1*05b00f60SXin Li /*
2*05b00f60SXin Li * Copyright (c) 1992, 1993, 1994, 1995, 1996, 1997
3*05b00f60SXin Li * The Regents of the University of California. All rights reserved.
4*05b00f60SXin Li *
5*05b00f60SXin Li * Redistribution and use in source and binary forms, with or without
6*05b00f60SXin Li * modification, are permitted provided that: (1) source code distributions
7*05b00f60SXin Li * retain the above copyright notice and this paragraph in its entirety, (2)
8*05b00f60SXin Li * distributions including binary code include the above copyright notice and
9*05b00f60SXin Li * this paragraph in its entirety in the documentation or other materials
10*05b00f60SXin Li * provided with the distribution, and (3) all advertising materials mentioning
11*05b00f60SXin Li * features or use of this software display the following acknowledgement:
12*05b00f60SXin Li * ``This product includes software developed by the University of California,
13*05b00f60SXin Li * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14*05b00f60SXin Li * the University nor the names of its contributors may be used to endorse
15*05b00f60SXin Li * or promote products derived from this software without specific prior
16*05b00f60SXin Li * written permission.
17*05b00f60SXin Li * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18*05b00f60SXin Li * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19*05b00f60SXin Li * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20*05b00f60SXin Li *
21*05b00f60SXin Li * Code by Matt Thomas, Digital Equipment Corporation
22*05b00f60SXin Li * with an awful lot of hacking by Jeffrey Mogul, DECWRL
23*05b00f60SXin Li */
24*05b00f60SXin Li
25*05b00f60SXin Li /* \summary: IEEE 802.2 LLC printer */
26*05b00f60SXin Li
27*05b00f60SXin Li #ifdef HAVE_CONFIG_H
28*05b00f60SXin Li #include <config.h>
29*05b00f60SXin Li #endif
30*05b00f60SXin Li
31*05b00f60SXin Li #include "netdissect-stdinc.h"
32*05b00f60SXin Li
33*05b00f60SXin Li #include "netdissect.h"
34*05b00f60SXin Li #include "addrtoname.h"
35*05b00f60SXin Li #include "extract.h"
36*05b00f60SXin Li
37*05b00f60SXin Li #include "llc.h"
38*05b00f60SXin Li #include "ethertype.h"
39*05b00f60SXin Li #include "oui.h"
40*05b00f60SXin Li
41*05b00f60SXin Li static const struct tok llc_values[] = {
42*05b00f60SXin Li { LLCSAP_NULL, "Null" },
43*05b00f60SXin Li { LLCSAP_GLOBAL, "Global" },
44*05b00f60SXin Li { LLCSAP_8021B_I, "802.1B I" },
45*05b00f60SXin Li { LLCSAP_8021B_G, "802.1B G" },
46*05b00f60SXin Li { LLCSAP_IP, "IP" },
47*05b00f60SXin Li { LLCSAP_SNA, "SNA" },
48*05b00f60SXin Li { LLCSAP_PROWAYNM, "ProWay NM" },
49*05b00f60SXin Li { LLCSAP_8021D, "STP" },
50*05b00f60SXin Li { LLCSAP_RS511, "RS511" },
51*05b00f60SXin Li { LLCSAP_ISO8208, "ISO8208" },
52*05b00f60SXin Li { LLCSAP_PROWAY, "ProWay" },
53*05b00f60SXin Li { LLCSAP_SNAP, "SNAP" },
54*05b00f60SXin Li { LLCSAP_IPX, "IPX" },
55*05b00f60SXin Li { LLCSAP_NETBEUI, "NetBeui" },
56*05b00f60SXin Li { LLCSAP_ISONS, "OSI" },
57*05b00f60SXin Li { 0, NULL },
58*05b00f60SXin Li };
59*05b00f60SXin Li
60*05b00f60SXin Li static const struct tok llc_cmd_values[] = {
61*05b00f60SXin Li { LLC_UI, "ui" },
62*05b00f60SXin Li { LLC_TEST, "test" },
63*05b00f60SXin Li { LLC_XID, "xid" },
64*05b00f60SXin Li { LLC_UA, "ua" },
65*05b00f60SXin Li { LLC_DISC, "disc" },
66*05b00f60SXin Li { LLC_DM, "dm" },
67*05b00f60SXin Li { LLC_SABME, "sabme" },
68*05b00f60SXin Li { LLC_FRMR, "frmr" },
69*05b00f60SXin Li { 0, NULL }
70*05b00f60SXin Li };
71*05b00f60SXin Li
72*05b00f60SXin Li static const struct tok llc_flag_values[] = {
73*05b00f60SXin Li { 0, "Command" },
74*05b00f60SXin Li { LLC_GSAP, "Response" },
75*05b00f60SXin Li { LLC_U_POLL, "Poll" },
76*05b00f60SXin Li { LLC_GSAP|LLC_U_POLL, "Final" },
77*05b00f60SXin Li { LLC_IS_POLL, "Poll" },
78*05b00f60SXin Li { LLC_GSAP|LLC_IS_POLL, "Final" },
79*05b00f60SXin Li { 0, NULL }
80*05b00f60SXin Li };
81*05b00f60SXin Li
82*05b00f60SXin Li
83*05b00f60SXin Li static const struct tok llc_ig_flag_values[] = {
84*05b00f60SXin Li { 0, "Individual" },
85*05b00f60SXin Li { LLC_IG, "Group" },
86*05b00f60SXin Li { 0, NULL }
87*05b00f60SXin Li };
88*05b00f60SXin Li
89*05b00f60SXin Li
90*05b00f60SXin Li static const struct tok llc_supervisory_values[] = {
91*05b00f60SXin Li { 0, "Receiver Ready" },
92*05b00f60SXin Li { 1, "Receiver not Ready" },
93*05b00f60SXin Li { 2, "Reject" },
94*05b00f60SXin Li { 0, NULL }
95*05b00f60SXin Li };
96*05b00f60SXin Li
97*05b00f60SXin Li
98*05b00f60SXin Li static const struct tok cisco_values[] = {
99*05b00f60SXin Li { PID_CISCO_CDP, "CDP" },
100*05b00f60SXin Li { PID_CISCO_VTP, "VTP" },
101*05b00f60SXin Li { PID_CISCO_DTP, "DTP" },
102*05b00f60SXin Li { PID_CISCO_UDLD, "UDLD" },
103*05b00f60SXin Li { PID_CISCO_PVST, "PVST" },
104*05b00f60SXin Li { PID_CISCO_VLANBRIDGE, "VLAN Bridge" },
105*05b00f60SXin Li { 0, NULL }
106*05b00f60SXin Li };
107*05b00f60SXin Li
108*05b00f60SXin Li static const struct tok bridged_values[] = {
109*05b00f60SXin Li { PID_RFC2684_ETH_FCS, "Ethernet + FCS" },
110*05b00f60SXin Li { PID_RFC2684_ETH_NOFCS, "Ethernet w/o FCS" },
111*05b00f60SXin Li { PID_RFC2684_802_4_FCS, "802.4 + FCS" },
112*05b00f60SXin Li { PID_RFC2684_802_4_NOFCS, "802.4 w/o FCS" },
113*05b00f60SXin Li { PID_RFC2684_802_5_FCS, "Token Ring + FCS" },
114*05b00f60SXin Li { PID_RFC2684_802_5_NOFCS, "Token Ring w/o FCS" },
115*05b00f60SXin Li { PID_RFC2684_FDDI_FCS, "FDDI + FCS" },
116*05b00f60SXin Li { PID_RFC2684_FDDI_NOFCS, "FDDI w/o FCS" },
117*05b00f60SXin Li { PID_RFC2684_802_6_FCS, "802.6 + FCS" },
118*05b00f60SXin Li { PID_RFC2684_802_6_NOFCS, "802.6 w/o FCS" },
119*05b00f60SXin Li { PID_RFC2684_BPDU, "BPDU" },
120*05b00f60SXin Li { 0, NULL },
121*05b00f60SXin Li };
122*05b00f60SXin Li
123*05b00f60SXin Li static const struct tok null_values[] = {
124*05b00f60SXin Li { 0, NULL }
125*05b00f60SXin Li };
126*05b00f60SXin Li
127*05b00f60SXin Li struct oui_tok {
128*05b00f60SXin Li uint32_t oui;
129*05b00f60SXin Li const struct tok *tok;
130*05b00f60SXin Li };
131*05b00f60SXin Li
132*05b00f60SXin Li static const struct oui_tok oui_to_tok[] = {
133*05b00f60SXin Li { OUI_ENCAP_ETHER, ethertype_values },
134*05b00f60SXin Li { OUI_CISCO_90, ethertype_values }, /* uses some Ethertype values */
135*05b00f60SXin Li { OUI_APPLETALK, ethertype_values }, /* uses some Ethertype values */
136*05b00f60SXin Li { OUI_CISCO, cisco_values },
137*05b00f60SXin Li { OUI_RFC2684, bridged_values }, /* bridged, RFC 2427 FR or RFC 2864 ATM */
138*05b00f60SXin Li { 0, NULL }
139*05b00f60SXin Li };
140*05b00f60SXin Li
141*05b00f60SXin Li /*
142*05b00f60SXin Li * If we printed information about the payload, returns the length of the LLC
143*05b00f60SXin Li * header, plus the length of any SNAP header following it.
144*05b00f60SXin Li *
145*05b00f60SXin Li * Otherwise (for example, if the packet has unknown SAPs or has a SNAP
146*05b00f60SXin Li * header with an unknown OUI/PID combination), returns the *negative*
147*05b00f60SXin Li * of that value.
148*05b00f60SXin Li */
149*05b00f60SXin Li int
llc_print(netdissect_options * ndo,const u_char * p,u_int length,u_int caplen,const struct lladdr_info * src,const struct lladdr_info * dst)150*05b00f60SXin Li llc_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen,
151*05b00f60SXin Li const struct lladdr_info *src, const struct lladdr_info *dst)
152*05b00f60SXin Li {
153*05b00f60SXin Li uint8_t dsap_field, dsap, ssap_field, ssap;
154*05b00f60SXin Li uint16_t control;
155*05b00f60SXin Li int hdrlen;
156*05b00f60SXin Li int is_u;
157*05b00f60SXin Li
158*05b00f60SXin Li ndo->ndo_protocol = "llc";
159*05b00f60SXin Li if (caplen < 3) {
160*05b00f60SXin Li nd_print_trunc(ndo);
161*05b00f60SXin Li ND_DEFAULTPRINT((const u_char *)p, caplen);
162*05b00f60SXin Li return (caplen);
163*05b00f60SXin Li }
164*05b00f60SXin Li if (length < 3) {
165*05b00f60SXin Li nd_print_trunc(ndo);
166*05b00f60SXin Li ND_DEFAULTPRINT((const u_char *)p, caplen);
167*05b00f60SXin Li return (length);
168*05b00f60SXin Li }
169*05b00f60SXin Li
170*05b00f60SXin Li dsap_field = GET_U_1(p);
171*05b00f60SXin Li ssap_field = GET_U_1(p + 1);
172*05b00f60SXin Li
173*05b00f60SXin Li /*
174*05b00f60SXin Li * OK, what type of LLC frame is this? The length
175*05b00f60SXin Li * of the control field depends on that - I frames
176*05b00f60SXin Li * have a two-byte control field, and U frames have
177*05b00f60SXin Li * a one-byte control field.
178*05b00f60SXin Li */
179*05b00f60SXin Li control = GET_U_1(p + 2);
180*05b00f60SXin Li if ((control & LLC_U_FMT) == LLC_U_FMT) {
181*05b00f60SXin Li /*
182*05b00f60SXin Li * U frame.
183*05b00f60SXin Li */
184*05b00f60SXin Li is_u = 1;
185*05b00f60SXin Li hdrlen = 3; /* DSAP, SSAP, 1-byte control field */
186*05b00f60SXin Li } else {
187*05b00f60SXin Li /*
188*05b00f60SXin Li * The control field in I and S frames is
189*05b00f60SXin Li * 2 bytes...
190*05b00f60SXin Li */
191*05b00f60SXin Li if (caplen < 4) {
192*05b00f60SXin Li nd_print_trunc(ndo);
193*05b00f60SXin Li ND_DEFAULTPRINT((const u_char *)p, caplen);
194*05b00f60SXin Li return (caplen);
195*05b00f60SXin Li }
196*05b00f60SXin Li if (length < 4) {
197*05b00f60SXin Li nd_print_trunc(ndo);
198*05b00f60SXin Li ND_DEFAULTPRINT((const u_char *)p, caplen);
199*05b00f60SXin Li return (length);
200*05b00f60SXin Li }
201*05b00f60SXin Li
202*05b00f60SXin Li /*
203*05b00f60SXin Li * ...and is little-endian.
204*05b00f60SXin Li */
205*05b00f60SXin Li control = GET_LE_U_2(p + 2);
206*05b00f60SXin Li is_u = 0;
207*05b00f60SXin Li hdrlen = 4; /* DSAP, SSAP, 2-byte control field */
208*05b00f60SXin Li }
209*05b00f60SXin Li
210*05b00f60SXin Li if (ssap_field == LLCSAP_GLOBAL && dsap_field == LLCSAP_GLOBAL) {
211*05b00f60SXin Li /*
212*05b00f60SXin Li * This is an Ethernet_802.3 IPX frame; it has an
213*05b00f60SXin Li * 802.3 header (i.e., an Ethernet header where the
214*05b00f60SXin Li * type/length field is <= MAX_ETHERNET_LENGTH_VAL,
215*05b00f60SXin Li * i.e. it's a length field, not a type field), but
216*05b00f60SXin Li * has no 802.2 header - the IPX packet starts right
217*05b00f60SXin Li * after the Ethernet header, with a signature of two
218*05b00f60SXin Li * bytes of 0xFF (which is LLCSAP_GLOBAL).
219*05b00f60SXin Li *
220*05b00f60SXin Li * (It might also have been an Ethernet_802.3 IPX at
221*05b00f60SXin Li * one time, but got bridged onto another network,
222*05b00f60SXin Li * such as an 802.11 network; this has appeared in at
223*05b00f60SXin Li * least one capture file.)
224*05b00f60SXin Li */
225*05b00f60SXin Li
226*05b00f60SXin Li if (ndo->ndo_eflag)
227*05b00f60SXin Li ND_PRINT("IPX 802.3: ");
228*05b00f60SXin Li
229*05b00f60SXin Li ipx_print(ndo, p, length);
230*05b00f60SXin Li return (0); /* no LLC header */
231*05b00f60SXin Li }
232*05b00f60SXin Li
233*05b00f60SXin Li dsap = dsap_field & ~LLC_IG;
234*05b00f60SXin Li ssap = ssap_field & ~LLC_GSAP;
235*05b00f60SXin Li
236*05b00f60SXin Li if (ndo->ndo_eflag) {
237*05b00f60SXin Li ND_PRINT("LLC, dsap %s (0x%02x) %s, ssap %s (0x%02x) %s",
238*05b00f60SXin Li tok2str(llc_values, "Unknown", dsap),
239*05b00f60SXin Li dsap,
240*05b00f60SXin Li tok2str(llc_ig_flag_values, "Unknown", dsap_field & LLC_IG),
241*05b00f60SXin Li tok2str(llc_values, "Unknown", ssap),
242*05b00f60SXin Li ssap,
243*05b00f60SXin Li tok2str(llc_flag_values, "Unknown", ssap_field & LLC_GSAP));
244*05b00f60SXin Li
245*05b00f60SXin Li if (is_u) {
246*05b00f60SXin Li ND_PRINT(", ctrl 0x%02x: ", control);
247*05b00f60SXin Li } else {
248*05b00f60SXin Li ND_PRINT(", ctrl 0x%04x: ", control);
249*05b00f60SXin Li }
250*05b00f60SXin Li }
251*05b00f60SXin Li
252*05b00f60SXin Li /*
253*05b00f60SXin Li * Skip LLC header.
254*05b00f60SXin Li */
255*05b00f60SXin Li p += hdrlen;
256*05b00f60SXin Li length -= hdrlen;
257*05b00f60SXin Li caplen -= hdrlen;
258*05b00f60SXin Li
259*05b00f60SXin Li if (ssap == LLCSAP_SNAP && dsap == LLCSAP_SNAP
260*05b00f60SXin Li && control == LLC_UI) {
261*05b00f60SXin Li /*
262*05b00f60SXin Li * XXX - what *is* the right bridge pad value here?
263*05b00f60SXin Li * Does anybody ever bridge one form of LAN traffic
264*05b00f60SXin Li * over a networking type that uses 802.2 LLC?
265*05b00f60SXin Li */
266*05b00f60SXin Li if (!snap_print(ndo, p, length, caplen, src, dst, 2)) {
267*05b00f60SXin Li /*
268*05b00f60SXin Li * Unknown packet type; tell our caller, by
269*05b00f60SXin Li * returning a negative value, so they
270*05b00f60SXin Li * can print the raw packet.
271*05b00f60SXin Li */
272*05b00f60SXin Li return (-(hdrlen + 5)); /* include LLC and SNAP header */
273*05b00f60SXin Li } else
274*05b00f60SXin Li return (hdrlen + 5); /* include LLC and SNAP header */
275*05b00f60SXin Li }
276*05b00f60SXin Li
277*05b00f60SXin Li if (ssap == LLCSAP_8021D && dsap == LLCSAP_8021D &&
278*05b00f60SXin Li control == LLC_UI) {
279*05b00f60SXin Li stp_print(ndo, p, length);
280*05b00f60SXin Li return (hdrlen);
281*05b00f60SXin Li }
282*05b00f60SXin Li
283*05b00f60SXin Li if (ssap == LLCSAP_IP && dsap == LLCSAP_IP &&
284*05b00f60SXin Li control == LLC_UI) {
285*05b00f60SXin Li /*
286*05b00f60SXin Li * This is an RFC 948-style IP packet, with
287*05b00f60SXin Li * an 802.3 header and an 802.2 LLC header
288*05b00f60SXin Li * with the source and destination SAPs being
289*05b00f60SXin Li * the IP SAP.
290*05b00f60SXin Li */
291*05b00f60SXin Li ip_print(ndo, p, length);
292*05b00f60SXin Li return (hdrlen);
293*05b00f60SXin Li }
294*05b00f60SXin Li
295*05b00f60SXin Li if (ssap == LLCSAP_IPX && dsap == LLCSAP_IPX &&
296*05b00f60SXin Li control == LLC_UI) {
297*05b00f60SXin Li /*
298*05b00f60SXin Li * This is an Ethernet_802.2 IPX frame, with an 802.3
299*05b00f60SXin Li * header and an 802.2 LLC header with the source and
300*05b00f60SXin Li * destination SAPs being the IPX SAP.
301*05b00f60SXin Li */
302*05b00f60SXin Li if (ndo->ndo_eflag)
303*05b00f60SXin Li ND_PRINT("IPX 802.2: ");
304*05b00f60SXin Li
305*05b00f60SXin Li ipx_print(ndo, p, length);
306*05b00f60SXin Li return (hdrlen);
307*05b00f60SXin Li }
308*05b00f60SXin Li
309*05b00f60SXin Li #ifdef ENABLE_SMB
310*05b00f60SXin Li if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI
311*05b00f60SXin Li && (!(control & LLC_S_FMT) || control == LLC_U_FMT)) {
312*05b00f60SXin Li /*
313*05b00f60SXin Li * we don't actually have a full netbeui parser yet, but the
314*05b00f60SXin Li * smb parser can handle many smb-in-netbeui packets, which
315*05b00f60SXin Li * is very useful, so we call that
316*05b00f60SXin Li *
317*05b00f60SXin Li * We don't call it for S frames, however, just I frames
318*05b00f60SXin Li * (which are frames that don't have the low-order bit,
319*05b00f60SXin Li * LLC_S_FMT, set in the first byte of the control field)
320*05b00f60SXin Li * and UI frames (whose control field is just 3, LLC_U_FMT).
321*05b00f60SXin Li */
322*05b00f60SXin Li netbeui_print(ndo, control, p, length);
323*05b00f60SXin Li return (hdrlen);
324*05b00f60SXin Li }
325*05b00f60SXin Li #endif
326*05b00f60SXin Li if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS
327*05b00f60SXin Li && control == LLC_UI) {
328*05b00f60SXin Li isoclns_print(ndo, p, length);
329*05b00f60SXin Li return (hdrlen);
330*05b00f60SXin Li }
331*05b00f60SXin Li
332*05b00f60SXin Li if (!ndo->ndo_eflag) {
333*05b00f60SXin Li if (ssap == dsap) {
334*05b00f60SXin Li if (src == NULL || dst == NULL)
335*05b00f60SXin Li ND_PRINT("%s ", tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
336*05b00f60SXin Li else
337*05b00f60SXin Li ND_PRINT("%s > %s %s ",
338*05b00f60SXin Li (src->addr_string)(ndo, src->addr),
339*05b00f60SXin Li (dst->addr_string)(ndo, dst->addr),
340*05b00f60SXin Li tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
341*05b00f60SXin Li } else {
342*05b00f60SXin Li if (src == NULL || dst == NULL)
343*05b00f60SXin Li ND_PRINT("%s > %s ",
344*05b00f60SXin Li tok2str(llc_values, "Unknown SSAP 0x%02x", ssap),
345*05b00f60SXin Li tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
346*05b00f60SXin Li else
347*05b00f60SXin Li ND_PRINT("%s %s > %s %s ",
348*05b00f60SXin Li (src->addr_string)(ndo, src->addr),
349*05b00f60SXin Li tok2str(llc_values, "Unknown SSAP 0x%02x", ssap),
350*05b00f60SXin Li (dst->addr_string)(ndo, dst->addr),
351*05b00f60SXin Li tok2str(llc_values, "Unknown DSAP 0x%02x", dsap));
352*05b00f60SXin Li }
353*05b00f60SXin Li }
354*05b00f60SXin Li
355*05b00f60SXin Li if (is_u) {
356*05b00f60SXin Li ND_PRINT("Unnumbered, %s, Flags [%s], length %u",
357*05b00f60SXin Li tok2str(llc_cmd_values, "%02x", LLC_U_CMD(control)),
358*05b00f60SXin Li tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_U_POLL)),
359*05b00f60SXin Li length + hdrlen);
360*05b00f60SXin Li
361*05b00f60SXin Li if ((control & ~LLC_U_POLL) == LLC_XID) {
362*05b00f60SXin Li if (length == 0) {
363*05b00f60SXin Li /*
364*05b00f60SXin Li * XID with no payload.
365*05b00f60SXin Li * This could, for example, be an SNA
366*05b00f60SXin Li * "short form" XID.
367*05b00f60SXin Li */
368*05b00f60SXin Li return (hdrlen);
369*05b00f60SXin Li }
370*05b00f60SXin Li if (caplen < 1) {
371*05b00f60SXin Li nd_print_trunc(ndo);
372*05b00f60SXin Li if (caplen > 0)
373*05b00f60SXin Li ND_DEFAULTPRINT((const u_char *)p, caplen);
374*05b00f60SXin Li return (hdrlen);
375*05b00f60SXin Li }
376*05b00f60SXin Li if (GET_U_1(p) == LLC_XID_FI) {
377*05b00f60SXin Li if (caplen < 3 || length < 3) {
378*05b00f60SXin Li nd_print_trunc(ndo);
379*05b00f60SXin Li if (caplen > 0)
380*05b00f60SXin Li ND_DEFAULTPRINT((const u_char *)p, caplen);
381*05b00f60SXin Li } else
382*05b00f60SXin Li ND_PRINT(": %02x %02x",
383*05b00f60SXin Li GET_U_1(p + 1),
384*05b00f60SXin Li GET_U_1(p + 2));
385*05b00f60SXin Li return (hdrlen);
386*05b00f60SXin Li }
387*05b00f60SXin Li }
388*05b00f60SXin Li } else {
389*05b00f60SXin Li if ((control & LLC_S_FMT) == LLC_S_FMT) {
390*05b00f60SXin Li ND_PRINT("Supervisory, %s, rcv seq %u, Flags [%s], length %u",
391*05b00f60SXin Li tok2str(llc_supervisory_values,"?",LLC_S_CMD(control)),
392*05b00f60SXin Li LLC_IS_NR(control),
393*05b00f60SXin Li tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)),
394*05b00f60SXin Li length + hdrlen);
395*05b00f60SXin Li return (hdrlen); /* no payload to print */
396*05b00f60SXin Li } else {
397*05b00f60SXin Li ND_PRINT("Information, send seq %u, rcv seq %u, Flags [%s], length %u",
398*05b00f60SXin Li LLC_I_NS(control),
399*05b00f60SXin Li LLC_IS_NR(control),
400*05b00f60SXin Li tok2str(llc_flag_values,"?",(ssap_field & LLC_GSAP) | (control & LLC_IS_POLL)),
401*05b00f60SXin Li length + hdrlen);
402*05b00f60SXin Li }
403*05b00f60SXin Li }
404*05b00f60SXin Li return (-hdrlen);
405*05b00f60SXin Li }
406*05b00f60SXin Li
407*05b00f60SXin Li static const struct tok *
oui_to_struct_tok(uint32_t orgcode)408*05b00f60SXin Li oui_to_struct_tok(uint32_t orgcode)
409*05b00f60SXin Li {
410*05b00f60SXin Li const struct tok *tok = null_values;
411*05b00f60SXin Li const struct oui_tok *otp;
412*05b00f60SXin Li
413*05b00f60SXin Li for (otp = &oui_to_tok[0]; otp->tok != NULL; otp++) {
414*05b00f60SXin Li if (otp->oui == orgcode) {
415*05b00f60SXin Li tok = otp->tok;
416*05b00f60SXin Li break;
417*05b00f60SXin Li }
418*05b00f60SXin Li }
419*05b00f60SXin Li return (tok);
420*05b00f60SXin Li }
421*05b00f60SXin Li
422*05b00f60SXin Li int
snap_print(netdissect_options * ndo,const u_char * p,u_int length,u_int caplen,const struct lladdr_info * src,const struct lladdr_info * dst,u_int bridge_pad)423*05b00f60SXin Li snap_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen,
424*05b00f60SXin Li const struct lladdr_info *src, const struct lladdr_info *dst,
425*05b00f60SXin Li u_int bridge_pad)
426*05b00f60SXin Li {
427*05b00f60SXin Li uint32_t orgcode;
428*05b00f60SXin Li u_short et;
429*05b00f60SXin Li int ret;
430*05b00f60SXin Li
431*05b00f60SXin Li ndo->ndo_protocol = "snap";
432*05b00f60SXin Li ND_TCHECK_5(p);
433*05b00f60SXin Li if (caplen < 5 || length < 5)
434*05b00f60SXin Li goto trunc;
435*05b00f60SXin Li orgcode = GET_BE_U_3(p);
436*05b00f60SXin Li et = GET_BE_U_2(p + 3);
437*05b00f60SXin Li
438*05b00f60SXin Li if (ndo->ndo_eflag) {
439*05b00f60SXin Li /*
440*05b00f60SXin Li * Somebody's already printed the MAC addresses, if there
441*05b00f60SXin Li * are any, so just print the SNAP header, not the MAC
442*05b00f60SXin Li * addresses.
443*05b00f60SXin Li */
444*05b00f60SXin Li ND_PRINT("oui %s (0x%06x), %s %s (0x%04x), length %u: ",
445*05b00f60SXin Li tok2str(oui_values, "Unknown", orgcode),
446*05b00f60SXin Li orgcode,
447*05b00f60SXin Li (orgcode == 0x000000 ? "ethertype" : "pid"),
448*05b00f60SXin Li tok2str(oui_to_struct_tok(orgcode), "Unknown", et),
449*05b00f60SXin Li et, length - 5);
450*05b00f60SXin Li }
451*05b00f60SXin Li p += 5;
452*05b00f60SXin Li length -= 5;
453*05b00f60SXin Li caplen -= 5;
454*05b00f60SXin Li
455*05b00f60SXin Li switch (orgcode) {
456*05b00f60SXin Li case OUI_ENCAP_ETHER:
457*05b00f60SXin Li case OUI_CISCO_90:
458*05b00f60SXin Li /*
459*05b00f60SXin Li * This is an encapsulated Ethernet packet,
460*05b00f60SXin Li * or a packet bridged by some piece of
461*05b00f60SXin Li * Cisco hardware; the protocol ID is
462*05b00f60SXin Li * an Ethernet protocol type.
463*05b00f60SXin Li */
464*05b00f60SXin Li ret = ethertype_print(ndo, et, p, length, caplen, src, dst);
465*05b00f60SXin Li if (ret)
466*05b00f60SXin Li return (ret);
467*05b00f60SXin Li break;
468*05b00f60SXin Li
469*05b00f60SXin Li case OUI_APPLETALK:
470*05b00f60SXin Li if (et == ETHERTYPE_ATALK) {
471*05b00f60SXin Li /*
472*05b00f60SXin Li * No, I have no idea why Apple used one
473*05b00f60SXin Li * of their own OUIs, rather than
474*05b00f60SXin Li * 0x000000, and an Ethernet packet
475*05b00f60SXin Li * type, for Appletalk data packets,
476*05b00f60SXin Li * but used 0x000000 and an Ethernet
477*05b00f60SXin Li * packet type for AARP packets.
478*05b00f60SXin Li */
479*05b00f60SXin Li ret = ethertype_print(ndo, et, p, length, caplen, src, dst);
480*05b00f60SXin Li if (ret)
481*05b00f60SXin Li return (ret);
482*05b00f60SXin Li }
483*05b00f60SXin Li break;
484*05b00f60SXin Li
485*05b00f60SXin Li case OUI_CISCO:
486*05b00f60SXin Li switch (et) {
487*05b00f60SXin Li case PID_CISCO_CDP:
488*05b00f60SXin Li cdp_print(ndo, p, length);
489*05b00f60SXin Li return (1);
490*05b00f60SXin Li case PID_CISCO_DTP:
491*05b00f60SXin Li dtp_print(ndo, p, length);
492*05b00f60SXin Li return (1);
493*05b00f60SXin Li case PID_CISCO_UDLD:
494*05b00f60SXin Li udld_print(ndo, p, length);
495*05b00f60SXin Li return (1);
496*05b00f60SXin Li case PID_CISCO_VTP:
497*05b00f60SXin Li vtp_print(ndo, p, length);
498*05b00f60SXin Li return (1);
499*05b00f60SXin Li case PID_CISCO_PVST:
500*05b00f60SXin Li case PID_CISCO_VLANBRIDGE:
501*05b00f60SXin Li stp_print(ndo, p, length);
502*05b00f60SXin Li return (1);
503*05b00f60SXin Li default:
504*05b00f60SXin Li break;
505*05b00f60SXin Li }
506*05b00f60SXin Li break;
507*05b00f60SXin Li
508*05b00f60SXin Li case OUI_RFC2684:
509*05b00f60SXin Li switch (et) {
510*05b00f60SXin Li
511*05b00f60SXin Li case PID_RFC2684_ETH_FCS:
512*05b00f60SXin Li case PID_RFC2684_ETH_NOFCS:
513*05b00f60SXin Li /*
514*05b00f60SXin Li * XXX - remove the last two bytes for
515*05b00f60SXin Li * PID_RFC2684_ETH_FCS?
516*05b00f60SXin Li */
517*05b00f60SXin Li /*
518*05b00f60SXin Li * Skip the padding.
519*05b00f60SXin Li */
520*05b00f60SXin Li ND_TCHECK_LEN(p, bridge_pad);
521*05b00f60SXin Li caplen -= bridge_pad;
522*05b00f60SXin Li length -= bridge_pad;
523*05b00f60SXin Li p += bridge_pad;
524*05b00f60SXin Li
525*05b00f60SXin Li /*
526*05b00f60SXin Li * What remains is an Ethernet packet.
527*05b00f60SXin Li */
528*05b00f60SXin Li ether_print(ndo, p, length, caplen, NULL, NULL);
529*05b00f60SXin Li return (1);
530*05b00f60SXin Li
531*05b00f60SXin Li case PID_RFC2684_802_5_FCS:
532*05b00f60SXin Li case PID_RFC2684_802_5_NOFCS:
533*05b00f60SXin Li /*
534*05b00f60SXin Li * XXX - remove the last two bytes for
535*05b00f60SXin Li * PID_RFC2684_ETH_FCS?
536*05b00f60SXin Li */
537*05b00f60SXin Li /*
538*05b00f60SXin Li * Skip the padding, but not the Access
539*05b00f60SXin Li * Control field.
540*05b00f60SXin Li */
541*05b00f60SXin Li ND_TCHECK_LEN(p, bridge_pad);
542*05b00f60SXin Li caplen -= bridge_pad;
543*05b00f60SXin Li length -= bridge_pad;
544*05b00f60SXin Li p += bridge_pad;
545*05b00f60SXin Li
546*05b00f60SXin Li /*
547*05b00f60SXin Li * What remains is an 802.5 Token Ring
548*05b00f60SXin Li * packet.
549*05b00f60SXin Li */
550*05b00f60SXin Li token_print(ndo, p, length, caplen);
551*05b00f60SXin Li return (1);
552*05b00f60SXin Li
553*05b00f60SXin Li case PID_RFC2684_FDDI_FCS:
554*05b00f60SXin Li case PID_RFC2684_FDDI_NOFCS:
555*05b00f60SXin Li /*
556*05b00f60SXin Li * XXX - remove the last two bytes for
557*05b00f60SXin Li * PID_RFC2684_ETH_FCS?
558*05b00f60SXin Li */
559*05b00f60SXin Li /*
560*05b00f60SXin Li * Skip the padding.
561*05b00f60SXin Li */
562*05b00f60SXin Li ND_TCHECK_LEN(p, bridge_pad + 1);
563*05b00f60SXin Li caplen -= bridge_pad + 1;
564*05b00f60SXin Li length -= bridge_pad + 1;
565*05b00f60SXin Li p += bridge_pad + 1;
566*05b00f60SXin Li
567*05b00f60SXin Li /*
568*05b00f60SXin Li * What remains is an FDDI packet.
569*05b00f60SXin Li */
570*05b00f60SXin Li fddi_print(ndo, p, length, caplen);
571*05b00f60SXin Li return (1);
572*05b00f60SXin Li
573*05b00f60SXin Li case PID_RFC2684_BPDU:
574*05b00f60SXin Li stp_print(ndo, p, length);
575*05b00f60SXin Li return (1);
576*05b00f60SXin Li }
577*05b00f60SXin Li }
578*05b00f60SXin Li if (!ndo->ndo_eflag) {
579*05b00f60SXin Li /*
580*05b00f60SXin Li * Nobody printed the link-layer addresses, so print them, if
581*05b00f60SXin Li * we have any.
582*05b00f60SXin Li */
583*05b00f60SXin Li if (src != NULL && dst != NULL) {
584*05b00f60SXin Li ND_PRINT("%s > %s ",
585*05b00f60SXin Li (src->addr_string)(ndo, src->addr),
586*05b00f60SXin Li (dst->addr_string)(ndo, dst->addr));
587*05b00f60SXin Li }
588*05b00f60SXin Li /*
589*05b00f60SXin Li * Print the SNAP header, but if the OUI is 000000, don't
590*05b00f60SXin Li * bother printing it, and report the PID as being an
591*05b00f60SXin Li * ethertype.
592*05b00f60SXin Li */
593*05b00f60SXin Li if (orgcode == 0x000000) {
594*05b00f60SXin Li ND_PRINT("SNAP, ethertype %s (0x%04x), length %u: ",
595*05b00f60SXin Li tok2str(ethertype_values, "Unknown", et),
596*05b00f60SXin Li et, length);
597*05b00f60SXin Li } else {
598*05b00f60SXin Li ND_PRINT("SNAP, oui %s (0x%06x), pid %s (0x%04x), length %u: ",
599*05b00f60SXin Li tok2str(oui_values, "Unknown", orgcode),
600*05b00f60SXin Li orgcode,
601*05b00f60SXin Li tok2str(oui_to_struct_tok(orgcode), "Unknown", et),
602*05b00f60SXin Li et, length);
603*05b00f60SXin Li }
604*05b00f60SXin Li }
605*05b00f60SXin Li return (0);
606*05b00f60SXin Li
607*05b00f60SXin Li trunc:
608*05b00f60SXin Li nd_print_trunc(ndo);
609*05b00f60SXin Li return (1);
610*05b00f60SXin Li }
611