2 * Routines for IP and miscellaneous IP protocol packet disassembly
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * Wednesday, January 17, 2006
11 * Support for the CIPSO IPv4 option
12 * (http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379)
13 * by Paul Moore <paul.moore@hp.com>
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include <epan/packet.h>
36 #include <epan/addr_resolv.h>
37 #include <epan/ipproto.h>
38 #include <epan/expert.h>
39 #include <epan/ip_opts.h>
40 #include <epan/prefs.h>
41 #include <epan/reassemble.h>
42 #include <epan/etypes.h>
43 #include <epan/greproto.h>
44 #include <epan/ppptypes.h>
45 #include <epan/llcsaps.h>
46 #include <epan/aftypes.h>
47 #include <epan/arcnet_pids.h>
48 #include <epan/in_cksum.h>
49 #include <epan/nlpid.h>
50 #include <epan/ax25_pids.h>
52 #include <epan/wmem/wmem.h>
53 #include <epan/decode_as.h>
55 #include "packet-ip.h"
56 #include "packet-ipsec.h"
60 #include <epan/geoip_db.h>
61 #endif /* HAVE_GEOIP */
63 void proto_register_ip(void);
64 void proto_reg_handoff_ip(void);
66 static int ip_tap = -1;
68 /* Decode the old IPv4 TOS field as the DiffServ DS Field (RFC2474/2475) */
69 static gboolean g_ip_dscp_actif = TRUE;
71 /* Defragment fragmented IP datagrams */
72 static gboolean ip_defragment = TRUE;
74 /* Place IP summary in proto tree */
75 static gboolean ip_summary_in_tree = TRUE;
77 /* Perform IP checksum */
78 static gboolean ip_check_checksum = TRUE;
80 /* Assume TSO and correct zero-length IP packets */
81 static gboolean ip_tso_supported = TRUE;
83 /* Use heuristics to determine subdissector */
84 static gboolean try_heuristic_first = FALSE;
87 /* Look up addresses in GeoIP */
88 static gboolean ip_use_geoip = TRUE;
89 #endif /* HAVE_GEOIP */
91 /* Interpret the reserved flag as security flag (RFC 3514) */
92 static gboolean ip_security_flag = FALSE;
95 static int hf_ip_version = -1;
96 static int hf_ip_hdr_len = -1;
97 static int hf_ip_dsfield = -1;
98 static int hf_ip_dsfield_dscp = -1;
99 static int hf_ip_dsfield_ecn = -1;
100 static int hf_ip_tos = -1;
101 static int hf_ip_tos_precedence = -1;
102 static int hf_ip_tos_delay = -1;
103 static int hf_ip_tos_throughput = -1;
104 static int hf_ip_tos_reliability = -1;
105 static int hf_ip_tos_cost = -1;
106 static int hf_ip_len = -1;
107 static int hf_ip_id = -1;
108 static int hf_ip_dst = -1;
109 static int hf_ip_dst_host = -1;
110 static int hf_ip_src = -1;
111 static int hf_ip_src_host = -1;
112 static int hf_ip_addr = -1;
113 static int hf_ip_host = -1;
114 static int hf_ip_flags = -1;
115 static int hf_ip_flags_sf = -1;
116 static int hf_ip_flags_rf = -1;
117 static int hf_ip_flags_df = -1;
118 static int hf_ip_flags_mf = -1;
119 static int hf_ip_frag_offset = -1;
120 static int hf_ip_ttl = -1;
121 static int hf_ip_proto = -1;
122 static int hf_ip_checksum = -1;
123 static int hf_ip_checksum_good = -1;
124 static int hf_ip_checksum_bad = -1;
126 /* IP option fields */
127 static int hf_ip_opt_type = -1;
128 static int hf_ip_opt_type_copy = -1;
129 static int hf_ip_opt_type_class = -1;
130 static int hf_ip_opt_type_number = -1;
131 static int hf_ip_opt_len = -1;
132 static int hf_ip_opt_ptr = -1;
133 static int hf_ip_opt_sid = -1;
134 static int hf_ip_opt_mtu = -1;
135 static int hf_ip_opt_id_number = -1;
136 static int hf_ip_opt_ohc = -1;
137 static int hf_ip_opt_rhc = -1;
138 static int hf_ip_opt_originator = -1;
139 static int hf_ip_opt_ra = -1;
140 static int hf_ip_opt_addr = -1;
141 static int hf_ip_opt_padding = -1;
142 static int hf_ip_opt_qs_func = -1;
143 static int hf_ip_opt_qs_rate = -1;
144 static int hf_ip_opt_qs_ttl = -1;
145 static int hf_ip_opt_qs_ttl_diff = -1;
146 static int hf_ip_opt_qs_unused = -1;
147 static int hf_ip_opt_qs_nonce = -1;
148 static int hf_ip_opt_qs_reserved = -1;
149 static int hf_ip_opt_sec_rfc791_sec = -1;
150 static int hf_ip_opt_sec_rfc791_comp = -1;
151 static int hf_ip_opt_sec_rfc791_hr = -1;
152 static int hf_ip_opt_sec_rfc791_tcc = -1;
153 static int hf_ip_opt_sec_cl = -1;
154 static int hf_ip_opt_sec_prot_auth_flags = -1;
155 static int hf_ip_opt_sec_prot_auth_genser = -1;
156 static int hf_ip_opt_sec_prot_auth_siop_esi = -1;
157 static int hf_ip_opt_sec_prot_auth_sci = -1;
158 static int hf_ip_opt_sec_prot_auth_nsa = -1;
159 static int hf_ip_opt_sec_prot_auth_doe = -1;
160 static int hf_ip_opt_sec_prot_auth_unassigned = -1;
161 static int hf_ip_opt_sec_prot_auth_unassigned2 = -1;
162 static int hf_ip_opt_sec_prot_auth_fti = -1;
163 static int hf_ip_opt_ext_sec_add_sec_info_format_code = -1;
164 static int hf_ip_opt_ext_sec_add_sec_info = -1;
165 static int hf_ip_rec_rt = -1;
166 static int hf_ip_rec_rt_host = -1;
167 static int hf_ip_cur_rt = -1;
168 static int hf_ip_cur_rt_host = -1;
169 static int hf_ip_src_rt = -1;
170 static int hf_ip_src_rt_host = -1;
171 static int hf_ip_empty_rt = -1;
172 static int hf_ip_empty_rt_host = -1;
174 static int hf_ip_fragments = -1;
175 static int hf_ip_fragment = -1;
176 static int hf_ip_fragment_overlap = -1;
177 static int hf_ip_fragment_overlap_conflict = -1;
178 static int hf_ip_fragment_multiple_tails = -1;
179 static int hf_ip_fragment_too_long_fragment = -1;
180 static int hf_ip_fragment_error = -1;
181 static int hf_ip_fragment_count = -1;
182 static int hf_ip_reassembled_in = -1;
183 static int hf_ip_reassembled_length = -1;
184 static int hf_ip_reassembled_data = -1;
187 static int hf_geoip_country = -1;
188 static int hf_geoip_city = -1;
189 static int hf_geoip_org = -1;
190 static int hf_geoip_isp = -1;
191 static int hf_geoip_asnum = -1;
192 static int hf_geoip_lat = -1;
193 static int hf_geoip_lon = -1;
194 static int hf_geoip_src_country = -1;
195 static int hf_geoip_src_city = -1;
196 static int hf_geoip_src_org = -1;
197 static int hf_geoip_src_isp = -1;
198 static int hf_geoip_src_asnum = -1;
199 static int hf_geoip_src_lat = -1;
200 static int hf_geoip_src_lon = -1;
201 static int hf_geoip_dst_country = -1;
202 static int hf_geoip_dst_city = -1;
203 static int hf_geoip_dst_org = -1;
204 static int hf_geoip_dst_isp = -1;
205 static int hf_geoip_dst_asnum = -1;
206 static int hf_geoip_dst_lat = -1;
207 static int hf_geoip_dst_lon = -1;
208 #endif /* HAVE_GEOIP */
210 static gint ett_ip = -1;
211 static gint ett_ip_dsfield = -1;
212 static gint ett_ip_tos = -1;
213 static gint ett_ip_off = -1;
214 static gint ett_ip_options = -1;
215 static gint ett_ip_option_eool = -1;
216 static gint ett_ip_option_nop = -1;
217 static gint ett_ip_option_sec = -1;
218 static gint ett_ip_option_route = -1;
219 static gint ett_ip_option_timestamp = -1;
220 static gint ett_ip_option_ext_security = -1;
221 static gint ett_ip_option_cipso = -1;
222 static gint ett_ip_option_sid = -1;
223 static gint ett_ip_option_mtu = -1;
224 static gint ett_ip_option_tr = -1;
225 static gint ett_ip_option_ra = -1;
226 static gint ett_ip_option_sdb = -1;
227 static gint ett_ip_option_qs = -1;
228 static gint ett_ip_option_other = -1;
229 static gint ett_ip_fragments = -1;
230 static gint ett_ip_fragment = -1;
231 static gint ett_ip_checksum = -1;
232 static gint ett_ip_opt_type = -1;
233 static gint ett_ip_opt_sec_prot_auth_flags = -1;
235 static expert_field ei_ip_opt_len_invalid = EI_INIT;
236 static expert_field ei_ip_opt_sec_prot_auth_fti = EI_INIT;
237 static expert_field ei_ip_extraneous_data = EI_INIT;
238 static expert_field ei_ip_opt_ptr_before_address = EI_INIT;
239 static expert_field ei_ip_opt_ptr_middle_address = EI_INIT;
240 static expert_field ei_ip_subopt_too_long = EI_INIT;
241 static expert_field ei_ip_nop = EI_INIT;
242 static expert_field ei_ip_bogus_ip_length = EI_INIT;
243 static expert_field ei_ip_evil_packet = EI_INIT;
244 static expert_field ei_ip_checksum_bad = EI_INIT;
245 static expert_field ei_ip_ttl_lncb = EI_INIT;
246 static expert_field ei_ip_ttl_too_small = EI_INIT;
250 static gint ett_geoip_info = -1;
251 #endif /* HAVE_GEOIP */
253 static const fragment_items ip_frag_items = {
258 &hf_ip_fragment_overlap,
259 &hf_ip_fragment_overlap_conflict,
260 &hf_ip_fragment_multiple_tails,
261 &hf_ip_fragment_too_long_fragment,
262 &hf_ip_fragment_error,
263 &hf_ip_fragment_count,
264 &hf_ip_reassembled_in,
265 &hf_ip_reassembled_length,
266 &hf_ip_reassembled_data,
270 static heur_dissector_list_t heur_subdissector_list;
272 static dissector_table_t ip_dissector_table;
274 static dissector_handle_t ipv6_handle;
275 static dissector_handle_t data_handle;
278 /* IP structs and definitions */
280 /* Offsets of fields within an IP header. */
292 /* Minimum IP header length. */
293 #define IPH_MIN_LEN 20
295 /* Width (in bits) of the fragment offset IP header field */
296 #define IP_OFFSET_WIDTH 13
298 /* Width (in bits) of the flags IP header field */
299 #define IP_FLAGS_WIDTH 3
302 #define IP_RF 0x8000 /* Flag: "Reserved bit" */
303 #define IP_DF 0x4000 /* Flag: "Don't Fragment" */
304 #define IP_MF 0x2000 /* Flag: "More Fragments" */
305 #define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
307 /* Differentiated Services Field. See RFCs 2474, 2597 and 2598. */
308 #define IPDSFIELD_DSCP_MASK 0xFC
309 #define IPDSFIELD_ECN_MASK 0x03
310 #define IPDSFIELD_DSCP_SHIFT 2
312 #define IPDSFIELD_DSCP(dsfield) (((dsfield)&IPDSFIELD_DSCP_MASK)>>IPDSFIELD_DSCP_SHIFT)
313 #define IPDSFIELD_ECN(dsfield) ((dsfield)&IPDSFIELD_ECN_MASK)
315 #define IPDSFIELD_DSCP_DEFAULT 0x00
316 #define IPDSFIELD_DSCP_CS1 0x08
317 #define IPDSFIELD_DSCP_AF11 0x0A
318 #define IPDSFIELD_DSCP_AF12 0x0C
319 #define IPDSFIELD_DSCP_AF13 0x0E
320 #define IPDSFIELD_DSCP_CS2 0x10
321 #define IPDSFIELD_DSCP_AF21 0x12
322 #define IPDSFIELD_DSCP_AF22 0x14
323 #define IPDSFIELD_DSCP_AF23 0x16
324 #define IPDSFIELD_DSCP_CS3 0x18
325 #define IPDSFIELD_DSCP_AF31 0x1A
326 #define IPDSFIELD_DSCP_AF32 0x1C
327 #define IPDSFIELD_DSCP_AF33 0x1E
328 #define IPDSFIELD_DSCP_CS4 0x20
329 #define IPDSFIELD_DSCP_AF41 0x22
330 #define IPDSFIELD_DSCP_AF42 0x24
331 #define IPDSFIELD_DSCP_AF43 0x26
332 #define IPDSFIELD_DSCP_CS5 0x28
333 #define IPDSFIELD_DSCP_EF 0x2E
334 #define IPDSFIELD_DSCP_CS6 0x30
335 #define IPDSFIELD_DSCP_CS7 0x38
337 #define IPDSFIELD_ECT_NOT 0x00
338 #define IPDSFIELD_ECT_1 0x01
339 #define IPDSFIELD_ECT_0 0x02
340 #define IPDSFIELD_CE 0x03
342 /* IP TOS, superseded by the DS Field, RFC 2474. */
343 #define IPTOS_TOS_MASK 0x1E
344 #define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
345 #define IPTOS_NONE 0x00
346 #define IPTOS_LOWCOST 0x02
347 #define IPTOS_RELIABILITY 0x04
348 #define IPTOS_THROUGHPUT 0x08
349 #define IPTOS_LOWDELAY 0x10
350 #define IPTOS_SECURITY 0x1E
352 #define IPTOS_PREC_MASK 0xE0
353 #define IPTOS_PREC_SHIFT 5
354 #define IPTOS_PREC(tos) (((tos)&IPTOS_PREC_MASK)>>IPTOS_PREC_SHIFT)
355 #define IPTOS_PREC_NETCONTROL 7
356 #define IPTOS_PREC_INTERNETCONTROL 6
357 #define IPTOS_PREC_CRITIC_ECP 5
358 #define IPTOS_PREC_FLASHOVERRIDE 4
359 #define IPTOS_PREC_FLASH 3
360 #define IPTOS_PREC_IMMEDIATE 2
361 #define IPTOS_PREC_PRIORITY 1
362 #define IPTOS_PREC_ROUTINE 0
365 #define IPOPT_COPY 0x80
367 #define IPOPT_CONTROL 0x00
368 #define IPOPT_RESERVED1 0x20
369 #define IPOPT_MEASUREMENT 0x40
370 #define IPOPT_RESERVED2 0x60
372 /* REF: http://www.iana.org/assignments/ip-parameters */
373 /* TODO: Not all of these are implemented. */
374 #define IPOPT_EOOL (0 |IPOPT_CONTROL)
375 #define IPOPT_NOP (1 |IPOPT_CONTROL)
376 #define IPOPT_SEC (2 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 791/1108 */
377 #define IPOPT_LSR (3 |IPOPT_COPY|IPOPT_CONTROL)
378 #define IPOPT_TS (4 |IPOPT_MEASUREMENT)
379 #define IPOPT_ESEC (5 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 1108 */
380 #define IPOPT_CIPSO (6 |IPOPT_COPY|IPOPT_CONTROL) /* draft-ietf-cipso-ipsecurity-01 */
381 #define IPOPT_RR (7 |IPOPT_CONTROL)
382 #define IPOPT_SID (8 |IPOPT_COPY|IPOPT_CONTROL)
383 #define IPOPT_SSR (9 |IPOPT_COPY|IPOPT_CONTROL)
384 #define IPOPT_ZSU (10|IPOPT_CONTROL) /* Zsu */
385 #define IPOPT_MTUP (11|IPOPT_CONTROL) /* RFC 1063 */
386 #define IPOPT_MTUR (12|IPOPT_CONTROL) /* RFC 1063 */
387 #define IPOPT_FINN (13|IPOPT_COPY|IPOPT_MEASUREMENT) /* Finn */
388 #define IPOPT_VISA (14|IPOPT_COPY|IPOPT_CONTROL) /* Estrin */
389 #define IPOPT_ENCODE (15|IPOPT_CONTROL) /* VerSteeg */
390 #define IPOPT_IMITD (16|IPOPT_COPY|IPOPT_CONTROL) /* Lee */
391 #define IPOPT_EIP (17|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1385 */
392 #define IPOPT_TR (18|IPOPT_MEASUREMENT) /* RFC 1393 */
393 #define IPOPT_ADDEXT (19|IPOPT_COPY|IPOPT_CONTROL) /* Ullmann IPv7 */
394 #define IPOPT_RTRALT (20|IPOPT_COPY|IPOPT_CONTROL) /* RFC 2113 */
395 #define IPOPT_SDB (21|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1770 Graff */
396 #define IPOPT_UN (22|IPOPT_COPY|IPOPT_CONTROL) /* Released 18-Oct-2005 */
397 #define IPOPT_DPS (23|IPOPT_COPY|IPOPT_CONTROL) /* Malis */
398 #define IPOPT_UMP (24|IPOPT_COPY|IPOPT_CONTROL) /* Farinacci */
399 #define IPOPT_QS (25|IPOPT_CONTROL) /* RFC 4782 */
400 #define IPOPT_EXP (30|IPOPT_CONTROL) /* RFC 4727 */
403 /* IP option lengths */
404 #define IPOLEN_SEC_MIN 3
405 #define IPOLEN_LSR_MIN 3
406 #define IPOLEN_TS_MIN 4
407 #define IPOLEN_ESEC_MIN 3
408 #define IPOLEN_CIPSO_MIN 10
409 #define IPOLEN_RR_MIN 3
411 #define IPOLEN_SSR_MIN 3
415 #define IPOLEN_SDB_MIN 6
417 #define IPOLEN_MAX 40
419 #define IPSEC_RFC791_UNCLASSIFIED 0x0000
420 #define IPSEC_RFC791_CONFIDENTIAL 0xF135
421 #define IPSEC_RFC791_EFTO 0x789A
422 #define IPSEC_RFC791_MMMM 0xBC4D
423 #define IPSEC_RFC791_PROG 0x5E26
424 #define IPSEC_RFC791_RESTRICTED 0xAF13
425 #define IPSEC_RFC791_SECRET 0xD788
426 #define IPSEC_RFC791_TOPSECRET 0x6BC5
427 #define IPSEC_RFC791_RESERVED1 0x35E2
428 #define IPSEC_RFC791_RESERVED2 0x9AF1
429 #define IPSEC_RFC791_RESERVED3 0x4D78
430 #define IPSEC_RFC791_RESERVED4 0x24BD
431 #define IPSEC_RFC791_RESERVED5 0x135E
432 #define IPSEC_RFC791_RESERVED6 0x89AF
433 #define IPSEC_RFC791_RESERVED7 0xC4D6
434 #define IPSEC_RFC791_RESERVED8 0xE26B
436 #define IPSEC_RESERVED4 0x01
437 #define IPSEC_TOPSECRET 0x3D
438 #define IPSEC_SECRET 0x5A
439 #define IPSEC_CONFIDENTIAL 0x96
440 #define IPSEC_RESERVED3 0x66
441 #define IPSEC_RESERVED2 0xCC
442 #define IPSEC_UNCLASSIFIED 0xAB
443 #define IPSEC_RESERVED1 0xF1
445 #define IPOPT_TS_TSONLY 0 /* timestamps only */
446 #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
447 #define IPOPT_TS_PRESPEC 3 /* specified modules only */
449 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR 0xE0000012
450 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL 0xFF
451 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR 0xE0000066
452 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL 0XFF
453 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR 0xE00000FB
454 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL 0XFF
455 #define IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR 0xE00000FC
457 #define IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL 0x1000 /* larger than max ttl */
458 #define IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL 0X01
460 /* Return true if the address is in the 224.0.0.0/24 network block */
461 #define is_a_local_network_control_block_addr(addr) \
462 ((addr & 0xffffff00) == 0xe0000000)
464 /* Return true if the address is in the 224.0.0.0/4 network block */
465 #define is_a_multicast_addr(addr) \
466 ((addr & 0xf0000000) == 0xe0000000)
468 static void ip_prompt(packet_info *pinfo, gchar* result)
470 g_snprintf(result, MAX_DECODE_AS_PROMPT_LEN, "IP protocol %u as", pinfo->ipproto);
473 static gpointer ip_value(packet_info *pinfo)
475 return GUINT_TO_POINTER(pinfo->ipproto);
480 * defragmentation of IPv4
482 static reassembly_table ip_reassembly_table;
485 ip_defragment_init(void)
487 reassembly_table_init(&ip_reassembly_table,
488 &addresses_reassembly_table_functions);
492 capture_ip(const guchar *pd, int offset, int len, packet_counts *ld) {
493 if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN)) {
497 switch (pd[offset + 9]) {
502 case IP_PROTO_UDPLITE:
506 case IP_PROTO_ICMPV6: /* XXX - separate counters? */
528 add_geoip_info_entry(proto_item *geoip_info_item, tvbuff_t *tvb, gint offset, guint32 ip, int isdst)
530 proto_tree *geoip_info_tree;
532 guint num_dbs = geoip_db_num_dbs();
536 geoip_info_tree = proto_item_add_subtree(geoip_info_item, ett_geoip_info);
538 for (dbnum = 0; dbnum < num_dbs; dbnum++) {
539 const char *geoip_str = geoip_db_lookup_ipv4(dbnum, ip, NULL);
540 int db_type = geoip_db_type(dbnum);
542 int geoip_hf, geoip_local_hf;
545 case GEOIP_COUNTRY_EDITION:
546 geoip_hf = hf_geoip_country;
547 geoip_local_hf = (isdst) ? hf_geoip_dst_country : hf_geoip_src_country;
549 case GEOIP_CITY_EDITION_REV0:
550 geoip_hf = hf_geoip_city;
551 geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
553 case GEOIP_CITY_EDITION_REV1:
554 geoip_hf = hf_geoip_city;
555 geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
557 case GEOIP_ORG_EDITION:
558 geoip_hf = hf_geoip_org;
559 geoip_local_hf = (isdst) ? hf_geoip_dst_org : hf_geoip_src_org;
561 case GEOIP_ISP_EDITION:
562 geoip_hf = hf_geoip_isp;
563 geoip_local_hf = (isdst) ? hf_geoip_dst_isp : hf_geoip_src_isp;
565 case GEOIP_ASNUM_EDITION:
566 geoip_hf = hf_geoip_asnum;
567 geoip_local_hf = (isdst) ? hf_geoip_dst_asnum : hf_geoip_src_asnum;
569 case WS_LAT_FAKE_EDITION:
570 geoip_hf = hf_geoip_lat;
571 geoip_local_hf = (isdst) ? hf_geoip_dst_lat : hf_geoip_src_lat;
573 case WS_LON_FAKE_EDITION:
574 geoip_hf = hf_geoip_lon;
575 geoip_local_hf = (isdst) ? hf_geoip_dst_lon : hf_geoip_src_lon;
584 if (db_type == WS_LAT_FAKE_EDITION || db_type == WS_LON_FAKE_EDITION) {
585 /* Convert latitude, longitude to double. Fix bug #5077 */
586 item = proto_tree_add_double_format_value(geoip_info_tree, geoip_local_hf,
587 tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
588 PROTO_ITEM_SET_GENERATED(item);
589 item = proto_tree_add_double_format_value(geoip_info_tree, geoip_hf,
590 tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
591 PROTO_ITEM_SET_GENERATED(item);
592 PROTO_ITEM_SET_HIDDEN(item);
594 item = proto_tree_add_string(geoip_info_tree, geoip_local_hf,
595 tvb, offset, 4, geoip_str);
596 PROTO_ITEM_SET_GENERATED(item);
597 item = proto_tree_add_string(geoip_info_tree, geoip_hf,
598 tvb, offset, 4, geoip_str);
599 PROTO_ITEM_SET_GENERATED(item);
600 PROTO_ITEM_SET_HIDDEN(item);
604 proto_item_append_text(geoip_info_item, "%s%s",
605 plurality(item_cnt, "", ", "), geoip_str);
610 proto_item_append_text(geoip_info_item, "Unknown");
614 add_geoip_info(proto_tree *tree, tvbuff_t *tvb, gint offset, guint32 src32,
618 proto_item *geoip_info_item;
620 num_dbs = geoip_db_num_dbs();
624 geoip_info_item = proto_tree_add_text(tree, tvb, offset + IPH_SRC, 4, "Source GeoIP: ");
625 PROTO_ITEM_SET_GENERATED(geoip_info_item);
626 add_geoip_info_entry(geoip_info_item, tvb, offset + IPH_SRC, src32, 0);
628 geoip_info_item = proto_tree_add_text(tree, tvb, offset + IPH_DST, 4,
629 "Destination GeoIP: ");
630 PROTO_ITEM_SET_GENERATED(geoip_info_item);
631 add_geoip_info_entry(geoip_info_item, tvb, offset + IPH_DST, dst32, 1);
633 #endif /* HAVE_GEOIP */
635 const value_string ipopt_type_class_vals[] = {
636 {(IPOPT_CONTROL & IPOPT_CLASS_MASK) >> 5, "Control"},
637 {(IPOPT_RESERVED1 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
638 {(IPOPT_MEASUREMENT & IPOPT_CLASS_MASK) >> 5, "Debugging and measurement"},
639 {(IPOPT_RESERVED2 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
643 const value_string ipopt_type_number_vals[] = {
644 {IPOPT_EOOL & IPOPT_NUMBER_MASK, "End of Option List (EOL)"},
645 {IPOPT_NOP & IPOPT_NUMBER_MASK, "No-Operation (NOP)"},
646 {IPOPT_SEC & IPOPT_NUMBER_MASK, "Security"},
647 {IPOPT_LSR & IPOPT_NUMBER_MASK, "Loose source route"},
648 {IPOPT_TS & IPOPT_NUMBER_MASK, "Time stamp"},
649 {IPOPT_ESEC & IPOPT_NUMBER_MASK, "Extended security"},
650 {IPOPT_CIPSO & IPOPT_NUMBER_MASK, "Commercial IP security option"},
651 {IPOPT_RR & IPOPT_NUMBER_MASK, "Record route"},
652 {IPOPT_SID & IPOPT_NUMBER_MASK, "Stream identifier"},
653 {IPOPT_SSR & IPOPT_NUMBER_MASK, "Strict source route"},
654 {IPOPT_ZSU & IPOPT_NUMBER_MASK, "Experimental Measurement"},
655 {IPOPT_MTUP & IPOPT_NUMBER_MASK, "MTU probe"},
656 {IPOPT_MTUR & IPOPT_NUMBER_MASK, "MTU Reply"},
657 {IPOPT_FINN & IPOPT_NUMBER_MASK, "Experimental Flow Control"},
658 {IPOPT_VISA & IPOPT_NUMBER_MASK, "Experimental Access Control"},
659 {IPOPT_ENCODE & IPOPT_NUMBER_MASK, "Ask Estrin"},
660 {IPOPT_IMITD & IPOPT_NUMBER_MASK, "IMI Traffic Descriptor"},
661 {IPOPT_EIP & IPOPT_NUMBER_MASK, "Extended Internet Protocol"},
662 {IPOPT_TR & IPOPT_NUMBER_MASK, "Traceroute"},
663 {IPOPT_ADDEXT & IPOPT_NUMBER_MASK, "Address Extension"},
664 {IPOPT_RTRALT & IPOPT_NUMBER_MASK, "Router Alert"},
665 {IPOPT_SDB & IPOPT_NUMBER_MASK, "Selective Directed Broadcast"},
666 {IPOPT_UN & IPOPT_NUMBER_MASK, "Unassigned"},
667 {IPOPT_DPS & IPOPT_NUMBER_MASK, "Dynamic Packet State"},
668 {IPOPT_UMP & IPOPT_NUMBER_MASK, "Upstream Multicast Packet"},
669 {IPOPT_QS & IPOPT_NUMBER_MASK, "Quick-Start"},
670 {IPOPT_EXP & IPOPT_NUMBER_MASK, "RFC 3692-style experiment"},
674 static ip_tcp_opt_type IP_OPT_TYPES = {&hf_ip_opt_type, &ett_ip_opt_type,
675 &hf_ip_opt_type_copy, &hf_ip_opt_type_class, &hf_ip_opt_type_number};
678 dissect_ipopt_type(tvbuff_t *tvb, int offset, proto_tree *tree, ip_tcp_opt_type* opttypes)
680 proto_tree *type_tree;
683 ti = proto_tree_add_item(tree, *opttypes->phf_opt_type, tvb, offset, 1, ENC_NA);
684 type_tree = proto_item_add_subtree(ti, *opttypes->pett_opt_type);
685 proto_tree_add_item(type_tree, *opttypes->phf_opt_type_copy, tvb, offset, 1, ENC_NA);
686 proto_tree_add_item(type_tree, *opttypes->phf_opt_type_class, tvb, offset, 1, ENC_NA);
687 proto_tree_add_item(type_tree, *opttypes->phf_opt_type_number, tvb, offset, 1, ENC_NA);
691 dissect_ipopt_eool(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
692 guint optlen _U_, packet_info *pinfo _U_,
693 proto_tree *opt_tree, void * data _U_)
695 proto_tree *field_tree;
698 tf = proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", optp->name);
699 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
700 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
703 #define dissect_ipopt_nop dissect_ipopt_eool
705 static const value_string secl_rfc791_vals[] = {
706 {IPSEC_RFC791_UNCLASSIFIED, "Unclassified"},
707 {IPSEC_RFC791_CONFIDENTIAL, "Confidential"},
708 {IPSEC_RFC791_EFTO, "EFTO" },
709 {IPSEC_RFC791_MMMM, "MMMM" },
710 {IPSEC_RFC791_PROG, "PROG" },
711 {IPSEC_RFC791_RESTRICTED, "Restricted" },
712 {IPSEC_RFC791_SECRET, "Secret" },
713 {IPSEC_RFC791_TOPSECRET, "Top secret" },
714 {IPSEC_RFC791_RESERVED1, "Reserved" },
715 {IPSEC_RFC791_RESERVED2, "Reserved" },
716 {IPSEC_RFC791_RESERVED3, "Reserved" },
717 {IPSEC_RFC791_RESERVED4, "Reserved" },
718 {IPSEC_RFC791_RESERVED5, "Reserved" },
719 {IPSEC_RFC791_RESERVED6, "Reserved" },
720 {IPSEC_RFC791_RESERVED7, "Reserved" },
721 {IPSEC_RFC791_RESERVED8, "Reserved" },
725 static const value_string sec_cl_vals[] = {
726 {IPSEC_RESERVED4, "Reserved 4" },
727 {IPSEC_TOPSECRET, "Top secret" },
728 {IPSEC_SECRET, "Secret" },
729 {IPSEC_CONFIDENTIAL, "Confidential"},
730 {IPSEC_RESERVED3, "Reserved 3" },
731 {IPSEC_RESERVED2, "Reserved 2" },
732 {IPSEC_UNCLASSIFIED, "Unclassified"},
733 {IPSEC_RESERVED1, "Reserved 1" },
737 static const true_false_string ip_opt_sec_prot_auth_flag_tfs = {
738 "Datagram protected in accordance with its rules",
739 "Datagram not protected in accordance with its rules"
742 static const true_false_string ip_opt_sec_prot_auth_fti_tfs = {
743 "Additional octet present",
747 static const int *ip_opt_sec_prot_auth_fields_byte_1[] = {
748 &hf_ip_opt_sec_prot_auth_genser,
749 &hf_ip_opt_sec_prot_auth_siop_esi,
750 &hf_ip_opt_sec_prot_auth_sci,
751 &hf_ip_opt_sec_prot_auth_nsa,
752 &hf_ip_opt_sec_prot_auth_doe,
753 &hf_ip_opt_sec_prot_auth_unassigned,
754 &hf_ip_opt_sec_prot_auth_fti,
758 static const int *ip_opt_sec_prot_auth_fields_byte_n[] = {
759 &hf_ip_opt_sec_prot_auth_unassigned2,
760 &hf_ip_opt_sec_prot_auth_fti,
764 dissect_ipopt_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
765 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
768 proto_tree *field_tree;
772 guint curr_offset = offset;
774 tf = proto_tree_add_text(opt_tree, tvb, curr_offset, optlen, "%s (%u bytes)",
776 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
777 dissect_ipopt_type(tvb, curr_offset, field_tree, &IP_OPT_TYPES);
779 tf_sub = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, curr_offset, 1, ENC_NA);
780 if (optlen > IPOLEN_MAX)
781 expert_add_info(pinfo, tf_sub, &ei_ip_opt_len_invalid);
785 /* Analyze payload start to decide whether it should be dissected
786 according to RFC 791 or RFC 1108 */
787 val = tvb_get_ntohs(tvb, curr_offset);
788 if (try_val_to_str(val, secl_rfc791_vals)) {
789 /* Dissect as RFC 791 */
790 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_sec,
791 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
793 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_comp,
794 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
796 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_hr,
797 tvb, curr_offset, 2, ENC_ASCII|ENC_NA);
799 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_tcc,
800 tvb, curr_offset, 3, ENC_ASCII|ENC_NA);
805 /* Dissect as RFC 108 */
806 proto_tree_add_item(field_tree, hf_ip_opt_sec_cl, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
808 if ((curr_offset - offset) >= optlen) {
811 val = tvb_get_guint8(tvb, curr_offset);
812 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
813 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_1,
817 if ((val & 0x01) && ((curr_offset - offset) == optlen)) {
818 expert_add_info(pinfo, tf_sub, &ei_ip_opt_sec_prot_auth_fti);
821 val = tvb_get_guint8(tvb, curr_offset);
822 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
823 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_n,
827 if ((curr_offset - offset) < optlen) {
828 expert_add_info(pinfo, tf, &ei_ip_extraneous_data);
833 dissect_ipopt_ext_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
834 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
837 proto_tree *field_tree;
840 guint curr_offset = offset;
843 tf = proto_tree_add_text(opt_tree, tvb, curr_offset, optlen, "%s (%u bytes)",
845 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
846 dissect_ipopt_type(tvb, curr_offset, field_tree, &IP_OPT_TYPES);
848 tf_sub = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, curr_offset, 1, ENC_NA);
849 if (optlen > IPOLEN_MAX)
850 expert_add_info(pinfo, tf_sub, &ei_ip_opt_len_invalid);
852 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info_format_code, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
854 remaining = optlen - (curr_offset - offset);
856 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info, tvb, curr_offset, remaining, ENC_NA);
860 /* USHRT_MAX can hold at most 5 (base 10) digits (6 for the NULL byte) */
861 #define USHRT_MAX_STRLEN 6
863 /* Maximum CIPSO tag length:
864 * (IP hdr max)60 - (IPv4 hdr std)20 - (CIPSO base)6 = 34 */
865 #define CIPSO_TAG_LEN_MAX 34
867 /* The Commercial IP Security Option (CIPSO) is defined in IETF draft
868 * draft-ietf-cipso-ipsecurity-01.txt and FIPS 188, a copy of both documents
869 * can be found at the NetLabel project page, http://netlabel.sf.net or at
870 * http://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01 */
872 dissect_ipopt_cipso(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
873 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
876 proto_tree *field_tree;
878 guint tagtype, taglen;
879 int offset_max = offset + optlen;
881 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
883 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
884 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
885 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
886 if (optlen > IPOLEN_MAX)
887 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
891 proto_tree_add_text(field_tree, tvb, offset, 4, "DOI: %u",
892 tvb_get_ntohl(tvb, offset));
895 /* loop through all of the tags in the CIPSO option */
896 while (offset < offset_max) {
897 tagtype = tvb_get_guint8(tvb, offset);
899 if ((offset + 1) < offset_max)
900 taglen = tvb_get_guint8(tvb, offset + 1);
906 /* padding - skip this tag */
910 /* restrictive bitmap, see CIPSO draft section 3.4.2 for tag format */
911 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
912 ((offset + (int)taglen - 1) > offset_max)) {
913 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
914 "Malformed CIPSO tag");
918 proto_tree_add_text(field_tree, tvb, offset, 1,
919 "Tag Type: Restrictive Category Bitmap (%u)",
922 /* skip past alignment octet */
925 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
926 tvb_get_guint8(tvb, offset));
932 unsigned char bitmask;
934 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN);
936 const guint8 *val_ptr = tvb_get_ptr(tvb, offset, taglen - 4);
938 /* this is just a guess regarding string size, but we grow it below
941 cat_str = (char *)wmem_alloc0(wmem_packet_scope(), cat_str_len);
943 /* we checked the length above so the highest category value
944 * possible here is 240 */
945 while (byte_spot < (taglen - 4)) {
948 while (bit_spot < 8) {
949 if (val_ptr[byte_spot] & bitmask) {
950 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
951 byte_spot * 8 + bit_spot);
952 if (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN)) {
955 while (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN))
956 cat_str_len += cat_str_len;
957 cat_str_new = (char *)wmem_alloc(wmem_packet_scope(), cat_str_len);
958 g_strlcpy(cat_str_new, cat_str, cat_str_len);
959 cat_str_new[cat_str_len - 1] = '\0';
960 cat_str = cat_str_new;
962 if (cat_str[0] != '\0')
963 g_strlcat(cat_str, ",", cat_str_len);
964 g_strlcat(cat_str, cat_str_tmp, cat_str_len);
973 proto_tree_add_text(field_tree, tvb, offset, taglen - 4,
974 "Categories: %s", cat_str);
976 proto_tree_add_text(field_tree, tvb, offset, taglen - 4,
977 "Categories: ERROR PARSING CATEGORIES");
978 offset += taglen - 4;
982 /* enumerated categories, see CIPSO draft section 3.4.3 for tag format */
983 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
984 ((offset + (int)taglen - 1) > offset_max)) {
985 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
986 "Malformed CIPSO tag");
990 proto_tree_add_text(field_tree, tvb, offset, 1,
991 "Tag Type: Enumerated Categories (%u)", tagtype);
993 /* skip past alignment octet */
996 /* sensitivity level */
997 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
998 tvb_get_guint8(tvb, offset));
1002 int offset_max_cat = offset + taglen - 4;
1003 char *cat_str = (char *)wmem_alloc0(wmem_packet_scope(), USHRT_MAX_STRLEN * 15);
1004 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN);
1006 while ((offset + 2) <= offset_max_cat) {
1007 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
1008 tvb_get_ntohs(tvb, offset));
1010 if (cat_str[0] != '\0')
1011 g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 15);
1012 g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 15);
1015 proto_tree_add_text(field_tree, tvb, offset - taglen + 4, taglen - 4,
1016 "Categories: %s", cat_str);
1020 /* ranged categories, see CIPSO draft section 3.4.4 for tag format */
1021 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1022 ((offset + (int)taglen - 1) > offset_max)) {
1023 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
1024 "Malformed CIPSO tag");
1028 proto_tree_add_text(field_tree, tvb, offset, 1,
1029 "Tag Type: Ranged Categories (%u)", tagtype);
1031 /* skip past alignment octet */
1034 /* sensitivity level */
1035 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
1036 tvb_get_guint8(tvb, offset));
1040 guint16 cat_low, cat_high;
1041 int offset_max_cat = offset + taglen - 4;
1042 char *cat_str = (char *)wmem_alloc0(wmem_packet_scope(), USHRT_MAX_STRLEN * 16);
1043 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN * 2);
1045 while ((offset + 2) <= offset_max_cat) {
1046 cat_high = tvb_get_ntohs(tvb, offset);
1047 if ((offset + 4) <= offset_max_cat) {
1048 cat_low = tvb_get_ntohs(tvb, offset + 2);
1054 if (cat_low != cat_high)
1055 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u-%u",
1058 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u", cat_high);
1060 if (cat_str[0] != '\0')
1061 g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 16);
1062 g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 16);
1065 proto_tree_add_text(field_tree, tvb, offset - taglen + 4, taglen - 4,
1066 "Categories: %s", cat_str);
1070 /* permissive categories, see FIPS 188 section 6.9 for tag format */
1071 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1072 ((offset + (int)taglen - 1) > offset_max)) {
1073 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
1074 "Malformed CIPSO tag");
1078 proto_tree_add_text(field_tree, tvb, offset, 1,
1079 "Tag Type: Permissive Categories (%u)", tagtype);
1080 proto_tree_add_text(field_tree, tvb, offset + 2, taglen - 2, "Tag data");
1084 /* free form, see FIPS 188 section 6.10 for tag format */
1085 if ((taglen < 2) || (taglen > CIPSO_TAG_LEN_MAX) ||
1086 ((offset + (int)taglen - 1) > offset_max)) {
1087 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
1088 "Malformed CIPSO tag");
1092 proto_tree_add_text(field_tree, tvb, offset, 1,
1093 "Tag Type: Free Form (%u)", tagtype);
1094 proto_tree_add_text(field_tree, tvb, offset + 2, taglen - 2, "Tag data");
1098 /* unknown tag - stop parsing this IPv4 option */
1099 if ((offset + 1) <= offset_max) {
1100 taglen = tvb_get_guint8(tvb, offset + 1);
1101 proto_tree_add_text(field_tree, tvb, offset, 1,
1102 "Tag Type: Unknown (%u) (%u bytes)",
1106 proto_tree_add_text(field_tree, tvb, offset, 1,
1107 "Tag Type: Unknown (%u) (invalid format)", tagtype);
1114 dissect_option_route(proto_tree *tree, tvbuff_t *tvb, int offset, int hf,
1115 int hf_host, gboolean next)
1120 route = tvb_get_ipv4(tvb, offset);
1122 proto_tree_add_ipv4_format_value(tree, hf, tvb, offset, 4, route,
1124 ip_to_str((gchar *)&route));
1126 proto_tree_add_ipv4(tree, hf, tvb, offset, 4, route);
1127 ti = proto_tree_add_string(tree, hf_host, tvb, offset, 4, get_hostname(route));
1128 PROTO_ITEM_SET_GENERATED(ti);
1129 PROTO_ITEM_SET_HIDDEN(ti);
1133 dissect_ipopt_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1134 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1137 proto_tree *field_tree;
1142 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1143 optp->name, optlen);
1144 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1145 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1146 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1147 if (optlen > IPOLEN_MAX)
1148 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1149 ptr = tvb_get_guint8(tvb, offset + 2);
1150 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1151 if ((ptr < (optp->optlen + 1)) || (ptr & 3)) {
1152 if (ptr < (optp->optlen + 1)) {
1153 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_before_address);
1156 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_middle_address);
1162 optoffset = 3; /* skip past type, length and pointer */
1163 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1165 expert_add_info(pinfo, tf, &ei_ip_subopt_too_long);
1170 /* This is a recorded route */
1171 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1172 hf_ip_rec_rt_host, FALSE);
1173 } else if (optoffset == (len - 4)) {
1174 /* This is the the destination */
1177 const char *dst_host;
1179 addr = tvb_get_ipv4(tvb, offset + optoffset);
1180 dst_host = get_hostname(addr);
1181 proto_tree_add_ipv4(field_tree, hf_ip_dst, tvb,
1182 offset + optoffset, 4, addr);
1183 item = proto_tree_add_ipv4(field_tree, hf_ip_addr, tvb,
1184 offset + optoffset, 4, addr);
1185 PROTO_ITEM_SET_HIDDEN(item);
1186 item = proto_tree_add_string(field_tree, hf_ip_dst_host, tvb,
1187 offset + optoffset, 4, dst_host);
1188 PROTO_ITEM_SET_GENERATED(item);
1189 PROTO_ITEM_SET_HIDDEN(item);
1190 item = proto_tree_add_string(field_tree, hf_ip_host, tvb,
1191 offset + optoffset, 4, dst_host);
1192 PROTO_ITEM_SET_GENERATED(item);
1193 PROTO_ITEM_SET_HIDDEN(item);
1194 } else if ((optoffset + 1) < ptr) {
1195 /* This is also a recorded route */
1196 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1197 hf_ip_rec_rt_host, FALSE);
1198 } else if ((optoffset + 1) == ptr) {
1199 /* This is the next source route. TODO: Should we use separate hf's
1200 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1201 * having to pass TRUE/FALSE to dissect_option_route()? */
1202 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1203 hf_ip_src_rt_host, TRUE);
1205 /* This must be a source route */
1206 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1207 hf_ip_src_rt_host, FALSE);
1213 dissect_ipopt_record_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1214 guint optlen, packet_info *pinfo,
1215 proto_tree *opt_tree, void * data _U_)
1217 proto_tree *field_tree;
1222 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1223 optp->name, optlen);
1224 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1225 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1226 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1227 if (optlen > IPOLEN_MAX)
1228 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1229 ptr = tvb_get_guint8(tvb, offset + 2);
1230 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1232 if ((ptr < (optp->optlen + 1)) || (ptr & 3)) {
1233 if (ptr < (optp->optlen + 1)) {
1234 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_before_address);
1237 expert_add_info(pinfo, tf, &ei_ip_opt_ptr_middle_address);
1243 optoffset = 3; /* skip past type, length and pointer */
1244 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1246 expert_add_info(pinfo, tf, &ei_ip_subopt_too_long);
1251 /* The recorded route data area is full. */
1252 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1253 hf_ip_rec_rt_host, FALSE);
1254 } else if ((optoffset + 1) < ptr) {
1255 /* This is a recorded route */
1256 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1257 hf_ip_rec_rt_host, FALSE);
1258 } else if ((optoffset + 1) == ptr) {
1259 /* This is the next available slot. TODO: Should we use separate hf's
1260 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1261 * having to pass TRUE/FALSE to dissect_option_route()? */
1262 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1263 hf_ip_empty_rt_host, TRUE);
1265 /* This must be an available slot too. */
1266 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1267 hf_ip_empty_rt_host, FALSE);
1272 /* Stream Identifier */
1274 dissect_ipopt_sid(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1275 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1278 proto_tree *field_tree;
1281 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes): %u",
1282 optp->name, optlen, tvb_get_ntohs(tvb, offset + 2));
1283 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1284 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1285 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1286 if (optlen != (guint)optp->optlen)
1287 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1288 proto_tree_add_item(field_tree, hf_ip_opt_sid, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1291 /* RFC 1063: MTU Probe and MTU Reply */
1293 dissect_ipopt_mtu(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1294 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1297 proto_tree *field_tree;
1300 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes): %u",
1301 optp->name, optlen, tvb_get_ntohs(tvb, offset + 2));
1302 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1303 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1304 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1305 if (optlen != (guint)optp->optlen)
1306 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1307 proto_tree_add_item(field_tree, hf_ip_opt_mtu, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1310 /* RFC 1393: Traceroute */
1312 dissect_ipopt_tr(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1313 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1316 proto_tree *field_tree;
1319 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1320 optp->name, optlen);
1321 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1322 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1323 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1324 if (optlen != (guint)optp->optlen)
1325 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1327 proto_tree_add_item(field_tree, hf_ip_opt_id_number, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1328 proto_tree_add_item(field_tree, hf_ip_opt_ohc, tvb, offset + 4, 2, ENC_BIG_ENDIAN);
1329 proto_tree_add_item(field_tree, hf_ip_opt_rhc, tvb, offset + 6, 2, ENC_BIG_ENDIAN);
1330 proto_tree_add_item(field_tree, hf_ip_opt_originator, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
1334 dissect_ipopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb,
1335 int offset, guint optlen, packet_info *pinfo,
1336 proto_tree *opt_tree, void * data _U_)
1338 proto_tree *field_tree;
1343 static const value_string flag_vals[] = {
1344 {IPOPT_TS_TSONLY, "Time stamps only" },
1345 {IPOPT_TS_TSANDADDR, "Time stamp and address" },
1346 {IPOPT_TS_PRESPEC, "Time stamps for prespecified addresses"},
1351 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1352 optp->name, optlen);
1353 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1354 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1355 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1356 if (optlen > IPOLEN_MAX)
1357 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1358 optoffset += 2; /* skip past type and length */
1359 optlen -= 2; /* subtract size of type and length */
1361 ptr = tvb_get_guint8(tvb, offset + optoffset);
1362 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Pointer: %d%s",
1363 ptr, ((ptr == 1) ? " (header is full)" :
1364 (ptr < 5) ? " (points before first address)" :
1365 (((ptr - 1) & 3) ? " (points to middle of field)" : "")));
1368 ptr--; /* ptr is 1-origin */
1370 flg = tvb_get_guint8(tvb, offset + optoffset);
1371 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Overflow: %u",
1374 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Flag: %s",
1375 val_to_str(flg, flag_vals, "Unknown (0x%x)"));
1379 while (optlen > 0) {
1380 if (flg == IPOPT_TS_TSANDADDR || flg == IPOPT_TS_PRESPEC) {
1382 proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
1383 "(suboption would go past end of option)");
1386 addr = tvb_get_ipv4(tvb, offset + optoffset);
1387 ts = tvb_get_ntohl(tvb, offset + optoffset + 4);
1389 proto_tree_add_text(field_tree, tvb, offset + optoffset, 8,
1390 "Address = %s, time stamp = %u",
1391 ((addr == 0) ? "-" :
1392 get_hostname(addr)), ts);
1396 proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
1397 "(suboption would go past end of option)");
1400 ts = tvb_get_ntohl(tvb, offset + optoffset);
1402 proto_tree_add_text(field_tree, tvb, offset + optoffset, 4,
1403 "Time stamp = %u", ts);
1410 static const range_string ra_rvals[] = {
1411 {0, 0, "Router shall examine packet"},
1412 {1, 65535, "Reserved"},
1417 dissect_ipopt_ra(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1418 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1421 /* Router-Alert, as defined by RFC2113 */
1422 proto_tree *field_tree;
1424 guint16 value = tvb_get_ntohs(tvb, offset + 2);
1426 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen,
1427 "%s (%u bytes): %s (%u)", optp->name, optlen,
1428 rval_to_str(value, ra_rvals, "Unknown (%u)"),
1430 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1431 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1432 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1433 if (optlen != (guint)optp->optlen)
1434 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1435 proto_tree_add_item(field_tree, hf_ip_opt_ra, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1438 /* RFC 1770: Selective Directed Broadcast */
1440 dissect_ipopt_sdb(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1441 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1444 proto_tree *field_tree;
1447 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1448 optp->name, optlen);
1449 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1450 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1451 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1452 if (optlen > IPOLEN_MAX)
1453 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1454 for (offset += 2, optlen -= 2; optlen >= 4; offset += 4, optlen -= 4)
1455 proto_tree_add_item(field_tree, hf_ip_opt_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
1458 proto_tree_add_item(field_tree, hf_ip_opt_padding, tvb, offset, optlen, ENC_NA);
1461 const value_string qs_func_vals[] = {
1462 {QS_RATE_REQUEST, "Rate request"},
1463 {QS_RATE_REPORT, "Rate report"},
1467 static const value_string qs_rate_vals[] = {
1473 { 5, "1.28 Mbit/s"},
1474 { 6, "2.56 Mbit/s"},
1475 { 7, "5.12 Mbit/s"},
1476 { 8, "10.24 Mbit/s"},
1477 { 9, "20.48 Mbit/s"},
1478 {10, "40.96 Mbit/s"},
1479 {11, "81.92 Mbit/s"},
1480 {12, "163.84 Mbit/s"},
1481 {13, "327.68 Mbit/s"},
1482 {14, "655.36 Mbit/s"},
1483 {15, "1.31072 Gbit/s"},
1486 value_string_ext qs_rate_vals_ext = VALUE_STRING_EXT_INIT(qs_rate_vals);
1489 dissect_ipopt_qs(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1490 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1493 proto_tree *field_tree;
1496 ws_ip *iph = (ws_ip*)data;
1498 guint8 command = tvb_get_guint8(tvb, offset + 2);
1499 guint8 function = command >> 4;
1500 guint8 rate = command & QS_RATE_MASK;
1503 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen,
1504 "%s (%u bytes): %s (%u)", optp->name, optlen,
1505 val_to_str(function, qs_func_vals, "Unknown (%u)"),
1507 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1509 dissect_ipopt_type(tvb, offset, field_tree, &IP_OPT_TYPES);
1510 proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1511 if (optlen != (guint)optp->optlen)
1512 expert_add_info(pinfo, tf, &ei_ip_opt_len_invalid);
1513 proto_tree_add_item(field_tree, hf_ip_opt_qs_func, tvb, offset + 2, 1, ENC_NA);
1515 if (function == QS_RATE_REQUEST) {
1516 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset + 2, 1, ENC_NA);
1517 proto_tree_add_item(field_tree, hf_ip_opt_qs_ttl, tvb, offset + 3, 1, ENC_NA);
1518 ttl_diff = (iph->ip_ttl - tvb_get_guint8(tvb, offset + 3) % 256);
1519 ti = proto_tree_add_uint_format_value(field_tree, hf_ip_opt_qs_ttl_diff,
1520 tvb, offset + 3, 1, ttl_diff,
1522 PROTO_ITEM_SET_GENERATED(ti);
1523 proto_item_append_text(tf, ", %s, QS TTL %u, QS TTL diff %u",
1524 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"),
1525 tvb_get_guint8(tvb, offset + 3), ttl_diff);
1526 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 4, 4, ENC_NA);
1527 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 4, 4, ENC_NA);
1528 } else if (function == QS_RATE_REPORT) {
1529 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset + 2, 1, ENC_NA);
1530 proto_item_append_text(tf, ", %s",
1531 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"));
1532 proto_tree_add_item(field_tree, hf_ip_opt_qs_unused, tvb, offset + 3, 1, ENC_NA);
1533 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 4, 4, ENC_NA);
1534 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 4, 4, ENC_NA);
1538 static const ip_tcp_opt ipopts[] = {
1539 {IPOPT_EOOL, "End of Options List (EOL)", &ett_ip_option_eool,
1540 OPT_LEN_NO_LENGTH, 0, dissect_ipopt_eool},
1541 {IPOPT_NOP, "No Operation (NOP)", &ett_ip_option_nop,
1542 OPT_LEN_NO_LENGTH, 0, dissect_ipopt_nop},
1543 {IPOPT_SEC, "Security", &ett_ip_option_sec,
1544 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SEC_MIN, dissect_ipopt_security},
1545 {IPOPT_LSR, "Loose Source Route", &ett_ip_option_route,
1546 OPT_LEN_VARIABLE_LENGTH, IPOLEN_LSR_MIN, dissect_ipopt_route},
1547 {IPOPT_TS, "Time Stamp", &ett_ip_option_timestamp,
1548 OPT_LEN_VARIABLE_LENGTH, IPOLEN_TS_MIN, dissect_ipopt_timestamp},
1549 {IPOPT_ESEC, "Extended Security", &ett_ip_option_ext_security,
1550 OPT_LEN_VARIABLE_LENGTH, IPOLEN_ESEC_MIN, dissect_ipopt_ext_security},
1551 {IPOPT_CIPSO, "Commercial Security", &ett_ip_option_cipso,
1552 OPT_LEN_VARIABLE_LENGTH, IPOLEN_CIPSO_MIN, dissect_ipopt_cipso},
1553 {IPOPT_RR, "Record Route", &ett_ip_option_route,
1554 OPT_LEN_VARIABLE_LENGTH, IPOLEN_RR_MIN, dissect_ipopt_record_route},
1555 {IPOPT_SID, "Stream ID", &ett_ip_option_sid,
1556 OPT_LEN_FIXED_LENGTH, IPOLEN_SID, dissect_ipopt_sid},
1557 {IPOPT_SSR, "Strict Source Route", &ett_ip_option_route,
1558 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SSR_MIN, dissect_ipopt_route},
1560 {IPOPT_ZSU, "Experimental Measurement", &ett_ip_option_zsu,
1561 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ZSU_MIN, dissect_ipopt_zsu},
1563 {IPOPT_MTUP, "MTU Probe", &ett_ip_option_mtu,
1564 OPT_LEN_FIXED_LENGTH, IPOLEN_MTU, dissect_ipopt_mtu},
1565 {IPOPT_MTUR, "MTU Reply", &ett_ip_option_mtu,
1566 OPT_LEN_FIXED_LENGTH, IPOLEN_MTU, dissect_ipopt_mtu},
1568 {IPOPT_FINN, "Experimental Flow Control", &ett_ip_option_finn,
1569 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_FINN_MIN, dissect_ipopt_finn},
1570 {IPOPT_VISA, "Experimental Access Control", &ett_ip_option_visa,
1571 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_VISA_MIN, dissect_ipopt_visa},
1572 {IPOPT_ENCODE, "???", &ett_ip_option_encode,
1573 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ENCODE_MIN, dissect_ipopt_encode},
1574 {IPOPT_IMITD, "IMI Traffic Descriptor", &ett_ip_option_imitd,
1575 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_IMITD_MIN, dissect_ipopt_imitd},
1576 {IPOPT_EIP, "Extended Internet Protocol", &ett_ip_option_eip,
1577 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_EIP_MIN, dissect_ipopt_eip},
1579 {IPOPT_TR, "Traceroute", &ett_ip_option_tr,
1580 OPT_LEN_FIXED_LENGTH, IPOLEN_TR, dissect_ipopt_tr},
1582 {IPOPT_ADDEXT, "Address Extension", &ett_ip_option_addext,
1583 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ADDEXT_MIN, dissect_ipopt_addext},
1585 {IPOPT_RTRALT, "Router Alert", &ett_ip_option_ra,
1586 OPT_LEN_FIXED_LENGTH, IPOLEN_RA, dissect_ipopt_ra},
1587 {IPOPT_SDB, "Selective Directed Broadcast", &ett_ip_option_sdb,
1588 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SDB_MIN, dissect_ipopt_sdb},
1590 {IPOPT_UN, "Unassigned", &ett_ip_option_un,
1591 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_UN_MIN, dissect_ipopt_un},
1592 {IPOPT_DPS, "Dynamic Packet State", &ett_ip_option_dps,
1593 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_DPS_MIN, dissect_ipopt_dps},
1594 {IPOPT_UMP, "Upstream Multicast Pkt.", &ett_ip_option_ump,
1595 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_UMP_MIN, dissect_ipopt_ump},
1597 {IPOPT_QS, "Quick-Start", &ett_ip_option_qs,
1598 OPT_LEN_FIXED_LENGTH, IPOLEN_QS, dissect_ipopt_qs}
1600 {IPOPT_EXP, "RFC3692-style Experiment", &ett_ip_option_exp,
1601 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_EXP_MIN, dissect_ipopt_exp}
1605 #define N_IP_OPTS array_length(ipopts)
1607 /* Dissect the IP, TCP or various PPP protocols (IPCP, CP, LCP, VSNCP, BAP)
1608 * options in a packet. */
1610 dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length,
1611 const ip_tcp_opt *opttab, int nopts, int eol,
1612 ip_tcp_opt_type* opttypes, expert_field* ei_bad,
1613 packet_info *pinfo, proto_tree *opt_tree,
1614 proto_item *opt_item, void * data)
1617 const ip_tcp_opt *optp;
1618 opt_len_type len_type;
1619 unsigned int optlen;
1621 void (*dissect)(const struct ip_tcp_opt *, tvbuff_t *,
1622 int, guint, packet_info *, proto_tree *,
1624 guint len, nop_count = 0;
1626 while (length > 0) {
1627 opt = tvb_get_guint8(tvb, offset);
1628 for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
1629 if (optp->optcode == opt)
1632 if (optp == &opttab[nopts]) {
1633 /* We assume that the only OPT_LEN_NO_LENGTH options are EOL and NOP options,
1634 so that we can treat unknown options as OPT_LEN_VARIABLE_LENGTH with a
1635 minimum of 2, and at least be able to move on to the next option
1636 by using the length in the option. */
1637 optp = NULL; /* indicate that we don't know this option */
1638 len_type = OPT_LEN_VARIABLE_LENGTH;
1640 name = wmem_strdup_printf(wmem_packet_scope(), "Unknown (0x%02x)", opt);
1644 len_type = optp->len_type;
1645 optlen = optp->optlen;
1647 dissect = optp->dissect;
1648 if (opt_item && len_type == OPT_LEN_NO_LENGTH && optlen == 0 && opt == 1 &&
1649 (nop_count == 0 || offset % 4)) { /* opt 1 = NOP in both IP and TCP */
1650 /* Count number of NOP in a row within a uint32 */
1656 --length; /* account for type byte */
1657 if (len_type != OPT_LEN_NO_LENGTH) {
1658 /* Option has a length. Is it in the packet? */
1660 /* Bogus - packet must at least include option code byte and
1662 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, 1,
1663 "%s (length byte past end of options)", name);
1666 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1667 --length; /* account for length byte */
1669 /* Bogus - option length is too short to include option code and
1671 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, 2,
1672 "%s (with too-short option length = %u byte%s)",
1673 name, len, plurality(len, "", "s"));
1675 } else if (len - 2 > length) {
1676 /* Bogus - option goes past the end of the header. */
1677 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, length,
1678 "%s (option length = %u byte%s says option goes past end of options)",
1679 name, len, plurality(len, "", "s"));
1681 } else if (len_type == OPT_LEN_FIXED_LENGTH && len != optlen) {
1682 /* Bogus - option length isn't what it's supposed to be for this
1684 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, len,
1685 "%s (with option length = %u byte%s; should be %u)",
1686 name, len, plurality(len, "", "s"), optlen);
1688 } else if (len_type == OPT_LEN_VARIABLE_LENGTH && len < optlen) {
1689 /* Bogus - option length is less than what it's supposed to be for
1691 proto_tree_add_expert_format(opt_tree, pinfo, ei_bad, tvb, offset, len,
1692 "%s (with option length = %u byte%s; should be >= %u)",
1693 name, len, plurality(len, "", "s"), optlen);
1697 proto_tree_add_text(opt_tree, tvb, offset, len, "%s (%u byte%s)",
1698 name, len, plurality(len, "", "s"));
1700 if (dissect != NULL) {
1701 /* Option has a dissector. */
1702 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1704 (*dissect)(optp, tvb, offset, len, pinfo, opt_tree, data);
1706 proto_tree *field_tree;
1709 /* Option has no data, hence no dissector. */
1710 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1712 tf = proto_tree_add_text(opt_tree, tvb, offset, len, "%s", name);
1713 field_tree = proto_item_add_subtree(tf, ett_ip_option_other);
1714 dissect_ipopt_type(tvb, offset, field_tree, opttypes);
1717 len -= 2; /* subtract size of type and length */
1722 if (dissect != NULL) {
1723 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1725 (*dissect)(optp, tvb, offset, 1, pinfo, opt_tree, data);
1727 proto_tree *field_tree;
1730 /* Option has no data, hence no dissector. */
1731 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s", name);
1732 tf = proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", name);
1733 field_tree = proto_item_add_subtree(tf, ett_ip_option_other);
1734 dissect_ipopt_type(tvb, offset, field_tree, opttypes);
1738 if (nop_count == 4 && strcmp (name, "No-Operation (NOP)") == 0) {
1739 expert_add_info(pinfo, opt_item, &ei_ip_nop);
1747 /* This function searches the IP options for either a loose or strict source
1748 * route option, then returns the offset to the destination address if the
1749 * pointer is still valid or zero if the pointer is greater than the length.
1751 * The guts of this function was taken from dissect_ip_tcp_options().
1754 get_dst_offset(tvbuff_t *tvb, int offset, guint length,
1755 const ip_tcp_opt *opttab, int nopts, int eol)
1758 const ip_tcp_opt *optp;
1759 opt_len_type len_type;
1760 unsigned int optlen;
1762 int orig_offset = offset;
1764 while (length > 0) {
1765 opt = tvb_get_guint8(tvb, offset);
1766 for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
1767 if (optp->optcode == opt)
1770 if (optp == &opttab[nopts]) {
1771 /* We assume that the only NO_LENGTH options are EOL and NOP options,
1772 so that we can treat unknown options as VARIABLE_LENGTH with a
1773 minimum of 2, and at least be able to move on to the next option
1774 by using the length in the option. */
1775 optp = NULL; /* indicate that we don't know this option */
1776 len_type = OPT_LEN_VARIABLE_LENGTH;
1779 len_type = optp->len_type;
1780 optlen = optp->optlen;
1782 --length; /* account for type byte */
1783 if (len_type != OPT_LEN_NO_LENGTH) {
1784 /* Option has a length. Is it in the packet? */
1786 /* Bogus - packet must at least include option code byte and
1790 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1791 --length; /* account for length byte */
1793 /* Bogus - option length is too short to include option code and
1796 } else if (len - 2 > length) {
1797 /* Bogus - option goes past the end of the header. */
1799 } else if (len_type == OPT_LEN_FIXED_LENGTH && len != optlen) {
1800 /* Bogus - option length isn't what it's supposed to be for this
1803 } else if (len_type == OPT_LEN_VARIABLE_LENGTH && len < optlen) {
1804 /* Bogus - option length is less than what it's supposed to be for
1809 if (opt == IPOPT_SSR || opt == IPOPT_LSR) {
1810 /* Hmm, what if you have both options? */
1813 ptr = tvb_get_guint8(tvb, offset + 2);
1814 if (ptr < 4 || (ptr & 3) || (ptr > len)) {
1817 return (offset - orig_offset) + 4 + (len - 4);
1820 len -= 2; /* subtract size of type and length */
1833 /* Returns the valid ttl for the group address */
1835 local_network_control_block_addr_valid_ttl(guint32 addr)
1837 /* An exception list, as some protocols seem to insist on
1838 * doing differently:
1841 /* IETF's VRRP (rfc3768) */
1842 if (IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR == addr)
1843 return IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL;
1845 if (IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR == addr)
1846 return IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL;
1847 /* mDNS (draft-cheshire-dnsext-multicastdns-07) */
1848 if (IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR == addr)
1849 return IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL;
1850 /* LLMNR (rfc4795) */
1851 if (IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR == addr)
1852 return IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL;
1853 return IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL;
1856 static const value_string dscp_vals[] = {
1857 { IPDSFIELD_DSCP_DEFAULT, "Default" },
1858 { IPDSFIELD_DSCP_CS1, "Class Selector 1" },
1859 { IPDSFIELD_DSCP_AF11, "Assured Forwarding 11" },
1860 { IPDSFIELD_DSCP_AF12, "Assured Forwarding 12" },
1861 { IPDSFIELD_DSCP_AF13, "Assured Forwarding 13" },
1862 { IPDSFIELD_DSCP_CS2, "Class Selector 2" },
1863 { IPDSFIELD_DSCP_AF21, "Assured Forwarding 21" },
1864 { IPDSFIELD_DSCP_AF22, "Assured Forwarding 22" },
1865 { IPDSFIELD_DSCP_AF23, "Assured Forwarding 23" },
1866 { IPDSFIELD_DSCP_CS3, "Class Selector 3" },
1867 { IPDSFIELD_DSCP_AF31, "Assured Forwarding 31" },
1868 { IPDSFIELD_DSCP_AF32, "Assured Forwarding 32" },
1869 { IPDSFIELD_DSCP_AF33, "Assured Forwarding 33" },
1870 { IPDSFIELD_DSCP_CS4, "Class Selector 4" },
1871 { IPDSFIELD_DSCP_AF41, "Assured Forwarding 41" },
1872 { IPDSFIELD_DSCP_AF42, "Assured Forwarding 42" },
1873 { IPDSFIELD_DSCP_AF43, "Assured Forwarding 43" },
1874 { IPDSFIELD_DSCP_CS5, "Class Selector 5" },
1875 { IPDSFIELD_DSCP_EF, "Expedited Forwarding" },
1876 { IPDSFIELD_DSCP_CS6, "Class Selector 6" },
1877 { IPDSFIELD_DSCP_CS7, "Class Selector 7" },
1879 value_string_ext dscp_vals_ext = VALUE_STRING_EXT_INIT(dscp_vals);
1881 const value_string ecn_vals[] = {
1882 { IPDSFIELD_ECT_NOT, "Not-ECT (Not ECN-Capable Transport)" },
1883 { IPDSFIELD_ECT_1, "ECT(1) (ECN-Capable Transport)" },
1884 { IPDSFIELD_ECT_0, "ECT(0) (ECN-Capable Transport)" },
1885 { IPDSFIELD_CE, "CE (Congestion Experienced)" },
1888 static const value_string precedence_vals[] = {
1889 { IPTOS_PREC_ROUTINE, "routine" },
1890 { IPTOS_PREC_PRIORITY, "priority" },
1891 { IPTOS_PREC_IMMEDIATE, "immediate" },
1892 { IPTOS_PREC_FLASH, "flash" },
1893 { IPTOS_PREC_FLASHOVERRIDE, "flash override" },
1894 { IPTOS_PREC_CRITIC_ECP, "CRITIC/ECP" },
1895 { IPTOS_PREC_INTERNETCONTROL, "internetwork control" },
1896 { IPTOS_PREC_NETCONTROL, "network control" },
1899 static const value_string iptos_vals[] = {
1900 { IPTOS_NONE, "None" },
1901 { IPTOS_LOWCOST, "Minimize cost" },
1902 { IPTOS_RELIABILITY, "Maximize reliability" },
1903 { IPTOS_THROUGHPUT, "Maximize throughput" },
1904 { IPTOS_LOWDELAY, "Minimize delay" },
1905 { IPTOS_SECURITY, "Maximize security" },
1909 static const true_false_string tos_set_low = {
1914 static const true_false_string tos_set_high = {
1919 static const true_false_string flags_sf_set_evil = {
1925 ip_checksum(const guint8 *ptr, int len)
1929 cksum_vec[0].ptr = ptr;
1930 cksum_vec[0].len = len;
1931 return in_cksum(&cksum_vec[0], 1);
1935 dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
1937 proto_tree *ip_tree, *field_tree = NULL;
1938 proto_item *ti, *tf;
1940 int offset = 0, dst_off;
1945 fragment_head *ipfd_head = NULL;
1947 gboolean update_col_info = TRUE;
1948 gboolean save_fragmented;
1950 const guchar *src_addr, *dst_addr;
1951 guint32 src32, dst32;
1953 proto_item *item = NULL, *ttl_item;
1954 proto_tree *checksum_tree;
1958 iph = (ws_ip *)wmem_alloc(wmem_packet_scope(), sizeof(ws_ip));
1960 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPv4");
1961 col_clear(pinfo->cinfo, COL_INFO);
1963 iph->ip_v_hl = tvb_get_guint8(tvb, offset);
1964 if ( hi_nibble(iph->ip_v_hl) == 6) {
1965 call_dissector(ipv6_handle, tvb, pinfo, parent_tree);
1969 hlen = lo_nibble(iph->ip_v_hl) * 4; /* IP header length, in bytes */
1971 ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, ENC_NA);
1972 ip_tree = proto_item_add_subtree(ti, ett_ip);
1974 proto_tree_add_uint(ip_tree, hf_ip_version, tvb, offset, 1,
1975 hi_nibble(iph->ip_v_hl));
1977 /* if IP is not referenced from any filters we don't need to worry about
1978 generating any tree items. We must do this after we created the actual
1979 protocol above so that proto hier stat still works though.
1980 XXX: Note that because of the following optimization expert items must
1981 not be generated inside of an 'if (tree) ...'
1982 so that Analyze ! Expert ... will work.
1984 if (!proto_field_is_referenced(parent_tree, proto_ip)) {
1988 if (hlen < IPH_MIN_LEN) {
1989 col_add_fstr(pinfo->cinfo, COL_INFO,
1990 "Bogus IP header length (%u, must be at least %u)",
1993 proto_tree_add_uint_format_value(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
1994 "%u bytes (bogus, must be at least %u)", hlen, IPH_MIN_LEN);
1998 proto_tree_add_uint_format_value(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
2001 iph->ip_tos = tvb_get_guint8(tvb, offset + 1);
2002 if (g_ip_dscp_actif) {
2003 col_add_fstr(pinfo->cinfo, COL_DSCP_VALUE, "%u",
2004 IPDSFIELD_DSCP(iph->ip_tos));
2008 if (g_ip_dscp_actif) {
2009 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_dsfield, tvb, offset + 1,
2010 1, iph->ip_tos, "0x%02x (DSCP 0x%02x: %s; ECN: 0x%02x: %s)", iph->ip_tos,
2011 IPDSFIELD_DSCP(iph->ip_tos), val_to_str_ext_const(IPDSFIELD_DSCP(iph->ip_tos),
2012 &dscp_vals_ext, "Unknown DSCP"),
2013 IPDSFIELD_ECN(iph->ip_tos), val_to_str_const(IPDSFIELD_ECN(iph->ip_tos),
2014 ecn_vals, "Unknown ECN"));
2016 field_tree = proto_item_add_subtree(tf, ett_ip_dsfield);
2017 proto_tree_add_item(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, ENC_NA);
2018 proto_tree_add_item(field_tree, hf_ip_dsfield_ecn, tvb, offset + 1, 1, ENC_NA);
2020 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_tos, tvb, offset + 1, 1,
2024 val_to_str_const(IPTOS_TOS(iph->ip_tos),
2025 iptos_vals, "Unknown"));
2027 field_tree = proto_item_add_subtree(tf, ett_ip_tos);
2028 proto_tree_add_item(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, ENC_NA);
2029 proto_tree_add_item(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, ENC_NA);
2030 proto_tree_add_item(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, ENC_NA);
2031 proto_tree_add_item(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, ENC_NA);
2032 proto_tree_add_item(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, ENC_NA);
2036 /* Length of IP datagram.
2037 XXX - what if this is greater than the reported length of the
2038 tvbuff? This could happen, for example, in an IP datagram
2039 inside an ICMP datagram; we need to somehow let the
2040 dissector we call know that, as it might want to avoid
2041 doing its checksumming. */
2042 iph->ip_len = tvb_get_ntohs(tvb, offset + 2);
2044 if (iph->ip_len < hlen) {
2045 if (ip_tso_supported && !iph->ip_len) {
2046 /* TSO support enabled, and zero length. Assume the zero length is
2047 * the result of TSO, and use the reported length instead. Note that
2048 * we need to use the frame/reported length instead of the actually-
2049 * available length, just in case a snaplen was used on capture. */
2050 iph->ip_len = tvb_reported_length(tvb);
2052 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2054 "%u bytes (reported as 0, presumed to be because of \"TCP segmentation offload\" (TSO))",
2056 PROTO_ITEM_SET_GENERATED(tf);
2059 /* TSO support not enabled, or non-zero length, so treat it as an error. */
2060 col_add_fstr(pinfo->cinfo, COL_INFO,
2061 "Bogus IP length (%u, less than header length %u)",
2063 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2065 "%u bytes (bogus, less than header length %u)",
2067 expert_add_info(pinfo, tf, &ei_ip_bogus_ip_length);
2068 /* Can't dissect any further */
2073 * Now that we know that the total length of this IP datagram isn't
2074 * obviously bogus, adjust the length of this tvbuff to include only
2077 set_actual_length(tvb, iph->ip_len);
2080 proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len);
2083 iph->ip_id = tvb_get_ntohs(tvb, offset + 4);
2085 proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph->ip_id);
2087 iph->ip_off = tvb_get_ntohs(tvb, offset + 6);
2089 int bit_offset = (offset + 6) * 8;
2091 flags = (iph->ip_off & (IP_RF | IP_DF | IP_MF)) >> IP_OFFSET_WIDTH;
2092 tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags);
2093 field_tree = proto_item_add_subtree(tf, ett_ip_off);
2094 if (ip_security_flag) {
2097 sf = proto_tree_add_bits_item(field_tree, hf_ip_flags_sf, tvb,
2098 bit_offset + 0, 1, ENC_BIG_ENDIAN);
2099 if (iph->ip_off & IP_RF) {
2100 proto_item_append_text(tf, " (Evil packet!)");
2101 expert_add_info(pinfo, sf, &ei_ip_evil_packet);
2104 proto_tree_add_bits_item(field_tree, hf_ip_flags_rf, tvb, bit_offset + 0,
2105 1, ENC_LITTLE_ENDIAN);
2107 if (iph->ip_off & IP_DF)
2108 proto_item_append_text(tf, " (Don't Fragment)");
2109 proto_tree_add_bits_item(field_tree, hf_ip_flags_df, tvb, bit_offset + 1,
2111 if (iph->ip_off & IP_MF)
2112 proto_item_append_text(tf, " (More Fragments)");
2113 proto_tree_add_bits_item(field_tree, hf_ip_flags_mf, tvb, bit_offset + 2,
2115 proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
2116 (iph->ip_off & IP_OFFSET)*8);
2119 iph->ip_ttl = tvb_get_guint8(tvb, offset + 8);
2121 ttl_item = proto_tree_add_item(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, ENC_BIG_ENDIAN);
2126 iph->ip_p = tvb_get_guint8(tvb, offset + 9);
2128 proto_tree_add_item(ip_tree, hf_ip_proto, tvb, offset + 9, 1, ENC_BIG_ENDIAN);
2131 iph->ip_sum = tvb_get_ntohs(tvb, offset + 10);
2134 * If checksum checking is enabled, and we have the entire IP header
2135 * available, and this isn't inside an ICMP error packet, check the
2138 if (ip_check_checksum && tvb_bytes_exist(tvb, offset, hlen)&&(!pinfo->flags.in_error_pkt)) {
2139 ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen);
2142 item = proto_tree_add_uint_format_value(ip_tree, hf_ip_checksum, tvb,
2143 offset + 10, 2, iph->ip_sum,
2146 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2147 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2148 offset + 10, 2, TRUE);
2149 PROTO_ITEM_SET_GENERATED(item);
2150 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2151 offset + 10, 2, FALSE);
2152 PROTO_ITEM_SET_GENERATED(item);
2154 item = proto_tree_add_uint_format_value(ip_tree, hf_ip_checksum, tvb,
2155 offset + 10, 2, iph->ip_sum,
2157 "[incorrect, should be 0x%04x "
2158 "(may be caused by \"IP checksum "
2159 "offload\"?)]", iph->ip_sum,
2160 in_cksum_shouldbe(iph->ip_sum,
2162 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2163 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2164 offset + 10, 2, FALSE);
2165 PROTO_ITEM_SET_GENERATED(item);
2166 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2167 offset + 10, 2, TRUE);
2168 PROTO_ITEM_SET_GENERATED(item);
2172 /* Add expert item always (so tap gets called if present);
2173 if (tree == NULL) then item will be NULL
2174 else item should be from the
2175 add_boolean(..., hf_ip_checksum_bad, ...) above */
2176 expert_add_info(pinfo, item, &ei_ip_checksum_bad);
2181 item = proto_tree_add_uint_format_value(ip_tree, hf_ip_checksum, tvb,
2182 offset + 10, 2, iph->ip_sum,
2186 (pinfo->flags.in_error_pkt ?
2187 "in ICMP error packet" :
2188 "not all data available") :
2189 "validation disabled");
2190 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2191 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2192 offset + 10, 2, FALSE);
2193 PROTO_ITEM_SET_GENERATED(item);
2194 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2195 offset + 10, 2, FALSE);
2196 PROTO_ITEM_SET_GENERATED(item);
2199 src_addr = tvb_get_ptr(tvb, offset + IPH_SRC, 4);
2200 src32 = tvb_get_ntohl(tvb, offset + IPH_SRC);
2201 SET_ADDRESS(&pinfo->net_src, AT_IPv4, 4, src_addr);
2202 SET_ADDRESS(&pinfo->src, AT_IPv4, 4, src_addr);
2203 SET_ADDRESS(&iph->ip_src, AT_IPv4, 4, src_addr);
2205 const char *src_host;
2207 memcpy(&addr, iph->ip_src.data, 4);
2208 src_host = get_hostname(addr);
2209 if (ip_summary_in_tree) {
2210 proto_item_append_text(ti, ", Src: %s (%s)", src_host,
2211 ip_to_str((const guint8 *)iph->ip_src.data));
2213 proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, addr);
2214 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 12, 4, addr);
2215 PROTO_ITEM_SET_HIDDEN(item);
2216 item = proto_tree_add_string(ip_tree, hf_ip_src_host, tvb, offset + 12, 4,
2218 PROTO_ITEM_SET_GENERATED(item);
2219 PROTO_ITEM_SET_HIDDEN(item);
2220 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb, offset + 12, 4,
2222 PROTO_ITEM_SET_GENERATED(item);
2223 PROTO_ITEM_SET_HIDDEN(item);
2226 /* If there's an IP strict or loose source routing option, then the final
2227 * L3 IP destination address will be the last entry in the routing header
2228 * EXCEPT when the table is exhausted (pointer is greater than the length).
2229 * In this case, the final L3 IP destination address is the one in the L3
2230 * header. (REF: http://tools.ietf.org/html/rfc791#section-3.1)
2232 if (hlen > IPH_MIN_LEN) {
2233 /* There's more than just the fixed-length header. See if we've got
2234 * either a strict or loose source route option and if so, return the
2235 * offset into the tvb to where the real destination IP address is located.
2237 dst_off = get_dst_offset(tvb, offset + 20, hlen - IPH_MIN_LEN, ipopts,
2238 N_IP_OPTS, IPOPT_EOOL);
2243 dst_addr = tvb_get_ptr(tvb, offset + IPH_DST + dst_off, 4);
2244 dst32 = tvb_get_ntohl(tvb, offset + IPH_DST + dst_off);
2245 SET_ADDRESS(&pinfo->net_dst, AT_IPv4, 4, dst_addr);
2246 SET_ADDRESS(&pinfo->dst, AT_IPv4, 4, dst_addr);
2247 SET_ADDRESS(&iph->ip_dst, AT_IPv4, 4, dst_addr);
2249 /* If an IP is destined for an IP address in the Local Network Control Block
2250 * (e.g. 224.0.0.0/24), the packet should never be routed and the TTL would
2251 * be expected to be 1. (see RFC 3171) Flag a TTL greater than 1.
2253 * Flag a low TTL if the packet is not destined for a multicast address
2254 * (e.g. 224.0.0.0/4) ... and the payload isn't protocol 103 (PIM).
2255 * (see http://tools.ietf.org/html/rfc3973#section-4.7).
2257 if (is_a_local_network_control_block_addr(dst32)) {
2258 ttl = local_network_control_block_addr_valid_ttl(dst32);
2259 if (ttl != iph->ip_ttl && ttl != IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL) {
2260 expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_lncb, "\"Time To Live\" != %d for a packet sent to the "
2261 "Local Network Control Block (see RFC 3171)",
2264 } else if (!is_a_multicast_addr(dst32) && iph->ip_ttl < 5 &&
2265 (iph->ip_p != IP_PROTO_PIM)) {
2266 expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_too_small, "\"Time To Live\" only %u", iph->ip_ttl);
2270 const char *dst_host;
2273 memcpy(&addr, iph->ip_dst.data, 4);
2274 dst_host = get_hostname(addr);
2276 cur_rt = tvb_get_ipv4(tvb, offset + 16);
2277 if (ip_summary_in_tree) {
2278 proto_item_append_text(ti, ", Dst: %s (%s)", dst_host,
2279 ip_to_str((const guint8 *)iph->ip_dst.data));
2281 proto_item_append_text(ti, ", Via: %s (%s)", get_hostname(cur_rt),
2282 ip_to_str((gchar *)&cur_rt));
2286 proto_tree_add_ipv4(ip_tree, hf_ip_cur_rt, tvb, offset + 16, 4, cur_rt);
2287 item = proto_tree_add_string(ip_tree, hf_ip_cur_rt_host, tvb,
2288 offset + 16, 4, get_hostname(cur_rt));
2289 PROTO_ITEM_SET_GENERATED(item);
2290 PROTO_ITEM_SET_HIDDEN(item);
2293 proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, addr);
2294 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 16, 4,
2296 PROTO_ITEM_SET_HIDDEN(item);
2297 item = proto_tree_add_string(ip_tree, hf_ip_dst_host, tvb, offset + 16,
2299 PROTO_ITEM_SET_GENERATED(item);
2300 PROTO_ITEM_SET_HIDDEN(item);
2301 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb,
2302 offset + 16 + dst_off, 4, dst_host);
2303 PROTO_ITEM_SET_GENERATED(item);
2304 PROTO_ITEM_SET_HIDDEN(item);
2309 if (tree && ip_use_geoip) {
2310 add_geoip_info(ip_tree, tvb, offset, src32, dst32);
2314 /* Decode IP options, if any. */
2315 if (hlen > IPH_MIN_LEN) {
2316 /* There's more than just the fixed-length header. Decode the options. */
2317 optlen = hlen - IPH_MIN_LEN; /* length of options, in bytes */
2318 tf = proto_tree_add_text(ip_tree, tvb, offset + 20, optlen,
2319 "Options: (%u bytes)", optlen);
2320 field_tree = proto_item_add_subtree(tf, ett_ip_options);
2321 dissect_ip_tcp_options(tvb, offset + 20, optlen, ipopts, N_IP_OPTS,
2322 IPOPT_EOOL, &IP_OPT_TYPES, &ei_ip_opt_len_invalid, pinfo, field_tree, tf, iph);
2325 pinfo->ipproto = iph->ip_p;
2326 tap_queue_packet(ip_tap, pinfo, iph);
2328 /* Skip over header + options */
2330 nxt = iph->ip_p; /* XXX - what if this isn't the same for all fragments? */
2332 /* If ip_defragment is on, this is a fragment, we have all the data
2333 * in the fragment, and the header checksum is valid, then just add
2334 * the fragment to the hashtable.
2336 save_fragmented = pinfo->fragmented;
2337 if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
2338 tvb_bytes_exist(tvb, offset, iph->ip_len - hlen) &&
2340 ipfd_head = fragment_add_check(&ip_reassembly_table, tvb, offset,
2342 iph->ip_p ^ iph->ip_id ^ src32 ^ dst32,
2344 (iph->ip_off & IP_OFFSET) * 8,
2346 iph->ip_off & IP_MF);
2348 next_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled IPv4",
2349 ipfd_head, &ip_frag_items,
2350 &update_col_info, ip_tree);
2352 /* If this is the first fragment, dissect its contents, otherwise
2353 just show it as a fragment.
2355 XXX - if we eventually don't save the reassembled contents of all
2356 fragmented datagrams, we may want to always reassemble. */
2357 if (iph->ip_off & IP_OFFSET) {
2358 /* Not the first fragment - don't dissect it. */
2361 /* First fragment, or not fragmented. Dissect what we have here. */
2363 /* Get a tvbuff for the payload. */
2364 next_tvb = tvb_new_subset_remaining(tvb, offset);
2367 * If this is the first fragment, but not the only fragment,
2368 * tell the next protocol that.
2370 if (iph->ip_off & IP_MF)
2371 pinfo->fragmented = TRUE;
2373 pinfo->fragmented = FALSE;
2377 if (next_tvb == NULL) {
2378 /* Just show this as a fragment. */
2379 col_add_fstr(pinfo->cinfo, COL_INFO,
2380 "Fragmented IP protocol (proto=%s %u, off=%u, ID=%04x)",
2381 ipprotostr(iph->ip_p), iph->ip_p,
2382 (iph->ip_off & IP_OFFSET) * 8, iph->ip_id);
2383 if ( ipfd_head && ipfd_head->reassembled_in != pinfo->fd->num ) {
2384 col_append_fstr(pinfo->cinfo, COL_INFO, " [Reassembled in #%u]",
2385 ipfd_head->reassembled_in);
2388 call_dissector(data_handle, tvb_new_subset_remaining(tvb, offset), pinfo,
2390 pinfo->fragmented = save_fragmented;
2394 /* Hand off to the next protocol.
2396 XXX - setting the columns only after trying various dissectors means
2397 that if one of those dissectors throws an exception, the frame won't
2398 even be labeled as an IP frame; ideally, if a frame being dissected
2399 throws an exception, it'll be labeled as a mangled frame of the
2400 type in question. */
2401 if ((try_heuristic_first) && (dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, iph))) {
2403 } else if (!dissector_try_uint_new(ip_dissector_table, nxt, next_tvb, pinfo,
2404 parent_tree, TRUE, iph)) {
2405 if ((!try_heuristic_first) && (!dissector_try_heuristic(heur_subdissector_list, next_tvb, pinfo, tree, iph))) {
2406 /* Unknown protocol */
2407 if (update_col_info) {
2408 col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)",
2409 ipprotostr(iph->ip_p), iph->ip_p);
2411 call_dissector(data_handle,next_tvb, pinfo, parent_tree);
2414 pinfo->fragmented = save_fragmented;
2418 dissect_ip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2420 int length, tot_length;
2421 guint8 oct, version, ihl;
2425 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2426 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2427 |Version| IHL |Type of Service| Total Length |
2428 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2431 length = tvb_length(tvb);
2433 /* Need at least 4 bytes to make some sort of decision */
2436 oct = tvb_get_guint8(tvb,0);
2440 /* TODO: Add IPv6 checks here */
2442 3. IPv6 Header Format
2445 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2446 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2447 |Version| Traffic Class | Flow Label |
2448 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2449 | Payload Length | Next Header | Hop Limit |
2450 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2458 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2462 + Destination Address +
2466 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2468 Version 4-bit Internet Protocol version number = 6.
2470 Traffic Class 8-bit traffic class field. See section 7.
2472 Flow Label 20-bit flow label. See section 6.
2474 Payload Length 16-bit unsigned integer. Length of the IPv6
2475 payload, i.e., the rest of the packet following
2476 this IPv6 header, in octets. (Note that any
2477 extension headers [section 4] present are
2478 considered part of the payload, i.e., included
2479 in the length count.)
2484 /* Need at least 8 bytes to make a decision */
2487 tot_length = tvb_get_ntohs(tvb,4);
2488 if((tot_length + 40) != (int)tvb_reported_length(tvb)){
2491 call_dissector(ipv6_handle, tvb, pinfo, tree);
2494 /* version == IPv4 , the minimum value for a correct header is 5 */
2495 if((version != 4)|| (ihl < 5)){
2498 /* Total Length is the length of the datagram, measured in octets,
2499 * including internet header and data.
2501 tot_length = tvb_get_ntohs(tvb,2);
2503 if(tot_length != (int)tvb_reported_length(tvb)){
2507 dissect_ip(tvb, pinfo, tree);
2512 proto_register_ip(void)
2514 #define ARG_TO_STR(ARG) #ARG
2515 #define FLAGS_OFFSET_WIDTH_MSG(WIDTH) \
2516 "Flags (" ARG_TO_STR(WIDTH) " bits)"
2517 #define FRAG_OFFSET_WIDTH_MSG(WIDTH) \
2518 "Fragment offset (" ARG_TO_STR(WIDTH) " bits)"
2520 static hf_register_info hf[] = {
2522 { "Version", "ip.version", FT_UINT8, BASE_DEC,
2523 NULL, 0x0, NULL, HFILL }},
2526 { "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC,
2527 NULL, 0x0, NULL, HFILL }},
2530 { "Differentiated Services Field", "ip.dsfield", FT_UINT8, BASE_DEC,
2531 NULL, 0x0, NULL, HFILL }},
2533 { &hf_ip_dsfield_dscp,
2534 { "Differentiated Services Codepoint", "ip.dsfield.dscp", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
2535 &dscp_vals_ext, IPDSFIELD_DSCP_MASK, NULL, HFILL }},
2537 { &hf_ip_dsfield_ecn,
2538 { "Explicit Congestion Notification", "ip.dsfield.ecn", FT_UINT8, BASE_HEX,
2539 VALS(ecn_vals), IPDSFIELD_ECN_MASK, NULL, HFILL }},
2542 { "Type of Service", "ip.tos", FT_UINT8, BASE_DEC,
2543 NULL, 0x0, NULL, HFILL }},
2545 { &hf_ip_tos_precedence,
2546 { "Precedence", "ip.tos.precedence", FT_UINT8, BASE_DEC,
2547 VALS(precedence_vals), IPTOS_PREC_MASK, NULL, HFILL }},
2550 { "Delay", "ip.tos.delay", FT_BOOLEAN, 8,
2551 TFS(&tos_set_low), IPTOS_LOWDELAY, NULL, HFILL }},
2553 { &hf_ip_tos_throughput,
2554 { "Throughput", "ip.tos.throughput", FT_BOOLEAN, 8,
2555 TFS(&tos_set_high), IPTOS_THROUGHPUT, NULL, HFILL }},
2557 { &hf_ip_tos_reliability,
2558 { "Reliability", "ip.tos.reliability", FT_BOOLEAN, 8,
2559 TFS(&tos_set_high), IPTOS_RELIABILITY, NULL, HFILL }},
2562 { "Cost", "ip.tos.cost", FT_BOOLEAN, 8,
2563 TFS(&tos_set_low), IPTOS_LOWCOST, NULL, HFILL }},
2566 { "Total Length", "ip.len", FT_UINT16, BASE_DEC,
2567 NULL, 0x0, NULL, HFILL }},
2570 { "Identification", "ip.id", FT_UINT16, BASE_HEX_DEC,
2571 NULL, 0x0, NULL, HFILL }},
2574 { "Destination", "ip.dst", FT_IPv4, BASE_NONE,
2575 NULL, 0x0, NULL, HFILL }},
2578 { "Destination Host", "ip.dst_host", FT_STRING, BASE_NONE,
2579 NULL, 0x0, NULL, HFILL }},
2582 { "Source", "ip.src", FT_IPv4, BASE_NONE,
2583 NULL, 0x0, NULL, HFILL }},
2586 { "Source Host", "ip.src_host", FT_STRING, BASE_NONE,
2587 NULL, 0x0, NULL, HFILL }},
2590 { "Source or Destination Address", "ip.addr", FT_IPv4, BASE_NONE,
2591 NULL, 0x0, NULL, HFILL }},
2594 { "Source or Destination Host", "ip.host", FT_STRING, BASE_NONE,
2595 NULL, 0x0, NULL, HFILL }},
2598 { &hf_geoip_country,
2599 { "Source or Destination GeoIP Country", "ip.geoip.country",
2600 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2602 { "Source or Destination GeoIP City", "ip.geoip.city",
2603 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2605 { "Source or Destination GeoIP Organization", "ip.geoip.org",
2606 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2608 { "Source or Destination GeoIP ISP", "ip.geoip.isp",
2609 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2611 { "Source or Destination GeoIP AS Number", "ip.geoip.asnum",
2612 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2614 { "Source or Destination GeoIP Latitude", "ip.geoip.lat",
2615 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2617 { "Source or Destination GeoIP Longitude", "ip.geoip.lon",
2618 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2619 { &hf_geoip_src_country,
2620 { "Source GeoIP Country", "ip.geoip.src_country",
2621 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2622 { &hf_geoip_src_city,
2623 { "Source GeoIP City", "ip.geoip.src_city",
2624 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2625 { &hf_geoip_src_org,
2626 { "Source GeoIP Organization", "ip.geoip.src_org",
2627 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2628 { &hf_geoip_src_isp,
2629 { "Source GeoIP ISP", "ip.geoip.src_isp",
2630 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2631 { &hf_geoip_src_asnum,
2632 { "Source GeoIP AS Number", "ip.geoip.src_asnum",
2633 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2634 { &hf_geoip_src_lat,
2635 { "Source GeoIP Latitude", "ip.geoip.src_lat",
2636 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2637 { &hf_geoip_src_lon,
2638 { "Source GeoIP Longitude", "ip.geoip.src_lon",
2639 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2640 { &hf_geoip_dst_country,
2641 { "Destination GeoIP Country", "ip.geoip.dst_country",
2642 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2643 { &hf_geoip_dst_city,
2644 { "Destination GeoIP City", "ip.geoip.dst_city",
2645 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2646 { &hf_geoip_dst_org,
2647 { "Destination GeoIP Organization", "ip.geoip.dst_org",
2648 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2649 { &hf_geoip_dst_isp,
2650 { "Destination GeoIP ISP", "ip.geoip.dst_isp",
2651 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2652 { &hf_geoip_dst_asnum,
2653 { "Destination GeoIP AS Number", "ip.geoip.dst_asnum",
2654 FT_STRING, STR_UNICODE, NULL, 0x0, NULL, HFILL }},
2655 { &hf_geoip_dst_lat,
2656 { "Destination GeoIP Latitude", "ip.geoip.dst_lat",
2657 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2658 { &hf_geoip_dst_lon,
2659 { "Destination GeoIP Longitude", "ip.geoip.dst_lon",
2660 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2661 #endif /* HAVE_GEOIP */
2664 { "Flags", "ip.flags", FT_UINT8, BASE_HEX,
2665 NULL, 0x0, FLAGS_OFFSET_WIDTH_MSG(IP_FLAGS_WIDTH), HFILL }},
2668 { "Security flag", "ip.flags.sf", FT_BOOLEAN, BASE_NONE,
2669 TFS(&flags_sf_set_evil), 0x0, "Security flag (RFC 3514)", HFILL }},
2672 { "Reserved bit", "ip.flags.rb", FT_BOOLEAN, BASE_NONE,
2673 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2676 { "Don't fragment", "ip.flags.df", FT_BOOLEAN, BASE_NONE,
2677 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2680 { "More fragments", "ip.flags.mf", FT_BOOLEAN, BASE_NONE,
2681 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2683 { &hf_ip_frag_offset,
2684 { "Fragment offset", "ip.frag_offset", FT_UINT16, BASE_DEC,
2685 NULL, 0x0, FRAG_OFFSET_WIDTH_MSG(IP_OFFSET_WIDTH), HFILL }},
2688 { "Time to live", "ip.ttl", FT_UINT8, BASE_DEC,
2689 NULL, 0x0, NULL, HFILL }},
2692 { "Protocol", "ip.proto", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2693 &ipproto_val_ext, 0x0, NULL, HFILL }},
2696 { "Header checksum", "ip.checksum", FT_UINT16, BASE_HEX,
2697 NULL, 0x0, NULL, HFILL }},
2699 { &hf_ip_checksum_good,
2700 { "Good", "ip.checksum_good", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2701 "True: checksum matches packet content; False: doesn't match content or not checked", HFILL }},
2703 { &hf_ip_checksum_bad,
2704 { "Bad", "ip.checksum_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2705 "True: checksum doesn't match packet content; False: matches content or not checked", HFILL }},
2707 /* IP options related fields */
2709 { "Type", "ip.opt.type", FT_UINT8, BASE_DEC,
2710 NULL, 0x0, NULL, HFILL }},
2712 { &hf_ip_opt_type_copy,
2713 { "Copy on fragmentation", "ip.opt.type.copy", FT_BOOLEAN, 8,
2714 TFS(&tfs_yes_no), IPOPT_COPY_MASK, NULL, HFILL }},
2716 { &hf_ip_opt_type_class,
2717 { "Class", "ip.opt.type.class", FT_UINT8, BASE_DEC,
2718 VALS(ipopt_type_class_vals), IPOPT_CLASS_MASK, NULL, HFILL }},
2720 { &hf_ip_opt_type_number,
2721 { "Number", "ip.opt.type.number", FT_UINT8, BASE_DEC,
2722 VALS(ipopt_type_number_vals), IPOPT_NUMBER_MASK, NULL, HFILL }},
2725 { "Length", "ip.opt.len", FT_UINT8, BASE_DEC,
2726 NULL, 0x0, NULL, HFILL }},
2729 { "Pointer", "ip.opt.ptr", FT_UINT8, BASE_DEC,
2730 NULL, 0x0, NULL, HFILL }},
2733 { "Stream Identifier", "ip.opt.sid", FT_UINT16, BASE_DEC,
2734 NULL, 0x0, "SATNET stream identifier", HFILL }},
2737 { "MTU", "ip.opt.mtu", FT_UINT16, BASE_DEC,
2738 NULL, 0x0, NULL, HFILL }},
2740 { &hf_ip_opt_id_number,
2741 { "ID Number", "ip.opt.id_number", FT_UINT16, BASE_DEC,
2742 NULL, 0x0, NULL, HFILL }},
2745 { "Outbound Hop Count", "ip.opt.ohc", FT_UINT16, BASE_DEC,
2746 NULL, 0x0, NULL, HFILL }},
2749 { "Return Hop Count", "ip.opt.rhc", FT_UINT16, BASE_DEC,
2750 NULL, 0x0, NULL, HFILL }},
2752 { &hf_ip_opt_originator,
2753 { "Originator IP Address", "ip.opt.originator", FT_IPv4, BASE_NONE,
2754 NULL, 0x0, NULL, HFILL }},
2757 { "Router Alert", "ip.opt.ra", FT_UINT16, BASE_DEC | BASE_RANGE_STRING,
2758 RVALS(ra_rvals), 0x0, NULL, HFILL }},
2761 { "IP Address", "ip.opt.addr", FT_IPv4, BASE_NONE,
2762 NULL, 0x0, NULL, HFILL }},
2764 { &hf_ip_opt_padding,
2765 { "Padding", "ip.opt.padding", FT_BYTES, BASE_NONE,
2766 NULL, 0x0, NULL, HFILL }},
2768 { &hf_ip_opt_qs_func,
2769 { "Function", "ip.opt.qs_func", FT_UINT8, BASE_DEC,
2770 VALS(qs_func_vals), QS_FUNC_MASK, NULL, HFILL }},
2772 { &hf_ip_opt_qs_rate,
2773 { "Rate", "ip.opt.qs_rate", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2774 &qs_rate_vals_ext, QS_RATE_MASK, NULL, HFILL }},
2776 { &hf_ip_opt_qs_ttl,
2777 { "QS TTL", "ip.opt.qs_ttl", FT_UINT8, BASE_DEC,
2778 NULL, 0x0, NULL, HFILL }},
2780 { &hf_ip_opt_qs_ttl_diff,
2781 { "TTL Diff", "ip.opt.qs_ttl_diff", FT_UINT8, BASE_DEC,
2782 NULL, 0x0, NULL, HFILL }},
2784 { &hf_ip_opt_qs_unused,
2785 { "Not Used", "ip.opt.qs_unused", FT_UINT8, BASE_DEC,
2786 NULL, 0x0, NULL, HFILL }},
2788 { &hf_ip_opt_qs_nonce,
2789 { "QS Nonce", "ip.opt.qs_nonce", FT_UINT32, BASE_HEX,
2790 NULL, 0xFFFFFFFC, NULL, HFILL }},
2792 { &hf_ip_opt_qs_reserved,
2793 { "Reserved", "ip.opt.qs_reserved", FT_UINT32, BASE_HEX,
2794 NULL, 0x00000003, NULL, HFILL }},
2796 { &hf_ip_opt_sec_rfc791_sec,
2797 { "Security", "ip.opt.sec_rfc791_sec", FT_UINT8, BASE_HEX,
2798 VALS(secl_rfc791_vals), 0x0, NULL, HFILL }},
2800 { &hf_ip_opt_sec_rfc791_comp,
2801 { "Compartments", "ip.opt.sec_rfc791_comp", FT_UINT16, BASE_DEC,
2802 NULL, 0x0, NULL, HFILL }},
2804 { &hf_ip_opt_sec_rfc791_hr,
2805 { "Handling Restrictions", "ip.opt.sec_rfc791_hr", FT_STRING, BASE_NONE,
2806 NULL, 0x0, NULL, HFILL }},
2808 { &hf_ip_opt_sec_rfc791_tcc,
2809 { "Transmission Control Code", "ip.opt.sec_rfc791_tcc", FT_STRING, BASE_NONE,
2810 NULL, 0x0, NULL, HFILL }},
2812 { &hf_ip_opt_sec_cl,
2813 { "Classification Level", "ip.opt.sec_cl", FT_UINT8, BASE_HEX,
2814 VALS(sec_cl_vals), 0x0, NULL, HFILL }},
2816 { &hf_ip_opt_sec_prot_auth_flags,
2817 { "Protection Authority Flags", "ip.opt.sec_prot_auth_flags", FT_UINT8, BASE_HEX,
2818 NULL, 0x0, NULL, HFILL }},
2820 { &hf_ip_opt_sec_prot_auth_genser,
2821 { "GENSER", "ip.opt.sec_prot_auth_genser", FT_BOOLEAN, 8,
2822 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x80, NULL, HFILL }},
2824 { &hf_ip_opt_sec_prot_auth_siop_esi,
2825 { "SIOP-ESI", "ip.opt.sec_prot_auth_siop_esi", FT_BOOLEAN, 8,
2826 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x40, NULL, HFILL }},
2828 { &hf_ip_opt_sec_prot_auth_sci,
2829 { "SCI", "ip.opt.sec_prot_auth_sci", FT_BOOLEAN, 8,
2830 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x20, NULL, HFILL }},
2832 { &hf_ip_opt_sec_prot_auth_nsa,
2833 { "NSA", "ip.opt.sec_prot_auth_nsa", FT_BOOLEAN, 8,
2834 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x10, NULL, HFILL }},
2836 { &hf_ip_opt_sec_prot_auth_doe,
2837 { "DOE", "ip.opt.sec_prot_auth_doe", FT_BOOLEAN, 8,
2838 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x08, NULL, HFILL }},
2840 { &hf_ip_opt_sec_prot_auth_unassigned,
2841 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2842 NULL, 0x06, NULL, HFILL }},
2844 { &hf_ip_opt_sec_prot_auth_unassigned2,
2845 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2846 NULL, 0xFE, NULL, HFILL }},
2848 { &hf_ip_opt_sec_prot_auth_fti,
2849 { "Field Termination Indicator", "ip.opt.sec_prot_auth_fti", FT_BOOLEAN, 8,
2850 TFS(&ip_opt_sec_prot_auth_fti_tfs), 0x01, NULL, HFILL }},
2852 { &hf_ip_opt_ext_sec_add_sec_info_format_code,
2853 { "Additional Security Info Format Code", "ip.opt.ext_sec_add_sec_info_format_code", FT_UINT8, BASE_HEX,
2854 NULL, 0x0, NULL, HFILL }},
2856 { &hf_ip_opt_ext_sec_add_sec_info,
2857 { "Additional Security Info", "ip.opt.ext_sec_add_sec_info", FT_BYTES, BASE_NONE,
2858 NULL, 0x0, NULL, HFILL }},
2861 { "Recorded Route", "ip.rec_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2864 { &hf_ip_rec_rt_host,
2865 { "Recorded Route Host", "ip.rec_rt_host", FT_STRING, BASE_NONE,
2866 NULL, 0x0, NULL, HFILL }},
2869 { "Current Route", "ip.cur_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2872 { &hf_ip_cur_rt_host,
2873 { "Current Route Host", "ip.cur_rt_host", FT_STRING, BASE_NONE,
2874 NULL, 0x0, NULL, HFILL }},
2877 { "Source Route", "ip.src_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2880 { &hf_ip_src_rt_host,
2881 { "Source Route Host", "ip.src_rt_host", FT_STRING, BASE_NONE,
2882 NULL, 0x0, NULL, HFILL }},
2885 { "Empty Route", "ip.empty_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2888 { &hf_ip_empty_rt_host,
2889 { "Empty Route Host", "ip.empty_rt_host", FT_STRING, BASE_NONE,
2890 NULL, 0x0, NULL, HFILL }},
2892 { &hf_ip_fragment_overlap,
2893 { "Fragment overlap", "ip.fragment.overlap", FT_BOOLEAN, BASE_NONE,
2894 NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
2896 { &hf_ip_fragment_overlap_conflict,
2897 { "Conflicting data in fragment overlap", "ip.fragment.overlap.conflict",
2898 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2899 "Overlapping fragments contained conflicting data", HFILL }},
2901 { &hf_ip_fragment_multiple_tails,
2902 { "Multiple tail fragments found", "ip.fragment.multipletails",
2903 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2904 "Several tails were found when defragmenting the packet", HFILL }},
2906 { &hf_ip_fragment_too_long_fragment,
2907 { "Fragment too long", "ip.fragment.toolongfragment",
2908 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2909 "Fragment contained data past end of packet", HFILL }},
2911 { &hf_ip_fragment_error,
2912 { "Defragmentation error", "ip.fragment.error", FT_FRAMENUM, BASE_NONE,
2913 NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
2915 { &hf_ip_fragment_count,
2916 { "Fragment count", "ip.fragment.count", FT_UINT32, BASE_DEC,
2917 NULL, 0x0, NULL, HFILL }},
2920 { "IPv4 Fragment", "ip.fragment", FT_FRAMENUM, BASE_NONE,
2921 NULL, 0x0, NULL, HFILL }},
2924 { "IPv4 Fragments", "ip.fragments", FT_BYTES, BASE_NONE,
2925 NULL, 0x0, NULL, HFILL }},
2927 { &hf_ip_reassembled_in,
2928 { "Reassembled IPv4 in frame", "ip.reassembled_in", FT_FRAMENUM, BASE_NONE,
2929 NULL, 0x0, "This IPv4 packet is reassembled in this frame", HFILL }},
2931 { &hf_ip_reassembled_length,
2932 { "Reassembled IPv4 length", "ip.reassembled.length", FT_UINT32, BASE_DEC,
2933 NULL, 0x0, "The total length of the reassembled payload", HFILL }},
2935 { &hf_ip_reassembled_data,
2936 { "Reassembled IPv4 data", "ip.reassembled.data", FT_BYTES, BASE_NONE,
2937 NULL, 0x0, "The reassembled payload", HFILL }}
2940 static gint *ett[] = {
2946 &ett_ip_option_eool,
2949 &ett_ip_option_route,
2950 &ett_ip_option_timestamp,
2951 &ett_ip_option_ext_security,
2952 &ett_ip_option_cipso,
2959 &ett_ip_option_other,
2964 &ett_ip_opt_sec_prot_auth_flags,
2969 static ei_register_info ei[] = {
2970 { &ei_ip_opt_len_invalid, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Invalid length for option", EXPFILL }},
2971 { &ei_ip_opt_sec_prot_auth_fti, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Field Termination Indicator set to 1 for last byte of option", EXPFILL }},
2972 { &ei_ip_extraneous_data, { "ip.opt.len.invalid", PI_PROTOCOL, PI_WARN, "Extraneous data in option", EXPFILL }},
2973 { &ei_ip_opt_ptr_before_address, { "ip.opt.ptr.before_address", PI_PROTOCOL, PI_WARN, "Pointer points before first address", EXPFILL }},
2974 { &ei_ip_opt_ptr_middle_address, { "ip.opt.ptr.middle_address", PI_PROTOCOL, PI_WARN, "Pointer points to middle of address", EXPFILL }},
2975 { &ei_ip_subopt_too_long, { "ip.subopt_too_long", PI_PROTOCOL, PI_WARN, "Suboption would go past end of option", EXPFILL }},
2976 { &ei_ip_nop, { "ip.nop", PI_PROTOCOL, PI_WARN, "4 NOP in a row - a router may have removed some options", EXPFILL }},
2977 { &ei_ip_bogus_ip_length, { "ip.bogus_ip_length", PI_PROTOCOL, PI_ERROR, "Bogus IP length", EXPFILL }},
2978 { &ei_ip_evil_packet, { "ip.evil_packet", PI_PROTOCOL, PI_WARN, "Suboption would go past end of option", EXPFILL }},
2979 { &ei_ip_checksum_bad, { "ip.checksum_bad.expert", PI_CHECKSUM, PI_ERROR, "Bad checksum", EXPFILL }},
2980 { &ei_ip_ttl_lncb, { "ip.ttl.lncb", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
2981 { &ei_ip_ttl_too_small, { "ip.ttl.too_small", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
2984 /* Decode As handling */
2985 static build_valid_func ip_da_build_value[1] = {ip_value};
2986 static decode_as_value_t ip_da_values = {ip_prompt, 1, ip_da_build_value};
2987 static decode_as_t ip_da = {"ip", "Network", "ip.proto", 1, 0, &ip_da_values, NULL, NULL,
2988 decode_as_default_populate_list, decode_as_default_reset, decode_as_default_change, NULL};
2990 module_t *ip_module;
2991 expert_module_t* expert_ip;
2993 proto_ip = proto_register_protocol("Internet Protocol Version 4", "IPv4", "ip");
2994 proto_register_field_array(proto_ip, hf, array_length(hf));
2995 proto_register_subtree_array(ett, array_length(ett));
2996 expert_ip = expert_register_protocol(proto_ip);
2997 expert_register_field_array(expert_ip, ei, array_length(ei));
2999 /* subdissector code */
3000 ip_dissector_table = register_dissector_table("ip.proto", "IP protocol",
3001 FT_UINT8, BASE_DEC);
3002 register_heur_dissector_list("ip", &heur_subdissector_list);
3004 /* Register configuration options */
3005 ip_module = prefs_register_protocol(proto_ip, NULL);
3006 prefs_register_bool_preference(ip_module, "decode_tos_as_diffserv",
3007 "Decode IPv4 TOS field as DiffServ field",
3008 "Whether the IPv4 type-of-service field should be decoded as a "
3009 "Differentiated Services field (see RFC2474/RFC2475)", &g_ip_dscp_actif);
3010 prefs_register_bool_preference(ip_module, "defragment",
3011 "Reassemble fragmented IPv4 datagrams",
3012 "Whether fragmented IPv4 datagrams should be reassembled", &ip_defragment);
3013 prefs_register_bool_preference(ip_module, "summary_in_tree",
3014 "Show IPv4 summary in protocol tree",
3015 "Whether the IPv4 summary line should be shown in the protocol tree",
3016 &ip_summary_in_tree);
3017 prefs_register_bool_preference(ip_module, "check_checksum",
3018 "Validate the IPv4 checksum if possible",
3019 "Whether to validate the IPv4 checksum", &ip_check_checksum);
3020 prefs_register_bool_preference(ip_module, "tso_support",
3021 "Support packet-capture from IP TSO-enabled hardware",
3022 "Whether to correct for TSO-enabled (TCP segmentation offload) hardware "
3023 "captures, such as spoofing the IP packet length", &ip_tso_supported);
3025 prefs_register_bool_preference(ip_module, "use_geoip",
3026 "Enable GeoIP lookups",
3027 "Whether to look up IP addresses in each GeoIP database we have loaded",
3029 #endif /* HAVE_GEOIP */
3030 prefs_register_bool_preference(ip_module, "security_flag" ,
3031 "Interpret Reserved flag as Security flag (RFC 3514)",
3032 "Whether to interpret the originally reserved flag as security flag",
3034 prefs_register_bool_preference(ip_module, "try_heuristic_first",
3035 "Try heuristic sub-dissectors first",
3036 "Try to decode a packet using an heuristic sub-dissector before using a sub-dissector registered to a specific port",
3037 &try_heuristic_first);
3039 register_dissector("ip", dissect_ip, proto_ip);
3040 register_init_routine(ip_defragment_init);
3041 ip_tap = register_tap("ip");
3043 register_decode_as(&ip_da);
3047 proto_reg_handoff_ip(void)
3049 dissector_handle_t ip_handle;
3051 ip_handle = find_dissector("ip");
3052 ipv6_handle = find_dissector("ipv6");
3053 data_handle = find_dissector("data");
3055 dissector_add_uint("ethertype", ETHERTYPE_IP, ip_handle);
3056 dissector_add_uint("ppp.protocol", PPP_IP, ip_handle);
3057 dissector_add_uint("ppp.protocol", ETHERTYPE_IP, ip_handle);
3058 dissector_add_uint("gre.proto", ETHERTYPE_IP, ip_handle);
3059 dissector_add_uint("gre.proto", GRE_WCCP, ip_handle);
3060 dissector_add_uint("llc.dsap", SAP_IP, ip_handle);
3061 dissector_add_uint("ip.proto", IP_PROTO_IPIP, ip_handle);
3062 dissector_add_uint("null.type", BSD_AF_INET, ip_handle);
3063 dissector_add_uint("chdlc.protocol", ETHERTYPE_IP, ip_handle);
3064 dissector_add_uint("osinl.excl", NLPID_IP, ip_handle);
3065 dissector_add_uint("fr.nlpid", NLPID_IP, ip_handle);
3066 dissector_add_uint("x.25.spi", NLPID_IP, ip_handle);
3067 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1051, ip_handle);
3068 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1201, ip_handle);
3069 dissector_add_uint("ax25.pid", AX25_P_IP, ip_handle);
3070 dissector_add_handle("udp.port", ip_handle);
3072 heur_dissector_add("tipc", dissect_ip_heur, proto_ip);
3076 * Editor modelines - http://www.wireshark.org/tools/modelines.html
3081 * indent-tabs-mode: nil
3084 * vi: set shiftwidth=2 tabstop=8 expandtab:
3085 * :indentSize=2:tabSize=8:noTabs=true: