/src/wireshark/epan/dissectors/packet-homepna.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* packet-homepna.c |
2 | | * |
3 | | * ITU-T Rec. G.9954 (renumbered from G.989.2) |
4 | | * https://www.itu.int/rec/T-REC-G.9954/en |
5 | | * |
6 | | * Wireshark - Network traffic analyzer |
7 | | * By Gerald Combs <gerald@wireshark.org> |
8 | | * Copyright 1998 Gerald Combs |
9 | | * |
10 | | * SPDX-License-Identifier: GPL-2.0-or-later |
11 | | */ |
12 | | |
13 | | #include "config.h" |
14 | | |
15 | | #include <epan/packet.h> |
16 | | #include <epan/etypes.h> |
17 | | |
18 | | void proto_register_homepna(void); |
19 | | void proto_reg_handoff_homepna(void); |
20 | | |
21 | | static dissector_handle_t homepna_handle; |
22 | | |
23 | | static int proto_homepna; |
24 | | |
25 | | static int hf_homepna_type; |
26 | | static int hf_homepna_length; |
27 | | static int hf_homepna_version; |
28 | | static int hf_homepna_data; |
29 | | static int hf_homepna_etype; |
30 | | static int hf_homepna_trailer; |
31 | | |
32 | | static int ett_homepna; |
33 | | |
34 | | static dissector_handle_t ethertype_handle; |
35 | | |
36 | | static const range_string homepna_type_rvals[] = { |
37 | | { 0, 0, "Non-standard" }, |
38 | | { 1, 1, "Rate Request Control Frame" }, |
39 | | { 2, 2, "Link Integrity Short Frame" }, |
40 | | { 3, 3, "Capabilities Announcement" }, |
41 | | { 4, 4, "LARQ" }, |
42 | | { 5, 5, "Vendor-specific short format type" }, |
43 | | { 6, 127, "Reserved for future use by the ITU-T" }, |
44 | | { 128, 32767, "Reserved for future use by the ITU-T" }, |
45 | | { 32768, 32768, "Reserved for future use by the ITU-T" }, |
46 | | { 32769, 32769, "Vendor-specific long-format" }, |
47 | | { 32770, 65535, "Reserved for future use by the ITU-T" }, |
48 | | { 0, 0, NULL } |
49 | | }; |
50 | | |
51 | | typedef enum |
52 | | { |
53 | | HOMEPNA_FORMAT_SHORT, |
54 | | HOMEPNA_FORMAT_LONG |
55 | | } homepna_format_e; |
56 | | |
57 | | static int |
58 | | dissect_homepna(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_) |
59 | 37 | { |
60 | | /* |
61 | | * XXX: Ethertype 0x886C is assigned by IEEE to HomePNA, which was |
62 | | * originally developed by Epigram and bought by Broadcom. |
63 | | * Broadcom *also* uses 0x886C in their Wi-Fi firmware for certain |
64 | | * event frames with an entirely different unregistered protocol, |
65 | | * and at least up to certain firmware versions, there was an |
66 | | * exploit based on these so people might want to dissect them. |
67 | | * https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html |
68 | | * https://github.com/kanstrup/bcmdhd-dissector/ |
69 | | * https://android.googlesource.com/kernel/common.git/+/bcmdhd-3.10/drivers/net/wireless/bcmdhd/include/proto/ethernet.h |
70 | | * There's an example at |
71 | | * https://gitlab.com/wireshark/wireshark/-/issues/12759 |
72 | | * We could eventually have a dissector for that; right now this |
73 | | * dissectors will incorrectly dissect such packets and probably call |
74 | | * them malformed. |
75 | | */ |
76 | | |
77 | 37 | proto_tree *ti; |
78 | 37 | proto_tree *homepna_tree; |
79 | 37 | int offset = 0; |
80 | 37 | uint32_t control_length; |
81 | 37 | homepna_format_e homepna_format = HOMEPNA_FORMAT_SHORT; |
82 | 37 | uint16_t protocol; |
83 | 37 | ethertype_data_t ethertype_data; |
84 | | |
85 | 37 | if (tvb_captured_length(tvb) < 4) |
86 | 0 | return 0; |
87 | | |
88 | 37 | col_set_str(pinfo->cinfo, COL_PROTOCOL, "HomePNA"); |
89 | 37 | col_clear(pinfo->cinfo, COL_INFO); |
90 | | |
91 | 37 | ti = proto_tree_add_item(tree, proto_homepna, tvb, 0, -1, ENC_NA); |
92 | 37 | homepna_tree = proto_item_add_subtree(ti, ett_homepna); |
93 | | |
94 | 37 | if (tvb_get_uint8(tvb, offset) > 127) |
95 | 6 | homepna_format = HOMEPNA_FORMAT_LONG; |
96 | | |
97 | 37 | if (homepna_format == HOMEPNA_FORMAT_SHORT) |
98 | 31 | { |
99 | 31 | proto_tree_add_item(homepna_tree, hf_homepna_type, tvb, offset, 1, ENC_BIG_ENDIAN); |
100 | 31 | offset += 1; |
101 | 31 | proto_tree_add_item_ret_uint(homepna_tree, hf_homepna_length, tvb, offset, 1, ENC_BIG_ENDIAN, &control_length); |
102 | 31 | offset += 1; |
103 | 31 | } |
104 | 6 | else |
105 | 6 | { |
106 | 6 | proto_tree_add_item(homepna_tree, hf_homepna_type, tvb, offset, 2, ENC_BIG_ENDIAN); |
107 | 6 | offset += 2; |
108 | 6 | proto_tree_add_item_ret_uint(homepna_tree, hf_homepna_length, tvb, offset, 2, ENC_BIG_ENDIAN, &control_length); |
109 | 6 | offset += 2; |
110 | 6 | } |
111 | | |
112 | 37 | proto_tree_add_item(homepna_tree, hf_homepna_version, tvb, offset, 1, ENC_BIG_ENDIAN); |
113 | 37 | offset += 1; |
114 | | |
115 | 37 | proto_tree_add_item(homepna_tree, hf_homepna_data, tvb, offset, control_length-3, ENC_NA); |
116 | 37 | offset += (control_length-2); |
117 | | |
118 | 37 | protocol = tvb_get_ntohs(tvb, offset); |
119 | 37 | proto_tree_add_uint(homepna_tree, hf_homepna_etype, tvb, offset, 2, protocol); |
120 | | |
121 | 37 | offset += 2; |
122 | 37 | if (protocol == 0) { |
123 | | /* No next layer protocol. Set our length here so the previous |
124 | | * dissector can find any padding, trailer, and FCS. |
125 | | */ |
126 | 11 | proto_item_set_len(ti, offset); |
127 | 11 | set_actual_length(tvb, offset); |
128 | 26 | } else { |
129 | 26 | ethertype_data.etype = protocol; |
130 | 26 | ethertype_data.payload_offset = offset; |
131 | 26 | ethertype_data.fh_tree = homepna_tree; |
132 | 26 | ethertype_data.trailer_id = hf_homepna_trailer; |
133 | 26 | ethertype_data.fcs_len = 0; |
134 | | |
135 | 26 | call_dissector_with_data(ethertype_handle, tvb, pinfo, tree, ðertype_data); |
136 | 26 | } |
137 | | |
138 | 37 | return tvb_captured_length(tvb); |
139 | 37 | } |
140 | | |
141 | | void |
142 | | proto_register_homepna(void) |
143 | 14 | { |
144 | 14 | static hf_register_info hf[] = { |
145 | 14 | { &hf_homepna_type, |
146 | 14 | { "Type", "hpna.type", FT_UINT16, BASE_DEC|BASE_RANGE_STRING, RVALS(homepna_type_rvals), 0x0, |
147 | 14 | NULL, HFILL}}, |
148 | 14 | { &hf_homepna_length, |
149 | 14 | { "Length", "hpna.length", FT_UINT16, BASE_DEC, NULL, 0x0, |
150 | 14 | NULL, HFILL}}, |
151 | 14 | { &hf_homepna_version, |
152 | 14 | { "Version", "hpna.version", FT_UINT8, BASE_DEC, NULL, 0x0, |
153 | 14 | NULL, HFILL}}, |
154 | 14 | { &hf_homepna_data, |
155 | 14 | { "Data", "hpna.data", FT_BYTES, BASE_NONE, NULL, 0x0, |
156 | 14 | NULL, HFILL}}, |
157 | 14 | { &hf_homepna_etype, |
158 | 14 | { "Ethertype", "hpna.etype", FT_UINT16, BASE_HEX, VALS(etype_vals), 0x0, |
159 | 14 | NULL, HFILL}}, |
160 | 14 | { &hf_homepna_trailer, |
161 | 14 | { "Trailer", "hpna.trailer", FT_BYTES, BASE_NONE, NULL, 0x0, |
162 | 14 | NULL, HFILL}}, |
163 | | |
164 | 14 | }; |
165 | | |
166 | 14 | static int *ett[] = { |
167 | 14 | &ett_homepna, |
168 | 14 | }; |
169 | | |
170 | 14 | proto_homepna = proto_register_protocol("HomePNA, wlan link local tunnel", "HomePNA", "hpna"); |
171 | 14 | proto_register_field_array(proto_homepna, hf, array_length(hf)); |
172 | 14 | proto_register_subtree_array(ett, array_length(ett)); |
173 | | |
174 | 14 | homepna_handle = register_dissector("hpna", dissect_homepna, proto_homepna); |
175 | 14 | } |
176 | | |
177 | | |
178 | | void |
179 | | proto_reg_handoff_homepna(void) |
180 | 14 | { |
181 | 14 | dissector_add_uint("ethertype", ETHERTYPE_LINK_CTL, homepna_handle); |
182 | | |
183 | 14 | ethertype_handle = find_dissector_add_dependency("ethertype", proto_homepna); |
184 | 14 | } |
185 | | |
186 | | /* |
187 | | * Editor modelines - https://www.wireshark.org/tools/modelines.html |
188 | | * |
189 | | * Local variables: |
190 | | * c-basic-offset: 4 |
191 | | * tab-width: 8 |
192 | | * indent-tabs-mode: nil |
193 | | * End: |
194 | | * |
195 | | * vi: set shiftwidth=4 tabstop=8 expandtab: |
196 | | * :indentSize=4:tabSize=8:noTabs=true: |
197 | | */ |