2 * Routines for IP and miscellaneous IP protocol packet disassembly
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * Wednesday, January 17, 2006
9 * Support for the CIPSO IPv4 option
10 * (http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379)
11 * by Paul Moore <paul.moore@hp.com>
13 * This program is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU General Public License
15 * as published by the Free Software Foundation; either version 2
16 * of the License, or (at your option) any later version.
18 * This program is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 * GNU General Public License for more details.
23 * You should have received a copy of the GNU General Public License
24 * along with this program; if not, write to the Free Software
25 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
30 #include <epan/packet.h>
31 #include <epan/capture_dissectors.h>
32 #include <epan/addr_resolv.h>
33 #include <epan/ipproto.h>
34 #include <epan/expert.h>
35 #include <epan/ip_opts.h>
36 #include <epan/prefs.h>
37 #include <epan/conversation_table.h>
38 #include <epan/dissector_filters.h>
39 #include <epan/reassemble.h>
40 #include <epan/etypes.h>
41 #include <epan/ppptypes.h>
42 #include <epan/llcsaps.h>
43 #include <epan/aftypes.h>
44 #include <epan/arcnet_pids.h>
45 #include <epan/in_cksum.h>
46 #include <epan/nlpid.h>
47 #include <epan/ax25_pids.h>
48 #include <epan/decode_as.h>
49 #include <epan/proto_data.h>
51 #include <wiretap/erf.h>
52 #include <wsutil/str_util.h>
54 #include "packet-ip.h"
55 #include "packet-juniper.h"
56 #include "packet-sflow.h"
57 #include "packet-gre.h"
58 #include "packet-l2tp.h"
59 #include "packet-vxlan.h"
60 #include "packet-mpls.h"
64 #include <epan/geoip_db.h>
65 #endif /* HAVE_GEOIP */
67 void proto_register_ip(void);
68 void proto_reg_handoff_ip(void);
70 static int ip_tap = -1;
72 /* Decode the old IPv4 TOS field as the DiffServ DS Field (RFC2474/2475) */
73 static gboolean g_ip_dscp_actif = TRUE;
75 /* Defragment fragmented IP datagrams */
76 static gboolean ip_defragment = TRUE;
78 /* Place IP summary in proto tree */
79 static gboolean ip_summary_in_tree = TRUE;
81 /* Perform IP checksum */
82 static gboolean ip_check_checksum = FALSE;
84 /* Assume TSO and correct zero-length IP packets */
85 static gboolean ip_tso_supported = TRUE;
87 /* Use heuristics to determine subdissector */
88 static gboolean try_heuristic_first = FALSE;
91 /* Look up addresses in GeoIP */
92 static gboolean ip_use_geoip = TRUE;
93 #endif /* HAVE_GEOIP */
95 /* Interpret the reserved flag as security flag (RFC 3514) */
96 static gboolean ip_security_flag = FALSE;
99 static int hf_ip_version = -1;
100 static int hf_ip_hdr_len = -1;
101 static int hf_ip_dsfield = -1;
102 static int hf_ip_dsfield_dscp = -1;
103 static int hf_ip_dsfield_ecn = -1;
104 static int hf_ip_tos = -1;
105 static int hf_ip_tos_precedence = -1;
106 static int hf_ip_tos_delay = -1;
107 static int hf_ip_tos_throughput = -1;
108 static int hf_ip_tos_reliability = -1;
109 static int hf_ip_tos_cost = -1;
110 static int hf_ip_len = -1;
111 static int hf_ip_id = -1;
112 static int hf_ip_dst = -1;
113 static int hf_ip_dst_host = -1;
114 static int hf_ip_src = -1;
115 static int hf_ip_src_host = -1;
116 static int hf_ip_addr = -1;
117 static int hf_ip_host = -1;
118 static int hf_ip_flags = -1;
119 static int hf_ip_flags_sf = -1;
120 static int hf_ip_flags_rf = -1;
121 static int hf_ip_flags_df = -1;
122 static int hf_ip_flags_mf = -1;
123 static int hf_ip_frag_offset = -1;
124 static int hf_ip_ttl = -1;
125 static int hf_ip_proto = -1;
126 static int hf_ip_checksum = -1;
127 static int hf_ip_checksum_calculated = -1;
128 static int hf_ip_checksum_status = -1;
130 /* IP option fields */
131 static int hf_ip_opt_type = -1;
132 static int hf_ip_opt_type_copy = -1;
133 static int hf_ip_opt_type_class = -1;
134 static int hf_ip_opt_type_number = -1;
135 static int hf_ip_opt_len = -1;
136 static int hf_ip_opt_ptr = -1;
137 static int hf_ip_opt_sid = -1;
138 static int hf_ip_opt_mtu = -1;
139 static int hf_ip_opt_id_number = -1;
140 static int hf_ip_opt_ohc = -1;
141 static int hf_ip_opt_rhc = -1;
142 static int hf_ip_opt_originator = -1;
143 static int hf_ip_opt_ra = -1;
144 static int hf_ip_opt_addr = -1;
145 static int hf_ip_opt_padding = -1;
146 static int hf_ip_opt_qs_func = -1;
147 static int hf_ip_opt_qs_rate = -1;
148 static int hf_ip_opt_qs_ttl = -1;
149 static int hf_ip_opt_qs_ttl_diff = -1;
150 static int hf_ip_opt_qs_unused = -1;
151 static int hf_ip_opt_qs_nonce = -1;
152 static int hf_ip_opt_qs_reserved = -1;
153 static int hf_ip_opt_sec_rfc791_sec = -1;
154 static int hf_ip_opt_sec_rfc791_comp = -1;
155 static int hf_ip_opt_sec_rfc791_hr = -1;
156 static int hf_ip_opt_sec_rfc791_tcc = -1;
157 static int hf_ip_opt_sec_cl = -1;
158 static int hf_ip_opt_sec_prot_auth_flags = -1;
159 static int hf_ip_opt_sec_prot_auth_genser = -1;
160 static int hf_ip_opt_sec_prot_auth_siop_esi = -1;
161 static int hf_ip_opt_sec_prot_auth_sci = -1;
162 static int hf_ip_opt_sec_prot_auth_nsa = -1;
163 static int hf_ip_opt_sec_prot_auth_doe = -1;
164 static int hf_ip_opt_sec_prot_auth_unassigned = -1;
165 static int hf_ip_opt_sec_prot_auth_unassigned2 = -1;
166 static int hf_ip_opt_sec_prot_auth_fti = -1;
167 static int hf_ip_opt_ext_sec_add_sec_info_format_code = -1;
168 static int hf_ip_opt_ext_sec_add_sec_info = -1;
169 static int hf_ip_rec_rt = -1;
170 static int hf_ip_rec_rt_host = -1;
171 static int hf_ip_cur_rt = -1;
172 static int hf_ip_cur_rt_host = -1;
173 static int hf_ip_src_rt = -1;
174 static int hf_ip_src_rt_host = -1;
175 static int hf_ip_empty_rt = -1;
176 static int hf_ip_empty_rt_host = -1;
177 static int hf_ip_cipso_tag_type = -1;
179 static int hf_ip_fragments = -1;
180 static int hf_ip_fragment = -1;
181 static int hf_ip_fragment_overlap = -1;
182 static int hf_ip_fragment_overlap_conflict = -1;
183 static int hf_ip_fragment_multiple_tails = -1;
184 static int hf_ip_fragment_too_long_fragment = -1;
185 static int hf_ip_fragment_error = -1;
186 static int hf_ip_fragment_count = -1;
187 static int hf_ip_reassembled_in = -1;
188 static int hf_ip_reassembled_length = -1;
189 static int hf_ip_reassembled_data = -1;
191 /* Generated from convert_proto_tree_add_text.pl */
192 static int hf_ip_opt_flag = -1;
193 static int hf_ip_opt_overflow = -1;
194 static int hf_ip_cipso_tag_data = -1;
195 static int hf_ip_cipso_sensitivity_level = -1;
196 static int hf_ip_cipso_categories = -1;
197 static int hf_ip_cipso_doi = -1;
198 static int hf_ip_opt_time_stamp = -1;
199 static int hf_ip_opt_time_stamp_addr = -1;
202 static int hf_geoip_country = -1;
203 static int hf_geoip_city = -1;
204 static int hf_geoip_org = -1;
205 static int hf_geoip_isp = -1;
206 static int hf_geoip_asnum = -1;
207 static int hf_geoip_lat = -1;
208 static int hf_geoip_lon = -1;
209 static int hf_geoip_src_country = -1;
210 static int hf_geoip_src_city = -1;
211 static int hf_geoip_src_org = -1;
212 static int hf_geoip_src_isp = -1;
213 static int hf_geoip_src_asnum = -1;
214 static int hf_geoip_src_lat = -1;
215 static int hf_geoip_src_lon = -1;
216 static int hf_geoip_dst_country = -1;
217 static int hf_geoip_dst_city = -1;
218 static int hf_geoip_dst_org = -1;
219 static int hf_geoip_dst_isp = -1;
220 static int hf_geoip_dst_asnum = -1;
221 static int hf_geoip_dst_lat = -1;
222 static int hf_geoip_dst_lon = -1;
223 #endif /* HAVE_GEOIP */
225 static gint ett_ip = -1;
226 static gint ett_ip_dsfield = -1;
227 static gint ett_ip_tos = -1;
228 static gint ett_ip_off = -1;
229 static gint ett_ip_options = -1;
230 static gint ett_ip_option_eool = -1;
231 static gint ett_ip_option_nop = -1;
232 static gint ett_ip_option_sec = -1;
233 static gint ett_ip_option_route = -1;
234 static gint ett_ip_option_timestamp = -1;
235 static gint ett_ip_option_ext_security = -1;
236 static gint ett_ip_option_cipso = -1;
237 static gint ett_ip_option_sid = -1;
238 static gint ett_ip_option_mtu = -1;
239 static gint ett_ip_option_tr = -1;
240 static gint ett_ip_option_ra = -1;
241 static gint ett_ip_option_sdb = -1;
242 static gint ett_ip_option_qs = -1;
243 static gint ett_ip_option_other = -1;
244 static gint ett_ip_fragments = -1;
245 static gint ett_ip_fragment = -1;
246 static gint ett_ip_opt_type = -1;
247 static gint ett_ip_opt_sec_prot_auth_flags = -1;
248 static gint ett_unknown_ip_tcp_opt = -1;
250 static expert_field ei_ip_opt_len_invalid = EI_INIT;
251 static expert_field ei_ip_opt_sec_prot_auth_fti = EI_INIT;
252 static expert_field ei_ip_extraneous_data = EI_INIT;
253 static expert_field ei_ip_opt_ptr_before_address = EI_INIT;
254 static expert_field ei_ip_opt_ptr_middle_address = EI_INIT;
255 static expert_field ei_ip_subopt_too_long = EI_INIT;
256 static expert_field ei_ip_nop = EI_INIT;
257 static expert_field ei_ip_bogus_ip_length = EI_INIT;
258 static expert_field ei_ip_evil_packet = EI_INIT;
259 static expert_field ei_ip_checksum_bad = EI_INIT;
260 static expert_field ei_ip_ttl_lncb = EI_INIT;
261 static expert_field ei_ip_ttl_too_small = EI_INIT;
262 static expert_field ei_ip_cipso_tag = EI_INIT;
263 static expert_field ei_ip_bogus_ip_version = EI_INIT;
267 static gint ett_geoip_info = -1;
268 #endif /* HAVE_GEOIP */
270 static const fragment_items ip_frag_items = {
275 &hf_ip_fragment_overlap,
276 &hf_ip_fragment_overlap_conflict,
277 &hf_ip_fragment_multiple_tails,
278 &hf_ip_fragment_too_long_fragment,
279 &hf_ip_fragment_error,
280 &hf_ip_fragment_count,
281 &hf_ip_reassembled_in,
282 &hf_ip_reassembled_length,
283 &hf_ip_reassembled_data,
287 static heur_dissector_list_t heur_subdissector_list;
289 static dissector_table_t ip_dissector_table;
291 static dissector_handle_t ipv6_handle;
292 static capture_dissector_handle_t ip_cap_handle;
295 /* IP structs and definitions */
297 /* Offsets of fields within an IP header. */
309 /* Minimum IP header length. */
310 #define IPH_MIN_LEN 20
312 /* Width (in bits) of the fragment offset IP header field */
313 #define IP_OFFSET_WIDTH 13
315 /* Width (in bits) of the flags IP header field */
316 #define IP_FLAGS_WIDTH 3
319 #define IP_RF 0x8000 /* Flag: "Reserved bit" */
320 #define IP_DF 0x4000 /* Flag: "Don't Fragment" */
321 #define IP_MF 0x2000 /* Flag: "More Fragments" */
322 #define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
324 /* Differentiated Services Field. See RFCs 2474, 2597, 2598 and 3168. */
325 #define IPDSFIELD_DSCP_DEFAULT 0x00
326 #define IPDSFIELD_DSCP_CS1 0x08
327 #define IPDSFIELD_DSCP_AF11 0x0A
328 #define IPDSFIELD_DSCP_AF12 0x0C
329 #define IPDSFIELD_DSCP_AF13 0x0E
330 #define IPDSFIELD_DSCP_CS2 0x10
331 #define IPDSFIELD_DSCP_AF21 0x12
332 #define IPDSFIELD_DSCP_AF22 0x14
333 #define IPDSFIELD_DSCP_AF23 0x16
334 #define IPDSFIELD_DSCP_CS3 0x18
335 #define IPDSFIELD_DSCP_AF31 0x1A
336 #define IPDSFIELD_DSCP_AF32 0x1C
337 #define IPDSFIELD_DSCP_AF33 0x1E
338 #define IPDSFIELD_DSCP_CS4 0x20
339 #define IPDSFIELD_DSCP_AF41 0x22
340 #define IPDSFIELD_DSCP_AF42 0x24
341 #define IPDSFIELD_DSCP_AF43 0x26
342 #define IPDSFIELD_DSCP_CS5 0x28
343 #define IPDSFIELD_DSCP_EF 0x2E
344 #define IPDSFIELD_DSCP_CS6 0x30
345 #define IPDSFIELD_DSCP_CS7 0x38
347 #define IPDSFIELD_ECT_NOT 0x00
348 #define IPDSFIELD_ECT_1 0x01
349 #define IPDSFIELD_ECT_0 0x02
350 #define IPDSFIELD_CE 0x03
352 /* IP TOS, superseded by the DS Field, RFC 2474. */
353 #define IPTOS_TOS_MASK 0x1E
354 #define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
355 #define IPTOS_NONE 0x00
356 #define IPTOS_LOWCOST 0x02
357 #define IPTOS_RELIABILITY 0x04
358 #define IPTOS_THROUGHPUT 0x08
359 #define IPTOS_LOWDELAY 0x10
360 #define IPTOS_SECURITY 0x1E
362 #define IPTOS_PREC_MASK 0xE0
363 #define IPTOS_PREC_SHIFT 5
364 #define IPTOS_PREC(tos) (((tos)&IPTOS_PREC_MASK)>>IPTOS_PREC_SHIFT)
365 #define IPTOS_PREC_NETCONTROL 7
366 #define IPTOS_PREC_INTERNETCONTROL 6
367 #define IPTOS_PREC_CRITIC_ECP 5
368 #define IPTOS_PREC_FLASHOVERRIDE 4
369 #define IPTOS_PREC_FLASH 3
370 #define IPTOS_PREC_IMMEDIATE 2
371 #define IPTOS_PREC_PRIORITY 1
372 #define IPTOS_PREC_ROUTINE 0
375 #define IPOPT_COPY 0x80
377 #define IPOPT_CONTROL 0x00
378 #define IPOPT_RESERVED1 0x20
379 #define IPOPT_MEASUREMENT 0x40
380 #define IPOPT_RESERVED2 0x60
382 /* REF: http://www.iana.org/assignments/ip-parameters */
383 /* TODO: Not all of these are implemented. */
384 #define IPOPT_EOOL (0 |IPOPT_CONTROL)
385 #define IPOPT_NOP (1 |IPOPT_CONTROL)
386 #define IPOPT_SEC (2 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 791/1108 */
387 #define IPOPT_LSR (3 |IPOPT_COPY|IPOPT_CONTROL)
388 #define IPOPT_TS (4 |IPOPT_MEASUREMENT)
389 #define IPOPT_ESEC (5 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 1108 */
390 #define IPOPT_CIPSO (6 |IPOPT_COPY|IPOPT_CONTROL) /* draft-ietf-cipso-ipsecurity-01 */
391 #define IPOPT_RR (7 |IPOPT_CONTROL)
392 #define IPOPT_SID (8 |IPOPT_COPY|IPOPT_CONTROL)
393 #define IPOPT_SSR (9 |IPOPT_COPY|IPOPT_CONTROL)
394 #define IPOPT_ZSU (10|IPOPT_CONTROL) /* Zsu */
395 #define IPOPT_MTUP (11|IPOPT_CONTROL) /* RFC 1063 */
396 #define IPOPT_MTUR (12|IPOPT_CONTROL) /* RFC 1063 */
397 #define IPOPT_FINN (13|IPOPT_COPY|IPOPT_MEASUREMENT) /* Finn */
398 #define IPOPT_VISA (14|IPOPT_COPY|IPOPT_CONTROL) /* Estrin */
399 #define IPOPT_ENCODE (15|IPOPT_CONTROL) /* VerSteeg */
400 #define IPOPT_IMITD (16|IPOPT_COPY|IPOPT_CONTROL) /* Lee */
401 #define IPOPT_EIP (17|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1385 */
402 #define IPOPT_TR (18|IPOPT_MEASUREMENT) /* RFC 1393 */
403 #define IPOPT_ADDEXT (19|IPOPT_COPY|IPOPT_CONTROL) /* Ullmann IPv7 */
404 #define IPOPT_RTRALT (20|IPOPT_COPY|IPOPT_CONTROL) /* RFC 2113 */
405 #define IPOPT_SDB (21|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1770 Graff */
406 #define IPOPT_UN (22|IPOPT_COPY|IPOPT_CONTROL) /* Released 18-Oct-2005 */
407 #define IPOPT_DPS (23|IPOPT_COPY|IPOPT_CONTROL) /* Malis */
408 #define IPOPT_UMP (24|IPOPT_COPY|IPOPT_CONTROL) /* Farinacci */
409 #define IPOPT_QS (25|IPOPT_CONTROL) /* RFC 4782 */
410 #define IPOPT_EXP (30|IPOPT_CONTROL) /* RFC 4727 */
413 /* IP option lengths */
414 #define IPOLEN_SEC_MIN 3
415 #define IPOLEN_LSR_MIN 3
416 #define IPOLEN_TS_MIN 4
417 #define IPOLEN_ESEC_MIN 3
418 #define IPOLEN_CIPSO_MIN 10
419 #define IPOLEN_RR_MIN 3
421 #define IPOLEN_SSR_MIN 3
425 #define IPOLEN_SDB_MIN 6
427 #define IPOLEN_MAX 40
429 #define IPSEC_RFC791_UNCLASSIFIED 0x0000
430 #define IPSEC_RFC791_CONFIDENTIAL 0xF135
431 #define IPSEC_RFC791_EFTO 0x789A
432 #define IPSEC_RFC791_MMMM 0xBC4D
433 #define IPSEC_RFC791_PROG 0x5E26
434 #define IPSEC_RFC791_RESTRICTED 0xAF13
435 #define IPSEC_RFC791_SECRET 0xD788
436 #define IPSEC_RFC791_TOPSECRET 0x6BC5
437 #define IPSEC_RFC791_RESERVED1 0x35E2
438 #define IPSEC_RFC791_RESERVED2 0x9AF1
439 #define IPSEC_RFC791_RESERVED3 0x4D78
440 #define IPSEC_RFC791_RESERVED4 0x24BD
441 #define IPSEC_RFC791_RESERVED5 0x135E
442 #define IPSEC_RFC791_RESERVED6 0x89AF
443 #define IPSEC_RFC791_RESERVED7 0xC4D6
444 #define IPSEC_RFC791_RESERVED8 0xE26B
446 #define IPSEC_RESERVED4 0x01
447 #define IPSEC_TOPSECRET 0x3D
448 #define IPSEC_SECRET 0x5A
449 #define IPSEC_CONFIDENTIAL 0x96
450 #define IPSEC_RESERVED3 0x66
451 #define IPSEC_RESERVED2 0xCC
452 #define IPSEC_UNCLASSIFIED 0xAB
453 #define IPSEC_RESERVED1 0xF1
455 #define IPOPT_TS_TSONLY 0 /* timestamps only */
456 #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
457 #define IPOPT_TS_PRESPEC 3 /* specified modules only */
459 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR 0xE0000012
460 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL 0xFF
461 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR 0xE0000066
462 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL 0XFF
463 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR 0xE00000FB
464 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL 0XFF
465 #define IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR 0xE00000FC
467 #define IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL 0x1000 /* larger than max ttl */
468 #define IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL 0X01
470 /* Return true if the address is in the 224.0.0.0/24 network block */
471 #define is_a_local_network_control_block_addr(addr) \
472 ((addr & 0xffffff00) == 0xe0000000)
474 /* Return true if the address is in the 224.0.0.0/4 network block */
475 #define is_a_multicast_addr(addr) \
476 ((addr & 0xf0000000) == 0xe0000000)
478 static void ip_prompt(packet_info *pinfo, gchar* result)
480 g_snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "IP protocol %u as",
481 GPOINTER_TO_UINT(p_get_proto_data(pinfo->pool, pinfo, proto_ip, pinfo->curr_layer_num)));
484 static gpointer ip_value(packet_info *pinfo)
486 return p_get_proto_data(pinfo->pool, pinfo, proto_ip, pinfo->curr_layer_num);
489 static const char* ip_conv_get_filter_type(conv_item_t* conv, conv_filter_type_e filter)
491 if ((filter == CONV_FT_SRC_ADDRESS) && (conv->src_address.type == AT_IPv4))
494 if ((filter == CONV_FT_DST_ADDRESS) && (conv->dst_address.type == AT_IPv4))
497 if ((filter == CONV_FT_ANY_ADDRESS) && (conv->src_address.type == AT_IPv4))
500 return CONV_FILTER_INVALID;
503 static ct_dissector_info_t ip_ct_dissector_info = {&ip_conv_get_filter_type};
506 ip_conversation_packet(void *pct, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip)
508 conv_hash_t *hash = (conv_hash_t*) pct;
509 const ws_ip *iph=(const ws_ip *)vip;
511 add_conversation_table_data(hash, &iph->ip_src, &iph->ip_dst, 0, 0, 1, pinfo->fd->pkt_len, &pinfo->rel_ts, &pinfo->abs_ts, &ip_ct_dissector_info, PT_NONE);
516 static const char* ip_host_get_filter_type(hostlist_talker_t* host, conv_filter_type_e filter)
518 if ((filter == CONV_FT_ANY_ADDRESS) && (host->myaddress.type == AT_IPv4))
521 return CONV_FILTER_INVALID;
524 static hostlist_dissector_info_t ip_host_dissector_info = {&ip_host_get_filter_type};
527 ip_hostlist_packet(void *pit, packet_info *pinfo, epan_dissect_t *edt _U_, const void *vip)
529 conv_hash_t *hash = (conv_hash_t*) pit;
530 const ws_ip *iph=(const ws_ip *)vip;
532 /* Take two "add" passes per packet, adding for each direction, ensures that all
533 packets are counted properly (even if address is sending to itself)
534 XXX - this could probably be done more efficiently inside hostlist_table */
535 add_hostlist_table_data(hash, &iph->ip_src, 0, TRUE, 1, pinfo->fd->pkt_len, &ip_host_dissector_info, PT_NONE);
536 add_hostlist_table_data(hash, &iph->ip_dst, 0, FALSE, 1, pinfo->fd->pkt_len, &ip_host_dissector_info, PT_NONE);
541 ip_filter_valid(packet_info *pinfo)
543 return proto_is_frame_protocol(pinfo->layers, "ip");
547 ip_build_filter(packet_info *pinfo)
549 return g_strdup_printf("ip.addr eq %s and ip.addr eq %s",
550 address_to_str(pinfo->pool, &pinfo->net_src),
551 address_to_str(pinfo->pool, &pinfo->net_dst));
555 * defragmentation of IPv4
557 static reassembly_table ip_reassembly_table;
560 ip_defragment_init(void)
562 reassembly_table_init(&ip_reassembly_table,
563 &addresses_reassembly_table_functions);
567 ip_defragment_cleanup(void)
569 reassembly_table_destroy(&ip_reassembly_table);
573 capture_ip(const guchar *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_) {
574 if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN))
577 capture_dissector_increment_count(cpinfo, proto_ip);
578 return try_capture_dissector("ip.proto", pd[offset + 9], pd, offset+IPH_MIN_LEN, len, cpinfo, pseudo_header);
583 add_geoip_info_entry(proto_tree *geoip_info_tree, proto_item *geoip_info_item, tvbuff_t *tvb, gint offset, guint32 ip, int isdst)
585 guint num_dbs = geoip_db_num_dbs();
589 for (dbnum = 0; dbnum < num_dbs; dbnum++) {
590 char *geoip_str = geoip_db_lookup_ipv4(dbnum, ip, NULL);
591 int db_type = geoip_db_type(dbnum);
593 int geoip_hf, geoip_local_hf;
596 case GEOIP_COUNTRY_EDITION:
597 geoip_hf = hf_geoip_country;
598 geoip_local_hf = (isdst) ? hf_geoip_dst_country : hf_geoip_src_country;
600 case GEOIP_CITY_EDITION_REV0:
601 geoip_hf = hf_geoip_city;
602 geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
604 case GEOIP_CITY_EDITION_REV1:
605 geoip_hf = hf_geoip_city;
606 geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
608 case GEOIP_ORG_EDITION:
609 geoip_hf = hf_geoip_org;
610 geoip_local_hf = (isdst) ? hf_geoip_dst_org : hf_geoip_src_org;
612 case GEOIP_ISP_EDITION:
613 geoip_hf = hf_geoip_isp;
614 geoip_local_hf = (isdst) ? hf_geoip_dst_isp : hf_geoip_src_isp;
616 case GEOIP_ASNUM_EDITION:
617 geoip_hf = hf_geoip_asnum;
618 geoip_local_hf = (isdst) ? hf_geoip_dst_asnum : hf_geoip_src_asnum;
620 case WS_LAT_FAKE_EDITION:
621 geoip_hf = hf_geoip_lat;
622 geoip_local_hf = (isdst) ? hf_geoip_dst_lat : hf_geoip_src_lat;
624 case WS_LON_FAKE_EDITION:
625 geoip_hf = hf_geoip_lon;
626 geoip_local_hf = (isdst) ? hf_geoip_dst_lon : hf_geoip_src_lon;
634 if (db_type == WS_LAT_FAKE_EDITION || db_type == WS_LON_FAKE_EDITION) {
635 /* Convert latitude, longitude to double. Fix bug #5077 */
636 item = proto_tree_add_double_format_value(geoip_info_tree, geoip_local_hf,
637 tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
638 PROTO_ITEM_SET_GENERATED(item);
639 item = proto_tree_add_double_format_value(geoip_info_tree, geoip_hf,
640 tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
641 PROTO_ITEM_SET_GENERATED(item);
642 PROTO_ITEM_SET_HIDDEN(item);
644 item = proto_tree_add_string(geoip_info_tree, geoip_local_hf,
645 tvb, offset, 4, geoip_str);
646 PROTO_ITEM_SET_GENERATED(item);
647 item = proto_tree_add_string(geoip_info_tree, geoip_hf,
648 tvb, offset, 4, geoip_str);
649 PROTO_ITEM_SET_GENERATED(item);
650 PROTO_ITEM_SET_HIDDEN(item);
654 proto_item_append_text(geoip_info_item, "%s%s",
655 plurality(item_cnt, "", ", "), geoip_str);
656 wmem_free(NULL, geoip_str);
661 proto_item_append_text(geoip_info_item, "Unknown");
665 add_geoip_info(proto_tree *tree, tvbuff_t *tvb, gint offset, guint32 src32,
669 proto_item *geoip_info_item;
670 proto_tree *geoip_info_tree;
672 num_dbs = geoip_db_num_dbs();
676 geoip_info_tree = proto_tree_add_subtree(tree, tvb, offset + IPH_SRC, 4, ett_geoip_info, &geoip_info_item, "Source GeoIP: ");
677 PROTO_ITEM_SET_GENERATED(geoip_info_item);
678 add_geoip_info_entry(geoip_info_tree, geoip_info_item, tvb, offset + IPH_SRC, src32, 0);
680 geoip_info_tree = proto_tree_add_subtree(tree, tvb, offset + IPH_DST, 4, ett_geoip_info, &geoip_info_item, "Destination GeoIP: ");
681 PROTO_ITEM_SET_GENERATED(geoip_info_item);
682 add_geoip_info_entry(geoip_info_tree, geoip_info_item, tvb, offset + IPH_DST, dst32, 1);
684 #endif /* HAVE_GEOIP */
686 const value_string ipopt_type_class_vals[] = {
687 {(IPOPT_CONTROL & IPOPT_CLASS_MASK) >> 5, "Control"},
688 {(IPOPT_RESERVED1 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
689 {(IPOPT_MEASUREMENT & IPOPT_CLASS_MASK) >> 5, "Debugging and measurement"},
690 {(IPOPT_RESERVED2 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
694 const value_string ipopt_type_number_vals[] = {
695 {IPOPT_EOOL & IPOPT_NUMBER_MASK, "End of Option List (EOL)"},
696 {IPOPT_NOP & IPOPT_NUMBER_MASK, "No-Operation (NOP)"},
697 {IPOPT_SEC & IPOPT_NUMBER_MASK, "Security"},
698 {IPOPT_LSR & IPOPT_NUMBER_MASK, "Loose source route"},
699 {IPOPT_TS & IPOPT_NUMBER_MASK, "Time stamp"},
700 {IPOPT_ESEC & IPOPT_NUMBER_MASK, "Extended security"},
701 {IPOPT_CIPSO & IPOPT_NUMBER_MASK, "Commercial IP security option"},
702 {IPOPT_RR & IPOPT_NUMBER_MASK, "Record route"},
703 {IPOPT_SID & IPOPT_NUMBER_MASK, "Stream identifier"},
704 {IPOPT_SSR & IPOPT_NUMBER_MASK, "Strict source route"},
705 {IPOPT_ZSU & IPOPT_NUMBER_MASK, "Experimental Measurement"},
706 {IPOPT_MTUP & IPOPT_NUMBER_MASK, "MTU probe"},
707 {IPOPT_MTUR & IPOPT_NUMBER_MASK, "MTU Reply"},
708 {IPOPT_FINN & IPOPT_NUMBER_MASK, "Experimental Flow Control"},
709 {IPOPT_VISA & IPOPT_NUMBER_MASK, "Experimental Access Control"},
710 {IPOPT_ENCODE & IPOPT_NUMBER_MASK, "Ask Estrin"},
711 {IPOPT_IMITD & IPOPT_NUMBER_MASK, "IMI Traffic Descriptor"},
712 {IPOPT_EIP & IPOPT_NUMBER_MASK, "Extended Internet Protocol"},
713 {IPOPT_TR & IPOPT_NUMBER_MASK, "Traceroute"},
714 {IPOPT_ADDEXT & IPOPT_NUMBER_MASK, "Address Extension"},
715 {IPOPT_RTRALT & IPOPT_NUMBER_MASK, "Router Alert"},
716 {IPOPT_SDB & IPOPT_NUMBER_MASK, "Selective Directed Broadcast"},
717 {IPOPT_UN & IPOPT_NUMBER_MASK, "Unassigned"},
718 {IPOPT_DPS & IPOPT_NUMBER_MASK, "Dynamic Packet State"},
719 {IPOPT_UMP & IPOPT_NUMBER_MASK, "Upstream Multicast Packet"},
720 {IPOPT_QS & IPOPT_NUMBER_MASK, "Quick-Start"},
721 {IPOPT_EXP & IPOPT_NUMBER_MASK, "RFC 3692-style experiment"},
725 static ip_tcp_opt_type IP_OPT_TYPES = {&hf_ip_opt_type, &ett_ip_opt_type,
726 &hf_ip_opt_type_copy, &hf_ip_opt_type_class, &hf_ip_opt_type_number};
729 dissect_ipopt_type(tvbuff_t *tvb, int offset, proto_tree *tree, ip_tcp_opt_type* opttypes)
731 proto_tree *type_tree;
734 ti = proto_tree_add_item(tree, *opttypes->phf_opt_type, tvb, offset, 1, ENC_NA);
735 type_tree = proto_item_add_subtree(ti, *opttypes->pett_opt_type);
736 proto_tree_add_item(type_tree, *opttypes->phf_opt_type_copy, tvb, offset, 1, ENC_NA);
737 proto_tree_add_item(type_tree, *opttypes->phf_opt_type_class, tvb, offset, 1, ENC_NA);
738 proto_tree_add_item(type_tree, *opttypes->phf_opt_type_number, tvb, offset, 1, ENC_NA);
742 dissect_ipopt_eool(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
743 guint optlen _U_, packet_info *pinfo _U_,
744 proto_tree *opt_tree, void * data _U_)
746 proto_tree *field_tree;
748 field_tree = proto_tree_add_subtree(opt_tree, tvb, offset, 1, *optp->subtree_index, NULL, optp->name);
749 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
752 #define dissect_ipopt_nop dissect_ipopt_eool
754 static const value_string secl_rfc791_vals[] = {
755 {IPSEC_RFC791_UNCLASSIFIED, "Unclassified"},
756 {IPSEC_RFC791_CONFIDENTIAL, "Confidential"},
757 {IPSEC_RFC791_EFTO, "EFTO" },
758 {IPSEC_RFC791_MMMM, "MMMM" },
759 {IPSEC_RFC791_PROG, "PROG" },
760 {IPSEC_RFC791_RESTRICTED, "Restricted" },
761 {IPSEC_RFC791_SECRET, "Secret" },
762 {IPSEC_RFC791_TOPSECRET, "Top secret" },
763 {IPSEC_RFC791_RESERVED1, "Reserved" },
764 {IPSEC_RFC791_RESERVED2, "Reserved" },
765 {IPSEC_RFC791_RESERVED3, "Reserved" },
766 {IPSEC_RFC791_RESERVED4, "Reserved" },
767 {IPSEC_RFC791_RESERVED5, "Reserved" },
768 {IPSEC_RFC791_RESERVED6, "Reserved" },
769 {IPSEC_RFC791_RESERVED7, "Reserved" },
770 {IPSEC_RFC791_RESERVED8, "Reserved" },
774 static const value_string sec_cl_vals[] = {
775 {IPSEC_RESERVED4, "Reserved 4" },
776 {IPSEC_TOPSECRET, "Top secret" },
777 {IPSEC_SECRET, "Secret" },
778 {IPSEC_CONFIDENTIAL, "Confidential"},
779 {IPSEC_RESERVED3, "Reserved 3" },
780 {IPSEC_RESERVED2, "Reserved 2" },
781 {IPSEC_UNCLASSIFIED, "Unclassified"},
782 {IPSEC_RESERVED1, "Reserved 1" },
786 static const true_false_string ip_opt_sec_prot_auth_flag_tfs = {
787 "Datagram protected in accordance with its rules",
788 "Datagram not protected in accordance with its rules"
791 static const true_false_string ip_opt_sec_prot_auth_fti_tfs = {
792 "Additional octet present",
796 static const int *ip_opt_sec_prot_auth_fields_byte_1[] = {
797 &hf_ip_opt_sec_prot_auth_genser,
798 &hf_ip_opt_sec_prot_auth_siop_esi,
799 &hf_ip_opt_sec_prot_auth_sci,
800 &hf_ip_opt_sec_prot_auth_nsa,
801 &hf_ip_opt_sec_prot_auth_doe,
802 &hf_ip_opt_sec_prot_auth_unassigned,
803 &hf_ip_opt_sec_prot_auth_fti,
807 static const int *ip_opt_sec_prot_auth_fields_byte_n[] = {
808 &hf_ip_opt_sec_prot_auth_unassigned2,
809 &hf_ip_opt_sec_prot_auth_fti,
813 dissect_ipopt_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
814 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
817 proto_tree *field_tree;
821 guint curr_offset = offset;
823 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, curr_offset, optlen, *optp->subtree_index, &tf,
824 "%s (%u bytes)", optp->name, optlen);
825 dissect_ipopt_type(tvb, curr_offset, field_tree, &IP_OPT_TYPES);
827 tf_sub = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, curr_offset, 1, ENC_NA);
828 if (optlen > IPOLEN_MAX)
829 expert_add_info(pinfo, tf_sub, &ei_ip_opt_len_invalid);
833 /* Analyze payload start to decide whether it should be dissected
834 according to RFC 791 or RFC 1108 */
835 val = tvb_get_ntohs(tvb, curr_offset);
836 if (try_val_to_str(val, secl_rfc791_vals)) {
837 /* Dissect as RFC 791 */
838 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_sec,
839 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
841 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_comp,
842 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
844 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_hr,
845 tvb, curr_offset, 2, ENC_ASCII|ENC_NA);
847 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_tcc,
848 tvb, curr_offset, 3, ENC_ASCII|ENC_NA);
853 /* Dissect as RFC 108 */
854 proto_tree_add_item(field_tree, hf_ip_opt_sec_cl, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
856 if ((curr_offset - offset) >= optlen) {
859 val = tvb_get_guint8(tvb, curr_offset);
860 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
861 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_1,
865 if ((val & 0x01) && ((curr_offset - offset) == optlen)) {
866 expert_add_info(pinfo, tf_sub, &ei_ip_opt_sec_prot_auth_fti);
869 val = tvb_get_guint8(tvb, curr_offset);
870 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
871 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_n,
875 if ((curr_offset - offset) < optlen) {
876 expert_add_info(pinfo, tf, &ei_ip_extraneous_data);
881 dissect_ipopt_ext_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
882 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
885 proto_tree *field_tree;
887 guint curr_offset = offset;
890 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, curr_offset, optlen,
891 *optp->subtree_index, NULL, "%s (%u bytes)", optp->name, optlen);
892 dissect_ipopt_type(tvb, curr_offset, field_tree, &IP_OPT_TYPES);
894 tf_sub = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, curr_offset, 1, ENC_NA);
895 if (optlen > IPOLEN_MAX)
896 expert_add_info(pinfo, tf_sub, &ei_ip_opt_len_invalid);
898 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info_format_code, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
900 remaining = optlen - (curr_offset - offset);
902 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info, tvb, curr_offset, remaining, ENC_NA);
906 /* USHRT_MAX can hold at most 5 (base 10) digits (6 for the NULL byte) */
907 #define USHRT_MAX_STRLEN 6
909 /* Maximum CIPSO tag length:
910 * (IP hdr max)60 - (IPv4 hdr std)20 - (CIPSO base)6 = 34 */
911 #define CIPSO_TAG_LEN_MAX 34
913 /* The Commercial IP Security Option (CIPSO) is defined in IETF draft
914 * draft-ietf-cipso-ipsecurity-01.txt and FIPS 188, a copy of both documents
915 * can be found at the NetLabel project page, http://netlabel.sf.net or at
916 * http://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01 */
917 static const value_string cipso_tag_type_vals[] = {
919 {1, "Restrictive Category Bitmap"},
920 {2, "Enumerated Categories"},
921 {5, "Ranged Categories"},
922 {6, "Permissive Categories"},
929 dissect_ipopt_cipso(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
930 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
933 proto_tree *field_tree;
934 proto_item *tf, *tag_item;
935 guint tagtype, taglen;
936 int offset_max = offset + optlen;
938 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen, *optp->subtree_index, &tf,
939 "%s (%u bytes)", optp->name, optlen);
940 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
941 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
942 if (optlen > IPOLEN_MAX)
943 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
947 proto_tree_add_item(field_tree, hf_ip_cipso_doi, tvb, offset, 4, ENC_BIG_ENDIAN);
950 /* loop through all of the tags in the CIPSO option */
951 while (offset < offset_max) {
952 tagtype = tvb_get_guint8(tvb, offset);
953 tag_item = proto_tree_add_item(field_tree, hf_ip_cipso_tag_type, tvb, offset, 1, ENC_NA);
955 if ((offset + 1) < offset_max)
956 taglen = tvb_get_guint8(tvb, offset + 1);
962 /* padding - skip this tag */
966 /* restrictive bitmap, see CIPSO draft section 3.4.2 for tag format */
967 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
968 ((offset + (int)taglen - 1) > offset_max)) {
969 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
973 /* skip past alignment octet */
976 proto_tree_add_item(field_tree, hf_ip_cipso_sensitivity_level, tvb, offset, 1, ENC_NA);
982 unsigned char bitmask;
984 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN);
986 const guint8 *val_ptr = tvb_get_ptr(tvb, offset, taglen - 4);
988 /* this is just a guess regarding string size, but we grow it below
991 cat_str = (char *)wmem_alloc0(wmem_packet_scope(), cat_str_len);
993 /* we checked the length above so the highest category value
994 * possible here is 240 */
995 while (byte_spot < (taglen - 4)) {
998 while (bit_spot < 8) {
999 if (val_ptr[byte_spot] & bitmask) {
1000 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
1001 byte_spot * 8 + bit_spot);
1002 if (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN)) {
1005 while (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN))
1006 cat_str_len += cat_str_len;
1007 cat_str_new = (char *)wmem_alloc(wmem_packet_scope(), cat_str_len);
1008 g_strlcpy(cat_str_new, cat_str, cat_str_len);
1009 cat_str_new[cat_str_len - 1] = '\0';
1010 cat_str = cat_str_new;
1012 if (cat_str[0] != '\0')
1013 g_strlcat(cat_str, ",", cat_str_len);
1014 g_strlcat(cat_str, cat_str_tmp, cat_str_len);
1023 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset, taglen - 4, cat_str);
1025 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset, taglen - 4, "ERROR PARSING CATEGORIES");
1026 offset += taglen - 4;
1030 /* enumerated categories, see CIPSO draft section 3.4.3 for tag format */
1031 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1032 ((offset + (int)taglen - 1) > offset_max)) {
1033 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1037 /* skip past alignment octet */
1040 /* sensitivity level */
1041 proto_tree_add_item(field_tree, hf_ip_cipso_sensitivity_level, tvb, offset, 1, ENC_NA);
1045 int offset_max_cat = offset + taglen - 4;
1046 char *cat_str = (char *)wmem_alloc0(wmem_packet_scope(), USHRT_MAX_STRLEN * 15);
1047 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN);
1049 while ((offset + 2) <= offset_max_cat) {
1050 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
1051 tvb_get_ntohs(tvb, offset));
1053 if (cat_str[0] != '\0')
1054 g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 15);
1055 g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 15);
1058 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset - taglen + 4, taglen - 4, cat_str);
1062 /* ranged categories, see CIPSO draft section 3.4.4 for tag format */
1063 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1064 ((offset + (int)taglen - 1) > offset_max)) {
1065 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1069 /* skip past alignment octet */
1072 /* sensitivity level */
1073 proto_tree_add_item(field_tree, hf_ip_cipso_sensitivity_level, tvb, offset, 1, ENC_NA);
1077 guint16 cat_low, cat_high;
1078 int offset_max_cat = offset + taglen - 4;
1079 char *cat_str = (char *)wmem_alloc0(wmem_packet_scope(), USHRT_MAX_STRLEN * 16);
1080 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN * 2);
1082 while ((offset + 2) <= offset_max_cat) {
1083 cat_high = tvb_get_ntohs(tvb, offset);
1084 if ((offset + 4) <= offset_max_cat) {
1085 cat_low = tvb_get_ntohs(tvb, offset + 2);
1091 if (cat_low != cat_high)
1092 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u-%u",
1095 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u", cat_high);
1097 if (cat_str[0] != '\0')
1098 g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 16);
1099 g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 16);
1102 proto_tree_add_string(field_tree, hf_ip_cipso_categories, tvb, offset - taglen + 4, taglen - 4, cat_str);
1106 /* permissive categories, see FIPS 188 section 6.9 for tag format */
1107 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1108 ((offset + (int)taglen - 1) > offset_max)) {
1109 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1113 proto_tree_add_item(field_tree, hf_ip_cipso_tag_data, tvb, offset + 2, taglen - 2, ENC_NA);
1117 /* free form, see FIPS 188 section 6.10 for tag format */
1118 if ((taglen < 2) || (taglen > CIPSO_TAG_LEN_MAX) ||
1119 ((offset + (int)taglen - 1) > offset_max)) {
1120 expert_add_info(pinfo, tag_item, &ei_ip_cipso_tag);
1124 proto_tree_add_item(field_tree, hf_ip_cipso_tag_data, tvb, offset + 2, taglen - 2, ENC_NA);
1128 /* unknown tag - stop parsing this IPv4 option */
1129 if ((offset + 1) <= offset_max) {
1130 taglen = tvb_get_guint8(tvb, offset + 1);
1131 proto_item_append_text(tag_item, " (%u bytes)", taglen);
1140 dissect_option_route(proto_tree *tree, tvbuff_t *tvb, int offset, int hf,
1141 int hf_host, gboolean next)
1146 route = tvb_get_ipv4(tvb, offset);
1148 proto_tree_add_ipv4_format_value(tree, hf, tvb, offset, 4, route,
1150 tvb_ip_to_str(tvb, offset));
1152 proto_tree_add_ipv4(tree, hf, tvb, offset, 4, route);
1153 ti = proto_tree_add_string(tree, hf_host, tvb, offset, 4, get_hostname(route));
1154 PROTO_ITEM_SET_GENERATED(ti);
1155 PROTO_ITEM_SET_HIDDEN(ti);
1159 dissect_ipopt_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1160 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1163 proto_tree *field_tree;
1168 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen, *optp->subtree_index, NULL,
1169 "%s (%u bytes)", optp->name, optlen);
1170 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1171 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1172 if (optlen > IPOLEN_MAX)
1173 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1174 ptr = tvb_get_guint8(tvb, offset + 2);
1175 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1176 if ((ptr < (optp->optlen + 1)) || (ptr & 3)) {
1177 if (ptr < (optp->optlen + 1)) {
1178 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_before_address);
1181 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_middle_address);
1187 optoffset = 3; /* skip past type, length and pointer */
1188 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1190 expert_add_info(pinfo, tf, &ei_ip_subopt_too_long);
1195 /* This is a recorded route */
1196 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1197 hf_ip_rec_rt_host, FALSE);
1198 } else if (optoffset == (len - 4)) {
1199 /* This is the the destination */
1202 const char *dst_host;
1204 addr = tvb_get_ipv4(tvb, offset + optoffset);
1205 dst_host = get_hostname(addr);
1206 proto_tree_add_ipv4(field_tree, hf_ip_dst, tvb,
1207 offset + optoffset, 4, addr);
1208 item = proto_tree_add_ipv4(field_tree, hf_ip_addr, tvb,
1209 offset + optoffset, 4, addr);
1210 PROTO_ITEM_SET_HIDDEN(item);
1211 item = proto_tree_add_string(field_tree, hf_ip_dst_host, tvb,
1212 offset + optoffset, 4, dst_host);
1213 PROTO_ITEM_SET_GENERATED(item);
1214 PROTO_ITEM_SET_HIDDEN(item);
1215 item = proto_tree_add_string(field_tree, hf_ip_host, tvb,
1216 offset + optoffset, 4, dst_host);
1217 PROTO_ITEM_SET_GENERATED(item);
1218 PROTO_ITEM_SET_HIDDEN(item);
1219 } else if ((optoffset + 1) < ptr) {
1220 /* This is also a recorded route */
1221 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1222 hf_ip_rec_rt_host, FALSE);
1223 } else if ((optoffset + 1) == ptr) {
1224 /* This is the next source route. TODO: Should we use separate hf's
1225 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1226 * having to pass TRUE/FALSE to dissect_option_route()? */
1227 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1228 hf_ip_src_rt_host, TRUE);
1230 /* This must be a source route */
1231 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1232 hf_ip_src_rt_host, FALSE);
1238 dissect_ipopt_record_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1239 guint optlen, packet_info *pinfo,
1240 proto_tree *opt_tree, void * data _U_)
1242 proto_tree *field_tree;
1247 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen, *optp->subtree_index, NULL,
1248 "%s (%u bytes)", optp->name, optlen);
1249 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1250 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1251 if (optlen > IPOLEN_MAX)
1252 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1253 ptr = tvb_get_guint8(tvb, offset + 2);
1254 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1256 if ((ptr < (optp->optlen + 1)) || (ptr & 3)) {
1257 if (ptr < (optp->optlen + 1)) {
1258 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_before_address);
1261 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_middle_address);
1267 optoffset = 3; /* skip past type, length and pointer */
1268 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1270 expert_add_info(pinfo, tf, &ei_ip_subopt_too_long);
1275 /* The recorded route data area is full. */
1276 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1277 hf_ip_rec_rt_host, FALSE);
1278 } else if ((optoffset + 1) < ptr) {
1279 /* This is a recorded route */
1280 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1281 hf_ip_rec_rt_host, FALSE);
1282 } else if ((optoffset + 1) == ptr) {
1283 /* This is the next available slot. TODO: Should we use separate hf's
1284 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1285 * having to pass TRUE/FALSE to dissect_option_route()? */
1286 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1287 hf_ip_empty_rt_host, TRUE);
1289 /* This must be an available slot too. */
1290 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1291 hf_ip_empty_rt_host, FALSE);
1296 /* Stream Identifier */
1298 dissect_ipopt_sid(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1299 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1302 proto_tree *field_tree;
1305 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen, *optp->subtree_index, NULL,
1306 "%s (%u bytes): %u", optp->name, optlen, tvb_get_ntohs(tvb, offset + 2));
1307 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1308 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1309 if (optlen != (guint)optp->optlen)
1310 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1311 proto_tree_add_item(field_tree, hf_ip_opt_sid, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1314 /* RFC 1063: MTU Probe and MTU Reply */
1316 dissect_ipopt_mtu(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1317 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1320 proto_tree *field_tree;
1323 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen, *optp->subtree_index, NULL,
1324 "%s (%u bytes): %u", optp->name, optlen, tvb_get_ntohs(tvb, offset + 2));
1325 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1326 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1327 if (optlen != (guint)optp->optlen)
1328 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1329 proto_tree_add_item(field_tree, hf_ip_opt_mtu, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1332 /* RFC 1393: Traceroute */
1334 dissect_ipopt_tr(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1335 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1338 proto_tree *field_tree;
1341 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen, *optp->subtree_index, NULL,
1342 "%s (%u bytes)", optp->name, optlen);
1343 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1344 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1345 if (optlen != (guint)optp->optlen)
1346 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1348 proto_tree_add_item(field_tree, hf_ip_opt_id_number, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1349 proto_tree_add_item(field_tree, hf_ip_opt_ohc, tvb, offset + 4, 2, ENC_BIG_ENDIAN);
1350 proto_tree_add_item(field_tree, hf_ip_opt_rhc, tvb, offset + 6, 2, ENC_BIG_ENDIAN);
1351 proto_tree_add_item(field_tree, hf_ip_opt_originator, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
1354 static const value_string ipopt_timestamp_flag_vals[] = {
1355 {IPOPT_TS_TSONLY, "Time stamps only" },
1356 {IPOPT_TS_TSANDADDR, "Time stamp and address" },
1357 {IPOPT_TS_PRESPEC, "Time stamps for prespecified addresses"},
1361 dissect_ipopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb,
1362 int offset, guint optlen, packet_info *pinfo,
1363 proto_tree *opt_tree, void * data _U_)
1365 proto_tree *field_tree;
1372 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen, *optp->subtree_index, NULL,
1373 "%s (%u bytes)", optp->name, optlen);
1374 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1375 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1376 if (optlen > IPOLEN_MAX)
1377 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1378 optoffset += 2; /* skip past type and length */
1379 optlen -= 2; /* subtract size of type and length */
1381 ptr = tvb_get_guint8(tvb, offset + optoffset);
1382 proto_tree_add_uint_format_value(field_tree, hf_ip_opt_ptr, tvb, offset + optoffset, 1, ptr, "%d%s",
1383 ptr, ((ptr == 1) ? " (header is full)" :
1384 (ptr < 5) ? " (points before first address)" :
1385 (((ptr - 1) & 3) ? " (points to middle of field)" : "")));
1388 ptr--; /* ptr is 1-origin */
1390 flg = tvb_get_guint8(tvb, offset + optoffset);
1391 proto_tree_add_item(field_tree, hf_ip_opt_overflow, tvb, offset + optoffset, 1, ENC_NA);
1393 proto_tree_add_item(field_tree, hf_ip_opt_flag, tvb, offset + optoffset, 1, ENC_NA);
1397 while (optlen > 0) {
1398 if (flg == IPOPT_TS_TSANDADDR || flg == IPOPT_TS_PRESPEC) {
1400 proto_tree_add_expert(field_tree, pinfo, &ei_ip_subopt_too_long, tvb, offset + optoffset, optlen);
1403 addr = tvb_get_ipv4(tvb, offset + optoffset);
1404 proto_tree_add_ipv4_format_value(field_tree, hf_ip_opt_time_stamp_addr, tvb, offset + optoffset, 4, addr,
1405 "%s", ((addr == 0) ? "-" : get_hostname(addr)));
1409 proto_tree_add_item(field_tree, hf_ip_opt_time_stamp, tvb, offset + optoffset, 4, ENC_BIG_ENDIAN);
1414 proto_tree_add_expert(field_tree, pinfo, &ei_ip_subopt_too_long, tvb, offset + optoffset, optlen);
1417 proto_tree_add_item(field_tree, hf_ip_opt_time_stamp, tvb, offset + optoffset, 4, ENC_BIG_ENDIAN);
1425 static const range_string ra_rvals[] = {
1426 {0, 0, "Router shall examine packet"},
1427 {1, 65535, "Reserved"},
1432 dissect_ipopt_ra(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1433 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1436 /* Router-Alert, as defined by RFC2113 */
1437 proto_tree *field_tree;
1439 guint16 value = tvb_get_ntohs(tvb, offset + 2);
1441 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen,
1442 *optp->subtree_index, NULL, "%s (%u bytes): %s (%u)", optp->name, optlen,
1443 rval_to_str(value, ra_rvals, "Unknown (%u)"),
1445 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1446 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1447 if (optlen != (guint)optp->optlen)
1448 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1449 proto_tree_add_item(field_tree, hf_ip_opt_ra, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1452 /* RFC 1770: Selective Directed Broadcast */
1454 dissect_ipopt_sdb(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1455 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1458 proto_tree *field_tree;
1461 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen, *optp->subtree_index, NULL,
1462 "%s (%u bytes)", optp->name, optlen);
1463 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1464 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1465 if (optlen > IPOLEN_MAX)
1466 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1467 for (offset += 2, optlen -= 2; optlen >= 4; offset += 4, optlen -= 4)
1468 proto_tree_add_item(field_tree, hf_ip_opt_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
1471 proto_tree_add_item(field_tree, hf_ip_opt_padding, tvb, offset, optlen, ENC_NA);
1474 const value_string qs_func_vals[] = {
1475 {QS_RATE_REQUEST, "Rate request"},
1476 {QS_RATE_REPORT, "Rate report"},
1480 static const value_string qs_rate_vals[] = {
1486 { 5, "1.28 Mbit/s"},
1487 { 6, "2.56 Mbit/s"},
1488 { 7, "5.12 Mbit/s"},
1489 { 8, "10.24 Mbit/s"},
1490 { 9, "20.48 Mbit/s"},
1491 {10, "40.96 Mbit/s"},
1492 {11, "81.92 Mbit/s"},
1493 {12, "163.84 Mbit/s"},
1494 {13, "327.68 Mbit/s"},
1495 {14, "655.36 Mbit/s"},
1496 {15, "1.31072 Gbit/s"},
1499 value_string_ext qs_rate_vals_ext = VALUE_STRING_EXT_INIT(qs_rate_vals);
1502 dissect_ipopt_qs(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1503 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1506 proto_tree *field_tree;
1509 ws_ip *iph = (ws_ip*)data;
1511 guint8 command = tvb_get_guint8(tvb, offset + 2);
1512 guint8 function = command >> 4;
1513 guint8 rate = command & QS_RATE_MASK;
1516 field_tree = proto_tree_add_subtree_format(opt_tree, tvb, offset, optlen,
1517 *optp->subtree_index, NULL, "%s (%u bytes): %s (%u)", optp->name, optlen,
1518 val_to_str(function, qs_func_vals, "Unknown (%u)"),
1521 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1522 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1523 if (optlen != (guint)optp->optlen)
1524 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1525 proto_tree_add_item(field_tree, hf_ip_opt_qs_func, tvb, offset + 2, 1, ENC_NA);
1527 if (function == QS_RATE_REQUEST) {
1528 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset + 2, 1, ENC_NA);
1529 proto_tree_add_item(field_tree, hf_ip_opt_qs_ttl, tvb, offset + 3, 1, ENC_NA);
1530 ttl_diff = (iph->ip_ttl - tvb_get_guint8(tvb, offset + 3) % 256);
1531 ti = proto_tree_add_uint(field_tree, hf_ip_opt_qs_ttl_diff,
1532 tvb, offset + 3, 1, ttl_diff);
1533 PROTO_ITEM_SET_GENERATED(ti);
1534 proto_item_append_text(tf, ", %s, QS TTL %u, QS TTL diff %u",
1535 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"),
1536 tvb_get_guint8(tvb, offset + 3), ttl_diff);
1537 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1538 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1539 } else if (function == QS_RATE_REPORT) {
1540 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset + 2, 1, ENC_NA);
1541 proto_item_append_text(tf, ", %s",
1542 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"));
1543 proto_tree_add_item(field_tree, hf_ip_opt_qs_unused, tvb, offset + 3, 1, ENC_NA);
1544 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1545 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 4, 4, ENC_BIG_ENDIAN);
1549 static const ip_tcp_opt ipopts[] = {
1550 {IPOPT_EOOL, "End of Options List (EOL)", &ett_ip_option_eool,
1551 OPT_LEN_NO_LENGTH, 0, dissect_ipopt_eool},
1552 {IPOPT_NOP, "No Operation (NOP)", &ett_ip_option_nop,
1553 OPT_LEN_NO_LENGTH, 0, dissect_ipopt_nop},
1554 {IPOPT_SEC, "Security", &ett_ip_option_sec,
1555 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SEC_MIN, dissect_ipopt_security},
1556 {IPOPT_LSR, "Loose Source Route", &ett_ip_option_route,
1557 OPT_LEN_VARIABLE_LENGTH, IPOLEN_LSR_MIN, dissect_ipopt_route},
1558 {IPOPT_TS, "Time Stamp", &ett_ip_option_timestamp,
1559 OPT_LEN_VARIABLE_LENGTH, IPOLEN_TS_MIN, dissect_ipopt_timestamp},
1560 {IPOPT_ESEC, "Extended Security", &ett_ip_option_ext_security,
1561 OPT_LEN_VARIABLE_LENGTH, IPOLEN_ESEC_MIN, dissect_ipopt_ext_security},
1562 {IPOPT_CIPSO, "Commercial Security", &ett_ip_option_cipso,
1563 OPT_LEN_VARIABLE_LENGTH, IPOLEN_CIPSO_MIN, dissect_ipopt_cipso},
1564 {IPOPT_RR, "Record Route", &ett_ip_option_route,
1565 OPT_LEN_VARIABLE_LENGTH, IPOLEN_RR_MIN, dissect_ipopt_record_route},
1566 {IPOPT_SID, "Stream ID", &ett_ip_option_sid,
1567 OPT_LEN_FIXED_LENGTH, IPOLEN_SID, dissect_ipopt_sid},
1568 {IPOPT_SSR, "Strict Source Route", &ett_ip_option_route,
1569 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SSR_MIN, dissect_ipopt_route},
1571 {IPOPT_ZSU, "Experimental Measurement", &ett_ip_option_zsu,
1572 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ZSU_MIN, dissect_ipopt_zsu},
1574 {IPOPT_MTUP, "MTU Probe", &ett_ip_option_mtu,
1575 OPT_LEN_FIXED_LENGTH, IPOLEN_MTU, dissect_ipopt_mtu},
1576 {IPOPT_MTUR, "MTU Reply", &ett_ip_option_mtu,
1577 OPT_LEN_FIXED_LENGTH, IPOLEN_MTU, dissect_ipopt_mtu},
1579 {IPOPT_FINN, "Experimental Flow Control", &ett_ip_option_finn,
1580 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_FINN_MIN, dissect_ipopt_finn},
1581 {IPOPT_VISA, "Experimental Access Control", &ett_ip_option_visa,
1582 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_VISA_MIN, dissect_ipopt_visa},
1583 {IPOPT_ENCODE, "???", &ett_ip_option_encode,
1584 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ENCODE_MIN, dissect_ipopt_encode},
1585 {IPOPT_IMITD, "IMI Traffic Descriptor", &ett_ip_option_imitd,
1586 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_IMITD_MIN, dissect_ipopt_imitd},
1587 {IPOPT_EIP, "Extended Internet Protocol", &ett_ip_option_eip,
1588 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_EIP_MIN, dissect_ipopt_eip},
1590 {IPOPT_TR, "Traceroute", &ett_ip_option_tr,
1591 OPT_LEN_FIXED_LENGTH, IPOLEN_TR, dissect_ipopt_tr},
1593 {IPOPT_ADDEXT, "Address Extension", &ett_ip_option_addext,
1594 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ADDEXT_MIN, dissect_ipopt_addext},
1596 {IPOPT_RTRALT, "Router Alert", &ett_ip_option_ra,
1597 OPT_LEN_FIXED_LENGTH, IPOLEN_RA, dissect_ipopt_ra},
1598 {IPOPT_SDB, "Selective Directed Broadcast", &ett_ip_option_sdb,
1599 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SDB_MIN, dissect_ipopt_sdb},
1601 {IPOPT_UN, "Unassigned", &ett_ip_option_un,
1602 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_UN_MIN, dissect_ipopt_un},
1603 {IPOPT_DPS, "Dynamic Packet State", &ett_ip_option_dps,
1604 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_DPS_MIN, dissect_ipopt_dps},
1605 {IPOPT_UMP, "Upstream Multicast Pkt.", &ett_ip_option_ump,
1606 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_UMP_MIN, dissect_ipopt_ump},
1608 {IPOPT_QS, "Quick-Start", &ett_ip_option_qs,
1609 OPT_LEN_FIXED_LENGTH, IPOLEN_QS, dissect_ipopt_qs}
1611 {IPOPT_EXP, "RFC3692-style Experiment", &ett_ip_option_exp,
1612 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_EXP_MIN, dissect_ipopt_exp}
1616 #define N_IP_OPTS array_length(ipopts)
1618 /* Dissect the IP, TCP or various PPP protocols (IPCP, CP, LCP, VSNCP, BAP)
1619 * options in a packet. */
1621 dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length,
1622 const ip_tcp_opt *opttab, int nopts, int eol,
1623 ip_tcp_opt_type* opttypes, expert_field* ei_bad,
1624 packet_info *pinfo, proto_tree *opt_tree,
1625 proto_item *opt_item, void * data)
1628 const ip_tcp_opt *optp;
1629 opt_len_type len_type;
1630 unsigned int optlen;
1632 void (*dissect)(const struct ip_tcp_opt *, tvbuff_t *,
1633 int, guint, packet_info *, proto_tree *,
1635 guint len, nop_count = 0;
1637 while (length > 0) {
1638 opt = tvb_get_guint8(tvb, offset);
1639 for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
1640 if (optp->optcode == opt)
1643 if (optp == &opttab[nopts]) {
1644 /* We assume that the only OPT_LEN_NO_LENGTH options are EOL and NOP options,
1645 so that we can treat unknown options as OPT_LEN_VARIABLE_LENGTH with a
1646 minimum of 2, and at least be able to move on to the next option
1647 by using the length in the option. */
1648 optp = NULL; /* indicate that we don't know this option */
1649 len_type = OPT_LEN_VARIABLE_LENGTH;
1651 name = wmem_strdup_printf(wmem_packet_scope(), "Unknown (0x%02x)", opt);
1655 len_type = optp->len_type;
1656 optlen = optp->optlen;
1658 dissect = optp->dissect;
1659 if (opt_item && len_type == OPT_LEN_NO_LENGTH && optlen == 0 && opt == 1 &&
1660 (nop_count == 0 || offset % 4)) { /* opt 1 = NOP in both IP and TCP */
1661 /* Count number of NOP in a row within a uint32 */
1667 --length; /* account for type byte */
1668 if (len_type != OPT_LEN_NO_LENGTH) {
1669 /* Option has a length. Is it in the packet? */
1671 /* Bogus - packet must at least include option code byte and
1673 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, 1,
1674 "%s (length byte past end of options)", name);
1677 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1678 --length; /* account for length byte */
1680 /* Bogus - option length is too short to include option code and
1682 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, 2,
1683 "%s (with too-short option length = %u byte%s)",
1684 name, len, plurality(len, "", "s"));
1686 } else if (len - 2 > length) {
1687 /* Bogus - option goes past the end of the header. */
1688 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, length,
1689 "%s (option length = %u byte%s says option goes past end of options)",
1690 name, len, plurality(len, "", "s"));
1692 } else if (len_type == OPT_LEN_FIXED_LENGTH && len != optlen) {
1693 /* Bogus - option length isn't what it's supposed to be for this
1695 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, len,
1696 "%s (with option length = %u byte%s; should be %u)",
1697 name, len, plurality(len, "", "s"), optlen);
1699 } else if (len_type == OPT_LEN_VARIABLE_LENGTH && len < optlen) {
1700 /* Bogus - option length is less than what it's supposed to be for
1702 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, len,
1703 "%s (with option length = %u byte%s; should be >= %u)",
1704 name, len, plurality(len, "", "s"), optlen);
1708 proto_tree_add_subtree_format(opt_tree, tvb, offset, len, ett_unknown_ip_tcp_opt, NULL, "%s (%u byte%s)",
1709 name, len, plurality(len, "", "s"));
1711 if (dissect != NULL) {
1712 /* Option has a dissector. */
1713 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1715 (*dissect)(optp, tvb, offset, len, pinfo, opt_tree, data);
1717 proto_tree *field_tree;
1719 /* Option has no data, hence no dissector. */
1720 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1722 field_tree = proto_tree_add_subtree(opt_tree, tvb, offset, len, ett_ip_option_other, NULL, name);
1723 dissect_ipopt_type(tvb, offset, field_tree, opttypes);
1726 len -= 2; /* subtract size of type and length */
1731 if (dissect != NULL) {
1732 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1734 (*dissect)(optp, tvb, offset, 1, pinfo, opt_tree, data);
1736 proto_tree *field_tree;
1738 /* Option has no data, hence no dissector. */
1739 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s", name);
1740 field_tree = proto_tree_add_subtree(opt_tree, tvb, offset, 1, ett_ip_option_other, NULL, name);
1741 dissect_ipopt_type(tvb, offset, field_tree, opttypes);
1745 if (nop_count == 4 && strcmp (name, "No-Operation (NOP)") == 0) {
1746 expert_add_info(pinfo, opt_item, &ei_ip_nop);
1754 /* This function searches the IP options for either a loose or strict source
1755 * route option, then returns the offset to the destination address if the
1756 * pointer is still valid or zero if the pointer is greater than the length.
1758 * The guts of this function was taken from dissect_ip_tcp_options().
1761 get_dst_offset(tvbuff_t *tvb, int offset, guint length,
1762 const ip_tcp_opt *opttab, int nopts, int eol)
1765 const ip_tcp_opt *optp;
1766 opt_len_type len_type;
1767 unsigned int optlen;
1769 int orig_offset = offset;
1771 while (length > 0) {
1772 opt = tvb_get_guint8(tvb, offset);
1773 for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
1774 if (optp->optcode == opt)
1777 if (optp == &opttab[nopts]) {
1778 /* We assume that the only NO_LENGTH options are EOL and NOP options,
1779 so that we can treat unknown options as VARIABLE_LENGTH with a
1780 minimum of 2, and at least be able to move on to the next option
1781 by using the length in the option. */
1782 optp = NULL; /* indicate that we don't know this option */
1783 len_type = OPT_LEN_VARIABLE_LENGTH;
1786 len_type = optp->len_type;
1787 optlen = optp->optlen;
1789 --length; /* account for type byte */
1790 if (len_type != OPT_LEN_NO_LENGTH) {
1791 /* Option has a length. Is it in the packet? */
1793 /* Bogus - packet must at least include option code byte and
1797 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1798 --length; /* account for length byte */
1800 /* Bogus - option length is too short to include option code and
1803 } else if (len - 2 > length) {
1804 /* Bogus - option goes past the end of the header. */
1806 } else if (len_type == OPT_LEN_FIXED_LENGTH && len != optlen) {
1807 /* Bogus - option length isn't what it's supposed to be for this
1810 } else if (len_type == OPT_LEN_VARIABLE_LENGTH && len < optlen) {
1811 /* Bogus - option length is less than what it's supposed to be for
1816 if (opt == IPOPT_SSR || opt == IPOPT_LSR) {
1817 /* Hmm, what if you have both options? */
1820 ptr = tvb_get_guint8(tvb, offset + 2);
1821 if (ptr < 4 || (ptr & 3) || (ptr > len)) {
1824 return (offset - orig_offset) + 4 + (len - 4);
1827 len -= 2; /* subtract size of type and length */
1840 /* Returns the valid ttl for the group address */
1842 local_network_control_block_addr_valid_ttl(guint32 addr)
1844 /* An exception list, as some protocols seem to insist on
1845 * doing differently:
1848 /* IETF's VRRP (rfc3768) */
1849 if (IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR == addr)
1850 return IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL;
1852 if (IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR == addr)
1853 return IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL;
1854 /* mDNS (draft-cheshire-dnsext-multicastdns-07) */
1855 if (IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR == addr)
1856 return IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL;
1857 /* LLMNR (rfc4795) */
1858 if (IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR == addr)
1859 return IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL;
1860 return IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL;
1863 static const value_string dscp_short_vals[] = {
1864 { IPDSFIELD_DSCP_DEFAULT, "CS0" },
1865 { IPDSFIELD_DSCP_CS1, "CS1" },
1866 { IPDSFIELD_DSCP_AF11, "AF11" },
1867 { IPDSFIELD_DSCP_AF12, "AF12" },
1868 { IPDSFIELD_DSCP_AF13, "AF13" },
1869 { IPDSFIELD_DSCP_CS2, "CS2" },
1870 { IPDSFIELD_DSCP_AF21, "AF21" },
1871 { IPDSFIELD_DSCP_AF22, "AF22" },
1872 { IPDSFIELD_DSCP_AF23, "AF23" },
1873 { IPDSFIELD_DSCP_CS3, "CS3" },
1874 { IPDSFIELD_DSCP_AF31, "AF31" },
1875 { IPDSFIELD_DSCP_AF32, "AF32" },
1876 { IPDSFIELD_DSCP_AF33, "AF33" },
1877 { IPDSFIELD_DSCP_CS4, "CS4" },
1878 { IPDSFIELD_DSCP_AF41, "AF41" },
1879 { IPDSFIELD_DSCP_AF42, "AF42" },
1880 { IPDSFIELD_DSCP_AF43, "AF43" },
1881 { IPDSFIELD_DSCP_CS5, "CS5" },
1882 { IPDSFIELD_DSCP_EF, "EF PHB" },
1883 { IPDSFIELD_DSCP_CS6, "CS6" },
1884 { IPDSFIELD_DSCP_CS7, "CS7" },
1886 value_string_ext dscp_short_vals_ext = VALUE_STRING_EXT_INIT(dscp_short_vals);
1889 static const value_string dscp_vals[] = {
1890 { IPDSFIELD_DSCP_DEFAULT, "Default" },
1891 { IPDSFIELD_DSCP_CS1, "Class Selector 1" },
1892 { IPDSFIELD_DSCP_AF11, "Assured Forwarding 11" },
1893 { IPDSFIELD_DSCP_AF12, "Assured Forwarding 12" },
1894 { IPDSFIELD_DSCP_AF13, "Assured Forwarding 13" },
1895 { IPDSFIELD_DSCP_CS2, "Class Selector 2" },
1896 { IPDSFIELD_DSCP_AF21, "Assured Forwarding 21" },
1897 { IPDSFIELD_DSCP_AF22, "Assured Forwarding 22" },
1898 { IPDSFIELD_DSCP_AF23, "Assured Forwarding 23" },
1899 { IPDSFIELD_DSCP_CS3, "Class Selector 3" },
1900 { IPDSFIELD_DSCP_AF31, "Assured Forwarding 31" },
1901 { IPDSFIELD_DSCP_AF32, "Assured Forwarding 32" },
1902 { IPDSFIELD_DSCP_AF33, "Assured Forwarding 33" },
1903 { IPDSFIELD_DSCP_CS4, "Class Selector 4" },
1904 { IPDSFIELD_DSCP_AF41, "Assured Forwarding 41" },
1905 { IPDSFIELD_DSCP_AF42, "Assured Forwarding 42" },
1906 { IPDSFIELD_DSCP_AF43, "Assured Forwarding 43" },
1907 { IPDSFIELD_DSCP_CS5, "Class Selector 5" },
1908 { IPDSFIELD_DSCP_EF, "Expedited Forwarding" },
1909 { IPDSFIELD_DSCP_CS6, "Class Selector 6" },
1910 { IPDSFIELD_DSCP_CS7, "Class Selector 7" },
1912 value_string_ext dscp_vals_ext = VALUE_STRING_EXT_INIT(dscp_vals);
1914 static const value_string ecn_short_vals[] = {
1915 { IPDSFIELD_ECT_NOT, "Not-ECT" },
1916 { IPDSFIELD_ECT_1, "ECT(1)" },
1917 { IPDSFIELD_ECT_0, "ECT(0)" },
1918 { IPDSFIELD_CE, "CE" },
1920 value_string_ext ecn_short_vals_ext = VALUE_STRING_EXT_INIT(ecn_short_vals);
1922 static const value_string ecn_vals[] = {
1923 { IPDSFIELD_ECT_NOT, "Not ECN-Capable Transport" },
1924 { IPDSFIELD_ECT_1, "ECN-Capable Transport codepoint '01'" },
1925 { IPDSFIELD_ECT_0, "ECN-Capable Transport codepoint '10'" },
1926 { IPDSFIELD_CE, "Congestion Experienced" },
1928 value_string_ext ecn_vals_ext = VALUE_STRING_EXT_INIT(ecn_vals);
1930 static const value_string precedence_vals[] = {
1931 { IPTOS_PREC_ROUTINE, "routine" },
1932 { IPTOS_PREC_PRIORITY, "priority" },
1933 { IPTOS_PREC_IMMEDIATE, "immediate" },
1934 { IPTOS_PREC_FLASH, "flash" },
1935 { IPTOS_PREC_FLASHOVERRIDE, "flash override" },
1936 { IPTOS_PREC_CRITIC_ECP, "CRITIC/ECP" },
1937 { IPTOS_PREC_INTERNETCONTROL, "internetwork control" },
1938 { IPTOS_PREC_NETCONTROL, "network control" },
1941 static const value_string iptos_vals[] = {
1942 { IPTOS_NONE, "None" },
1943 { IPTOS_LOWCOST, "Minimize cost" },
1944 { IPTOS_RELIABILITY, "Maximize reliability" },
1945 { IPTOS_THROUGHPUT, "Maximize throughput" },
1946 { IPTOS_LOWDELAY, "Minimize delay" },
1947 { IPTOS_SECURITY, "Maximize security" },
1951 static const true_false_string tos_set_low = {
1956 static const true_false_string tos_set_high = {
1961 static const true_false_string flags_sf_set_evil = {
1967 ip_try_dissect(gboolean heur_first, guint nxt, tvbuff_t *tvb, packet_info *pinfo,
1968 proto_tree *tree, ws_ip *iph)
1970 heur_dtbl_entry_t *hdtbl_entry;
1972 if ((heur_first) && (dissector_try_heuristic(heur_subdissector_list, tvb,
1973 pinfo, tree, &hdtbl_entry, iph))) {
1977 if (dissector_try_uint_new(ip_dissector_table, nxt, tvb, pinfo,
1982 if ((!heur_first) && (dissector_try_heuristic(heur_subdissector_list, tvb,
1983 pinfo, tree, &hdtbl_entry,
1992 dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree, void* data _U_)
1994 proto_tree *ip_tree, *field_tree = NULL;
1995 proto_item *ti, *tf;
1997 int offset = 0, dst_off;
2001 fragment_head *ipfd_head = NULL;
2003 gboolean update_col_info = TRUE;
2004 gboolean save_fragmented;
2006 guint32 src32, dst32;
2008 proto_item *item = NULL, *ttl_item;
2013 iph = wmem_new0(wmem_packet_scope(), ws_ip);
2015 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPv4");
2016 col_clear(pinfo->cinfo, COL_INFO);
2018 iph->ip_ver = tvb_get_bits8(tvb, 0, 4);
2020 hlen = tvb_get_bits8(tvb, 4, 4) * 4; /* IP header length, in bytes */
2022 ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, ENC_NA);
2023 ip_tree = proto_item_add_subtree(ti, ett_ip);
2025 tf = proto_tree_add_item(ip_tree, hf_ip_version, tvb, offset, 1, ENC_NA);
2026 if (iph->ip_ver != 4) {
2027 col_add_fstr(pinfo->cinfo, COL_INFO,
2028 "Bogus IPv4 version (%u, must be 4)", iph->ip_ver);
2029 expert_add_info_format(pinfo, tf, &ei_ip_bogus_ip_version, "Bogus IPv4 version");
2030 /* I have a Linux cooked capture with ethertype IPv4 containing an IPv6 packet, continnue dissection in that case*/
2031 if (iph->ip_ver == 6) {
2032 call_dissector(ipv6_handle, tvb, pinfo, tree);
2035 return tvb_captured_length(tvb);
2038 /* if IP is not referenced from any filters we don't need to worry about
2039 generating any tree items. We must do this after we created the actual
2040 protocol above so that proto hier stat still works though.
2041 XXX: Note that because of the following optimization expert items must
2042 not be generated inside of an 'if (tree) ...'
2043 so that Analyze ! Expert ... will work.
2045 if (!proto_field_is_referenced(parent_tree, proto_ip)) {
2049 if (hlen < IPH_MIN_LEN) {
2050 col_add_fstr(pinfo->cinfo, COL_INFO,
2051 "Bogus IP header length (%u, must be at least %u)",
2054 proto_tree_add_uint_bits_format_value(ip_tree, hf_ip_hdr_len, tvb, (offset<<3)+4, 4, hlen,
2055 "%u bytes (bogus, must be at least %u)", hlen, IPH_MIN_LEN);
2056 return tvb_captured_length(tvb);
2059 proto_tree_add_uint_bits_format_value(ip_tree, hf_ip_hdr_len, tvb, (offset<<3)+4, 4, hlen,
2060 "%u bytes (%u)", hlen, hlen>>2);
2062 iph->ip_tos = tvb_get_guint8(tvb, offset + 1);
2063 if (g_ip_dscp_actif) {
2064 col_add_str(pinfo->cinfo, COL_DSCP_VALUE,
2065 val_to_str_ext(IPDSFIELD_DSCP(iph->ip_tos), &dscp_short_vals_ext, "%u"));
2069 if (g_ip_dscp_actif) {
2070 tf = proto_tree_add_item(ip_tree, hf_ip_dsfield, tvb, offset + 1, 1, ENC_NA);
2071 proto_item_append_text(tf, " (DSCP: %s, ECN: %s)",
2072 val_to_str_ext_const(IPDSFIELD_DSCP(iph->ip_tos), &dscp_short_vals_ext, "Unknown"),
2073 val_to_str_ext_const(IPDSFIELD_ECN(iph->ip_tos), &ecn_short_vals_ext, "Unknown"));
2075 field_tree = proto_item_add_subtree(tf, ett_ip_dsfield);
2076 proto_tree_add_item(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, ENC_NA);
2077 proto_tree_add_item(field_tree, hf_ip_dsfield_ecn, tvb, offset + 1, 1, ENC_NA);
2079 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_tos, tvb, offset + 1, 1,
2083 val_to_str_const(IPTOS_TOS(iph->ip_tos),
2084 iptos_vals, "Unknown"));
2086 field_tree = proto_item_add_subtree(tf, ett_ip_tos);
2087 proto_tree_add_item(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, ENC_NA);
2088 proto_tree_add_item(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, ENC_NA);
2089 proto_tree_add_item(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, ENC_NA);
2090 proto_tree_add_item(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, ENC_NA);
2091 proto_tree_add_item(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, ENC_NA);
2095 /* Length of IP datagram.
2096 XXX - what if this is greater than the reported length of the
2097 tvbuff? This could happen, for example, in an IP datagram
2098 inside an ICMP datagram; we need to somehow let the
2099 dissector we call know that, as it might want to avoid
2100 doing its checksumming. */
2101 iph->ip_len = tvb_get_ntohs(tvb, offset + 2);
2103 if (iph->ip_len < hlen) {
2104 if (ip_tso_supported && !iph->ip_len) {
2105 /* TSO support enabled, and zero length. Assume the zero length is
2106 * the result of TSO, and use the reported length instead. Note that
2107 * we need to use the frame/reported length instead of the actually-
2108 * available length, just in case a snaplen was used on capture. */
2109 iph->ip_len = tvb_reported_length(tvb);
2111 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2113 "%u bytes (reported as 0, presumed to be because of \"TCP segmentation offload\" (TSO))",
2115 PROTO_ITEM_SET_GENERATED(tf);
2118 /* TSO support not enabled, or non-zero length, so treat it as an error. */
2119 col_add_fstr(pinfo->cinfo, COL_INFO,
2120 "Bogus IP length (%u, less than header length %u)",
2122 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2124 "%u bytes (bogus, less than header length %u)",
2126 expert_add_info(pinfo, tf, &ei_ip_bogus_ip_length);
2127 /* Can't dissect any further */
2128 return tvb_captured_length(tvb);
2131 tf = proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len);
2132 if (iph->ip_len > tvb_reported_length(tvb)) {
2134 * Length runs past the data we're given.
2135 * Note that if not in a ICMP error packet.
2137 if (!pinfo->flags.in_error_pkt) {
2138 expert_add_info_format(pinfo, tf, &ei_ip_bogus_ip_length,
2139 "IPv4 total length exceeds packet length (%u bytes)",
2140 tvb_reported_length(tvb));
2144 * Now that we know that the total length of this IP datagram isn't
2145 * obviously bogus, adjust the length of this tvbuff to include only
2148 set_actual_length(tvb, iph->ip_len);
2152 iph->ip_id = tvb_get_ntohs(tvb, offset + 4);
2154 proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph->ip_id);
2156 iph->ip_off = tvb_get_ntohs(tvb, offset + 6);
2157 bit_offset = (offset + 6) * 8;
2159 flags = (iph->ip_off & (IP_RF | IP_DF | IP_MF)) >> IP_OFFSET_WIDTH;
2160 tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags);
2161 field_tree = proto_item_add_subtree(tf, ett_ip_off);
2162 if (ip_security_flag) {
2165 sf = proto_tree_add_bits_item(field_tree, hf_ip_flags_sf, tvb,
2166 bit_offset + 0, 1, ENC_BIG_ENDIAN);
2167 if (iph->ip_off & IP_RF) {
2168 proto_item_append_text(tf, " (Evil packet!)");
2169 expert_add_info(pinfo, sf, &ei_ip_evil_packet);
2172 proto_tree_add_bits_item(field_tree, hf_ip_flags_rf, tvb, bit_offset + 0,
2173 1, ENC_LITTLE_ENDIAN);
2175 if (iph->ip_off & IP_DF)
2176 proto_item_append_text(tf, " (Don't Fragment)");
2178 proto_tree_add_bits_item(field_tree, hf_ip_flags_df, tvb, bit_offset + 1,
2180 if (iph->ip_off & IP_MF)
2181 proto_item_append_text(tf, " (More Fragments)");
2182 proto_tree_add_bits_item(field_tree, hf_ip_flags_mf, tvb, bit_offset + 2,
2184 proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
2185 (iph->ip_off & IP_OFFSET)*8);
2187 iph->ip_ttl = tvb_get_guint8(tvb, offset + 8);
2189 ttl_item = proto_tree_add_item(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, ENC_BIG_ENDIAN);
2194 iph->ip_nxt = tvb_get_guint8(tvb, offset + 9);
2196 proto_tree_add_item(ip_tree, hf_ip_proto, tvb, offset + 9, 1, ENC_BIG_ENDIAN);
2199 iph->ip_sum = tvb_get_ntohs(tvb, offset + 10);
2202 * If checksum checking is enabled, and we have the entire IP header
2203 * available, and this isn't inside an ICMP error packet, check the
2206 if (ip_check_checksum && tvb_bytes_exist(tvb, offset, hlen)&&(!pinfo->flags.in_error_pkt)) {
2207 ipsum = ip_checksum_tvb(tvb, offset, hlen);
2208 item = proto_tree_add_checksum(ip_tree, tvb, offset + 10, hf_ip_checksum, hf_ip_checksum_status, &ei_ip_checksum_bad, pinfo, ipsum,
2209 ENC_BIG_ENDIAN, PROTO_CHECKSUM_VERIFY|PROTO_CHECKSUM_IN_CKSUM);
2211 /* XXX - Keeping hf_ip_checksum_calculated field for now. Doesn't fit into the
2212 proto_tree_add_checksum design, but IP is a popular enough dissector that somebody
2213 may have a legitimate reason for wanting it filtered */
2214 item = proto_tree_add_uint(ip_tree, hf_ip_checksum_calculated, tvb,
2215 offset + 10, 2, iph->ip_sum);
2216 PROTO_ITEM_SET_GENERATED(item);
2218 proto_item_append_text(item, "(may be caused by \"IP checksum offload\"?)");
2220 item = proto_tree_add_uint(ip_tree, hf_ip_checksum_calculated, tvb,
2221 offset + 10, 2, in_cksum_shouldbe(iph->ip_sum, ipsum));
2222 PROTO_ITEM_SET_GENERATED(item);
2226 proto_tree_add_uint_format_value(ip_tree, hf_ip_checksum, tvb,
2227 offset + 10, 2, iph->ip_sum,
2231 (pinfo->flags.in_error_pkt ?
2232 "in ICMP error packet" :
2233 "not all data available") :
2234 "validation disabled");
2235 item = proto_tree_add_uint(ip_tree, hf_ip_checksum_status, tvb,
2236 offset + 10, 0, PROTO_CHECKSUM_E_UNVERIFIED);
2237 PROTO_ITEM_SET_GENERATED(item);
2239 src32 = tvb_get_ntohl(tvb, offset + IPH_SRC);
2240 set_address_tvb(&pinfo->net_src, AT_IPv4, 4, tvb, offset + IPH_SRC);
2241 copy_address_shallow(&pinfo->src, &pinfo->net_src);
2242 copy_address_shallow(&iph->ip_src, &pinfo->src);
2244 const char *src_host;
2246 memcpy(&addr, iph->ip_src.data, 4);
2247 src_host = get_hostname(addr);
2248 if (ip_summary_in_tree) {
2249 proto_item_append_text(ti, ", Src: %s", address_with_resolution_to_str(wmem_packet_scope(), &iph->ip_src));
2251 proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, addr);
2252 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 12, 4, addr);
2253 PROTO_ITEM_SET_HIDDEN(item);
2254 item = proto_tree_add_string(ip_tree, hf_ip_src_host, tvb, offset + 12, 4,
2256 PROTO_ITEM_SET_GENERATED(item);
2257 PROTO_ITEM_SET_HIDDEN(item);
2258 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb, offset + 12, 4,
2260 PROTO_ITEM_SET_GENERATED(item);
2261 PROTO_ITEM_SET_HIDDEN(item);
2264 /* If there's an IP strict or loose source routing option, then the final
2265 * L3 IP destination address will be the last entry in the routing header
2266 * EXCEPT when the table is exhausted (pointer is greater than the length).
2267 * In this case, the final L3 IP destination address is the one in the L3
2268 * header. (REF: http://tools.ietf.org/html/rfc791#section-3.1)
2270 if (hlen > IPH_MIN_LEN) {
2271 /* There's more than just the fixed-length header. See if we've got
2272 * either a strict or loose source route option and if so, return the
2273 * offset into the tvb to where the real destination IP address is located.
2275 dst_off = get_dst_offset(tvb, offset + 20, hlen - IPH_MIN_LEN, ipopts,
2276 N_IP_OPTS, IPOPT_EOOL);
2281 dst32 = tvb_get_ntohl(tvb, offset + IPH_DST + dst_off);
2282 set_address_tvb(&pinfo->net_dst, AT_IPv4, 4, tvb, offset + IPH_DST + dst_off);
2283 copy_address_shallow(&pinfo->dst, &pinfo->net_dst);
2284 copy_address_shallow(&iph->ip_dst, &pinfo->net_dst);
2286 /* If an IP is destined for an IP address in the Local Network Control Block
2287 * (e.g. 224.0.0.0/24), the packet should never be routed and the TTL would
2288 * be expected to be 1. (see RFC 3171) Flag a TTL greater than 1.
2290 * Flag a low TTL if the packet is not destined for a multicast address
2291 * (e.g. 224.0.0.0/4) ... and the payload isn't protocol 103 (PIM).
2292 * (see http://tools.ietf.org/html/rfc3973#section-4.7).
2294 if (is_a_local_network_control_block_addr(dst32)) {
2295 ttl = local_network_control_block_addr_valid_ttl(dst32);
2296 if (ttl != iph->ip_ttl && ttl != IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL) {
2297 expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_lncb, "\"Time To Live\" != %d for a packet sent to the "
2298 "Local Network Control Block (see RFC 3171)",
2301 } else if (!is_a_multicast_addr(dst32) &&
2302 /* At least BGP should appear here as well */
2304 iph->ip_nxt != IP_PROTO_PIM &&
2305 iph->ip_nxt != IP_PROTO_OSPF) {
2306 expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_too_small, "\"Time To Live\" only %u", iph->ip_ttl);
2310 const char *dst_host;
2312 memcpy(&addr, iph->ip_dst.data, 4);
2313 dst_host = get_hostname(addr);
2314 if (ip_summary_in_tree) {
2315 proto_item_append_text(ti, ", Dst: %s", address_with_resolution_to_str(wmem_packet_scope(), &iph->ip_dst));
2321 cur_rt = tvb_get_ipv4(tvb, offset + 16);
2322 if (ip_summary_in_tree) {
2323 proto_item_append_text(ti, ", Via: %s",
2324 tvb_address_with_resolution_to_str(wmem_packet_scope(), tvb, AT_IPv4, offset + 16));
2326 proto_tree_add_ipv4(ip_tree, hf_ip_cur_rt, tvb, offset + 16, 4, cur_rt);
2327 item = proto_tree_add_string(ip_tree, hf_ip_cur_rt_host, tvb,
2328 offset + 16, 4, get_hostname(cur_rt));
2329 PROTO_ITEM_SET_GENERATED(item);
2330 PROTO_ITEM_SET_HIDDEN(item);
2333 proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, addr);
2334 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 16, 4,
2336 PROTO_ITEM_SET_HIDDEN(item);
2337 item = proto_tree_add_string(ip_tree, hf_ip_dst_host, tvb, offset + 16,
2339 PROTO_ITEM_SET_GENERATED(item);
2340 PROTO_ITEM_SET_HIDDEN(item);
2341 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb,
2342 offset + 16 + dst_off, 4, dst_host);
2343 PROTO_ITEM_SET_GENERATED(item);
2344 PROTO_ITEM_SET_HIDDEN(item);
2349 if (tree && ip_use_geoip) {
2350 add_geoip_info(ip_tree, tvb, offset, src32, dst32);
2354 /* Decode IP options, if any. */
2355 if (hlen > IPH_MIN_LEN) {
2356 /* There's more than just the fixed-length header. Decode the options. */
2357 optlen = hlen - IPH_MIN_LEN; /* length of options, in bytes */
2358 field_tree = proto_tree_add_subtree_format(ip_tree, tvb, offset + 20, optlen,
2359 ett_ip_options, &tf, "Options: (%u bytes)", optlen);
2360 dissect_ip_tcp_options(tvb, offset + 20, optlen, ipopts, N_IP_OPTS,
2361 IPOPT_EOOL, &IP_OPT_TYPES, &ei_ip_opt_len_invalid, pinfo, field_tree, tf, iph);
2364 p_add_proto_data(pinfo->pool, pinfo, proto_ip, pinfo->curr_layer_num, GUINT_TO_POINTER((guint)iph->ip_nxt));
2365 tap_queue_packet(ip_tap, pinfo, iph);
2367 /* Skip over header + options */
2370 /* If ip_defragment is on, this is a fragment, we have all the data
2371 * in the fragment, and the header checksum is valid, then just add
2372 * the fragment to the hashtable.
2374 save_fragmented = pinfo->fragmented;
2375 if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
2376 tvb_bytes_exist(tvb, offset, iph->ip_len - hlen) &&
2378 ipfd_head = fragment_add_check(&ip_reassembly_table, tvb, offset,
2380 iph->ip_nxt ^ iph->ip_id ^ src32 ^ dst32 ^ pinfo->vlan_id,
2382 (iph->ip_off & IP_OFFSET) * 8,
2384 iph->ip_off & IP_MF);
2386 next_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled IPv4",
2387 ipfd_head, &ip_frag_items,
2388 &update_col_info, ip_tree);
2390 /* If this is the first fragment, dissect its contents, otherwise
2391 just show it as a fragment.
2393 XXX - if we eventually don't save the reassembled contents of all
2394 fragmented datagrams, we may want to always reassemble. */
2395 if (iph->ip_off & IP_OFFSET) {
2396 /* Not the first fragment - don't dissect it. */
2399 /* First fragment, or not fragmented. Dissect what we have here. */
2401 /* Get a tvbuff for the payload. */
2402 next_tvb = tvb_new_subset_remaining(tvb, offset);
2405 * If this is the first fragment, but not the only fragment,
2406 * tell the next protocol that.
2408 if (iph->ip_off & IP_MF)
2409 pinfo->fragmented = TRUE;
2411 pinfo->fragmented = FALSE;
2415 if (next_tvb == NULL) {
2416 /* Just show this as a fragment. */
2417 col_add_fstr(pinfo->cinfo, COL_INFO,
2418 "Fragmented IP protocol (proto=%s %u, off=%u, ID=%04x)",
2419 ipprotostr(iph->ip_nxt), iph->ip_nxt,
2420 (iph->ip_off & IP_OFFSET) * 8, iph->ip_id);
2421 if ( ipfd_head && ipfd_head->reassembled_in != pinfo->num ) {
2422 col_append_fstr(pinfo->cinfo, COL_INFO, " [Reassembled in #%u]",
2423 ipfd_head->reassembled_in);
2426 call_data_dissector(tvb_new_subset_remaining(tvb, offset), pinfo,
2428 pinfo->fragmented = save_fragmented;
2429 return tvb_captured_length(tvb);
2432 if (tvb_reported_length(next_tvb) > 0) {
2433 /* Hand off to the next protocol.
2435 XXX - setting the columns only after trying various dissectors means
2436 that if one of those dissectors throws an exception, the frame won't
2437 even be labeled as an IP frame; ideally, if a frame being dissected
2438 throws an exception, it'll be labeled as a mangled frame of the
2439 type in question. */
2440 if (!ip_try_dissect(try_heuristic_first, iph->ip_nxt, next_tvb, pinfo,
2441 parent_tree, iph)) {
2442 /* Unknown protocol */
2443 if (update_col_info) {
2444 col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)",
2445 ipprotostr(iph->ip_nxt), iph->ip_nxt);
2447 call_data_dissector(next_tvb, pinfo, parent_tree);
2450 pinfo->fragmented = save_fragmented;
2451 return tvb_captured_length(tvb);
2455 dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
2457 proto_tree *ip_tree;
2458 proto_item *ti, *tf;
2461 version = tvb_get_guint8(tvb, 0) >> 4;
2464 dissect_ip_v4(tvb, pinfo, tree, data);
2465 return tvb_captured_length(tvb);
2468 call_dissector(ipv6_handle, tvb, pinfo, tree);
2469 return tvb_captured_length(tvb);
2472 /* Bogus IP version */
2473 ti = proto_tree_add_protocol_format(tree, proto_ip, tvb, 0, 1, "Internet Protocol, bogus version (%u)", version);
2474 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IP");
2475 col_clear(pinfo->cinfo, COL_INFO);
2476 col_add_fstr(pinfo->cinfo, COL_INFO, "Bogus IP version (%u)", version);
2477 ip_tree = proto_item_add_subtree(ti, ett_ip);
2478 tf = proto_tree_add_item(ip_tree, hf_ip_version, tvb, 0, 1, ENC_NA);
2479 expert_add_info(pinfo, tf, &ei_ip_bogus_ip_version);
2484 dissect_ip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2486 int length, tot_length;
2487 guint8 oct, version, ihl;
2491 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2492 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2493 |Version| IHL |Type of Service| Total Length |
2494 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2497 length = tvb_captured_length(tvb);
2499 /* Need at least 4 bytes to make some sort of decision */
2502 oct = tvb_get_guint8(tvb,0);
2507 3. IPv6 Header Format
2510 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2511 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2512 |Version| Traffic Class | Flow Label |
2513 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2514 | Payload Length | Next Header | Hop Limit |
2515 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2523 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2527 + Destination Address +
2531 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2533 Version 4-bit Internet Protocol version number = 6.
2535 Traffic Class 8-bit traffic class field. See section 7.
2537 Flow Label 20-bit flow label. See section 6.
2539 Payload Length 16-bit unsigned integer. Length of the IPv6
2540 payload, i.e., the rest of the packet following
2541 this IPv6 header, in octets. (Note that any
2542 extension headers [section 4] present are
2543 considered part of the payload, i.e., included
2544 in the length count.)
2549 /* Need at least 8 bytes to make a decision */
2552 tot_length = tvb_get_ntohs(tvb,4);
2553 if((tot_length + 40) != (int)tvb_reported_length(tvb)){
2556 call_dissector(ipv6_handle, tvb, pinfo, tree);
2559 /* version == IPv4 , the minimum value for a correct header is 5 */
2560 if((version != 4)|| (ihl < 5)){
2563 /* Total Length is the length of the datagram, measured in octets,
2564 * including internet header and data.
2566 tot_length = tvb_get_ntohs(tvb,2);
2568 if(tot_length != (int)tvb_reported_length(tvb)){
2572 dissect_ip_v4(tvb, pinfo, tree, data);
2577 proto_register_ip(void)
2579 #define ARG_TO_STR(ARG) #ARG
2580 #define FLAGS_OFFSET_WIDTH_MSG(WIDTH) \
2581 "Flags (" ARG_TO_STR(WIDTH) " bits)"
2582 #define FRAG_OFFSET_WIDTH_MSG(WIDTH) \
2583 "Fragment offset (" ARG_TO_STR(WIDTH) " bits)"
2585 static hf_register_info hf[] = {
2587 { "Version", "ip.version", FT_UINT8, BASE_DEC,
2588 NULL, 0xF0, NULL, HFILL }},
2591 { "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC,
2592 NULL, 0x0, NULL, HFILL }},
2595 { "Differentiated Services Field", "ip.dsfield", FT_UINT8, BASE_HEX,
2596 NULL, 0x0, NULL, HFILL }},
2598 { &hf_ip_dsfield_dscp,
2599 { "Differentiated Services Codepoint", "ip.dsfield.dscp", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2600 &dscp_vals_ext, IPDSFIELD_DSCP_MASK, NULL, HFILL }},
2602 { &hf_ip_dsfield_ecn,
2603 { "Explicit Congestion Notification", "ip.dsfield.ecn", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2604 &ecn_vals_ext, IPDSFIELD_ECN_MASK, NULL, HFILL }},
2607 { "Type of Service", "ip.tos", FT_UINT8, BASE_DEC,
2608 NULL, 0x0, NULL, HFILL }},
2610 { &hf_ip_tos_precedence,
2611 { "Precedence", "ip.tos.precedence", FT_UINT8, BASE_DEC,
2612 VALS(precedence_vals), IPTOS_PREC_MASK, NULL, HFILL }},
2615 { "Delay", "ip.tos.delay", FT_BOOLEAN, 8,
2616 TFS(&tos_set_low), IPTOS_LOWDELAY, NULL, HFILL }},
2618 { &hf_ip_tos_throughput,
2619 { "Throughput", "ip.tos.throughput", FT_BOOLEAN, 8,
2620 TFS(&tos_set_high), IPTOS_THROUGHPUT, NULL, HFILL }},
2622 { &hf_ip_tos_reliability,
2623 { "Reliability", "ip.tos.reliability", FT_BOOLEAN, 8,
2624 TFS(&tos_set_high), IPTOS_RELIABILITY, NULL, HFILL }},
2627 { "Cost", "ip.tos.cost", FT_BOOLEAN, 8,
2628 TFS(&tos_set_low), IPTOS_LOWCOST, NULL, HFILL }},
2631 { "Total Length", "ip.len", FT_UINT16, BASE_DEC,
2632 NULL, 0x0, NULL, HFILL }},
2635 { "Identification", "ip.id", FT_UINT16, BASE_HEX_DEC,
2636 NULL, 0x0, NULL, HFILL }},
2639 { "Destination", "ip.dst", FT_IPv4, BASE_NONE,
2640 NULL, 0x0, NULL, HFILL }},
2643 { "Destination Host", "ip.dst_host", FT_STRING, BASE_NONE,
2644 NULL, 0x0, NULL, HFILL }},
2647 { "Source", "ip.src", FT_IPv4, BASE_NONE,
2648 NULL, 0x0, NULL, HFILL }},
2651 { "Source Host", "ip.src_host", FT_STRING, BASE_NONE,
2652 NULL, 0x0, NULL, HFILL }},
2655 { "Source or Destination Address", "ip.addr", FT_IPv4, BASE_NONE,
2656 NULL, 0x0, NULL, HFILL }},
2659 { "Source or Destination Host", "ip.host", FT_STRING, BASE_NONE,
2660 NULL, 0x0, NULL, HFILL }},
2663 { &hf_geoip_country,
2664 { "Source or Destination GeoIP Country", "ip.geoip.country",
2665 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2667 { "Source or Destination GeoIP City", "ip.geoip.city",
2668 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2670 { "Source or Destination GeoIP Organization", "ip.geoip.org",
2671 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2673 { "Source or Destination GeoIP ISP", "ip.geoip.isp",
2674 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2676 { "Source or Destination GeoIP AS Number", "ip.geoip.asnum",
2677 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2679 { "Source or Destination GeoIP Latitude", "ip.geoip.lat",
2680 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2682 { "Source or Destination GeoIP Longitude", "ip.geoip.lon",
2683 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2684 { &hf_geoip_src_country,
2685 { "Source GeoIP Country", "ip.geoip.src_country",
2686 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2687 { &hf_geoip_src_city,
2688 { "Source GeoIP City", "ip.geoip.src_city",
2689 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2690 { &hf_geoip_src_org,
2691 { "Source GeoIP Organization", "ip.geoip.src_org",
2692 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2693 { &hf_geoip_src_isp,
2694 { "Source GeoIP ISP", "ip.geoip.src_isp",
2695 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2696 { &hf_geoip_src_asnum,
2697 { "Source GeoIP AS Number", "ip.geoip.src_asnum",
2698 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2699 { &hf_geoip_src_lat,
2700 { "Source GeoIP Latitude", "ip.geoip.src_lat",
2701 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2702 { &hf_geoip_src_lon,
2703 { "Source GeoIP Longitude", "ip.geoip.src_lon",
2704 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2705 { &hf_geoip_dst_country,
2706 { "Destination GeoIP Country", "ip.geoip.dst_country",
2707 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2708 { &hf_geoip_dst_city,
2709 { "Destination GeoIP City", "ip.geoip.dst_city",
2710 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2711 { &hf_geoip_dst_org,
2712 { "Destination GeoIP Organization", "ip.geoip.dst_org",
2713 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2714 { &hf_geoip_dst_isp,
2715 { "Destination GeoIP ISP", "ip.geoip.dst_isp",
2716 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2717 { &hf_geoip_dst_asnum,
2718 { "Destination GeoIP AS Number", "ip.geoip.dst_asnum",
2719 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2720 { &hf_geoip_dst_lat,
2721 { "Destination GeoIP Latitude", "ip.geoip.dst_lat",
2722 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2723 { &hf_geoip_dst_lon,
2724 { "Destination GeoIP Longitude", "ip.geoip.dst_lon",
2725 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2726 #endif /* HAVE_GEOIP */
2729 { "Flags", "ip.flags", FT_UINT8, BASE_HEX,
2730 NULL, 0x0, FLAGS_OFFSET_WIDTH_MSG(IP_FLAGS_WIDTH), HFILL }},
2733 { "Security flag", "ip.flags.sf", FT_BOOLEAN, BASE_NONE,
2734 TFS(&flags_sf_set_evil), 0x0, "Security flag (RFC 3514)", HFILL }},
2737 { "Reserved bit", "ip.flags.rb", FT_BOOLEAN, BASE_NONE,
2738 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2741 { "Don't fragment", "ip.flags.df", FT_BOOLEAN, BASE_NONE,
2742 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2745 { "More fragments", "ip.flags.mf", FT_BOOLEAN, BASE_NONE,
2746 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2748 { &hf_ip_frag_offset,
2749 { "Fragment offset", "ip.frag_offset", FT_UINT16, BASE_DEC,
2750 NULL, 0x0, FRAG_OFFSET_WIDTH_MSG(IP_OFFSET_WIDTH), HFILL }},
2753 { "Time to live", "ip.ttl", FT_UINT8, BASE_DEC,
2754 NULL, 0x0, NULL, HFILL }},
2757 { "Protocol", "ip.proto", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2758 &ipproto_val_ext, 0x0, NULL, HFILL }},
2761 { "Header checksum", "ip.checksum", FT_UINT16, BASE_HEX,
2762 NULL, 0x0, NULL, HFILL }},
2764 { &hf_ip_checksum_calculated,
2765 { "Calculated Checksum", "ip.checksum_calculated", FT_UINT16, BASE_HEX, NULL, 0x0,
2766 "The expected IP checksum field as calculated from the IP datagram", HFILL }},
2768 { &hf_ip_checksum_status,
2769 { "Header checksum status", "ip.checksum.status", FT_UINT8, BASE_NONE, VALS(proto_checksum_vals), 0x0,
2772 /* IP options related fields */
2774 { "Type", "ip.opt.type", FT_UINT8, BASE_DEC,
2775 NULL, 0x0, NULL, HFILL }},
2777 { &hf_ip_opt_type_copy,
2778 { "Copy on fragmentation", "ip.opt.type.copy", FT_BOOLEAN, 8,
2779 TFS(&tfs_yes_no), IPOPT_COPY_MASK, NULL, HFILL }},
2781 { &hf_ip_opt_type_class,
2782 { "Class", "ip.opt.type.class", FT_UINT8, BASE_DEC,
2783 VALS(ipopt_type_class_vals), IPOPT_CLASS_MASK, NULL, HFILL }},
2785 { &hf_ip_opt_type_number,
2786 { "Number", "ip.opt.type.number", FT_UINT8, BASE_DEC,
2787 VALS(ipopt_type_number_vals), IPOPT_NUMBER_MASK, NULL, HFILL }},
2790 { "Length", "ip.opt.len", FT_UINT8, BASE_DEC,
2791 NULL, 0x0, NULL, HFILL }},
2794 { "Pointer", "ip.opt.ptr", FT_UINT8, BASE_DEC,
2795 NULL, 0x0, NULL, HFILL }},
2798 { "Stream Identifier", "ip.opt.sid", FT_UINT16, BASE_DEC,
2799 NULL, 0x0, "SATNET stream identifier", HFILL }},
2802 { "MTU", "ip.opt.mtu", FT_UINT16, BASE_DEC,
2803 NULL, 0x0, NULL, HFILL }},
2805 { &hf_ip_opt_id_number,
2806 { "ID Number", "ip.opt.id_number", FT_UINT16, BASE_DEC,
2807 NULL, 0x0, NULL, HFILL }},
2810 { "Outbound Hop Count", "ip.opt.ohc", FT_UINT16, BASE_DEC,
2811 NULL, 0x0, NULL, HFILL }},
2814 { "Return Hop Count", "ip.opt.rhc", FT_UINT16, BASE_DEC,
2815 NULL, 0x0, NULL, HFILL }},
2817 { &hf_ip_opt_originator,
2818 { "Originator IP Address", "ip.opt.originator", FT_IPv4, BASE_NONE,
2819 NULL, 0x0, NULL, HFILL }},
2822 { "Router Alert", "ip.opt.ra", FT_UINT16, BASE_DEC | BASE_RANGE_STRING,
2823 RVALS(ra_rvals), 0x0, NULL, HFILL }},
2826 { "IP Address", "ip.opt.addr", FT_IPv4, BASE_NONE,
2827 NULL, 0x0, NULL, HFILL }},
2829 { &hf_ip_opt_padding,
2830 { "Padding", "ip.opt.padding", FT_BYTES, BASE_NONE,
2831 NULL, 0x0, NULL, HFILL }},
2833 { &hf_ip_opt_qs_func,
2834 { "Function", "ip.opt.qs_func", FT_UINT8, BASE_DEC,
2835 VALS(qs_func_vals), QS_FUNC_MASK, NULL, HFILL }},
2837 { &hf_ip_opt_qs_rate,
2838 { "Rate", "ip.opt.qs_rate", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2839 &qs_rate_vals_ext, QS_RATE_MASK, NULL, HFILL }},
2841 { &hf_ip_opt_qs_ttl,
2842 { "QS TTL", "ip.opt.qs_ttl", FT_UINT8, BASE_DEC,
2843 NULL, 0x0, NULL, HFILL }},
2845 { &hf_ip_opt_qs_ttl_diff,
2846 { "TTL Diff", "ip.opt.qs_ttl_diff", FT_UINT8, BASE_DEC,
2847 NULL, 0x0, NULL, HFILL }},
2849 { &hf_ip_opt_qs_unused,
2850 { "Not Used", "ip.opt.qs_unused", FT_UINT8, BASE_DEC,
2851 NULL, 0x0, NULL, HFILL }},
2853 { &hf_ip_opt_qs_nonce,
2854 { "QS Nonce", "ip.opt.qs_nonce", FT_UINT32, BASE_HEX,
2855 NULL, 0xFFFFFFFC, NULL, HFILL }},
2857 { &hf_ip_opt_qs_reserved,
2858 { "Reserved", "ip.opt.qs_reserved", FT_UINT32, BASE_HEX,
2859 NULL, 0x00000003, NULL, HFILL }},
2861 { &hf_ip_opt_sec_rfc791_sec,
2862 { "Security", "ip.opt.sec_rfc791_sec", FT_UINT8, BASE_HEX,
2863 VALS(secl_rfc791_vals), 0x0, NULL, HFILL }},
2865 { &hf_ip_opt_sec_rfc791_comp,
2866 { "Compartments", "ip.opt.sec_rfc791_comp", FT_UINT16, BASE_DEC,
2867 NULL, 0x0, NULL, HFILL }},
2869 { &hf_ip_opt_sec_rfc791_hr,
2870 { "Handling Restrictions", "ip.opt.sec_rfc791_hr", FT_STRING, BASE_NONE,
2871 NULL, 0x0, NULL, HFILL }},
2873 { &hf_ip_opt_sec_rfc791_tcc,
2874 { "Transmission Control Code", "ip.opt.sec_rfc791_tcc", FT_STRING, BASE_NONE,
2875 NULL, 0x0, NULL, HFILL }},
2877 { &hf_ip_opt_sec_cl,
2878 { "Classification Level", "ip.opt.sec_cl", FT_UINT8, BASE_HEX,
2879 VALS(sec_cl_vals), 0x0, NULL, HFILL }},
2881 { &hf_ip_opt_sec_prot_auth_flags,
2882 { "Protection Authority Flags", "ip.opt.sec_prot_auth_flags", FT_UINT8, BASE_HEX,
2883 NULL, 0x0, NULL, HFILL }},
2885 { &hf_ip_opt_sec_prot_auth_genser,
2886 { "GENSER", "ip.opt.sec_prot_auth_genser", FT_BOOLEAN, 8,
2887 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x80, NULL, HFILL }},
2889 { &hf_ip_opt_sec_prot_auth_siop_esi,
2890 { "SIOP-ESI", "ip.opt.sec_prot_auth_siop_esi", FT_BOOLEAN, 8,
2891 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x40, NULL, HFILL }},
2893 { &hf_ip_opt_sec_prot_auth_sci,
2894 { "SCI", "ip.opt.sec_prot_auth_sci", FT_BOOLEAN, 8,
2895 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x20, NULL, HFILL }},
2897 { &hf_ip_opt_sec_prot_auth_nsa,
2898 { "NSA", "ip.opt.sec_prot_auth_nsa", FT_BOOLEAN, 8,
2899 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x10, NULL, HFILL }},
2901 { &hf_ip_opt_sec_prot_auth_doe,
2902 { "DOE", "ip.opt.sec_prot_auth_doe", FT_BOOLEAN, 8,
2903 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x08, NULL, HFILL }},
2905 { &hf_ip_opt_sec_prot_auth_unassigned,
2906 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2907 NULL, 0x06, NULL, HFILL }},
2909 { &hf_ip_opt_sec_prot_auth_unassigned2,
2910 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2911 NULL, 0xFE, NULL, HFILL }},
2913 { &hf_ip_opt_sec_prot_auth_fti,
2914 { "Field Termination Indicator", "ip.opt.sec_prot_auth_fti", FT_BOOLEAN, 8,
2915 TFS(&ip_opt_sec_prot_auth_fti_tfs), 0x01, NULL, HFILL }},
2917 { &hf_ip_opt_ext_sec_add_sec_info_format_code,
2918 { "Additional Security Info Format Code", "ip.opt.ext_sec_add_sec_info_format_code", FT_UINT8, BASE_HEX,
2919 NULL, 0x0, NULL, HFILL }},
2921 { &hf_ip_opt_ext_sec_add_sec_info,
2922 { "Additional Security Info", "ip.opt.ext_sec_add_sec_info", FT_BYTES, BASE_NONE,
2923 NULL, 0x0, NULL, HFILL }},
2926 { "Recorded Route", "ip.rec_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2929 { &hf_ip_rec_rt_host,
2930 { "Recorded Route Host", "ip.rec_rt_host", FT_STRING, BASE_NONE,
2931 NULL, 0x0, NULL, HFILL }},
2934 { "Current Route", "ip.cur_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2937 { &hf_ip_cur_rt_host,
2938 { "Current Route Host", "ip.cur_rt_host", FT_STRING, BASE_NONE,
2939 NULL, 0x0, NULL, HFILL }},
2942 { "Source Route", "ip.src_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2945 { &hf_ip_src_rt_host,
2946 { "Source Route Host", "ip.src_rt_host", FT_STRING, BASE_NONE,
2947 NULL, 0x0, NULL, HFILL }},
2950 { "Empty Route", "ip.empty_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2953 { &hf_ip_empty_rt_host,
2954 { "Empty Route Host", "ip.empty_rt_host", FT_STRING, BASE_NONE,
2955 NULL, 0x0, NULL, HFILL }},
2957 { &hf_ip_cipso_tag_type,
2958 { "Tag Type", "ip.cipso.tag_type", FT_UINT8, BASE_DEC,
2959 VALS(cipso_tag_type_vals), 0x0, NULL, HFILL }},
2962 { &hf_ip_fragment_overlap,
2963 { "Fragment overlap", "ip.fragment.overlap", FT_BOOLEAN, BASE_NONE,
2964 NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
2966 { &hf_ip_fragment_overlap_conflict,
2967 { "Conflicting data in fragment overlap", "ip.fragment.overlap.conflict",
2968 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2969 "Overlapping fragments contained conflicting data", HFILL }},
2971 { &hf_ip_fragment_multiple_tails,
2972 { "Multiple tail fragments found", "ip.fragment.multipletails",
2973 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2974 "Several tails were found when defragmenting the packet", HFILL }},
2976 { &hf_ip_fragment_too_long_fragment,
2977 { "Fragment too long", "ip.fragment.toolongfragment",
2978 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2979 "Fragment contained data past end of packet", HFILL }},
2981 { &hf_ip_fragment_error,
2982 { "Defragmentation error", "ip.fragment.error", FT_FRAMENUM, BASE_NONE,
2983 NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
2985 { &hf_ip_fragment_count,
2986 { "Fragment count", "ip.fragment.count", FT_UINT32, BASE_DEC,
2987 NULL, 0x0, NULL, HFILL }},
2990 { "IPv4 Fragment", "ip.fragment", FT_FRAMENUM, BASE_NONE,
2991 NULL, 0x0, NULL, HFILL }},
2994 { "IPv4 Fragments", "ip.fragments", FT_BYTES, BASE_NONE,
2995 NULL, 0x0, NULL, HFILL }},
2997 { &hf_ip_reassembled_in,
2998 { "Reassembled IPv4 in frame", "ip.reassembled_in", FT_FRAMENUM, BASE_NONE,
2999 NULL, 0x0, "This IPv4 packet is reassembled in this frame", HFILL }},
3001 { &hf_ip_reassembled_length,
3002 { "Reassembled IPv4 length", "ip.reassembled.length", FT_UINT32, BASE_DEC,
3003 NULL, 0x0, "The total length of the reassembled payload", HFILL }},
3005 { &hf_ip_reassembled_data,
3006 { "Reassembled IPv4 data", "ip.reassembled.data", FT_BYTES, BASE_NONE,
3007 NULL, 0x0, "The reassembled payload", HFILL }},
3009 /* Generated from convert_proto_tree_add_text.pl */
3010 { &hf_ip_cipso_doi, { "DOI", "ip.cipso.doi", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3011 { &hf_ip_cipso_sensitivity_level, { "Sensitivity Level", "ip.cipso.sensitivity_level", FT_UINT8, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3012 { &hf_ip_cipso_categories, { "Categories", "ip.cipso.categories", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3013 { &hf_ip_cipso_tag_data, { "Tag data", "ip.cipso.tag_data", FT_BYTES, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3014 { &hf_ip_opt_overflow, { "Overflow", "ip.opt.overflow", FT_UINT8, BASE_DEC, NULL, 0xF0, NULL, HFILL }},
3015 { &hf_ip_opt_flag, { "Flag", "ip.opt.flag", FT_UINT8, BASE_HEX, VALS(ipopt_timestamp_flag_vals), 0x0F, NULL, HFILL }},
3016 { &hf_ip_opt_time_stamp, { "Time stamp", "ip.opt.time_stamp", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }},
3017 { &hf_ip_opt_time_stamp_addr, { "Address", "ip.opt.time_stamp_addr", FT_IPv4, BASE_NONE, NULL, 0x0, NULL, HFILL }},
3021 static gint *ett[] = {
3027 &ett_ip_option_eool,
3030 &ett_ip_option_route,
3031 &ett_ip_option_timestamp,
3032 &ett_ip_option_ext_security,
3033 &ett_ip_option_cipso,
3040 &ett_ip_option_other,
3044 &ett_ip_opt_sec_prot_auth_flags,
3045 &ett_unknown_ip_tcp_opt,
3050 static ei_register_info ei[] = {
3051 { &ei_ip_opt_len_invalid, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Invalid length for option", EXPFILL }},
3052 { &ei_ip_opt_sec_prot_auth_fti, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Field Termination Indicator set to 1 for last byte of option", EXPFILL }},
3053 { &ei_ip_extraneous_data, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Extraneous data in option", EXPFILL }},
3054 { &ei_ip_opt_ptr_before_address, { "ip.opt.ptr.before_address", PI_PROTOCOL, PI_WARN, "Pointer points before first address", EXPFILL }},
3055 { &ei_ip_opt_ptr_middle_address, { "ip.opt.ptr.middle_address", PI_PROTOCOL, PI_WARN, "Pointer points to middle of address", EXPFILL }},
3056 { &ei_ip_subopt_too_long, { "ip.subopt_too_long", PI_PROTOCOL, PI_WARN, "Suboption would go past end of option", EXPFILL }},
3057 { &ei_ip_nop, { "ip.nop", PI_PROTOCOL, PI_WARN, "4 NOP in a row - a router may have removed some options", EXPFILL }},
3058 { &ei_ip_bogus_ip_length, { "ip.bogus_ip_length", PI_PROTOCOL, PI_ERROR, "Bogus IP length", EXPFILL }},
3059 { &ei_ip_evil_packet, { "ip.evil_packet", PI_PROTOCOL, PI_WARN, "Packet has evil intent", EXPFILL }},
3060 { &ei_ip_checksum_bad, { "ip.checksum_bad.expert", PI_CHECKSUM, PI_ERROR, "Bad checksum", EXPFILL }},
3061 { &ei_ip_ttl_lncb, { "ip.ttl.lncb", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
3062 { &ei_ip_ttl_too_small, { "ip.ttl.too_small", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
3063 { &ei_ip_cipso_tag, { "ip.cipso.malformed", PI_SEQUENCE, PI_ERROR, "Malformed CIPSO tag", EXPFILL }},
3064 { &ei_ip_bogus_ip_version, { "ip.bogus_ip_version", PI_PROTOCOL, PI_ERROR, "Bogus IP version", EXPFILL }},
3067 /* Decode As handling */
3068 static build_valid_func ip_da_build_value[1] = {ip_value};
3069 static decode_as_value_t ip_da_values = {ip_prompt, 1, ip_da_build_value};
3070 static decode_as_t ip_da = {"ip", "Network", "ip.proto", 1, 0, &ip_da_values, NULL, NULL,
3071 decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL};
3073 module_t *ip_module;
3074 expert_module_t* expert_ip;
3076 proto_ip = proto_register_protocol("Internet Protocol Version 4", "IPv4", "ip");
3077 proto_register_field_array(proto_ip, hf, array_length(hf));
3078 proto_register_subtree_array(ett, array_length(ett));
3079 expert_ip = expert_register_protocol(proto_ip);
3080 expert_register_field_array(expert_ip, ei, array_length(ei));
3082 /* subdissector code */
3083 ip_dissector_table = register_dissector_table("ip.proto", "IP protocol",
3084 proto_ip, FT_UINT8, BASE_DEC);
3085 heur_subdissector_list = register_heur_dissector_list("ip", proto_ip);
3086 register_capture_dissector_table("ip.proto", "IP protocol");
3088 /* Register configuration options */
3089 ip_module = prefs_register_protocol(proto_ip, NULL);
3090 prefs_register_bool_preference(ip_module, "decode_tos_as_diffserv",
3091 "Decode IPv4 TOS field as DiffServ field",
3092 "Whether the IPv4 type-of-service field should be decoded as a "
3093 "Differentiated Services field (see RFC2474/RFC2475)", &g_ip_dscp_actif);
3094 prefs_register_bool_preference(ip_module, "defragment",
3095 "Reassemble fragmented IPv4 datagrams",
3096 "Whether fragmented IPv4 datagrams should be reassembled", &ip_defragment);
3097 prefs_register_bool_preference(ip_module, "summary_in_tree",
3098 "Show IPv4 summary in protocol tree",
3099 "Whether the IPv4 summary line should be shown in the protocol tree",
3100 &ip_summary_in_tree);
3101 prefs_register_bool_preference(ip_module, "check_checksum",
3102 "Validate the IPv4 checksum if possible",
3103 "Whether to validate the IPv4 checksum", &ip_check_checksum);
3104 prefs_register_bool_preference(ip_module, "tso_support",
3105 "Support packet-capture from IP TSO-enabled hardware",
3106 "Whether to correct for TSO-enabled (TCP segmentation offload) hardware "
3107 "captures, such as spoofing the IP packet length", &ip_tso_supported);
3109 prefs_register_bool_preference(ip_module, "use_geoip",
3110 "Enable GeoIP lookups",
3111 "Whether to look up IP addresses in each GeoIP database we have loaded",
3113 #endif /* HAVE_GEOIP */
3114 prefs_register_bool_preference(ip_module, "security_flag" ,
3115 "Interpret Reserved flag as Security flag (RFC 3514)",
3116 "Whether to interpret the originally reserved flag as security flag",
3118 prefs_register_bool_preference(ip_module, "try_heuristic_first",
3119 "Try heuristic sub-dissectors first",
3120 "Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port",
3121 &try_heuristic_first);
3123 register_dissector("ip", dissect_ip, proto_ip);
3124 register_init_routine(ip_defragment_init);
3125 register_cleanup_routine(ip_defragment_cleanup);
3126 ip_tap = register_tap("ip");
3128 register_decode_as(&ip_da);
3129 register_conversation_table(proto_ip, TRUE, ip_conversation_packet, ip_hostlist_packet);
3130 register_conversation_filter("ip", "IPv4", ip_filter_valid, ip_build_filter);
3132 ip_cap_handle = register_capture_dissector("ip", capture_ip, proto_ip);
3136 proto_reg_handoff_ip(void)
3138 dissector_handle_t ip_handle;
3139 dissector_handle_t ipv4_handle;
3140 capture_dissector_handle_t clip_cap_handle;
3143 ip_handle = find_dissector("ip");
3144 ipv6_handle = find_dissector("ipv6");
3145 ipv4_handle = create_dissector_handle(dissect_ip_v4, proto_ip);
3147 dissector_add_uint("ethertype", ETHERTYPE_IP, ipv4_handle);
3148 dissector_add_uint("erf.types.type", ERF_TYPE_IPV4, ip_handle);
3149 dissector_add_uint("ppp.protocol", PPP_IP, ip_handle);
3150 dissector_add_uint("ppp.protocol", ETHERTYPE_IP, ip_handle);
3151 dissector_add_uint("gre.proto", ETHERTYPE_IP, ip_handle);
3152 dissector_add_uint("gre.proto", GRE_WCCP, ip_handle);
3153 dissector_add_uint("llc.dsap", SAP_IP, ip_handle);
3154 dissector_add_uint("ip.proto", IP_PROTO_IPIP, ip_handle);
3155 dissector_add_uint("null.type", BSD_AF_INET, ip_handle);
3156 dissector_add_uint("chdlc.protocol", ETHERTYPE_IP, ip_handle);
3157 dissector_add_uint("osinl.excl", NLPID_IP, ip_handle);
3158 dissector_add_uint("fr.nlpid", NLPID_IP, ip_handle);
3159 dissector_add_uint("x.25.spi", NLPID_IP, ip_handle);
3160 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1051, ip_handle);
3161 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1201, ip_handle);
3162 dissector_add_uint("ax25.pid", AX25_P_IP, ip_handle);
3163 dissector_add_uint("juniper.proto", JUNIPER_PROTO_IP, ip_handle);
3164 dissector_add_uint("juniper.proto", JUNIPER_PROTO_MPLS_IP, ip_handle);
3165 dissector_add_uint("pwach.channel_type", PW_ACH_TYPE_IPV4, ip_handle);
3166 dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_IPv4, ip_handle);
3167 dissector_add_uint("l2tp.pw_type", L2TPv3_PROTOCOL_IP, ip_handle);
3168 dissector_add_for_decode_as_with_preference("udp.port", ip_handle);
3169 dissector_add_for_decode_as("pcli.payload", ip_handle);
3170 dissector_add_uint("wtap_encap", WTAP_ENCAP_RAW_IP4, ip_handle);
3171 dissector_add_uint("enc", BSD_AF_INET, ip_handle);
3172 dissector_add_uint("vxlan.next_proto", VXLAN_IPV4, ip_handle);
3174 heur_dissector_add("tipc", dissect_ip_heur, "IP over TIPC", "ip_tipc", proto_ip, HEURISTIC_ENABLE);
3176 capture_dissector_add_uint("ethertype", ETHERTYPE_IP, ip_cap_handle);
3177 capture_dissector_add_uint("ax25.pid", AX25_P_IP, ip_cap_handle);
3178 capture_dissector_add_uint("enc", BSD_AF_INET, ip_cap_handle);
3179 capture_dissector_add_uint("ppp_hdlc", PPP_IP, ip_cap_handle);
3180 capture_dissector_add_uint("llc.dsap", SAP_IP, ip_cap_handle);
3181 capture_dissector_add_uint("null.bsd", BSD_AF_INET, ip_cap_handle);
3182 capture_dissector_add_uint("fr.nlpid", NLPID_IP, ip_cap_handle);
3184 /* Classic IP uses the same capture function, but wants its own
3185 protocol associated with it. To eliminate linking dependencies,
3187 proto_clip = proto_get_id_by_filter_name( "clip" );
3188 clip_cap_handle = register_capture_dissector("clip", capture_ip, proto_clip);
3189 capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_LINUX_ATM_CLIP, clip_cap_handle);
3193 * Editor modelines - http://www.wireshark.org/tools/modelines.html
3198 * indent-tabs-mode: nil
3201 * vi: set shiftwidth=2 tabstop=8 expandtab:
3202 * :indentSize=2:tabSize=8:noTabs=true: