1 /* packet-arcnet.c
2 * Routines for arcnet dissection
3 * Copyright 2001-2002, Peter Fales <ethereal@fales-lorenz.net>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #include "config.h"
13
14 #include <epan/packet.h>
15 #include <epan/capture_dissectors.h>
16 #include <wiretap/wtap.h>
17 #include <epan/address_types.h>
18 #include <epan/arcnet_pids.h>
19 #include <epan/to_str.h>
20 #include "packet-ip.h"
21 #include "packet-arp.h"
22
23 void proto_register_arcnet(void);
24 void proto_reg_handoff_arcnet(void);
25
26 /* Initialize the protocol and registered fields */
27 static int proto_arcnet = -1;
28 static int hf_arcnet_src = -1;
29 static int hf_arcnet_dst = -1;
30 static int hf_arcnet_offset = -1;
31 static int hf_arcnet_protID = -1;
32 static int hf_arcnet_exception_flag = -1;
33 static int hf_arcnet_split_flag = -1;
34 static int hf_arcnet_sequence = -1;
35 static int hf_arcnet_padding = -1;
36
37 /* Initialize the subtree pointers */
38 static gint ett_arcnet = -1;
39
40 static int arcnet_address_type = -1;
41
42 static dissector_table_t arcnet_dissector_table;
43
44 static capture_dissector_handle_t ip_cap_handle;
45 static capture_dissector_handle_t arp_cap_handle;
46
47 /* Cache protocol for packet counting */
48 static int proto_ipx = -1;
49
arcnet_str_len(const address * addr _U_)50 static int arcnet_str_len(const address* addr _U_)
51 {
52 return 5;
53 }
54
arcnet_to_str(const address * addr,gchar * buf,int buf_len _U_)55 static int arcnet_to_str(const address* addr, gchar *buf, int buf_len _U_)
56 {
57 *buf++ = '0';
58 *buf++ = 'x';
59 buf = bytes_to_hexstr(buf, (const guint8 *)addr->data, 1);
60 *buf = '\0'; /* NULL terminate */
61
62 return arcnet_str_len(addr);
63 }
64
arcnet_col_filter_str(const address * addr _U_,gboolean is_src)65 static const char* arcnet_col_filter_str(const address* addr _U_, gboolean is_src)
66 {
67 if (is_src)
68 return "arcnet.src";
69
70 return "arcnet.dst";
71 }
72
arcnet_len(void)73 static int arcnet_len(void)
74 {
75 return 1;
76 }
77
78 static gboolean
capture_arcnet_common(const guchar * pd,int offset,int len,capture_packet_info_t * cpinfo,const union wtap_pseudo_header * pseudo_header,gboolean has_exception)79 capture_arcnet_common(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header, gboolean has_exception)
80 {
81 if (!BYTES_ARE_IN_FRAME(offset, len, 1)) {
82 return FALSE;
83 }
84
85 switch (pd[offset]) {
86
87 case ARCNET_PROTO_IP_1051:
88 /* No fragmentation stuff in the header */
89 return call_capture_dissector(ip_cap_handle, pd, offset + 1, len, cpinfo, pseudo_header);
90
91 case ARCNET_PROTO_IP_1201:
92 /*
93 * There's fragmentation stuff in the header.
94 *
95 * XXX - on at least some versions of NetBSD, it appears that we
96 * might we get ARCNET frames, not reassembled packets; we should
97 * perhaps bump "counts->other" for all but the first frame of a packet.
98 *
99 * XXX - but on FreeBSD it appears that we get reassembled packets
100 * on input (but apparently we get frames on output - or maybe
101 * we get the packet *and* all its frames!); how to tell the
102 * difference? It looks from the FreeBSD reassembly code as if
103 * the reassembled packet arrives with the header for the first
104 * frame. It also looks as if, on output, we first get the
105 * full packet, with a header containing none of the fragmentation
106 * stuff, and then get the frames.
107 *
108 * On Linux, we get only reassembled packets, and the exception
109 * frame stuff is hidden - there's a split flag and sequence
110 * number, but it appears that it will never have the exception
111 * frame stuff.
112 *
113 * XXX - what about OpenBSD? And, for that matter, what about
114 * Windows? (I suspect Windows supplies reassembled frames,
115 * as WinPcap, like PF_PACKET sockets, taps into the networking
116 * stack just as other protocols do.)
117 */
118 offset++;
119 if (!BYTES_ARE_IN_FRAME(offset, len, 1)) {
120 return FALSE;
121 }
122 if (has_exception && pd[offset] == 0xff) {
123 /* This is an exception packet. The flag value there is the
124 "this is an exception flag" packet; the next two bytes
125 after it are padding, and another copy of the packet
126 type appears after the padding. */
127 offset += 4;
128 }
129 return call_capture_dissector(ip_cap_handle, pd, offset + 3, len, cpinfo, pseudo_header);
130
131 case ARCNET_PROTO_ARP_1051:
132 case ARCNET_PROTO_ARP_1201:
133 /*
134 * XXX - do we have to worry about fragmentation for ARP?
135 */
136 return call_capture_dissector(arp_cap_handle, pd, offset + 1, len, cpinfo, pseudo_header);
137
138 case ARCNET_PROTO_IPX:
139 capture_dissector_increment_count(cpinfo, proto_ipx);
140 break;
141
142 default:
143 return FALSE;
144 }
145
146 return TRUE;
147 }
148
149 static gboolean
capture_arcnet(const guchar * pd,int offset _U_,int len,capture_packet_info_t * cpinfo,const union wtap_pseudo_header * pseudo_header)150 capture_arcnet (const guchar *pd, int offset _U_, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header)
151 {
152 return capture_arcnet_common(pd, 4, len, cpinfo, pseudo_header, FALSE);
153 }
154
155 static gboolean
capture_arcnet_has_exception(const guchar * pd,int offset _U_,int len,capture_packet_info_t * cpinfo,const union wtap_pseudo_header * pseudo_header)156 capture_arcnet_has_exception(const guchar *pd, int offset _U_, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header)
157 {
158 return capture_arcnet_common(pd, 2, len, cpinfo, pseudo_header, TRUE);
159 }
160
161 static void
dissect_arcnet_common(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,gboolean has_offset,gboolean has_exception)162 dissect_arcnet_common (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree,
163 gboolean has_offset, gboolean has_exception)
164 {
165 int offset = 0;
166 guint8 dst, src, protID, split_flag;
167 tvbuff_t *next_tvb;
168 proto_item *ti;
169 proto_tree *arcnet_tree;
170
171 col_set_str (pinfo->cinfo, COL_PROTOCOL, "ARCNET");
172
173 col_set_str(pinfo->cinfo, COL_INFO, "ARCNET");
174
175 src = tvb_get_guint8 (tvb, 0);
176 dst = tvb_get_guint8 (tvb, 1);
177 set_address_tvb(&pinfo->dl_src, arcnet_address_type, 1, tvb, 0);
178 copy_address_shallow(&pinfo->src, &pinfo->dl_src);
179 set_address_tvb(&pinfo->dl_dst, arcnet_address_type, 1, tvb, 1);
180 copy_address_shallow(&pinfo->dst, &pinfo->dl_dst);
181
182 ti = proto_tree_add_item (tree, proto_arcnet, tvb, 0, -1, ENC_NA);
183
184 arcnet_tree = proto_item_add_subtree (ti, ett_arcnet);
185
186 proto_tree_add_uint (arcnet_tree, hf_arcnet_src, tvb, offset, 1, src);
187 offset++;
188
189 proto_tree_add_uint (arcnet_tree, hf_arcnet_dst, tvb, offset, 1, dst);
190 offset++;
191
192 if (has_offset) {
193 proto_tree_add_item (arcnet_tree, hf_arcnet_offset, tvb, offset, 2, ENC_NA);
194 offset += 2;
195 }
196
197 protID = tvb_get_guint8 (tvb, offset);
198 proto_tree_add_uint (arcnet_tree, hf_arcnet_protID, tvb, offset, 1, protID);
199 offset++;
200
201 switch (protID) {
202
203 case ARCNET_PROTO_IP_1051:
204 case ARCNET_PROTO_ARP_1051:
205 case ARCNET_PROTO_DIAGNOSE:
206 case ARCNET_PROTO_BACNET: /* XXX - no fragmentation? */
207 /* No fragmentation stuff in the header */
208 break;
209
210 default:
211 /*
212 * Show the fragmentation stuff - flag and sequence ID.
213 *
214 * XXX - on at least some versions of NetBSD, it appears that
215 * we might get ARCNET frames, not reassembled packets; if so,
216 * we should reassemble them.
217 *
218 * XXX - but on FreeBSD it appears that we get reassembled packets
219 * on input (but apparently we get frames on output - or maybe
220 * we get the packet *and* all its frames!); how to tell the
221 * difference? It looks from the FreeBSD reassembly code as if
222 * the reassembled packet arrives with the header for the first
223 * frame. It also looks as if, on output, we first get the
224 * full packet, with a header containing none of the fragmentation
225 * stuff, and then get the frames.
226 *
227 * On Linux, we get only reassembled packets, and the exception
228 * frame stuff is hidden - there's a split flag and sequence
229 * number, but it appears that it will never have the exception
230 * frame stuff.
231 *
232 * XXX - what about OpenBSD? And, for that matter, what about
233 * Windows? (I suspect Windows supplies reassembled frames,
234 * as WinPcap, like PF_PACKET sockets, taps into the networking
235 * stack just as other protocols do.)
236 */
237 split_flag = tvb_get_guint8 (tvb, offset);
238 if (has_exception && split_flag == 0xff) {
239 /* This is an exception packet. The flag value there is the
240 "this is an exception flag" packet; the next two bytes
241 after it are padding. */
242 proto_tree_add_uint (arcnet_tree, hf_arcnet_exception_flag, tvb, offset, 1,
243 split_flag);
244 offset++;
245
246 proto_tree_add_item(arcnet_tree, hf_arcnet_padding, tvb, offset, 2, ENC_BIG_ENDIAN);
247 offset += 2;
248
249 /* Another copy of the packet type appears after the padding. */
250 proto_tree_add_item (arcnet_tree, hf_arcnet_protID, tvb, offset, 1, ENC_BIG_ENDIAN);
251 offset++;
252
253 /* And after that comes the real split flag. */
254 split_flag = tvb_get_guint8 (tvb, offset);
255 }
256
257 proto_tree_add_uint (arcnet_tree, hf_arcnet_split_flag, tvb, offset, 1,
258 split_flag);
259 offset++;
260
261 proto_tree_add_item (arcnet_tree, hf_arcnet_sequence, tvb, offset, 2, ENC_BIG_ENDIAN);
262 offset += 2;
263
264 break;
265 }
266
267 /* Set the length of the ARCNET header protocol tree item. */
268 proto_item_set_len(ti, offset);
269
270 next_tvb = tvb_new_subset_remaining (tvb, offset);
271
272 if (!dissector_try_uint (arcnet_dissector_table, protID,
273 next_tvb, pinfo, tree))
274 {
275 col_add_fstr (pinfo->cinfo, COL_PROTOCOL, "0x%04x", protID);
276 call_data_dissector(next_tvb, pinfo, tree);
277 }
278
279 }
280
281 /*
282 * BSD-style ARCNET headers - they don't have the offset field from the
283 * ARCNET hardware packet, but we might get an exception frame header.
284 */
285 static int
dissect_arcnet(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)286 dissect_arcnet (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _U_)
287 {
288 dissect_arcnet_common (tvb, pinfo, tree, FALSE, TRUE);
289 return tvb_captured_length(tvb);
290 }
291
292 /*
293 * Linux-style ARCNET headers - they *do* have the offset field from the
294 * ARCNET hardware packet, but we should never see an exception frame
295 * header.
296 */
297 static int
dissect_arcnet_linux(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)298 dissect_arcnet_linux (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _U_)
299 {
300 dissect_arcnet_common (tvb, pinfo, tree, TRUE, FALSE);
301 return tvb_captured_length(tvb);
302 }
303
304 static const value_string arcnet_prot_id_vals[] = {
305 {ARCNET_PROTO_IP_1051, "RFC 1051 IP"},
306 {ARCNET_PROTO_ARP_1051, "RFC 1051 ARP"},
307 {ARCNET_PROTO_IP_1201, "RFC 1201 IP"},
308 {ARCNET_PROTO_ARP_1201, "RFC 1201 ARP"},
309 {ARCNET_PROTO_RARP_1201, "RFC 1201 RARP"},
310 {ARCNET_PROTO_IPX, "IPX"},
311 {ARCNET_PROTO_NOVELL_EC, "Novell of some sort"},
312 {ARCNET_PROTO_IPv6, "IPv6"},
313 {ARCNET_PROTO_ETHERNET, "Encapsulated Ethernet"},
314 {ARCNET_PROTO_DATAPOINT_BOOT, "Datapoint boot"},
315 {ARCNET_PROTO_DATAPOINT_MOUNT, "Datapoint mount"},
316 {ARCNET_PROTO_POWERLAN_BEACON, "PowerLAN beacon"},
317 {ARCNET_PROTO_POWERLAN_BEACON2, "PowerLAN beacon2"},
318 {ARCNET_PROTO_APPLETALK, "Appletalk"},
319 {ARCNET_PROTO_BANYAN, "Banyan VINES"},
320 {ARCNET_PROTO_DIAGNOSE, "Diagnose"},
321 {ARCNET_PROTO_BACNET, "BACnet"},
322 {0, NULL}
323 };
324
325 void
proto_register_arcnet(void)326 proto_register_arcnet (void)
327 {
328
329 /* Setup list of header fields See Section 1.6.1 for details*/
330 static hf_register_info hf[] = {
331 {&hf_arcnet_src,
332 {"Source", "arcnet.src",
333 FT_UINT8, BASE_HEX, NULL, 0,
334 "Source ID", HFILL}
335 },
336 {&hf_arcnet_dst,
337 {"Dest", "arcnet.dst",
338 FT_UINT8, BASE_HEX, NULL, 0,
339 "Dest ID", HFILL}
340 },
341 {&hf_arcnet_offset,
342 {"Offset", "arcnet.offset",
343 FT_BYTES, BASE_NONE, NULL, 0,
344 NULL, HFILL}
345 },
346 {&hf_arcnet_protID,
347 {"Protocol ID", "arcnet.protID",
348 FT_UINT8, BASE_HEX, VALS(arcnet_prot_id_vals), 0,
349 "Proto type", HFILL}
350 },
351 {&hf_arcnet_split_flag,
352 {"Split Flag", "arcnet.split_flag",
353 FT_UINT8, BASE_DEC, NULL, 0,
354 NULL, HFILL}
355 },
356 {&hf_arcnet_exception_flag,
357 {"Exception Flag", "arcnet.exception_flag",
358 FT_UINT8, BASE_HEX, NULL, 0,
359 NULL, HFILL}
360 },
361 {&hf_arcnet_sequence,
362 {"Sequence", "arcnet.sequence",
363 FT_UINT16, BASE_DEC, NULL, 0,
364 "Sequence number", HFILL}
365 },
366 {&hf_arcnet_padding,
367 {"Padding", "arcnet.padding",
368 FT_UINT16, BASE_HEX, NULL, 0,
369 NULL, HFILL}
370 },
371 };
372
373 /* Setup protocol subtree array */
374 static gint *ett[] = {
375 &ett_arcnet,
376 };
377
378 /* Register the protocol name and description */
379 proto_arcnet = proto_register_protocol ("ARCNET", "ARCNET", "arcnet");
380
381 /* Required function calls to register the header fields and subtrees used */
382 proto_register_field_array (proto_arcnet, hf, array_length (hf));
383 proto_register_subtree_array (ett, array_length (ett));
384
385 arcnet_dissector_table = register_dissector_table ("arcnet.protocol_id", "ARCNET Protocol ID",
386 proto_arcnet, FT_UINT8, BASE_HEX);
387
388 arcnet_address_type = address_type_dissector_register("AT_ARCNET", "ARCNET Address", arcnet_to_str, arcnet_str_len, NULL, arcnet_col_filter_str, arcnet_len, NULL, NULL);
389 }
390
391
392 void
proto_reg_handoff_arcnet(void)393 proto_reg_handoff_arcnet (void)
394 {
395 dissector_handle_t arcnet_handle, arcnet_linux_handle;
396 capture_dissector_handle_t arcnet_cap_handle;
397
398 arcnet_handle = create_dissector_handle (dissect_arcnet, proto_arcnet);
399 dissector_add_uint ("wtap_encap", WTAP_ENCAP_ARCNET, arcnet_handle);
400
401 arcnet_linux_handle = create_dissector_handle (dissect_arcnet_linux, proto_arcnet);
402 dissector_add_uint ("wtap_encap", WTAP_ENCAP_ARCNET_LINUX, arcnet_linux_handle);
403
404 proto_ipx = proto_get_id_by_filter_name("ipx");
405
406 arcnet_cap_handle = create_capture_dissector_handle(capture_arcnet, proto_arcnet);
407 capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_ARCNET_LINUX, arcnet_cap_handle);
408 arcnet_cap_handle = create_capture_dissector_handle(capture_arcnet_has_exception, proto_arcnet);
409 capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_ARCNET, arcnet_cap_handle);
410
411 ip_cap_handle = find_capture_dissector("ip");
412 arp_cap_handle = find_capture_dissector("arp");
413 }
414
415 /*
416 * Editor modelines - https://www.wireshark.org/tools/modelines.html
417 *
418 * Local Variables:
419 * c-basic-offset: 2
420 * tab-width: 8
421 * indent-tabs-mode: nil
422 * End:
423 *
424 * ex: set shiftwidth=2 tabstop=8 expandtab:
425 * :indentSize=2:tabSize=8:noTabs=true:
426 */
427