2 * Routines for EtherNet/IP (Industrial Protocol) dissection
3 * EtherNet/IP Home: www.odva.org
6 * Magnus Hansson <mah@hms.se>
7 * Joakim Wiberg <jow@hms.se>
9 * Conversation data support for CIP
10 * Jan Bartels, Siempelkamp Maschinen- und Anlagenbau GmbH & Co. KG
13 * Ethernet/IP object support
17 * Wireshark - Network traffic analyzer
18 * By Gerald Combs <gerald@wireshark.org>
19 * Copyright 1998 Gerald Combs
21 * This program is free software; you can redistribute it and/or
22 * modify it under the terms of the GNU General Public License
23 * as published by the Free Software Foundation; either version 2
24 * of the License, or (at your option) any later version.
26 * This program is distributed in the hope that it will be useful,
27 * but WITHOUT ANY WARRANTY; without even the implied warranty of
28 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29 * GNU General Public License for more details.
31 * You should have received a copy of the GNU General Public License
32 * along with this program; if not, write to the Free Software
33 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
38 #include <epan/packet.h>
39 #include <epan/dissector_filters.h>
40 #include <epan/prefs.h>
41 #include <epan/etypes.h>
42 #include <epan/expert.h>
43 #include <epan/decode_as.h>
44 #include "packet-tcp.h"
45 #include "packet-cip.h"
46 #include "packet-enip.h"
47 #include "packet-cipsafety.h"
49 void proto_register_enip(void);
50 void proto_reg_handoff_enip(void);
52 /* Communication Ports */
53 #define ENIP_ENCAP_PORT 44818 /* EtherNet/IP located on port 44818 */
54 #define ENIP_IO_PORT 2222 /* EtherNet/IP IO located on port 2222 */
56 /* EtherNet/IP function codes */
58 #define LIST_SERVICES 0x0004
59 #define LIST_IDENTITY 0x0063
60 #define LIST_INTERFACES 0x0064
61 #define REGISTER_SESSION 0x0065
62 #define UNREGISTER_SESSION 0x0066
63 #define SEND_RR_DATA 0x006F
64 #define SEND_UNIT_DATA 0x0070
65 #define INDICATE_STATUS 0x0072
68 /* EtherNet/IP status codes */
69 #define SUCCESS 0x0000
70 #define INVALID_CMD 0x0001
71 #define NO_RESOURCES 0x0002
72 #define INCORRECT_DATA 0x0003
73 #define INVALID_SESSION 0x0064
74 #define INVALID_LENGTH 0x0065
75 #define UNSUPPORTED_PROT_REV 0x0069
77 /* EtherNet/IP Common Data Format Type IDs */
78 #define CDF_NULL 0x0000
79 #define LIST_IDENTITY_RESP 0x000C
80 #define CONNECTION_BASED 0x00A1
81 #define CONNECTION_TRANSPORT 0x00B1
82 #define UNCONNECTED_MSG 0x00B2
83 #define LIST_SERVICES_RESP 0x0100
84 #define SOCK_ADR_INFO_OT 0x8000
85 #define SOCK_ADR_INFO_TO 0x8001
86 #define SEQ_ADDRESS 0x8002
88 /* Decoded I/O traffic enumeration */
90 #define ENIP_IO_SAFETY 1
91 #define ENIP_IO_MOTION 2
93 /* Initialize the protocol and registered fields */
94 static int proto_enip = -1;
95 static int proto_cipsafety = -1;
97 static int hf_enip_command = -1;
98 static int hf_enip_length = -1;
99 static int hf_enip_options = -1;
100 static int hf_enip_sendercontex = -1;
101 static int hf_enip_listid_delay = -1;
102 static int hf_enip_status = -1;
103 static int hf_enip_session = -1;
104 static int hf_enip_encapver = -1;
105 static int hf_enip_sinfamily = -1;
106 static int hf_enip_sinport = -1;
107 static int hf_enip_sinaddr = -1;
108 static int hf_enip_sinzero = -1;
109 static int hf_enip_timeout = -1;
110 static int hf_enip_encap_data = -1;
112 static int hf_enip_lir_vendor = -1;
113 static int hf_enip_lir_devtype = -1;
114 static int hf_enip_lir_prodcode = -1;
115 static int hf_enip_lir_revision = -1;
116 static int hf_enip_lir_status = -1;
117 static int hf_enip_lir_serial = -1;
118 static int hf_enip_lir_namelen = -1;
119 static int hf_enip_lir_name = -1;
120 static int hf_enip_lir_state = -1;
122 static int hf_enip_lsr_capaflags = -1;
123 static int hf_enip_lsr_tcp = -1;
124 static int hf_enip_lsr_udp = -1;
125 static int hf_enip_lsr_servicename = -1;
127 static int hf_enip_rs_version = -1;
128 static int hf_enip_rs_optionflags = -1;
130 static int hf_enip_srrd_ifacehnd = -1;
132 static int hf_enip_sud_ifacehnd = -1;
134 static int hf_enip_cpf_itemcount = -1;
135 static int hf_enip_cpf_typeid = -1;
136 static int hf_enip_cpf_length = -1;
137 static int hf_enip_cpf_cdi_seqcnt = -1;
138 static int hf_enip_cpf_cdi_32bitheader = -1;
139 static int hf_enip_cpf_cdi_32bitheader_roo = -1;
140 static int hf_enip_cpf_cdi_32bitheader_coo = -1;
141 static int hf_enip_cpf_cdi_32bitheader_run_idle = -1;
142 static int hf_enip_cpf_cai_connid = -1;
143 static int hf_enip_cpf_sai_connid = -1;
144 static int hf_enip_cpf_sai_seqnum = -1;
146 static int hf_enip_cpf_data = -1;
148 static int hf_enip_response_in = -1;
149 static int hf_enip_response_to = -1;
150 static int hf_enip_time = -1;
151 static int hf_enip_connection_transport_data = -1;
153 /* Parsed Attributes */
154 static int hf_tcpip_status = -1;
155 static int hf_tcpip_status_interface_config = -1;
156 static int hf_tcpip_status_mcast_pending = -1;
157 static int hf_tcpip_status_interface_config_pending = -1;
158 static int hf_tcpip_status_acd = -1;
159 static int hf_tcpip_status_reserved = -1;
160 static int hf_tcpip_config_cap = -1;
161 static int hf_tcpip_config_cap_bootp = -1;
162 static int hf_tcpip_config_cap_dns = -1;
163 static int hf_tcpip_config_cap_dhcp = -1;
164 static int hf_tcpip_config_cap_dhcp_dns_update = -1;
165 static int hf_tcpip_config_cap_config_settable = -1;
166 static int hf_tcpip_config_cap_hardware_config = -1;
167 static int hf_tcpip_config_cap_interface_reset = -1;
168 static int hf_tcpip_config_cap_acd = -1;
169 static int hf_tcpip_config_cap_reserved = -1;
170 static int hf_tcpip_config_control = -1;
171 static int hf_tcpip_config_control_config = -1;
172 static int hf_tcpip_config_control_dns = -1;
173 static int hf_tcpip_config_control_reserved = -1;
174 static int hf_tcpip_physical_link_size = -1;
175 static int hf_tcpip_ic_ip_addr = -1;
176 static int hf_tcpip_ic_subnet_mask = -1;
177 static int hf_tcpip_ic_gateway = -1;
178 static int hf_tcpip_ic_name_server = -1;
179 static int hf_tcpip_ic_name_server2 = -1;
180 static int hf_tcpip_ic_domain_name = -1;
181 static int hf_tcpip_hostname = -1;
182 static int hf_tcpip_ttl_value = -1;
183 static int hf_tcpip_mcast_alloc = -1;
184 static int hf_tcpip_mcast_reserved = -1;
185 static int hf_tcpip_mcast_num_mcast = -1;
186 static int hf_tcpip_mcast_addr_start = -1;
187 static int hf_tcpip_lcd_acd_activity = -1;
188 static int hf_tcpip_lcd_remote_mac = -1;
189 static int hf_tcpip_lcd_arp_pdu = -1;
190 static int hf_tcpip_select_acd = -1;
191 static int hf_tcpip_quick_connect = -1;
193 static int hf_elink_interface_flags = -1;
194 static int hf_elink_iflags_link_status = -1;
195 static int hf_elink_iflags_duplex = -1;
196 static int hf_elink_iflags_neg_status = -1;
197 static int hf_elink_iflags_manual_reset = -1;
198 static int hf_elink_iflags_local_hw_fault = -1;
199 static int hf_elink_iflags_reserved = -1;
200 static int hf_elink_interface_speed = -1;
201 static int hf_elink_physical_address = -1;
202 static int hf_elink_icount_in_octets = -1;
203 static int hf_elink_icount_in_ucast = -1;
204 static int hf_elink_icount_in_nucast = -1;
205 static int hf_elink_icount_in_discards = -1;
206 static int hf_elink_icount_in_errors = -1;
207 static int hf_elink_icount_in_unknown_protos = -1;
208 static int hf_elink_icount_out_octets = -1;
209 static int hf_elink_icount_out_ucast = -1;
210 static int hf_elink_icount_out_nucast = -1;
211 static int hf_elink_icount_out_discards = -1;
212 static int hf_elink_icount_out_errors = -1;
213 static int hf_elink_mcount_alignment_errors = -1;
214 static int hf_elink_mcount_fcs_errors = -1;
215 static int hf_elink_mcount_single_collisions = -1;
216 static int hf_elink_mcount_multiple_collisions = -1;
217 static int hf_elink_mcount_sqe_test_errors = -1;
218 static int hf_elink_mcount_deferred_transmission = -1;
219 static int hf_elink_mcount_late_collisions = -1;
220 static int hf_elink_mcount_excessive_collisions = -1;
221 static int hf_elink_mcount_mac_transmit_errors = -1;
222 static int hf_elink_mcount_carrier_sense_errors = -1;
223 static int hf_elink_mcount_frame_too_long = -1;
224 static int hf_elink_mcount_mac_receive_errors = -1;
225 static int hf_elink_icontrol_control_bits = -1;
226 static int hf_elink_icontrol_control_bits_auto_neg = -1;
227 static int hf_elink_icontrol_control_bits_forced_duplex = -1;
228 static int hf_elink_icontrol_control_bits_reserved = -1;
229 static int hf_elink_icontrol_forced_speed = -1;
230 static int hf_elink_interface_type = -1;
231 static int hf_elink_interface_state = -1;
232 static int hf_elink_admin_state = -1;
233 static int hf_elink_interface_label = -1;
235 static int hf_qos_8021q_enable = -1;
236 static int hf_qos_dscp_ptp_event = -1;
237 static int hf_qos_dscp_ptp_general = -1;
238 static int hf_qos_dscp_urgent = -1;
239 static int hf_qos_dscp_scheduled = -1;
240 static int hf_qos_dscp_high = -1;
241 static int hf_qos_dscp_low = -1;
242 static int hf_qos_dscp_explicit = -1;
244 static int hf_dlr_network_topology = -1;
245 static int hf_dlr_network_status = -1;
246 static int hf_dlr_ring_supervisor_status = -1;
247 static int hf_dlr_rsc_ring_supervisor_enable = -1;
248 static int hf_dlr_rsc_ring_supervisor_precedence = -1;
249 static int hf_dlr_rsc_beacon_interval = -1;
250 static int hf_dlr_rsc_beacon_timeout = -1;
251 static int hf_dlr_rsc_dlr_vlan_id = -1;
252 static int hf_dlr_ring_faults_count = -1;
253 static int hf_dlr_lanp1_dev_ip_addr = -1;
254 static int hf_dlr_lanp1_dev_physical_address = -1;
255 static int hf_dlr_lanp2_dev_ip_addr = -1;
256 static int hf_dlr_lanp2_dev_physical_address = -1;
257 static int hf_dlr_ring_protocol_participants_count = -1;
258 static int hf_dlr_rppl_dev_ip_addr = -1;
259 static int hf_dlr_rppl_dev_physical_address = -1;
260 static int hf_dlr_asa_supervisor_ip_addr = -1;
261 static int hf_dlr_asa_supervisor_physical_address = -1;
262 static int hf_dlr_active_supervisor_precedence = -1;
263 static int hf_dlr_capability_flags = -1;
264 static int hf_dlr_capflags_announce_base_node = -1;
265 static int hf_dlr_capflags_beacon_base_node = -1;
266 static int hf_dlr_capflags_reserved1 = -1;
267 static int hf_dlr_capflags_supervisor_capable = -1;
268 static int hf_dlr_capflags_reserved2 = -1;
269 static int hf_dlr_capflags_redundant_gateway_capable = -1;
270 static int hf_dlr_capflags_flush_frame_capable = -1;
271 static int hf_dlr_rgc_red_gateway_enable = -1;
272 static int hf_dlr_rgc_gateway_precedence = -1;
273 static int hf_dlr_rgc_advertise_interval = -1;
274 static int hf_dlr_rgc_advertise_timeout = -1;
275 static int hf_dlr_rgc_learning_update_enable = -1;
276 static int hf_dlr_redundant_gateway_status = -1;
277 static int hf_dlr_aga_ip_addr = -1;
278 static int hf_dlr_aga_physical_address = -1;
279 static int hf_dlr_active_gateway_precedence = -1;
281 /* Initialize the subtree pointers */
282 static gint ett_enip = -1;
283 static gint ett_path = -1;
284 static gint ett_count_tree = -1;
285 static gint ett_type_tree = -1;
286 static gint ett_command_tree = -1;
287 static gint ett_sockadd = -1;
288 static gint ett_32bitheader_tree = -1;
289 static gint ett_lsrcf = -1;
290 static gint ett_tcpip_status = -1;
291 static gint ett_tcpip_config_cap = -1;
292 static gint ett_tcpip_config_control = -1;
293 static gint ett_elink_interface_flags = -1;
294 static gint ett_elink_icontrol_bits = -1;
295 static gint ett_dlr_capability_flags = -1;
296 static gint ett_dlr_lnknbrstatus_flags = -1;
298 static expert_field ei_mal_tcpip_status = EI_INIT;
299 static expert_field ei_mal_tcpip_config_cap = EI_INIT;
300 static expert_field ei_mal_tcpip_config_control = EI_INIT;
301 static expert_field ei_mal_tcpip_physical_link_size = EI_INIT;
302 static expert_field ei_mal_tcpip_interface_config = EI_INIT;
303 static expert_field ei_mal_tcpip_mcast_config = EI_INIT;
304 static expert_field ei_mal_tcpip_last_conflict = EI_INIT;
305 static expert_field ei_mal_elink_interface_flags = EI_INIT;
306 static expert_field ei_mal_elink_interface_counters = EI_INIT;
307 static expert_field ei_mal_elink_media_counters = EI_INIT;
308 static expert_field ei_mal_elink_interface_control = EI_INIT;
309 static expert_field ei_mal_dlr_ring_supervisor_config = EI_INIT;
310 static expert_field ei_mal_dlr_last_active_node_on_port_1 = EI_INIT;
311 static expert_field ei_mal_dlr_last_active_node_on_port_2 = EI_INIT;
312 static expert_field ei_mal_dlr_ring_protocol_participants_list = EI_INIT;
313 static expert_field ei_mal_dlr_active_supervisor_address = EI_INIT;
314 static expert_field ei_mal_dlr_capability_flags = EI_INIT;
315 static expert_field ei_mal_dlr_redundant_gateway_config = EI_INIT;
316 static expert_field ei_mal_dlr_active_gateway_address = EI_INIT;
318 static dissector_table_t subdissector_srrd_table;
319 static dissector_table_t subdissector_sud_table;
320 static dissector_table_t subdissector_io_table;
322 static dissector_handle_t data_handle;
323 static dissector_handle_t arp_handle;
324 static dissector_handle_t cipsafety_handle;
325 static dissector_handle_t cipmotion_handle;
327 static gboolean enip_desegment = TRUE;
328 static gboolean enip_OTrun_idle = TRUE;
329 static gboolean enip_TOrun_idle = FALSE;
331 static int proto_dlr = -1;
333 static int hf_dlr_ringsubtype = -1;
334 static int hf_dlr_ringprotoversion = -1;
335 static int hf_dlr_frametype = -1;
336 static int hf_dlr_sourceport = -1;
337 static int hf_dlr_sourceip = -1;
338 static int hf_dlr_sequenceid = -1;
340 static int hf_dlr_ringstate = -1;
341 static int hf_dlr_supervisorprecedence = -1;
342 static int hf_dlr_beaconinterval = -1;
343 static int hf_dlr_beacontimeout = -1;
344 static int hf_dlr_beaconreserved = -1;
346 static int hf_dlr_nreqreserved = -1;
348 static int hf_dlr_nressourceport = -1;
349 static int hf_dlr_nresreserved = -1;
351 static int hf_dlr_lnknbrstatus = -1;
352 static int hf_dlr_lnknbrstatus_port1 = -1;
353 static int hf_dlr_lnknbrstatus_port2 = -1;
354 static int hf_dlr_lnknbrstatus_reserved = -1;
355 static int hf_dlr_lnknbrstatus_frame_type = -1;
356 static int hf_dlr_lnknbrreserved = -1;
358 static int hf_dlr_lfreserved = -1;
360 static int hf_dlr_anreserved = -1;
362 static int hf_dlr_sonumnodes = -1;
363 static int hf_dlr_somac = -1;
364 static int hf_dlr_soip = -1;
365 static int hf_dlr_soreserved = -1;
367 static int hf_dlr_advgatewaystate = -1;
368 static int hf_dlr_advgatewayprecedence = -1;
369 static int hf_dlr_advadvertiseinterval = -1;
370 static int hf_dlr_advadvertisetimeout = -1;
371 static int hf_dlr_advlearningupdateenable = -1;
372 static int hf_dlr_advreserved = -1;
374 static int hf_dlr_flushlearningupdateenable = -1;
375 static int hf_dlr_flushreserved = -1;
377 static int hf_dlr_learnreserved = -1;
379 static gint ett_dlr = -1;
381 /* Translate function to string - Encapsulation commands */
382 static const value_string encap_cmd_vals[] = {
384 { LIST_SERVICES, "List Services" },
385 { LIST_IDENTITY, "List Identity" },
386 { LIST_INTERFACES, "List Interfaces" },
387 { REGISTER_SESSION, "Register Session" },
388 { UNREGISTER_SESSION,"Unregister Session" },
389 { SEND_RR_DATA, "Send RR Data" },
390 { SEND_UNIT_DATA, "Send Unit Data" },
391 { INDICATE_STATUS, "Indicate Status" },
392 { CANCEL, "Cancel" },
397 /* Translate function to string - Encapsulation status */
398 static const value_string encap_status_vals[] = {
399 { SUCCESS, "Success" },
400 { INVALID_CMD, "Invalid Command" },
401 { NO_RESOURCES, "No Memory Resources" },
402 { INCORRECT_DATA, "Incorrect Data" },
403 { INVALID_SESSION, "Invalid Session Handle" },
404 { INVALID_LENGTH, "Invalid Length" },
405 { UNSUPPORTED_PROT_REV, "Unsupported Protocol Revision" },
410 /* Translate function to Common data format values */
411 static const value_string cdf_type_vals[] = {
412 { CDF_NULL, "Null Address Item" },
413 { LIST_IDENTITY_RESP, "List Identity Response" },
414 { CONNECTION_BASED, "Connected Address Item" },
415 { CONNECTION_TRANSPORT, "Connected Data Item" },
416 { UNCONNECTED_MSG, "Unconnected Data Item" },
417 { LIST_SERVICES_RESP, "List Services Response" },
418 { SOCK_ADR_INFO_OT, "Socket Address Info O->T" },
419 { SOCK_ADR_INFO_TO, "Socket Address Info T->O" },
420 { SEQ_ADDRESS, "Sequenced Address Item" },
425 /* Translate function to string - Run/Idle */
426 static const value_string enip_run_idle_vals[] = {
433 static const value_string enip_tcpip_status_interface_config_vals[] = {
434 { 0, "Not configured" },
435 { 1, "BOOTP/DHCP/NVS" },
436 { 2, "Hardware settings" },
441 static const value_string enip_tcpip_status_acd_vals[] = {
442 { 0, "No Address Conflict Detected" },
443 { 1, "Address Conflict Detected" },
448 static const value_string enip_tcpip_config_control_config_vals[] = {
456 static const value_string enip_tcpip_mcast_alloc_vals[] = {
457 { 0, "Use default multicast algorithm" },
458 { 1, "Use Num Mcast and Mcast Start Addr" },
463 static const value_string enip_tcpip_acd_activity_vals[] = {
464 { 0, "No Conflict Detected" },
465 { 1, "Probe IPv4 Address" },
466 { 2, "Ongoing Detection" },
467 { 3, "Semi Active Probe" },
472 static const value_string enip_elink_duplex_vals[] = {
473 { 0, "Half Duplex" },
474 { 1, "Full Duplex" },
479 static const value_string enip_elink_iflags_neg_status_vals[] = {
480 { 0, "Auto-negotiation in progress" },
481 { 1, "Auto-negotiation and speed detection failed" },
482 { 2, "Auto-negotiation failed but detected speed" },
483 { 3, "Successfully negotiatied speed and duplex" },
484 { 4, "Auto-negotiation not attempted. Forced speed and duplex" },
489 static const value_string enip_elink_iflags_reset_vals[] = {
490 { 0, "Activate change automatically" },
491 { 1, "Device requires Reset service for change" },
496 static const value_string enip_elink_iflags_hw_fault_vals[] = {
497 { 0, "No local hardware fault" },
498 { 1, "Local hardware fault detected" },
503 static const value_string enip_elink_interface_type_vals[] = {
504 { 0, "Unknown type" },
506 { 2, "Twisted-pair" },
507 { 3, "Optical fiber" },
512 static const value_string enip_elink_interface_state_vals[] = {
513 { 0, "Unknown state" },
521 static const value_string enip_elink_admin_state_vals[] = {
528 static const value_string enip_dlr_network_topology_vals[] = {
535 static const value_string enip_dlr_network_status_vals[] = {
538 { 2, "Unexpected Loop Detected" },
539 { 3, "Partial Network Failure" },
540 { 4, "Rapid Fault/Restore Cycle" },
545 static const value_string enip_dlr_ring_supervisor_status_vals[] = {
546 { 0, "Backup Ring Supervisor" },
547 { 1, "Active Ring Supervisor" },
549 { 3, "Non-DLR Topology" },
550 { 4, "Cannot Support Parameters" },
555 static const value_string enip_dlr_redundant_gateway_status_vals[] = {
556 { 0, "Non-Gateway DLR node" },
557 { 1, "Backup Gateway" },
558 { 2, "Active Gateway" },
559 { 3, "Gateway Fault" },
560 { 4, "Cannot Support Parameters" },
561 { 5, "Partitial Network Fault" },
566 /* Translate interface handle to string */
567 static const value_string enip_interface_handle_vals[] = {
573 /* Translate function to DLR Frame Type values */
574 static const value_string dlr_frame_type_vals[] = {
575 { DLR_FT_BEACON, "Beacon" },
576 { DLR_FT_NEIGHBOR_REQ, "Neighbor_Check_Request" },
577 { DLR_FT_NEIGHBOR_RES, "Neighbor_Check_Response" },
578 { DLR_FT_LINK_STAT, "Link_Status / Neighbor_Status" },
579 { DLR_FT_LOCATE_FLT, "Locate_Fault" },
580 { DLR_FT_ANNOUNCE, "Announce" },
581 { DLR_FT_SIGN_ON, "Sign_On" },
582 { DLR_FT_ADVERTISE, "Advertise" },
583 { DLR_FT_FLUSH_TABLES, "Flush_Tables" },
584 { DLR_FT_LEARNING_UPDATE, "Learning_Update" },
589 /* Translate function to DLR Source Port values */
590 static const value_string dlr_source_port_vals[] = {
591 { 0, "Port 1 or Port 2" },
598 /* Translate function to DLR Ring State values */
599 static const value_string dlr_ring_state_vals[] = {
600 { 1, "RING_NORMAL_STATE" },
601 { 2, "RING_FAULT_STATE" },
606 /* Translate function to DLR Advertise State values */
607 static const value_string dlr_adv_state_vals[] = {
608 { 0x01, "ACTIVE_LISTEN_STATE" },
609 { 0x02, "ACTIVE_NORMAL_STATE" },
610 { 0x03, "FAULT_STATE" },
615 /* Translate function to DLR Learning Update values */
616 static const value_string dlr_adv_learning_update_vals[] = {
623 /* Translate function to DLR Flush Learning Update values */
624 static const value_string dlr_flush_learning_update_vals[] = {
631 static const true_false_string dlr_lnknbrstatus_frame_type_vals = {
632 "Neighbor_Status Frame",
636 static void enip_prompt(packet_info *pinfo _U_, gchar* result)
638 g_snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "Dissect unidentified I/O traffic as");
641 static gpointer enip_value(packet_info *pinfo _U_)
646 static GHashTable *enip_request_hashtable = NULL;
648 /* Return codes of function classifying packets as query/response */
649 enum enip_packet_type {ENIP_REQUEST_PACKET, ENIP_RESPONSE_PACKET, ENIP_CANNOT_CLASSIFY};
650 enum enip_packet_data_type { EPDT_UNKNOWN, EPDT_CONNECTED_TRANSPORT, EPDT_UNCONNECTED };
652 typedef struct enip_request_key {
653 enum enip_packet_type requesttype;
654 enum enip_packet_data_type type;
655 guint32 session_handle;
656 guint64 sender_context;
657 guint32 conversation;
662 } connected_transport;
664 } enip_request_key_t;
666 typedef struct enip_request_val {
668 } enip_request_val_t;
674 enip_request_equal(gconstpointer v, gconstpointer w)
676 const enip_request_key_t *v1 = (const enip_request_key_t *)v;
677 const enip_request_key_t *v2 = (const enip_request_key_t *)w;
679 if ( v1->conversation == v2->conversation
680 && v1->session_handle == v2->session_handle
681 && v1->type == v2->type
682 && ( ( v1->sender_context == v2->sender_context /* heuristic approach */
683 && v1->type == EPDT_UNCONNECTED
686 ( v1->data.connected_transport.connid == v2->data.connected_transport.connid
687 && v1->data.connected_transport.sequence == v2->data.connected_transport.sequence
688 && v1->type == EPDT_CONNECTED_TRANSPORT
698 enip_fmt_lir_revision( gchar *result, guint32 revision )
700 g_snprintf( result, ITEM_LABEL_LENGTH, "%d.%02d", (guint8)(( revision & 0xFF00 ) >> 8), (guint8)(revision & 0xFF) );
704 enip_request_hash (gconstpointer v)
706 const enip_request_key_t *key = (const enip_request_key_t *)v;
709 val = (guint)(key->conversation * 37 + key->session_handle * 93 + key->type * 765);
711 if (key->type == EPDT_UNCONNECTED)
713 val += ((guint)(key->sender_context * 23));
715 else if (key->type == EPDT_CONNECTED_TRANSPORT)
717 val += ((guint)(key->data.connected_transport.connid * 87 + key->data.connected_transport.sequence * 834));
723 static enip_request_info_t *
724 enip_match_request( packet_info *pinfo, proto_tree *tree, enip_request_key_t *prequest_key )
726 enip_request_key_t *new_request_key;
727 enip_request_val_t *request_val;
728 enip_request_info_t *request_info;
731 request_val = (enip_request_val_t *)g_hash_table_lookup( enip_request_hashtable, prequest_key );
732 if (!pinfo->fd->flags.visited)
734 if ( prequest_key && prequest_key->requesttype == ENIP_REQUEST_PACKET )
736 if ( request_val == NULL )
738 new_request_key = (enip_request_key_t *)wmem_memdup(wmem_file_scope(), prequest_key, sizeof(enip_request_key_t));
740 request_val = wmem_new(wmem_file_scope(), enip_request_val_t);
741 request_val->frames = wmem_tree_new(wmem_file_scope());
743 g_hash_table_insert(enip_request_hashtable, new_request_key, request_val );
746 request_info = wmem_new(wmem_file_scope(), enip_request_info_t);
747 request_info->req_num = pinfo->fd->num;
748 request_info->rep_num = 0;
749 request_info->req_time = pinfo->fd->abs_ts;
750 request_info->cip_info = NULL;
751 wmem_tree_insert32(request_val->frames, pinfo->fd->num, (void *)request_info);
753 if ( request_val && prequest_key && prequest_key->requesttype == ENIP_RESPONSE_PACKET )
755 request_info = (enip_request_info_t*)wmem_tree_lookup32_le( request_val->frames, pinfo->fd->num );
758 request_info->rep_num = pinfo->fd->num;
765 request_info = (enip_request_info_t *)wmem_tree_lookup32_le( request_val->frames, pinfo->fd->num );
768 if ( tree && request_info )
770 /* print state tracking in the tree */
771 if ( prequest_key && prequest_key->requesttype == ENIP_REQUEST_PACKET )
773 /* This is a request */
774 if (request_info->rep_num)
778 it = proto_tree_add_uint(tree, hf_enip_response_in,
779 NULL, 0, 0, request_info->rep_num);
780 PROTO_ITEM_SET_GENERATED(it);
785 if ( prequest_key && prequest_key->requesttype == ENIP_RESPONSE_PACKET )
787 /* This is a reply */
788 if (request_info->req_num)
793 it = proto_tree_add_uint(tree, hf_enip_response_to,
794 NULL, 0, 0, request_info->req_num);
795 PROTO_ITEM_SET_GENERATED(it);
797 nstime_delta(&ns, &pinfo->fd->abs_ts, &request_info->req_time);
798 it = proto_tree_add_time(tree, hf_enip_time, NULL, 0, 0, &ns);
799 PROTO_ITEM_SET_GENERATED(it);
807 typedef struct enip_conn_key {
808 guint16 ConnSerialNumber;
810 guint32 DeviceSerialNumber;
815 typedef struct enip_conn_val {
816 guint16 ConnSerialNumber;
818 guint32 DeviceSerialNumber;
821 guint8 TransportClass_trigger;
823 guint32 open_reply_frame;
826 cip_safety_epath_info_t safety;
830 typedef struct _enip_conv_info_t {
831 wmem_tree_t *O2TConnIDs;
832 wmem_tree_t *T2OConnIDs;
836 * Conversation filter
839 enip_io_conv_valid(packet_info *pinfo)
841 enip_conn_val_t* conn = (enip_conn_val_t*)p_get_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO);
846 return (((conn->TransportClass_trigger & CI_TRANSPORT_CLASS_MASK) == 0) ||
847 ((conn->TransportClass_trigger & CI_TRANSPORT_CLASS_MASK) == 1));
851 enip_io_conv_filter(packet_info *pinfo)
854 enip_conn_val_t* conn = (enip_conn_val_t*)p_get_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO);
859 if (conn->close_frame > 0)
861 buf = g_strdup_printf(
862 "((frame.number == %u) || ((frame.number >= %u) && (frame.number <= %u))) && " /* Frames between ForwardOpen and ForwardClose reply */
863 "((enip.cpf.sai.connid == 0x%08x || enip.cpf.sai.connid == 0x%08x) || " /* O->T and T->O Connection IDs */
864 "((cip.cm.conn_serial_num == 0x%04x) && (cip.cm.vendor == 0x%04x) && (cip.cm.orig_serial_num == 0x%08x)))", /* Connection Triad */
865 conn->open_frame, conn->open_reply_frame, conn->close_frame,
866 conn->O2TConnID, conn->T2OConnID,
867 conn->ConnSerialNumber, conn->VendorID, conn->DeviceSerialNumber);
871 /* If Forward Close isn't found, don't limit the (end) frame range */
872 buf = g_strdup_printf(
873 "((frame.number == %u) || (frame.number >= %u)) && " /* Frames starting with ForwardOpen */
874 "((enip.cpf.sai.connid == 0x%08x || enip.cpf.sai.connid == 0x%08x) || " /* O->T and T->O Connection IDs */
875 "((cip.cm.conn_serial_num == 0x%04x) && (cip.cm.vendor == 0x%04x) && (cip.cm.orig_serial_num == 0x%08x)))", /* Connection Triad */
876 conn->open_frame, conn->open_reply_frame,
877 conn->O2TConnID, conn->T2OConnID,
878 conn->ConnSerialNumber, conn->VendorID, conn->DeviceSerialNumber);
885 enip_exp_conv_valid(packet_info *pinfo)
887 enip_conn_val_t* conn = (enip_conn_val_t*)p_get_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO);
892 return (((conn->TransportClass_trigger & CI_TRANSPORT_CLASS_MASK) == 2) ||
893 ((conn->TransportClass_trigger & CI_TRANSPORT_CLASS_MASK) == 3));
897 enip_exp_conv_filter(packet_info *pinfo)
900 enip_conn_val_t* conn = (enip_conn_val_t*)p_get_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO);
905 if (conn->close_frame > 0)
907 buf = g_strdup_printf(
908 "((frame.number == %u) || ((frame.number >= %u) && (frame.number <= %u))) && " /* Frames between ForwardOpen and ForwardClose reply */
909 "((enip.cpf.cai.connid == 0x%08x || enip.cpf.cai.connid == 0x%08x) || " /* O->T and T->O Connection IDs */
910 "((cip.cm.conn_serial_num == 0x%04x) && (cip.cm.vendor == 0x%04x) && (cip.cm.orig_serial_num == 0x%08x)))", /* Connection Triad */
911 conn->open_frame, conn->open_reply_frame, conn->close_frame,
912 conn->O2TConnID, conn->T2OConnID,
913 conn->ConnSerialNumber, conn->VendorID, conn->DeviceSerialNumber);
917 /* If Forward Close isn't found, don't limit the (end) frame range */
918 buf = g_strdup_printf(
919 "((frame.number == %u) || (frame.number >= %u)) && " /* Frames between ForwardOpen and ForwardClose */
920 "((enip.cpf.cai.connid == 0x%08x || enip.cpf.cai.connid == 0x%08x) || " /* O->T and T->O Connection IDs */
921 "((cip.cm.conn_serial_num == 0x%04x) && (cip.cm.vendor == 0x%04x) && (cip.cm.orig_serial_num == 0x%08x)))", /* Connection Triad */
922 conn->open_frame, conn->open_reply_frame,
923 conn->O2TConnID, conn->T2OConnID,
924 conn->ConnSerialNumber, conn->VendorID, conn->DeviceSerialNumber);
930 * Connection management
932 static GHashTable *enip_conn_hashtable = NULL;
933 static guint32 enip_unique_connid = 1;
936 enip_conn_equal(gconstpointer v, gconstpointer w)
938 const enip_conn_key_t *v1 = (const enip_conn_key_t *)v;
939 const enip_conn_key_t *v2 = (const enip_conn_key_t *)w;
941 if ((v1->ConnSerialNumber == v2->ConnSerialNumber) &&
942 (v1->VendorID == v2->VendorID) &&
943 (v1->DeviceSerialNumber == v2->DeviceSerialNumber) &&
944 ((v1->O2TConnID == 0) || (v2->O2TConnID == 0) || (v1->O2TConnID == v2->O2TConnID)) &&
945 ((v1->T2OConnID == 0) || (v2->T2OConnID == 0) || (v1->T2OConnID == v2->T2OConnID)))
952 enip_conn_hash (gconstpointer v)
954 const enip_conn_key_t *key = (const enip_conn_key_t *)v;
957 val = (guint)( key->ConnSerialNumber + key->VendorID + key->DeviceSerialNumber );
963 enip_open_cip_connection( packet_info *pinfo, cip_conn_info_t* connInfo)
965 enip_conn_key_t *conn_key;
966 enip_conn_val_t *conn_val;
967 conversation_t *conversation, *conversationTO;
968 enip_conv_info_t *enip_info;
969 address dest_address;
970 struct e_in6_addr ipv6_zero;
972 if (pinfo->fd->flags.visited)
975 conn_key = wmem_new(wmem_file_scope(), enip_conn_key_t);
976 conn_key->ConnSerialNumber = connInfo->ConnSerialNumber;
977 conn_key->VendorID = connInfo->VendorID;
978 conn_key->DeviceSerialNumber = connInfo->DeviceSerialNumber;
979 conn_key->O2TConnID = connInfo->O2T.connID;
980 conn_key->T2OConnID = connInfo->T2O.connID;
982 conn_val = (enip_conn_val_t *)g_hash_table_lookup( enip_conn_hashtable, conn_key );
983 if ( conn_val == NULL )
985 conn_val = wmem_new(wmem_file_scope(), enip_conn_val_t);
987 conn_val->ConnSerialNumber = connInfo->ConnSerialNumber;
988 conn_val->VendorID = connInfo->VendorID;
989 conn_val->DeviceSerialNumber = connInfo->DeviceSerialNumber;
990 conn_val->O2TConnID = connInfo->O2T.connID;
991 conn_val->T2OConnID = connInfo->T2O.connID;
992 conn_val->TransportClass_trigger = connInfo->TransportClass_trigger;
993 conn_val->safety = connInfo->safety;
994 conn_val->motion = connInfo->motion;
995 conn_val->open_frame = connInfo->forward_open_frame;
996 conn_val->open_reply_frame = pinfo->fd->num;
997 conn_val->close_frame = 0;
998 conn_val->connid = enip_unique_connid++;
1000 g_hash_table_insert(enip_conn_hashtable, conn_key, conn_val );
1002 /* I/O connection */
1003 if (((connInfo->TransportClass_trigger & CI_TRANSPORT_CLASS_MASK) == 0) ||
1004 ((connInfo->TransportClass_trigger & CI_TRANSPORT_CLASS_MASK) == 1))
1006 /* zero out the ipv6 structure for comparison */
1007 memset(&ipv6_zero, 0, sizeof(ipv6_zero));
1009 /* default some information if not included */
1010 if ((connInfo->O2T.port == 0) || (connInfo->O2T.type == CONN_TYPE_MULTICAST))
1011 connInfo->O2T.port = ENIP_IO_PORT;
1012 if ((connInfo->O2T.ipaddress.type == AT_NONE) ||
1013 ((connInfo->O2T.ipaddress.type == AT_IPv4) && ((*(const guint32*)connInfo->O2T.ipaddress.data)) == 0) ||
1014 ((connInfo->O2T.ipaddress.type == AT_IPv6) && (memcmp(connInfo->O2T.ipaddress.data, &ipv6_zero, sizeof(ipv6_zero)) == 0)) ||
1015 (connInfo->O2T.type != CONN_TYPE_MULTICAST))
1016 connInfo->O2T.ipaddress = pinfo->src;
1017 if ((connInfo->T2O.port == 0) || (connInfo->T2O.type == CONN_TYPE_MULTICAST))
1018 connInfo->T2O.port = ENIP_IO_PORT;
1019 if ((connInfo->T2O.ipaddress.type == AT_NONE) ||
1020 ((connInfo->T2O.ipaddress.type == AT_IPv4) && ((*(const guint32*)connInfo->T2O.ipaddress.data)) == 0) ||
1021 ((connInfo->T2O.ipaddress.type == AT_IPv6) && (memcmp(connInfo->T2O.ipaddress.data, &ipv6_zero, sizeof(ipv6_zero)) == 0)) ||
1022 (connInfo->T2O.type != CONN_TYPE_MULTICAST))
1023 connInfo->T2O.ipaddress = pinfo->dst;
1025 if (connInfo->O2T.ipaddress.type == AT_IPv6)
1027 dest_address.type = AT_IPv6;
1028 dest_address.len = 16;
1032 dest_address.type = AT_IPv4;
1033 dest_address.len = 4;
1035 dest_address.data = connInfo->O2T.ipaddress.data;
1037 /* check for O->T conversation */
1038 /* similar logic to find_or_create_conversation(), but since I/O traffic
1039 is on UDP, the pinfo parameter doesn't have the correct information */
1040 if ((conversation = find_conversation(pinfo->fd->num, &pinfo->dst, &dest_address,
1041 PT_UDP, connInfo->O2T.port, 0, NO_PORT_B)) == NULL) {
1043 conversation = conversation_new(pinfo->fd->num, &pinfo->dst, &dest_address,
1044 PT_UDP, connInfo->O2T.port, 0, NO_PORT2);
1047 enip_info = (enip_conv_info_t *)conversation_get_proto_data(conversation, proto_enip);
1048 if (enip_info == NULL)
1050 enip_info = wmem_new(wmem_file_scope(), enip_conv_info_t);
1051 enip_info->O2TConnIDs = wmem_tree_new(wmem_file_scope());
1052 enip_info->T2OConnIDs = wmem_tree_new(wmem_file_scope());
1054 conversation_add_proto_data(conversation, proto_enip, enip_info);
1056 wmem_tree_insert32(enip_info->O2TConnIDs, connInfo->O2T.connID, (void *)conn_val);
1058 /* Check if separate T->O conversation is necessary. If either side is multicast
1059 or ports aren't equal, a separate conversation must be generated */
1060 dest_address.data = connInfo->T2O.ipaddress.data;
1061 if ((conversationTO = find_conversation(pinfo->fd->num, &pinfo->src, &dest_address,
1062 PT_UDP, connInfo->T2O.port, 0, NO_PORT_B)) == NULL) {
1064 conversationTO = conversation_new(pinfo->fd->num, &pinfo->src,
1065 &dest_address, PT_UDP,
1066 connInfo->T2O.port, 0, NO_PORT2);
1069 enip_info = (enip_conv_info_t *)conversation_get_proto_data(conversationTO, proto_enip);
1070 if (enip_info == NULL)
1072 enip_info = wmem_new(wmem_file_scope(), enip_conv_info_t);
1073 enip_info->O2TConnIDs = wmem_tree_new(wmem_file_scope());
1074 enip_info->T2OConnIDs = wmem_tree_new(wmem_file_scope());
1075 conversation_add_proto_data(conversationTO, proto_enip, enip_info);
1077 wmem_tree_insert32(enip_info->T2OConnIDs, connInfo->T2O.connID, (void *)conn_val);
1081 /* explicit message connection */
1082 conversation = find_or_create_conversation(pinfo);
1084 /* Do we already have a state structure for this conv */
1085 enip_info = (enip_conv_info_t *)conversation_get_proto_data(conversation, proto_enip);
1089 * No. Attach that information to the conversation, and add
1090 * it to the list of information structures.
1092 enip_info = wmem_new(wmem_file_scope(), enip_conv_info_t);
1093 enip_info->O2TConnIDs = wmem_tree_new(wmem_file_scope());
1094 enip_info->T2OConnIDs = wmem_tree_new(wmem_file_scope());
1096 conversation_add_proto_data(conversation, proto_enip, enip_info);
1098 wmem_tree_insert32(enip_info->O2TConnIDs, connInfo->O2T.connID, (void *)conn_val);
1099 wmem_tree_insert32(enip_info->T2OConnIDs, connInfo->T2O.connID, (void *)conn_val);
1103 /* Save the connection info for the conversation filter */
1104 if (!pinfo->fd->flags.visited)
1105 p_add_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO, conn_val);
1109 enip_close_cip_connection(packet_info *pinfo, guint16 ConnSerialNumber,
1110 guint16 VendorID, guint32 DeviceSerialNumber )
1112 enip_conn_key_t conn_key;
1113 enip_conn_val_t *conn_val;
1115 if (pinfo->fd->flags.visited)
1118 conn_key.ConnSerialNumber = ConnSerialNumber;
1119 conn_key.VendorID = VendorID;
1120 conn_key.DeviceSerialNumber = DeviceSerialNumber;
1121 conn_key.O2TConnID = 0;
1122 conn_key.T2OConnID = 0;
1124 conn_val = (enip_conn_val_t *)g_hash_table_lookup( enip_conn_hashtable, &conn_key );
1127 conn_val->close_frame = pinfo->fd->num;
1129 /* Save the connection info for the conversation filter */
1130 if (!pinfo->fd->flags.visited)
1131 p_add_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO, conn_val);
1135 /* Save the connection info for the conversation filter */
1136 void enip_mark_connection_triad( packet_info *pinfo, guint16 ConnSerialNumber, guint16 VendorID, guint32 DeviceSerialNumber )
1138 enip_conn_key_t conn_key;
1139 enip_conn_val_t *conn_val;
1141 conn_key.ConnSerialNumber = ConnSerialNumber;
1142 conn_key.VendorID = VendorID;
1143 conn_key.DeviceSerialNumber = DeviceSerialNumber;
1144 conn_key.O2TConnID = 0;
1145 conn_key.T2OConnID = 0;
1147 conn_val = (enip_conn_val_t *)g_hash_table_lookup( enip_conn_hashtable, &conn_key );
1150 p_add_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO, conn_val);
1154 static enip_conn_val_t *
1155 enip_get_explicit_connid(packet_info *pinfo, enip_request_key_t *prequest_key, guint32 connid)
1157 conversation_t *conversation;
1158 enip_conv_info_t *enip_info;
1159 enip_conn_val_t *conn_val;
1160 enum enip_packet_type requesttype = ENIP_REQUEST_PACKET;
1162 if (prequest_key != NULL)
1165 if ((prequest_key->requesttype != ENIP_REQUEST_PACKET) && (prequest_key->requesttype != ENIP_RESPONSE_PACKET ))
1168 requesttype = prequest_key->requesttype;
1172 * Do we have a conversation for this connection?
1174 conversation = find_conversation(pinfo->fd->num,
1175 &pinfo->src, &pinfo->dst,
1177 pinfo->srcport, pinfo->destport, 0);
1178 if (conversation == NULL)
1182 * Do we already have a state structure for this conv
1184 enip_info = (enip_conv_info_t *)conversation_get_proto_data(conversation, proto_enip);
1189 switch (requesttype )
1191 case ENIP_REQUEST_PACKET:
1192 conn_val = (enip_conn_val_t *)wmem_tree_lookup32( enip_info->O2TConnIDs, connid );
1193 if ( conn_val == NULL )
1194 conn_val = (enip_conn_val_t *)wmem_tree_lookup32( enip_info->T2OConnIDs, connid );
1197 case ENIP_RESPONSE_PACKET:
1198 conn_val = (enip_conn_val_t *)wmem_tree_lookup32( enip_info->T2OConnIDs, connid );
1199 if ( conn_val == NULL )
1200 conn_val = (enip_conn_val_t *)wmem_tree_lookup32( enip_info->O2TConnIDs, connid );
1202 case ENIP_CANNOT_CLASSIFY:
1207 if ((conn_val == NULL ) || (conn_val->open_reply_frame > pinfo->fd->num))
1213 static enip_conn_val_t *
1214 enip_get_io_connid(packet_info *pinfo, guint32 connid, enum enip_connid_type* pconnid_type)
1216 conversation_t *conversation;
1217 enip_conv_info_t *enip_info;
1218 enip_conn_val_t *conn_val = NULL;
1220 *pconnid_type = ECIDT_UNKNOWN;
1223 * Do we have a conversation for this connection?
1225 conversation = find_conversation(pinfo->fd->num,
1226 &pinfo->src, &pinfo->dst,
1228 pinfo->destport, 0, NO_PORT_B);
1230 if (conversation == NULL)
1234 * Do we already have a state structure for this conv
1236 if ((enip_info = (enip_conv_info_t *)conversation_get_proto_data(conversation, proto_enip)) == NULL)
1239 if (enip_info->O2TConnIDs != NULL)
1240 conn_val = (enip_conn_val_t *)wmem_tree_lookup32( enip_info->O2TConnIDs, connid );
1242 if ( conn_val == NULL )
1244 if (enip_info->T2OConnIDs != NULL)
1246 if ((conn_val = (enip_conn_val_t *)wmem_tree_lookup32( enip_info->T2OConnIDs, connid)) != NULL)
1247 *pconnid_type = ECIDT_T2O;
1252 *pconnid_type = ECIDT_O2T;
1255 if ((conn_val == NULL) || ( conn_val->open_reply_frame > pinfo->fd->num ))
1263 dissect_tcpip_status(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1264 int offset, int total_len)
1267 proto_item *status_item;
1268 proto_tree *status_tree;
1272 expert_add_info(pinfo, item, &ei_mal_tcpip_status);
1276 status_item = proto_tree_add_item(tree, hf_tcpip_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1277 status_tree = proto_item_add_subtree(status_item, ett_tcpip_status);
1279 proto_tree_add_item(status_tree, hf_tcpip_status_interface_config, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1280 proto_tree_add_item(status_tree, hf_tcpip_status_mcast_pending, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1281 proto_tree_add_item(status_tree, hf_tcpip_status_interface_config_pending, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1282 proto_tree_add_item(status_tree, hf_tcpip_status_acd, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1283 proto_tree_add_item(status_tree, hf_tcpip_status_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1288 dissect_tcpip_config_cap(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1289 int offset, int total_len)
1292 proto_item *cap_item;
1293 proto_tree *cap_tree;
1297 expert_add_info(pinfo, item, &ei_mal_tcpip_config_cap);
1301 cap_item = proto_tree_add_item(tree, hf_tcpip_config_cap, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1302 cap_tree = proto_item_add_subtree(cap_item, ett_tcpip_config_cap);
1304 proto_tree_add_item(cap_tree, hf_tcpip_config_cap_bootp, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1305 proto_tree_add_item(cap_tree, hf_tcpip_config_cap_dns, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1306 proto_tree_add_item(cap_tree, hf_tcpip_config_cap_dhcp, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1307 proto_tree_add_item(cap_tree, hf_tcpip_config_cap_dhcp_dns_update, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1308 proto_tree_add_item(cap_tree, hf_tcpip_config_cap_config_settable, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1309 proto_tree_add_item(cap_tree, hf_tcpip_config_cap_hardware_config, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1310 proto_tree_add_item(cap_tree, hf_tcpip_config_cap_interface_reset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1311 proto_tree_add_item(cap_tree, hf_tcpip_config_cap_acd, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1312 proto_tree_add_item(cap_tree, hf_tcpip_config_cap_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1317 dissect_tcpip_config_control(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1318 int offset, int total_len)
1321 proto_item *control_item;
1322 proto_tree *control_tree;
1326 expert_add_info(pinfo, item, &ei_mal_tcpip_config_control);
1330 control_item = proto_tree_add_item(tree, hf_tcpip_config_control, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1331 control_tree = proto_item_add_subtree(control_item, ett_tcpip_config_control);
1333 proto_tree_add_item(control_tree, hf_tcpip_config_control_config, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1334 proto_tree_add_item(control_tree, hf_tcpip_config_control_dns, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1335 proto_tree_add_item(control_tree, hf_tcpip_config_control_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1340 dissect_tcpip_physical_link(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1341 int offset, int total_len)
1345 proto_tree *epath_tree;
1346 proto_item *path_item;
1348 path_size = tvb_get_letohs( tvb, offset)*2;
1349 proto_tree_add_uint_format_value(tree, hf_tcpip_physical_link_size, tvb, offset, 2, path_size / 2, "%d (words)", path_size / 2);
1351 if (total_len < path_size+2)
1353 expert_add_info(pinfo, item, &ei_mal_tcpip_physical_link_size);
1357 epath_tree = proto_tree_add_subtree(tree, tvb, offset+2, path_size, ett_path, &path_item, "Path: ");
1358 dissect_epath( tvb, pinfo, epath_tree, path_item, offset+2, path_size, FALSE, FALSE, NULL, NULL);
1364 dissect_tcpip_interface_config(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1365 int offset, int total_len)
1368 guint16 domain_length;
1372 expert_add_info(pinfo, item, &ei_mal_tcpip_interface_config);
1376 proto_tree_add_item(tree, hf_tcpip_ic_ip_addr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1377 proto_tree_add_item(tree, hf_tcpip_ic_subnet_mask, tvb, offset+4, 4, ENC_LITTLE_ENDIAN);
1378 proto_tree_add_item(tree, hf_tcpip_ic_gateway, tvb, offset+8, 4, ENC_LITTLE_ENDIAN);
1379 proto_tree_add_item(tree, hf_tcpip_ic_name_server, tvb, offset+12, 4, ENC_LITTLE_ENDIAN);
1380 proto_tree_add_item(tree, hf_tcpip_ic_name_server2, tvb, offset+16, 4, ENC_LITTLE_ENDIAN);
1382 domain_length = tvb_get_letohs( tvb, offset+20);
1383 proto_tree_add_item(tree, hf_tcpip_ic_domain_name, tvb, offset+22, domain_length, ENC_ASCII|ENC_NA);
1385 return (22+domain_length);
1389 dissect_tcpip_mcast_config(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1390 int offset, int total_len)
1395 expert_add_info(pinfo, item, &ei_mal_tcpip_mcast_config);
1399 proto_tree_add_item(tree, hf_tcpip_mcast_alloc, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1400 proto_tree_add_item(tree, hf_tcpip_mcast_reserved, tvb, offset+1, 1, ENC_LITTLE_ENDIAN);
1401 proto_tree_add_item(tree, hf_tcpip_mcast_num_mcast, tvb, offset+2, 2, ENC_LITTLE_ENDIAN);
1402 proto_tree_add_item(tree, hf_tcpip_mcast_addr_start, tvb, offset+4, 4, ENC_LITTLE_ENDIAN);
1407 dissect_tcpip_last_conflict(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1408 int offset, int total_len)
1416 expert_add_info(pinfo, item, &ei_mal_tcpip_last_conflict);
1420 proto_tree_add_item(tree, hf_tcpip_lcd_acd_activity, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1421 proto_tree_add_item(tree, hf_tcpip_lcd_remote_mac, tvb, offset+1, 6, ENC_NA);
1423 if ( tvb_get_guint8(tvb, offset) == 0 )
1424 proto_tree_add_item(tree, hf_tcpip_lcd_arp_pdu, tvb, offset+7, 28, ENC_NA);
1427 /* Dissect ARP PDU, but don't have it change column info */
1428 save_info = col_get_writable(pinfo->cinfo);
1429 col_set_writable(pinfo->cinfo, FALSE);
1431 next_tvb = tvb_new_subset_length(tvb, offset+7, 28);
1432 call_dissector(arp_handle, next_tvb, pinfo, tree);
1434 col_set_writable(pinfo->cinfo, save_info);
1441 dissect_elink_interface_flags(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1442 int offset, int total_len)
1445 proto_item *flag_item;
1446 proto_tree *flag_tree;
1450 expert_add_info(pinfo, item, &ei_mal_elink_interface_flags);
1454 flag_item = proto_tree_add_item(tree, hf_elink_interface_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1455 flag_tree = proto_item_add_subtree(flag_item, ett_elink_interface_flags);
1457 proto_tree_add_item(flag_tree, hf_elink_iflags_link_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1458 proto_tree_add_item(flag_tree, hf_elink_iflags_duplex, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1459 proto_tree_add_item(flag_tree, hf_elink_iflags_neg_status, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1460 proto_tree_add_item(flag_tree, hf_elink_iflags_manual_reset, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1461 proto_tree_add_item(flag_tree, hf_elink_iflags_local_hw_fault, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1462 proto_tree_add_item(flag_tree, hf_elink_iflags_reserved, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1467 dissect_elink_interface_counters(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1468 int offset, int total_len)
1473 expert_add_info(pinfo, item, &ei_mal_elink_interface_counters);
1477 proto_tree_add_item(tree, hf_elink_icount_in_octets, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1478 proto_tree_add_item(tree, hf_elink_icount_in_ucast, tvb, offset+4, 4, ENC_LITTLE_ENDIAN);
1479 proto_tree_add_item(tree, hf_elink_icount_in_nucast, tvb, offset+8, 4, ENC_LITTLE_ENDIAN);
1480 proto_tree_add_item(tree, hf_elink_icount_in_discards, tvb, offset+12, 4, ENC_LITTLE_ENDIAN);
1481 proto_tree_add_item(tree, hf_elink_icount_in_errors, tvb, offset+16, 4, ENC_LITTLE_ENDIAN);
1482 proto_tree_add_item(tree, hf_elink_icount_in_unknown_protos, tvb, offset+20, 4, ENC_LITTLE_ENDIAN);
1483 proto_tree_add_item(tree, hf_elink_icount_out_octets, tvb, offset+24, 4, ENC_LITTLE_ENDIAN);
1484 proto_tree_add_item(tree, hf_elink_icount_out_ucast, tvb, offset+28, 4, ENC_LITTLE_ENDIAN);
1485 proto_tree_add_item(tree, hf_elink_icount_out_nucast, tvb, offset+32, 4, ENC_LITTLE_ENDIAN);
1486 proto_tree_add_item(tree, hf_elink_icount_out_discards, tvb, offset+36, 4, ENC_LITTLE_ENDIAN);
1487 proto_tree_add_item(tree, hf_elink_icount_out_errors, tvb, offset+40, 4, ENC_LITTLE_ENDIAN);
1492 dissect_elink_media_counters(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1493 int offset, int total_len)
1498 expert_add_info(pinfo, item, &ei_mal_elink_media_counters);
1502 proto_tree_add_item(tree, hf_elink_mcount_alignment_errors, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1503 proto_tree_add_item(tree, hf_elink_mcount_fcs_errors, tvb, offset+4, 4, ENC_LITTLE_ENDIAN);
1504 proto_tree_add_item(tree, hf_elink_mcount_single_collisions, tvb, offset+8, 4, ENC_LITTLE_ENDIAN);
1505 proto_tree_add_item(tree, hf_elink_mcount_multiple_collisions, tvb, offset+12, 4, ENC_LITTLE_ENDIAN);
1506 proto_tree_add_item(tree, hf_elink_mcount_sqe_test_errors, tvb, offset+16, 4, ENC_LITTLE_ENDIAN);
1507 proto_tree_add_item(tree, hf_elink_mcount_deferred_transmission, tvb, offset+20, 4, ENC_LITTLE_ENDIAN);
1508 proto_tree_add_item(tree, hf_elink_mcount_late_collisions, tvb, offset+24, 4, ENC_LITTLE_ENDIAN);
1509 proto_tree_add_item(tree, hf_elink_mcount_excessive_collisions, tvb, offset+28, 4, ENC_LITTLE_ENDIAN);
1510 proto_tree_add_item(tree, hf_elink_mcount_mac_transmit_errors, tvb, offset+32, 4, ENC_LITTLE_ENDIAN);
1511 proto_tree_add_item(tree, hf_elink_mcount_carrier_sense_errors, tvb, offset+36, 4, ENC_LITTLE_ENDIAN);
1512 proto_tree_add_item(tree, hf_elink_mcount_frame_too_long, tvb, offset+40, 4, ENC_LITTLE_ENDIAN);
1513 proto_tree_add_item(tree, hf_elink_mcount_mac_receive_errors, tvb, offset+44, 4, ENC_LITTLE_ENDIAN);
1518 dissect_elink_interface_control(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1519 int offset, int total_len)
1522 proto_item *control_item;
1523 proto_tree *control_tree;
1527 expert_add_info(pinfo, item, &ei_mal_elink_interface_control);
1531 control_item = proto_tree_add_item(tree, hf_elink_icontrol_control_bits, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1532 control_tree = proto_item_add_subtree(control_item, ett_elink_icontrol_bits);
1533 proto_tree_add_item(control_tree, hf_elink_icontrol_control_bits_auto_neg, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1534 proto_tree_add_item(control_tree, hf_elink_icontrol_control_bits_forced_duplex, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1535 proto_tree_add_item(control_tree, hf_elink_icontrol_control_bits_reserved, tvb, offset, 2, ENC_LITTLE_ENDIAN);
1537 proto_tree_add_item(tree, hf_elink_icontrol_forced_speed, tvb, offset+2, 2, ENC_LITTLE_ENDIAN);
1542 dissect_dlr_ring_supervisor_config(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1543 int offset, int total_len)
1548 expert_add_info(pinfo, item, &ei_mal_dlr_ring_supervisor_config);
1552 proto_tree_add_item(tree, hf_dlr_rsc_ring_supervisor_enable, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1553 proto_tree_add_item(tree, hf_dlr_rsc_ring_supervisor_precedence, tvb, offset+1, 1, ENC_LITTLE_ENDIAN);
1554 proto_tree_add_item(tree, hf_dlr_rsc_beacon_interval, tvb, offset+2, 4, ENC_LITTLE_ENDIAN);
1555 proto_tree_add_item(tree, hf_dlr_rsc_beacon_timeout, tvb, offset+6, 4, ENC_LITTLE_ENDIAN);
1556 proto_tree_add_item(tree, hf_dlr_rsc_dlr_vlan_id, tvb, offset+10, 2, ENC_LITTLE_ENDIAN);
1561 dissect_dlr_last_active_node_on_port_1(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1562 int offset, int total_len)
1567 expert_add_info(pinfo, item, &ei_mal_dlr_last_active_node_on_port_1);
1571 proto_tree_add_item(tree, hf_dlr_lanp1_dev_ip_addr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1572 proto_tree_add_item(tree, hf_dlr_lanp1_dev_physical_address, tvb, offset+4, 6, ENC_NA);
1577 dissect_dlr_last_active_node_on_port_2(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1578 int offset, int total_len)
1583 expert_add_info(pinfo, item, &ei_mal_dlr_last_active_node_on_port_2);
1587 proto_tree_add_item(tree, hf_dlr_lanp2_dev_ip_addr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1588 proto_tree_add_item(tree, hf_dlr_lanp2_dev_physical_address, tvb, offset+4, 6, ENC_NA);
1593 dissect_dlr_ring_protocol_participants_list(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1594 int offset, int total_len)
1601 expert_add_info(pinfo, item, &ei_mal_dlr_ring_protocol_participants_list);
1606 while ( pos < total_len)
1608 proto_tree_add_item(tree, hf_dlr_rppl_dev_ip_addr, tvb, offset+pos, 4, ENC_LITTLE_ENDIAN);
1609 proto_tree_add_item(tree, hf_dlr_rppl_dev_physical_address, tvb, offset+pos+4, 6, ENC_NA);
1616 dissect_dlr_active_supervisor_address(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1617 int offset, int total_len)
1622 expert_add_info(pinfo, item, &ei_mal_dlr_active_supervisor_address);
1626 proto_tree_add_item(tree, hf_dlr_asa_supervisor_ip_addr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1627 proto_tree_add_item(tree, hf_dlr_asa_supervisor_physical_address, tvb, offset+4, 6, ENC_NA);
1632 dissect_dlr_capability_flags(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1633 int offset, int total_len)
1636 proto_item* flag_item;
1637 proto_tree* flag_tree;
1641 expert_add_info(pinfo, item, &ei_mal_dlr_capability_flags);
1645 flag_item = proto_tree_add_item(tree, hf_dlr_capability_flags, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1646 flag_tree = proto_item_add_subtree(flag_item, ett_dlr_capability_flags);
1648 proto_tree_add_item(flag_tree, hf_dlr_capflags_announce_base_node, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1649 proto_tree_add_item(flag_tree, hf_dlr_capflags_beacon_base_node, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1650 proto_tree_add_item(flag_tree, hf_dlr_capflags_reserved1, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1651 proto_tree_add_item(flag_tree, hf_dlr_capflags_supervisor_capable, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1652 proto_tree_add_item(flag_tree, hf_dlr_capflags_redundant_gateway_capable, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1653 proto_tree_add_item(flag_tree, hf_dlr_capflags_flush_frame_capable, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1654 proto_tree_add_item(flag_tree, hf_dlr_capflags_reserved2, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1659 dissect_dlr_redundant_gateway_config(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1660 int offset, int total_len)
1665 expert_add_info(pinfo, item, &ei_mal_dlr_redundant_gateway_config);
1669 proto_tree_add_item(tree, hf_dlr_rgc_red_gateway_enable, tvb, offset, 1, ENC_LITTLE_ENDIAN);
1670 proto_tree_add_item(tree, hf_dlr_rgc_gateway_precedence, tvb, offset+1, 1, ENC_LITTLE_ENDIAN);
1671 proto_tree_add_item(tree, hf_dlr_rgc_advertise_interval, tvb, offset+2, 4, ENC_LITTLE_ENDIAN);
1672 proto_tree_add_item(tree, hf_dlr_rgc_advertise_timeout, tvb, offset+6, 4, ENC_LITTLE_ENDIAN);
1673 proto_tree_add_item(tree, hf_dlr_rgc_learning_update_enable, tvb, offset+10, 1, ENC_LITTLE_ENDIAN);
1678 dissect_dlr_active_gateway_address(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb,
1679 int offset, int total_len)
1684 expert_add_info(pinfo, item, &ei_mal_dlr_active_gateway_address);
1688 proto_tree_add_item(tree, hf_dlr_aga_ip_addr, tvb, offset, 4, ENC_LITTLE_ENDIAN);
1689 proto_tree_add_item(tree, hf_dlr_aga_physical_address, tvb, offset+4, 6, ENC_NA);
1693 attribute_info_t enip_attribute_vals[45] = {
1696 {0xF5, FALSE, 1, "Status", cip_dissector_func, NULL, dissect_tcpip_status},
1697 {0xF5, FALSE, 2, "Configuration Capability", cip_dissector_func, NULL, dissect_tcpip_config_cap},
1698 {0xF5, FALSE, 3, "Configuration Control", cip_dissector_func, NULL, dissect_tcpip_config_control},
1699 {0xF5, FALSE, 4, "Physical Link Object", cip_dissector_func, NULL, dissect_tcpip_physical_link},
1700 {0xF5, FALSE, 5, "Interface Configuration", cip_dissector_func, NULL, dissect_tcpip_interface_config},
1701 {0xF5, FALSE, 6, "Host Name", cip_string, &hf_tcpip_hostname, NULL},
1702 {0xF5, FALSE, 8, "TTL Value", cip_usint, &hf_tcpip_ttl_value, NULL},
1703 {0xF5, FALSE, 9, "Multicast Configuration", cip_dissector_func, NULL, dissect_tcpip_mcast_config},
1704 {0xF5, FALSE, 10, "Select ACD", cip_bool, &hf_tcpip_select_acd, NULL},
1705 {0xF5, FALSE, 11, "Last Conflict Detected", cip_dissector_func, NULL, dissect_tcpip_last_conflict},
1706 {0xF5, FALSE, 12, "EtherNet/IP Quick Connect", cip_bool, &hf_tcpip_quick_connect, NULL},
1708 /* Ethernet Link object */
1709 {0xF6, FALSE, 1, "Interface Speed", cip_dword, &hf_elink_interface_speed, NULL},
1710 {0xF6, FALSE, 2, "Interface Flags", cip_dissector_func, NULL, dissect_elink_interface_flags},
1711 {0xF6, FALSE, 3, "Physical Address", cip_byte_array, &hf_elink_physical_address, NULL},
1712 {0xF6, FALSE, 4, "Interface Counters", cip_dissector_func, NULL, dissect_elink_interface_counters},
1713 {0xF6, FALSE, 5, "Media Counters", cip_dissector_func, NULL, dissect_elink_media_counters},
1714 {0xF6, FALSE, 6, "Interface Control", cip_dissector_func, NULL, dissect_elink_interface_control},
1715 {0xF6, FALSE, 7, "Interface Type", cip_usint, &hf_elink_interface_type, NULL},
1716 {0xF6, FALSE, 8, "Interface State", cip_usint, &hf_elink_interface_state, NULL},
1717 {0xF6, FALSE, 9, "Admin State", cip_usint, &hf_elink_admin_state, NULL},
1718 {0xF6, FALSE, 10, "Interface Label", cip_short_string, &hf_elink_interface_label, NULL},
1721 {0x48, FALSE, 1, "802.1Q Tag Enable", cip_bool, &hf_qos_8021q_enable, NULL},
1722 {0x48, FALSE, 2, "DSCP PTP Event", cip_usint, &hf_qos_dscp_ptp_event, NULL},
1723 {0x48, FALSE, 3, "DSCP PTP General", cip_usint, &hf_qos_dscp_ptp_general, NULL},
1724 {0x48, FALSE, 4, "DSCP Urgent", cip_usint, &hf_qos_dscp_urgent, NULL},
1725 {0x48, FALSE, 5, "DSCP Scheduled", cip_usint, &hf_qos_dscp_scheduled, NULL},
1726 {0x48, FALSE, 6, "DSCP High", cip_usint, &hf_qos_dscp_high, NULL},
1727 {0x48, FALSE, 7, "DSCP Low", cip_usint, &hf_qos_dscp_low, NULL},
1728 {0x48, FALSE, 8, "DSCP Explicit", cip_usint, &hf_qos_dscp_explicit, NULL},
1731 {0x47, FALSE, 1, "Network Topology", cip_usint, &hf_dlr_network_topology, NULL},
1732 {0x47, FALSE, 2, "Network Status", cip_usint, &hf_dlr_network_status, NULL},
1733 {0x47, FALSE, 3, "Ring Supervisor Status", cip_usint, &hf_dlr_ring_supervisor_status, NULL},
1734 {0x47, FALSE, 4, "Ring Supervisor Config", cip_dissector_func, NULL, dissect_dlr_ring_supervisor_config},
1735 {0x47, FALSE, 5, "Ring Faults Count", cip_uint, &hf_dlr_ring_faults_count, NULL},
1736 {0x47, FALSE, 6, "Last Active Node on Port 1", cip_dissector_func, NULL, dissect_dlr_last_active_node_on_port_1},
1737 {0x47, FALSE, 7, "Last Active Node on Port 2", cip_dissector_func, NULL, dissect_dlr_last_active_node_on_port_2},
1738 {0x47, FALSE, 8, "Ring Protocol Participants Count", cip_uint, &hf_dlr_ring_protocol_participants_count, NULL},
1739 {0x47, FALSE, 9, "Ring Protocol Participants List", cip_dissector_func, NULL, dissect_dlr_ring_protocol_participants_list},
1740 {0x47, FALSE, 10, "Active Supervisor Address", cip_dissector_func, NULL, dissect_dlr_active_supervisor_address},
1741 {0x47, FALSE, 11, "Active Supervisor Precedence", cip_usint, &hf_dlr_active_supervisor_precedence, NULL},
1742 {0x47, FALSE, 12, "Capability Flags", cip_dissector_func, NULL, dissect_dlr_capability_flags},
1743 {0x47, FALSE, 13, "Redundant Gateway Config", cip_dissector_func, NULL, dissect_dlr_redundant_gateway_config},
1744 {0x47, FALSE, 14, "Redundant Gateway Status", cip_usint, &hf_dlr_redundant_gateway_status, NULL},
1745 {0x47, FALSE, 15, "Active Gateway Address", cip_dissector_func, NULL, dissect_dlr_active_gateway_address},
1746 {0x47, FALSE, 16, "Actice Gateway Precedence", cip_usint, &hf_dlr_active_gateway_precedence, NULL},
1751 * Protocol initialization
1754 enip_init_protocol(void)
1756 if (enip_request_hashtable)
1757 g_hash_table_destroy(enip_request_hashtable);
1758 enip_request_hashtable = g_hash_table_new(enip_request_hash, enip_request_equal);
1760 if (enip_conn_hashtable)
1761 g_hash_table_destroy(enip_conn_hashtable);
1762 enip_conn_hashtable = g_hash_table_new(enip_conn_hash, enip_conn_equal);
1765 /* Disssect Common Packet Format */
1767 dissect_cpf(enip_request_key_t *request_key, int command, tvbuff_t *tvb,
1768 packet_info *pinfo, proto_tree *tree, proto_tree *dissector_tree, int offset, guint32 ifacehndl)
1770 proto_item *temp_item, *count_item, *type_item, *io_item;
1771 proto_tree *temp_tree, *count_tree, *item_tree, *sockaddr_tree, *io_tree;
1772 int item_count, item_length, item, io_length;
1773 unsigned char name_length;
1775 enip_request_info_t *request_info;
1776 enip_conn_val_t* conn_info = NULL;
1777 gboolean FwdOpen = FALSE;
1778 gboolean FwdOpenReply = FALSE;
1779 enum enip_connid_type connid_type = ECIDT_UNKNOWN;
1780 cip_safety_info_t* cip_safety;
1782 /* Create item count tree */
1783 item_count = tvb_get_letohs( tvb, offset );
1784 count_item = proto_tree_add_item( tree, hf_enip_cpf_itemcount, tvb, offset, 2, ENC_LITTLE_ENDIAN );
1785 count_tree = proto_item_add_subtree( count_item, ett_count_tree );
1787 while ( item_count-- )
1789 /* Add item type tree to item count tree*/
1790 type_item = proto_tree_add_item( count_tree, hf_enip_cpf_typeid, tvb, offset+2, 2, ENC_LITTLE_ENDIAN );
1791 item_tree = proto_item_add_subtree( type_item, ett_type_tree );
1793 /* Add length field to item type tree */
1794 proto_tree_add_item( item_tree, hf_enip_cpf_length, tvb, offset+4, 2, ENC_LITTLE_ENDIAN );
1796 item = tvb_get_letohs( tvb, offset+2 );
1797 item_length = tvb_get_letohs( tvb, offset+4 );
1801 /* Add item data field */
1805 case CONNECTION_BASED:
1807 /* Add Connection identifier */
1808 proto_tree_add_item(item_tree, hf_enip_cpf_cai_connid, tvb, offset+6, 4, ENC_LITTLE_ENDIAN );
1810 conn_info = enip_get_explicit_connid( pinfo, request_key, tvb_get_letohl( tvb, offset+6 ) );
1813 request_key->type = EPDT_CONNECTED_TRANSPORT;
1814 request_key->data.connected_transport.connid = (conn_info != NULL) ? conn_info->connid : 0;
1817 /* Add Connection ID to Info col */
1818 col_append_fstr(pinfo->cinfo, COL_INFO, ", CONID: 0x%08X", tvb_get_letohl( tvb, offset+6 ) );
1821 case UNCONNECTED_MSG:
1822 request_info = NULL;
1825 request_key->type = EPDT_UNCONNECTED;
1826 request_info = enip_match_request( pinfo, tree, request_key );
1829 /* Call dissector for interface */
1830 next_tvb = tvb_new_subset_length( tvb, offset+6, item_length);
1831 p_add_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_REQUEST_INFO, request_info);
1832 if ( tvb_reported_length_remaining(next_tvb, 0) <= 0 || !dissector_try_uint(subdissector_srrd_table, ifacehndl, next_tvb, pinfo, dissector_tree) )
1834 /* Show the undissected payload */
1835 if ( tvb_reported_length_remaining(tvb, offset) > 0 )
1836 call_dissector( data_handle, next_tvb, pinfo, dissector_tree);
1839 /* Check if this is a ForwardOpen packet, because special handling is needed
1840 to handle connection conversations */
1841 if ((request_info != NULL) && (request_info->cip_info != NULL) &&
1842 (request_info->cip_info->connInfo != NULL) &&
1843 (request_key != NULL) &&
1844 (((request_info->cip_info->bService & 0x7F) == SC_CM_FWD_OPEN) ||
1845 ((request_info->cip_info->bService & 0x7F) == SC_CM_LARGE_FWD_OPEN))&&
1846 (request_info->cip_info->dissector == dissector_get_uint_handle( subdissector_class_table, CI_CLS_CM)))
1848 if (request_key->requesttype == ENIP_REQUEST_PACKET)
1854 FwdOpenReply = TRUE;
1859 p_remove_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_REQUEST_INFO);
1863 case CONNECTION_TRANSPORT:
1865 if ( command == SEND_UNIT_DATA )
1867 request_info = NULL;
1871 request_key->type = EPDT_CONNECTED_TRANSPORT;
1872 request_key->data.connected_transport.sequence = tvb_get_letohs( tvb, offset+6 );
1873 request_info = enip_match_request( pinfo, tree, request_key );
1876 /* Save the connection info for the conversation filter */
1877 if ((!pinfo->fd->flags.visited) && (conn_info != NULL))
1878 p_add_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO, conn_info);
1881 ** If the encapsulation service is SendUnit Data, this is a
1882 ** encapsulated connected message
1885 /* Add sequence count ( Transport Class 1,2,3 ) */
1886 proto_tree_add_item( item_tree, hf_enip_cpf_cdi_seqcnt, tvb, offset+6, 2, ENC_LITTLE_ENDIAN );
1888 /* Call dissector for interface */
1889 next_tvb = tvb_new_subset_length (tvb, offset+8, item_length-2);
1890 p_add_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_REQUEST_INFO, request_info);
1891 if ( tvb_reported_length_remaining(next_tvb, 0) <= 0 || !dissector_try_uint(subdissector_sud_table, ifacehndl, next_tvb, pinfo, dissector_tree) )
1893 /* Show the undissected payload */
1894 if ( tvb_reported_length_remaining(tvb, offset) > 0 )
1895 call_dissector( data_handle, next_tvb, pinfo, dissector_tree );
1897 p_remove_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_REQUEST_INFO);
1902 if (tvb_reported_length_remaining(tvb, offset+6) > 0)
1904 next_tvb = tvb_new_subset_length(tvb, offset+6, item_length);
1905 if (conn_info != NULL)
1907 if (conn_info->safety.safety_seg == TRUE)
1909 /* Add any possible safety related data */
1910 cip_safety = wmem_new(wmem_file_scope(), cip_safety_info_t);
1911 cip_safety->conn_type = connid_type;
1912 cip_safety->server_dir = (conn_info->TransportClass_trigger & CI_PRODUCTION_DIR_MASK) ? TRUE : FALSE;
1913 cip_safety->format = conn_info->safety.format;
1914 p_add_proto_data(wmem_file_scope(), pinfo, proto_cipsafety, 0, cip_safety);
1915 call_dissector(cipsafety_handle, next_tvb, pinfo, dissector_tree);
1917 else if (conn_info->motion == TRUE)
1919 call_dissector(cipmotion_handle, next_tvb, pinfo, dissector_tree);
1923 io_length = item_length;
1925 if ((conn_info->TransportClass_trigger & CI_TRANSPORT_CLASS_MASK) == 1)
1927 proto_tree_add_item( item_tree, hf_enip_cpf_cdi_seqcnt,
1928 tvb, offset+6+(item_length-io_length), 2, ENC_LITTLE_ENDIAN );
1932 if (((connid_type == ECIDT_O2T) && enip_OTrun_idle) ||
1933 ((connid_type == ECIDT_T2O) && enip_TOrun_idle))
1935 io_item = proto_tree_add_item( item_tree, hf_enip_cpf_cdi_32bitheader,
1936 tvb, offset+6+(item_length-io_length), 4, ENC_LITTLE_ENDIAN );
1937 io_tree = proto_item_add_subtree( io_item, ett_32bitheader_tree );
1938 proto_tree_add_item(io_tree, hf_enip_cpf_cdi_32bitheader_roo,
1939 tvb, offset+6+(item_length-io_length), 4, ENC_LITTLE_ENDIAN );
1940 proto_tree_add_item(io_tree, hf_enip_cpf_cdi_32bitheader_coo,
1941 tvb, offset+6+(item_length-io_length), 4, ENC_LITTLE_ENDIAN );
1942 proto_tree_add_item(io_tree, hf_enip_cpf_cdi_32bitheader_run_idle,
1943 tvb, offset+6+(item_length-io_length), 4, ENC_LITTLE_ENDIAN );
1947 proto_tree_add_item(item_tree, hf_enip_connection_transport_data, tvb, offset+6+(item_length-io_length), io_length, ENC_NA);
1950 /* Save the connection info for the conversation filter */
1951 if (!pinfo->fd->flags.visited)
1952 p_add_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_CONNECTION_INFO, conn_info);
1956 /* Functionality for choosing subdissector is controlled through Decode As as EtherNet/IP doesn't
1957 have a unique identifier to determine subdissector */
1958 if (!dissector_try_uint(subdissector_io_table, 0, next_tvb, pinfo, dissector_tree))
1960 proto_tree_add_item(item_tree, hf_enip_connection_transport_data, tvb, offset+6, item_length, ENC_NA);
1964 } /* End of if send unit data */
1969 case LIST_IDENTITY_RESP:
1971 /* Encapsulation version */
1972 proto_tree_add_item( item_tree, hf_enip_encapver, tvb, offset+6, 2, ENC_LITTLE_ENDIAN );
1974 /* Socket Address */
1975 sockaddr_tree = proto_tree_add_subtree( item_tree, tvb, offset+8, 16, ett_sockadd, NULL, "Socket Address");
1977 /* Socket address struct - sin_family */
1978 proto_tree_add_item(sockaddr_tree, hf_enip_sinfamily,
1979 tvb, offset+8, 2, ENC_BIG_ENDIAN );
1981 /* Socket address struct - sin_port */
1982 proto_tree_add_item(sockaddr_tree, hf_enip_sinport,
1983 tvb, offset+10, 2, ENC_BIG_ENDIAN );
1985 /* Socket address struct - sin_address */
1986 proto_tree_add_item(sockaddr_tree, hf_enip_sinaddr,
1987 tvb, offset+12, 4, ENC_BIG_ENDIAN );
1989 /* Socket address struct - sin_zero */
1990 proto_tree_add_item(sockaddr_tree, hf_enip_sinzero,
1991 tvb, offset+16, 8, ENC_NA );
1994 proto_tree_add_item(item_tree, hf_enip_lir_vendor,
1995 tvb, offset+24, 2, ENC_LITTLE_ENDIAN );
1998 proto_tree_add_item(item_tree, hf_enip_lir_devtype,
1999 tvb, offset+26, 2, ENC_LITTLE_ENDIAN );
2002 proto_tree_add_item(item_tree, hf_enip_lir_prodcode,
2003 tvb, offset+28, 2, ENC_LITTLE_ENDIAN );
2006 proto_tree_add_item(item_tree, hf_enip_lir_revision,
2007 tvb, offset+30, 2, ENC_BIG_ENDIAN );
2010 proto_tree_add_item(item_tree, hf_enip_lir_status,
2011 tvb, offset+32, 2, ENC_LITTLE_ENDIAN );
2014 proto_tree_add_item(item_tree, hf_enip_lir_serial,
2015 tvb, offset+34, 4, ENC_LITTLE_ENDIAN );
2017 /* Product Name Length */
2018 name_length = tvb_get_guint8( tvb, offset+38 );
2019 proto_tree_add_item( item_tree, hf_enip_lir_namelen,
2020 tvb, offset+38, 1, ENC_LITTLE_ENDIAN );
2023 proto_tree_add_item(item_tree, hf_enip_lir_name,
2024 tvb, offset+39, name_length, ENC_ASCII|ENC_NA );
2026 /* Append product name to info column */
2027 col_append_fstr( pinfo->cinfo, COL_INFO, ", %s", tvb_format_text(tvb, offset+39, name_length));
2030 proto_tree_add_item(item_tree, hf_enip_lir_state,
2031 tvb, offset+name_length+39, 1, ENC_LITTLE_ENDIAN );
2035 case SOCK_ADR_INFO_OT:
2036 case SOCK_ADR_INFO_TO:
2038 /* Socket address struct - sin_family */
2039 proto_tree_add_item(item_tree, hf_enip_sinfamily,
2040 tvb, offset+6, 2, ENC_BIG_ENDIAN );
2042 /* Socket address struct - sin_port */
2043 proto_tree_add_item(item_tree, hf_enip_sinport,
2044 tvb, offset+8, 2, ENC_BIG_ENDIAN );
2046 /* Socket address struct - sin_address */
2047 proto_tree_add_item(item_tree, hf_enip_sinaddr,
2048 tvb, offset+10, 4, ENC_BIG_ENDIAN );
2050 /* Socket address struct - sin_zero */
2051 proto_tree_add_item( item_tree, hf_enip_sinzero,
2052 tvb, offset+14, 8, ENC_NA );
2054 if ((FwdOpen == TRUE) || (FwdOpenReply == TRUE))
2056 request_info = (enip_request_info_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_REQUEST_INFO);
2057 if (request_info != NULL)
2059 if (item == SOCK_ADR_INFO_OT)
2061 request_info->cip_info->connInfo->O2T.port = tvb_get_ntohs(tvb, offset+8);
2062 request_info->cip_info->connInfo->O2T.ipaddress.type = AT_IPv4;
2063 request_info->cip_info->connInfo->O2T.ipaddress.data = wmem_alloc(wmem_file_scope(), sizeof(guint32));
2064 *((guint32*)request_info->cip_info->connInfo->O2T.ipaddress.data) = tvb_get_ipv4(tvb, offset+10);
2068 request_info->cip_info->connInfo->T2O.port = tvb_get_ntohs(tvb, offset+8);
2069 request_info->cip_info->connInfo->T2O.ipaddress.type = AT_IPv4;
2070 request_info->cip_info->connInfo->T2O.ipaddress.data = wmem_alloc(wmem_file_scope(), sizeof(guint32));
2071 *((guint32*)request_info->cip_info->connInfo->T2O.ipaddress.data) = tvb_get_ipv4(tvb, offset+10);
2079 conn_info = enip_get_io_connid( pinfo, tvb_get_letohl( tvb, offset+6 ), &connid_type);
2080 proto_tree_add_item(item_tree, hf_enip_cpf_sai_connid, tvb, offset+6, 4, ENC_LITTLE_ENDIAN );
2081 proto_tree_add_item(item_tree, hf_enip_cpf_sai_seqnum, tvb, offset+10, 4, ENC_LITTLE_ENDIAN );
2083 /* Add info to column */
2084 col_add_fstr(pinfo->cinfo, COL_INFO, "Connection: ID=0x%08X, SEQ=%010d",
2085 tvb_get_letohl( tvb, offset+6 ),
2086 tvb_get_letohl( tvb, offset+10 ) );
2089 case LIST_SERVICES_RESP:
2091 /* Encapsulation version */
2092 proto_tree_add_item( item_tree, hf_enip_encapver, tvb, offset+6, 2, ENC_LITTLE_ENDIAN );
2094 /* Capability flags */
2095 temp_item = proto_tree_add_item( item_tree, hf_enip_lsr_capaflags, tvb, offset+8, 2, ENC_LITTLE_ENDIAN );
2096 temp_tree = proto_item_add_subtree( temp_item, ett_lsrcf );
2098 proto_tree_add_item( temp_tree, hf_enip_lsr_tcp, tvb, offset+8, 2, ENC_LITTLE_ENDIAN );
2099 proto_tree_add_item( temp_tree, hf_enip_lsr_udp, tvb, offset+8, 2, ENC_LITTLE_ENDIAN );
2101 /* Name of service */
2102 proto_tree_add_item( item_tree, hf_enip_lsr_servicename, tvb, offset+10, 16, ENC_ASCII|ENC_NA );
2104 /* Append service name to info column */
2105 col_append_fstr( pinfo->cinfo, COL_INFO, ", %s",
2106 tvb_format_stringzpad(tvb, offset+10, 16) );
2112 proto_tree_add_item(item_tree, hf_enip_cpf_data, tvb, offset+6, item_length, ENC_NA);
2115 } /* end of switch ( item type ) */
2117 } /* end of if ( item length ) */
2119 offset = offset + item_length + 4;
2121 } /* end of while ( item count ) */
2123 /* See if there is a CIP connection to establish */
2124 if (FwdOpenReply == TRUE)
2126 request_info = (enip_request_info_t *)p_get_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_REQUEST_INFO);
2127 if (request_info != NULL)
2129 enip_open_cip_connection(pinfo, request_info->cip_info->connInfo);
2131 p_remove_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_REQUEST_INFO);
2133 else if (FwdOpen == TRUE)
2135 p_remove_proto_data(wmem_file_scope(), pinfo, proto_enip, ENIP_REQUEST_INFO);
2138 } /* end of dissect_cpf() */
2142 static enum enip_packet_type
2143 classify_packet(packet_info *pinfo)
2145 /* see if nature of packets can be derived from src/dst ports */
2146 /* if so, return as found */
2147 if ( ( ENIP_ENCAP_PORT == pinfo->srcport && ENIP_ENCAP_PORT != pinfo->destport ) ||
2148 ( ENIP_ENCAP_PORT != pinfo->srcport && ENIP_ENCAP_PORT == pinfo->destport ) ) {
2149 if ( ENIP_ENCAP_PORT == pinfo->srcport )
2150 return ENIP_RESPONSE_PACKET;
2151 else if ( ENIP_ENCAP_PORT == pinfo->destport )
2152 return ENIP_REQUEST_PACKET;
2154 /* else, cannot classify */
2155 return ENIP_CANNOT_CLASSIFY;
2159 get_enip_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_)
2164 * Get the length of the data from the encapsulation header.
2166 plen = tvb_get_letohs(tvb, offset + 2);
2169 * That length doesn't include the encapsulation header itself;
2175 /* Code to actually dissect the packets */
2177 dissect_enip_pdu(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
2179 enum enip_packet_type packet_type;
2180 guint16 encap_cmd, encap_data_length;
2181 const char *pkt_type_str = "";
2183 enip_request_key_t request_key;
2184 conversation_t *conversation;
2186 /* Set up structures needed to add the protocol subtree and manage it */
2188 proto_tree *enip_tree, *header_tree = NULL, *csftree;
2190 /* Make entries in Protocol column and Info column on summary display */
2191 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ENIP");
2192 col_clear(pinfo->cinfo, COL_INFO);
2194 encap_cmd = tvb_get_letohs( tvb, 0 );
2196 packet_type = classify_packet(pinfo);
2198 switch ( packet_type )
2200 case ENIP_REQUEST_PACKET:
2201 pkt_type_str = "Req";
2204 case ENIP_RESPONSE_PACKET:
2205 pkt_type_str = "Rsp";
2208 case ENIP_CANNOT_CLASSIFY:
2213 /* Add encapsulation command to info column */
2214 col_append_sep_fstr(pinfo->cinfo, COL_INFO, " | ", "%s (%s)",
2215 val_to_str(encap_cmd, encap_cmd_vals, "Unknown (0x%04x)"),
2219 * We need to track some state for this protocol on a per conversation
2220 * basis so we can do neat things like request/response tracking
2222 conversation = find_or_create_conversation(pinfo);
2225 * Attach that information to the conversation, and add
2226 * it to the list of information structures later before dissection.
2228 memset( &request_key, 0, sizeof(enip_request_key_t) );
2229 request_key.requesttype = packet_type;
2230 request_key.type = EPDT_UNKNOWN;
2231 request_key.session_handle = tvb_get_letohl( tvb, 4 );
2232 request_key.sender_context = tvb_get_letoh64( tvb, 12 );
2233 request_key.conversation = conversation->index;
2235 encap_data_length = tvb_get_letohs( tvb, 2 );
2239 /* create display subtree for the protocol */
2240 ti = proto_tree_add_item(tree, proto_enip, tvb, 0, -1, ENC_NA );
2242 enip_tree = proto_item_add_subtree(ti, ett_enip);
2244 /* Add encapsulation header tree */
2245 header_tree = proto_tree_add_subtree( enip_tree, tvb, 0, 24, ett_enip, NULL, "Encapsulation Header");
2247 /* Add EtherNet/IP encapsulation header */
2248 proto_tree_add_item( header_tree, hf_enip_command, tvb, 0, 2, ENC_LITTLE_ENDIAN );
2250 encap_data_length = tvb_get_letohs( tvb, 2 );
2251 proto_tree_add_item( header_tree, hf_enip_length, tvb, 2, 2, ENC_LITTLE_ENDIAN );
2252 proto_tree_add_item( header_tree, hf_enip_session, tvb, 4, 4, ENC_LITTLE_ENDIAN );
2253 proto_tree_add_item( header_tree, hf_enip_status, tvb, 8, 4, ENC_LITTLE_ENDIAN );
2254 if ((encap_cmd == LIST_IDENTITY) &&
2255 /* Length of 0 probably indicates a request */
2256 ((encap_data_length == 0) || (packet_type == ENIP_REQUEST_PACKET)))
2258 proto_tree_add_item( header_tree, hf_enip_listid_delay, tvb, 12, 2, ENC_LITTLE_ENDIAN );
2259 proto_tree_add_item( header_tree, hf_enip_sendercontex, tvb, 14, 6, ENC_NA );
2263 proto_tree_add_item( header_tree, hf_enip_sendercontex, tvb, 12, 8, ENC_NA );
2265 proto_tree_add_item( header_tree, hf_enip_options, tvb, 20, 4, ENC_LITTLE_ENDIAN );
2267 /* Append session and command to the protocol tree */
2268 proto_item_append_text( ti, ", Session: 0x%08X, %s", tvb_get_letohl( tvb, 4 ),
2269 val_to_str( encap_cmd, encap_cmd_vals, "Unknown (0x%04x)" ) );
2274 ** For some commands we want to add some info to the info column
2276 switch ( encap_cmd )
2278 case REGISTER_SESSION:
2279 case UNREGISTER_SESSION:
2280 col_append_fstr( pinfo->cinfo, COL_INFO, ", Session: 0x%08X",
2281 tvb_get_letohl( tvb, 4 ) );
2285 /* Command specific data - create tree */
2286 if ( encap_data_length )
2288 /* The packet have some command specific data, buid a sub tree for it */
2290 csftree = proto_tree_add_subtree( enip_tree, tvb, 24, encap_data_length,
2291 ett_command_tree, NULL, "Command Specific Data");
2293 switch ( encap_cmd )
2299 dissect_cpf( &request_key, encap_cmd, tvb, pinfo, csftree, tree, 24, 0 );
2303 dissect_cpf( &request_key, encap_cmd, tvb, pinfo, csftree, tree, 24, 0 );
2306 case LIST_INTERFACES:
2307 dissect_cpf( &request_key, encap_cmd, tvb, pinfo, csftree, tree, 24, 0 );
2310 case REGISTER_SESSION:
2311 proto_tree_add_item( csftree, hf_enip_rs_version, tvb, 24, 2, ENC_LITTLE_ENDIAN );
2312 proto_tree_add_item( csftree, hf_enip_rs_optionflags, tvb, 26, 2, ENC_LITTLE_ENDIAN );
2315 case UNREGISTER_SESSION:
2319 proto_tree_add_item( csftree, hf_enip_srrd_ifacehnd, tvb, 24, 4, ENC_LITTLE_ENDIAN );
2320 proto_tree_add_item( csftree, hf_enip_timeout, tvb, 28, 2, ENC_LITTLE_ENDIAN );
2322 ifacehndl = tvb_get_letohl( tvb, 24 );
2323 dissect_cpf( &request_key, encap_cmd, tvb, pinfo, csftree, tree, 30, ifacehndl );
2326 case SEND_UNIT_DATA:
2327 proto_tree_add_item(csftree, hf_enip_sud_ifacehnd, tvb, 24, 4, ENC_LITTLE_ENDIAN);
2328 proto_tree_add_item( csftree, hf_enip_timeout, tvb, 28, 2, ENC_LITTLE_ENDIAN );
2330 ifacehndl = tvb_get_letohl( tvb, 24 );
2331 dissect_cpf( &request_key, encap_cmd, tvb, pinfo, csftree, tree, 30, ifacehndl );
2334 case INDICATE_STATUS:
2338 /* Can not decode - Just show the data */
2339 proto_tree_add_item(header_tree, hf_enip_encap_data, tvb, 24, encap_data_length, ENC_NA);
2342 } /* end of switch () */
2344 } /* end of if ( encapsulated data ) */
2346 return tvb_captured_length(tvb);
2347 } /* end of dissect_enip_pdu() */
2350 dissect_enip_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
2354 /* An ENIP packet is at least 4 bytes long - we need the command type. */
2355 if (!tvb_bytes_exist(tvb, 0, 4))
2358 /* Get the command type and see if it's valid. */
2359 encap_cmd = tvb_get_letohs( tvb, 0 );
2360 if (try_val_to_str(encap_cmd, encap_cmd_vals) == NULL)
2361 return 0; /* not a known command */
2363 return dissect_enip_pdu(tvb, pinfo, tree, data);
2367 dissect_enip_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
2371 /* An ENIP packet is at least 4 bytes long - we need the command type. */
2372 if (!tvb_bytes_exist(tvb, 0, 4))
2375 /* Get the command type and see if it's valid. */
2376 encap_cmd = tvb_get_letohs( tvb, 0 );
2377 if (try_val_to_str(encap_cmd, encap_cmd_vals) == NULL)
2378 return 0; /* not a known command */
2380 tcp_dissect_pdus(tvb, pinfo, tree, enip_desegment, 4, get_enip_pdu_len, dissect_enip_pdu, data);
2381 return tvb_captured_length(tvb);
2384 /* Code to actually dissect the io packets*/
2386 dissect_enipio(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
2388 /* Set up structures needed to add the protocol subtree and manage it */
2390 proto_tree *enip_tree;
2392 /* Make entries in Protocol column and Info column on summary display */
2393 col_set_str(pinfo->cinfo, COL_PROTOCOL, "ENIP");
2395 /* In the interest of speed, if "tree" is NULL, don't do any work not
2396 necessary to generate protocol tree items. */
2398 /* create display subtree for the protocol */
2399 ti = proto_tree_add_item(tree, proto_enip, tvb, 0, -1, ENC_NA );
2401 enip_tree = proto_item_add_subtree(ti, ett_enip);
2403 dissect_cpf( NULL, 0xFFFF, tvb, pinfo, enip_tree, tree, 0, 0 );
2405 } /* end of dissect_enipio() */
2409 dissect_dlr(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2412 proto_tree *dlr_tree;
2414 guint8 dlr_protover;
2415 guint8 dlr_frametype;
2417 /* Make entries in Protocol column and Info column on summary display */
2418 col_set_str(pinfo->cinfo, COL_PROTOCOL, "DLR");
2420 col_clear(pinfo->cinfo, COL_INFO);
2422 /* Create display subtree for the protocol */
2423 ti = proto_tree_add_item(tree, proto_dlr, tvb, 0, -1, ENC_NA );
2424 dlr_tree = proto_item_add_subtree( ti, ett_dlr );
2426 /* Get values for the Common Frame Header Format */
2427 dlr_subtype = tvb_get_guint8(tvb, DLR_CFH_SUB_TYPE);
2428 dlr_protover = tvb_get_guint8(tvb, DLR_CFH_PROTO_VERSION);
2430 /* Dissect the Common Frame Header Format */
2431 proto_tree_add_uint( dlr_tree, hf_dlr_ringsubtype, tvb, DLR_CFH_SUB_TYPE, 1, dlr_subtype );
2432 proto_tree_add_uint( dlr_tree, hf_dlr_ringprotoversion, tvb, DLR_CFH_PROTO_VERSION, 1, dlr_protover );
2434 /* Get values for the DLR Message Payload Fields */
2435 dlr_frametype = tvb_get_guint8(tvb, DLR_MPF_FRAME_TYPE);
2437 /* Dissect the DLR Message Payload Fields */
2438 proto_tree_add_item( dlr_tree, hf_dlr_frametype, tvb, DLR_MPF_FRAME_TYPE, 1, ENC_BIG_ENDIAN );
2439 proto_tree_add_item( dlr_tree, hf_dlr_sourceport, tvb, DLR_MPF_SOURCE_PORT, 1, ENC_BIG_ENDIAN );
2440 proto_tree_add_item( dlr_tree, hf_dlr_sourceip, tvb, DLR_MPF_SOURCE_IP, 4, ENC_BIG_ENDIAN );
2441 proto_tree_add_item( dlr_tree, hf_dlr_sequenceid, tvb, DLR_MPF_SEQUENCE_ID, 4, ENC_BIG_ENDIAN );
2443 /* Add frame type to col info */
2444 col_add_fstr(pinfo->cinfo, COL_INFO, "%s",
2445 val_to_str(dlr_frametype, dlr_frame_type_vals, "Unknown (0x%04x)") );
2447 if ( dlr_frametype == DLR_FT_BEACON )
2450 proto_tree_add_item( dlr_tree, hf_dlr_ringstate, tvb, DLR_BE_RING_STATE, 1, ENC_BIG_ENDIAN );
2451 proto_tree_add_item( dlr_tree, hf_dlr_supervisorprecedence, tvb, DLR_BE_SUPERVISOR_PRECEDENCE, 1, ENC_BIG_ENDIAN );
2452 proto_tree_add_item( dlr_tree, hf_dlr_beaconinterval, tvb, DLR_BE_BEACON_INTERVAL, 4, ENC_BIG_ENDIAN );
2453 proto_tree_add_item( dlr_tree, hf_dlr_beacontimeout, tvb, DLR_BE_BEACON_TIMEOUT, 4, ENC_BIG_ENDIAN );
2454 proto_tree_add_item( dlr_tree, hf_dlr_beaconreserved, tvb, DLR_BE_RESERVED, 20, ENC_NA );
2456 else if ( dlr_frametype == DLR_FT_NEIGHBOR_REQ )
2458 /* Neighbor_Check_Request */
2459 proto_tree_add_item( dlr_tree, hf_dlr_nreqreserved, tvb, DLR_NREQ_RESERVED, 30, ENC_NA );
2461 else if ( dlr_frametype == DLR_FT_NEIGHBOR_RES )
2463 /* Neighbor_Check_Response */
2464 proto_tree_add_item( dlr_tree, hf_dlr_nressourceport, tvb, DLR_NRES_SOURCE_PORT, 1, ENC_BIG_ENDIAN );
2465 proto_tree_add_item( dlr_tree, hf_dlr_nresreserved, tvb, DLR_NRES_RESERVED, 29, ENC_NA );
2467 else if ( dlr_frametype == DLR_FT_LINK_STAT )
2469 /* Link_Status/Neighbor_Status */
2470 proto_item* flag_item;
2471 proto_tree* flag_tree;
2473 flag_item = proto_tree_add_item( dlr_tree, hf_dlr_lnknbrstatus, tvb, DLR_LNS_SOURCE_PORT, 1, ENC_BIG_ENDIAN );
2474 flag_tree = proto_item_add_subtree(flag_item, ett_dlr_lnknbrstatus_flags);
2476 proto_tree_add_item(flag_tree, hf_dlr_lnknbrstatus_port1, tvb, DLR_LNS_SOURCE_PORT, 1, ENC_LITTLE_ENDIAN);
2477 proto_tree_add_item(flag_tree, hf_dlr_lnknbrstatus_port2, tvb, DLR_LNS_SOURCE_PORT, 1, ENC_LITTLE_ENDIAN);
2478 proto_tree_add_item(flag_tree, hf_dlr_lnknbrstatus_reserved, tvb, DLR_LNS_SOURCE_PORT, 1, ENC_LITTLE_ENDIAN);
2479 proto_tree_add_item(flag_tree, hf_dlr_lnknbrstatus_frame_type, tvb, DLR_LNS_SOURCE_PORT, 1, ENC_LITTLE_ENDIAN);
2481 proto_tree_add_item( dlr_tree, hf_dlr_lnknbrreserved, tvb, DLR_LNS_RESERVED, 29, ENC_NA );
2483 else if ( dlr_frametype == DLR_FT_LOCATE_FLT )
2486 proto_tree_add_item( dlr_tree, hf_dlr_lfreserved, tvb, DLR_LF_RESERVED, 30, ENC_NA );
2488 else if ( dlr_frametype == DLR_FT_ANNOUNCE )
2491 proto_tree_add_item( dlr_tree, hf_dlr_ringstate, tvb, DLR_AN_RING_STATE, 1, ENC_BIG_ENDIAN );
2492 proto_tree_add_item( dlr_tree, hf_dlr_anreserved, tvb, DLR_AN_RESERVED, 29, ENC_NA );
2494 else if ( dlr_frametype == DLR_FT_SIGN_ON )
2502 nNumNodes = tvb_get_ntohs(tvb, DLR_SO_NUM_NODES);
2504 proto_tree_add_uint( dlr_tree, hf_dlr_sonumnodes, tvb, DLR_SO_NUM_NODES, 2, nNumNodes );
2506 /* Add each node in the list */
2507 for( nCnt = 0, nOffset = DLR_SO_NODE_1_MAC; nCnt < nNumNodes; nCnt++ )
2509 proto_tree_add_item( dlr_tree, hf_dlr_somac, tvb, nOffset, 6, ENC_NA );
2511 proto_tree_add_item( dlr_tree, hf_dlr_soip, tvb, nOffset, 4, ENC_BIG_ENDIAN );
2517 proto_tree_add_item( dlr_tree, hf_dlr_soreserved, tvb, nOffset, 42 - nOffset, ENC_NA );
2518 /* nOffset += (42 - nOffset); */
2521 else if ( dlr_frametype == DLR_FT_ADVERTISE )
2524 proto_tree_add_item( dlr_tree, hf_dlr_advgatewaystate, tvb, DLR_ADV_GATEWAY_STATE, 1, ENC_BIG_ENDIAN );
2525 proto_tree_add_item( dlr_tree, hf_dlr_advgatewayprecedence, tvb, DLR_ADV_GATEWAY_PRECEDENCE, 1, ENC_BIG_ENDIAN );
2526 proto_tree_add_item( dlr_tree, hf_dlr_advadvertiseinterval, tvb, DLR_ADV_ADVERTISE_INTERVAL, 4, ENC_BIG_ENDIAN );
2527 proto_tree_add_item( dlr_tree, hf_dlr_advadvertisetimeout, tvb, DLR_ADV_ADVERTISE_TIMEOUT, 4, ENC_BIG_ENDIAN );
2528 proto_tree_add_item( dlr_tree, hf_dlr_advlearningupdateenable, tvb, DLR_ADV_LEARNING_UPDATE_ENABLE, 1, ENC_BIG_ENDIAN );
2529 proto_tree_add_item( dlr_tree, hf_dlr_advreserved, tvb, DLR_ADV_RESERVED, 19, ENC_NA );
2531 else if ( dlr_frametype == DLR_FT_FLUSH_TABLES )
2533 proto_tree_add_item( dlr_tree, hf_dlr_flushlearningupdateenable, tvb, DLR_FLUSH_LEARNING_UPDATE_ENABLE, 1, ENC_BIG_ENDIAN );
2534 proto_tree_add_item( dlr_tree, hf_dlr_flushreserved, tvb, DLR_FLUSH_RESERVED, 29, ENC_NA );
2536 else if ( dlr_frametype == DLR_FT_LEARNING_UPDATE )
2538 proto_tree_add_item( dlr_tree, hf_dlr_learnreserved, tvb, DLR_LEARN_RESERVED, 34, ENC_NA );
2542 /* Unknown Frame type */
2545 return tvb_captured_length(tvb);
2547 } /* end of dissect_dlr() */
2550 /* Register the protocol with Wireshark */
2552 /* this format is require because a script is used to build the C function
2553 that calls all the protocol registration.
2557 proto_register_enip(void)
2559 /* Setup list of header fields */
2560 static hf_register_info hf[] = {
2562 { "Command", "enip.command",
2563 FT_UINT16, BASE_HEX, VALS(encap_cmd_vals), 0,
2564 "Encapsulation command", HFILL }},
2567 { "Length", "enip.length",
2568 FT_UINT16, BASE_DEC, NULL, 0,
2569 "Encapsulation length", HFILL }},
2572 { "Session Handle", "enip.session",
2573 FT_UINT32, BASE_HEX, NULL, 0,
2574 "Session identification", HFILL }},
2577 { "Status", "enip.status",
2578 FT_UINT32, BASE_HEX, VALS(encap_status_vals), 0,
2579 "Status code", HFILL }},
2581 { &hf_enip_sendercontex,
2582 { "Sender Context", "enip.context",
2583 FT_BYTES, BASE_NONE, NULL, 0,
2584 "Information pertinent to the sender", HFILL }},
2586 { &hf_enip_listid_delay,
2587 { "Max Response Delay", "enip.listid_delay",
2588 FT_UINT16, BASE_DEC, NULL, 0,
2589 "Maximum random delay allowed by target", HFILL }},
2592 { "Options", "enip.options",
2593 FT_UINT32, BASE_HEX, NULL, 0,
2594 "Options flags", HFILL }},
2596 { &hf_enip_encapver,
2597 { "Encapsulation Version", "enip.encapver",
2598 FT_UINT16, BASE_DEC, NULL, 0,
2601 { &hf_enip_sinfamily,
2602 { "sin_family", "enip.sinfamily",
2603 FT_UINT16, BASE_DEC, NULL, 0,
2604 "Socket Address.Sin Family", HFILL }},
2607 { "sin_port", "enip.sinport",
2608 FT_UINT16, BASE_DEC, NULL, 0,
2609 "Socket Address.Sin Port", HFILL }},
2612 { "sin_addr", "enip.sinaddr",
2613 FT_IPv4, BASE_NONE, NULL, 0,
2614 "Socket Address.Sin Addr", HFILL }},
2617 { "sin_zero", "enip.sinzero",
2618 FT_BYTES, BASE_NONE, NULL, 0,
2619 "Socket Address.Sin Zero", HFILL }},
2622 { "Timeout", "enip.timeout",
2623 FT_UINT16, BASE_DEC, NULL, 0,
2624 "Encapsulation Timeout", HFILL }},
2626 { &hf_enip_encap_data,
2627 { "Encap Data", "enip.encap_data",
2628 FT_BYTES, BASE_NONE, NULL, 0,
2629 "Encapsulation Data", HFILL }},
2631 /* List Services Reply */
2632 { &hf_enip_lsr_capaflags,
2633 { "Capability Flags", "enip.lsr.capaflags",
2634 FT_UINT16, BASE_HEX, NULL, 0,
2635 "ListServices Reply: Capability Flags", HFILL }},
2638 { "Supports CIP Encapsulation via TCP", "enip.lsr.capaflags.tcp",
2639 FT_BOOLEAN, 16, TFS(&tfs_true_false), 0x0020,
2640 "ListServices Reply: Supports CIP Encapsulation via TCP", HFILL }},
2643 { "Supports CIP Class 0 or 1 via UDP", "enip.lsr.capaflags.udp",
2644 FT_BOOLEAN, 16, TFS(&tfs_true_false), 0x0100,
2645 "ListServices Reply: Supports CIP Class 0 or 1 via UDP", HFILL }},
2647 { &hf_enip_lsr_servicename,
2648 { "Name of Service", "enip.lsr.servicename",
2649 FT_STRING, BASE_NONE, NULL, 0,
2650 "ListServices Reply: Name of Service", HFILL }},
2652 /* Register Session */
2653 { &hf_enip_rs_version,
2654 { "Protocol Version", "enip.rs.version",
2655 FT_UINT16, BASE_DEC, NULL, 0,
2656 "Register Session: Protocol Version", HFILL }},
2658 { &hf_enip_rs_optionflags,
2659 { "Option Flags", "enip.rs.flags",
2660 FT_UINT16, BASE_HEX, NULL, 0,
2661 "Register Session: Option Flags", HFILL }},
2663 /* Send Request/Reply Data */
2664 { &hf_enip_srrd_ifacehnd,
2665 { "Interface Handle", "enip.srrd.iface",
2666 FT_UINT32, BASE_HEX, VALS(enip_interface_handle_vals), 0,
2667 "SendRRData: Interface handle", HFILL }},
2669 /* Send Unit Data */
2670 { &hf_enip_sud_ifacehnd,
2671 { "Interface Handle", "enip.sud.iface",
2672 FT_UINT32, BASE_HEX, VALS(enip_interface_handle_vals), 0,
2673 "SendUnitData: Interface handle", HFILL }},
2675 /* List identity reply */
2676 { &hf_enip_lir_vendor,
2677 { "Vendor ID", "enip.lir.vendor",
2678 FT_UINT16, BASE_HEX|BASE_EXT_STRING, &cip_vendor_vals_ext, 0,
2679 "ListIdentity Reply: Vendor ID", HFILL }},
2681 { &hf_enip_lir_devtype,
2682 { "Device Type", "enip.lir.devtype",
2683 FT_UINT16, BASE_DEC|BASE_EXT_STRING, &cip_devtype_vals_ext, 0,
2684 "ListIdentity Reply: Device Type", HFILL }},
2686 { &hf_enip_lir_prodcode,
2687 { "Product Code", "enip.lir.prodcode",
2688 FT_UINT16, BASE_DEC, NULL, 0,
2689 "ListIdentity Reply: Product Code", HFILL }},
2691 { &hf_enip_lir_revision,
2692 { "Revision", "enip.lir.revision",
2693 FT_UINT16, BASE_CUSTOM, CF_FUNC(enip_fmt_lir_revision), 0,
2694 "ListIdentity Reply: Revision", HFILL }},
2696 { &hf_enip_lir_status,
2697 { "Status", "enip.lir.status",
2698 FT_UINT16, BASE_HEX, NULL, 0,
2699 "ListIdentity Reply: Status", HFILL }},
2701 { &hf_enip_lir_serial,
2702 { "Serial Number", "enip.lir.serial",
2703 FT_UINT32, BASE_HEX, NULL, 0,
2704 "ListIdentity Reply: Serial Number", HFILL }},
2706 { &hf_enip_lir_namelen,
2707 { "Product Name Length", "enip.lir.namelen",
2708 FT_UINT8, BASE_DEC, NULL, 0,
2709 "ListIdentity Reply: Product Name Length", HFILL }},
2711 { &hf_enip_lir_name,
2712 { "Product Name", "enip.lir.name",
2713 FT_STRING, BASE_NONE, NULL, 0,
2714 "ListIdentity Reply: Product Name", HFILL }},
2716 { &hf_enip_lir_state,
2717 { "State", "enip.lir.state",
2718 FT_UINT8, BASE_HEX, NULL, 0,
2719 "ListIdentity Reply: State", HFILL }},
2721 /* Common Packet Format */
2722 { &hf_enip_cpf_itemcount,
2723 { "Item Count", "enip.cpf.itemcount",
2724 FT_UINT16, BASE_DEC, NULL, 0,
2725 "Common Packet Format: Item Count", HFILL }},
2727 { &hf_enip_cpf_typeid,
2728 { "Type ID", "enip.cpf.typeid",
2729 FT_UINT16, BASE_HEX, VALS(cdf_type_vals), 0,
2730 "Common Packet Format: Type of encapsulated item", HFILL }},
2732 { &hf_enip_cpf_length,
2733 { "Length", "enip.cpf.length",
2734 FT_UINT16, BASE_DEC, NULL, 0,
2735 "Common Packet Format: Length", HFILL }},
2737 /* Connected Data Item */
2738 { &hf_enip_cpf_cdi_seqcnt,
2739 { "Sequence Count", "enip.cpf.cdi.seqcnt",
2740 FT_UINT16, BASE_HEX, NULL, 0,
2741 "Common Packet Format: Connected Data Item, Sequence Count", HFILL }},
2743 { &hf_enip_cpf_cdi_32bitheader,
2744 { "32-bit Header", "enip.cpf.cdi.32bitheader",
2745 FT_UINT32, BASE_HEX, NULL, 0,
2746 "Common Packet Format: Connected Data Item, 32-bit Header", HFILL }},
2748 { &hf_enip_cpf_cdi_32bitheader_roo,
2749 { "ROO", "enip.cpf.cdi.roo",
2750 FT_UINT32, BASE_HEX, NULL, 0xC,
2751 "Common Packet Format: Connected Data Item, Ready for Ownership of Outputs", HFILL }},
2753 { &hf_enip_cpf_cdi_32bitheader_coo,
2754 { "COO", "enip.cpf.cdi.coo",
2755 FT_UINT32, BASE_HEX, NULL, 0x2,
2756 "Common Packet Format: Connected Data Item, Claim Output Ownership", HFILL }},
2758 { &hf_enip_cpf_cdi_32bitheader_run_idle,
2759 { "Run/Idle", "enip.cpf.cdi.run_idle",
2760 FT_UINT32, BASE_HEX, VALS(enip_run_idle_vals), 0x1,
2761 "Common Packet Format: Connected Data Item, Run/Idle", HFILL }},
2763 /* Connection Address Item */
2764 { &hf_enip_cpf_cai_connid,
2765 { "Connection ID", "enip.cpf.cai.connid",
2766 FT_UINT32, BASE_HEX, NULL, 0,
2767 "Common Packet Format: Connection Address Item, Connection Identifier", HFILL }},
2769 /* Sequenced Address Type */
2770 { &hf_enip_cpf_sai_connid,
2771 { "Connection ID", "enip.cpf.sai.connid",
2772 FT_UINT32, BASE_HEX, NULL, 0,
2773 "Common Packet Format: Sequenced Address Item, Connection Identifier", HFILL }},
2775 { &hf_enip_cpf_sai_seqnum,
2776 { "Sequence Number", "enip.cpf.sai.seq",
2777 FT_UINT32, BASE_DEC, NULL, 0,
2778 "Common Packet Format: Sequenced Address Item, Sequence Number", HFILL }},
2780 { &hf_enip_cpf_data,
2781 { "Data", "enip.cpf.data",
2782 FT_BYTES, BASE_NONE, NULL, 0,
2783 "Common Packet Format: Unknown Data", HFILL }},
2785 /* Request/Response Matching */
2786 { &hf_enip_response_in,
2787 { "Response In", "enip.response_in",
2788 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
2789 "The response to this ENIP request is in this frame", HFILL }},
2791 { &hf_enip_response_to,
2792 { "Request In", "enip.response_to",
2793 FT_FRAMENUM, BASE_NONE, NULL, 0x0,
2794 "This is a response to the ENIP request in this frame", HFILL }},
2797 { "Time", "enip.time",
2798 FT_RELATIVE_TIME, BASE_NONE, NULL, 0x0,
2799 "The time between the Call and the Reply", HFILL }},
2801 { &hf_enip_connection_transport_data,
2802 { "Data", "enip.connection_transport_data",
2803 FT_BYTES, BASE_NONE, NULL, 0x0,
2804 "Connection Transport Data", HFILL }},
2807 { "Status", "cip.tcpip.status",
2808 FT_UINT32, BASE_HEX, NULL, 0,
2811 { &hf_tcpip_status_interface_config,
2812 { "Interface Configuration Status", "cip.tcpip.status.interface_config",
2813 FT_UINT32, BASE_DEC, VALS(enip_tcpip_status_interface_config_vals), 0x0000000F,
2816 { &hf_tcpip_status_mcast_pending,
2817 { "MCast Pending", "cip.tcpip.status.mcast_pending",
2818 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000010,
2821 { &hf_tcpip_status_interface_config_pending,
2822 { "Interface Configuration Pending", "cip.tcpip.status.interface_config_pending",
2823 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000020,
2826 { &hf_tcpip_status_acd,
2827 { "ACD Status", "cip.tcpip.status.acd",
2828 FT_UINT32, BASE_DEC, VALS(enip_tcpip_status_acd_vals), 0x00000040,
2831 { &hf_tcpip_status_reserved,
2832 { "Reserved", "cip.tcpip.status.reserved",
2833 FT_UINT32, BASE_HEX, NULL, 0xFFFFFF80,
2836 { &hf_tcpip_config_cap,
2837 { "Configuration Capability", "cip.tcpip.config_cap",
2838 FT_UINT32, BASE_HEX, NULL, 0,
2841 { &hf_tcpip_config_cap_bootp,
2842 { "BOOTP Client", "cip.tcpip.config_cap.bootp",
2843 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000001,
2846 { &hf_tcpip_config_cap_dns,
2847 { "DNS Client", "cip.tcpip.config_cap.dns",
2848 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000002,
2851 { &hf_tcpip_config_cap_dhcp,
2852 { "DHCP Client", "cip.tcpip.config_cap.dhcp",
2853 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000004,
2856 { &hf_tcpip_config_cap_dhcp_dns_update,
2857 { "DHCP-DNS Update", "cip.tcpip.config_cap.dhcp_dns_update",
2858 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000008,
2861 { &hf_tcpip_config_cap_config_settable,
2862 { "Configuration Settable", "cip.tcpip.config_cap.config_settable",
2863 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000010,
2866 { &hf_tcpip_config_cap_hardware_config,
2867 { "Hardware Configurable", "cip.tcpip.config_cap.hardware_config",
2868 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000020,
2871 { &hf_tcpip_config_cap_interface_reset,
2872 { "Interface Configuration Change Requires Reset", "cip.tcpip.config_cap.interface_reset",
2873 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000040,
2876 { &hf_tcpip_config_cap_acd,
2877 { "ACD Capable", "cip.tcpip.config_cap.acd",
2878 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000080,
2881 { &hf_tcpip_config_cap_reserved,
2882 { "Reserved", "cip.tcpip.config_cap.reserved",
2883 FT_UINT32, BASE_HEX, NULL, 0xFFFFFF00,
2886 { &hf_tcpip_config_control,
2887 { "Configuration Control", "cip.tcpip.config_control",
2888 FT_UINT32, BASE_HEX, NULL, 0,
2891 { &hf_tcpip_config_control_config,
2892 { "Configuration Method", "cip.tcpip.config_control.config",
2893 FT_UINT32, BASE_DEC, VALS(enip_tcpip_config_control_config_vals), 0x0000000F,
2896 { &hf_tcpip_config_control_dns,
2897 { "DNS Enable", "cip.tcpip.config_control.dns",
2898 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000010,
2901 { &hf_tcpip_config_control_reserved,
2902 { "Reserved", "cip.tcpip.config_control.reserved",
2903 FT_UINT32, BASE_HEX, NULL, 0xFFFFFFE0,
2906 { &hf_tcpip_physical_link_size,
2907 { "Size", "cip.tcpip.physical_link_size",
2908 FT_UINT16, BASE_DEC, NULL, 0,
2911 { &hf_tcpip_ic_ip_addr,
2912 { "IP Address", "cip.tcpip.ip_addr",
2913 FT_IPv4, BASE_NONE, NULL, 0,
2916 { &hf_tcpip_ic_subnet_mask,
2917 { "Subnet Mask", "cip.tcpip.subnet_mask",
2918 FT_IPv4, BASE_NONE, NULL, 0,
2921 { &hf_tcpip_ic_gateway,
2922 { "Gateway", "cip.tcpip.gateway",
2923 FT_IPv4, BASE_NONE, NULL, 0,
2926 { &hf_tcpip_ic_name_server,
2927 { "Name Server", "cip.tcpip.name_server",
2928 FT_IPv4, BASE_NONE, NULL, 0,
2931 { &hf_tcpip_ic_name_server2,
2932 { "Name Server2", "cip.tcpip.name_server2",
2933 FT_IPv4, BASE_NONE, NULL, 0,
2936 { &hf_tcpip_ic_domain_name,
2937 { "Domain Name", "cip.tcpip.domain_name",
2938 FT_STRING, BASE_NONE, NULL, 0,
2941 { &hf_tcpip_hostname,
2942 { "Hostname", "cip.tcpip.hostname",
2943 FT_STRING, BASE_NONE, NULL, 0,
2946 { &hf_tcpip_ttl_value,
2947 { "TTL Value", "cip.tcpip.ttl_value",
2948 FT_UINT8, BASE_DEC, NULL, 0,
2951 { &hf_tcpip_mcast_alloc,
2952 { "Alloc Control", "cip.tcpip.mcast.alloc",
2953 FT_UINT8, BASE_DEC, VALS(enip_tcpip_mcast_alloc_vals), 0,
2956 { &hf_tcpip_mcast_reserved,
2957 { "Reserved", "cip.tcpip.mcast.reserved",
2958 FT_UINT8, BASE_HEX, NULL, 0,
2961 { &hf_tcpip_mcast_num_mcast,
2962 { "Num MCast", "cip.tcpip.mcast.num_mcast",
2963 FT_UINT16, BASE_DEC, NULL, 0,
2966 { &hf_tcpip_mcast_addr_start,
2967 { "MCast Start Addr", "cip.tcpip.mcast.addr_start",
2968 FT_IPv4, BASE_NONE, NULL, 0,
2971 { &hf_tcpip_select_acd,
2972 { "Select ACD", "cip.tcpip.select_acd",
2973 FT_BOOLEAN, BASE_NONE, TFS(&tfs_enabled_disabled), 0,
2976 { &hf_tcpip_lcd_acd_activity,
2977 { "ACD Activity", "cip.tcpip.last_conflict.acd_activity",
2978 FT_UINT8, BASE_DEC, VALS(enip_tcpip_acd_activity_vals), 0,
2981 { &hf_tcpip_lcd_remote_mac,
2982 { "RemoteMAC", "cip.tcpip.last_conflict.remote_mac",
2983 FT_ETHER, BASE_NONE, NULL, 0,
2986 { &hf_tcpip_lcd_arp_pdu,
2987 { "Arp PDU", "cip.tcpip.last_conflict.arp_pdu",
2988 FT_BYTES, BASE_NONE, NULL, 0,
2991 { &hf_tcpip_quick_connect,
2992 { "Ethernet/IP Quick Connection", "cip.tcpip.quick_connect",
2993 FT_BOOLEAN, 8, TFS(&tfs_enabled_disabled), 0x1,
2997 { &hf_elink_interface_speed,
2998 { "Interface Speed", "cip.elink.interface_speed",
2999 FT_UINT32, BASE_DEC, NULL, 0,
3002 { &hf_elink_interface_flags,
3003 { "Interface Flags", "cip.elink.iflags",
3004 FT_UINT32, BASE_HEX, NULL, 0,
3007 { &hf_elink_iflags_link_status,
3008 { "Link Status", "cip.elink.iflags.link_status",
3009 FT_BOOLEAN, 32, TFS(&tfs_active_inactive), 0x00000001,
3012 { &hf_elink_iflags_duplex,
3013 { "Duplex", "cip.elink.iflags.duplex",
3014 FT_UINT32, BASE_DEC, VALS(enip_elink_duplex_vals), 0x00000002,
3017 { &hf_elink_iflags_neg_status,
3018 { "Negotiation Status", "cip.elink.iflags.neg_status",
3019 FT_UINT32, BASE_DEC, VALS(enip_elink_iflags_neg_status_vals), 0x0000001C,
3022 { &hf_elink_iflags_manual_reset,
3023 { "Manual Reset Required", "cip.elink.iflags.manual_reset",
3024 FT_UINT32, BASE_DEC, VALS(enip_elink_iflags_reset_vals), 0x00000020,
3027 { &hf_elink_iflags_local_hw_fault,
3028 { "Local Hardware Fault", "cip.elink.iflags.local_hw_fault",
3029 FT_UINT32, BASE_DEC, VALS(enip_elink_iflags_hw_fault_vals), 0x00000040,
3032 { &hf_elink_iflags_reserved,
3033 { "Reserved", "cip.elink.iflags.reserved",
3034 FT_UINT32, BASE_HEX, NULL, 0xFFFFFF80,
3037 { &hf_elink_physical_address,
3038 { "Physical Addresss", "cip.elink.physical_address",
3039 FT_ETHER, BASE_NONE, NULL, 0,
3042 { &hf_elink_icount_in_octets,
3043 { "In Octets", "cip.elink.icount.in_octets",
3044 FT_UINT32, BASE_DEC, NULL, 0,
3047 { &hf_elink_icount_in_ucast,
3048 { "In Ucast Packets", "cip.elink.icount.in_ucast",
3049 FT_UINT32, BASE_DEC, NULL, 0,
3052 { &hf_elink_icount_in_nucast,
3053 { "In NUcast Packets", "cip.elink.icount.in_nucast",
3054 FT_UINT32, BASE_DEC, NULL, 0,
3057 { &hf_elink_icount_in_discards,
3058 { "In Discards", "cip.elink.icount.in_discards",
3059 FT_UINT32, BASE_DEC, NULL, 0,
3062 { &hf_elink_icount_in_errors,
3063 { "In Errors", "cip.elink.icount.in_errors",
3064 FT_UINT32, BASE_DEC, NULL, 0,
3067 { &hf_elink_icount_in_unknown_protos,
3068 { "In Unknown Protos", "cip.elink.icount.in_unknown_protos",
3069 FT_UINT32, BASE_DEC, NULL, 0,
3072 { &hf_elink_icount_out_octets,
3073 { "Out Octets", "cip.elink.icount.out_octets",
3074 FT_UINT32, BASE_DEC, NULL, 0,
3077 { &hf_elink_icount_out_ucast,
3078 { "Out Ucast Packets", "cip.elink.icount.out_ucast",
3079 FT_UINT32, BASE_DEC, NULL, 0,
3082 { &hf_elink_icount_out_nucast,
3083 { "Out NUcast Packets", "cip.elink.icount.out_nucast",
3084 FT_UINT32, BASE_DEC, NULL, 0,
3087 { &hf_elink_icount_out_discards,
3088 { "Out Discards", "cip.elink.icount.out_discards",
3089 FT_UINT32, BASE_DEC, NULL, 0,
3092 { &hf_elink_icount_out_errors,
3093 { "Out Errors", "cip.elink.icount.out_errors",
3094 FT_UINT32, BASE_DEC, NULL, 0,
3097 { &hf_elink_mcount_alignment_errors,
3098 { "Alignment Errors", "cip.elink.mcount.alignment_errors",
3099 FT_UINT32, BASE_DEC, NULL, 0,
3102 { &hf_elink_mcount_fcs_errors,
3103 { "FCS Errors", "cip.elink.mcount.fcs_errors",
3104 FT_UINT32, BASE_DEC, NULL, 0,
3107 { &hf_elink_mcount_single_collisions,
3108 { "Single Collisions", "cip.elink.mcount.single_collisions",
3109 FT_UINT32, BASE_DEC, NULL, 0,
3112 { &hf_elink_mcount_multiple_collisions,
3113 { "Multiple Collisions", "cip.elink.mcount.multiple_collisions",
3114 FT_UINT32, BASE_DEC, NULL, 0,
3117 { &hf_elink_mcount_sqe_test_errors,
3118 { "SQE Test Errors", "cip.elink.mcount.sqe_test_errors",
3119 FT_UINT32, BASE_DEC, NULL, 0,
3122 { &hf_elink_mcount_deferred_transmission,
3123 { "Deferred Transmission", "cip.elink.mcount.deferred_transmission",
3124 FT_UINT32, BASE_DEC, NULL, 0,
3127 { &hf_elink_mcount_late_collisions,
3128 { "Late Collisions", "cip.elink.mcount.late_collisions",
3129 FT_UINT32, BASE_DEC, NULL, 0,
3132 { &hf_elink_mcount_excessive_collisions,
3133 { "Excessive Collisions", "cip.elink.mcount.excessive_collisions",
3134 FT_UINT32, BASE_DEC, NULL, 0,
3137 { &hf_elink_mcount_mac_transmit_errors,
3138 { "MAC Transmit Errors", "cip.elink.mcount.mac_transmit_errors",
3139 FT_UINT32, BASE_DEC, NULL, 0,
3142 { &hf_elink_mcount_carrier_sense_errors,
3143 { "Carrier Sense Errors", "cip.elink.mcount.carrier_sense_errors",
3144 FT_UINT32, BASE_DEC, NULL, 0,
3147 { &hf_elink_mcount_frame_too_long,
3148 { "Frame Too Long", "cip.elink.mcount.frame_too_long",
3149 FT_UINT32, BASE_DEC, NULL, 0,
3152 { &hf_elink_mcount_mac_receive_errors,
3153 { "MAC Receive Errors", "cip.elink.mcount.mac_receive_errors",
3154 FT_UINT32, BASE_DEC, NULL, 0,
3157 { &hf_elink_icontrol_control_bits,
3158 { "Control Bits", "cip.elink.icontrol.control_bits",
3159 FT_UINT16, BASE_HEX, NULL, 0,
3162 { &hf_elink_icontrol_control_bits_auto_neg,
3163 { "Auto-negotiate", "cip.elink.icontrol.control_bits.auto_neg",
3164 FT_BOOLEAN, 16, TFS(&tfs_enabled_disabled), 0x0001,
3167 { &hf_elink_icontrol_control_bits_forced_duplex,
3168 { "Forced Duplex Mode", "cip.elink.icontrol.control_bits.forced_duplex",
3169 FT_UINT16, BASE_DEC, VALS(enip_elink_duplex_vals), 0x0002,
3172 { &hf_elink_icontrol_control_bits_reserved,
3173 { "Reserved", "cip.elink.icontrol.control_bits.reserved",
3174 FT_UINT16, BASE_HEX, NULL, 0xFFFC,
3177 { &hf_elink_icontrol_forced_speed,
3178 { "Forced Interface Speed", "cip.elink.icontrol.forced_speed",
3179 FT_UINT16, BASE_DEC, NULL, 0,
3182 { &hf_elink_interface_type,
3183 { "Interface Type", "cip.elink.interface_type",
3184 FT_UINT8, BASE_DEC, VALS(enip_elink_interface_type_vals), 0,
3187 { &hf_elink_interface_state,
3188 { "Interface State", "cip.elink.interface_state",
3189 FT_UINT8, BASE_DEC, VALS(enip_elink_interface_state_vals), 0,
3192 { &hf_elink_admin_state,
3193 { "Admin State", "cip.elink.admin_state",
3194 FT_UINT8, BASE_DEC, VALS(enip_elink_admin_state_vals), 0,
3197 { &hf_elink_interface_label,
3198 { "Interface Label", "cip.elink.interface_label",
3199 FT_STRING, BASE_NONE, NULL, 0,
3203 { &hf_qos_8021q_enable,
3204 { "802.1Q Tag Enable", "cip.qos.8021q_enable",
3205 FT_BOOLEAN, 8, TFS(&tfs_enabled_disabled), 0x1,
3208 { &hf_qos_dscp_ptp_event,
3209 { "DSCP PTP Event", "cip.qos.ptp_event",
3210 FT_UINT8, BASE_DEC, NULL, 0,
3213 { &hf_qos_dscp_ptp_general,
3214 { "DSCP PTP General", "cip.qos.ptp_general",
3215 FT_UINT8, BASE_DEC, NULL, 0,
3218 { &hf_qos_dscp_urgent,
3219 { "DSCP Urgent", "cip.qos.urgent",
3220 FT_UINT8, BASE_DEC, NULL, 0,
3223 { &hf_qos_dscp_scheduled,
3224 { "DSCP Scheduled", "cip.qos.scheduled",
3225 FT_UINT8, BASE_DEC, NULL, 0,
3228 { &hf_qos_dscp_high,
3229 { "DSCP High", "cip.qos.high",
3230 FT_UINT8, BASE_DEC, NULL, 0,
3234 { "DSCP Low", "cip.qos.low",
3235 FT_UINT8, BASE_DEC, NULL, 0,
3238 { &hf_qos_dscp_explicit,
3239 { "DSCP Explicit", "cip.qos.explicit",
3240 FT_UINT8, BASE_DEC, NULL, 0,
3243 { &hf_dlr_network_topology,
3244 { "Network Topology", "cip.dlr.network_topology",
3245 FT_UINT8, BASE_DEC, VALS(enip_dlr_network_topology_vals), 0,
3248 { &hf_dlr_network_status,
3249 { "Network Status", "cip.dlr.network_status",
3250 FT_UINT8, BASE_DEC, VALS(enip_dlr_network_status_vals), 0,
3253 { &hf_dlr_ring_supervisor_status,
3254 { "Ring Supervisor Status", "cip.dlr.ring_supervisor_status",
3255 FT_UINT8, BASE_DEC, VALS(enip_dlr_ring_supervisor_status_vals), 0,
3258 { &hf_dlr_rsc_ring_supervisor_enable,
3259 { "Ring Supervisor Enable", "cip.dlr.rscconfig.supervisor_enable",
3260 FT_BOOLEAN, 8, TFS(&tfs_true_false), 0,
3263 { &hf_dlr_rsc_ring_supervisor_precedence,
3264 { "Ring Supervisor Precedence", "cip.dlr.rscconfig.supervisor_precedence",
3265 FT_UINT8, BASE_DEC, NULL, 0,
3268 { &hf_dlr_rsc_beacon_interval,
3269 { "Beacon Interval", "cip.dlr.rscconfig.beacon_interval",
3270 FT_UINT32, BASE_DEC, NULL, 0,
3273 { &hf_dlr_rsc_beacon_timeout,
3274 { "Beacon Timeout", "cip.dlr.rscconfig.beacon_timeout",
3275 FT_UINT32, BASE_DEC, NULL, 0,
3278 { &hf_dlr_rsc_dlr_vlan_id,
3279 { "DLR VLAN ID", "cip.dlr.rscconfig.dlr_vlan_id",
3280 FT_UINT16, BASE_DEC, NULL, 0,
3283 { &hf_dlr_ring_faults_count,
3284 { "Ring Faults Count", "cip.dlr.ring_faults_count",
3285 FT_UINT16, BASE_DEC, NULL, 0,
3288 { &hf_dlr_lanp1_dev_ip_addr,
3289 { "Device IP Address", "cip.dlr.lanp1.ip_addr",
3290 FT_IPv4, BASE_NONE, NULL, 0,
3293 { &hf_dlr_lanp1_dev_physical_address,
3294 { "Device Physical Address", "cip.dlr.lanp1.physical_address",
3295 FT_ETHER, BASE_NONE, NULL, 0,
3298 { &hf_dlr_lanp2_dev_ip_addr,
3299 { "Device IP Address", "cip.dlr.lanp2.ip_addr",
3300 FT_IPv4, BASE_NONE, NULL, 0,
3303 { &hf_dlr_lanp2_dev_physical_address,
3304 { "Device Physical Address", "cip.dlr.lanp2.physical_address",
3305 FT_ETHER, BASE_NONE, NULL, 0,
3308 { &hf_dlr_ring_protocol_participants_count,
3309 { "Participants Count", "cip.dlr.participants_count",
3310 FT_UINT16, BASE_DEC, NULL, 0,
3313 { &hf_dlr_rppl_dev_ip_addr,
3314 { "Device IP Address", "cip.dlr.rppl.ip_addr",
3315 FT_IPv4, BASE_NONE, NULL, 0,
3318 { &hf_dlr_rppl_dev_physical_address,
3319 { "Device Physical Address", "cip.dlr.rppl.physical_address",
3320 FT_ETHER, BASE_NONE, NULL, 0,
3323 { &hf_dlr_asa_supervisor_ip_addr,
3324 { "Supervisor IP Address", "cip.dlr.asa.ip_addr",
3325 FT_IPv4, BASE_NONE, NULL, 0,
3328 { &hf_dlr_asa_supervisor_physical_address,
3329 { "Supervisor Physical Address", "cip.dlr.asa.physical_address",
3330 FT_ETHER, BASE_NONE, NULL, 0,
3333 { &hf_dlr_active_supervisor_precedence,
3334 { "Active Supervisor Precedence", "cip.dlr.supervisor_precedence",
3335 FT_UINT8, BASE_DEC, NULL, 0,
3338 { &hf_dlr_capability_flags,
3339 { "Capability Flags", "cip.dlr.capflags",
3340 FT_UINT32, BASE_HEX, NULL, 0,
3343 { &hf_dlr_capflags_announce_base_node,
3344 { "Announce-based Ring Node", "cip.dlr.capflags.announce_based",
3345 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000001,
3348 { &hf_dlr_capflags_beacon_base_node,
3349 { "Beacon-based Ring Node", "cip.dlr.capflags.beacon_based",
3350 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000002,
3353 { &hf_dlr_capflags_reserved1,
3354 { "Reserved", "cip.dlr.capflags.reserved1",
3355 FT_BOOLEAN, 32, NULL, 0x0000001C,
3358 { &hf_dlr_capflags_supervisor_capable,
3359 { "Supervisor Capable", "cip.dlr.capflags.supervisor_capable",
3360 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000020,
3363 { &hf_dlr_capflags_redundant_gateway_capable,
3364 { "Redundant Gatway Capable", "cip.dlr.capflags.redundant_gateway_capable",
3365 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000040,
3368 { &hf_dlr_capflags_flush_frame_capable,
3369 { "Flush_Table Frame Capable", "cip.dlr.capflags.flush_frame_capable",
3370 FT_BOOLEAN, 32, TFS(&tfs_true_false), 0x00000080,
3373 { &hf_dlr_capflags_reserved2,
3374 { "Reserved", "cip.dlr.capflags.reserved2",
3375 FT_BOOLEAN, 32, NULL, 0xFFFFFF00,
3378 { &hf_dlr_rgc_red_gateway_enable,
3379 { "Redundant Gateway Enable", "cip.dlr.rgc.gateway_enable",
3380 FT_BOOLEAN, 8, TFS(&tfs_true_false), 0,
3383 { &hf_dlr_rgc_gateway_precedence,
3384 { "Gateway Precedence", "cip.dlr.rgc.gateway_precedence",
3385 FT_UINT8, BASE_DEC, NULL, 0,
3388 { &hf_dlr_rgc_advertise_interval,
3389 { "Advertise Interval", "cip.dlr.rgc.advertise_interval",
3390 FT_UINT32, BASE_DEC, NULL, 0,
3393 { &hf_dlr_rgc_advertise_timeout,
3394 { "Advertise Timeout", "cip.dlr.rgc.advertise_timeout",
3395 FT_UINT32, BASE_DEC, NULL, 0,
3398 { &hf_dlr_rgc_learning_update_enable,
3399 { "Learning Update Enable", "cip.dlr.rgc.learning_update_enable",
3400 FT_BOOLEAN, 8, TFS(&tfs_true_false), 0,
3403 { &hf_dlr_redundant_gateway_status,
3404 { "Redundant Gateway Status", "cip.dlr.redundant_gateway_status",
3405 FT_UINT8, BASE_DEC, VALS(enip_dlr_redundant_gateway_status_vals), 0,
3408 { &hf_dlr_aga_ip_addr,
3409 { "Active Gateway IP Address", "cip.dlr.aga.ip_addr",
3410 FT_IPv4, BASE_NONE, NULL, 0,
3413 { &hf_dlr_aga_physical_address,
3414 { "Active Gateway Physical Address", "cip.dlr.aga.physical_address",
3415 FT_ETHER, BASE_NONE, NULL, 0,
3418 { &hf_dlr_active_gateway_precedence,
3419 { "Active Gateway Precedence", "cip.dlr.active_gateway_precedence",
3420 FT_UINT8, BASE_DEC, NULL, 0,
3425 /* Setup protocol subtree array */
3426 static gint *ett[] = {
3433 &ett_32bitheader_tree,
3436 &ett_tcpip_config_cap,
3437 &ett_tcpip_config_control,
3438 &ett_elink_interface_flags,
3439 &ett_elink_icontrol_bits,
3440 &ett_dlr_capability_flags,
3441 &ett_dlr_lnknbrstatus_flags
3444 static ei_register_info ei[] = {
3445 { &ei_mal_tcpip_status, { "cip.malformed.tcpip.status", PI_MALFORMED, PI_ERROR, "Malformed TCP/IP Status", EXPFILL }},
3446 { &ei_mal_tcpip_config_cap, { "cip.malformed.tcpip.config_cap", PI_MALFORMED, PI_ERROR, "Malformed TCP/IP Configuration Capability", EXPFILL }},
3447 { &ei_mal_tcpip_config_control, { "cip.malformed.tcpip.config_control", PI_MALFORMED, PI_ERROR, "Malformed TCP/IP Configuration Control", EXPFILL }},
3448 { &ei_mal_tcpip_physical_link_size, { "cip.malformed.tcpip.physical_link_size", PI_MALFORMED, PI_ERROR, "Malformed TCP/IP Physical Link Object", EXPFILL }},
3449 { &ei_mal_tcpip_interface_config, { "cip.malformed.tcpip.interface_config", PI_MALFORMED, PI_ERROR, "Malformed TCP/IP Interface Configuration", EXPFILL }},
3450 { &ei_mal_tcpip_mcast_config, { "cip.malformed.tcpip.mcast_config", PI_MALFORMED, PI_ERROR, "Malformed TCP/IP Multicast Config", EXPFILL }},
3451 { &ei_mal_tcpip_last_conflict, { "cip.malformed.tcpip.last_conflict", PI_MALFORMED, PI_ERROR, "Malformed TCP/IP Last Conflict Detected", EXPFILL }},
3452 { &ei_mal_elink_interface_flags, { "cip.malformed.elink.interface_flags", PI_MALFORMED, PI_ERROR, "Malformed Ethernet Link Interface Flags", EXPFILL }},
3453 { &ei_mal_elink_interface_counters, { "cip.malformed.elink.interface_counters", PI_MALFORMED, PI_ERROR, "Malformed Ethernet Link Interface Counters", EXPFILL }},
3454 { &ei_mal_elink_media_counters, { "cip.malformed.elink.media_counters", PI_MALFORMED, PI_ERROR, "Malformed Ethernet Link Media Counters", EXPFILL }},
3455 { &ei_mal_elink_interface_control, { "cip.malformed.elink.interface_control", PI_MALFORMED, PI_ERROR, "Malformed Ethernet Link Interface Control", EXPFILL }},
3456 { &ei_mal_dlr_ring_supervisor_config, { "cip.malformed.dlr.ring_supervisor_config", PI_MALFORMED, PI_ERROR, "Malformed DLR Ring Supervisor Config", EXPFILL }},
3457 { &ei_mal_dlr_last_active_node_on_port_1, { "cip.malformed.dlr.last_active_node_on_port_1", PI_MALFORMED, PI_ERROR, "Malformed DLR Last Active Node on Port 1", EXPFILL }},
3458 { &ei_mal_dlr_last_active_node_on_port_2, { "cip.malformed.dlr.last_active_node_on_port_2", PI_MALFORMED, PI_ERROR, "Malformed DLR Last Active Node on Port 2", EXPFILL }},
3459 { &ei_mal_dlr_ring_protocol_participants_list, { "cip.malformed.dlr.ring_protocol_participants_list", PI_MALFORMED, PI_ERROR, "Malformed DLR Ring Protocol Participants List", EXPFILL }},
3460 { &ei_mal_dlr_active_supervisor_address, { "cip.malformed.dlr.active_supervisor_address", PI_MALFORMED, PI_ERROR, "Malformed DLR Active Supervisor Address", EXPFILL }},
3461 { &ei_mal_dlr_capability_flags, { "cip.malformed.dlr.capability_flags", PI_MALFORMED, PI_ERROR, "Malformed DLR Capability Flag", EXPFILL }},
3462 { &ei_mal_dlr_redundant_gateway_config, { "cip.malformed.dlr.redundant_gateway_config", PI_MALFORMED, PI_ERROR, "Malformed DLR Redundant Gateway Config", EXPFILL }},
3463 { &ei_mal_dlr_active_gateway_address, { "cip.malformed.dlr.active_gateway_address", PI_MALFORMED, PI_ERROR, "Malformed DLR Active Gateway Address", EXPFILL }},
3466 /* Setup list of header fields for DLR See Section 1.6.1 for details*/
3467 static hf_register_info hfdlr[] = {
3469 { &hf_dlr_ringsubtype,
3470 { "Ring Sub-Type", "enip.dlr.ringsubtype",
3471 FT_UINT8, BASE_HEX, NULL, 0,
3474 /* Ring Protocol Version */
3475 { &hf_dlr_ringprotoversion,
3476 { "Ring Protocol Version", "enip.dlr.protversion",
3477 FT_UINT8, BASE_DEC, NULL, 0,
3481 { &hf_dlr_frametype,
3482 { "Frame Type", "enip.dlr.frametype",
3483 FT_UINT8, BASE_HEX, VALS(dlr_frame_type_vals), 0,
3487 { &hf_dlr_sourceport,
3488 { "Source Port", "enip.dlr.sourceport",
3489 FT_UINT8, BASE_HEX, VALS(dlr_source_port_vals), 0,
3492 /* Source IP Address */
3494 { "Source IP", "enip.dlr.sourceip",
3495 FT_IPv4, BASE_NONE, NULL, 0,
3496 "Source IP Address", HFILL }
3499 { &hf_dlr_sequenceid,
3500 { "Sequence Id", "enip.dlr.seqid",
3501 FT_UINT32, BASE_HEX, NULL, 0,
3505 { &hf_dlr_ringstate,
3506 { "Ring State", "enip.dlr.state",
3507 FT_UINT8, BASE_HEX, VALS(dlr_ring_state_vals), 0,
3510 /* Supervisor Precedence */
3511 { &hf_dlr_supervisorprecedence,
3512 { "Supervisor Precedence", "enip.dlr.supervisorprecedence",
3513 FT_UINT8, BASE_DEC, NULL, 0,
3516 /* Beacon Interval */
3517 { &hf_dlr_beaconinterval,
3518 { "Beacon Interval", "enip.dlr.beaconinterval",
3519 FT_UINT32, BASE_DEC, NULL, 0,
3522 /* Beacon Timeout */
3523 { &hf_dlr_beacontimeout,
3524 { "Beacon Timeout", "enip.dlr.beacontimeout",
3525 FT_UINT32, BASE_DEC, NULL, 0,
3528 /* Beacon Reserved */
3529 { &hf_dlr_beaconreserved,
3530 { "Reserved", "enip.dlr.beaconreserved",
3531 FT_BYTES, BASE_NONE, NULL, 0,
3532 "Beacon Reserved", HFILL }
3534 /* Neighbor_Check_Request Reserved */
3535 { &hf_dlr_nreqreserved,
3536 { "Reserved", "enip.dlr.nreqreserved",
3537 FT_BYTES, BASE_NONE, NULL, 0,
3538 "Neighbor_Check_Request Reserved", HFILL }
3540 /* Neighbor_Check_Response Source Port */
3541 { &hf_dlr_nressourceport,
3542 { "Request Source Port", "enip.dlr.nressourceport",
3543 FT_UINT8, BASE_HEX, VALS(dlr_source_port_vals), 0,
3544 "Neighbor_Check_Response Source Port", HFILL }
3546 /* Neighbor_Check_Response Reserved */
3547 { &hf_dlr_nresreserved,
3548 { "Reserved", "enip.dlr.nresreserved",
3549 FT_BYTES, BASE_NONE, NULL, 0,
3550 "Neighbor_Check_Response Reserved", HFILL }
3552 /* Link_Status/Neighbor_Status Status */
3553 { &hf_dlr_lnknbrstatus,
3554 { "Link/Neighbor Status", "enip.dlr.lnknbrstatus.status",
3555 FT_UINT8, BASE_HEX, NULL, 0,
3556 "Link_Status/Neighbor_Status Status", HFILL }
3558 { &hf_dlr_lnknbrstatus_port1,
3559 { "Port 1 Active", "enip.dlr.lnknbrstatus.port1",
3560 FT_BOOLEAN, 8, TFS(&tfs_true_false), 0x01,
3563 { &hf_dlr_lnknbrstatus_port2,
3564 { "Port 2 Active", "enip.dlr.lnknbrstatus.port2",
3565 FT_BOOLEAN, 8, TFS(&tfs_true_false), 0x02,
3568 { &hf_dlr_lnknbrstatus_reserved,
3569 { "Reserved", "enip.dlr.lnknbrstatus.reserved",
3570 FT_BOOLEAN, 8, NULL, 0x7C,
3573 { &hf_dlr_lnknbrstatus_frame_type,
3574 { "Link/Neighbor Status Frame Type", "enip.dlr.lnknbrstatus.frame_type",
3575 FT_BOOLEAN, 8, TFS(&dlr_lnknbrstatus_frame_type_vals), 0x80,
3578 /* Link_Status/Neighbor_Status Reserved */
3579 { &hf_dlr_lnknbrreserved,
3580 { "Reserved", "enip.dlr.lnknbrreserved",
3581 FT_BYTES, BASE_NONE, NULL, 0,
3582 "Link_Status/Neighbor_Status Reserved", HFILL }
3584 /* Locate_Fault Reserved */
3585 { &hf_dlr_lfreserved,
3586 { "Reserved", "enip.dlr.lfreserved",
3587 FT_BYTES, BASE_NONE, NULL, 0,
3588 "Locate_Fault Reserved", HFILL }
3590 /* Announce Reserved */
3591 { &hf_dlr_anreserved,
3592 { "Reserved", "enip.dlr.anreserved",
3593 FT_BYTES, BASE_NONE, NULL, 0,
3594 "Announce Reserved", HFILL }
3596 /* Number of Nodes in List */
3597 { &hf_dlr_sonumnodes,
3598 { "Num nodes", "enip.dlr.sonumnodes",
3599 FT_UINT16, BASE_DEC, NULL, 0,
3600 "Number of Nodes in List", HFILL }
3602 /* Sign_On Node # MAC Address */
3604 { "MAC Address", "enip.dlr.somac",
3605 FT_ETHER, BASE_NONE, NULL, 0,
3606 "Sign_On Node MAC Address", HFILL }
3608 /* Node # IP Address */
3610 { "IP Address", "enip.dlr.soip",
3611 FT_IPv4, BASE_NONE, NULL, 0,
3612 "Sign_On Node IP Address", HFILL }
3614 /* Sign_On Reserved */
3615 { &hf_dlr_soreserved,
3616 { "Reserved", "enip.dlr.soreserved",
3617 FT_BYTES, BASE_NONE, NULL, 0,
3618 "Sign_On Reserved", HFILL }
3621 { &hf_dlr_advgatewaystate,
3622 { "Gateway Status", "enip.dlr.advgatewaystate",
3623 FT_UINT8, BASE_HEX, VALS(dlr_adv_state_vals), 0,
3624 "Gateway State", HFILL }
3626 /* Gateway Precedence */
3627 { &hf_dlr_advgatewayprecedence,
3628 { "Gateway Precedence", "enip.dlr.advgatewayprecedence",
3629 FT_UINT8, BASE_DEC, NULL, 0,
3632 /* Advertise Interval */
3633 { &hf_dlr_advadvertiseinterval,
3634 { "Advertise Interval", "enip.dlr.advadvertiseinterval",
3635 FT_UINT32, BASE_DEC, NULL, 0,
3638 /* Advertise Timeout */
3639 { &hf_dlr_advadvertisetimeout,
3640 { "Advertise Interval", "enip.dlr.advadvertisetimeout",
3641 FT_UINT32, BASE_DEC, NULL, 0,
3644 /* Learning Update Enable */
3645 { &hf_dlr_advlearningupdateenable,
3646 { "Learning Update Enable", "enip.dlr.advlearningupdateenable",
3647 FT_UINT8, BASE_HEX, VALS(dlr_adv_learning_update_vals), 0,
3648 "Advertise Learning Update Enable", HFILL }
3650 /* Advertise Reserved */
3651 { &hf_dlr_advreserved,
3652 { "Reserved", "enip.dlr.advreserved",
3653 FT_BYTES, BASE_NONE, NULL, 0,
3654 "Advertise Reserved", HFILL }
3656 /* Flush_Tables Learning Update Enable */
3657 { &hf_dlr_flushlearningupdateenable,
3658 { "Learning Update Enable", "enip.dlr.flushlearningupdateenable",
3659 FT_UINT8, BASE_HEX, VALS(dlr_flush_learning_update_vals), 0,
3660 "Flush_Tables Learning Update Enable", HFILL }
3662 /* Flush Reserved */
3663 { &hf_dlr_flushreserved,
3664 { "Reserved", "enip.dlr.flushreserved",
3665 FT_BYTES, BASE_NONE, NULL, 0,
3666 "Flush_Tables Reserved", HFILL }
3668 /* Learning_Update Reserved */
3669 { &hf_dlr_learnreserved,
3670 { "Reserved", "enip.dlr.learnreserved",
3671 FT_BYTES, BASE_NONE, NULL, 0,
3672 "Learning_Update Reserved", HFILL }
3676 /* Setup protocol subtree array for DLR */
3677 static gint *ettdlr[] = {
3681 module_t *enip_module;
3682 expert_module_t* expert_enip;
3684 /* Decode As handling */
3685 static build_valid_func enip_da_build_value[1] = {enip_value};
3686 static decode_as_value_t enip_da_values = {enip_prompt, 1, enip_da_build_value};
3687 static decode_as_t enip_da = {"enip", "ENIP I/O", "enip.io", 1, 0, &enip_da_values, NULL, NULL,
3688 decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL};
3690 /* Register the protocol name and description */
3691 proto_enip = proto_register_protocol("EtherNet/IP (Industrial Protocol)", "ENIP", "enip");
3693 new_register_dissector("enip", dissect_enip_tcp, proto_enip);
3695 /* Required function calls to register the header fields and subtrees used */
3696 proto_register_field_array(proto_enip, hf, array_length(hf));
3697 proto_register_subtree_array(ett, array_length(ett));
3699 expert_enip = expert_register_protocol(proto_enip);
3700 expert_register_field_array(expert_enip, ei, array_length(ei));
3702 enip_module = prefs_register_protocol(proto_enip, NULL);
3703 prefs_register_bool_preference(enip_module, "desegment",
3704 "Desegment all EtherNet/IP messages spanning multiple TCP segments",
3705 "Whether the EtherNet/IP dissector should desegment all messages spanning multiple TCP segments",
3708 prefs_register_bool_preference(enip_module, "o2t_run_idle",
3709 "Dissect 32-bit header in the O->T direction",
3710 "Determines whether all I/O connections will assume a 32-bit header in the O->T direction",
3713 prefs_register_bool_preference(enip_module, "t2o_run_idle",
3714 "Dissect 32-bit header in the T->O direction",
3715 "Determines whether all I/O connections will assume a 32-bit header in the T->O direction",
3718 prefs_register_obsolete_preference(enip_module, "default_io_dissector");
3720 subdissector_sud_table = register_dissector_table("enip.sud.iface",
3721 "ENIP SendUnitData.Interface Handle", FT_UINT32, BASE_HEX);
3723 subdissector_srrd_table = register_dissector_table("enip.srrd.iface",
3724 "ENIP SendRequestReplyData.Interface Handle", FT_UINT32, BASE_HEX);
3726 subdissector_io_table = register_dissector_table("enip.io", "ENIP IO dissector", FT_UINT32, BASE_DEC);
3728 register_init_routine(&enip_init_protocol);
3730 /* Register the protocol name and description */
3731 proto_dlr = proto_register_protocol("Device Level Ring", "DLR", "dlr");
3733 /* Required function calls to register the header fields and subtrees used */
3734 proto_register_field_array(proto_dlr, hfdlr, array_length(hfdlr));
3735 proto_register_subtree_array(ettdlr, array_length(ettdlr));
3737 register_dissector_filter("ENIP IO", enip_io_conv_valid, enip_io_conv_filter);
3738 register_dissector_filter("ENIP Explicit", enip_exp_conv_valid, enip_exp_conv_filter);
3740 register_decode_as(&enip_da);
3742 } /* end of proto_register_enip() */
3746 proto_reg_handoff_enip(void)
3748 dissector_handle_t enip_udp_handle, enip_tcp_handle;
3749 dissector_handle_t enipio_handle;
3750 dissector_handle_t dlr_handle;
3752 /* Register for EtherNet/IP, using TCP */
3753 enip_tcp_handle = new_create_dissector_handle(dissect_enip_tcp, proto_enip);
3754 dissector_add_uint("tcp.port", ENIP_ENCAP_PORT, enip_tcp_handle);
3756 /* Register for EtherNet/IP, using UDP */
3757 enip_udp_handle = new_create_dissector_handle(dissect_enip_udp, proto_enip);
3758 dissector_add_uint("udp.port", ENIP_ENCAP_PORT, enip_udp_handle);
3760 /* Register for EtherNet/IP IO data (UDP) */
3761 enipio_handle = create_dissector_handle(dissect_enipio, proto_enip);
3762 dissector_add_uint("udp.port", ENIP_IO_PORT, enipio_handle);
3764 /* Find dissector for data packet */
3765 data_handle = find_dissector("data");
3767 /* Find ARP dissector for TCP/IP object */
3768 arp_handle = find_dissector("arp");
3770 /* I/O data dissectors */
3771 cipsafety_handle = find_dissector("cipsafety");
3772 cipmotion_handle = find_dissector("cipmotion");
3774 /* Register for EtherNet/IP Device Level Ring protocol */
3775 dlr_handle = new_create_dissector_handle(dissect_dlr, proto_dlr);
3776 dissector_add_uint("ethertype", ETHERTYPE_DLR, dlr_handle);
3778 proto_cipsafety = proto_get_id_by_filter_name( "cipsafety" );
3780 } /* end of proto_reg_handoff_enip() */
3783 * Editor modelines - http://www.wireshark.org/tools/modelines.html
3788 * indent-tabs-mode: nil
3791 * ex: set shiftwidth=3 tabstop=8 expandtab:
3792 * :indentSize=3:tabSize=8:noTabs=true: