2 * Routines for IP and miscellaneous IP protocol packet disassembly
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * Wednesday, January 17, 2006
9 * Support for the CIPSO IPv4 option
10 * (http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379)
11 * by Paul Moore <paul.moore@hp.com>
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
33 #include <epan/packet.h>
34 #include <epan/addr_resolv.h>
35 #include <epan/ipproto.h>
36 #include <epan/expert.h>
37 #include <epan/ip_opts.h>
38 #include <epan/prefs.h>
39 #include <epan/reassemble.h>
40 #include <epan/etypes.h>
41 #include <epan/greproto.h>
42 #include <epan/ppptypes.h>
43 #include <epan/llcsaps.h>
44 #include <epan/aftypes.h>
45 #include <epan/arcnet_pids.h>
46 #include <epan/in_cksum.h>
47 #include <epan/nlpid.h>
48 #include <epan/ax25_pids.h>
50 #include <epan/wmem/wmem.h>
51 #include <epan/decode_as.h>
53 #include "packet-ip.h"
57 #include <epan/geoip_db.h>
58 #endif /* HAVE_GEOIP */
60 void proto_register_ip(void);
61 void proto_reg_handoff_ip(void);
63 static int ip_tap = -1;
65 /* Decode the old IPv4 TOS field as the DiffServ DS Field (RFC2474/2475) */
66 static gboolean g_ip_dscp_actif = TRUE;
68 /* Defragment fragmented IP datagrams */
69 static gboolean ip_defragment = TRUE;
71 /* Place IP summary in proto tree */
72 static gboolean ip_summary_in_tree = TRUE;
74 /* Perform IP checksum */
75 static gboolean ip_check_checksum = FALSE;
77 /* Assume TSO and correct zero-length IP packets */
78 static gboolean ip_tso_supported = TRUE;
80 /* Use heuristics to determine subdissector */
81 static gboolean try_heuristic_first = FALSE;
84 /* Look up addresses in GeoIP */
85 static gboolean ip_use_geoip = TRUE;
86 #endif /* HAVE_GEOIP */
88 /* Interpret the reserved flag as security flag (RFC 3514) */
89 static gboolean ip_security_flag = FALSE;
92 static int hf_ip_version = -1;
93 static int hf_ip_hdr_len = -1;
94 static int hf_ip_dsfield = -1;
95 static int hf_ip_dsfield_dscp = -1;
96 static int hf_ip_dsfield_ecn = -1;
97 static int hf_ip_tos = -1;
98 static int hf_ip_tos_precedence = -1;
99 static int hf_ip_tos_delay = -1;
100 static int hf_ip_tos_throughput = -1;
101 static int hf_ip_tos_reliability = -1;
102 static int hf_ip_tos_cost = -1;
103 static int hf_ip_len = -1;
104 static int hf_ip_id = -1;
105 static int hf_ip_dst = -1;
106 static int hf_ip_dst_host = -1;
107 static int hf_ip_src = -1;
108 static int hf_ip_src_host = -1;
109 static int hf_ip_addr = -1;
110 static int hf_ip_host = -1;
111 static int hf_ip_flags = -1;
112 static int hf_ip_flags_sf = -1;
113 static int hf_ip_flags_rf = -1;
114 static int hf_ip_flags_df = -1;
115 static int hf_ip_flags_mf = -1;
116 static int hf_ip_frag_offset = -1;
117 static int hf_ip_ttl = -1;
118 static int hf_ip_proto = -1;
119 static int hf_ip_checksum = -1;
120 static int hf_ip_checksum_calculated = -1;
121 static int hf_ip_checksum_good = -1;
122 static int hf_ip_checksum_bad = -1;
124 /* IP option fields */
125 static int hf_ip_opt_type = -1;
126 static int hf_ip_opt_type_copy = -1;
127 static int hf_ip_opt_type_class = -1;
128 static int hf_ip_opt_type_number = -1;
129 static int hf_ip_opt_len = -1;
130 static int hf_ip_opt_ptr = -1;
131 static int hf_ip_opt_sid = -1;
132 static int hf_ip_opt_mtu = -1;
133 static int hf_ip_opt_id_number = -1;
134 static int hf_ip_opt_ohc = -1;
135 static int hf_ip_opt_rhc = -1;
136 static int hf_ip_opt_originator = -1;
137 static int hf_ip_opt_ra = -1;
138 static int hf_ip_opt_addr = -1;
139 static int hf_ip_opt_padding = -1;
140 static int hf_ip_opt_qs_func = -1;
141 static int hf_ip_opt_qs_rate = -1;
142 static int hf_ip_opt_qs_ttl = -1;
143 static int hf_ip_opt_qs_ttl_diff = -1;
144 static int hf_ip_opt_qs_unused = -1;
145 static int hf_ip_opt_qs_nonce = -1;
146 static int hf_ip_opt_qs_reserved = -1;
147 static int hf_ip_opt_sec_rfc791_sec = -1;
148 static int hf_ip_opt_sec_rfc791_comp = -1;
149 static int hf_ip_opt_sec_rfc791_hr = -1;
150 static int hf_ip_opt_sec_rfc791_tcc = -1;
151 static int hf_ip_opt_sec_cl = -1;
152 static int hf_ip_opt_sec_prot_auth_flags = -1;
153 static int hf_ip_opt_sec_prot_auth_genser = -1;
154 static int hf_ip_opt_sec_prot_auth_siop_esi = -1;
155 static int hf_ip_opt_sec_prot_auth_sci = -1;
156 static int hf_ip_opt_sec_prot_auth_nsa = -1;
157 static int hf_ip_opt_sec_prot_auth_doe = -1;
158 static int hf_ip_opt_sec_prot_auth_unassigned = -1;
159 static int hf_ip_opt_sec_prot_auth_unassigned2 = -1;
160 static int hf_ip_opt_sec_prot_auth_fti = -1;
161 static int hf_ip_opt_ext_sec_add_sec_info_format_code = -1;
162 static int hf_ip_opt_ext_sec_add_sec_info = -1;
163 static int hf_ip_rec_rt = -1;
164 static int hf_ip_rec_rt_host = -1;
165 static int hf_ip_cur_rt = -1;
166 static int hf_ip_cur_rt_host = -1;
167 static int hf_ip_src_rt = -1;
168 static int hf_ip_src_rt_host = -1;
169 static int hf_ip_empty_rt = -1;
170 static int hf_ip_empty_rt_host = -1;
172 static int hf_ip_fragments = -1;
173 static int hf_ip_fragment = -1;
174 static int hf_ip_fragment_overlap = -1;
175 static int hf_ip_fragment_overlap_conflict = -1;
176 static int hf_ip_fragment_multiple_tails = -1;
177 static int hf_ip_fragment_too_long_fragment = -1;
178 static int hf_ip_fragment_error = -1;
179 static int hf_ip_fragment_count = -1;
180 static int hf_ip_reassembled_in = -1;
181 static int hf_ip_reassembled_length = -1;
182 static int hf_ip_reassembled_data = -1;
185 static int hf_geoip_country = -1;
186 static int hf_geoip_city = -1;
187 static int hf_geoip_org = -1;
188 static int hf_geoip_isp = -1;
189 static int hf_geoip_asnum = -1;
190 static int hf_geoip_lat = -1;
191 static int hf_geoip_lon = -1;
192 static int hf_geoip_src_country = -1;
193 static int hf_geoip_src_city = -1;
194 static int hf_geoip_src_org = -1;
195 static int hf_geoip_src_isp = -1;
196 static int hf_geoip_src_asnum = -1;
197 static int hf_geoip_src_lat = -1;
198 static int hf_geoip_src_lon = -1;
199 static int hf_geoip_dst_country = -1;
200 static int hf_geoip_dst_city = -1;
201 static int hf_geoip_dst_org = -1;
202 static int hf_geoip_dst_isp = -1;
203 static int hf_geoip_dst_asnum = -1;
204 static int hf_geoip_dst_lat = -1;
205 static int hf_geoip_dst_lon = -1;
206 #endif /* HAVE_GEOIP */
208 static gint ett_ip = -1;
209 static gint ett_ip_dsfield = -1;
210 static gint ett_ip_tos = -1;
211 static gint ett_ip_off = -1;
212 static gint ett_ip_options = -1;
213 static gint ett_ip_option_eool = -1;
214 static gint ett_ip_option_nop = -1;
215 static gint ett_ip_option_sec = -1;
216 static gint ett_ip_option_route = -1;
217 static gint ett_ip_option_timestamp = -1;
218 static gint ett_ip_option_ext_security = -1;
219 static gint ett_ip_option_cipso = -1;
220 static gint ett_ip_option_sid = -1;
221 static gint ett_ip_option_mtu = -1;
222 static gint ett_ip_option_tr = -1;
223 static gint ett_ip_option_ra = -1;
224 static gint ett_ip_option_sdb = -1;
225 static gint ett_ip_option_qs = -1;
226 static gint ett_ip_option_other = -1;
227 static gint ett_ip_fragments = -1;
228 static gint ett_ip_fragment = -1;
229 static gint ett_ip_checksum = -1;
230 static gint ett_ip_opt_type = -1;
231 static gint ett_ip_opt_sec_prot_auth_flags = -1;
233 static expert_field ei_ip_opt_len_invalid = EI_INIT;
234 static expert_field ei_ip_opt_sec_prot_auth_fti = EI_INIT;
235 static expert_field ei_ip_extraneous_data = EI_INIT;
236 static expert_field ei_ip_opt_ptr_before_address = EI_INIT;
237 static expert_field ei_ip_opt_ptr_middle_address = EI_INIT;
238 static expert_field ei_ip_subopt_too_long = EI_INIT;
239 static expert_field ei_ip_nop = EI_INIT;
240 static expert_field ei_ip_bogus_ip_length = EI_INIT;
241 static expert_field ei_ip_evil_packet = EI_INIT;
242 static expert_field ei_ip_checksum_bad = EI_INIT;
243 static expert_field ei_ip_ttl_lncb = EI_INIT;
244 static expert_field ei_ip_ttl_too_small = EI_INIT;
248 static gint ett_geoip_info = -1;
249 #endif /* HAVE_GEOIP */
251 static const fragment_items ip_frag_items = {
256 &hf_ip_fragment_overlap,
257 &hf_ip_fragment_overlap_conflict,
258 &hf_ip_fragment_multiple_tails,
259 &hf_ip_fragment_too_long_fragment,
260 &hf_ip_fragment_error,
261 &hf_ip_fragment_count,
262 &hf_ip_reassembled_in,
263 &hf_ip_reassembled_length,
264 &hf_ip_reassembled_data,
268 static heur_dissector_list_t heur_subdissector_list;
270 static dissector_table_t ip_dissector_table;
272 static dissector_handle_t ipv6_handle;
273 static dissector_handle_t data_handle;
276 /* IP structs and definitions */
278 /* Offsets of fields within an IP header. */
290 /* Minimum IP header length. */
291 #define IPH_MIN_LEN 20
293 /* Width (in bits) of the fragment offset IP header field */
294 #define IP_OFFSET_WIDTH 13
296 /* Width (in bits) of the flags IP header field */
297 #define IP_FLAGS_WIDTH 3
300 #define IP_RF 0x8000 /* Flag: "Reserved bit" */
301 #define IP_DF 0x4000 /* Flag: "Don't Fragment" */
302 #define IP_MF 0x2000 /* Flag: "More Fragments" */
303 #define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
305 /* Differentiated Services Field. See RFCs 2474, 2597 and 2598. */
306 #define IPDSFIELD_DSCP_MASK 0xFC
307 #define IPDSFIELD_ECN_MASK 0x03
308 #define IPDSFIELD_DSCP_SHIFT 2
310 #define IPDSFIELD_DSCP(dsfield) (((dsfield)&IPDSFIELD_DSCP_MASK)>>IPDSFIELD_DSCP_SHIFT)
311 #define IPDSFIELD_ECN(dsfield) ((dsfield)&IPDSFIELD_ECN_MASK)
313 #define IPDSFIELD_DSCP_DEFAULT 0x00
314 #define IPDSFIELD_DSCP_CS1 0x08
315 #define IPDSFIELD_DSCP_AF11 0x0A
316 #define IPDSFIELD_DSCP_AF12 0x0C
317 #define IPDSFIELD_DSCP_AF13 0x0E
318 #define IPDSFIELD_DSCP_CS2 0x10
319 #define IPDSFIELD_DSCP_AF21 0x12
320 #define IPDSFIELD_DSCP_AF22 0x14
321 #define IPDSFIELD_DSCP_AF23 0x16
322 #define IPDSFIELD_DSCP_CS3 0x18
323 #define IPDSFIELD_DSCP_AF31 0x1A
324 #define IPDSFIELD_DSCP_AF32 0x1C
325 #define IPDSFIELD_DSCP_AF33 0x1E
326 #define IPDSFIELD_DSCP_CS4 0x20
327 #define IPDSFIELD_DSCP_AF41 0x22
328 #define IPDSFIELD_DSCP_AF42 0x24
329 #define IPDSFIELD_DSCP_AF43 0x26
330 #define IPDSFIELD_DSCP_CS5 0x28
331 #define IPDSFIELD_DSCP_EF 0x2E
332 #define IPDSFIELD_DSCP_CS6 0x30
333 #define IPDSFIELD_DSCP_CS7 0x38
335 #define IPDSFIELD_ECT_NOT 0x00
336 #define IPDSFIELD_ECT_1 0x01
337 #define IPDSFIELD_ECT_0 0x02
338 #define IPDSFIELD_CE 0x03
340 /* IP TOS, superseded by the DS Field, RFC 2474. */
341 #define IPTOS_TOS_MASK 0x1E
342 #define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
343 #define IPTOS_NONE 0x00
344 #define IPTOS_LOWCOST 0x02
345 #define IPTOS_RELIABILITY 0x04
346 #define IPTOS_THROUGHPUT 0x08
347 #define IPTOS_LOWDELAY 0x10
348 #define IPTOS_SECURITY 0x1E
350 #define IPTOS_PREC_MASK 0xE0
351 #define IPTOS_PREC_SHIFT 5
352 #define IPTOS_PREC(tos) (((tos)&IPTOS_PREC_MASK)>>IPTOS_PREC_SHIFT)
353 #define IPTOS_PREC_NETCONTROL 7
354 #define IPTOS_PREC_INTERNETCONTROL 6
355 #define IPTOS_PREC_CRITIC_ECP 5
356 #define IPTOS_PREC_FLASHOVERRIDE 4
357 #define IPTOS_PREC_FLASH 3
358 #define IPTOS_PREC_IMMEDIATE 2
359 #define IPTOS_PREC_PRIORITY 1
360 #define IPTOS_PREC_ROUTINE 0
363 #define IPOPT_COPY 0x80
365 #define IPOPT_CONTROL 0x00
366 #define IPOPT_RESERVED1 0x20
367 #define IPOPT_MEASUREMENT 0x40
368 #define IPOPT_RESERVED2 0x60
370 /* REF: http://www.iana.org/assignments/ip-parameters */
371 /* TODO: Not all of these are implemented. */
372 #define IPOPT_EOOL (0 |IPOPT_CONTROL)
373 #define IPOPT_NOP (1 |IPOPT_CONTROL)
374 #define IPOPT_SEC (2 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 791/1108 */
375 #define IPOPT_LSR (3 |IPOPT_COPY|IPOPT_CONTROL)
376 #define IPOPT_TS (4 |IPOPT_MEASUREMENT)
377 #define IPOPT_ESEC (5 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 1108 */
378 #define IPOPT_CIPSO (6 |IPOPT_COPY|IPOPT_CONTROL) /* draft-ietf-cipso-ipsecurity-01 */
379 #define IPOPT_RR (7 |IPOPT_CONTROL)
380 #define IPOPT_SID (8 |IPOPT_COPY|IPOPT_CONTROL)
381 #define IPOPT_SSR (9 |IPOPT_COPY|IPOPT_CONTROL)
382 #define IPOPT_ZSU (10|IPOPT_CONTROL) /* Zsu */
383 #define IPOPT_MTUP (11|IPOPT_CONTROL) /* RFC 1063 */
384 #define IPOPT_MTUR (12|IPOPT_CONTROL) /* RFC 1063 */
385 #define IPOPT_FINN (13|IPOPT_COPY|IPOPT_MEASUREMENT) /* Finn */
386 #define IPOPT_VISA (14|IPOPT_COPY|IPOPT_CONTROL) /* Estrin */
387 #define IPOPT_ENCODE (15|IPOPT_CONTROL) /* VerSteeg */
388 #define IPOPT_IMITD (16|IPOPT_COPY|IPOPT_CONTROL) /* Lee */
389 #define IPOPT_EIP (17|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1385 */
390 #define IPOPT_TR (18|IPOPT_MEASUREMENT) /* RFC 1393 */
391 #define IPOPT_ADDEXT (19|IPOPT_COPY|IPOPT_CONTROL) /* Ullmann IPv7 */
392 #define IPOPT_RTRALT (20|IPOPT_COPY|IPOPT_CONTROL) /* RFC 2113 */
393 #define IPOPT_SDB (21|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1770 Graff */
394 #define IPOPT_UN (22|IPOPT_COPY|IPOPT_CONTROL) /* Released 18-Oct-2005 */
395 #define IPOPT_DPS (23|IPOPT_COPY|IPOPT_CONTROL) /* Malis */
396 #define IPOPT_UMP (24|IPOPT_COPY|IPOPT_CONTROL) /* Farinacci */
397 #define IPOPT_QS (25|IPOPT_CONTROL) /* RFC 4782 */
398 #define IPOPT_EXP (30|IPOPT_CONTROL) /* RFC 4727 */
401 /* IP option lengths */
402 #define IPOLEN_SEC_MIN 3
403 #define IPOLEN_LSR_MIN 3
404 #define IPOLEN_TS_MIN 4
405 #define IPOLEN_ESEC_MIN 3
406 #define IPOLEN_CIPSO_MIN 10
407 #define IPOLEN_RR_MIN 3
409 #define IPOLEN_SSR_MIN 3
413 #define IPOLEN_SDB_MIN 6
415 #define IPOLEN_MAX 40
417 #define IPSEC_RFC791_UNCLASSIFIED 0x0000
418 #define IPSEC_RFC791_CONFIDENTIAL 0xF135
419 #define IPSEC_RFC791_EFTO 0x789A
420 #define IPSEC_RFC791_MMMM 0xBC4D
421 #define IPSEC_RFC791_PROG 0x5E26
422 #define IPSEC_RFC791_RESTRICTED 0xAF13
423 #define IPSEC_RFC791_SECRET 0xD788
424 #define IPSEC_RFC791_TOPSECRET 0x6BC5
425 #define IPSEC_RFC791_RESERVED1 0x35E2
426 #define IPSEC_RFC791_RESERVED2 0x9AF1
427 #define IPSEC_RFC791_RESERVED3 0x4D78
428 #define IPSEC_RFC791_RESERVED4 0x24BD
429 #define IPSEC_RFC791_RESERVED5 0x135E
430 #define IPSEC_RFC791_RESERVED6 0x89AF
431 #define IPSEC_RFC791_RESERVED7 0xC4D6
432 #define IPSEC_RFC791_RESERVED8 0xE26B
434 #define IPSEC_RESERVED4 0x01
435 #define IPSEC_TOPSECRET 0x3D
436 #define IPSEC_SECRET 0x5A
437 #define IPSEC_CONFIDENTIAL 0x96
438 #define IPSEC_RESERVED3 0x66
439 #define IPSEC_RESERVED2 0xCC
440 #define IPSEC_UNCLASSIFIED 0xAB
441 #define IPSEC_RESERVED1 0xF1
443 #define IPOPT_TS_TSONLY 0 /* timestamps only */
444 #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
445 #define IPOPT_TS_PRESPEC 3 /* specified modules only */
447 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR 0xE0000012
448 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL 0xFF
449 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR 0xE0000066
450 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL 0XFF
451 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR 0xE00000FB
452 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL 0XFF
453 #define IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR 0xE00000FC
455 #define IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL 0x1000 /* larger than max ttl */
456 #define IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL 0X01
458 /* Return true if the address is in the 224.0.0.0/24 network block */
459 #define is_a_local_network_control_block_addr(addr) \
460 ((addr & 0xffffff00) == 0xe0000000)
462 /* Return true if the address is in the 224.0.0.0/4 network block */
463 #define is_a_multicast_addr(addr) \
464 ((addr & 0xf0000000) == 0xe0000000)
466 static void ip_prompt(packet_info *pinfo, gchar* result)
468 g_snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "IP protocol %u as", pinfo->ipproto);
471 static gpointer ip_value(packet_info *pinfo)
473 return GUINT_TO_POINTER(pinfo->ipproto);
478 * defragmentation of IPv4
480 static reassembly_table ip_reassembly_table;
483 ip_defragment_init(void)
485 reassembly_table_init(&ip_reassembly_table,
486 &addresses_reassembly_table_functions);
490 capture_ip(const guchar *pd, int offset, int len, packet_counts *ld) {
491 if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN)) {
495 switch (pd[offset + 9]) {
500 case IP_PROTO_UDPLITE:
504 case IP_PROTO_ICMPV6: /* XXX - separate counters? */
526 add_geoip_info_entry(proto_item *geoip_info_item, tvbuff_t *tvb, gint offset, guint32 ip, int isdst)
528 proto_tree *geoip_info_tree;
530 guint num_dbs = geoip_db_num_dbs();
534 geoip_info_tree = proto_item_add_subtree(geoip_info_item, ett_geoip_info);
536 for (dbnum = 0; dbnum < num_dbs; dbnum++) {
537 const char *geoip_str = geoip_db_lookup_ipv4(dbnum, ip, NULL);
538 int db_type = geoip_db_type(dbnum);
540 int geoip_hf, geoip_local_hf;
543 case GEOIP_COUNTRY_EDITION:
544 geoip_hf = hf_geoip_country;
545 geoip_local_hf = (isdst) ? hf_geoip_dst_country : hf_geoip_src_country;
547 case GEOIP_CITY_EDITION_REV0:
548 geoip_hf = hf_geoip_city;
549 geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
551 case GEOIP_CITY_EDITION_REV1:
552 geoip_hf = hf_geoip_city;
553 geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
555 case GEOIP_ORG_EDITION:
556 geoip_hf = hf_geoip_org;
557 geoip_local_hf = (isdst) ? hf_geoip_dst_org : hf_geoip_src_org;
559 case GEOIP_ISP_EDITION:
560 geoip_hf = hf_geoip_isp;
561 geoip_local_hf = (isdst) ? hf_geoip_dst_isp : hf_geoip_src_isp;
563 case GEOIP_ASNUM_EDITION:
564 geoip_hf = hf_geoip_asnum;
565 geoip_local_hf = (isdst) ? hf_geoip_dst_asnum : hf_geoip_src_asnum;
567 case WS_LAT_FAKE_EDITION:
568 geoip_hf = hf_geoip_lat;
569 geoip_local_hf = (isdst) ? hf_geoip_dst_lat : hf_geoip_src_lat;
571 case WS_LON_FAKE_EDITION:
572 geoip_hf = hf_geoip_lon;
573 geoip_local_hf = (isdst) ? hf_geoip_dst_lon : hf_geoip_src_lon;
581 if (db_type == WS_LAT_FAKE_EDITION || db_type == WS_LON_FAKE_EDITION) {
582 /* Convert latitude, longitude to double. Fix bug #5077 */
583 item = proto_tree_add_double_format_value(geoip_info_tree, geoip_local_hf,
584 tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
585 PROTO_ITEM_SET_GENERATED(item);
586 item = proto_tree_add_double_format_value(geoip_info_tree, geoip_hf,
587 tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
588 PROTO_ITEM_SET_GENERATED(item);
589 PROTO_ITEM_SET_HIDDEN(item);
591 item = proto_tree_add_string(geoip_info_tree, geoip_local_hf,
592 tvb, offset, 4, geoip_str);
593 PROTO_ITEM_SET_GENERATED(item);
594 item = proto_tree_add_string(geoip_info_tree, geoip_hf,
595 tvb, offset, 4, geoip_str);
596 PROTO_ITEM_SET_GENERATED(item);
597 PROTO_ITEM_SET_HIDDEN(item);
601 proto_item_append_text(geoip_info_item, "%s%s",
602 plurality(item_cnt, "", ", "), geoip_str);
607 proto_item_append_text(geoip_info_item, "Unknown");
611 add_geoip_info(proto_tree *tree, tvbuff_t *tvb, gint offset, guint32 src32,
615 proto_item *geoip_info_item;
617 num_dbs = geoip_db_num_dbs();
621 geoip_info_item = proto_tree_add_text(tree, tvb, offset + IPH_SRC, 4, "Source GeoIP: ");
622 PROTO_ITEM_SET_GENERATED(geoip_info_item);
623 add_geoip_info_entry(geoip_info_item, tvb, offset + IPH_SRC, src32, 0);
625 geoip_info_item = proto_tree_add_text(tree, tvb, offset + IPH_DST, 4,
626 "Destination GeoIP: ");
627 PROTO_ITEM_SET_GENERATED(geoip_info_item);
628 add_geoip_info_entry(geoip_info_item, tvb, offset + IPH_DST, dst32, 1);
630 #endif /* HAVE_GEOIP */
632 const value_string ipopt_type_class_vals[] = {
633 {(IPOPT_CONTROL & IPOPT_CLASS_MASK) >> 5, "Control"},
634 {(IPOPT_RESERVED1 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
635 {(IPOPT_MEASUREMENT & IPOPT_CLASS_MASK) >> 5, "Debugging and measurement"},
636 {(IPOPT_RESERVED2 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
640 const value_string ipopt_type_number_vals[] = {
641 {IPOPT_EOOL & IPOPT_NUMBER_MASK, "End of Option List (EOL)"},
642 {IPOPT_NOP & IPOPT_NUMBER_MASK, "No-Operation (NOP)"},
643 {IPOPT_SEC & IPOPT_NUMBER_MASK, "Security"},
644 {IPOPT_LSR & IPOPT_NUMBER_MASK, "Loose source route"},
645 {IPOPT_TS & IPOPT_NUMBER_MASK, "Time stamp"},
646 {IPOPT_ESEC & IPOPT_NUMBER_MASK, "Extended security"},
647 {IPOPT_CIPSO & IPOPT_NUMBER_MASK, "Commercial IP security option"},
648 {IPOPT_RR & IPOPT_NUMBER_MASK, "Record route"},
649 {IPOPT_SID & IPOPT_NUMBER_MASK, "Stream identifier"},
650 {IPOPT_SSR & IPOPT_NUMBER_MASK, "Strict source route"},
651 {IPOPT_ZSU & IPOPT_NUMBER_MASK, "Experimental Measurement"},
652 {IPOPT_MTUP & IPOPT_NUMBER_MASK, "MTU probe"},
653 {IPOPT_MTUR & IPOPT_NUMBER_MASK, "MTU Reply"},
654 {IPOPT_FINN & IPOPT_NUMBER_MASK, "Experimental Flow Control"},
655 {IPOPT_VISA & IPOPT_NUMBER_MASK, "Experimental Access Control"},
656 {IPOPT_ENCODE & IPOPT_NUMBER_MASK, "Ask Estrin"},
657 {IPOPT_IMITD & IPOPT_NUMBER_MASK, "IMI Traffic Descriptor"},
658 {IPOPT_EIP & IPOPT_NUMBER_MASK, "Extended Internet Protocol"},
659 {IPOPT_TR & IPOPT_NUMBER_MASK, "Traceroute"},
660 {IPOPT_ADDEXT & IPOPT_NUMBER_MASK, "Address Extension"},
661 {IPOPT_RTRALT & IPOPT_NUMBER_MASK, "Router Alert"},
662 {IPOPT_SDB & IPOPT_NUMBER_MASK, "Selective Directed Broadcast"},
663 {IPOPT_UN & IPOPT_NUMBER_MASK, "Unassigned"},
664 {IPOPT_DPS & IPOPT_NUMBER_MASK, "Dynamic Packet State"},
665 {IPOPT_UMP & IPOPT_NUMBER_MASK, "Upstream Multicast Packet"},
666 {IPOPT_QS & IPOPT_NUMBER_MASK, "Quick-Start"},
667 {IPOPT_EXP & IPOPT_NUMBER_MASK, "RFC 3692-style experiment"},
671 static ip_tcp_opt_type IP_OPT_TYPES = {&hf_ip_opt_type, &ett_ip_opt_type,
672 &hf_ip_opt_type_copy, &hf_ip_opt_type_class, &hf_ip_opt_type_number};
675 dissect_ipopt_type(tvbuff_t *tvb, int offset, proto_tree *tree, ip_tcp_opt_type* opttypes)
677 proto_tree *type_tree;
680 ti = proto_tree_add_item(tree, *opttypes->phf_opt_type, tvb, offset, 1, ENC_NA);
681 type_tree = proto_item_add_subtree(ti, *opttypes->pett_opt_type);
682 proto_tree_add_item(type_tree, *opttypes->phf_opt_type_copy, tvb, offset, 1, ENC_NA);
683 proto_tree_add_item(type_tree, *opttypes->phf_opt_type_class, tvb, offset, 1, ENC_NA);
684 proto_tree_add_item(type_tree, *opttypes->phf_opt_type_number, tvb, offset, 1, ENC_NA);
688 dissect_ipopt_eool(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
689 guint optlen _U_, packet_info *pinfo _U_,
690 proto_tree *opt_tree, void * data _U_)
692 proto_tree *field_tree;
695 tf = proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", optp->name);
696 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
697 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
700 #define dissect_ipopt_nop dissect_ipopt_eool
702 static const value_string secl_rfc791_vals[] = {
703 {IPSEC_RFC791_UNCLASSIFIED, "Unclassified"},
704 {IPSEC_RFC791_CONFIDENTIAL, "Confidential"},
705 {IPSEC_RFC791_EFTO, "EFTO" },
706 {IPSEC_RFC791_MMMM, "MMMM" },
707 {IPSEC_RFC791_PROG, "PROG" },
708 {IPSEC_RFC791_RESTRICTED, "Restricted" },
709 {IPSEC_RFC791_SECRET, "Secret" },
710 {IPSEC_RFC791_TOPSECRET, "Top secret" },
711 {IPSEC_RFC791_RESERVED1, "Reserved" },
712 {IPSEC_RFC791_RESERVED2, "Reserved" },
713 {IPSEC_RFC791_RESERVED3, "Reserved" },
714 {IPSEC_RFC791_RESERVED4, "Reserved" },
715 {IPSEC_RFC791_RESERVED5, "Reserved" },
716 {IPSEC_RFC791_RESERVED6, "Reserved" },
717 {IPSEC_RFC791_RESERVED7, "Reserved" },
718 {IPSEC_RFC791_RESERVED8, "Reserved" },
722 static const value_string sec_cl_vals[] = {
723 {IPSEC_RESERVED4, "Reserved 4" },
724 {IPSEC_TOPSECRET, "Top secret" },
725 {IPSEC_SECRET, "Secret" },
726 {IPSEC_CONFIDENTIAL, "Confidential"},
727 {IPSEC_RESERVED3, "Reserved 3" },
728 {IPSEC_RESERVED2, "Reserved 2" },
729 {IPSEC_UNCLASSIFIED, "Unclassified"},
730 {IPSEC_RESERVED1, "Reserved 1" },
734 static const true_false_string ip_opt_sec_prot_auth_flag_tfs = {
735 "Datagram protected in accordance with its rules",
736 "Datagram not protected in accordance with its rules"
739 static const true_false_string ip_opt_sec_prot_auth_fti_tfs = {
740 "Additional octet present",
744 static const int *ip_opt_sec_prot_auth_fields_byte_1[] = {
745 &hf_ip_opt_sec_prot_auth_genser,
746 &hf_ip_opt_sec_prot_auth_siop_esi,
747 &hf_ip_opt_sec_prot_auth_sci,
748 &hf_ip_opt_sec_prot_auth_nsa,
749 &hf_ip_opt_sec_prot_auth_doe,
750 &hf_ip_opt_sec_prot_auth_unassigned,
751 &hf_ip_opt_sec_prot_auth_fti,
755 static const int *ip_opt_sec_prot_auth_fields_byte_n[] = {
756 &hf_ip_opt_sec_prot_auth_unassigned2,
757 &hf_ip_opt_sec_prot_auth_fti,
761 dissect_ipopt_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
762 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
765 proto_tree *field_tree;
769 guint curr_offset = offset;
771 tf = proto_tree_add_text(opt_tree, tvb, curr_offset, optlen, "%s (%u bytes)",
773 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
774 dissect_ipopt_type(tvb, curr_offset, field_tree, &IP_OPT_TYPES);
776 tf_sub = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, curr_offset, 1, ENC_NA);
777 if (optlen > IPOLEN_MAX)
778 expert_add_info(pinfo, tf_sub, &ei_ip_opt_len_invalid);
782 /* Analyze payload start to decide whether it should be dissected
783 according to RFC 791 or RFC 1108 */
784 val = tvb_get_ntohs(tvb, curr_offset);
785 if (try_val_to_str(val, secl_rfc791_vals)) {
786 /* Dissect as RFC 791 */
787 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_sec,
788 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
790 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_comp,
791 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
793 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_hr,
794 tvb, curr_offset, 2, ENC_ASCII|ENC_NA);
796 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_tcc,
797 tvb, curr_offset, 3, ENC_ASCII|ENC_NA);
802 /* Dissect as RFC 108 */
803 proto_tree_add_item(field_tree, hf_ip_opt_sec_cl, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
805 if ((curr_offset - offset) >= optlen) {
808 val = tvb_get_guint8(tvb, curr_offset);
809 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
810 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_1,
814 if ((val & 0x01) && ((curr_offset - offset) == optlen)) {
815 expert_add_info(pinfo, tf_sub, &ei_ip_opt_sec_prot_auth_fti);
818 val = tvb_get_guint8(tvb, curr_offset);
819 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
820 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_n,
824 if ((curr_offset - offset) < optlen) {
825 expert_add_info(pinfo, tf, &ei_ip_extraneous_data);
830 dissect_ipopt_ext_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
831 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
834 proto_tree *field_tree;
837 guint curr_offset = offset;
840 tf = proto_tree_add_text(opt_tree, tvb, curr_offset, optlen, "%s (%u bytes)",
842 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
843 dissect_ipopt_type(tvb, curr_offset, field_tree, &IP_OPT_TYPES);
845 tf_sub = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, curr_offset, 1, ENC_NA);
846 if (optlen > IPOLEN_MAX)
847 expert_add_info(pinfo, tf_sub, &ei_ip_opt_len_invalid);
849 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info_format_code, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
851 remaining = optlen - (curr_offset - offset);
853 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info, tvb, curr_offset, remaining, ENC_NA);
857 /* USHRT_MAX can hold at most 5 (base 10) digits (6 for the NULL byte) */
858 #define USHRT_MAX_STRLEN 6
860 /* Maximum CIPSO tag length:
861 * (IP hdr max)60 - (IPv4 hdr std)20 - (CIPSO base)6 = 34 */
862 #define CIPSO_TAG_LEN_MAX 34
864 /* The Commercial IP Security Option (CIPSO) is defined in IETF draft
865 * draft-ietf-cipso-ipsecurity-01.txt and FIPS 188, a copy of both documents
866 * can be found at the NetLabel project page, http://netlabel.sf.net or at
867 * http://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01 */
869 dissect_ipopt_cipso(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
870 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
873 proto_tree *field_tree;
875 guint tagtype, taglen;
876 int offset_max = offset + optlen;
878 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
880 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
881 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
882 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
883 if (optlen > IPOLEN_MAX)
884 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
888 proto_tree_add_text(field_tree, tvb, offset, 4, "DOI: %u",
889 tvb_get_ntohl(tvb, offset));
892 /* loop through all of the tags in the CIPSO option */
893 while (offset < offset_max) {
894 tagtype = tvb_get_guint8(tvb, offset);
896 if ((offset + 1) < offset_max)
897 taglen = tvb_get_guint8(tvb, offset + 1);
903 /* padding - skip this tag */
907 /* restrictive bitmap, see CIPSO draft section 3.4.2 for tag format */
908 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
909 ((offset + (int)taglen - 1) > offset_max)) {
910 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
911 "Malformed CIPSO tag");
915 proto_tree_add_text(field_tree, tvb, offset, 1,
916 "Tag Type: Restrictive Category Bitmap (%u)",
919 /* skip past alignment octet */
922 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
923 tvb_get_guint8(tvb, offset));
929 unsigned char bitmask;
931 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN);
933 const guint8 *val_ptr = tvb_get_ptr(tvb, offset, taglen - 4);
935 /* this is just a guess regarding string size, but we grow it below
938 cat_str = (char *)wmem_alloc0(wmem_packet_scope(), cat_str_len);
940 /* we checked the length above so the highest category value
941 * possible here is 240 */
942 while (byte_spot < (taglen - 4)) {
945 while (bit_spot < 8) {
946 if (val_ptr[byte_spot] & bitmask) {
947 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
948 byte_spot * 8 + bit_spot);
949 if (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN)) {
952 while (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN))
953 cat_str_len += cat_str_len;
954 cat_str_new = (char *)wmem_alloc(wmem_packet_scope(), cat_str_len);
955 g_strlcpy(cat_str_new, cat_str, cat_str_len);
956 cat_str_new[cat_str_len - 1] = '\0';
957 cat_str = cat_str_new;
959 if (cat_str[0] != '\0')
960 g_strlcat(cat_str, ",", cat_str_len);
961 g_strlcat(cat_str, cat_str_tmp, cat_str_len);
970 proto_tree_add_text(field_tree, tvb, offset, taglen - 4,
971 "Categories: %s", cat_str);
973 proto_tree_add_text(field_tree, tvb, offset, taglen - 4,
974 "Categories: ERROR PARSING CATEGORIES");
975 offset += taglen - 4;
979 /* enumerated categories, see CIPSO draft section 3.4.3 for tag format */
980 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
981 ((offset + (int)taglen - 1) > offset_max)) {
982 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
983 "Malformed CIPSO tag");
987 proto_tree_add_text(field_tree, tvb, offset, 1,
988 "Tag Type: Enumerated Categories (%u)", tagtype);
990 /* skip past alignment octet */
993 /* sensitivity level */
994 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
995 tvb_get_guint8(tvb, offset));
999 int offset_max_cat = offset + taglen - 4;
1000 char *cat_str = (char *)wmem_alloc0(wmem_packet_scope(), USHRT_MAX_STRLEN * 15);
1001 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN);
1003 while ((offset + 2) <= offset_max_cat) {
1004 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
1005 tvb_get_ntohs(tvb, offset));
1007 if (cat_str[0] != '\0')
1008 g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 15);
1009 g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 15);
1012 proto_tree_add_text(field_tree, tvb, offset - taglen + 4, taglen - 4,
1013 "Categories: %s", cat_str);
1017 /* ranged categories, see CIPSO draft section 3.4.4 for tag format */
1018 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1019 ((offset + (int)taglen - 1) > offset_max)) {
1020 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
1021 "Malformed CIPSO tag");
1025 proto_tree_add_text(field_tree, tvb, offset, 1,
1026 "Tag Type: Ranged Categories (%u)", tagtype);
1028 /* skip past alignment octet */
1031 /* sensitivity level */
1032 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
1033 tvb_get_guint8(tvb, offset));
1037 guint16 cat_low, cat_high;
1038 int offset_max_cat = offset + taglen - 4;
1039 char *cat_str = (char *)wmem_alloc0(wmem_packet_scope(), USHRT_MAX_STRLEN * 16);
1040 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN * 2);
1042 while ((offset + 2) <= offset_max_cat) {
1043 cat_high = tvb_get_ntohs(tvb, offset);
1044 if ((offset + 4) <= offset_max_cat) {
1045 cat_low = tvb_get_ntohs(tvb, offset + 2);
1051 if (cat_low != cat_high)
1052 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u-%u",
1055 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u", cat_high);
1057 if (cat_str[0] != '\0')
1058 g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 16);
1059 g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 16);
1062 proto_tree_add_text(field_tree, tvb, offset - taglen + 4, taglen - 4,
1063 "Categories: %s", cat_str);
1067 /* permissive categories, see FIPS 188 section 6.9 for tag format */
1068 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1069 ((offset + (int)taglen - 1) > offset_max)) {
1070 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
1071 "Malformed CIPSO tag");
1075 proto_tree_add_text(field_tree, tvb, offset, 1,
1076 "Tag Type: Permissive Categories (%u)", tagtype);
1077 proto_tree_add_text(field_tree, tvb, offset + 2, taglen - 2, "Tag data");
1081 /* free form, see FIPS 188 section 6.10 for tag format */
1082 if ((taglen < 2) || (taglen > CIPSO_TAG_LEN_MAX) ||
1083 ((offset + (int)taglen - 1) > offset_max)) {
1084 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
1085 "Malformed CIPSO tag");
1089 proto_tree_add_text(field_tree, tvb, offset, 1,
1090 "Tag Type: Free Form (%u)", tagtype);
1091 proto_tree_add_text(field_tree, tvb, offset + 2, taglen - 2, "Tag data");
1095 /* unknown tag - stop parsing this IPv4 option */
1096 if ((offset + 1) <= offset_max) {
1097 taglen = tvb_get_guint8(tvb, offset + 1);
1098 proto_tree_add_text(field_tree, tvb, offset, 1,
1099 "Tag Type: Unknown (%u) (%u bytes)",
1103 proto_tree_add_text(field_tree, tvb, offset, 1,
1104 "Tag Type: Unknown (%u) (invalid format)", tagtype);
1111 dissect_option_route(proto_tree *tree, tvbuff_t *tvb, int offset, int hf,
1112 int hf_host, gboolean next)
1117 route = tvb_get_ipv4(tvb, offset);
1119 proto_tree_add_ipv4_format_value(tree, hf, tvb, offset, 4, route,
1121 ip_to_str((gchar *)&route));
1123 proto_tree_add_ipv4(tree, hf, tvb, offset, 4, route);
1124 ti = proto_tree_add_string(tree, hf_host, tvb, offset, 4, get_hostname(route));
1125 PROTO_ITEM_SET_GENERATED(ti);
1126 PROTO_ITEM_SET_HIDDEN(ti);
1130 dissect_ipopt_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1131 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1134 proto_tree *field_tree;
1139 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1140 optp->name, optlen);
1141 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1142 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1143 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1144 if (optlen > IPOLEN_MAX)
1145 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1146 ptr = tvb_get_guint8(tvb, offset + 2);
1147 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1148 if ((ptr < (optp->optlen + 1)) || (ptr & 3)) {
1149 if (ptr < (optp->optlen + 1)) {
1150 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_before_address);
1153 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_middle_address);
1159 optoffset = 3; /* skip past type, length and pointer */
1160 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1162 expert_add_info(pinfo, tf, &ei_ip_subopt_too_long);
1167 /* This is a recorded route */
1168 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1169 hf_ip_rec_rt_host, FALSE);
1170 } else if (optoffset == (len - 4)) {
1171 /* This is the the destination */
1174 const char *dst_host;
1176 addr = tvb_get_ipv4(tvb, offset + optoffset);
1177 dst_host = get_hostname(addr);
1178 proto_tree_add_ipv4(field_tree, hf_ip_dst, tvb,
1179 offset + optoffset, 4, addr);
1180 item = proto_tree_add_ipv4(field_tree, hf_ip_addr, tvb,
1181 offset + optoffset, 4, addr);
1182 PROTO_ITEM_SET_HIDDEN(item);
1183 item = proto_tree_add_string(field_tree, hf_ip_dst_host, tvb,
1184 offset + optoffset, 4, dst_host);
1185 PROTO_ITEM_SET_GENERATED(item);
1186 PROTO_ITEM_SET_HIDDEN(item);
1187 item = proto_tree_add_string(field_tree, hf_ip_host, tvb,
1188 offset + optoffset, 4, dst_host);
1189 PROTO_ITEM_SET_GENERATED(item);
1190 PROTO_ITEM_SET_HIDDEN(item);
1191 } else if ((optoffset + 1) < ptr) {
1192 /* This is also a recorded route */
1193 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1194 hf_ip_rec_rt_host, FALSE);
1195 } else if ((optoffset + 1) == ptr) {
1196 /* This is the next source route. TODO: Should we use separate hf's
1197 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1198 * having to pass TRUE/FALSE to dissect_option_route()? */
1199 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1200 hf_ip_src_rt_host, TRUE);
1202 /* This must be a source route */
1203 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1204 hf_ip_src_rt_host, FALSE);
1210 dissect_ipopt_record_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1211 guint optlen, packet_info *pinfo,
1212 proto_tree *opt_tree, void * data _U_)
1214 proto_tree *field_tree;
1219 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1220 optp->name, optlen);
1221 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1222 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1223 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1224 if (optlen > IPOLEN_MAX)
1225 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1226 ptr = tvb_get_guint8(tvb, offset + 2);
1227 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1229 if ((ptr < (optp->optlen + 1)) || (ptr & 3)) {
1230 if (ptr < (optp->optlen + 1)) {
1231 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_before_address);
1234 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_middle_address);
1240 optoffset = 3; /* skip past type, length and pointer */
1241 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1243 expert_add_info(pinfo, tf, &ei_ip_subopt_too_long);
1248 /* The recorded route data area is full. */
1249 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1250 hf_ip_rec_rt_host, FALSE);
1251 } else if ((optoffset + 1) < ptr) {
1252 /* This is a recorded route */
1253 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1254 hf_ip_rec_rt_host, FALSE);
1255 } else if ((optoffset + 1) == ptr) {
1256 /* This is the next available slot. TODO: Should we use separate hf's
1257 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1258 * having to pass TRUE/FALSE to dissect_option_route()? */
1259 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1260 hf_ip_empty_rt_host, TRUE);
1262 /* This must be an available slot too. */
1263 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1264 hf_ip_empty_rt_host, FALSE);
1269 /* Stream Identifier */
1271 dissect_ipopt_sid(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1272 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1275 proto_tree *field_tree;
1278 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes): %u",
1279 optp->name, optlen, tvb_get_ntohs(tvb, offset + 2));
1280 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1281 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1282 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1283 if (optlen != (guint)optp->optlen)
1284 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1285 proto_tree_add_item(field_tree, hf_ip_opt_sid, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1288 /* RFC 1063: MTU Probe and MTU Reply */
1290 dissect_ipopt_mtu(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1291 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1294 proto_tree *field_tree;
1297 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes): %u",
1298 optp->name, optlen, tvb_get_ntohs(tvb, offset + 2));
1299 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1300 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1301 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1302 if (optlen != (guint)optp->optlen)
1303 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1304 proto_tree_add_item(field_tree, hf_ip_opt_mtu, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1307 /* RFC 1393: Traceroute */
1309 dissect_ipopt_tr(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1310 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1313 proto_tree *field_tree;
1316 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1317 optp->name, optlen);
1318 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1319 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1320 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1321 if (optlen != (guint)optp->optlen)
1322 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1324 proto_tree_add_item(field_tree, hf_ip_opt_id_number, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1325 proto_tree_add_item(field_tree, hf_ip_opt_ohc, tvb, offset + 4, 2, ENC_BIG_ENDIAN);
1326 proto_tree_add_item(field_tree, hf_ip_opt_rhc, tvb, offset + 6, 2, ENC_BIG_ENDIAN);
1327 proto_tree_add_item(field_tree, hf_ip_opt_originator, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
1331 dissect_ipopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb,
1332 int offset, guint optlen, packet_info *pinfo,
1333 proto_tree *opt_tree, void * data _U_)
1335 proto_tree *field_tree;
1340 static const value_string flag_vals[] = {
1341 {IPOPT_TS_TSONLY, "Time stamps only" },
1342 {IPOPT_TS_TSANDADDR, "Time stamp and address" },
1343 {IPOPT_TS_PRESPEC, "Time stamps for prespecified addresses"},
1348 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1349 optp->name, optlen);
1350 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1351 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1352 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1353 if (optlen > IPOLEN_MAX)
1354 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1355 optoffset += 2; /* skip past type and length */
1356 optlen -= 2; /* subtract size of type and length */
1358 ptr = tvb_get_guint8(tvb, offset + optoffset);
1359 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Pointer: %d%s",
1360 ptr, ((ptr == 1) ? " (header is full)" :
1361 (ptr < 5) ? " (points before first address)" :
1362 (((ptr - 1) & 3) ? " (points to middle of field)" : "")));
1365 ptr--; /* ptr is 1-origin */
1367 flg = tvb_get_guint8(tvb, offset + optoffset);
1368 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Overflow: %u",
1371 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Flag: %s",
1372 val_to_str(flg, flag_vals, "Unknown (0x%x)"));
1376 while (optlen > 0) {
1377 if (flg == IPOPT_TS_TSANDADDR || flg == IPOPT_TS_PRESPEC) {
1379 proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
1380 "(suboption would go past end of option)");
1383 addr = tvb_get_ipv4(tvb, offset + optoffset);
1384 ts = tvb_get_ntohl(tvb, offset + optoffset + 4);
1386 proto_tree_add_text(field_tree, tvb, offset + optoffset, 8,
1387 "Address = %s, time stamp = %u",
1388 ((addr == 0) ? "-" :
1389 get_hostname(addr)), ts);
1393 proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
1394 "(suboption would go past end of option)");
1397 ts = tvb_get_ntohl(tvb, offset + optoffset);
1399 proto_tree_add_text(field_tree, tvb, offset + optoffset, 4,
1400 "Time stamp = %u", ts);
1407 static const range_string ra_rvals[] = {
1408 {0, 0, "Router shall examine packet"},
1409 {1, 65535, "Reserved"},
1414 dissect_ipopt_ra(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1415 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1418 /* Router-Alert, as defined by RFC2113 */
1419 proto_tree *field_tree;
1421 guint16 value = tvb_get_ntohs(tvb, offset + 2);
1423 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen,
1424 "%s (%u bytes): %s (%u)", optp->name, optlen,
1425 rval_to_str(value, ra_rvals, "Unknown (%u)"),
1427 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1428 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1429 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1430 if (optlen != (guint)optp->optlen)
1431 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1432 proto_tree_add_item(field_tree, hf_ip_opt_ra, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1435 /* RFC 1770: Selective Directed Broadcast */
1437 dissect_ipopt_sdb(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1438 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1441 proto_tree *field_tree;
1444 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1445 optp->name, optlen);
1446 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1447 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1448 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1449 if (optlen > IPOLEN_MAX)
1450 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1451 for (offset += 2, optlen -= 2; optlen >= 4; offset += 4, optlen -= 4)
1452 proto_tree_add_item(field_tree, hf_ip_opt_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
1455 proto_tree_add_item(field_tree, hf_ip_opt_padding, tvb, offset, optlen, ENC_NA);
1458 const value_string qs_func_vals[] = {
1459 {QS_RATE_REQUEST, "Rate request"},
1460 {QS_RATE_REPORT, "Rate report"},
1464 static const value_string qs_rate_vals[] = {
1470 { 5, "1.28 Mbit/s"},
1471 { 6, "2.56 Mbit/s"},
1472 { 7, "5.12 Mbit/s"},
1473 { 8, "10.24 Mbit/s"},
1474 { 9, "20.48 Mbit/s"},
1475 {10, "40.96 Mbit/s"},
1476 {11, "81.92 Mbit/s"},
1477 {12, "163.84 Mbit/s"},
1478 {13, "327.68 Mbit/s"},
1479 {14, "655.36 Mbit/s"},
1480 {15, "1.31072 Gbit/s"},
1483 value_string_ext qs_rate_vals_ext = VALUE_STRING_EXT_INIT(qs_rate_vals);
1486 dissect_ipopt_qs(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1487 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1490 proto_tree *field_tree;
1493 ws_ip *iph = (ws_ip*)data;
1495 guint8 command = tvb_get_guint8(tvb, offset + 2);
1496 guint8 function = command >> 4;
1497 guint8 rate = command & QS_RATE_MASK;
1500 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen,
1501 "%s (%u bytes): %s (%u)", optp->name, optlen,
1502 val_to_str(function, qs_func_vals, "Unknown (%u)"),
1504 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1506 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1507 proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1508 if (optlen != (guint)optp->optlen)
1509 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1510 proto_tree_add_item(field_tree, hf_ip_opt_qs_func, tvb, offset + 2, 1, ENC_NA);
1512 if (function == QS_RATE_REQUEST) {
1513 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset + 2, 1, ENC_NA);
1514 proto_tree_add_item(field_tree, hf_ip_opt_qs_ttl, tvb, offset + 3, 1, ENC_NA);
1515 ttl_diff = (iph->ip_ttl - tvb_get_guint8(tvb, offset + 3) % 256);
1516 ti = proto_tree_add_uint_format_value(field_tree, hf_ip_opt_qs_ttl_diff,
1517 tvb, offset + 3, 1, ttl_diff,
1519 PROTO_ITEM_SET_GENERATED(ti);
1520 proto_item_append_text(tf, ", %s, QS TTL %u, QS TTL diff %u",
1521 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"),
1522 tvb_get_guint8(tvb, offset + 3), ttl_diff);
1523 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 4, 4, ENC_NA);
1524 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 4, 4, ENC_NA);
1525 } else if (function == QS_RATE_REPORT) {
1526 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset + 2, 1, ENC_NA);
1527 proto_item_append_text(tf, ", %s",
1528 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"));
1529 proto_tree_add_item(field_tree, hf_ip_opt_qs_unused, tvb, offset + 3, 1, ENC_NA);
1530 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 4, 4, ENC_NA);
1531 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 4, 4, ENC_NA);
1535 static const ip_tcp_opt ipopts[] = {
1536 {IPOPT_EOOL, "End of Options List (EOL)", &ett_ip_option_eool,
1537 OPT_LEN_NO_LENGTH, 0, dissect_ipopt_eool},
1538 {IPOPT_NOP, "No Operation (NOP)", &ett_ip_option_nop,
1539 OPT_LEN_NO_LENGTH, 0, dissect_ipopt_nop},
1540 {IPOPT_SEC, "Security", &ett_ip_option_sec,
1541 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SEC_MIN, dissect_ipopt_security},
1542 {IPOPT_LSR, "Loose Source Route", &ett_ip_option_route,
1543 OPT_LEN_VARIABLE_LENGTH, IPOLEN_LSR_MIN, dissect_ipopt_route},
1544 {IPOPT_TS, "Time Stamp", &ett_ip_option_timestamp,
1545 OPT_LEN_VARIABLE_LENGTH, IPOLEN_TS_MIN, dissect_ipopt_timestamp},
1546 {IPOPT_ESEC, "Extended Security", &ett_ip_option_ext_security,
1547 OPT_LEN_VARIABLE_LENGTH, IPOLEN_ESEC_MIN, dissect_ipopt_ext_security},
1548 {IPOPT_CIPSO, "Commercial Security", &ett_ip_option_cipso,
1549 OPT_LEN_VARIABLE_LENGTH, IPOLEN_CIPSO_MIN, dissect_ipopt_cipso},
1550 {IPOPT_RR, "Record Route", &ett_ip_option_route,
1551 OPT_LEN_VARIABLE_LENGTH, IPOLEN_RR_MIN, dissect_ipopt_record_route},
1552 {IPOPT_SID, "Stream ID", &ett_ip_option_sid,
1553 OPT_LEN_FIXED_LENGTH, IPOLEN_SID, dissect_ipopt_sid},
1554 {IPOPT_SSR, "Strict Source Route", &ett_ip_option_route,
1555 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SSR_MIN, dissect_ipopt_route},
1557 {IPOPT_ZSU, "Experimental Measurement", &ett_ip_option_zsu,
1558 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ZSU_MIN, dissect_ipopt_zsu},
1560 {IPOPT_MTUP, "MTU Probe", &ett_ip_option_mtu,
1561 OPT_LEN_FIXED_LENGTH, IPOLEN_MTU, dissect_ipopt_mtu},
1562 {IPOPT_MTUR, "MTU Reply", &ett_ip_option_mtu,
1563 OPT_LEN_FIXED_LENGTH, IPOLEN_MTU, dissect_ipopt_mtu},
1565 {IPOPT_FINN, "Experimental Flow Control", &ett_ip_option_finn,
1566 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_FINN_MIN, dissect_ipopt_finn},
1567 {IPOPT_VISA, "Experimental Access Control", &ett_ip_option_visa,
1568 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_VISA_MIN, dissect_ipopt_visa},
1569 {IPOPT_ENCODE, "???", &ett_ip_option_encode,
1570 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ENCODE_MIN, dissect_ipopt_encode},
1571 {IPOPT_IMITD, "IMI Traffic Descriptor", &ett_ip_option_imitd,
1572 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_IMITD_MIN, dissect_ipopt_imitd},
1573 {IPOPT_EIP, "Extended Internet Protocol", &ett_ip_option_eip,
1574 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_EIP_MIN, dissect_ipopt_eip},
1576 {IPOPT_TR, "Traceroute", &ett_ip_option_tr,
1577 OPT_LEN_FIXED_LENGTH, IPOLEN_TR, dissect_ipopt_tr},
1579 {IPOPT_ADDEXT, "Address Extension", &ett_ip_option_addext,
1580 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ADDEXT_MIN, dissect_ipopt_addext},
1582 {IPOPT_RTRALT, "Router Alert", &ett_ip_option_ra,
1583 OPT_LEN_FIXED_LENGTH, IPOLEN_RA, dissect_ipopt_ra},
1584 {IPOPT_SDB, "Selective Directed Broadcast", &ett_ip_option_sdb,
1585 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SDB_MIN, dissect_ipopt_sdb},
1587 {IPOPT_UN, "Unassigned", &ett_ip_option_un,
1588 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_UN_MIN, dissect_ipopt_un},
1589 {IPOPT_DPS, "Dynamic Packet State", &ett_ip_option_dps,
1590 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_DPS_MIN, dissect_ipopt_dps},
1591 {IPOPT_UMP, "Upstream Multicast Pkt.", &ett_ip_option_ump,
1592 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_UMP_MIN, dissect_ipopt_ump},
1594 {IPOPT_QS, "Quick-Start", &ett_ip_option_qs,
1595 OPT_LEN_FIXED_LENGTH, IPOLEN_QS, dissect_ipopt_qs}
1597 {IPOPT_EXP, "RFC3692-style Experiment", &ett_ip_option_exp,
1598 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_EXP_MIN, dissect_ipopt_exp}
1602 #define N_IP_OPTS array_length(ipopts)
1604 /* Dissect the IP, TCP or various PPP protocols (IPCP, CP, LCP, VSNCP, BAP)
1605 * options in a packet. */
1607 dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length,
1608 const ip_tcp_opt *opttab, int nopts, int eol,
1609 ip_tcp_opt_type* opttypes, expert_field* ei_bad,
1610 packet_info *pinfo, proto_tree *opt_tree,
1611 proto_item *opt_item, void * data)
1614 const ip_tcp_opt *optp;
1615 opt_len_type len_type;
1616 unsigned int optlen;
1618 void (*dissect)(const struct ip_tcp_opt *, tvbuff_t *,
1619 int, guint, packet_info *, proto_tree *,
1621 guint len, nop_count = 0;
1623 while (length > 0) {
1624 opt = tvb_get_guint8(tvb, offset);
1625 for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
1626 if (optp->optcode == opt)
1629 if (optp == &opttab[nopts]) {
1630 /* We assume that the only OPT_LEN_NO_LENGTH options are EOL and NOP options,
1631 so that we can treat unknown options as OPT_LEN_VARIABLE_LENGTH with a
1632 minimum of 2, and at least be able to move on to the next option
1633 by using the length in the option. */
1634 optp = NULL; /* indicate that we don't know this option */
1635 len_type = OPT_LEN_VARIABLE_LENGTH;
1637 name = wmem_strdup_printf(wmem_packet_scope(), "Unknown (0x%02x)", opt);
1641 len_type = optp->len_type;
1642 optlen = optp->optlen;
1644 dissect = optp->dissect;
1645 if (opt_item && len_type == OPT_LEN_NO_LENGTH && optlen == 0 && opt == 1 &&
1646 (nop_count == 0 || offset % 4)) { /* opt 1 = NOP in both IP and TCP */
1647 /* Count number of NOP in a row within a uint32 */
1653 --length; /* account for type byte */
1654 if (len_type != OPT_LEN_NO_LENGTH) {
1655 /* Option has a length. Is it in the packet? */
1657 /* Bogus - packet must at least include option code byte and
1659 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, 1,
1660 "%s (length byte past end of options)", name);
1663 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1664 --length; /* account for length byte */
1666 /* Bogus - option length is too short to include option code and
1668 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, 2,
1669 "%s (with too-short option length = %u byte%s)",
1670 name, len, plurality(len, "", "s"));
1672 } else if (len - 2 > length) {
1673 /* Bogus - option goes past the end of the header. */
1674 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, length,
1675 "%s (option length = %u byte%s says option goes past end of options)",
1676 name, len, plurality(len, "", "s"));
1678 } else if (len_type == OPT_LEN_FIXED_LENGTH && len != optlen) {
1679 /* Bogus - option length isn't what it's supposed to be for this
1681 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, len,
1682 "%s (with option length = %u byte%s; should be %u)",
1683 name, len, plurality(len, "", "s"), optlen);
1685 } else if (len_type == OPT_LEN_VARIABLE_LENGTH && len < optlen) {
1686 /* Bogus - option length is less than what it's supposed to be for
1688 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, len,
1689 "%s (with option length = %u byte%s; should be >= %u)",
1690 name, len, plurality(len, "", "s"), optlen);
1694 proto_tree_add_text(opt_tree, tvb, offset, len, "%s (%u byte%s)",
1695 name, len, plurality(len, "", "s"));
1697 if (dissect != NULL) {
1698 /* Option has a dissector. */
1699 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1701 (*dissect)(optp, tvb, offset, len, pinfo, opt_tree, data);
1703 proto_tree *field_tree;
1706 /* Option has no data, hence no dissector. */
1707 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1709 tf = proto_tree_add_text(opt_tree, tvb, offset, len, "%s", name);
1710 field_tree = proto_item_add_subtree(tf, ett_ip_option_other);
1711 dissect_ipopt_type(tvb, offset, field_tree, opttypes);
1714 len -= 2; /* subtract size of type and length */
1719 if (dissect != NULL) {
1720 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1722 (*dissect)(optp, tvb, offset, 1, pinfo, opt_tree, data);
1724 proto_tree *field_tree;
1727 /* Option has no data, hence no dissector. */
1728 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s", name);
1729 tf = proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", name);
1730 field_tree = proto_item_add_subtree(tf, ett_ip_option_other);
1731 dissect_ipopt_type(tvb, offset, field_tree, opttypes);
1735 if (nop_count == 4 && strcmp (name, "No-Operation (NOP)") == 0) {
1736 expert_add_info(pinfo, opt_item, &ei_ip_nop);
1744 /* This function searches the IP options for either a loose or strict source
1745 * route option, then returns the offset to the destination address if the
1746 * pointer is still valid or zero if the pointer is greater than the length.
1748 * The guts of this function was taken from dissect_ip_tcp_options().
1751 get_dst_offset(tvbuff_t *tvb, int offset, guint length,
1752 const ip_tcp_opt *opttab, int nopts, int eol)
1755 const ip_tcp_opt *optp;
1756 opt_len_type len_type;
1757 unsigned int optlen;
1759 int orig_offset = offset;
1761 while (length > 0) {
1762 opt = tvb_get_guint8(tvb, offset);
1763 for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
1764 if (optp->optcode == opt)
1767 if (optp == &opttab[nopts]) {
1768 /* We assume that the only NO_LENGTH options are EOL and NOP options,
1769 so that we can treat unknown options as VARIABLE_LENGTH with a
1770 minimum of 2, and at least be able to move on to the next option
1771 by using the length in the option. */
1772 optp = NULL; /* indicate that we don't know this option */
1773 len_type = OPT_LEN_VARIABLE_LENGTH;
1776 len_type = optp->len_type;
1777 optlen = optp->optlen;
1779 --length; /* account for type byte */
1780 if (len_type != OPT_LEN_NO_LENGTH) {
1781 /* Option has a length. Is it in the packet? */
1783 /* Bogus - packet must at least include option code byte and
1787 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1788 --length; /* account for length byte */
1790 /* Bogus - option length is too short to include option code and
1793 } else if (len - 2 > length) {
1794 /* Bogus - option goes past the end of the header. */
1796 } else if (len_type == OPT_LEN_FIXED_LENGTH && len != optlen) {
1797 /* Bogus - option length isn't what it's supposed to be for this
1800 } else if (len_type == OPT_LEN_VARIABLE_LENGTH && len < optlen) {
1801 /* Bogus - option length is less than what it's supposed to be for
1806 if (opt == IPOPT_SSR || opt == IPOPT_LSR) {
1807 /* Hmm, what if you have both options? */
1810 ptr = tvb_get_guint8(tvb, offset + 2);
1811 if (ptr < 4 || (ptr & 3) || (ptr > len)) {
1814 return (offset - orig_offset) + 4 + (len - 4);
1817 len -= 2; /* subtract size of type and length */
1830 /* Returns the valid ttl for the group address */
1832 local_network_control_block_addr_valid_ttl(guint32 addr)
1834 /* An exception list, as some protocols seem to insist on
1835 * doing differently:
1838 /* IETF's VRRP (rfc3768) */
1839 if (IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR == addr)
1840 return IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL;
1842 if (IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR == addr)
1843 return IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL;
1844 /* mDNS (draft-cheshire-dnsext-multicastdns-07) */
1845 if (IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR == addr)
1846 return IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL;
1847 /* LLMNR (rfc4795) */
1848 if (IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR == addr)
1849 return IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL;
1850 return IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL;
1853 static const value_string dscp_vals[] = {
1854 { IPDSFIELD_DSCP_DEFAULT, "Default" },
1855 { IPDSFIELD_DSCP_CS1, "Class Selector 1" },
1856 { IPDSFIELD_DSCP_AF11, "Assured Forwarding 11" },
1857 { IPDSFIELD_DSCP_AF12, "Assured Forwarding 12" },
1858 { IPDSFIELD_DSCP_AF13, "Assured Forwarding 13" },
1859 { IPDSFIELD_DSCP_CS2, "Class Selector 2" },
1860 { IPDSFIELD_DSCP_AF21, "Assured Forwarding 21" },
1861 { IPDSFIELD_DSCP_AF22, "Assured Forwarding 22" },
1862 { IPDSFIELD_DSCP_AF23, "Assured Forwarding 23" },
1863 { IPDSFIELD_DSCP_CS3, "Class Selector 3" },
1864 { IPDSFIELD_DSCP_AF31, "Assured Forwarding 31" },
1865 { IPDSFIELD_DSCP_AF32, "Assured Forwarding 32" },
1866 { IPDSFIELD_DSCP_AF33, "Assured Forwarding 33" },
1867 { IPDSFIELD_DSCP_CS4, "Class Selector 4" },
1868 { IPDSFIELD_DSCP_AF41, "Assured Forwarding 41" },
1869 { IPDSFIELD_DSCP_AF42, "Assured Forwarding 42" },
1870 { IPDSFIELD_DSCP_AF43, "Assured Forwarding 43" },
1871 { IPDSFIELD_DSCP_CS5, "Class Selector 5" },
1872 { IPDSFIELD_DSCP_EF, "Expedited Forwarding" },
1873 { IPDSFIELD_DSCP_CS6, "Class Selector 6" },
1874 { IPDSFIELD_DSCP_CS7, "Class Selector 7" },
1876 value_string_ext dscp_vals_ext = VALUE_STRING_EXT_INIT(dscp_vals);
1878 const value_string ecn_vals[] = {
1879 { IPDSFIELD_ECT_NOT, "Not-ECT (Not ECN-Capable Transport)" },
1880 { IPDSFIELD_ECT_1, "ECT(1) (ECN-Capable Transport)" },
1881 { IPDSFIELD_ECT_0, "ECT(0) (ECN-Capable Transport)" },
1882 { IPDSFIELD_CE, "CE (Congestion Experienced)" },
1885 static const value_string precedence_vals[] = {
1886 { IPTOS_PREC_ROUTINE, "routine" },
1887 { IPTOS_PREC_PRIORITY, "priority" },
1888 { IPTOS_PREC_IMMEDIATE, "immediate" },
1889 { IPTOS_PREC_FLASH, "flash" },
1890 { IPTOS_PREC_FLASHOVERRIDE, "flash override" },
1891 { IPTOS_PREC_CRITIC_ECP, "CRITIC/ECP" },
1892 { IPTOS_PREC_INTERNETCONTROL, "internetwork control" },
1893 { IPTOS_PREC_NETCONTROL, "network control" },
1896 static const value_string iptos_vals[] = {
1897 { IPTOS_NONE, "None" },
1898 { IPTOS_LOWCOST, "Minimize cost" },
1899 { IPTOS_RELIABILITY, "Maximize reliability" },
1900 { IPTOS_THROUGHPUT, "Maximize throughput" },
1901 { IPTOS_LOWDELAY, "Minimize delay" },
1902 { IPTOS_SECURITY, "Maximize security" },
1906 static const true_false_string tos_set_low = {
1911 static const true_false_string tos_set_high = {
1916 static const true_false_string flags_sf_set_evil = {
1922 ip_checksum(const guint8 *ptr, int len)
1926 cksum_vec[0].ptr = ptr;
1927 cksum_vec[0].len = len;
1928 return in_cksum(&cksum_vec[0], 1);
1932 dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
1934 proto_tree *ip_tree, *field_tree = NULL;
1935 proto_item *ti, *tf;
1937 int offset = 0, dst_off;
1942 guint16 expected_cksum;
1943 fragment_head *ipfd_head = NULL;
1945 gboolean update_col_info = TRUE;
1946 gboolean save_fragmented;
1948 const guchar *src_addr, *dst_addr;
1949 guint32 src32, dst32;
1951 proto_item *item = NULL, *ttl_item;
1952 proto_tree *checksum_tree;
1954 heur_dtbl_entry_t *hdtbl_entry;
1957 iph = (ws_ip *)wmem_alloc(wmem_packet_scope(), sizeof(ws_ip));
1959 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPv4");
1960 col_clear(pinfo->cinfo, COL_INFO);
1962 iph->ip_v_hl = tvb_get_guint8(tvb, offset);
1963 if ( hi_nibble(iph->ip_v_hl) == 6) {
1964 call_dissector(ipv6_handle, tvb, pinfo, parent_tree);
1968 hlen = lo_nibble(iph->ip_v_hl) * 4; /* IP header length, in bytes */
1970 ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, ENC_NA);
1971 ip_tree = proto_item_add_subtree(ti, ett_ip);
1973 proto_tree_add_item(ip_tree, hf_ip_version, tvb, offset, 1, ENC_NA);
1975 /* if IP is not referenced from any filters we don't need to worry about
1976 generating any tree items. We must do this after we created the actual
1977 protocol above so that proto hier stat still works though.
1978 XXX: Note that because of the following optimization expert items must
1979 not be generated inside of an 'if (tree) ...'
1980 so that Analyze ! Expert ... will work.
1982 if (!proto_field_is_referenced(parent_tree, proto_ip)) {
1986 if (hlen < IPH_MIN_LEN) {
1987 col_add_fstr(pinfo->cinfo, COL_INFO,
1988 "Bogus IP header length (%u, must be at least %u)",
1991 proto_tree_add_uint_format_value(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
1992 "%u bytes (bogus, must be at least %u)", hlen, IPH_MIN_LEN);
1996 proto_tree_add_uint_format_value(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen/4,
1999 iph->ip_tos = tvb_get_guint8(tvb, offset + 1);
2000 if (g_ip_dscp_actif) {
2001 col_add_fstr(pinfo->cinfo, COL_DSCP_VALUE, "%u",
2002 IPDSFIELD_DSCP(iph->ip_tos));
2006 if (g_ip_dscp_actif) {
2007 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_dsfield, tvb, offset + 1,
2008 1, iph->ip_tos, "0x%02x (DSCP 0x%02x: %s; ECN: 0x%02x: %s)", iph->ip_tos,
2009 IPDSFIELD_DSCP(iph->ip_tos), val_to_str_ext_const(IPDSFIELD_DSCP(iph->ip_tos),
2010 &dscp_vals_ext, "Unknown DSCP"),
2011 IPDSFIELD_ECN(iph->ip_tos), val_to_str_const(IPDSFIELD_ECN(iph->ip_tos),
2012 ecn_vals, "Unknown ECN"));
2014 field_tree = proto_item_add_subtree(tf, ett_ip_dsfield);
2015 proto_tree_add_item(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, ENC_NA);
2016 proto_tree_add_item(field_tree, hf_ip_dsfield_ecn, tvb, offset + 1, 1, ENC_NA);
2018 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_tos, tvb, offset + 1, 1,
2022 val_to_str_const(IPTOS_TOS(iph->ip_tos),
2023 iptos_vals, "Unknown"));
2025 field_tree = proto_item_add_subtree(tf, ett_ip_tos);
2026 proto_tree_add_item(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, ENC_NA);
2027 proto_tree_add_item(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, ENC_NA);
2028 proto_tree_add_item(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, ENC_NA);
2029 proto_tree_add_item(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, ENC_NA);
2030 proto_tree_add_item(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, ENC_NA);
2034 /* Length of IP datagram.
2035 XXX - what if this is greater than the reported length of the
2036 tvbuff? This could happen, for example, in an IP datagram
2037 inside an ICMP datagram; we need to somehow let the
2038 dissector we call know that, as it might want to avoid
2039 doing its checksumming. */
2040 iph->ip_len = tvb_get_ntohs(tvb, offset + 2);
2042 if (iph->ip_len < hlen) {
2043 if (ip_tso_supported && !iph->ip_len) {
2044 /* TSO support enabled, and zero length. Assume the zero length is
2045 * the result of TSO, and use the reported length instead. Note that
2046 * we need to use the frame/reported length instead of the actually-
2047 * available length, just in case a snaplen was used on capture. */
2048 iph->ip_len = tvb_reported_length(tvb);
2050 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2052 "%u bytes (reported as 0, presumed to be because of \"TCP segmentation offload\" (TSO))",
2054 PROTO_ITEM_SET_GENERATED(tf);
2057 /* TSO support not enabled, or non-zero length, so treat it as an error. */
2058 col_add_fstr(pinfo->cinfo, COL_INFO,
2059 "Bogus IP length (%u, less than header length %u)",
2061 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2063 "%u bytes (bogus, less than header length %u)",
2065 expert_add_info(pinfo, tf, &ei_ip_bogus_ip_length);
2066 /* Can't dissect any further */
2071 * Now that we know that the total length of this IP datagram isn't
2072 * obviously bogus, adjust the length of this tvbuff to include only
2075 set_actual_length(tvb, iph->ip_len);
2078 proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len);
2081 iph->ip_id = tvb_get_ntohs(tvb, offset + 4);
2083 proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph->ip_id);
2085 iph->ip_off = tvb_get_ntohs(tvb, offset + 6);
2087 int bit_offset = (offset + 6) * 8;
2089 flags = (iph->ip_off & (IP_RF | IP_DF | IP_MF)) >> IP_OFFSET_WIDTH;
2090 tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags);
2091 field_tree = proto_item_add_subtree(tf, ett_ip_off);
2092 if (ip_security_flag) {
2095 sf = proto_tree_add_bits_item(field_tree, hf_ip_flags_sf, tvb,
2096 bit_offset + 0, 1, ENC_BIG_ENDIAN);
2097 if (iph->ip_off & IP_RF) {
2098 proto_item_append_text(tf, " (Evil packet!)");
2099 expert_add_info(pinfo, sf, &ei_ip_evil_packet);
2102 proto_tree_add_bits_item(field_tree, hf_ip_flags_rf, tvb, bit_offset + 0,
2103 1, ENC_LITTLE_ENDIAN);
2105 if (iph->ip_off & IP_DF)
2106 proto_item_append_text(tf, " (Don't Fragment)");
2107 proto_tree_add_bits_item(field_tree, hf_ip_flags_df, tvb, bit_offset + 1,
2109 if (iph->ip_off & IP_MF)
2110 proto_item_append_text(tf, " (More Fragments)");
2111 proto_tree_add_bits_item(field_tree, hf_ip_flags_mf, tvb, bit_offset + 2,
2113 proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
2114 (iph->ip_off & IP_OFFSET)*8);
2117 iph->ip_ttl = tvb_get_guint8(tvb, offset + 8);
2119 ttl_item = proto_tree_add_item(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, ENC_BIG_ENDIAN);
2124 iph->ip_p = tvb_get_guint8(tvb, offset + 9);
2126 proto_tree_add_item(ip_tree, hf_ip_proto, tvb, offset + 9, 1, ENC_BIG_ENDIAN);
2129 iph->ip_sum = tvb_get_ntohs(tvb, offset + 10);
2132 * If checksum checking is enabled, and we have the entire IP header
2133 * available, and this isn't inside an ICMP error packet, check the
2136 if (ip_check_checksum && tvb_bytes_exist(tvb, offset, hlen)&&(!pinfo->flags.in_error_pkt)) {
2137 ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen);
2140 item = proto_tree_add_uint_format_value(ip_tree, hf_ip_checksum, tvb,
2141 offset + 10, 2, iph->ip_sum,
2144 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2145 item = proto_tree_add_uint(checksum_tree, hf_ip_checksum_calculated, tvb,
2146 offset + 10, 2, iph->ip_sum);
2147 PROTO_ITEM_SET_GENERATED(item);
2148 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2149 offset + 10, 2, TRUE);
2150 PROTO_ITEM_SET_GENERATED(item);
2151 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2152 offset + 10, 2, FALSE);
2153 PROTO_ITEM_SET_GENERATED(item);
2155 expected_cksum = in_cksum_shouldbe(iph->ip_sum, ipsum);
2157 item = proto_tree_add_uint_format_value(ip_tree, hf_ip_checksum, tvb,
2158 offset + 10, 2, iph->ip_sum,
2160 "[incorrect, should be 0x%04x "
2161 "(may be caused by \"IP checksum "
2162 "offload\"?)]", iph->ip_sum,
2164 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2165 item = proto_tree_add_uint(checksum_tree, hf_ip_checksum_calculated, tvb,
2166 offset + 10, 2, expected_cksum);
2167 PROTO_ITEM_SET_GENERATED(item);
2168 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2169 offset + 10, 2, FALSE);
2170 PROTO_ITEM_SET_GENERATED(item);
2171 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2172 offset + 10, 2, TRUE);
2173 PROTO_ITEM_SET_GENERATED(item);
2177 /* Add expert item always (so tap gets called if present);
2178 if (tree == NULL) then item will be NULL
2179 else item should be from the
2180 add_boolean(..., hf_ip_checksum_bad, ...) above */
2181 expert_add_info(pinfo, item, &ei_ip_checksum_bad);
2186 item = proto_tree_add_uint_format_value(ip_tree, hf_ip_checksum, tvb,
2187 offset + 10, 2, iph->ip_sum,
2191 (pinfo->flags.in_error_pkt ?
2192 "in ICMP error packet" :
2193 "not all data available") :
2194 "validation disabled");
2195 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2196 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2197 offset + 10, 2, FALSE);
2198 PROTO_ITEM_SET_GENERATED(item);
2199 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2200 offset + 10, 2, FALSE);
2201 PROTO_ITEM_SET_GENERATED(item);
2204 src_addr = tvb_get_ptr(tvb, offset + IPH_SRC, 4);
2205 src32 = tvb_get_ntohl(tvb, offset + IPH_SRC);
2206 SET_ADDRESS(&pinfo->net_src, AT_IPv4, 4, src_addr);
2207 SET_ADDRESS(&pinfo->src, AT_IPv4, 4, src_addr);
2208 SET_ADDRESS(&iph->ip_src, AT_IPv4, 4, src_addr);
2210 const char *src_host;
2212 memcpy(&addr, iph->ip_src.data, 4);
2213 src_host = get_hostname(addr);
2214 if (ip_summary_in_tree) {
2215 proto_item_append_text(ti, ", Src: %s (%s)", src_host,
2216 ip_to_str((const guint8 *)iph->ip_src.data));
2218 proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, addr);
2219 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 12, 4, addr);
2220 PROTO_ITEM_SET_HIDDEN(item);
2221 item = proto_tree_add_string(ip_tree, hf_ip_src_host, tvb, offset + 12, 4,
2223 PROTO_ITEM_SET_GENERATED(item);
2224 PROTO_ITEM_SET_HIDDEN(item);
2225 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb, offset + 12, 4,
2227 PROTO_ITEM_SET_GENERATED(item);
2228 PROTO_ITEM_SET_HIDDEN(item);
2231 /* If there's an IP strict or loose source routing option, then the final
2232 * L3 IP destination address will be the last entry in the routing header
2233 * EXCEPT when the table is exhausted (pointer is greater than the length).
2234 * In this case, the final L3 IP destination address is the one in the L3
2235 * header. (REF: http://tools.ietf.org/html/rfc791#section-3.1)
2237 if (hlen > IPH_MIN_LEN) {
2238 /* There's more than just the fixed-length header. See if we've got
2239 * either a strict or loose source route option and if so, return the
2240 * offset into the tvb to where the real destination IP address is located.
2242 dst_off = get_dst_offset(tvb, offset + 20, hlen - IPH_MIN_LEN, ipopts,
2243 N_IP_OPTS, IPOPT_EOOL);
2248 dst_addr = tvb_get_ptr(tvb, offset + IPH_DST + dst_off, 4);
2249 dst32 = tvb_get_ntohl(tvb, offset + IPH_DST + dst_off);
2250 SET_ADDRESS(&pinfo->net_dst, AT_IPv4, 4, dst_addr);
2251 SET_ADDRESS(&pinfo->dst, AT_IPv4, 4, dst_addr);
2252 SET_ADDRESS(&iph->ip_dst, AT_IPv4, 4, dst_addr);
2254 /* If an IP is destined for an IP address in the Local Network Control Block
2255 * (e.g. 224.0.0.0/24), the packet should never be routed and the TTL would
2256 * be expected to be 1. (see RFC 3171) Flag a TTL greater than 1.
2258 * Flag a low TTL if the packet is not destined for a multicast address
2259 * (e.g. 224.0.0.0/4) ... and the payload isn't protocol 103 (PIM).
2260 * (see http://tools.ietf.org/html/rfc3973#section-4.7).
2262 if (is_a_local_network_control_block_addr(dst32)) {
2263 ttl = local_network_control_block_addr_valid_ttl(dst32);
2264 if (ttl != iph->ip_ttl && ttl != IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL) {
2265 expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_lncb, "\"Time To Live\" != %d for a packet sent to the "
2266 "Local Network Control Block (see RFC 3171)",
2269 } else if (!is_a_multicast_addr(dst32) && iph->ip_ttl < 5 &&
2270 (iph->ip_p != IP_PROTO_PIM)) {
2271 expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_too_small, "\"Time To Live\" only %u", iph->ip_ttl);
2275 const char *dst_host;
2278 memcpy(&addr, iph->ip_dst.data, 4);
2279 dst_host = get_hostname(addr);
2281 cur_rt = tvb_get_ipv4(tvb, offset + 16);
2282 if (ip_summary_in_tree) {
2283 proto_item_append_text(ti, ", Dst: %s (%s)", dst_host,
2284 ip_to_str((const guint8 *)iph->ip_dst.data));
2286 proto_item_append_text(ti, ", Via: %s (%s)", get_hostname(cur_rt),
2287 ip_to_str((gchar *)&cur_rt));
2291 proto_tree_add_ipv4(ip_tree, hf_ip_cur_rt, tvb, offset + 16, 4, cur_rt);
2292 item = proto_tree_add_string(ip_tree, hf_ip_cur_rt_host, tvb,
2293 offset + 16, 4, get_hostname(cur_rt));
2294 PROTO_ITEM_SET_GENERATED(item);
2295 PROTO_ITEM_SET_HIDDEN(item);
2298 proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, addr);
2299 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 16, 4,
2301 PROTO_ITEM_SET_HIDDEN(item);
2302 item = proto_tree_add_string(ip_tree, hf_ip_dst_host, tvb, offset + 16,
2304 PROTO_ITEM_SET_GENERATED(item);
2305 PROTO_ITEM_SET_HIDDEN(item);
2306 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb,
2307 offset + 16 + dst_off, 4, dst_host);
2308 PROTO_ITEM_SET_GENERATED(item);
2309 PROTO_ITEM_SET_HIDDEN(item);
2314 if (tree && ip_use_geoip) {
2315 add_geoip_info(ip_tree, tvb, offset, src32, dst32);
2319 /* Decode IP options, if any. */
2320 if (hlen > IPH_MIN_LEN) {
2321 /* There's more than just the fixed-length header. Decode the options. */
2322 optlen = hlen - IPH_MIN_LEN; /* length of options, in bytes */
2323 tf = proto_tree_add_text(ip_tree, tvb, offset + 20, optlen,
2324 "Options: (%u bytes)", optlen);
2325 field_tree = proto_item_add_subtree(tf, ett_ip_options);
2326 dissect_ip_tcp_options(tvb, offset + 20, optlen, ipopts, N_IP_OPTS,
2327 IPOPT_EOOL, &IP_OPT_TYPES, &ei_ip_opt_len_invalid, pinfo, field_tree, tf, iph);
2330 pinfo->ipproto = iph->ip_p;
2331 tap_queue_packet(ip_tap, pinfo, iph);
2333 /* Skip over header + options */
2335 nxt = iph->ip_p; /* XXX - what if this isn't the same for all fragments? */
2337 /* If ip_defragment is on, this is a fragment, we have all the data
2338 * in the fragment, and the header checksum is valid, then just add
2339 * the fragment to the hashtable.
2341 save_fragmented = pinfo->fragmented;
2342 if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
2343 tvb_bytes_exist(tvb, offset, iph->ip_len - hlen) &&
2345 ipfd_head = fragment_add_check(&ip_reassembly_table, tvb, offset,
2347 iph->ip_p ^ iph->ip_id ^ src32 ^ dst32,
2349 (iph->ip_off & IP_OFFSET) * 8,
2351 iph->ip_off & IP_MF);
2353 next_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled IPv4",
2354 ipfd_head, &ip_frag_items,
2355 &update_col_info, ip_tree);
2357 /* If this is the first fragment, dissect its contents, otherwise
2358 just show it as a fragment.
2360 XXX - if we eventually don't save the reassembled contents of all
2361 fragmented datagrams, we may want to always reassemble. */
2362 if (iph->ip_off & IP_OFFSET) {
2363 /* Not the first fragment - don't dissect it. */
2366 /* First fragment, or not fragmented. Dissect what we have here. */
2368 /* Get a tvbuff for the payload. */
2369 next_tvb = tvb_new_subset_remaining(tvb, offset);
2372 * If this is the first fragment, but not the only fragment,
2373 * tell the next protocol that.
2375 if (iph->ip_off & IP_MF)
2376 pinfo->fragmented = TRUE;
2378 pinfo->fragmented = FALSE;
2382 if (next_tvb == NULL) {
2383 /* Just show this as a fragment. */
2384 col_add_fstr(pinfo->cinfo, COL_INFO,
2385 "Fragmented IP protocol (proto=%s %u, off=%u, ID=%04x)",
2386 ipprotostr(iph->ip_p), iph->ip_p,
2387 (iph->ip_off & IP_OFFSET) * 8, iph->ip_id);
2388 if ( ipfd_head && ipfd_head->reassembled_in != pinfo->fd->num ) {
2389 col_append_fstr(pinfo->cinfo, COL_INFO, " [Reassembled in #%u]",
2390 ipfd_head->reassembled_in);
2393 call_dissector(data_handle, tvb_new_subset_remaining(tvb, offset), pinfo,
2395 pinfo->fragmented = save_fragmented;
2399 /* Hand off to the next protocol.
2401 XXX - setting the columns only after trying various dissectors means
2402 that if one of those dissectors throws an exception, the frame won't
2403 even be labeled as an IP frame; ideally, if a frame being dissected
2404 throws an exception, it'll be labeled as a mangled frame of the
2405 type in question. */
2406 if ((try_heuristic_first) && (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, iph))) {
2408 } else if (!dissector_try_uint_new(ip_dissector_table, nxt, next_tvb, pinfo,
2409 parent_tree, TRUE, iph)) {
2410 if ((!try_heuristic_first) && (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, &hdtbl_entry, iph))) {
2411 /* Unknown protocol */
2412 if (update_col_info) {
2413 col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)",
2414 ipprotostr(iph->ip_p), iph->ip_p);
2416 call_dissector(data_handle,next_tvb, pinfo, parent_tree);
2419 pinfo->fragmented = save_fragmented;
2423 dissect_ip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2425 int length, tot_length;
2426 guint8 oct, version, ihl;
2430 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2431 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2432 |Version| IHL |Type of Service| Total Length |
2433 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2436 length = tvb_length(tvb);
2438 /* Need at least 4 bytes to make some sort of decision */
2441 oct = tvb_get_guint8(tvb,0);
2445 /* TODO: Add IPv6 checks here */
2447 3. IPv6 Header Format
2450 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2451 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2452 |Version| Traffic Class | Flow Label |
2453 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2454 | Payload Length | Next Header | Hop Limit |
2455 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2463 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2467 + Destination Address +
2471 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2473 Version 4-bit Internet Protocol version number = 6.
2475 Traffic Class 8-bit traffic class field. See section 7.
2477 Flow Label 20-bit flow label. See section 6.
2479 Payload Length 16-bit unsigned integer. Length of the IPv6
2480 payload, i.e., the rest of the packet following
2481 this IPv6 header, in octets. (Note that any
2482 extension headers [section 4] present are
2483 considered part of the payload, i.e., included
2484 in the length count.)
2489 /* Need at least 8 bytes to make a decision */
2492 tot_length = tvb_get_ntohs(tvb,4);
2493 if((tot_length + 40) != (int)tvb_reported_length(tvb)){
2496 call_dissector(ipv6_handle, tvb, pinfo, tree);
2499 /* version == IPv4 , the minimum value for a correct header is 5 */
2500 if((version != 4)|| (ihl < 5)){
2503 /* Total Length is the length of the datagram, measured in octets,
2504 * including internet header and data.
2506 tot_length = tvb_get_ntohs(tvb,2);
2508 if(tot_length != (int)tvb_reported_length(tvb)){
2512 dissect_ip(tvb, pinfo, tree);
2517 proto_register_ip(void)
2519 #define ARG_TO_STR(ARG) #ARG
2520 #define FLAGS_OFFSET_WIDTH_MSG(WIDTH) \
2521 "Flags (" ARG_TO_STR(WIDTH) " bits)"
2522 #define FRAG_OFFSET_WIDTH_MSG(WIDTH) \
2523 "Fragment offset (" ARG_TO_STR(WIDTH) " bits)"
2525 static hf_register_info hf[] = {
2527 { "Version", "ip.version", FT_UINT8, BASE_DEC,
2528 NULL, 0xF0, NULL, HFILL }},
2531 { "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC,
2532 NULL, 0x0F, NULL, HFILL }},
2535 { "Differentiated Services Field", "ip.dsfield", FT_UINT8, BASE_DEC,
2536 NULL, 0x0, NULL, HFILL }},
2538 { &hf_ip_dsfield_dscp,
2539 { "Differentiated Services Codepoint", "ip.dsfield.dscp", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
2540 &dscp_vals_ext, IPDSFIELD_DSCP_MASK, NULL, HFILL }},
2542 { &hf_ip_dsfield_ecn,
2543 { "Explicit Congestion Notification", "ip.dsfield.ecn", FT_UINT8, BASE_HEX,
2544 VALS(ecn_vals), IPDSFIELD_ECN_MASK, NULL, HFILL }},
2547 { "Type of Service", "ip.tos", FT_UINT8, BASE_DEC,
2548 NULL, 0x0, NULL, HFILL }},
2550 { &hf_ip_tos_precedence,
2551 { "Precedence", "ip.tos.precedence", FT_UINT8, BASE_DEC,
2552 VALS(precedence_vals), IPTOS_PREC_MASK, NULL, HFILL }},
2555 { "Delay", "ip.tos.delay", FT_BOOLEAN, 8,
2556 TFS(&tos_set_low), IPTOS_LOWDELAY, NULL, HFILL }},
2558 { &hf_ip_tos_throughput,
2559 { "Throughput", "ip.tos.throughput", FT_BOOLEAN, 8,
2560 TFS(&tos_set_high), IPTOS_THROUGHPUT, NULL, HFILL }},
2562 { &hf_ip_tos_reliability,
2563 { "Reliability", "ip.tos.reliability", FT_BOOLEAN, 8,
2564 TFS(&tos_set_high), IPTOS_RELIABILITY, NULL, HFILL }},
2567 { "Cost", "ip.tos.cost", FT_BOOLEAN, 8,
2568 TFS(&tos_set_low), IPTOS_LOWCOST, NULL, HFILL }},
2571 { "Total Length", "ip.len", FT_UINT16, BASE_DEC,
2572 NULL, 0x0, NULL, HFILL }},
2575 { "Identification", "ip.id", FT_UINT16, BASE_HEX_DEC,
2576 NULL, 0x0, NULL, HFILL }},
2579 { "Destination", "ip.dst", FT_IPv4, BASE_NONE,
2580 NULL, 0x0, NULL, HFILL }},
2583 { "Destination Host", "ip.dst_host", FT_STRING, BASE_NONE,
2584 NULL, 0x0, NULL, HFILL }},
2587 { "Source", "ip.src", FT_IPv4, BASE_NONE,
2588 NULL, 0x0, NULL, HFILL }},
2591 { "Source Host", "ip.src_host", FT_STRING, BASE_NONE,
2592 NULL, 0x0, NULL, HFILL }},
2595 { "Source or Destination Address", "ip.addr", FT_IPv4, BASE_NONE,
2596 NULL, 0x0, NULL, HFILL }},
2599 { "Source or Destination Host", "ip.host", FT_STRING, BASE_NONE,
2600 NULL, 0x0, NULL, HFILL }},
2603 { &hf_geoip_country,
2604 { "Source or Destination GeoIP Country", "ip.geoip.country",
2605 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2607 { "Source or Destination GeoIP City", "ip.geoip.city",
2608 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2610 { "Source or Destination GeoIP Organization", "ip.geoip.org",
2611 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2613 { "Source or Destination GeoIP ISP", "ip.geoip.isp",
2614 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2616 { "Source or Destination GeoIP AS Number", "ip.geoip.asnum",
2617 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2619 { "Source or Destination GeoIP Latitude", "ip.geoip.lat",
2620 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2622 { "Source or Destination GeoIP Longitude", "ip.geoip.lon",
2623 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2624 { &hf_geoip_src_country,
2625 { "Source GeoIP Country", "ip.geoip.src_country",
2626 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2627 { &hf_geoip_src_city,
2628 { "Source GeoIP City", "ip.geoip.src_city",
2629 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2630 { &hf_geoip_src_org,
2631 { "Source GeoIP Organization", "ip.geoip.src_org",
2632 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2633 { &hf_geoip_src_isp,
2634 { "Source GeoIP ISP", "ip.geoip.src_isp",
2635 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2636 { &hf_geoip_src_asnum,
2637 { "Source GeoIP AS Number", "ip.geoip.src_asnum",
2638 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2639 { &hf_geoip_src_lat,
2640 { "Source GeoIP Latitude", "ip.geoip.src_lat",
2641 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2642 { &hf_geoip_src_lon,
2643 { "Source GeoIP Longitude", "ip.geoip.src_lon",
2644 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2645 { &hf_geoip_dst_country,
2646 { "Destination GeoIP Country", "ip.geoip.dst_country",
2647 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2648 { &hf_geoip_dst_city,
2649 { "Destination GeoIP City", "ip.geoip.dst_city",
2650 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2651 { &hf_geoip_dst_org,
2652 { "Destination GeoIP Organization", "ip.geoip.dst_org",
2653 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2654 { &hf_geoip_dst_isp,
2655 { "Destination GeoIP ISP", "ip.geoip.dst_isp",
2656 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2657 { &hf_geoip_dst_asnum,
2658 { "Destination GeoIP AS Number", "ip.geoip.dst_asnum",
2659 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2660 { &hf_geoip_dst_lat,
2661 { "Destination GeoIP Latitude", "ip.geoip.dst_lat",
2662 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2663 { &hf_geoip_dst_lon,
2664 { "Destination GeoIP Longitude", "ip.geoip.dst_lon",
2665 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2666 #endif /* HAVE_GEOIP */
2669 { "Flags", "ip.flags", FT_UINT8, BASE_HEX,
2670 NULL, 0x0, FLAGS_OFFSET_WIDTH_MSG(IP_FLAGS_WIDTH), HFILL }},
2673 { "Security flag", "ip.flags.sf", FT_BOOLEAN, BASE_NONE,
2674 TFS(&flags_sf_set_evil), 0x0, "Security flag (RFC 3514)", HFILL }},
2677 { "Reserved bit", "ip.flags.rb", FT_BOOLEAN, BASE_NONE,
2678 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2681 { "Don't fragment", "ip.flags.df", FT_BOOLEAN, BASE_NONE,
2682 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2685 { "More fragments", "ip.flags.mf", FT_BOOLEAN, BASE_NONE,
2686 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2688 { &hf_ip_frag_offset,
2689 { "Fragment offset", "ip.frag_offset", FT_UINT16, BASE_DEC,
2690 NULL, 0x0, FRAG_OFFSET_WIDTH_MSG(IP_OFFSET_WIDTH), HFILL }},
2693 { "Time to live", "ip.ttl", FT_UINT8, BASE_DEC,
2694 NULL, 0x0, NULL, HFILL }},
2697 { "Protocol", "ip.proto", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2698 &ipproto_val_ext, 0x0, NULL, HFILL }},
2701 { "Header checksum", "ip.checksum", FT_UINT16, BASE_HEX,
2702 NULL, 0x0, NULL, HFILL }},
2704 { &hf_ip_checksum_calculated,
2705 { "Calculated Checksum", "ip.checksum_calculated", FT_UINT16, BASE_HEX, NULL, 0x0,
2706 "The expected IP checksum field as calculated from the IP datagram", HFILL }},
2708 { &hf_ip_checksum_good,
2709 { "Good", "ip.checksum_good", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2710 "True: checksum matches packet content; False: doesn't match content or not checked", HFILL }},
2712 { &hf_ip_checksum_bad,
2713 { "Bad", "ip.checksum_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2714 "True: checksum doesn't match packet content; False: matches content or not checked", HFILL }},
2716 /* IP options related fields */
2718 { "Type", "ip.opt.type", FT_UINT8, BASE_DEC,
2719 NULL, 0x0, NULL, HFILL }},
2721 { &hf_ip_opt_type_copy,
2722 { "Copy on fragmentation", "ip.opt.type.copy", FT_BOOLEAN, 8,
2723 TFS(&tfs_yes_no), IPOPT_COPY_MASK, NULL, HFILL }},
2725 { &hf_ip_opt_type_class,
2726 { "Class", "ip.opt.type.class", FT_UINT8, BASE_DEC,
2727 VALS(ipopt_type_class_vals), IPOPT_CLASS_MASK, NULL, HFILL }},
2729 { &hf_ip_opt_type_number,
2730 { "Number", "ip.opt.type.number", FT_UINT8, BASE_DEC,
2731 VALS(ipopt_type_number_vals), IPOPT_NUMBER_MASK, NULL, HFILL }},
2734 { "Length", "ip.opt.len", FT_UINT8, BASE_DEC,
2735 NULL, 0x0, NULL, HFILL }},
2738 { "Pointer", "ip.opt.ptr", FT_UINT8, BASE_DEC,
2739 NULL, 0x0, NULL, HFILL }},
2742 { "Stream Identifier", "ip.opt.sid", FT_UINT16, BASE_DEC,
2743 NULL, 0x0, "SATNET stream identifier", HFILL }},
2746 { "MTU", "ip.opt.mtu", FT_UINT16, BASE_DEC,
2747 NULL, 0x0, NULL, HFILL }},
2749 { &hf_ip_opt_id_number,
2750 { "ID Number", "ip.opt.id_number", FT_UINT16, BASE_DEC,
2751 NULL, 0x0, NULL, HFILL }},
2754 { "Outbound Hop Count", "ip.opt.ohc", FT_UINT16, BASE_DEC,
2755 NULL, 0x0, NULL, HFILL }},
2758 { "Return Hop Count", "ip.opt.rhc", FT_UINT16, BASE_DEC,
2759 NULL, 0x0, NULL, HFILL }},
2761 { &hf_ip_opt_originator,
2762 { "Originator IP Address", "ip.opt.originator", FT_IPv4, BASE_NONE,
2763 NULL, 0x0, NULL, HFILL }},
2766 { "Router Alert", "ip.opt.ra", FT_UINT16, BASE_DEC | BASE_RANGE_STRING,
2767 RVALS(ra_rvals), 0x0, NULL, HFILL }},
2770 { "IP Address", "ip.opt.addr", FT_IPv4, BASE_NONE,
2771 NULL, 0x0, NULL, HFILL }},
2773 { &hf_ip_opt_padding,
2774 { "Padding", "ip.opt.padding", FT_BYTES, BASE_NONE,
2775 NULL, 0x0, NULL, HFILL }},
2777 { &hf_ip_opt_qs_func,
2778 { "Function", "ip.opt.qs_func", FT_UINT8, BASE_DEC,
2779 VALS(qs_func_vals), QS_FUNC_MASK, NULL, HFILL }},
2781 { &hf_ip_opt_qs_rate,
2782 { "Rate", "ip.opt.qs_rate", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2783 &qs_rate_vals_ext, QS_RATE_MASK, NULL, HFILL }},
2785 { &hf_ip_opt_qs_ttl,
2786 { "QS TTL", "ip.opt.qs_ttl", FT_UINT8, BASE_DEC,
2787 NULL, 0x0, NULL, HFILL }},
2789 { &hf_ip_opt_qs_ttl_diff,
2790 { "TTL Diff", "ip.opt.qs_ttl_diff", FT_UINT8, BASE_DEC,
2791 NULL, 0x0, NULL, HFILL }},
2793 { &hf_ip_opt_qs_unused,
2794 { "Not Used", "ip.opt.qs_unused", FT_UINT8, BASE_DEC,
2795 NULL, 0x0, NULL, HFILL }},
2797 { &hf_ip_opt_qs_nonce,
2798 { "QS Nonce", "ip.opt.qs_nonce", FT_UINT32, BASE_HEX,
2799 NULL, 0xFFFFFFFC, NULL, HFILL }},
2801 { &hf_ip_opt_qs_reserved,
2802 { "Reserved", "ip.opt.qs_reserved", FT_UINT32, BASE_HEX,
2803 NULL, 0x00000003, NULL, HFILL }},
2805 { &hf_ip_opt_sec_rfc791_sec,
2806 { "Security", "ip.opt.sec_rfc791_sec", FT_UINT8, BASE_HEX,
2807 VALS(secl_rfc791_vals), 0x0, NULL, HFILL }},
2809 { &hf_ip_opt_sec_rfc791_comp,
2810 { "Compartments", "ip.opt.sec_rfc791_comp", FT_UINT16, BASE_DEC,
2811 NULL, 0x0, NULL, HFILL }},
2813 { &hf_ip_opt_sec_rfc791_hr,
2814 { "Handling Restrictions", "ip.opt.sec_rfc791_hr", FT_STRING, BASE_NONE,
2815 NULL, 0x0, NULL, HFILL }},
2817 { &hf_ip_opt_sec_rfc791_tcc,
2818 { "Transmission Control Code", "ip.opt.sec_rfc791_tcc", FT_STRING, BASE_NONE,
2819 NULL, 0x0, NULL, HFILL }},
2821 { &hf_ip_opt_sec_cl,
2822 { "Classification Level", "ip.opt.sec_cl", FT_UINT8, BASE_HEX,
2823 VALS(sec_cl_vals), 0x0, NULL, HFILL }},
2825 { &hf_ip_opt_sec_prot_auth_flags,
2826 { "Protection Authority Flags", "ip.opt.sec_prot_auth_flags", FT_UINT8, BASE_HEX,
2827 NULL, 0x0, NULL, HFILL }},
2829 { &hf_ip_opt_sec_prot_auth_genser,
2830 { "GENSER", "ip.opt.sec_prot_auth_genser", FT_BOOLEAN, 8,
2831 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x80, NULL, HFILL }},
2833 { &hf_ip_opt_sec_prot_auth_siop_esi,
2834 { "SIOP-ESI", "ip.opt.sec_prot_auth_siop_esi", FT_BOOLEAN, 8,
2835 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x40, NULL, HFILL }},
2837 { &hf_ip_opt_sec_prot_auth_sci,
2838 { "SCI", "ip.opt.sec_prot_auth_sci", FT_BOOLEAN, 8,
2839 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x20, NULL, HFILL }},
2841 { &hf_ip_opt_sec_prot_auth_nsa,
2842 { "NSA", "ip.opt.sec_prot_auth_nsa", FT_BOOLEAN, 8,
2843 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x10, NULL, HFILL }},
2845 { &hf_ip_opt_sec_prot_auth_doe,
2846 { "DOE", "ip.opt.sec_prot_auth_doe", FT_BOOLEAN, 8,
2847 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x08, NULL, HFILL }},
2849 { &hf_ip_opt_sec_prot_auth_unassigned,
2850 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2851 NULL, 0x06, NULL, HFILL }},
2853 { &hf_ip_opt_sec_prot_auth_unassigned2,
2854 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2855 NULL, 0xFE, NULL, HFILL }},
2857 { &hf_ip_opt_sec_prot_auth_fti,
2858 { "Field Termination Indicator", "ip.opt.sec_prot_auth_fti", FT_BOOLEAN, 8,
2859 TFS(&ip_opt_sec_prot_auth_fti_tfs), 0x01, NULL, HFILL }},
2861 { &hf_ip_opt_ext_sec_add_sec_info_format_code,
2862 { "Additional Security Info Format Code", "ip.opt.ext_sec_add_sec_info_format_code", FT_UINT8, BASE_HEX,
2863 NULL, 0x0, NULL, HFILL }},
2865 { &hf_ip_opt_ext_sec_add_sec_info,
2866 { "Additional Security Info", "ip.opt.ext_sec_add_sec_info", FT_BYTES, BASE_NONE,
2867 NULL, 0x0, NULL, HFILL }},
2870 { "Recorded Route", "ip.rec_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2873 { &hf_ip_rec_rt_host,
2874 { "Recorded Route Host", "ip.rec_rt_host", FT_STRING, BASE_NONE,
2875 NULL, 0x0, NULL, HFILL }},
2878 { "Current Route", "ip.cur_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2881 { &hf_ip_cur_rt_host,
2882 { "Current Route Host", "ip.cur_rt_host", FT_STRING, BASE_NONE,
2883 NULL, 0x0, NULL, HFILL }},
2886 { "Source Route", "ip.src_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2889 { &hf_ip_src_rt_host,
2890 { "Source Route Host", "ip.src_rt_host", FT_STRING, BASE_NONE,
2891 NULL, 0x0, NULL, HFILL }},
2894 { "Empty Route", "ip.empty_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2897 { &hf_ip_empty_rt_host,
2898 { "Empty Route Host", "ip.empty_rt_host", FT_STRING, BASE_NONE,
2899 NULL, 0x0, NULL, HFILL }},
2901 { &hf_ip_fragment_overlap,
2902 { "Fragment overlap", "ip.fragment.overlap", FT_BOOLEAN, BASE_NONE,
2903 NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
2905 { &hf_ip_fragment_overlap_conflict,
2906 { "Conflicting data in fragment overlap", "ip.fragment.overlap.conflict",
2907 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2908 "Overlapping fragments contained conflicting data", HFILL }},
2910 { &hf_ip_fragment_multiple_tails,
2911 { "Multiple tail fragments found", "ip.fragment.multipletails",
2912 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2913 "Several tails were found when defragmenting the packet", HFILL }},
2915 { &hf_ip_fragment_too_long_fragment,
2916 { "Fragment too long", "ip.fragment.toolongfragment",
2917 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2918 "Fragment contained data past end of packet", HFILL }},
2920 { &hf_ip_fragment_error,
2921 { "Defragmentation error", "ip.fragment.error", FT_FRAMENUM, BASE_NONE,
2922 NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
2924 { &hf_ip_fragment_count,
2925 { "Fragment count", "ip.fragment.count", FT_UINT32, BASE_DEC,
2926 NULL, 0x0, NULL, HFILL }},
2929 { "IPv4 Fragment", "ip.fragment", FT_FRAMENUM, BASE_NONE,
2930 NULL, 0x0, NULL, HFILL }},
2933 { "IPv4 Fragments", "ip.fragments", FT_BYTES, BASE_NONE,
2934 NULL, 0x0, NULL, HFILL }},
2936 { &hf_ip_reassembled_in,
2937 { "Reassembled IPv4 in frame", "ip.reassembled_in", FT_FRAMENUM, BASE_NONE,
2938 NULL, 0x0, "This IPv4 packet is reassembled in this frame", HFILL }},
2940 { &hf_ip_reassembled_length,
2941 { "Reassembled IPv4 length", "ip.reassembled.length", FT_UINT32, BASE_DEC,
2942 NULL, 0x0, "The total length of the reassembled payload", HFILL }},
2944 { &hf_ip_reassembled_data,
2945 { "Reassembled IPv4 data", "ip.reassembled.data", FT_BYTES, BASE_NONE,
2946 NULL, 0x0, "The reassembled payload", HFILL }}
2949 static gint *ett[] = {
2955 &ett_ip_option_eool,
2958 &ett_ip_option_route,
2959 &ett_ip_option_timestamp,
2960 &ett_ip_option_ext_security,
2961 &ett_ip_option_cipso,
2968 &ett_ip_option_other,
2973 &ett_ip_opt_sec_prot_auth_flags,
2978 static ei_register_info ei[] = {
2979 { &ei_ip_opt_len_invalid, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Invalid length for option", EXPFILL }},
2980 { &ei_ip_opt_sec_prot_auth_fti, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Field Termination Indicator set to 1 for last byte of option", EXPFILL }},
2981 { &ei_ip_extraneous_data, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Extraneous data in option", EXPFILL }},
2982 { &ei_ip_opt_ptr_before_address, { "ip.opt.ptr.before_address", PI_PROTOCOL, PI_WARN, "Pointer points before first address", EXPFILL }},
2983 { &ei_ip_opt_ptr_middle_address, { "ip.opt.ptr.middle_address", PI_PROTOCOL, PI_WARN, "Pointer points to middle of address", EXPFILL }},
2984 { &ei_ip_subopt_too_long, { "ip.subopt_too_long", PI_PROTOCOL, PI_WARN, "Suboption would go past end of option", EXPFILL }},
2985 { &ei_ip_nop, { "ip.nop", PI_PROTOCOL, PI_WARN, "4 NOP in a row - a router may have removed some options", EXPFILL }},
2986 { &ei_ip_bogus_ip_length, { "ip.bogus_ip_length", PI_PROTOCOL, PI_ERROR, "Bogus IP length", EXPFILL }},
2987 { &ei_ip_evil_packet, { "ip.evil_packet", PI_PROTOCOL, PI_WARN, "Suboption would go past end of option", EXPFILL }},
2988 { &ei_ip_checksum_bad, { "ip.checksum_bad.expert", PI_CHECKSUM, PI_ERROR, "Bad checksum", EXPFILL }},
2989 { &ei_ip_ttl_lncb, { "ip.ttl.lncb", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
2990 { &ei_ip_ttl_too_small, { "ip.ttl.too_small", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
2993 /* Decode As handling */
2994 static build_valid_func ip_da_build_value[1] = {ip_value};
2995 static decode_as_value_t ip_da_values = {ip_prompt, 1, ip_da_build_value};
2996 static decode_as_t ip_da = {"ip", "Network", "ip.proto", 1, 0, &ip_da_values, NULL, NULL,
2997 decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL};
2999 module_t *ip_module;
3000 expert_module_t* expert_ip;
3002 proto_ip = proto_register_protocol("Internet Protocol Version 4", "IPv4", "ip");
3003 proto_register_field_array(proto_ip, hf, array_length(hf));
3004 proto_register_subtree_array(ett, array_length(ett));
3005 expert_ip = expert_register_protocol(proto_ip);
3006 expert_register_field_array(expert_ip, ei, array_length(ei));
3008 /* subdissector code */
3009 ip_dissector_table = register_dissector_table("ip.proto", "IP protocol",
3010 FT_UINT8, BASE_DEC);
3011 register_heur_dissector_list("ip", &heur_subdissector_list);
3013 /* Register configuration options */
3014 ip_module = prefs_register_protocol(proto_ip, NULL);
3015 prefs_register_bool_preference(ip_module, "decode_tos_as_diffserv",
3016 "Decode IPv4 TOS field as DiffServ field",
3017 "Whether the IPv4 type-of-service field should be decoded as a "
3018 "Differentiated Services field (see RFC2474/RFC2475)", &g_ip_dscp_actif);
3019 prefs_register_bool_preference(ip_module, "defragment",
3020 "Reassemble fragmented IPv4 datagrams",
3021 "Whether fragmented IPv4 datagrams should be reassembled", &ip_defragment);
3022 prefs_register_bool_preference(ip_module, "summary_in_tree",
3023 "Show IPv4 summary in protocol tree",
3024 "Whether the IPv4 summary line should be shown in the protocol tree",
3025 &ip_summary_in_tree);
3026 prefs_register_bool_preference(ip_module, "check_checksum",
3027 "Validate the IPv4 checksum if possible",
3028 "Whether to validate the IPv4 checksum", &ip_check_checksum);
3029 prefs_register_bool_preference(ip_module, "tso_support",
3030 "Support packet-capture from IP TSO-enabled hardware",
3031 "Whether to correct for TSO-enabled (TCP segmentation offload) hardware "
3032 "captures, such as spoofing the IP packet length", &ip_tso_supported);
3034 prefs_register_bool_preference(ip_module, "use_geoip",
3035 "Enable GeoIP lookups",
3036 "Whether to look up IP addresses in each GeoIP database we have loaded",
3038 #endif /* HAVE_GEOIP */
3039 prefs_register_bool_preference(ip_module, "security_flag" ,
3040 "Interpret Reserved flag as Security flag (RFC 3514)",
3041 "Whether to interpret the originally reserved flag as security flag",
3043 prefs_register_bool_preference(ip_module, "try_heuristic_first",
3044 "Try heuristic sub-dissectors first",
3045 "Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port",
3046 &try_heuristic_first);
3048 register_dissector("ip", dissect_ip, proto_ip);
3049 register_init_routine(ip_defragment_init);
3050 ip_tap = register_tap("ip");
3052 register_decode_as(&ip_da);
3056 proto_reg_handoff_ip(void)
3058 dissector_handle_t ip_handle;
3060 ip_handle = find_dissector("ip");
3061 ipv6_handle = find_dissector("ipv6");
3062 data_handle = find_dissector("data");
3064 dissector_add_uint("ethertype", ETHERTYPE_IP, ip_handle);
3065 dissector_add_uint("ppp.protocol", PPP_IP, ip_handle);
3066 dissector_add_uint("ppp.protocol", ETHERTYPE_IP, ip_handle);
3067 dissector_add_uint("gre.proto", ETHERTYPE_IP, ip_handle);
3068 dissector_add_uint("gre.proto", GRE_WCCP, ip_handle);
3069 dissector_add_uint("llc.dsap", SAP_IP, ip_handle);
3070 dissector_add_uint("ip.proto", IP_PROTO_IPIP, ip_handle);
3071 dissector_add_uint("null.type", BSD_AF_INET, ip_handle);
3072 dissector_add_uint("chdlc.protocol", ETHERTYPE_IP, ip_handle);
3073 dissector_add_uint("osinl.excl", NLPID_IP, ip_handle);
3074 dissector_add_uint("fr.nlpid", NLPID_IP, ip_handle);
3075 dissector_add_uint("x.25.spi", NLPID_IP, ip_handle);
3076 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1051, ip_handle);
3077 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1201, ip_handle);
3078 dissector_add_uint("ax25.pid", AX25_P_IP, ip_handle);
3079 dissector_add_handle("udp.port", ip_handle);
3081 heur_dissector_add("tipc", dissect_ip_heur, proto_ip);
3085 * Editor modelines - http://www.wireshark.org/tools/modelines.html
3090 * indent-tabs-mode: nil
3093 * vi: set shiftwidth=2 tabstop=8 expandtab:
3094 * :indentSize=2:tabSize=8:noTabs=true: