1 /* packet-vlan.c
2 * Routines for VLAN 802.1Q ethernet header disassembly
3 *
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
7 *
8 * SPDX-License-Identifier: GPL-2.0-or-later
9 */
10
11 #define NEW_PROTO_TREE_API
12
13 #include "config.h"
14
15 #include <epan/packet.h>
16 #include <epan/capture_dissectors.h>
17 #include <wsutil/pint.h>
18 #include <epan/expert.h>
19 #include "packet-ieee8023.h"
20 #include "packet-ipx.h"
21 #include "packet-llc.h"
22 #include <epan/etypes.h>
23 #include <epan/prefs.h>
24 #include <epan/to_str.h>
25 #include <epan/addr_resolv.h>
26 #include <epan/proto_data.h>
27
28 void proto_register_vlan(void);
29 void proto_reg_handoff_vlan(void);
30
31 static unsigned int q_in_q_ethertype = ETHERTYPE_QINQ_OLD;
32
33 static gboolean vlan_summary_in_tree = TRUE;
34
35 enum version_value {
36 IEEE_8021Q_1998,
37 IEEE_8021Q_2005,
38 IEEE_8021Q_2011
39 };
40
41 static gint vlan_version = (gint)IEEE_8021Q_2011;
42
43 enum priority_drop_value {
44 Priority_Drop_8P0D,
45 Priority_Drop_7P1D,
46 Priority_Drop_6P2D,
47 Priority_Drop_5P3D,
48 };
49
50 static gint vlan_priority_drop = (gint)Priority_Drop_8P0D;
51
52 static dissector_handle_t vlan_handle;
53 static dissector_handle_t ethertype_handle;
54
55 static capture_dissector_handle_t llc_cap_handle;
56 static capture_dissector_handle_t ipx_cap_handle;
57
58 static int proto_vlan;
59
60 static header_field_info *hfi_vlan = NULL;
61
62 #define VLAN_HFI_INIT HFI_INIT(proto_vlan)
63
64 /* From Table G-2 of IEEE standard 802.1D-2004 */
65 /* Note that 0 is the default priority, but is above 1 and 2.
66 * Priority order from lowest to highest is 1,2,0,3,4,5,6,7 */
67 static const value_string pri_vals_old[] = {
68 { 0, "Best Effort (default)" },
69 { 1, "Background" },
70 { 2, "Spare" },
71 { 3, "Excellent Effort" },
72 { 4, "Controlled Load" },
73 { 5, "Video, < 100ms latency and jitter" },
74 { 6, "Voice, < 10ms latency and jitter" },
75 { 7, "Network Control" },
76 { 0, NULL }
77 };
78
79 static header_field_info hfi_vlan_priority_old VLAN_HFI_INIT = {
80 "Priority", "vlan.priority", FT_UINT16, BASE_DEC,
81 VALS(pri_vals_old), 0xE000, "Descriptions are recommendations from IEEE standard 802.1D-2004", HFILL };
82
83 /* From Table G-2 of IEEE standard 802.1Q-2005 (and I-2 of 2011 and 2014 revisions) */
84 /* Note that 0 is still the default, but priority 2 was moved from below 0 to
85 * above it. The new order from lowest to highest is 1,0,2,3,4,5,6,7 */
86 static const value_string pri_vals[] = {
87 { 0, "Best Effort (default)" },
88 { 1, "Background" },
89 { 2, "Excellent Effort" },
90 { 3, "Critical Applications" },
91 { 4, "Video, < 100ms latency and jitter" },
92 { 5, "Voice, < 10ms latency and jitter" },
93 { 6, "Internetwork Control" },
94 { 7, "Network Control" },
95 { 0, NULL }
96 };
97
98 static header_field_info hfi_vlan_priority VLAN_HFI_INIT = {
99 "Priority", "vlan.priority", FT_UINT16, BASE_DEC,
100 VALS(pri_vals), 0xE000, "Descriptions are recommendations from IEEE standard 802.1Q-2014", HFILL };
101
102 /* From Tables G-2,3 of IEEE standard 802.1Q-2005 (and I-2,3,7 of 2011 and 2014 revisions) */
103 static const value_string pri_vals_7[] = {
104 { 0, "Best Effort (default)" },
105 { 1, "Background" },
106 { 2, "Excellent Effort" },
107 { 3, "Critical Applications" },
108 { 4, "Voice, < 10ms latency and jitter, Drop Eligible" },
109 { 5, "Voice, < 10ms latency and jitter" },
110 { 6, "Internetwork Control" },
111 { 7, "Network Control" },
112 { 0, NULL }
113 };
114
115 static header_field_info hfi_vlan_priority_7 VLAN_HFI_INIT = {
116 "Priority", "vlan.priority", FT_UINT16, BASE_DEC,
117 VALS(pri_vals_7), 0xE000, "Descriptions are recommendations from IEEE standard 802.1Q-2014", HFILL };
118
119 /* From Tables G-2,3 of IEEE standard 802.1Q-2005 (and I-2,3,7 of 2011 and 2015 revisions) */
120 static const value_string pri_vals_6[] = {
121 { 0, "Best Effort (default)" },
122 { 1, "Background" },
123 { 2, "Critical Applications, Drop Eligible" },
124 { 3, "Critical Applications" },
125 { 4, "Voice, < 10ms latency and jitter, Drop Eligible" },
126 { 5, "Voice, < 10ms latency and jitter" },
127 { 6, "Internetwork Control" },
128 { 7, "Network Control" },
129 { 0, NULL }
130 };
131
132 static header_field_info hfi_vlan_priority_6 VLAN_HFI_INIT = {
133 "Priority", "vlan.priority", FT_UINT16, BASE_DEC,
134 VALS(pri_vals_6), 0xE000, "Descriptions are recommendations from IEEE standard 802.1Q-2014", HFILL };
135
136 /* From Tables G-2,3 of IEEE standard 802.1Q-2005 (and I-2,3,7 of 2011 and 2015 revisions) */
137 static const value_string pri_vals_5[] = {
138 { 0, "Best Effort (default), Drop Eligible" },
139 { 1, "Best Effort (default)" },
140 { 2, "Critical Applications, Drop Eligible" },
141 { 3, "Critical Applications" },
142 { 4, "Voice, < 10ms latency and jitter, Drop Eligible" },
143 { 5, "Voice, < 10ms latency and jitter" },
144 { 6, "Internetwork Control" },
145 { 7, "Network Control" },
146 { 0, NULL }
147 };
148
149 static header_field_info hfi_vlan_priority_5 VLAN_HFI_INIT = {
150 "Priority", "vlan.priority", FT_UINT16, BASE_DEC,
151 VALS(pri_vals_5), 0xE000, "Descriptions are recommendations from IEEE standard 802.1Q-2014", HFILL };
152
153 /* True is non-canonical (i.e., bit-reversed MACs like Token Ring) since usually 0 and canonical. */
154 static const true_false_string tfs_noncanonical_canonical = { "Non-canonical", "Canonical" };
155
156 static header_field_info hfi_vlan_cfi VLAN_HFI_INIT = {
157 "CFI", "vlan.cfi", FT_BOOLEAN, 16,
158 TFS(&tfs_noncanonical_canonical), 0x1000, "Canonical Format Identifier", HFILL };
159
160 static const true_false_string tfs_eligible_ineligible = { "Eligible", "Ineligible" };
161
162 static header_field_info hfi_vlan_dei VLAN_HFI_INIT = {
163 "DEI", "vlan.dei", FT_BOOLEAN, 16,
164 TFS(&tfs_eligible_ineligible), 0x1000, "Drop Eligible Indicator", HFILL };
165
166 static header_field_info hfi_vlan_id VLAN_HFI_INIT = {
167 "ID", "vlan.id", FT_UINT16, BASE_DEC,
168 NULL, 0x0FFF, "VLAN ID", HFILL };
169
170 static header_field_info hfi_vlan_id_name VLAN_HFI_INIT = {
171 "Name", "vlan.id_name", FT_STRING, STR_UNICODE,
172 NULL, 0x0, "VLAN ID Name", HFILL };
173
174 static header_field_info hfi_vlan_etype VLAN_HFI_INIT = {
175 "Type", "vlan.etype", FT_UINT16, BASE_HEX,
176 VALS(etype_vals), 0x0, "Ethertype", HFILL };
177
178 static header_field_info hfi_vlan_len VLAN_HFI_INIT = {
179 "Length", "vlan.len", FT_UINT16, BASE_DEC,
180 NULL, 0x0, NULL, HFILL };
181
182 static header_field_info hfi_vlan_trailer VLAN_HFI_INIT = {
183 "Trailer", "vlan.trailer", FT_BYTES, BASE_NONE,
184 NULL, 0x0, "VLAN Trailer", HFILL };
185
186
187 static gint ett_vlan = -1;
188
189 static expert_field ei_vlan_len = EI_INIT;
190 static expert_field ei_vlan_too_many_tags = EI_INIT;
191
192 #define VLAN_MAX_NESTED_TAGS 20
193
194 static gboolean
capture_vlan(const guchar * pd,int offset,int len,capture_packet_info_t * cpinfo,const union wtap_pseudo_header * pseudo_header _U_)195 capture_vlan(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_ ) {
196 guint16 encap_proto;
197 if ( !BYTES_ARE_IN_FRAME(offset,len,5) )
198 return FALSE;
199
200 encap_proto = pntoh16( &pd[offset+2] );
201 if ( encap_proto <= IEEE_802_3_MAX_LEN) {
202 if ( pd[offset+4] == 0xff && pd[offset+5] == 0xff ) {
203 return call_capture_dissector(ipx_cap_handle, pd,offset+4,len, cpinfo, pseudo_header);
204 } else {
205 return call_capture_dissector(llc_cap_handle, pd,offset+4,len, cpinfo, pseudo_header);
206 }
207 }
208
209 return try_capture_dissector("ethertype", encap_proto, pd, offset+4, len, cpinfo, pseudo_header);
210 }
211
212 static void
columns_set_vlan(column_info * cinfo,guint16 tci)213 columns_set_vlan(column_info *cinfo, guint16 tci)
214 {
215 char id_str[16];
216
217 guint32_to_str_buf(tci & 0xFFF, id_str, sizeof(id_str));
218
219 if (vlan_version < IEEE_8021Q_2011) {
220 col_add_fstr(cinfo, COL_INFO,
221 "PRI: %d CFI: %d ID: %s",
222 (tci >> 13), ((tci >> 12) & 1), id_str);
223 } else {
224 col_add_fstr(cinfo, COL_INFO,
225 "PRI: %d DEI: %d ID: %s",
226 (tci >> 13), ((tci >> 12) & 1), id_str);
227 }
228 col_add_str(cinfo, COL_8021Q_VLAN_ID, id_str);
229 }
230
231 static int
dissect_vlan(tvbuff_t * tvb,packet_info * pinfo,proto_tree * tree,void * data _U_)232 dissect_vlan(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
233 {
234 proto_item *ti;
235 guint16 tci, vlan_id;
236 guint16 encap_proto;
237 gboolean is_802_2;
238 proto_tree *vlan_tree;
239 proto_item *item;
240 guint vlan_nested_count;
241 int hf1, hf2;
242
243 int * const flags[] = {
244 &hf1,
245 &hf2,
246 &hfi_vlan_id.id,
247 NULL
248 };
249
250 col_set_str(pinfo->cinfo, COL_PROTOCOL, "VLAN");
251 col_clear(pinfo->cinfo, COL_INFO);
252
253 tci = tvb_get_ntohs( tvb, 0 );
254 vlan_id = tci & 0xFFF;
255 /* Add the VLAN Id if it's the first one*/
256 if (pinfo->vlan_id == 0) {
257 pinfo->vlan_id = vlan_id;
258 }
259
260 columns_set_vlan(pinfo->cinfo, tci);
261
262 vlan_tree = NULL;
263
264 ti = proto_tree_add_item(tree, hfi_vlan, tvb, 0, 4, ENC_NA);
265 vlan_nested_count = p_get_proto_depth(pinfo, proto_vlan);
266 if (++vlan_nested_count > VLAN_MAX_NESTED_TAGS) {
267 expert_add_info(pinfo, ti, &ei_vlan_too_many_tags);
268 return tvb_captured_length(tvb);
269 }
270 p_set_proto_depth(pinfo, proto_vlan, vlan_nested_count);
271
272 if (tree) {
273
274 if (vlan_summary_in_tree) {
275 if (vlan_version < IEEE_8021Q_2011) {
276 proto_item_append_text(ti, ", PRI: %u, CFI: %u, ID: %u",
277 (tci >> 13), ((tci >> 12) & 1), vlan_id);
278 } else {
279 proto_item_append_text(ti, ", PRI: %u, DEI: %u, ID: %u",
280 (tci >> 13), ((tci >> 12) & 1), vlan_id);
281 }
282 }
283
284 vlan_tree = proto_item_add_subtree(ti, ett_vlan);
285
286 if (vlan_version == IEEE_8021Q_1998) {
287 hf1 = hfi_vlan_priority_old.id;
288 hf2 = hfi_vlan_cfi.id;
289 } else {
290 switch (vlan_priority_drop) {
291
292 case Priority_Drop_8P0D:
293 hf1 = hfi_vlan_priority.id;
294 break;
295
296 case Priority_Drop_7P1D:
297 hf1 = hfi_vlan_priority_7.id;
298 break;
299
300 case Priority_Drop_6P2D:
301 hf1 = hfi_vlan_priority_6.id;
302 break;
303
304 case Priority_Drop_5P3D:
305 hf1 = hfi_vlan_priority_5.id;
306 break;
307 }
308 if (vlan_version == IEEE_8021Q_2005) {
309 hf2 = hfi_vlan_cfi.id;
310 } else {
311 hf2 = hfi_vlan_dei.id;
312 }
313 }
314
315 proto_tree_add_bitmask_list(vlan_tree, tvb, 0, 2, flags, ENC_BIG_ENDIAN);
316
317 if (gbl_resolv_flags.vlan_name) {
318 item = proto_tree_add_string(vlan_tree, &hfi_vlan_id_name, tvb, 0, 2,
319 get_vlan_name(pinfo->pool, vlan_id));
320 proto_item_set_generated(item);
321
322 }
323
324 /* TODO: If the CFI is set on Ethernet (or FDDI MAC and not source routed,
325 * i.e. the RII bit in the source MAC address is 0, then a E-RIF follows.
326 * Only true before version 2011 since the CFI was replaced with DEI
327 * (Since who needs VLANs that bridge Token Ring and FDDI these days?) */
328 }
329
330 encap_proto = tvb_get_ntohs(tvb, 2);
331 if (encap_proto <= IEEE_802_3_MAX_LEN) {
332 /* Is there an 802.2 layer? I can tell by looking at the first 2
333 bytes after the VLAN header. If they are 0xffff, then what
334 follows the VLAN header is an IPX payload, meaning no 802.2.
335 (IPX/SPX is they only thing that can be contained inside a
336 straight 802.3 packet, so presumably the same applies for
337 Ethernet VLAN packets). A non-0xffff value means that there's an
338 802.2 layer inside the VLAN layer */
339 is_802_2 = TRUE;
340
341 /* Don't throw an exception for this check (even a BoundsError) */
342 if (tvb_captured_length_remaining(tvb, 4) >= 2) {
343 if (tvb_get_ntohs(tvb, 4) == 0xffff) {
344 is_802_2 = FALSE;
345 }
346 }
347
348 dissect_802_3(encap_proto, is_802_2, tvb, 4, pinfo, tree, vlan_tree,
349 hfi_vlan_len.id, hfi_vlan_trailer.id, &ei_vlan_len, 0);
350 } else {
351 ethertype_data_t ethertype_data;
352
353 proto_tree_add_uint(vlan_tree, &hfi_vlan_etype, tvb, 2, 2, encap_proto);
354
355 ethertype_data.etype = encap_proto;
356 ethertype_data.payload_offset = 4;
357 ethertype_data.fh_tree = vlan_tree;
358 ethertype_data.trailer_id = hfi_vlan_trailer.id;
359 ethertype_data.fcs_len = 0;
360
361 call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, ðertype_data);
362 }
363 return tvb_captured_length(tvb);
364 }
365
366 void
proto_register_vlan(void)367 proto_register_vlan(void)
368 {
369 #ifndef HAVE_HFI_SECTION_INIT
370 static header_field_info *hfi[] = {
371 &hfi_vlan_priority_old,
372 &hfi_vlan_priority,
373 &hfi_vlan_priority_7,
374 &hfi_vlan_priority_6,
375 &hfi_vlan_priority_5,
376 &hfi_vlan_cfi,
377 &hfi_vlan_dei,
378 &hfi_vlan_id,
379 &hfi_vlan_id_name,
380 &hfi_vlan_etype,
381 &hfi_vlan_len,
382 &hfi_vlan_trailer,
383 };
384 #endif /* HAVE_HFI_SECTION_INIT */
385
386 static gint *ett[] = {
387 &ett_vlan
388 };
389
390 static ei_register_info ei[] = {
391 { &ei_vlan_len, { "vlan.len.past_end", PI_MALFORMED, PI_ERROR, "Length field value goes past the end of the payload", EXPFILL }},
392 { &ei_vlan_too_many_tags, { "vlan.too_many_tags", PI_UNDECODED, PI_WARN, "Too many nested VLAN tags", EXPFILL }},
393 };
394
395 static const enum_val_t version_vals[] = {
396 {"1998", "IEEE 802.1Q-1998", IEEE_8021Q_1998},
397 {"2005", "IEEE 802.1Q-2005", IEEE_8021Q_2005},
398 {"2011", "IEEE 802.1Q-2011", IEEE_8021Q_2011},
399 {NULL, NULL, -1}
400 };
401
402 static const enum_val_t priority_drop_vals[] = {
403 {"8p0d", "8 Priorities, 0 Drop Eligible", Priority_Drop_8P0D},
404 {"7p1d", "7 Priorities, 1 Drop Eligible", Priority_Drop_7P1D},
405 {"6p2d", "6 Priorities, 2 Drop Eligible", Priority_Drop_6P2D},
406 {"5p3d", "5 Priorities, 3 Drop Eligible", Priority_Drop_5P3D},
407 {NULL, NULL, -1}
408 };
409
410 module_t *vlan_module;
411 expert_module_t* expert_vlan;
412
413 proto_vlan = proto_register_protocol("802.1Q Virtual LAN", "VLAN", "vlan");
414 hfi_vlan = proto_registrar_get_nth(proto_vlan);
415
416 proto_register_fields(proto_vlan, hfi, array_length(hfi));
417 proto_register_subtree_array(ett, array_length(ett));
418 expert_vlan = expert_register_protocol(proto_vlan);
419 expert_register_field_array(expert_vlan, ei, array_length(ei));
420
421 vlan_module = prefs_register_protocol(proto_vlan, proto_reg_handoff_vlan);
422 prefs_register_bool_preference(vlan_module, "summary_in_tree",
423 "Show vlan summary in protocol tree",
424 "Whether the vlan summary line should be shown in the protocol tree",
425 &vlan_summary_in_tree);
426 prefs_register_uint_preference(vlan_module, "qinq_ethertype",
427 "802.1QinQ Ethertype (in hex)",
428 "The (hexadecimal) Ethertype used to indicate 802.1QinQ VLAN in VLAN tunneling.",
429 16, &q_in_q_ethertype);
430 prefs_register_enum_preference(vlan_module, "version",
431 "IEEE 802.1Q version",
432 "IEEE 802.1Q specification version used (802.1Q-1998 uses 802.1D-2004 for PRI values)",
433 &vlan_version, version_vals, TRUE);
434 prefs_register_enum_preference(vlan_module, "priority_drop",
435 "Priorities and drop eligibility",
436 "Number of priorities supported, and number of those drop eligible (not used for 802.1Q-1998)",
437 &vlan_priority_drop, priority_drop_vals, FALSE);
438 vlan_handle = create_dissector_handle(dissect_vlan, proto_vlan);
439 }
440
441 void
proto_reg_handoff_vlan(void)442 proto_reg_handoff_vlan(void)
443 {
444 static gboolean prefs_initialized = FALSE;
445 static unsigned int old_q_in_q_ethertype;
446 capture_dissector_handle_t vlan_cap_handle;
447
448 if (!prefs_initialized)
449 {
450 dissector_add_uint("ethertype", ETHERTYPE_VLAN, vlan_handle);
451 vlan_cap_handle = create_capture_dissector_handle(capture_vlan, hfi_vlan->id);
452 capture_dissector_add_uint("ethertype", ETHERTYPE_VLAN, vlan_cap_handle);
453
454 prefs_initialized = TRUE;
455 }
456 else
457 {
458 dissector_delete_uint("ethertype", old_q_in_q_ethertype, vlan_handle);
459 }
460
461 old_q_in_q_ethertype = q_in_q_ethertype;
462 ethertype_handle = find_dissector_add_dependency("ethertype", hfi_vlan->id);
463
464 dissector_add_uint("ethertype", q_in_q_ethertype, vlan_handle);
465
466 llc_cap_handle = find_capture_dissector("llc");
467 ipx_cap_handle = find_capture_dissector("ipx");
468 }
469
470 /*
471 * Editor modelines - https://www.wireshark.org/tools/modelines.html
472 *
473 * Local Variables:
474 * c-basic-offset: 2
475 * tab-width: 8
476 * indent-tabs-mode: nil
477 * End:
478 *
479 * ex: set shiftwidth=2 tabstop=8 expandtab:
480 * :indentSize=2:tabSize=8:noTabs=true:
481 */
482