo->ndo_protocol = "llc"; if (caplen < 3) { - (void)printf("[|llc]"); - default_print((u_char *)p, caplen); - return(0); + nd_print_trunc(ndo); + ND_DEFAULTPRINT((const u_char *)p, caplen); + return (caplen); + } + if (length < 3) { + nd_print_trunc(ndo); + ND_DEFAULTPRINT((const u_char *)p, caplen); + return (length); } - dsap_field = *p; - ssap_field = *(p + 1); + dsap_field = GET_U_1(p); + ssap_field = GET_U_1(p + 1); /* * OK, what type of LLC frame is this? The length @@ -172,39 +176,46 @@ llc_print(const u_char *p, u_int length, u_int caplen, * have a two-byte control field, and U frames have * a one-byte control field. */ - control = *(p + 2); + control = GET_U_1(p + 2); if ((control & LLC_U_FMT) == LLC_U_FMT) { /* * U frame. */ is_u = 1; + hdrlen = 3; /* DSAP, SSAP, 1-byte control field */ } else { /* * The control field in I and S frames is * 2 bytes... */ if (caplen < 4) { - (void)printf("[|llc]"); - default_print((u_char *)p, caplen); - return(0); + nd_print_trunc(ndo); + ND_DEFAULTPRINT((const u_char *)p, caplen); + return (caplen); + } + if (length < 4) { + nd_print_trunc(ndo); + ND_DEFAULTPRINT((const u_char *)p, caplen); + return (length); } /* * ...and is little-endian. */ - control = EXTRACT_LE_16BITS(p + 2); + control = GET_LE_U_2(p + 2); is_u = 0; + hdrlen = 4; /* DSAP, SSAP, 2-byte control field */ } if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) { /* * This is an Ethernet_802.3 IPX frame; it has an * 802.3 header (i.e., an Ethernet header where the - * type/length field is <= ETHERMTU, i.e. it's a length - * field, not a type field), but has no 802.2 header - - * the IPX packet starts right after the Ethernet header, - * with a signature of two bytes of 0xFF (which is - * LLCSAP_GLOBAL). + * type/length field is <= MAX_ETHERNET_LENGTH_VAL, + * i.e. it's a length field, not a type field), but + * has no 802.2 header - the IPX packet starts right + * after the Ethernet header, with a signature of two + * bytes of 0xFF (which is LLCSAP_GLOBAL). * * (It might also have been an Ethernet_802.3 IPX at * one time, but got bridged onto another network, @@ -212,18 +223,18 @@ llc_print(const u_char *p, u_int length, u_int caplen, * least one capture file.) */ - if (eflag) - printf("IPX 802.3: "); + if (ndo->ndo_eflag) + ND_PRINT("IPX 802.3: "); - ipx_print(p, length); - return (1); + ipx_print(ndo, p, length); + return (0); /* no LLC header */ } dsap = dsap_field & ~LLC_IG; ssap = ssap_field & ~LLC_GSAP; - if (eflag) { - printf("LLC, dsap %s (0x%02x) %s, ssap %s (0x%02x) %s", + if (ndo->ndo_eflag) { + ND_PRINT("LLC, dsap %s (0x%02x) %s, ssap %s (0x%02x) %s", tok2str(llc_values, "Unknown", dsap), dsap, tok2str(llc_ig_flag_values, "Unknown", dsap_field & LLC_IG), @@ -232,22 +243,53 @@ llc_print(const u_char *p, u_int length, u_int caplen, tok2str(llc_flag_values, "Unknown", ssap_field & LLC_GSAP)); if (is_u) { - printf(", ctrl 0x%02x: ", control); + ND_PRINT(", ctrl 0x%02x: ", control); } else { - printf(", ctrl 0x%04x: ", control); + ND_PRINT(", ctrl 0x%04x: ", control); } } + /* + * Skip LLC header. + */ + p += hdrlen; + length -= hdrlen; + caplen -= hdrlen; + + if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP + && control == LLC_UI) { + /* + * XXX - what *is* the right bridge pad value here? + * Does anybody ever bridge one form of LAN traffic + * over a networking type that uses 802.2 LLC? + */ + if (!snap_print(ndo, p, length, caplen, src, dst, 2)) { + /* + * Unknown packet type; tell our caller, by + * returning a negative value, so they + * can print the raw packet. + */ + return (-(hdrlen + 5)); /* include LLC and SNAP header */ + } else + return (hdrlen + 5); /* include LLC and SNAP header */ + } + if (ssap == LLCSAP_8021D && dsap == LLCSAP_8021D && control == LLC_UI) { - stp_print(p+3, length-3); - return (1); + stp_print(ndo, p, length); + return (hdrlen); } if (ssap == LLCSAP_IP && dsap == LLCSAP_IP && control == LLC_UI) { - ip_print(gndo, p+4, length-4); - return (1); + /* + * This is an RFC 948-style IP packet, with + * an 802.3 header and an 802.2 LLC header + * with the source and destination SAPs being + * the IP SAP. + */ + ip_print(ndo, p, length); + return (hdrlen); } if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX && @@ -256,17 +298,15 @@ llc_print(const u_char *p, u_int length, u_int caplen, * This is an Ethernet_802.2 IPX frame, with an 802.3 * header and an 802.2 LLC header with the source and * destination SAPs being the IPX SAP. - * - * Skip DSAP, LSAP, and control field. */ - if (eflag) - printf("IPX 802.2: "); + if (ndo->ndo_eflag) + ND_PRINT("IPX 802.2: "); - ipx_print(p+3, length-3); - return (1); + ipx_print(ndo, p, length); + return (hdrlen); } -#ifdef TCPDUMP_DO_SMB +#ifdef ENABLE_SMB if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI && (!(control & LLC_S_FMT) || control == LLC_U_FMT)) { /* @@ -279,130 +319,134 @@ llc_print(const u_char *p, u_int length, u_int caplen, * LLC_S_FMT, set in the first byte of the control field) * and UI frames (whose control field is just 3, LLC_U_FMT). */ - - /* - * Skip the LLC header. - */ - if (is_u) { - p += 3; - length -= 3; - caplen -= 3; - } else { - p += 4; - length -= 4; - caplen -= 4; - } - netbeui_print(control, p, length); - return (1); + netbeui_print(ndo, control, p, length); + return (hdrlen); } #endif if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS && control == LLC_UI) { - isoclns_print(p + 3, length - 3, caplen - 3); - return (1); - } - - if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP - && control == LLC_UI) { - /* - * XXX - what *is* the right bridge pad value here? - * Does anybody ever bridge one form of LAN traffic - * over a networking type that uses 802.2 LLC? - */ - ret = snap_print(p+3, length-3, caplen-3, 2); - if (ret) - return (ret); + isoclns_print(ndo, p, length); + return (hdrlen); } - if (!eflag) { + if (!ndo->ndo_eflag) { if (ssap == dsap) { - if (esrc == NULL || edst == NULL) - (void)printf("%s ", tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); + if (src == NULL || dst == NULL) + ND_PRINT("%s ", tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); else - (void)printf("%s > %s %s ", - etheraddr_string(esrc), - etheraddr_string(edst), + ND_PRINT("%s > %s %s ", + (src->addr_string)(ndo, src->addr), + (dst->addr_string)(ndo, dst->addr), tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); } else { - if (esrc == NULL || edst == NULL) - (void)printf("%s > %s ", + if (src == NULL || dst == NULL) + ND_PRINT("%s > %s ", tok2str(llc_values, "Unknown SSAP 0x%02x", ssap), tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); else - (void)printf("%s %s > %s %s ", - etheraddr_string(esrc), + ND_PRINT("%s %s > %s %s ", + (src->addr_string)(ndo, src->addr), tok2str(llc_values, "Unknown SSAP 0x%02x", ssap), - etheraddr_string(edst), + (dst->addr_string)(ndo, dst->addr), tok2str(llc_values, "Unknown DSAP 0x%02x", dsap)); } } if (is_u) { - printf("Unnumbered, %s, Flags [%s], length %u", + ND_PRINT("Unnumbered, %s, Flags [%s], length %u", tok2str(llc_cmd_values, "%02x", LLC_U_CMD(control)), tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_U_POLL)), - length); - - p += 3; - length -= 3; - caplen -= 3; + length + hdrlen); if ((control & ~LLC_U_POLL) == LLC_XID) { - if (*p == LLC_XID_FI) { - printf(": %02x %02x", p[1], p[2]); - p += 3; - length -= 3; - caplen -= 3; + if (length == 0) { + /* + * XID with no payload. + * This could, for example, be an SNA + * "short form" XID. + */ + return (hdrlen); + } + if (caplen < 1) { + nd_print_trunc(ndo); + if (caplen > 0) + ND_DEFAULTPRINT((const u_char *)p, caplen); + return (hdrlen); + } + if (GET_U_1(p) == LLC_XID_FI) { + if (caplen < 3 || length < 3) { + nd_print_trunc(ndo); + if (caplen > 0) + ND_DEFAULTPRINT((const u_char *)p, caplen); + } else + ND_PRINT(": %02x %02x", + GET_U_1(p + 1), + GET_U_1(p + 2)); + return (hdrlen); } } } else { if ((control & LLC_S_FMT) == LLC_S_FMT) { - (void)printf("Supervisory, %s, rcv seq %u, Flags [%s], length %u", + ND_PRINT("Supervisory, %s, rcv seq %u, Flags [%s], length %u", tok2str(llc_supervisory_values,"?",LLC_S_CMD(control)), LLC_IS_NR(control), tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)), - length); + length + hdrlen); + return (hdrlen); /* no payload to print */ } else { - (void)printf("Information, send seq %u, rcv seq %u, Flags [%s], length %u", + ND_PRINT("Information, send seq %u, rcv seq %u, Flags [%s], length %u", LLC_I_NS(control), LLC_IS_NR(control), tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)), - length); + length + hdrlen); } - p += 4; - length -= 4; - caplen -= 4; } - return(1); + return (-hdrlen); } -int -snap_print(const u_char *p, u_int length, u_int caplen, u_int bridge_pad) +static const struct tok * +oui_to_struct_tok(uint32_t orgcode) { - u_int32_t orgcode; - register u_short et; - register int ret; - - TCHECK2(*p, 5); - orgcode = EXTRACT_24BITS(p); - et = EXTRACT_16BITS(p + 3); - - if (eflag) { - const struct tok *tok = null_values; - const struct oui_tok *otp; - - for (otp = &oui_to_tok[0]; otp->tok != NULL; otp++) { - if (otp->oui == orgcode) { - tok = otp->tok; - break; - } + const struct tok *tok = null_values; + const struct oui_tok *otp; + + for (otp = &oui_to_tok[0]; otp->tok != NULL; otp++) { + if (otp->oui == orgcode) { + tok = otp->tok; + break; } - (void)printf("oui %s (0x%06x), %s %s (0x%04x): ", + } + return (tok); +} + +int +snap_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen, + const struct lladdr_info *src, const struct lladdr_info *dst, + u_int bridge_pad) +{ + uint32_t orgcode; + u_short et; + int ret; + + ndo->ndo_protocol = "snap"; + ND_TCHECK_5(p); + if (caplen < 5 || length < 5) + goto trunc; + orgcode = GET_BE_U_3(p); + et = GET_BE_U_2(p + 3); + + if (ndo->ndo_eflag) { + /* + * Somebody's already printed the MAC addresses, if there + * are any, so just print the SNAP header, not the MAC + * addresses. + */ + ND_PRINT("oui %s (0x%06x), %s %s (0x%04x), length %u: ", tok2str(oui_values, "Unknown", orgcode), orgcode, (orgcode == 0x000000 ? "ethertype" : "pid"), - tok2str(tok, "Unknown", et), - et); + tok2str(oui_to_struct_tok(orgcode), "Unknown", et), + et, length - 5); } p += 5; length -= 5; @@ -417,7 +461,7 @@ snap_print(const u_char *p, u_int length, u_int caplen, u_int bridge_pad) * Cisco hardware; the protocol ID is * an Ethernet protocol type. */ - ret = ethertype_print(et, p, length, caplen); + ret = ethertype_print(ndo, et, p, length, caplen, src, dst); if (ret) return (ret); break; @@ -432,7 +476,7 @@ snap_print(const u_char *p, u_int length, u_int caplen, u_int bridge_pad) * but used 0x000000 and an Ethernet * packet type for AARP packets. */ - ret = ethertype_print(et, p, length, caplen); + ret = ethertype_print(ndo, et, p, length, caplen, src, dst); if (ret) return (ret); } @@ -441,23 +485,25 @@ snap_print(const u_char *p, u_int length, u_int caplen, u_int bridge_pad) case OUI_CISCO: switch (et) { case PID_CISCO_CDP: - cdp_print(p, length, caplen); + cdp_print(ndo, p, length, caplen); return (1); case PID_CISCO_DTP: - dtp_print(p, length); + dtp_print(ndo, p, length); return (1); case PID_CISCO_UDLD: - udld_print(p, length); + udld_print(ndo, p, length); return (1); case PID_CISCO_VTP: - vtp_print(p, length); + vtp_print(ndo, p, length); return (1); case PID_CISCO_PVST: - stp_print(p, length); + case PID_CISCO_VLANBRIDGE: + stp_print(ndo, p, length); return (1); default: break; } + break; case OUI_RFC2684: switch (et) { @@ -471,7 +517,7 @@ snap_print(const u_char *p, u_int length, u_int caplen, u_int bridge_pad) /* * Skip the padding. */ - TCHECK2(*p, bridge_pad); + ND_TCHECK_LEN(p, bridge_pad); caplen -= bridge_pad; length -= bridge_pad; p += bridge_pad; @@ -479,7 +525,7 @@ snap_print(const u_char *p, u_int length, u_int caplen, u_int bridge_pad) /* * What remains is an Ethernet packet. */ - ether_print(p, length, caplen, NULL, NULL); + ether_print(ndo, p, length, caplen, NULL, NULL); return (1); case PID_RFC2684_802_5_FCS: @@ -492,7 +538,7 @@ snap_print(const u_char *p, u_int length, u_int caplen, u_int bridge_pad) * Skip the padding, but not the Access * Control field. */ - TCHECK2(*p, bridge_pad); + ND_TCHECK_LEN(p, bridge_pad); caplen -= bridge_pad; length -= bridge_pad; p += bridge_pad; @@ -501,7 +547,7 @@ snap_print(const u_char *p, u_int length, u_int caplen, u_int bridge_pad) * What remains is an 802.5 Token Ring * packet. */ - token_print(p, length, caplen); + token_print(ndo, p, length, caplen); return (1); case PID_RFC2684_FDDI_FCS: @@ -513,7 +559,7 @@ snap_print(const u_char *p, u_int length, u_int caplen, u_int bridge_pad) /* * Skip the padding. */ - TCHECK2(*p, bridge_pad + 1); + ND_TCHECK_LEN(p, bridge_pad + 1); caplen -= bridge_pad + 1; length -= bridge_pad + 1; p += bridge_pad + 1; @@ -521,25 +567,44 @@ snap_print(const u_char *p, u_int length, u_int caplen, u_int bridge_pad) /* * What remains is an FDDI packet. */ - fddi_print(p, length, caplen); + fddi_print(ndo, p, length, caplen); return (1); case PID_RFC2684_BPDU: - stp_print(p, length); + stp_print(ndo, p, length); return (1); } } + if (!ndo->ndo_eflag) { + /* + * Nobody printed the link-layer addresses, so print them, if + * we have any. + */ + if (src != NULL && dst != NULL) { + ND_PRINT("%s > %s ", + (src->addr_string)(ndo, src->addr), + (dst->addr_string)(ndo, dst->addr)); + } + /* + * Print the SNAP header, but if the OUI is 000000, don't + * bother printing it, and report the PID as being an + * ethertype. + */ + if (orgcode == 0x000000) { + ND_PRINT("SNAP, ethertype %s (0x%04x), length %u: ", + tok2str(ethertype_values, "Unknown", et), + et, length); + } else { + ND_PRINT("SNAP, oui %s (0x%06x), pid %s (0x%04x), length %u: ", + tok2str(oui_values, "Unknown", orgcode), + orgcode, + tok2str(oui_to_struct_tok(orgcode), "Unknown", et), + et, length); + } + } return (0); trunc: - (void)printf("[|snap]"); + nd_print_trunc(ndo); return (1); } - - -/* - * Local Variables: - * c-style: whitesmith - * c-basic-offset: 8 - * End: - */