Ethereal-users: Re: [ethereal-users] Bad NETBIOS Packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 23 Aug 1999 16:24:41 -0700 (PDT)
> I've checked in a change to make the LLC dissector call the per-SAP, and
> SNAP per-Ethertype, dissectors only for I and UI frames, not for other
> frames.
> 
> (We may also want to do the same for LAPB.)
> 
> You can get that from the CVS tree if you can use anonymous CVS (see the
> Ethereal home page for information on that), or apply the following
> patch (this is the change checked into the CVS tree, your
> mileage^H^H^H^H^H^H^Hline numbers may vary):

Here's a subsequent patch - it fixes a bug wherein it wouldn't analyze
the payload of I frames, and has "get_xdlc_control()" and
"dissect_xdlc_control()" just return a Boolean indicating whether the
frame has a payload or not (it is a patch to be applied atop the
*previous* patch; it can't be applied to a vanilla 0.7.2 tree):

Index: packet-llc.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/packet-llc.c,v
retrieving revision 1.20
diff -c -r1.20 packet-llc.c
*** packet-llc.c	1999/08/23 22:47:13	1.20
--- packet-llc.c	1999/08/23 23:21:25
***************
*** 163,169 ****
  capture_llc(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) {
  
  	int		is_snap;
! 	int		control;
  	guint16		etype;
  	capture_func_t	*capture;
  
--- 163,169 ----
  capture_llc(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) {
  
  	int		is_snap;
! 	int		has_payload;
  	guint16		etype;
  	capture_func_t	*capture;
  
***************
*** 184,196 ****
  	 * extended operation, so we don't need to determine whether
  	 * it's basic or extended operation; is that the case?
  	 */
! 	control = get_xdlc_control(pd, offset+2, pd[offset+1] & 0x01, TRUE);
  
  	if (is_snap) {
! 		if (control == XDLC_I || control == (XDLC_U|XDLC_UI)) {
  			/*
! 			 * Unnumbered Information - analyze it based on
! 			 * the Ethernet packet type.
  			 */
  			etype  = (pd[offset+6] << 8) | pd[offset+7];
  			offset += 8;
--- 184,195 ----
  	 * extended operation, so we don't need to determine whether
  	 * it's basic or extended operation; is that the case?
  	 */
! 	has_payload = get_xdlc_control(pd, offset+2, pd[offset+1] & 0x01, TRUE);
  
  	if (is_snap) {
! 		if (has_payload) {
  			/*
! 			 * This frame has a payload to be analyzed.
  			 */
  			etype  = (pd[offset+6] << 8) | pd[offset+7];
  			offset += 8;
***************
*** 198,207 ****
  		}
  	}		
  	else {
! 		if (control == XDLC_I || control == (XDLC_U|XDLC_UI)) {
  			/*
! 			 * Unnumbered Information - analyze it based on
! 			 * the DSAP.
  			 */
  			capture = sap_capture_func(pd[offset]);
  
--- 197,205 ----
  		}
  	}		
  	else {
! 		if (has_payload) {
  			/*
! 			 * This frame has a payload to be analyzed.
  			 */
  			capture = sap_capture_func(pd[offset]);
  
***************
*** 224,230 ****
  	proto_tree	*llc_tree = NULL;
  	proto_item	*ti;
  	int		is_snap;
! 	int		control;
  	guint16		etype;
  	dissect_func_t	*dissect;
  
--- 222,228 ----
  	proto_tree	*llc_tree = NULL;
  	proto_item	*ti;
  	int		is_snap;
! 	int		has_payload;
  	guint16		etype;
  	dissect_func_t	*dissect;
  
***************
*** 257,264 ****
  	 * extended operation, so we don't need to determine whether
  	 * it's basic or extended operation; is that the case?
  	 */
! 	control = dissect_xdlc_control(pd, offset+2, fd, llc_tree, hf_llc_ctrl,
! 	    pd[offset+1] & 0x01, TRUE);
  
  	/*
  	 * XXX - do we want to append the SAP information to the stuff
--- 255,262 ----
  	 * extended operation, so we don't need to determine whether
  	 * it's basic or extended operation; is that the case?
  	 */
! 	has_payload = dissect_xdlc_control(pd, offset+2, fd, llc_tree,
! 				hf_llc_ctrl, pd[offset+1] & 0x01, TRUE);
  
  	/*
  	 * XXX - do we want to append the SAP information to the stuff
***************
*** 273,282 ****
  			proto_tree_add_item(llc_tree, hf_llc_oui, offset+3, 3,
  				pd[offset+3] << 16 | pd[offset+4] << 8 | pd[offset+5]);
  		}
! 		if (control == (XDLC_U|XDLC_UI)) {
  			/*
! 			 * Unnumbered Information - dissect it based on
! 			 * the Ethernet packet type.
  			 */
  			etype = pntohs(&pd[offset+6]);
  			offset += 8;
--- 271,279 ----
  			proto_tree_add_item(llc_tree, hf_llc_oui, offset+3, 3,
  				pd[offset+3] << 16 | pd[offset+4] << 8 | pd[offset+5]);
  		}
! 		if (has_payload) {
  			/*
! 			 * This frame has a payload to be analyzed.
  			 */
  			etype = pntohs(&pd[offset+6]);
  			offset += 8;
***************
*** 291,300 ****
  				val_to_str(pd[offset], sap_vals, "%02x"));
  		}
  
! 		if (control == (XDLC_U|XDLC_UI)) {
  			/*
! 			 * Unnumbered Information - dissect it based on
! 			 * the DSAP.
  			 */
  			dissect = sap_dissect_func(pd[offset]);
  
--- 288,296 ----
  				val_to_str(pd[offset], sap_vals, "%02x"));
  		}
  
! 		if (has_payload) {
  			/*
! 			 * This frame has a payload to be analyzed.
  			 */
  			dissect = sap_dissect_func(pd[offset]);
  
Index: xdlc.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/xdlc.c,v
retrieving revision 1.4
diff -c -r1.4 xdlc.c
*** xdlc.c	1999/08/23 22:47:13	1.4
--- xdlc.c	1999/08/23 23:21:25
***************
*** 66,71 ****
--- 66,96 ----
  #define XDLC_REJ		0x08	/* Reject */
  #define XDLC_SREJ		0x0C	/* Selective reject */
  
+ /*
+  * U-format modifiers.
+  */
+ #define XDLC_U_MODIFIER_MASK	0xEC
+ #define XDLC_UI		0x00	/* Unnumbered Information */
+ #define XDLC_UP		0x20	/* Unnumbered Poll */
+ #define XDLC_DISC	0x40	/* Disconnect (command) */
+ #define XDLC_RD		0x40	/* Request Disconnect (response) */
+ #define XDLC_UA		0x60	/* Unnumbered Acknowledge */
+ #define XDLC_SNRM	0x80	/* Set Normal Response Mode */
+ #define XDLC_TEST	0xC0	/* Test */
+ #define XDLC_SIM	0x04	/* Set Initialization Mode (command) */
+ #define XDLC_RIM	0x04	/* Request Initialization Mode (response) */
+ #define XDLC_FRMR	0x84	/* Frame reject */
+ #define XDLC_CFGR	0xC4	/* Configure */
+ #define XDLC_SARM	0x0C	/* Set Asynchronous Response Mode (command) */
+ #define XDLC_DM		0x0C	/* Disconnected mode (response) */
+ #define XDLC_SABM	0x2C	/* Set Asynchronous Balanced Mode */
+ #define XDLC_SARME	0x4C	/* Set Asynchronous Response Mode Extended */
+ #define XDLC_SABME	0x6C	/* Set Asynchronous Balanced Mode Extended */
+ #define XDLC_RESET	0x8C	/* Reset */
+ #define XDLC_XID	0xAC	/* Exchange identification */
+ #define XDLC_SNRME	0xCC	/* Set Normal Response Mode Extended */
+ #define XDLC_BCN	0xEC	/* Beacon */
+ 
  static const value_string stype_vals[] = {
      { XDLC_RR,   "Receiver ready" },
      { XDLC_RNR,  "Receiver not ready" },
***************
*** 167,175 ****
  
      case XDLC_S:
          /*
! 	 * Supervisory frame.
  	 */
! 	return XDLC_S;
  
      case XDLC_U:
  	/*
--- 192,200 ----
  
      case XDLC_S:
          /*
! 	 * Supervisory frame - no higher-layer payload.
  	 */
! 	return FALSE;
  
      case XDLC_U:
  	/*
***************
*** 185,201 ****
  	control = pd[offset];
  
  	/*
! 	 * Return the modifier as well as the XDLC_U bits, so that
! 	 * our caller knows whether the packet is UI or something
! 	 * else.
  	 */
! 	return control & (XDLC_U_MODIFIER_MASK|0x03);
  
      default:
  	/*
! 	 * Information frame.
  	 */
! 	return XDLC_I;
      }
  }
  
--- 210,224 ----
  	control = pd[offset];
  
  	/*
! 	 * This frame has payload only if it's a UI frame.
  	 */
! 	return (control & XDLC_U_MODIFIER_MASK) == XDLC_UI;
  
      default:
  	/*
! 	 * Information frame - has higher-layer payload.
  	 */
! 	return TRUE;
      }
  }
  
***************
*** 297,304 ****
  			"Supervisory frame", NULL));
  	    }
  	}
- 	return XDLC_S;
  
      case XDLC_U:
  	/*
  	 * Unnumbered frame.
--- 320,331 ----
  			"Supervisory frame", NULL));
  	    }
  	}
  
+ 	/*
+ 	 * Supervisory frames have no higher-layer payload to be analyzed.
+ 	 */
+ 	return FALSE;
+ 
      case XDLC_U:
  	/*
  	 * Unnumbered frame.
***************
*** 349,359 ****
  	}
  
  	/*
! 	 * Return the modifier as well as the XDLC_U bits, so that
! 	 * our caller knows whether the packet is UI or something
! 	 * else.
  	 */
! 	return control & (XDLC_U_MODIFIER_MASK|0x03);
  
      default:
  	/*
--- 376,384 ----
  	}
  
  	/*
! 	 * This frame has payload only if it's a UI frame.
  	 */
! 	return (control & XDLC_U_MODIFIER_MASK) == XDLC_UI;
  
      default:
  	/*
***************
*** 415,420 ****
  			NULL, "Information frame"));
  	    }
  	}
! 	return XDLC_I;
      }
  }
--- 440,449 ----
  			NULL, "Information frame"));
  	    }
  	}
! 
! 	/*
! 	 * Information frames have higher-layer payload to be analyzed.
! 	 */
! 	return TRUE;
      }
  }
Index: xdlc.h
===================================================================
RCS file: /usr/local/cvsroot/ethereal/xdlc.h,v
retrieving revision 1.2
diff -c -r1.2 xdlc.h
*** xdlc.h	1999/08/23 22:47:13	1.2
--- xdlc.h	1999/08/23 23:21:25
***************
*** 32,62 ****
  #define XDLC_S		0x01	/* Supervisory frames */
  #define XDLC_U		0x03	/* Unnumbered frames */
  
- /*
-  * U-format modifiers.
-  */
- #define XDLC_U_MODIFIER_MASK	0xEC
- #define XDLC_UI		0x00	/* Unnumbered Information */
- #define XDLC_UP		0x20	/* Unnumbered Poll */
- #define XDLC_DISC	0x40	/* Disconnect (command) */
- #define XDLC_RD		0x40	/* Request Disconnect (response) */
- #define XDLC_UA		0x60	/* Unnumbered Acknowledge */
- #define XDLC_SNRM	0x80	/* Set Normal Response Mode */
- #define XDLC_TEST	0xC0	/* Test */
- #define XDLC_SIM	0x04	/* Set Initialization Mode (command) */
- #define XDLC_RIM	0x04	/* Request Initialization Mode (response) */
- #define XDLC_FRMR	0x84	/* Frame reject */
- #define XDLC_CFGR	0xC4	/* Configure */
- #define XDLC_SARM	0x0C	/* Set Asynchronous Response Mode (command) */
- #define XDLC_DM		0x0C	/* Disconnected mode (response) */
- #define XDLC_SABM	0x2C	/* Set Asynchronous Balanced Mode */
- #define XDLC_SARME	0x4C	/* Set Asynchronous Response Mode Extended */
- #define XDLC_SABME	0x6C	/* Set Asynchronous Balanced Mode Extended */
- #define XDLC_RESET	0x8C	/* Reset */
- #define XDLC_XID	0xAC	/* Exchange identification */
- #define XDLC_SNRME	0xCC	/* Set Normal Response Mode Extended */
- #define XDLC_BCN	0xEC	/* Beacon */
- 
  int get_xdlc_control(const u_char *pd, int offset, int is_response,
    int extended);
  
--- 32,37 ----