Hi,
I have prepared a patch (attached below) for tcpdump/print-fr.c. It isn't
a small change, so I understand it may be unacceptable in current form.
Comments will be appreciated.
I've also attached test dumps from CCITT and ANSI LMI packet exchange
and a test ping (IP on FR) dump. Tested with Linux.
Changes:
1. Unused things (mbuf, rtentry, #include "addrtoname.h") have been removed.
2. I've dropped FR_CR_BIT etc. definitions as they have only meaning in
specific location in Q.922 address. FR_EA_BIT is still there as it's
used by all Q.922 bytes.
3. a new parse_q922_addr() parses the whole Q.922 address structure
and produces DLCI, Q.922 byte count and flags in ASCII. While I can't
test 3- and 4-byte Q.922 addresses (using only default 2-byte ones),
they are supported.
4. I've trimmed comments regarding HDLC flags and CRC/FCS bytes in FR
packet. They are wire-only things and as such are never seen by
libpcap/tcpdump.
5. Changed NLPID_LMI into NLPID_CISCO_LMI and NLPID_Q933 into NLPID_LMI
(the latter is used by both ANSI (T1.617 annex D) and CCITT (Q.933
annex A) LMI).
6. fr_hdrlen() now correctly returns FR header length (4 - 6 bytes,
7 bytes with 4-byte Q.922 and incorrectly used pad byte).
7. I've changed output text formatting: "xxx-value-yyy-value" into
"xxx value, yyy value", to be consistent with Ethernet.
Not sure if it's correct.
8. added IPv6 support
9. q933_print() now reads lmi_print()
10. CCITT (Q.933 annex A) LMI is now supported, and both CCITT and ANSI
fields are now correctly displayed
10. lmi_print() no longer prints constant fields (such as always zeroed
Q.922 C/R bit or LMI Call Reference byte) unless they are set
incorrectly.
11. I've added ANSI_ and CCITT_ prefixes to appropriate #defines.
12. a new parse_dlci_el() should handle all (10, 16 and 23-bit)
DLCIs correctly (corresponding to 2, 3 and 4-byte Q.922 addresses,
respectively).
With CCITT LMI tcpdump now produces something like:
00:31:01.165621 DLCI 0, LMI, length 9: CCITT STATUS ENQUIRY
IE: 51 Len: 1, LINK VERIFY
IE: 53 Len: 2, TX Seq: 9, RX Seq: 8
00:31:01.166077 DLCI 0, LMI, length 24: CCITT STATUS REPLY
IE: 51 Len: 1, FULL STATUS
IE: 53 Len: 2, TX Seq: 9, RX Seq: 9
IE: 57 Len: 3, DLCI 101: status Active
IE: 57 Len: 3, DLCI 102: status Inactive
IE: 57 Len: 3, DLCI 110: status Active
00:31:11.164085 DLCI 0, LMI, length 9: CCITT STATUS ENQUIRY
IE: 51 Len: 1, LINK VERIFY
IE: 53 Len: 2, TX Seq: 10, RX Seq: 9
00:31:11.164474 DLCI 0, LMI, length 9: CCITT STATUS REPLY
IE: 51 Len: 1, LINK VERIFY
IE: 53 Len: 2, TX Seq: 10, RX Seq: 10
With ANSI:
00:26:44.535636 DLCI 0, LMI, length 10: ANSI STATUS ENQUIRY
IE: 01 Len: 1, FULL STATUS
IE: 03 Len: 2, TX Seq: 83, RX Seq: 81
00:26:44.536103 DLCI 0, LMI, length 25: ANSI STATUS REPLY
IE: 01 Len: 1, FULL STATUS
IE: 03 Len: 2, TX Seq: 82, RX Seq: 83
IE: 07 Len: 3, DLCI 101: status Active
IE: 07 Len: 3, DLCI 102: status Inactive
IE: 07 Len: 3, DLCI 110: status Active
00:26:54.534114 DLCI 0, LMI, length 10: ANSI STATUS ENQUIRY
IE: 01 Len: 1, LINK VERIFY
IE: 03 Len: 2, TX Seq: 84, RX Seq: 82
00:26:54.534521 DLCI 0, LMI, length 10: ANSI STATUS REPLY
IE: 01 Len: 1, LINK VERIFY
IE: 03 Len: 2, TX Seq: 83, RX Seq: 84
ping shows:
19:24:53.652794 DLCI 101, IP, length 84: IP (tos 0x0, ttl 64, id 6 ...
--
Krzysztof Halasa, B*FH
--- tcpdump/print-fr.c.orig 2003-08-13 04:28:21.000000000 +0200
+++ tcpdump/print-fr.c 2003-10-12 01:40:10.000000000 +0200
@@ -30,41 +30,18 @@
#include <tcpdump-stdinc.h>
-struct mbuf;
-struct rtentry;
-
#include <stdio.h>
#include <string.h>
#include <pcap.h>
#include "interface.h"
-#include "addrtoname.h"
#include "ethertype.h"
#include "extract.h"
-static void q933_print(const u_char *, int);
-
-#define FR_CR_BIT 0x02
-#define FR_EA_BIT(p) ((p)&0x01)
-#define FR_FECN 0x08
-#define FR_BECN 0x04
-#define FR_DE 0x02
-#define FR_DLCI(b0, b1) ((((b0)&0xFC)<<2)+(((b1)&0xF0)>>4))
-
-/* find out how many bytes are there in a frame */
-static u_int
-fr_addr_len(const u_char *p)
-{
- u_int i=0;
-
- while (!FR_EA_BIT(p[i]) && i++ && !FR_EA_BIT(p[i+1])) i++;
- return (i+1);
-}
+static void lmi_print(const u_char *, int);
-/* the following is for framerelay */
-#define NLPID_LEN 1 /* NLPID is one byte long */
-#define NLPID_Q933 0x08
-#define NLPID_LMI 0x09
+#define NLPID_LMI 0x08 /* ANSI T1.617 Annex D or ITU-T Q.933 Annex A */
+#define NLPID_CISCO_LMI 0x09 /* The original, aka Cisco, aka Gang of Four */
#define NLPID_SNAP 0x80
#define NLPID_CLNP 0x81
#define NLPID_ESIS 0x82
@@ -72,8 +49,62 @@
#define NLPID_CONS 0x84
#define NLPID_IDRP 0x85
#define NLPID_X25_ESIS 0x8a
+#define NLPID_IPV6 0x8e
#define NLPID_IP 0xcc
+#define FR_EA_BIT 0x01
+
+
+/* Finds out Q.922 address length, DLCI and flags. Returns 0 on success */
+static int parse_q922_addr(const u_char *p, u_int *dlci, u_int *addr_len,
+ char **flags_ptr)
+{
+ static char flags[32];
+ size_t len;
+
+ if ((p[0] & FR_EA_BIT))
+ return -1;
+
+ *flags_ptr = flags;
+ *addr_len = 2;
+ *dlci = ((p[0] & 0xFC) << 2) | ((p[1] & 0xF0) >> 4);
+
+ strcpy(flags, (p[0] & 0x02) ? "C!, " : "");
+ if (p[1] & 0x08)
+ strcat(flags, "FECN, ");
+ if (p[1] & 0x04)
+ strcat(flags, "BECN, ");
+ if (p[1] & 0x02)
+ strcat(flags, "DE, ");
+
+ len = strlen(flags);
+ if (len > 1)
+ flags[len - 2] = '\x0'; /* delete trailing comma and space */
+
+ if (p[1] & FR_EA_BIT)
+ return 0; /* 2-byte Q.922 address */
+
+ p += 2;
+ *addr_len++; /* 3- or 4-byte Q.922 address */
+ if (p[0] & FR_EA_BIT == 0) {
+ *dlci = (*dlci << 7) | (p[0] >> 1);
+ *addr_len++; /* 4-byte Q.922 address */
+ p++;
+ }
+
+ if (p[0] & FR_EA_BIT == 0)
+ return -1; /* more than 4 bytes of Q.922 address? */
+
+ if (p[0] & 0x02) {
+ len = strlen(flags);
+ snprintf(flags + len, sizeof(flags) - len,
+ "%sdlcore %x", len ? ", " : "", p[0] >> 2);
+ } else
+ *dlci = (*dlci << 6) | (p[0] >> 2);
+
+ return 0;
+}
+
static const char *fr_nlpids[256];
@@ -86,8 +117,8 @@
if (!fr_nlpid_flag) {
for (i=0; i < 256; i++)
fr_nlpids[i] = NULL;
- fr_nlpids[NLPID_Q933] = "Q.933";
fr_nlpids[NLPID_LMI] = "LMI";
+ fr_nlpids[NLPID_CISCO_LMI] = "Cisco LMI";
fr_nlpids[NLPID_SNAP] = "SNAP";
fr_nlpids[NLPID_CLNP] = "CLNP";
fr_nlpids[NLPID_ESIS] = "ESIS";
@@ -100,11 +131,8 @@
fr_nlpid_flag = 1;
}
-/* Framerelay packet structure */
+/* Frame Relay packet structure, with flags and CRC removed
-/*
- +---------------------------+
- | flag (7E hexadecimal) |
+---------------------------+
| Q.922 Address* |
+-- --+
@@ -123,12 +151,6 @@
| . |
| . |
+---------------------------+
- | Frame Check Sequence |
- +-- . --+
- | (two octets) |
- +---------------------------+
- | flag (7E hexadecimal) |
- +---------------------------+
* Q.922 addresses, as presently defined, are two octets and
contain a 10-bit DLCI. In some networks Q.922 addresses
@@ -133,52 +155,16 @@
* Q.922 addresses, as presently defined, are two octets and
contain a 10-bit DLCI. In some networks Q.922 addresses
may optionally be increased to three or four octets.
-
*/
-#define FR_PROTOCOL(p) fr_protocol((p))
-
static u_int
-fr_hdrlen(const u_char *p)
-{
- u_int hlen;
- hlen = fr_addr_len(p)+1; /* addr_len + 0x03 + padding */
- if (p[hlen])
- return hlen;
- else
- return hlen+1;
-}
-
-#define LAYER2_LEN(p) (fr_hdrlen((p))+NLPID_LEN)
-
-static int
-fr_protocol(const u_char *p)
+fr_hdrlen(const u_char *p, u_int addr_len, u_int caplen)
{
- int hlen;
-
- hlen = fr_addr_len(p) + 1;
- if (p[hlen]) /* check for padding */
- return p[hlen];
+ if ((caplen > addr_len + 1 /* UI */ + 1 /* pad */) &&
+ !p[addr_len + 1] /* pad exist */)
+ return addr_len + 1 /* UI */ + 1 /* pad */ + 1 /* NLPID */;
else
- return p[hlen+1];
-}
-
-static char *
-fr_flags(const u_char *p)
-{
- static char flags[1+1+4+1+4+1+2+1];
-
- if (p[0] & FR_CR_BIT)
- strlcpy(flags, "C", sizeof(flags));
- else
- strlcpy(flags, "R", sizeof(flags));
- if (p[1] & FR_FECN)
- strlcat(flags, ",FECN", sizeof(flags));
- if (p[1] & FR_BECN)
- strlcat(flags, ",BECN", sizeof(flags));
- if (p[1] & FR_DE)
- strlcat(flags, ",DE", sizeof(flags));
- return flags;
+ return addr_len + 1 /* UI */ + 1 /* NLPID */;
}
static const char *
@@ -186,29 +172,26 @@
{
static char buf[5+1+2+1];
+ init_fr_nlpids();
+
if (nflag || fr_nlpids[proto] == NULL) {
- snprintf(buf, sizeof(buf), "proto-%02x", proto);
+ snprintf(buf, sizeof(buf), "proto %02x", proto);
return buf;
}
return fr_nlpids[proto];
}
static void
-fr_hdr_print(const u_char *p, int length)
+fr_hdr_print(const u_char *p, int length, u_int dlci, char *flags,
+ u_char nlpid)
{
- u_int8_t proto;
-
- proto = FR_PROTOCOL(p);
-
- init_fr_nlpids();
- /* this is kinda kludge since it assumed that DLCI is two bytes. */
if (qflag)
- (void)printf("DLCI-%u-%s %d: ",
- FR_DLCI(p[0], p[1]), fr_flags(p), length);
+ (void)printf("DLCI %u, %s%slength %d: ",
+ dlci, flags, *flags ? ", " : "", length);
else
- (void)printf("DLCI-%u-%s %s %d: ",
- FR_DLCI(p[0], p[1]), fr_flags(p),
- fr_protostring(proto), length);
+ (void)printf("DLCI %u, %s%s%s, length %d: ",
+ dlci, flags, *flags ? ", " : "",
+ fr_protostring(nlpid), length);
}
u_int
@@ -216,32 +199,59 @@
{
register u_int length = h->len;
register u_int caplen = h->caplen;
- u_char protocol;
- int layer2_len;
u_short extracted_ethertype;
u_int32_t orgcode;
register u_short et;
+ int dlci, addr_len, cr, fecn, becn, de, dlcore;
+ u_char nlpid;
+ u_int hdr_len;
+ char *flags;
- if (caplen < fr_hdrlen(p)) {
+ if (caplen < 4) { /* minimum frame header length */
printf("[|fr]");
- return (caplen);
+ return caplen;
}
- if (eflag)
- fr_hdr_print(p, length);
+ if (parse_q922_addr(p, &dlci, &addr_len, &flags)) {
+ printf("Invalid Q.922 address");
+ return caplen;
+ }
+
+ hdr_len = fr_hdrlen(p, addr_len, caplen);
+
+ if (caplen < hdr_len) {
+ printf("[|fr]");
+ return caplen;
+ }
- protocol = FR_PROTOCOL(p);
- layer2_len = LAYER2_LEN(p);
- p += layer2_len;
- length -= layer2_len;
- caplen -= layer2_len;
+ if (p[addr_len] != 0x03)
+ printf("UI %02x! ", p[addr_len]);
- switch (protocol) {
+ if (!p[addr_len + 1]) { /* pad byte should be used with 3-byte Q.922 */
+ if (addr_len != 3)
+ printf("Pad! ");
+ } else if (addr_len == 3)
+ printf("No pad! ");
+ nlpid = p[hdr_len - 1];
+
+ p += hdr_len;
+ length -= hdr_len;
+ caplen -= hdr_len;
+
+ if (eflag)
+ fr_hdr_print(p, length, dlci, flags, nlpid);
+
+ switch (nlpid) {
case NLPID_IP:
ip_print(p, length);
break;
+#ifdef INET6
+ case NLPID_IPV6:
+ ip6_print(p, length);
+ break;
+#endif
case NLPID_CLNP:
case NLPID_ESIS:
case NLPID_ISIS:
@@ -256,28 +266,30 @@
0) == 0) {
/* ether_type not known, print raw packet */
if (!eflag)
- fr_hdr_print(p - layer2_len, length + layer2_len);
+ fr_hdr_print(p - hdr_len, length + hdr_len,
+ dlci, flags, nlpid);
if (extracted_ethertype) {
printf("(SNAP %s) ",
etherproto_string(htons(extracted_ethertype)));
}
if (!xflag && !qflag)
- default_print(p - layer2_len, caplen + layer2_len);
+ default_print(p - hdr_len, caplen + hdr_len);
}
break;
- case NLPID_Q933:
- q933_print(p, length);
+ case NLPID_LMI:
+ lmi_print(p, length);
break;
default:
if (!eflag)
- fr_hdr_print(p - layer2_len, length + layer2_len);
+ fr_hdr_print(p - hdr_len, length + hdr_len,
+ dlci, flags, nlpid);
if (!xflag)
default_print(p, caplen);
}
- return (layer2_len);
+ return hdr_len;
}
/*
@@ -327,20 +340,17 @@
#define MSG_TYPE_STATUS 0x7D
#define MSG_TYPE_STATUS_ENQ 0x75
-#define ONE_BYTE_IE_MASK 0xF0
-
-/* See L2 protocol ID picture above */
-struct q933_header {
- u_int8_t call_ref; /* usually is 0 for framerelay PVC */
- u_int8_t msg_type;
-};
+#define MSG_ANSI_LOCKING_SHIFT 0x95
+#define ONE_BYTE_IE_MASK 0xF0 /* details? */
-#define REPORT_TYPE_IE 0x01
-#define LINK_VERIFY_IE_91 0x19
-#define LINK_VERIFY_IE_94 0x03
-#define PVC_STATUS_IE 0x07
-
-#define MAX_IE_SIZE
+#define ANSI_REPORT_TYPE_IE 0x01
+#define ANSI_LINK_VERIFY_IE_91 0x19 /* details? */
+#define ANSI_LINK_VERIFY_IE 0x03
+#define ANSI_PVC_STATUS_IE 0x07
+
+#define CCITT_REPORT_TYPE_IE 0x51
+#define CCITT_LINK_VERIFY_IE 0x53
+#define CCITT_PVC_STATUS_IE 0x57
struct common_ie_header {
u_int8_t ie_id;
@@ -351,47 +361,99 @@
#define LINK_VERIFY 1
#define ASYNC_PVC 2
+
+/* Parses DLCI information element. */
+static char * parse_dlci_ie(const u_char *p, u_int ie_len, char *buffer,
+ size_t buffer_len)
+{
+ static char flags[32];
+ size_t len;
+ u_int dlci;
+
+ if ((ie_len < 3) ||
+ (p[0] & 0x80) ||
+ ((ie_len == 3) && !(p[1] & 0x80)) ||
+ ((ie_len == 4) && ((p[1] & 0x80) || !(p[2] & 0x80))) ||
+ ((ie_len == 5) && ((p[1] & 0x80) || (p[2] & 0x80) ||
+ !(p[2] & 0x80))) ||
+ (ie_len > 5) ||
+ !(p[ie_len - 1] & 0x80))
+ return "Invalid DLCI IE";
+
+ dlci = ((p[0] & 0x3F) << 4) | ((p[1] & 0x78) >> 3);
+ if (ie_len == 4)
+ dlci = (dlci << 6) | ((p[2] & 0x7E) >> 1);
+ else if (ie_len == 5)
+ dlci = (dlci << 13) | (p[2] & 0x7F) | ((p[3] & 0x7E) >> 1);
+
+ snprintf(buffer, buffer_len, "DLCI %d: status %s%s", dlci,
+ p[ie_len - 1] & 0x8 ? "New, " : "",
+ p[ie_len - 1] & 0x2 ? "Active" : "Inactive");
+
+ return buffer;
+}
+
+
static void
-q933_print(const u_char *p, int length)
+lmi_print(const u_char *p, int length)
{
- struct q933_header *header = (struct q933_header *)(p+1);
const u_char *ptemp = p;
int ie_len;
const char *decode_str;
char temp_str[255];
struct common_ie_header *ie_p;
+ int is_ansi = 0;
+
+ if (length < 9) { /* shortest: Q.933a LINK VERIFY */
+ printf("[|lmi]");
+ return;
+ }
+
+ if (p[2] == MSG_ANSI_LOCKING_SHIFT)
+ is_ansi = 1;
/* printing out header part */
- printf("Call Ref: %02x, MSG Type: %02x",
- header->call_ref, header->msg_type);
- switch(header->msg_type) {
+ printf(is_ansi ? "ANSI" : "CCITT");
+ if (p[0])
+ printf(" Call Ref: %02x!");
+
+ switch(p[1]) {
case MSG_TYPE_STATUS:
- decode_str = "STATUS REPLY";
+ printf(" STATUS REPLY\n");
break;
case MSG_TYPE_STATUS_ENQ:
- decode_str = "STATUS ENQUIRY";
+ printf(" STATUS ENQUIRY\n");
break;
default:
- decode_str = "UNKNOWN MSG Type";
+ printf(" UNKNOWN MSG Type %02x\n", p[1]);
}
- printf(" %s\n", decode_str);
- length = length - 3;
- ptemp = ptemp + 3;
+ length = length - 2 - is_ansi;
+ ptemp = ptemp + 2 + is_ansi;
/* Loop through the rest of IE */
- while( length > 0 ) {
- if (ptemp[0] & ONE_BYTE_IE_MASK) {
- ie_len = 1;
+ while (length > 0) {
+ if (is_ansi && (ptemp[0] & ONE_BYTE_IE_MASK)) {
+ /* not sure what's that - any pointers to
+ documentation? Is it for ANSI T1.617 annex D only,
+ isn't it? */
printf("\t\tOne byte IE: %02x, Content %02x\n",
- (*ptemp & 0x70)>>4, (*ptemp & 0x0F));
+ (*ptemp & 0x70) >> 4, (*ptemp & 0x0F));
length--;
ptemp++;
+ continue;
}
- else { /* Multi-byte IE */
+
+ /* Multi-byte IE */
ie_p = (struct common_ie_header *)ptemp;
- switch (ie_p->ie_id) {
- case REPORT_TYPE_IE:
+ if (length < sizeof(struct common_ie_header) ||
+ length < sizeof(struct common_ie_header) + ie_p->ie_len) {
+ printf("[|lmi]");
+ return;
+ }
+
+ if (is_ansi && ie_p->ie_id == ANSI_REPORT_TYPE_IE ||
+ !is_ansi && ie_p->ie_id == CCITT_REPORT_TYPE_IE)
switch(ptemp[2]) {
case FULL_STATUS:
decode_str = "FULL STATUS";
@@ -405,26 +467,25 @@
default:
decode_str = "Reserved Value";
}
- break;
- case LINK_VERIFY_IE_91:
- case LINK_VERIFY_IE_94:
- snprintf(temp_str, sizeof (temp_str), "TX Seq: %3d, RX Seq: %3d",
+
+ else if (is_ansi && (ie_p->ie_id == ANSI_LINK_VERIFY_IE_91 ||
+ ie_p->ie_id == ANSI_LINK_VERIFY_IE) ||
+ !is_ansi && ie_p->ie_id == CCITT_LINK_VERIFY_IE) {
+ snprintf(temp_str, sizeof(temp_str),
+ "TX Seq: %3d, RX Seq: %3d",
ptemp[2], ptemp[3]);
decode_str = temp_str;
- break;
- case PVC_STATUS_IE:
- snprintf(temp_str, sizeof (temp_str), "DLCI %d: status %s %s",
- ((ptemp[2]&0x3f)<<4)+ ((ptemp[3]&0x78)>>3),
- ptemp[4] & 0x8 ?"new,":" ",
- ptemp[4] & 0x2 ?"Active":"Inactive");
- break;
- default:
+
+ } else if (is_ansi && ie_p->ie_id == ANSI_PVC_STATUS_IE ||
+ !is_ansi && ie_p->ie_id == CCITT_PVC_STATUS_IE)
+ decode_str = parse_dlci_ie(ptemp + 2, ie_p->ie_len,
+ temp_str, sizeof(temp_str));
+ else
decode_str = "Non-decoded Value";
- }
+
printf("\t\tIE: %02X Len: %d, %s\n",
ie_p->ie_id, ie_p->ie_len, decode_str);
length = length - ie_p->ie_len - 2;
ptemp = ptemp + ie_p->ie_len + 2;
}
- }
}
