mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-27 20:14:12 +08:00
64e81f2917
(We call it "nwlink-dgm" for now; Ethereal calls it a NWLink SMB datagram.) Don't throw every LLC frame with unknown SAPs at the NetBIOS-over-IPX dissector; just throw the frames for IPX sockets 0x455 and 0x553 at it, as those appear to be the sockets used (if there are any others, please add them to the IPX dissector - putting it back in the LLC dissector won't help, as all IPX frames, including LLC frames, should now be handed to the IPX dissector). Do better bounds checking in "ipx_netbios_print()" and "netbeui_print()", i.e. don't go past the end of the captured data in the packet when looking for the 0xFF S M B signature.
32 lines
999 B
C
32 lines
999 B
C
/*
|
|
* IPX protocol formats
|
|
*
|
|
* @(#) $Header: /tcpdump/master/tcpdump/ipx.h,v 1.4 2001-01-15 03:23:59 guy Exp $
|
|
*/
|
|
|
|
/* well-known sockets */
|
|
#define IPX_SKT_NCP 0x0451
|
|
#define IPX_SKT_SAP 0x0452
|
|
#define IPX_SKT_RIP 0x0453
|
|
#define IPX_SKT_NETBIOS 0x0455
|
|
#define IPX_SKT_DIAGNOSTICS 0x0456
|
|
#define IPX_SKT_NWLINK_DGM 0x0553 /* NWLink datagram, may contain SMB */
|
|
#define IPX_SKT_EIGRP 0x85be /* Cisco EIGRP over IPX */
|
|
|
|
/* IPX transport header */
|
|
struct ipxHdr {
|
|
u_int16_t cksum; /* Checksum */
|
|
u_int16_t length; /* Length, in bytes, including header */
|
|
u_int8_t tCtl; /* Transport Control (i.e. hop count) */
|
|
u_int8_t pType; /* Packet Type (i.e. level 2 protocol) */
|
|
u_int16_t dstNet[2]; /* destination net */
|
|
u_int8_t dstNode[6]; /* destination node */
|
|
u_int16_t dstSkt; /* destination socket */
|
|
u_int16_t srcNet[2]; /* source net */
|
|
u_int8_t srcNode[6]; /* source node */
|
|
u_int16_t srcSkt; /* source socket */
|
|
} ipx_hdr_t;
|
|
|
|
#define ipxSize 30
|
|
|