Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / tcpdump / 2949f58a438f6fd85f66a8b7ed4708042cde4b37 / . / print-llc.c
blob: bc4198501ab779f24c76efd888fb0767e6712f41 [file] [log] [blame]
The Android Open Source Project2949f582009-03-03 19:30:46 -0800[diff] [blame^]1/*
2 * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * Code by Matt Thomas, Digital Equipment Corporation
22 * with an awful lot of hacking by Jeffrey Mogul, DECWRL
23 */
24
25#ifndef lint
26static const char rcsid[] _U_ =
27 "@(#) $Header: /tcpdump/master/tcpdump/print-llc.c,v 1.61.2.10 2007/02/08 07:07:51 guy Exp $";
28#endif
29
30#ifdef HAVE_CONFIG_H
31#include "config.h"
32#endif
33
34#include <tcpdump-stdinc.h>
35
36#include <stdio.h>
37#include <string.h>
38
39#include "interface.h"
40#include "addrtoname.h"
41#include "extract.h" /* must come after interface.h */
42
43#include "llc.h"
44#include "ethertype.h"
45#include "oui.h"
46
47static struct tok llc_values[] = {
48 { LLCSAP_NULL, "Null" },
49 { LLCSAP_GLOBAL, "Global" },
50 { LLCSAP_8021B_I, "802.1B I" },
51 { LLCSAP_8021B_G, "802.1B G" },
52 { LLCSAP_IP, "IP" },
53 { LLCSAP_SNA, "SNA" },
54 { LLCSAP_PROWAYNM, "ProWay NM" },
55 { LLCSAP_8021D, "STP" },
56 { LLCSAP_RS511, "RS511" },
57 { LLCSAP_ISO8208, "ISO8208" },
58 { LLCSAP_PROWAY, "ProWay" },
59 { LLCSAP_SNAP, "SNAP" },
60 { LLCSAP_IPX, "IPX" },
61 { LLCSAP_NETBEUI, "NetBeui" },
62 { LLCSAP_ISONS, "OSI" },
63 { 0, NULL },
64};
65
66static struct tok llc_cmd_values[] = {
67 { LLC_UI, "ui" },
68 { LLC_TEST, "test" },
69 { LLC_XID, "xid" },
70 { LLC_UA, "ua" },
71 { LLC_DISC, "disc" },
72 { LLC_DM, "dm" },
73 { LLC_SABME, "sabme" },
74 { LLC_FRMR, "frmr" },
75 { 0, NULL }
76};
77
78static const struct tok llc_flag_values[] = {
79 { 0, "Command" },
80 { LLC_GSAP, "Response" },
81 { LLC_U_POLL, "Poll" },
82 { LLC_GSAP|LLC_U_POLL, "Final" },
83 { LLC_IS_POLL, "Poll" },
84 { LLC_GSAP|LLC_IS_POLL, "Final" },
85 { 0, NULL }
86};
87
88
89static const struct tok llc_ig_flag_values[] = {
90 { 0, "Individual" },
91 { LLC_IG, "Group" },
92 { 0, NULL }
93};
94
95
96static const struct tok llc_supervisory_values[] = {
97 { 0, "Receiver Ready" },
98 { 1, "Receiver not Ready" },
99 { 2, "Reject" },
100 { 0, NULL }
101};
102
103
104static const struct tok cisco_values[] = {
105 { PID_CISCO_CDP, "CDP" },
106 { PID_CISCO_VTP, "VTP" },
107 { PID_CISCO_DTP, "DTP" },
108 { 0, NULL }
109};
110
111static const struct tok bridged_values[] = {
112 { PID_RFC2684_ETH_FCS, "Ethernet + FCS" },
113 { PID_RFC2684_ETH_NOFCS, "Ethernet w/o FCS" },
114 { PID_RFC2684_802_4_FCS, "802.4 + FCS" },
115 { PID_RFC2684_802_4_NOFCS, "802.4 w/o FCS" },
116 { PID_RFC2684_802_5_FCS, "Token Ring + FCS" },
117 { PID_RFC2684_802_5_NOFCS, "Token Ring w/o FCS" },
118 { PID_RFC2684_FDDI_FCS, "FDDI + FCS" },
119 { PID_RFC2684_FDDI_NOFCS, "FDDI w/o FCS" },
120 { PID_RFC2684_802_6_FCS, "802.6 + FCS" },
121 { PID_RFC2684_802_6_NOFCS, "802.6 w/o FCS" },
122 { PID_RFC2684_BPDU, "BPDU" },
123 { 0, NULL },
124};
125
126static const struct tok null_values[] = {
127 { 0, NULL }
128};
129
130struct oui_tok {
131 u_int32_t oui;
132 const struct tok *tok;
133};
134
135static const struct oui_tok oui_to_tok[] = {
136 { OUI_ENCAP_ETHER, ethertype_values },
137 { OUI_CISCO_90, ethertype_values }, /* uses some Ethertype values */
138 { OUI_APPLETALK, ethertype_values }, /* uses some Ethertype values */
139 { OUI_CISCO, cisco_values },
140 { OUI_RFC2684, bridged_values }, /* bridged, RFC 2427 FR or RFC 2864 ATM */
141 { 0, NULL }
142};
143
144/*
145 * Returns non-zero IFF it succeeds in printing the header
146 */
147int
148llc_print(const u_char *p, u_int length, u_int caplen,
149 const u_char *esrc, const u_char *edst, u_short *extracted_ethertype)
150{
151 u_int8_t dsap_field, dsap, ssap_field, ssap;
152 u_int16_t control;
153 int is_u;
154 register int ret;
155
156 *extracted_ethertype = 0;
157
158 if (caplen < 3) {
159 (void)printf("[|llc]");
160 default_print((u_char *)p, caplen);
161 return(0);
162 }
163
164 dsap_field = *p;
165 ssap_field = *(p + 1);
166
167 /*
168 * OK, what type of LLC frame is this? The length
169 * of the control field depends on that - I frames
170 * have a two-byte control field, and U frames have
171 * a one-byte control field.
172 */
173 control = *(p + 2);
174 if ((control & LLC_U_FMT) == LLC_U_FMT) {
175 /*
176 * U frame.
177 */
178 is_u = 1;
179 } else {
180 /*
181 * The control field in I and S frames is
182 * 2 bytes...
183 */
184 if (caplen < 4) {
185 (void)printf("[|llc]");
186 default_print((u_char *)p, caplen);
187 return(0);
188 }
189
190 /*
191 * ...and is little-endian.
192 */
193 control = EXTRACT_LE_16BITS(p + 2);
194 is_u = 0;
195 }
196
197 if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) {
198 /*
199 * This is an Ethernet_802.3 IPX frame; it has an
200 * 802.3 header (i.e., an Ethernet header where the
201 * type/length field is <= ETHERMTU, i.e. it's a length
202 * field, not a type field), but has no 802.2 header -
203 * the IPX packet starts right after the Ethernet header,
204 * with a signature of two bytes of 0xFF (which is
205 * LLCSAP_GLOBAL).
206 *
207 * (It might also have been an Ethernet_802.3 IPX at
208 * one time, but got bridged onto another network,
209 * such as an 802.11 network; this has appeared in at
210 * least one capture file.)
211 */
212
213 if (eflag)
214 printf("IPX 802.3: ");
215
216 ipx_print(p, length);
217 return (1);
218 }
219
220 dsap = dsap_field & ~LLC_IG;
221 ssap = ssap_field & ~LLC_GSAP;
222
223 if (eflag) {
224 printf("LLC, dsap %s (0x%02x) %s, ssap %s (0x%02x) %s",
225 tok2str(llc_values, "Unknown", dsap),
226 dsap,
227 tok2str(llc_ig_flag_values, "Unknown", dsap_field & LLC_IG),
228 tok2str(llc_values, "Unknown", ssap),
229 ssap,
230 tok2str(llc_flag_values, "Unknown", ssap_field & LLC_GSAP));
231
232 if (is_u) {
233 printf(", ctrl 0x%02x: ", control);
234 } else {
235 printf(", ctrl 0x%04x: ", control);
236 }
237 }
238
239 if (ssap == LLCSAP_8021D && dsap == LLCSAP_8021D &&
240 control == LLC_UI) {
241 stp_print(p+3, length-3);
242 return (1);
243 }
244
245 if (ssap == LLCSAP_IP && dsap == LLCSAP_IP &&
246 control == LLC_UI) {
247 ip_print(gndo, p+4, length-4);
248 return (1);
249 }
250
251 if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX &&
252 control == LLC_UI) {
253 /*
254 * This is an Ethernet_802.2 IPX frame, with an 802.3
255 * header and an 802.2 LLC header with the source and
256 * destination SAPs being the IPX SAP.
257 *
258 * Skip DSAP, LSAP, and control field.
259 */
260 if (eflag)
261 printf("IPX 802.2: ");
262
263 ipx_print(p+3, length-3);
264 return (1);
265 }
266
267#ifdef TCPDUMP_DO_SMB
268 if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI
269 && (!(control & LLC_S_FMT) || control == LLC_U_FMT)) {
270 /*
271 * we don't actually have a full netbeui parser yet, but the
272 * smb parser can handle many smb-in-netbeui packets, which
273 * is very useful, so we call that
274 *
275 * We don't call it for S frames, however, just I frames
276 * (which are frames that don't have the low-order bit,
277 * LLC_S_FMT, set in the first byte of the control field)
278 * and UI frames (whose control field is just 3, LLC_U_FMT).
279 */
280
281 /*
282 * Skip the LLC header.
283 */
284 if (is_u) {
285 p += 3;
286 length -= 3;
287 caplen -= 3;
288 } else {
289 p += 4;
290 length -= 4;
291 caplen -= 4;
292 }
293 netbeui_print(control, p, length);
294 return (1);
295 }
296#endif
297 if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS
298 && control == LLC_UI) {
299 isoclns_print(p + 3, length - 3, caplen - 3);
300 return (1);
301 }
302
303 if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP
304 && control == LLC_UI) {
305 /*
306 * XXX - what *is* the right bridge pad value here?
307 * Does anybody ever bridge one form of LAN traffic
308 * over a networking type that uses 802.2 LLC?
309 */
310 ret = snap_print(p+3, length-3, caplen-3, extracted_ethertype,
311 2);
312 if (ret)
313 return (ret);
314 }
315
316 if (!eflag) {
317 if (ssap == dsap) {
318 if (esrc == NULL || edst == NULL)
319 (void)printf("%s ", tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
320 else
321 (void)printf("%s > %s %s ",
322 etheraddr_string(esrc),
323 etheraddr_string(edst),
324 tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
325 } else {
326 if (esrc == NULL || edst == NULL)
327 (void)printf("%s > %s ",
328 tok2str(llc_values, "Unknown SSAP 0x%02x", ssap),
329 tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
330 else
331 (void)printf("%s %s > %s %s ",
332 etheraddr_string(esrc),
333 tok2str(llc_values, "Unknown SSAP 0x%02x", ssap),
334 etheraddr_string(edst),
335 tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
336 }
337 }
338
339 if (is_u) {
340 printf("Unnumbered, %s, Flags [%s], length %u",
341 tok2str(llc_cmd_values, "%02x", LLC_U_CMD(control)),
342 tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_U_POLL)),
343 length);
344
345 p += 3;
346 length -= 3;
347 caplen -= 3;
348
349 if ((control & ~LLC_U_POLL) == LLC_XID) {
350 if (*p == LLC_XID_FI) {
351 printf(": %02x %02x", p[1], p[2]);
352 p += 3;
353 length -= 3;
354 caplen -= 3;
355 }
356 }
357 } else {
358 if ((control & LLC_S_FMT) == LLC_S_FMT) {
359 (void)printf("Supervisory, %s, rcv seq %u, Flags [%s], length %u",
360 tok2str(llc_supervisory_values,"?",LLC_S_CMD(control)),
361 LLC_IS_NR(control),
362 tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)),
363 length);
364 } else {
365 (void)printf("Information, send seq %u, rcv seq %u, Flags [%s], length %u",
366 LLC_I_NS(control),
367 LLC_IS_NR(control),
368 tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)),
369 length);
370 }
371 p += 4;
372 length -= 4;
373 caplen -= 4;
374 }
375 return(1);
376}
377
378int
379snap_print(const u_char *p, u_int length, u_int caplen,
380 u_short *extracted_ethertype, u_int bridge_pad)
381{
382 u_int32_t orgcode;
383 register u_short et;
384 register int ret;
385
386 TCHECK2(*p, 5);
387 orgcode = EXTRACT_24BITS(p);
388 et = EXTRACT_16BITS(p + 3);
389
390 if (eflag) {
391 const struct tok *tok = null_values;
392 const struct oui_tok *otp;
393
394 for (otp = &oui_to_tok[0]; otp->tok != NULL; otp++) {
395 if (otp->oui == orgcode) {
396 tok = otp->tok;
397 break;
398 }
399 }
400 (void)printf("oui %s (0x%06x), %s %s (0x%04x): ",
401 tok2str(oui_values, "Unknown", orgcode),
402 orgcode,
403 (orgcode == 0x000000 ? "ethertype" : "pid"),
404 tok2str(tok, "Unknown", et),
405 et);
406 }
407 p += 5;
408 length -= 5;
409 caplen -= 5;
410
411 switch (orgcode) {
412 case OUI_ENCAP_ETHER:
413 case OUI_CISCO_90:
414 /*
415 * This is an encapsulated Ethernet packet,
416 * or a packet bridged by some piece of
417 * Cisco hardware; the protocol ID is
418 * an Ethernet protocol type.
419 */
420 ret = ether_encap_print(et, p, length, caplen,
421 extracted_ethertype);
422 if (ret)
423 return (ret);
424 break;
425
426 case OUI_APPLETALK:
427 if (et == ETHERTYPE_ATALK) {
428 /*
429 * No, I have no idea why Apple used one
430 * of their own OUIs, rather than
431 * 0x000000, and an Ethernet packet
432 * type, for Appletalk data packets,
433 * but used 0x000000 and an Ethernet
434 * packet type for AARP packets.
435 */
436 ret = ether_encap_print(et, p, length, caplen,
437 extracted_ethertype);
438 if (ret)
439 return (ret);
440 }
441 break;
442
443 case OUI_CISCO:
444 if (et == PID_CISCO_CDP) {
445 cdp_print(p, length, caplen);
446 return (1);
447 }
448 break;
449
450 case OUI_RFC2684:
451 switch (et) {
452
453 case PID_RFC2684_ETH_FCS:
454 case PID_RFC2684_ETH_NOFCS:
455 /*
456 * XXX - remove the last two bytes for
457 * PID_RFC2684_ETH_FCS?
458 */
459 /*
460 * Skip the padding.
461 */
462 TCHECK2(*p, bridge_pad);
463 caplen -= bridge_pad;
464 length -= bridge_pad;
465 p += bridge_pad;
466
467 /*
468 * What remains is an Ethernet packet.
469 */
470 ether_print(p, length, caplen);
471 return (1);
472
473 case PID_RFC2684_802_5_FCS:
474 case PID_RFC2684_802_5_NOFCS:
475 /*
476 * XXX - remove the last two bytes for
477 * PID_RFC2684_ETH_FCS?
478 */
479 /*
480 * Skip the padding, but not the Access
481 * Control field.
482 */
483 TCHECK2(*p, bridge_pad);
484 caplen -= bridge_pad;
485 length -= bridge_pad;
486 p += bridge_pad;
487
488 /*
489 * What remains is an 802.5 Token Ring
490 * packet.
491 */
492 token_print(p, length, caplen);
493 return (1);
494
495 case PID_RFC2684_FDDI_FCS:
496 case PID_RFC2684_FDDI_NOFCS:
497 /*
498 * XXX - remove the last two bytes for
499 * PID_RFC2684_ETH_FCS?
500 */
501 /*
502 * Skip the padding.
503 */
504 TCHECK2(*p, bridge_pad + 1);
505 caplen -= bridge_pad + 1;
506 length -= bridge_pad + 1;
507 p += bridge_pad + 1;
508
509 /*
510 * What remains is an FDDI packet.
511 */
512 fddi_print(p, length, caplen);
513 return (1);
514
515 case PID_RFC2684_BPDU:
516 stp_print(p, length);
517 return (1);
518 }
519 }
520 return (0);
521
522trunc:
523 (void)printf("[|snap]");
524 return (1);
525}
526
527
528/*
529 * Local Variables:
530 * c-style: whitesmith
531 * c-basic-offset: 8
532 * End:
533 */