1 /* 2 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that: (1) source code distributions 7 * retain the above copyright notice and this paragraph in its entirety, (2) 8 * distributions including binary code include the above copyright notice and 9 * this paragraph in its entirety in the documentation or other materials 10 * provided with the distribution, and (3) all advertising materials mentioning 11 * features or use of this software display the following acknowledgement: 12 * ``This product includes software developed by the University of California, 13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 14 * the University nor the names of its contributors may be used to endorse 15 * or promote products derived from this software without specific prior 16 * written permission. 17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 20 * 21 * $FreeBSD$ 22 */ 23 24 #ifndef lint 25 static const char rcsid[] _U_ = 26 "@(#)$Header: /tcpdump/master/tcpdump/print-fr.c,v 1.32.2.4 2005/05/27 14:56:52 hannes Exp $ (LBL)"; 27 #endif 28 29 #ifdef HAVE_CONFIG_H 30 #include "config.h" 31 #endif 32 33 #include <tcpdump-stdinc.h> 34 35 #include <stdio.h> 36 #include <string.h> 37 #include <pcap.h> 38 39 #include "addrtoname.h" 40 #include "interface.h" 41 #include "ethertype.h" 42 #include "nlpid.h" 43 #include "extract.h" 44 #include "oui.h" 45 46 static void frf15_print(const u_char *, u_int); 47 48 /* 49 * the frame relay header has a variable length 50 * 51 * the EA bit determines if there is another byte 52 * in the header 53 * 54 * minimum header length is 2 bytes 55 * maximum header length is 4 bytes 56 * 57 * 7 6 5 4 3 2 1 0 58 * +----+----+----+----+----+----+----+----+ 59 * | DLCI (6 bits) | CR | EA | 60 * +----+----+----+----+----+----+----+----+ 61 * | DLCI (4 bits) |FECN|BECN| DE | EA | 62 * +----+----+----+----+----+----+----+----+ 63 * | DLCI (7 bits) | EA | 64 * +----+----+----+----+----+----+----+----+ 65 * | DLCI (6 bits) |SDLC| EA | 66 * +----+----+----+----+----+----+----+----+ 67 */ 68 69 #define FR_EA_BIT 0x01 70 71 #define FR_CR_BIT 0x02000000 72 #define FR_DE_BIT 0x00020000 73 #define FR_BECN_BIT 0x00040000 74 #define FR_FECN_BIT 0x00080000 75 #define FR_SDLC_BIT 0x00000002 76 77 78 struct tok fr_header_flag_values[] = { 79 { FR_CR_BIT, "C!" }, 80 { FR_DE_BIT, "DE" }, 81 { FR_BECN_BIT, "BECN" }, 82 { FR_FECN_BIT, "FECN" }, 83 { FR_SDLC_BIT, "sdlcore" }, 84 { 0, NULL } 85 }; 86 87 88 /* Finds out Q.922 address length, DLCI and flags. Returns 0 on success 89 * save the flags dep. on address length 90 */ 91 static int parse_q922_addr(const u_char *p, u_int *dlci, u_int *sdlcore, 92 u_int *addr_len, u_int8_t *flags) 93 { 94 if ((p[0] & FR_EA_BIT)) 95 return -1; 96 97 *addr_len = 2; 98 *dlci = ((p[0] & 0xFC) << 2) | ((p[1] & 0xF0) >> 4); 99 100 flags[0] = p[0] & 0x02; /* populate the first flag fields */ 101 flags[1] = p[1] & 0x0c; 102 103 if (p[1] & FR_EA_BIT) 104 return 0; /* 2-byte Q.922 address */ 105 106 p += 2; 107 (*addr_len)++; /* 3- or 4-byte Q.922 address */ 108 if ((p[0] & FR_EA_BIT) == 0) { 109 *dlci = (*dlci << 7) | (p[0] >> 1); 110 (*addr_len)++; /* 4-byte Q.922 address */ 111 p++; 112 } 113 114 if ((p[0] & FR_EA_BIT) == 0) 115 return -1; /* more than 4 bytes of Q.922 address? */ 116 117 flags[3] = p[0] & 0x02; 118 119 if (p[0] & 0x02) 120 *sdlcore = p[0] >> 2; 121 else 122 *dlci = (*dlci << 6) | (p[0] >> 2); 123 124 return 0; 125 } 126 127 /* Frame Relay packet structure, with flags and CRC removed 128 129 +---------------------------+ 130 | Q.922 Address* | 131 +-- --+ 132 | | 133 +---------------------------+ 134 | Control (UI = 0x03) | 135 +---------------------------+ 136 | Optional Pad (0x00) | 137 +---------------------------+ 138 | NLPID | 139 +---------------------------+ 140 | . | 141 | . | 142 | . | 143 | Data | 144 | . | 145 | . | 146 +---------------------------+ 147 148 * Q.922 addresses, as presently defined, are two octets and 149 contain a 10-bit DLCI. In some networks Q.922 addresses 150 may optionally be increased to three or four octets. 151 */ 152 153 static u_int 154 fr_hdrlen(const u_char *p, u_int addr_len) 155 { 156 if (!p[addr_len + 1] /* pad exist */) 157 return addr_len + 1 /* UI */ + 1 /* pad */ + 1 /* NLPID */; 158 else 159 return addr_len + 1 /* UI */ + 1 /* NLPID */; 160 } 161 162 static void 163 fr_hdr_print(int length, u_int addr_len, u_int dlci, u_int8_t *flags, u_int16_t nlpid) 164 { 165 if (qflag) { 166 (void)printf("Q.922, DLCI %u, length %u: ", 167 dlci, 168 length); 169 } else { 170 if (nlpid <= 0xff) /* if its smaller than 256 then its a NLPID */ 171 (void)printf("Q.922, hdr-len %u, DLCI %u, Flags [%s], NLPID %s (0x%02x), length %u: ", 172 addr_len, 173 dlci, 174 bittok2str(fr_header_flag_values, "none", EXTRACT_32BITS(flags)), 175 tok2str(nlpid_values,"unknown", nlpid), 176 nlpid, 177 length); 178 else /* must be an ethertype */ 179 (void)printf("Q.922, hdr-len %u, DLCI %u, Flags [%s], cisco-ethertype %s (0x%04x), length %u: ", 180 addr_len, 181 dlci, 182 bittok2str(fr_header_flag_values, "none", EXTRACT_32BITS(flags)), 183 tok2str(ethertype_values, "unknown", nlpid), 184 nlpid, 185 length); 186 } 187 } 188 189 u_int 190 fr_if_print(const struct pcap_pkthdr *h, register const u_char *p) 191 { 192 register u_int length = h->len; 193 register u_int caplen = h->caplen; 194 195 TCHECK2(*p, 4); /* minimum frame header length */ 196 197 if ((length = fr_print(p, length)) == 0) 198 return (0); 199 else 200 return length; 201 trunc: 202 printf("[|fr]"); 203 return caplen; 204 } 205 206 u_int 207 fr_print(register const u_char *p, u_int length) 208 { 209 u_int16_t extracted_ethertype; 210 u_int dlci; 211 u_int sdlcore; 212 u_int addr_len; 213 u_int16_t nlpid; 214 u_int hdr_len; 215 u_int8_t flags[4]; 216 217 if (parse_q922_addr(p, &dlci, &sdlcore, &addr_len, flags)) { 218 printf("Q.922, invalid address"); 219 return 0; 220 } 221 222 TCHECK2(*p,addr_len+1+1); 223 hdr_len = fr_hdrlen(p, addr_len); 224 TCHECK2(*p,hdr_len); 225 226 if (p[addr_len] != 0x03 && dlci != 0) { 227 228 /* lets figure out if we have cisco style encapsulation: */ 229 extracted_ethertype = EXTRACT_16BITS(p+addr_len); 230 231 if (eflag) 232 fr_hdr_print(length, addr_len, dlci, flags, extracted_ethertype); 233 234 if (ether_encap_print(extracted_ethertype, 235 p+addr_len+ETHERTYPE_LEN, 236 length-addr_len-ETHERTYPE_LEN, 237 length-addr_len-ETHERTYPE_LEN, 238 &extracted_ethertype) == 0) 239 /* ether_type not known, probably it wasn't one */ 240 printf("UI %02x! ", p[addr_len]); 241 else 242 return hdr_len; 243 } 244 245 if (!p[addr_len + 1]) { /* pad byte should be used with 3-byte Q.922 */ 246 if (addr_len != 3) 247 printf("Pad! "); 248 } else if (addr_len == 3) 249 printf("No pad! "); 250 251 nlpid = p[hdr_len - 1]; 252 253 if (eflag) 254 fr_hdr_print(length, addr_len, dlci, flags, nlpid); 255 256 p += hdr_len; 257 length -= hdr_len; 258 259 switch (nlpid) { 260 case NLPID_IP: 261 ip_print(gndo, p, length); 262 break; 263 264 #ifdef INET6 265 case NLPID_IP6: 266 ip6_print(p, length); 267 break; 268 #endif 269 case NLPID_CLNP: 270 case NLPID_ESIS: 271 case NLPID_ISIS: 272 isoclns_print(p-1, length+1, length+1); /* OSI printers need the NLPID field */ 273 break; 274 275 case NLPID_SNAP: 276 if (snap_print(p, length, length, &extracted_ethertype, 0) == 0) { 277 /* ether_type not known, print raw packet */ 278 if (!eflag) 279 fr_hdr_print(length + hdr_len, hdr_len, 280 dlci, flags, nlpid); 281 if (!xflag && !qflag) 282 default_print(p - hdr_len, length + hdr_len); 283 } 284 break; 285 286 case NLPID_Q933: 287 q933_print(p, length); 288 break; 289 290 case NLPID_MFR: 291 frf15_print(p, length); 292 break; 293 294 default: 295 if (!eflag) 296 fr_hdr_print(length + hdr_len, addr_len, 297 dlci, flags, nlpid); 298 if (!xflag) 299 default_print(p, length); 300 } 301 302 return hdr_len; 303 304 trunc: 305 printf("[|fr]"); 306 return 0; 307 308 } 309 310 /* an NLPID of 0xb1 indicates a 2-byte 311 * FRF.15 header 312 * 313 * 7 6 5 4 3 2 1 0 314 * +----+----+----+----+----+----+----+----+ 315 * ~ Q.922 header ~ 316 * +----+----+----+----+----+----+----+----+ 317 * | NLPID (8 bits) | NLPID=0xb1 318 * +----+----+----+----+----+----+----+----+ 319 * | B | E | C |seq. (high 4 bits) | R | 320 * +----+----+----+----+----+----+----+----+ 321 * | sequence (low 8 bits) | 322 * +----+----+----+----+----+----+----+----+ 323 */ 324 325 struct tok frf15_flag_values[] = { 326 { 0x80, "Begin" }, 327 { 0x40, "End" }, 328 { 0x20, "Control" }, 329 { 0, NULL } 330 }; 331 332 #define FR_FRF15_FRAGTYPE 0x01 333 334 static void 335 frf15_print (const u_char *p, u_int length) { 336 337 u_int16_t sequence_num, flags; 338 339 flags = p[0]&0xe0; 340 sequence_num = (p[0]&0x1e)<<7 | p[1]; 341 342 printf("FRF.15, seq 0x%03x, Flags [%s],%s Fragmentation, length %u", 343 sequence_num, 344 bittok2str(frf15_flag_values,"none",flags), 345 flags&FR_FRF15_FRAGTYPE ? "Interface" : "End-to-End", 346 length); 347 348 /* TODO: 349 * depending on all permutations of the B, E and C bit 350 * dig as deep as we can - e.g. on the first (B) fragment 351 * there is enough payload to print the IP header 352 * on non (B) fragments it depends if the fragmentation 353 * model is end-to-end or interface based wether we want to print 354 * another Q.922 header 355 */ 356 357 } 358 359 /* 360 * Q.933 decoding portion for framerelay specific. 361 */ 362 363 /* Q.933 packet format 364 Format of Other Protocols 365 using Q.933 NLPID 366 +-------------------------------+ 367 | Q.922 Address | 368 +---------------+---------------+ 369 |Control 0x03 | NLPID 0x08 | 370 +---------------+---------------+ 371 | L2 Protocol ID | 372 | octet 1 | octet 2 | 373 +-------------------------------+ 374 | L3 Protocol ID | 375 | octet 2 | octet 2 | 376 +-------------------------------+ 377 | Protocol Data | 378 +-------------------------------+ 379 | FCS | 380 +-------------------------------+ 381 */ 382 383 /* L2 (Octet 1)- Call Reference Usually is 0x0 */ 384 385 /* 386 * L2 (Octet 2)- Message Types definition 1 byte long. 387 */ 388 /* Call Establish */ 389 #define MSG_TYPE_ESC_TO_NATIONAL 0x00 390 #define MSG_TYPE_ALERT 0x01 391 #define MSG_TYPE_CALL_PROCEEDING 0x02 392 #define MSG_TYPE_CONNECT 0x07 393 #define MSG_TYPE_CONNECT_ACK 0x0F 394 #define MSG_TYPE_PROGRESS 0x03 395 #define MSG_TYPE_SETUP 0x05 396 /* Call Clear */ 397 #define MSG_TYPE_DISCONNECT 0x45 398 #define MSG_TYPE_RELEASE 0x4D 399 #define MSG_TYPE_RELEASE_COMPLETE 0x5A 400 #define MSG_TYPE_RESTART 0x46 401 #define MSG_TYPE_RESTART_ACK 0x4E 402 /* Status */ 403 #define MSG_TYPE_STATUS 0x7D 404 #define MSG_TYPE_STATUS_ENQ 0x75 405 406 struct tok fr_q933_msg_values[] = { 407 { MSG_TYPE_ESC_TO_NATIONAL, "ESC to National" }, 408 { MSG_TYPE_ALERT, "Alert" }, 409 { MSG_TYPE_CALL_PROCEEDING, "Call proceeding" }, 410 { MSG_TYPE_CONNECT, "Connect" }, 411 { MSG_TYPE_CONNECT_ACK, "Connect ACK" }, 412 { MSG_TYPE_PROGRESS, "Progress" }, 413 { MSG_TYPE_SETUP, "Setup" }, 414 { MSG_TYPE_DISCONNECT, "Disconnect" }, 415 { MSG_TYPE_RELEASE, "Release" }, 416 { MSG_TYPE_RELEASE_COMPLETE, "Release Complete" }, 417 { MSG_TYPE_RESTART, "Restart" }, 418 { MSG_TYPE_RESTART_ACK, "Restart ACK" }, 419 { MSG_TYPE_STATUS, "Status Reply" }, 420 { MSG_TYPE_STATUS_ENQ, "Status Enquiry" }, 421 { 0, NULL } 422 }; 423 424 #define MSG_ANSI_LOCKING_SHIFT 0x95 425 426 #define FR_LMI_ANSI_REPORT_TYPE_IE 0x01 427 #define FR_LMI_ANSI_LINK_VERIFY_IE_91 0x19 /* details? */ 428 #define FR_LMI_ANSI_LINK_VERIFY_IE 0x03 429 #define FR_LMI_ANSI_PVC_STATUS_IE 0x07 430 431 #define FR_LMI_CCITT_REPORT_TYPE_IE 0x51 432 #define FR_LMI_CCITT_LINK_VERIFY_IE 0x53 433 #define FR_LMI_CCITT_PVC_STATUS_IE 0x57 434 435 struct tok fr_q933_ie_values_codeset5[] = { 436 { FR_LMI_ANSI_REPORT_TYPE_IE, "ANSI Report Type" }, 437 { FR_LMI_ANSI_LINK_VERIFY_IE_91, "ANSI Link Verify" }, 438 { FR_LMI_ANSI_LINK_VERIFY_IE, "ANSI Link Verify" }, 439 { FR_LMI_ANSI_PVC_STATUS_IE, "ANSI PVC Status" }, 440 { FR_LMI_CCITT_REPORT_TYPE_IE, "CCITT Report Type" }, 441 { FR_LMI_CCITT_LINK_VERIFY_IE, "CCITT Link Verify" }, 442 { FR_LMI_CCITT_PVC_STATUS_IE, "CCITT PVC Status" }, 443 { 0, NULL } 444 }; 445 446 #define FR_LMI_REPORT_TYPE_IE_FULL_STATUS 0 447 #define FR_LMI_REPORT_TYPE_IE_LINK_VERIFY 1 448 #define FR_LMI_REPORT_TYPE_IE_ASYNC_PVC 2 449 450 struct tok fr_lmi_report_type_ie_values[] = { 451 { FR_LMI_REPORT_TYPE_IE_FULL_STATUS, "Full Status" }, 452 { FR_LMI_REPORT_TYPE_IE_LINK_VERIFY, "Link verify" }, 453 { FR_LMI_REPORT_TYPE_IE_ASYNC_PVC, "Async PVC Status" }, 454 { 0, NULL } 455 }; 456 457 /* array of 16 codepages - currently we only support codepage 5 */ 458 static struct tok *fr_q933_ie_codesets[] = { 459 NULL, 460 NULL, 461 NULL, 462 NULL, 463 NULL, 464 fr_q933_ie_values_codeset5, 465 NULL, 466 NULL, 467 NULL, 468 NULL, 469 NULL, 470 NULL, 471 NULL, 472 NULL, 473 NULL, 474 NULL 475 }; 476 477 478 struct common_ie_header { 479 u_int8_t ie_id; 480 u_int8_t ie_len; 481 }; 482 483 static int fr_q933_print_ie_codeset5(const struct common_ie_header *ie_p, 484 const u_char *p); 485 486 typedef int (*codeset_pr_func_t)(const struct common_ie_header *ie_p, 487 const u_char *p); 488 489 /* array of 16 codepages - currently we only support codepage 5 */ 490 static codeset_pr_func_t fr_q933_print_ie_codeset[] = { 491 NULL, 492 NULL, 493 NULL, 494 NULL, 495 NULL, 496 fr_q933_print_ie_codeset5, 497 NULL, 498 NULL, 499 NULL, 500 NULL, 501 NULL, 502 NULL, 503 NULL, 504 NULL, 505 NULL, 506 NULL 507 }; 508 509 void 510 q933_print(const u_char *p, u_int length) 511 { 512 const u_char *ptemp = p; 513 struct common_ie_header *ie_p; 514 int olen; 515 int is_ansi = 0; 516 u_int codeset; 517 518 if (length < 9) { /* shortest: Q.933a LINK VERIFY */ 519 printf("[|q.933]"); 520 return; 521 } 522 523 codeset = p[2]&0x0f; /* extract the codeset */ 524 525 if (p[2] == MSG_ANSI_LOCKING_SHIFT) 526 is_ansi = 1; 527 528 printf("%s", eflag ? "" : "Q.933, "); 529 530 /* printing out header part */ 531 printf(is_ansi ? "ANSI" : "CCITT"); 532 533 if (p[0]) 534 printf(", Call Ref: 0x%02x", p[0]); 535 536 if (vflag) 537 printf(", %s (0x%02x), length %u", 538 tok2str(fr_q933_msg_values,"unknown message",p[1]), 539 p[1], 540 length); 541 else 542 printf(", %s", 543 tok2str(fr_q933_msg_values,"unknown message 0x%02x",p[1])); 544 545 olen = length; /* preserve the original length for non verbose mode */ 546 547 if (length < (u_int)(2 - is_ansi)) { 548 printf("[|q.933]"); 549 return; 550 } 551 length -= 2 - is_ansi; 552 ptemp += 2 + is_ansi; 553 554 /* Loop through the rest of IE */ 555 while (length > sizeof(struct common_ie_header)) { 556 ie_p = (struct common_ie_header *)ptemp; 557 if (length < sizeof(struct common_ie_header) || 558 length < sizeof(struct common_ie_header) + ie_p->ie_len) { 559 if (vflag) /* not bark if there is just a trailer */ 560 printf("\n[|q.933]"); 561 else 562 printf(", length %u",olen); 563 return; 564 } 565 566 /* lets do the full IE parsing only in verbose mode 567 * however some IEs (DLCI Status, Link Verify) 568 * are also intereststing in non-verbose mode */ 569 if (vflag) 570 printf("\n\t%s IE (%u), length %u: ", 571 tok2str(fr_q933_ie_codesets[codeset],"unknown",ie_p->ie_id), 572 ie_p->ie_id, 573 ie_p->ie_len); 574 575 if (!fr_q933_print_ie_codeset[codeset] || 576 (*fr_q933_print_ie_codeset[codeset])(ie_p, ptemp)) { 577 if (vflag <= 1) 578 print_unknown_data(ptemp+2,"\n\t",ie_p->ie_len); 579 } 580 581 /* do we want to see a hexdump of the IE ? */ 582 if (vflag> 1) 583 print_unknown_data(ptemp+2,"\n\t ",ie_p->ie_len); 584 585 length = length - ie_p->ie_len - 2; 586 ptemp = ptemp + ie_p->ie_len + 2; 587 } 588 if (!vflag) 589 printf(", length %u",olen); 590 } 591 592 static int 593 fr_q933_print_ie_codeset5(const struct common_ie_header *ie_p, const u_char *p) 594 { 595 u_int dlci; 596 597 switch (ie_p->ie_id) { 598 599 case FR_LMI_ANSI_REPORT_TYPE_IE: /* fall through */ 600 case FR_LMI_CCITT_REPORT_TYPE_IE: 601 if (vflag) 602 printf("%s (%u)", 603 tok2str(fr_lmi_report_type_ie_values,"unknown",p[2]), 604 p[2]); 605 return 1; 606 607 case FR_LMI_ANSI_LINK_VERIFY_IE: /* fall through */ 608 case FR_LMI_CCITT_LINK_VERIFY_IE: 609 case FR_LMI_ANSI_LINK_VERIFY_IE_91: 610 if (!vflag) 611 printf(", "); 612 printf("TX Seq: %3d, RX Seq: %3d", p[2], p[3]); 613 return 1; 614 615 case FR_LMI_ANSI_PVC_STATUS_IE: /* fall through */ 616 case FR_LMI_CCITT_PVC_STATUS_IE: 617 if (!vflag) 618 printf(", "); 619 /* now parse the DLCI information element. */ 620 if ((ie_p->ie_len < 3) || 621 (p[2] & 0x80) || 622 ((ie_p->ie_len == 3) && !(p[3] & 0x80)) || 623 ((ie_p->ie_len == 4) && ((p[3] & 0x80) || !(p[4] & 0x80))) || 624 ((ie_p->ie_len == 5) && ((p[3] & 0x80) || (p[4] & 0x80) || 625 !(p[5] & 0x80))) || 626 (ie_p->ie_len > 5) || 627 !(p[ie_p->ie_len + 1] & 0x80)) 628 printf("Invalid DLCI IE"); 629 630 dlci = ((p[2] & 0x3F) << 4) | ((p[3] & 0x78) >> 3); 631 if (ie_p->ie_len == 4) 632 dlci = (dlci << 6) | ((p[4] & 0x7E) >> 1); 633 else if (ie_p->ie_len == 5) 634 dlci = (dlci << 13) | (p[4] & 0x7F) | ((p[5] & 0x7E) >> 1); 635 636 printf("DLCI %u: status %s%s", dlci, 637 p[ie_p->ie_len + 1] & 0x8 ? "New, " : "", 638 p[ie_p->ie_len + 1] & 0x2 ? "Active" : "Inactive"); 639 return 1; 640 } 641 642 return 0; 643 } 644