Ethereal-users: Re: [ethereal-users] Bad NETBIOS Packets
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 23 Aug 1999 16:24:41 -0700 (PDT)
> I've checked in a change to make the LLC dissector call the per-SAP, and
> SNAP per-Ethertype, dissectors only for I and UI frames, not for other
> frames.
>
> (We may also want to do the same for LAPB.)
>
> You can get that from the CVS tree if you can use anonymous CVS (see the
> Ethereal home page for information on that), or apply the following
> patch (this is the change checked into the CVS tree, your
> mileage^H^H^H^H^H^H^Hline numbers may vary):
Here's a subsequent patch - it fixes a bug wherein it wouldn't analyze
the payload of I frames, and has "get_xdlc_control()" and
"dissect_xdlc_control()" just return a Boolean indicating whether the
frame has a payload or not (it is a patch to be applied atop the
*previous* patch; it can't be applied to a vanilla 0.7.2 tree):
Index: packet-llc.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/packet-llc.c,v
retrieving revision 1.20
diff -c -r1.20 packet-llc.c
*** packet-llc.c 1999/08/23 22:47:13 1.20
--- packet-llc.c 1999/08/23 23:21:25
***************
*** 163,169 ****
capture_llc(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) {
int is_snap;
! int control;
guint16 etype;
capture_func_t *capture;
--- 163,169 ----
capture_llc(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) {
int is_snap;
! int has_payload;
guint16 etype;
capture_func_t *capture;
***************
*** 184,196 ****
* extended operation, so we don't need to determine whether
* it's basic or extended operation; is that the case?
*/
! control = get_xdlc_control(pd, offset+2, pd[offset+1] & 0x01, TRUE);
if (is_snap) {
! if (control == XDLC_I || control == (XDLC_U|XDLC_UI)) {
/*
! * Unnumbered Information - analyze it based on
! * the Ethernet packet type.
*/
etype = (pd[offset+6] << 8) | pd[offset+7];
offset += 8;
--- 184,195 ----
* extended operation, so we don't need to determine whether
* it's basic or extended operation; is that the case?
*/
! has_payload = get_xdlc_control(pd, offset+2, pd[offset+1] & 0x01, TRUE);
if (is_snap) {
! if (has_payload) {
/*
! * This frame has a payload to be analyzed.
*/
etype = (pd[offset+6] << 8) | pd[offset+7];
offset += 8;
***************
*** 198,207 ****
}
}
else {
! if (control == XDLC_I || control == (XDLC_U|XDLC_UI)) {
/*
! * Unnumbered Information - analyze it based on
! * the DSAP.
*/
capture = sap_capture_func(pd[offset]);
--- 197,205 ----
}
}
else {
! if (has_payload) {
/*
! * This frame has a payload to be analyzed.
*/
capture = sap_capture_func(pd[offset]);
***************
*** 224,230 ****
proto_tree *llc_tree = NULL;
proto_item *ti;
int is_snap;
! int control;
guint16 etype;
dissect_func_t *dissect;
--- 222,228 ----
proto_tree *llc_tree = NULL;
proto_item *ti;
int is_snap;
! int has_payload;
guint16 etype;
dissect_func_t *dissect;
***************
*** 257,264 ****
* extended operation, so we don't need to determine whether
* it's basic or extended operation; is that the case?
*/
! control = dissect_xdlc_control(pd, offset+2, fd, llc_tree, hf_llc_ctrl,
! pd[offset+1] & 0x01, TRUE);
/*
* XXX - do we want to append the SAP information to the stuff
--- 255,262 ----
* extended operation, so we don't need to determine whether
* it's basic or extended operation; is that the case?
*/
! has_payload = dissect_xdlc_control(pd, offset+2, fd, llc_tree,
! hf_llc_ctrl, pd[offset+1] & 0x01, TRUE);
/*
* XXX - do we want to append the SAP information to the stuff
***************
*** 273,282 ****
proto_tree_add_item(llc_tree, hf_llc_oui, offset+3, 3,
pd[offset+3] << 16 | pd[offset+4] << 8 | pd[offset+5]);
}
! if (control == (XDLC_U|XDLC_UI)) {
/*
! * Unnumbered Information - dissect it based on
! * the Ethernet packet type.
*/
etype = pntohs(&pd[offset+6]);
offset += 8;
--- 271,279 ----
proto_tree_add_item(llc_tree, hf_llc_oui, offset+3, 3,
pd[offset+3] << 16 | pd[offset+4] << 8 | pd[offset+5]);
}
! if (has_payload) {
/*
! * This frame has a payload to be analyzed.
*/
etype = pntohs(&pd[offset+6]);
offset += 8;
***************
*** 291,300 ****
val_to_str(pd[offset], sap_vals, "%02x"));
}
! if (control == (XDLC_U|XDLC_UI)) {
/*
! * Unnumbered Information - dissect it based on
! * the DSAP.
*/
dissect = sap_dissect_func(pd[offset]);
--- 288,296 ----
val_to_str(pd[offset], sap_vals, "%02x"));
}
! if (has_payload) {
/*
! * This frame has a payload to be analyzed.
*/
dissect = sap_dissect_func(pd[offset]);
Index: xdlc.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/xdlc.c,v
retrieving revision 1.4
diff -c -r1.4 xdlc.c
*** xdlc.c 1999/08/23 22:47:13 1.4
--- xdlc.c 1999/08/23 23:21:25
***************
*** 66,71 ****
--- 66,96 ----
#define XDLC_REJ 0x08 /* Reject */
#define XDLC_SREJ 0x0C /* Selective reject */
+ /*
+ * U-format modifiers.
+ */
+ #define XDLC_U_MODIFIER_MASK 0xEC
+ #define XDLC_UI 0x00 /* Unnumbered Information */
+ #define XDLC_UP 0x20 /* Unnumbered Poll */
+ #define XDLC_DISC 0x40 /* Disconnect (command) */
+ #define XDLC_RD 0x40 /* Request Disconnect (response) */
+ #define XDLC_UA 0x60 /* Unnumbered Acknowledge */
+ #define XDLC_SNRM 0x80 /* Set Normal Response Mode */
+ #define XDLC_TEST 0xC0 /* Test */
+ #define XDLC_SIM 0x04 /* Set Initialization Mode (command) */
+ #define XDLC_RIM 0x04 /* Request Initialization Mode (response) */
+ #define XDLC_FRMR 0x84 /* Frame reject */
+ #define XDLC_CFGR 0xC4 /* Configure */
+ #define XDLC_SARM 0x0C /* Set Asynchronous Response Mode (command) */
+ #define XDLC_DM 0x0C /* Disconnected mode (response) */
+ #define XDLC_SABM 0x2C /* Set Asynchronous Balanced Mode */
+ #define XDLC_SARME 0x4C /* Set Asynchronous Response Mode Extended */
+ #define XDLC_SABME 0x6C /* Set Asynchronous Balanced Mode Extended */
+ #define XDLC_RESET 0x8C /* Reset */
+ #define XDLC_XID 0xAC /* Exchange identification */
+ #define XDLC_SNRME 0xCC /* Set Normal Response Mode Extended */
+ #define XDLC_BCN 0xEC /* Beacon */
+
static const value_string stype_vals[] = {
{ XDLC_RR, "Receiver ready" },
{ XDLC_RNR, "Receiver not ready" },
***************
*** 167,175 ****
case XDLC_S:
/*
! * Supervisory frame.
*/
! return XDLC_S;
case XDLC_U:
/*
--- 192,200 ----
case XDLC_S:
/*
! * Supervisory frame - no higher-layer payload.
*/
! return FALSE;
case XDLC_U:
/*
***************
*** 185,201 ****
control = pd[offset];
/*
! * Return the modifier as well as the XDLC_U bits, so that
! * our caller knows whether the packet is UI or something
! * else.
*/
! return control & (XDLC_U_MODIFIER_MASK|0x03);
default:
/*
! * Information frame.
*/
! return XDLC_I;
}
}
--- 210,224 ----
control = pd[offset];
/*
! * This frame has payload only if it's a UI frame.
*/
! return (control & XDLC_U_MODIFIER_MASK) == XDLC_UI;
default:
/*
! * Information frame - has higher-layer payload.
*/
! return TRUE;
}
}
***************
*** 297,304 ****
"Supervisory frame", NULL));
}
}
- return XDLC_S;
case XDLC_U:
/*
* Unnumbered frame.
--- 320,331 ----
"Supervisory frame", NULL));
}
}
+ /*
+ * Supervisory frames have no higher-layer payload to be analyzed.
+ */
+ return FALSE;
+
case XDLC_U:
/*
* Unnumbered frame.
***************
*** 349,359 ****
}
/*
! * Return the modifier as well as the XDLC_U bits, so that
! * our caller knows whether the packet is UI or something
! * else.
*/
! return control & (XDLC_U_MODIFIER_MASK|0x03);
default:
/*
--- 376,384 ----
}
/*
! * This frame has payload only if it's a UI frame.
*/
! return (control & XDLC_U_MODIFIER_MASK) == XDLC_UI;
default:
/*
***************
*** 415,420 ****
NULL, "Information frame"));
}
}
! return XDLC_I;
}
}
--- 440,449 ----
NULL, "Information frame"));
}
}
!
! /*
! * Information frames have higher-layer payload to be analyzed.
! */
! return TRUE;
}
}
Index: xdlc.h
===================================================================
RCS file: /usr/local/cvsroot/ethereal/xdlc.h,v
retrieving revision 1.2
diff -c -r1.2 xdlc.h
*** xdlc.h 1999/08/23 22:47:13 1.2
--- xdlc.h 1999/08/23 23:21:25
***************
*** 32,62 ****
#define XDLC_S 0x01 /* Supervisory frames */
#define XDLC_U 0x03 /* Unnumbered frames */
- /*
- * U-format modifiers.
- */
- #define XDLC_U_MODIFIER_MASK 0xEC
- #define XDLC_UI 0x00 /* Unnumbered Information */
- #define XDLC_UP 0x20 /* Unnumbered Poll */
- #define XDLC_DISC 0x40 /* Disconnect (command) */
- #define XDLC_RD 0x40 /* Request Disconnect (response) */
- #define XDLC_UA 0x60 /* Unnumbered Acknowledge */
- #define XDLC_SNRM 0x80 /* Set Normal Response Mode */
- #define XDLC_TEST 0xC0 /* Test */
- #define XDLC_SIM 0x04 /* Set Initialization Mode (command) */
- #define XDLC_RIM 0x04 /* Request Initialization Mode (response) */
- #define XDLC_FRMR 0x84 /* Frame reject */
- #define XDLC_CFGR 0xC4 /* Configure */
- #define XDLC_SARM 0x0C /* Set Asynchronous Response Mode (command) */
- #define XDLC_DM 0x0C /* Disconnected mode (response) */
- #define XDLC_SABM 0x2C /* Set Asynchronous Balanced Mode */
- #define XDLC_SARME 0x4C /* Set Asynchronous Response Mode Extended */
- #define XDLC_SABME 0x6C /* Set Asynchronous Balanced Mode Extended */
- #define XDLC_RESET 0x8C /* Reset */
- #define XDLC_XID 0xAC /* Exchange identification */
- #define XDLC_SNRME 0xCC /* Set Normal Response Mode Extended */
- #define XDLC_BCN 0xEC /* Beacon */
-
int get_xdlc_control(const u_char *pd, int offset, int is_response,
int extended);
--- 32,37 ----
- References:
- Re: [ethereal-users] Bad NETBIOS Packets
- From: Guy Harris
- Re: [ethereal-users] Bad NETBIOS Packets
- Prev by Date: Re: [ethereal-users] Bad NETBIOS Packets
- Next by Date: Re:[ethereal-users] Solaris 2.6 x86 compile error
- Previous by thread: Re: [ethereal-users] Bad NETBIOS Packets
- Next by thread: [ethereal-users] make problem
- Index(es):
