static void
loopback_message_print(netdissect_options *ndo, const u_char *cp, const u_int len)
{
const u_char *ep = cp + len;
uint16_t function;
if (len < 2)
goto invalid;
/* function */
ND_TCHECK_2(cp);
function = EXTRACT_LE_U_2(cp);
cp += 2;
ND_PRINT(", %s", tok2str(fcode_str, " invalid (%u)", function));
switch (function) {
case LOOPBACK_REPLY:
if (len < 4)
goto invalid;
/* receipt number */
ND_TCHECK_2(cp);
ND_PRINT(", receipt number %u", EXTRACT_LE_U_2(cp));
cp += 2;
/* data */
ND_PRINT(", data (%u octets)", len - 4);
ND_TCHECK_LEN(cp, len - 4);
break;
case LOOPBACK_FWDDATA:
if (len < 8)
goto invalid;
/* forwarding address */
ND_TCHECK_LEN(cp, MAC_ADDR_LEN);
ND_PRINT(", forwarding address %s", etheraddr_string(ndo, cp));
cp += MAC_ADDR_LEN;
/* data */
ND_PRINT(", data (%u octets)", len - 8);
ND_TCHECK_LEN(cp, len - 8);
break;
default:
ND_TCHECK_LEN(cp, len - 2);
break;
}
return;
invalid:
ND_PRINT("%s", istr);
ND_TCHECK_LEN(cp, ep - cp);
return;
trunc:
ND_PRINT("%s", tstr);
}
void
loopback_print(netdissect_options *ndo, const u_char *cp, const u_int len)
{
const u_char *ep = cp + len;
uint16_t skipCount;
ND_PRINT("Loopback");
if (len < 2)
goto invalid;
/* skipCount */
ND_TCHECK_2(cp);
skipCount = EXTRACT_LE_U_2(cp);
cp += 2;
ND_PRINT(", skipCount %u", skipCount);
if (skipCount % 8)
ND_PRINT(" (bogus)");
if (skipCount > len - 2)
goto invalid;
loopback_message_print(ndo, cp + skipCount, len - 2 - skipCount);
return;
invalid:
ND_PRINT("%s", istr);
ND_TCHECK_LEN(cp, ep - cp);
return;
trunc:
ND_PRINT("%s", tstr);
}
/*
* Print RRCP requests
*/
void
rrcp_print(netdissect_options *ndo,
const u_char *cp,
u_int length _U_,
const struct lladdr_info *src,
const struct lladdr_info *dst)
{
uint8_t rrcp_proto;
uint8_t rrcp_opcode;
ndo->ndo_protocol = "rrcp";
ND_TCHECK_1(cp + RRCP_PROTO_OFFSET);
rrcp_proto = EXTRACT_U_1(cp + RRCP_PROTO_OFFSET);
ND_TCHECK_1(cp + RRCP_OPCODE_ISREPLY_OFFSET);
rrcp_opcode = EXTRACT_U_1((cp + RRCP_OPCODE_ISREPLY_OFFSET)) & RRCP_OPCODE_MASK;
if (src != NULL && dst != NULL) {
ND_PRINT("%s > %s, ",
(src->addr_string)(ndo, src->addr),
(dst->addr_string)(ndo, dst->addr));
}
ND_PRINT("%s %s",
tok2str(proto_values,"RRCP-0x%02x",rrcp_proto),
((EXTRACT_U_1(cp + RRCP_OPCODE_ISREPLY_OFFSET)) & RRCP_ISREPLY) ? "reply" : "query");
if (rrcp_proto==1){
ND_PRINT(": %s",
tok2str(opcode_values,"unknown opcode (0x%02x)",rrcp_opcode));
}
if (rrcp_opcode==1 || rrcp_opcode==2){
ND_TCHECK_6(cp + RRCP_REG_ADDR_OFFSET);
ND_PRINT(" addr=0x%04x, data=0x%08x",
EXTRACT_LE_U_2(cp + RRCP_REG_ADDR_OFFSET),
EXTRACT_LE_U_4(cp + RRCP_REG_DATA_OFFSET));
}
if (rrcp_proto==1){
ND_TCHECK_2(cp + RRCP_AUTHKEY_OFFSET);
ND_PRINT(", auth=0x%04x",
EXTRACT_BE_U_2(cp + RRCP_AUTHKEY_OFFSET));
}
if (rrcp_proto==1 && rrcp_opcode==0 &&
((EXTRACT_U_1(cp + RRCP_OPCODE_ISREPLY_OFFSET)) & RRCP_ISREPLY)){
ND_TCHECK_4(cp + RRCP_VENDOR_ID_OFFSET);
ND_PRINT(" downlink_port=%u, uplink_port=%u, uplink_mac=%s, vendor_id=%08x ,chip_id=%04x ",
EXTRACT_U_1(cp + RRCP_DOWNLINK_PORT_OFFSET),
EXTRACT_U_1(cp + RRCP_UPLINK_PORT_OFFSET),
etheraddr_string(ndo, cp + RRCP_UPLINK_MAC_OFFSET),
EXTRACT_BE_U_4(cp + RRCP_VENDOR_ID_OFFSET),
EXTRACT_BE_U_2(cp + RRCP_CHIP_ID_OFFSET));
}else if (rrcp_opcode==1 || rrcp_opcode==2 || rrcp_proto==2){
ND_TCHECK_4(cp + RRCP_COOKIE2_OFFSET);
ND_PRINT(", cookie=0x%08x%08x ",
EXTRACT_BE_U_4(cp + RRCP_COOKIE2_OFFSET),
EXTRACT_BE_U_4(cp + RRCP_COOKIE1_OFFSET));
}
return;
trunc:
nd_print_trunc(ndo);
}
/*
* If we printed information about the payload, returns the length of the LLC
* header, plus the length of any SNAP header following it.
*
* Otherwise (for example, if the packet has unknown SAPs or has a SNAP
* header with an unknown OUI/PID combination), returns the *negative*
* of that value.
*/
int
llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen,
const struct lladdr_info *src, const struct lladdr_info *dst)
{
uint8_t dsap_field, dsap, ssap_field, ssap;
uint16_t control;
int hdrlen;
int is_u;
if (caplen < 3) {
ND_PRINT("[|llc]");
ND_DEFAULTPRINT((const u_char *)p, caplen);
return (caplen);
}
if (length < 3) {
ND_PRINT("[|llc]");
ND_DEFAULTPRINT((const u_char *)p, caplen);
return (length);
}
dsap_field = EXTRACT_U_1(p);
ssap_field = EXTRACT_U_1(p + 1);
/*
* OK, what type of LLC frame is this? The length
* of the control field depends on that - I frames
* have a two-byte control field, and U frames have
* a one-byte control field.
*/
control = EXTRACT_U_1(p + 2);
if ((control & LLC_U_FMT) == LLC_U_FMT) {
/*
* U frame.
*/
is_u = 1;
hdrlen = 3; /* DSAP, SSAP, 1-byte control field */
} else {
/*
* The control field in I and S frames is
* 2 bytes...
*/
if (caplen < 4) {
ND_PRINT("[|llc]");
ND_DEFAULTPRINT((const u_char *)p, caplen);
return (caplen);
}
if (length < 4) {
ND_PRINT("[|llc]");
ND_DEFAULTPRINT((const u_char *)p, caplen);
return (length);
}
/*
* ...and is little-endian.
*/
control = EXTRACT_LE_U_2(p + 2);
is_u = 0;
hdrlen = 4; /* DSAP, SSAP, 2-byte control field */
}
if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) {
/*
* This is an Ethernet_802.3 IPX frame; it has an
* 802.3 header (i.e., an Ethernet header where the
* type/length field is <= MAX_ETHERNET_LENGTH_VAL,
* i.e. it's a length field, not a type field), but
* has no 802.2 header - the IPX packet starts right
* after the Ethernet header, with a signature of two
* bytes of 0xFF (which is LLCSAP_GLOBAL).
*
* (It might also have been an Ethernet_802.3 IPX at
* one time, but got bridged onto another network,
* such as an 802.11 network; this has appeared in at
* least one capture file.)
*/
if (ndo->ndo_eflag)
ND_PRINT("IPX 802.3: ");
ipx_print(ndo, p, length);
return (0); /* no LLC header */
}
dsap = dsap_field & ~LLC_IG;
ssap = ssap_field & ~LLC_GSAP;
if (ndo->ndo_eflag) {
ND_PRINT("LLC, dsap %s (0x%02x) %s, ssap %s (0x%02x) %s",
tok2str(llc_values, "Unknown", dsap),
dsap,
tok2str(llc_ig_flag_values, "Unknown", dsap_field & LLC_IG),
tok2str(llc_values, "Unknown", ssap),
ssap,
tok2str(llc_flag_values, "Unknown", ssap_field & LLC_GSAP));
if (is_u) {
ND_PRINT(", ctrl 0x%02x: ", control);
} else {
ND_PRINT(", ctrl 0x%04x: ", control);
}
}
/*
* Skip LLC header.
*/
p += hdrlen;
length -= hdrlen;
caplen -= hdrlen;
if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP
&& control == LLC_UI) {
/*
* XXX - what *is* the right bridge pad value here?
* Does anybody ever bridge one form of LAN traffic
* over a networking type that uses 802.2 LLC?
*/
if (!snap_print(ndo, p, length, caplen, src, dst, 2)) {
/*
* Unknown packet type; tell our caller, by
* returning a negative value, so they
* can print the raw packet.
*/
return (-(hdrlen + 5)); /* include LLC and SNAP header */
} else
return (hdrlen + 5); /* include LLC and SNAP header */
}
if (ssap == LLCSAP_8021D && dsap == LLCSAP_8021D &&
control == LLC_UI) {
stp_print(ndo, p, length);
return (hdrlen);
}
if (ssap == LLCSAP_IP && dsap == LLCSAP_IP &&
control == LLC_UI) {
/*
* This is an RFC 948-style IP packet, with
* an 802.3 header and an 802.2 LLC header
* with the source and destination SAPs being
* the IP SAP.
*/
ip_print(ndo, p, length);
return (hdrlen);
}
if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX &&
control == LLC_UI) {
/*
* This is an Ethernet_802.2 IPX frame, with an 802.3
* header and an 802.2 LLC header with the source and
* destination SAPs being the IPX SAP.
*/
if (ndo->ndo_eflag)
ND_PRINT("IPX 802.2: ");
ipx_print(ndo, p, length);
return (hdrlen);
}
#ifdef ENABLE_SMB
if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI
&& (!(control & LLC_S_FMT) || control == LLC_U_FMT)) {
/*
* we don't actually have a full netbeui parser yet, but the
* smb parser can handle many smb-in-netbeui packets, which
* is very useful, so we call that
*
* We don't call it for S frames, however, just I frames
* (which are frames that don't have the low-order bit,
* LLC_S_FMT, set in the first byte of the control field)
* and UI frames (whose control field is just 3, LLC_U_FMT).
*/
netbeui_print(ndo, control, p, length);
return (hdrlen);
}
#endif
if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS
&& control == LLC_UI) {
isoclns_print(ndo, p, length);
return (hdrlen);
}
if (!ndo->ndo_eflag) {
if (ssap == dsap) {
if (src == NULL || dst == NULL)
ND_PRINT("%s ", tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
else
ND_PRINT("%s > %s %s ",
(src->addr_string)(ndo, src->addr),
(dst->addr_string)(ndo, dst->addr),
tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
} else {
if (src == NULL || dst == NULL)
ND_PRINT("%s > %s ",
tok2str(llc_values, "Unknown SSAP 0x%02x", ssap),
tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
else
ND_PRINT("%s %s > %s %s ",
(src->addr_string)(ndo, src->addr),
tok2str(llc_values, "Unknown SSAP 0x%02x", ssap),
(dst->addr_string)(ndo, dst->addr),
tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
}
}
if (is_u) {
ND_PRINT("Unnumbered, %s, Flags [%s], length %u",
tok2str(llc_cmd_values, "%02x", LLC_U_CMD(control)),
tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_U_POLL)),
length + hdrlen);
if ((control & ~LLC_U_POLL) == LLC_XID) {
if (length == 0) {
/*
* XID with no payload.
* This could, for example, be an SNA
* "short form" XID.
*/
return (hdrlen);
}
if (caplen < 1) {
ND_PRINT("[|llc]");
if (caplen > 0)
ND_DEFAULTPRINT((const u_char *)p, caplen);
return (hdrlen);
}
if (EXTRACT_U_1(p) == LLC_XID_FI) {
if (caplen < 3 || length < 3) {
ND_PRINT("[|llc]");
if (caplen > 0)
ND_DEFAULTPRINT((const u_char *)p, caplen);
} else
ND_PRINT(": %02x %02x",
EXTRACT_U_1(p + 1),
EXTRACT_U_1(p + 2));
return (hdrlen);
}
}
} else {
if ((control & LLC_S_FMT) == LLC_S_FMT) {
ND_PRINT("Supervisory, %s, rcv seq %u, Flags [%s], length %u",
tok2str(llc_supervisory_values,"?",LLC_S_CMD(control)),
LLC_IS_NR(control),
tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)),
length + hdrlen);
return (hdrlen); /* no payload to print */
} else {
ND_PRINT("Information, send seq %u, rcv seq %u, Flags [%s], length %u",
LLC_I_NS(control),
LLC_IS_NR(control),
tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)),
length + hdrlen);
}
}
return (-hdrlen);
}
