Ethereal-users: Re: [ethereal-users] Bad NETBIOS Packets
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 23 Aug 1999 16:24:41 -0700 (PDT)
> I've checked in a change to make the LLC dissector call the per-SAP, and > SNAP per-Ethertype, dissectors only for I and UI frames, not for other > frames. > > (We may also want to do the same for LAPB.) > > You can get that from the CVS tree if you can use anonymous CVS (see the > Ethereal home page for information on that), or apply the following > patch (this is the change checked into the CVS tree, your > mileage^H^H^H^H^H^H^Hline numbers may vary): Here's a subsequent patch - it fixes a bug wherein it wouldn't analyze the payload of I frames, and has "get_xdlc_control()" and "dissect_xdlc_control()" just return a Boolean indicating whether the frame has a payload or not (it is a patch to be applied atop the *previous* patch; it can't be applied to a vanilla 0.7.2 tree): Index: packet-llc.c =================================================================== RCS file: /usr/local/cvsroot/ethereal/packet-llc.c,v retrieving revision 1.20 diff -c -r1.20 packet-llc.c *** packet-llc.c 1999/08/23 22:47:13 1.20 --- packet-llc.c 1999/08/23 23:21:25 *************** *** 163,169 **** capture_llc(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) { int is_snap; ! int control; guint16 etype; capture_func_t *capture; --- 163,169 ---- capture_llc(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) { int is_snap; ! int has_payload; guint16 etype; capture_func_t *capture; *************** *** 184,196 **** * extended operation, so we don't need to determine whether * it's basic or extended operation; is that the case? */ ! control = get_xdlc_control(pd, offset+2, pd[offset+1] & 0x01, TRUE); if (is_snap) { ! if (control == XDLC_I || control == (XDLC_U|XDLC_UI)) { /* ! * Unnumbered Information - analyze it based on ! * the Ethernet packet type. */ etype = (pd[offset+6] << 8) | pd[offset+7]; offset += 8; --- 184,195 ---- * extended operation, so we don't need to determine whether * it's basic or extended operation; is that the case? */ ! has_payload = get_xdlc_control(pd, offset+2, pd[offset+1] & 0x01, TRUE); if (is_snap) { ! if (has_payload) { /* ! * This frame has a payload to be analyzed. */ etype = (pd[offset+6] << 8) | pd[offset+7]; offset += 8; *************** *** 198,207 **** } } else { ! if (control == XDLC_I || control == (XDLC_U|XDLC_UI)) { /* ! * Unnumbered Information - analyze it based on ! * the DSAP. */ capture = sap_capture_func(pd[offset]); --- 197,205 ---- } } else { ! if (has_payload) { /* ! * This frame has a payload to be analyzed. */ capture = sap_capture_func(pd[offset]); *************** *** 224,230 **** proto_tree *llc_tree = NULL; proto_item *ti; int is_snap; ! int control; guint16 etype; dissect_func_t *dissect; --- 222,228 ---- proto_tree *llc_tree = NULL; proto_item *ti; int is_snap; ! int has_payload; guint16 etype; dissect_func_t *dissect; *************** *** 257,264 **** * extended operation, so we don't need to determine whether * it's basic or extended operation; is that the case? */ ! control = dissect_xdlc_control(pd, offset+2, fd, llc_tree, hf_llc_ctrl, ! pd[offset+1] & 0x01, TRUE); /* * XXX - do we want to append the SAP information to the stuff --- 255,262 ---- * extended operation, so we don't need to determine whether * it's basic or extended operation; is that the case? */ ! has_payload = dissect_xdlc_control(pd, offset+2, fd, llc_tree, ! hf_llc_ctrl, pd[offset+1] & 0x01, TRUE); /* * XXX - do we want to append the SAP information to the stuff *************** *** 273,282 **** proto_tree_add_item(llc_tree, hf_llc_oui, offset+3, 3, pd[offset+3] << 16 | pd[offset+4] << 8 | pd[offset+5]); } ! if (control == (XDLC_U|XDLC_UI)) { /* ! * Unnumbered Information - dissect it based on ! * the Ethernet packet type. */ etype = pntohs(&pd[offset+6]); offset += 8; --- 271,279 ---- proto_tree_add_item(llc_tree, hf_llc_oui, offset+3, 3, pd[offset+3] << 16 | pd[offset+4] << 8 | pd[offset+5]); } ! if (has_payload) { /* ! * This frame has a payload to be analyzed. */ etype = pntohs(&pd[offset+6]); offset += 8; *************** *** 291,300 **** val_to_str(pd[offset], sap_vals, "%02x")); } ! if (control == (XDLC_U|XDLC_UI)) { /* ! * Unnumbered Information - dissect it based on ! * the DSAP. */ dissect = sap_dissect_func(pd[offset]); --- 288,296 ---- val_to_str(pd[offset], sap_vals, "%02x")); } ! if (has_payload) { /* ! * This frame has a payload to be analyzed. */ dissect = sap_dissect_func(pd[offset]); Index: xdlc.c =================================================================== RCS file: /usr/local/cvsroot/ethereal/xdlc.c,v retrieving revision 1.4 diff -c -r1.4 xdlc.c *** xdlc.c 1999/08/23 22:47:13 1.4 --- xdlc.c 1999/08/23 23:21:25 *************** *** 66,71 **** --- 66,96 ---- #define XDLC_REJ 0x08 /* Reject */ #define XDLC_SREJ 0x0C /* Selective reject */ + /* + * U-format modifiers. + */ + #define XDLC_U_MODIFIER_MASK 0xEC + #define XDLC_UI 0x00 /* Unnumbered Information */ + #define XDLC_UP 0x20 /* Unnumbered Poll */ + #define XDLC_DISC 0x40 /* Disconnect (command) */ + #define XDLC_RD 0x40 /* Request Disconnect (response) */ + #define XDLC_UA 0x60 /* Unnumbered Acknowledge */ + #define XDLC_SNRM 0x80 /* Set Normal Response Mode */ + #define XDLC_TEST 0xC0 /* Test */ + #define XDLC_SIM 0x04 /* Set Initialization Mode (command) */ + #define XDLC_RIM 0x04 /* Request Initialization Mode (response) */ + #define XDLC_FRMR 0x84 /* Frame reject */ + #define XDLC_CFGR 0xC4 /* Configure */ + #define XDLC_SARM 0x0C /* Set Asynchronous Response Mode (command) */ + #define XDLC_DM 0x0C /* Disconnected mode (response) */ + #define XDLC_SABM 0x2C /* Set Asynchronous Balanced Mode */ + #define XDLC_SARME 0x4C /* Set Asynchronous Response Mode Extended */ + #define XDLC_SABME 0x6C /* Set Asynchronous Balanced Mode Extended */ + #define XDLC_RESET 0x8C /* Reset */ + #define XDLC_XID 0xAC /* Exchange identification */ + #define XDLC_SNRME 0xCC /* Set Normal Response Mode Extended */ + #define XDLC_BCN 0xEC /* Beacon */ + static const value_string stype_vals[] = { { XDLC_RR, "Receiver ready" }, { XDLC_RNR, "Receiver not ready" }, *************** *** 167,175 **** case XDLC_S: /* ! * Supervisory frame. */ ! return XDLC_S; case XDLC_U: /* --- 192,200 ---- case XDLC_S: /* ! * Supervisory frame - no higher-layer payload. */ ! return FALSE; case XDLC_U: /* *************** *** 185,201 **** control = pd[offset]; /* ! * Return the modifier as well as the XDLC_U bits, so that ! * our caller knows whether the packet is UI or something ! * else. */ ! return control & (XDLC_U_MODIFIER_MASK|0x03); default: /* ! * Information frame. */ ! return XDLC_I; } } --- 210,224 ---- control = pd[offset]; /* ! * This frame has payload only if it's a UI frame. */ ! return (control & XDLC_U_MODIFIER_MASK) == XDLC_UI; default: /* ! * Information frame - has higher-layer payload. */ ! return TRUE; } } *************** *** 297,304 **** "Supervisory frame", NULL)); } } - return XDLC_S; case XDLC_U: /* * Unnumbered frame. --- 320,331 ---- "Supervisory frame", NULL)); } } + /* + * Supervisory frames have no higher-layer payload to be analyzed. + */ + return FALSE; + case XDLC_U: /* * Unnumbered frame. *************** *** 349,359 **** } /* ! * Return the modifier as well as the XDLC_U bits, so that ! * our caller knows whether the packet is UI or something ! * else. */ ! return control & (XDLC_U_MODIFIER_MASK|0x03); default: /* --- 376,384 ---- } /* ! * This frame has payload only if it's a UI frame. */ ! return (control & XDLC_U_MODIFIER_MASK) == XDLC_UI; default: /* *************** *** 415,420 **** NULL, "Information frame")); } } ! return XDLC_I; } } --- 440,449 ---- NULL, "Information frame")); } } ! ! /* ! * Information frames have higher-layer payload to be analyzed. ! */ ! return TRUE; } } Index: xdlc.h =================================================================== RCS file: /usr/local/cvsroot/ethereal/xdlc.h,v retrieving revision 1.2 diff -c -r1.2 xdlc.h *** xdlc.h 1999/08/23 22:47:13 1.2 --- xdlc.h 1999/08/23 23:21:25 *************** *** 32,62 **** #define XDLC_S 0x01 /* Supervisory frames */ #define XDLC_U 0x03 /* Unnumbered frames */ - /* - * U-format modifiers. - */ - #define XDLC_U_MODIFIER_MASK 0xEC - #define XDLC_UI 0x00 /* Unnumbered Information */ - #define XDLC_UP 0x20 /* Unnumbered Poll */ - #define XDLC_DISC 0x40 /* Disconnect (command) */ - #define XDLC_RD 0x40 /* Request Disconnect (response) */ - #define XDLC_UA 0x60 /* Unnumbered Acknowledge */ - #define XDLC_SNRM 0x80 /* Set Normal Response Mode */ - #define XDLC_TEST 0xC0 /* Test */ - #define XDLC_SIM 0x04 /* Set Initialization Mode (command) */ - #define XDLC_RIM 0x04 /* Request Initialization Mode (response) */ - #define XDLC_FRMR 0x84 /* Frame reject */ - #define XDLC_CFGR 0xC4 /* Configure */ - #define XDLC_SARM 0x0C /* Set Asynchronous Response Mode (command) */ - #define XDLC_DM 0x0C /* Disconnected mode (response) */ - #define XDLC_SABM 0x2C /* Set Asynchronous Balanced Mode */ - #define XDLC_SARME 0x4C /* Set Asynchronous Response Mode Extended */ - #define XDLC_SABME 0x6C /* Set Asynchronous Balanced Mode Extended */ - #define XDLC_RESET 0x8C /* Reset */ - #define XDLC_XID 0xAC /* Exchange identification */ - #define XDLC_SNRME 0xCC /* Set Normal Response Mode Extended */ - #define XDLC_BCN 0xEC /* Beacon */ - int get_xdlc_control(const u_char *pd, int offset, int is_response, int extended); --- 32,37 ----
- References:
- Re: [ethereal-users] Bad NETBIOS Packets
- From: Guy Harris
- Re: [ethereal-users] Bad NETBIOS Packets
- Prev by Date: Re: [ethereal-users] Bad NETBIOS Packets
- Next by Date: Re:[ethereal-users] Solaris 2.6 x86 compile error
- Previous by thread: Re: [ethereal-users] Bad NETBIOS Packets
- Next by thread: [ethereal-users] make problem
- Index(es):