2 * Routines for IP and miscellaneous IP protocol packet disassembly
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * Wednesday, January 17, 2006
11 * Support for the CIPSO IPv4 option
12 * (http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379)
13 * by Paul Moore <paul.moore@hp.com>
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
37 #include <epan/packet.h>
38 #include <epan/addr_resolv.h>
39 #include <epan/ipproto.h>
40 #include <epan/ip_opts.h>
41 #include <epan/prefs.h>
42 #include <epan/reassemble.h>
43 #include <epan/etypes.h>
44 #include <epan/greproto.h>
45 #include <epan/ppptypes.h>
46 #include <epan/llcsaps.h>
47 #include <epan/aftypes.h>
48 #include <epan/arcnet_pids.h>
49 #include <epan/in_cksum.h>
50 #include <epan/nlpid.h>
51 #include <epan/ax25_pids.h>
53 #include <epan/emem.h>
54 #include <epan/expert.h>
56 #include "packet-ip.h"
57 #include "packet-ipsec.h"
61 #include <epan/geoip_db.h>
62 #endif /* HAVE_GEOIP */
65 static int ip_tap = -1;
67 /* Decode the old IPv4 TOS field as the DiffServ DS Field (RFC2474/2475) */
68 static gboolean g_ip_dscp_actif = TRUE;
70 /* Defragment fragmented IP datagrams */
71 static gboolean ip_defragment = TRUE;
73 /* Place IP summary in proto tree */
74 static gboolean ip_summary_in_tree = TRUE;
76 /* Perform IP checksum */
77 static gboolean ip_check_checksum = TRUE;
79 /* Assume TSO and correct zero-length IP packets */
80 static gboolean ip_tso_supported = TRUE;
83 /* Look up addresses in GeoIP */
84 static gboolean ip_use_geoip = TRUE;
85 #endif /* HAVE_GEOIP */
87 /* Interpret the reserved flag as security flag (RFC 3514) */
88 static gboolean ip_security_flag = FALSE;
90 static int proto_ip = -1;
91 static int hf_ip_version = -1;
92 static int hf_ip_hdr_len = -1;
93 static int hf_ip_dsfield = -1;
94 static int hf_ip_dsfield_dscp = -1;
95 static int hf_ip_dsfield_ecn = -1;
96 static int hf_ip_tos = -1;
97 static int hf_ip_tos_precedence = -1;
98 static int hf_ip_tos_delay = -1;
99 static int hf_ip_tos_throughput = -1;
100 static int hf_ip_tos_reliability = -1;
101 static int hf_ip_tos_cost = -1;
102 static int hf_ip_len = -1;
103 static int hf_ip_id = -1;
104 static int hf_ip_dst = -1;
105 static int hf_ip_dst_host = -1;
106 static int hf_ip_src = -1;
107 static int hf_ip_src_host = -1;
108 static int hf_ip_addr = -1;
109 static int hf_ip_host = -1;
110 static int hf_ip_flags = -1;
111 static int hf_ip_flags_sf = -1;
112 static int hf_ip_flags_rf = -1;
113 static int hf_ip_flags_df = -1;
114 static int hf_ip_flags_mf = -1;
115 static int hf_ip_frag_offset = -1;
116 static int hf_ip_ttl = -1;
117 static int hf_ip_proto = -1;
118 static int hf_ip_checksum = -1;
119 static int hf_ip_checksum_good = -1;
120 static int hf_ip_checksum_bad = -1;
122 /* IP option fields */
123 static int hf_ip_opt_type = -1;
124 static int hf_ip_opt_type_copy = -1;
125 static int hf_ip_opt_type_class = -1;
126 static int hf_ip_opt_type_number = -1;
127 static int hf_ip_opt_len = -1;
128 static int hf_ip_opt_ptr = -1;
129 static int hf_ip_opt_sid = -1;
130 static int hf_ip_opt_mtu = -1;
131 static int hf_ip_opt_id_number = -1;
132 static int hf_ip_opt_ohc = -1;
133 static int hf_ip_opt_rhc = -1;
134 static int hf_ip_opt_originator = -1;
135 static int hf_ip_opt_ra = -1;
136 static int hf_ip_opt_addr = -1;
137 static int hf_ip_opt_padding = -1;
138 static int hf_ip_opt_qs_func = -1;
139 static int hf_ip_opt_qs_rate = -1;
140 static int hf_ip_opt_qs_ttl = -1;
141 static int hf_ip_opt_qs_ttl_diff = -1;
142 static int hf_ip_opt_qs_unused = -1;
143 static int hf_ip_opt_qs_nonce = -1;
144 static int hf_ip_opt_qs_reserved = -1;
145 static int hf_ip_opt_sec_rfc791_sec = -1;
146 static int hf_ip_opt_sec_rfc791_comp = -1;
147 static int hf_ip_opt_sec_rfc791_hr = -1;
148 static int hf_ip_opt_sec_rfc791_tcc = -1;
149 static int hf_ip_opt_sec_cl = -1;
150 static int hf_ip_opt_sec_prot_auth_flags = -1;
151 static int hf_ip_opt_sec_prot_auth_genser = -1;
152 static int hf_ip_opt_sec_prot_auth_siop_esi = -1;
153 static int hf_ip_opt_sec_prot_auth_sci = -1;
154 static int hf_ip_opt_sec_prot_auth_nsa = -1;
155 static int hf_ip_opt_sec_prot_auth_doe = -1;
156 static int hf_ip_opt_sec_prot_auth_unassigned = -1;
157 static int hf_ip_opt_sec_prot_auth_unassigned2 = -1;
158 static int hf_ip_opt_sec_prot_auth_fti = -1;
159 static int hf_ip_opt_ext_sec_add_sec_info_format_code = -1;
160 static int hf_ip_opt_ext_sec_add_sec_info = -1;
161 static int hf_ip_rec_rt = -1;
162 static int hf_ip_rec_rt_host = -1;
163 static int hf_ip_cur_rt = -1;
164 static int hf_ip_cur_rt_host = -1;
165 static int hf_ip_src_rt = -1;
166 static int hf_ip_src_rt_host = -1;
167 static int hf_ip_empty_rt = -1;
168 static int hf_ip_empty_rt_host = -1;
170 static int hf_ip_fragments = -1;
171 static int hf_ip_fragment = -1;
172 static int hf_ip_fragment_overlap = -1;
173 static int hf_ip_fragment_overlap_conflict = -1;
174 static int hf_ip_fragment_multiple_tails = -1;
175 static int hf_ip_fragment_too_long_fragment = -1;
176 static int hf_ip_fragment_error = -1;
177 static int hf_ip_fragment_count = -1;
178 static int hf_ip_reassembled_in = -1;
179 static int hf_ip_reassembled_length = -1;
180 static int hf_ip_reassembled_data = -1;
183 static int hf_geoip_country = -1;
184 static int hf_geoip_city = -1;
185 static int hf_geoip_org = -1;
186 static int hf_geoip_isp = -1;
187 static int hf_geoip_asnum = -1;
188 static int hf_geoip_lat = -1;
189 static int hf_geoip_lon = -1;
190 static int hf_geoip_src_country = -1;
191 static int hf_geoip_src_city = -1;
192 static int hf_geoip_src_org = -1;
193 static int hf_geoip_src_isp = -1;
194 static int hf_geoip_src_asnum = -1;
195 static int hf_geoip_src_lat = -1;
196 static int hf_geoip_src_lon = -1;
197 static int hf_geoip_dst_country = -1;
198 static int hf_geoip_dst_city = -1;
199 static int hf_geoip_dst_org = -1;
200 static int hf_geoip_dst_isp = -1;
201 static int hf_geoip_dst_asnum = -1;
202 static int hf_geoip_dst_lat = -1;
203 static int hf_geoip_dst_lon = -1;
204 #endif /* HAVE_GEOIP */
206 static gint ett_ip = -1;
207 static gint ett_ip_dsfield = -1;
208 static gint ett_ip_tos = -1;
209 static gint ett_ip_off = -1;
210 static gint ett_ip_options = -1;
211 static gint ett_ip_option_eool = -1;
212 static gint ett_ip_option_nop = -1;
213 static gint ett_ip_option_sec = -1;
214 static gint ett_ip_option_route = -1;
215 static gint ett_ip_option_timestamp = -1;
216 static gint ett_ip_option_ext_security = -1;
217 static gint ett_ip_option_cipso = -1;
218 static gint ett_ip_option_sid = -1;
219 static gint ett_ip_option_mtu = -1;
220 static gint ett_ip_option_tr = -1;
221 static gint ett_ip_option_ra = -1;
222 static gint ett_ip_option_sdb = -1;
223 static gint ett_ip_option_qs = -1;
224 static gint ett_ip_option_other = -1;
225 static gint ett_ip_fragments = -1;
226 static gint ett_ip_fragment = -1;
227 static gint ett_ip_checksum = -1;
228 static gint ett_ip_opt_type = -1;
229 static gint ett_ip_opt_sec_prot_auth_flags = -1;
232 static gint ett_geoip_info = -1;
233 #endif /* HAVE_GEOIP */
235 static const fragment_items ip_frag_items = {
240 &hf_ip_fragment_overlap,
241 &hf_ip_fragment_overlap_conflict,
242 &hf_ip_fragment_multiple_tails,
243 &hf_ip_fragment_too_long_fragment,
244 &hf_ip_fragment_error,
245 &hf_ip_fragment_count,
246 &hf_ip_reassembled_in,
247 &hf_ip_reassembled_length,
248 &hf_ip_reassembled_data,
252 static dissector_table_t ip_dissector_table;
254 static dissector_handle_t ipv6_handle;
255 static dissector_handle_t data_handle;
256 static dissector_handle_t tapa_handle;
259 /* IP structs and definitions */
261 /* Offsets of fields within an IP header. */
273 /* Minimum IP header length. */
274 #define IPH_MIN_LEN 20
276 /* Width (in bits) of the fragment offset IP header field */
277 #define IP_OFFSET_WIDTH 13
279 /* Width (in bits) of the flags IP header field */
280 #define IP_FLAGS_WIDTH 3
283 #define IP_RF 0x8000 /* Flag: "Reserved bit" */
284 #define IP_DF 0x4000 /* Flag: "Don't Fragment" */
285 #define IP_MF 0x2000 /* Flag: "More Fragments" */
286 #define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
288 /* Differentiated Services Field. See RFCs 2474, 2597 and 2598. */
289 #define IPDSFIELD_DSCP_MASK 0xFC
290 #define IPDSFIELD_ECN_MASK 0x03
291 #define IPDSFIELD_DSCP_SHIFT 2
293 #define IPDSFIELD_DSCP(dsfield) (((dsfield)&IPDSFIELD_DSCP_MASK)>>IPDSFIELD_DSCP_SHIFT)
294 #define IPDSFIELD_ECN(dsfield) ((dsfield)&IPDSFIELD_ECN_MASK)
296 #define IPDSFIELD_DSCP_DEFAULT 0x00
297 #define IPDSFIELD_DSCP_CS1 0x08
298 #define IPDSFIELD_DSCP_AF11 0x0A
299 #define IPDSFIELD_DSCP_AF12 0x0C
300 #define IPDSFIELD_DSCP_AF13 0x0E
301 #define IPDSFIELD_DSCP_CS2 0x10
302 #define IPDSFIELD_DSCP_AF21 0x12
303 #define IPDSFIELD_DSCP_AF22 0x14
304 #define IPDSFIELD_DSCP_AF23 0x16
305 #define IPDSFIELD_DSCP_CS3 0x18
306 #define IPDSFIELD_DSCP_AF31 0x1A
307 #define IPDSFIELD_DSCP_AF32 0x1C
308 #define IPDSFIELD_DSCP_AF33 0x1E
309 #define IPDSFIELD_DSCP_CS4 0x20
310 #define IPDSFIELD_DSCP_AF41 0x22
311 #define IPDSFIELD_DSCP_AF42 0x24
312 #define IPDSFIELD_DSCP_AF43 0x26
313 #define IPDSFIELD_DSCP_CS5 0x28
314 #define IPDSFIELD_DSCP_EF 0x2E
315 #define IPDSFIELD_DSCP_CS6 0x30
316 #define IPDSFIELD_DSCP_CS7 0x38
318 #define IPDSFIELD_ECT_NOT 0x00
319 #define IPDSFIELD_ECT_1 0x01
320 #define IPDSFIELD_ECT_0 0x02
321 #define IPDSFIELD_CE 0x03
323 /* IP TOS, superseded by the DS Field, RFC 2474. */
324 #define IPTOS_TOS_MASK 0x1E
325 #define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
326 #define IPTOS_NONE 0x00
327 #define IPTOS_LOWCOST 0x02
328 #define IPTOS_RELIABILITY 0x04
329 #define IPTOS_THROUGHPUT 0x08
330 #define IPTOS_LOWDELAY 0x10
331 #define IPTOS_SECURITY 0x1E
333 #define IPTOS_PREC_MASK 0xE0
334 #define IPTOS_PREC_SHIFT 5
335 #define IPTOS_PREC(tos) (((tos)&IPTOS_PREC_MASK)>>IPTOS_PREC_SHIFT)
336 #define IPTOS_PREC_NETCONTROL 7
337 #define IPTOS_PREC_INTERNETCONTROL 6
338 #define IPTOS_PREC_CRITIC_ECP 5
339 #define IPTOS_PREC_FLASHOVERRIDE 4
340 #define IPTOS_PREC_FLASH 3
341 #define IPTOS_PREC_IMMEDIATE 2
342 #define IPTOS_PREC_PRIORITY 1
343 #define IPTOS_PREC_ROUTINE 0
346 #define IPOPT_COPY_MASK 0x80
347 #define IPOPT_COPY 0x80
349 #define IPOPT_CLASS_MASK 0x60
350 #define IPOPT_CONTROL 0x00
351 #define IPOPT_RESERVED1 0x20
352 #define IPOPT_MEASUREMENT 0x40
353 #define IPOPT_RESERVED2 0x60
355 #define IPOPT_NUMBER_MASK 0x1F
357 /* REF: http://www.iana.org/assignments/ip-parameters */
358 /* TODO: Not all of these are implemented. */
359 #define IPOPT_EOOL (0 |IPOPT_CONTROL)
360 #define IPOPT_NOP (1 |IPOPT_CONTROL)
361 #define IPOPT_SEC (2 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 791/1108 */
362 #define IPOPT_LSR (3 |IPOPT_COPY|IPOPT_CONTROL)
363 #define IPOPT_TS (4 |IPOPT_MEASUREMENT)
364 #define IPOPT_ESEC (5 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 1108 */
365 #define IPOPT_CIPSO (6 |IPOPT_COPY|IPOPT_CONTROL) /* draft-ietf-cipso-ipsecurity-01 */
366 #define IPOPT_RR (7 |IPOPT_CONTROL)
367 #define IPOPT_SID (8 |IPOPT_COPY|IPOPT_CONTROL)
368 #define IPOPT_SSR (9 |IPOPT_COPY|IPOPT_CONTROL)
369 #define IPOPT_ZSU (10|IPOPT_CONTROL) /* Zsu */
370 #define IPOPT_MTUP (11|IPOPT_CONTROL) /* RFC 1063 */
371 #define IPOPT_MTUR (12|IPOPT_CONTROL) /* RFC 1063 */
372 #define IPOPT_FINN (13|IPOPT_COPY|IPOPT_MEASUREMENT) /* Finn */
373 #define IPOPT_VISA (14|IPOPT_COPY|IPOPT_CONTROL) /* Estrin */
374 #define IPOPT_ENCODE (15|IPOPT_CONTROL) /* VerSteeg */
375 #define IPOPT_IMITD (16|IPOPT_COPY|IPOPT_CONTROL) /* Lee */
376 #define IPOPT_EIP (17|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1385 */
377 #define IPOPT_TR (18|IPOPT_MEASUREMENT) /* RFC 1393 */
378 #define IPOPT_ADDEXT (19|IPOPT_COPY|IPOPT_CONTROL) /* Ullmann IPv7 */
379 #define IPOPT_RTRALT (20|IPOPT_COPY|IPOPT_CONTROL) /* RFC 2113 */
380 #define IPOPT_SDB (21|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1770 Graff */
381 #define IPOPT_UN (22|IPOPT_COPY|IPOPT_CONTROL) /* Released 18-Oct-2005 */
382 #define IPOPT_DPS (23|IPOPT_COPY|IPOPT_CONTROL) /* Malis */
383 #define IPOPT_UMP (24|IPOPT_COPY|IPOPT_CONTROL) /* Farinacci */
384 #define IPOPT_QS (25|IPOPT_CONTROL) /* RFC 4782 */
385 #define IPOPT_EXP (30|IPOPT_CONTROL) /* RFC 4727 */
388 /* IP option lengths */
389 #define IPOLEN_SEC_MIN 3
390 #define IPOLEN_LSR_MIN 3
391 #define IPOLEN_TS_MIN 4
392 #define IPOLEN_ESEC_MIN 3
393 #define IPOLEN_CIPSO_MIN 10
394 #define IPOLEN_RR_MIN 3
396 #define IPOLEN_SSR_MIN 3
400 #define IPOLEN_SDB_MIN 6
402 #define IPOLEN_MAX 40
404 #define IPSEC_RFC791_UNCLASSIFIED 0x0000
405 #define IPSEC_RFC791_CONFIDENTIAL 0xF135
406 #define IPSEC_RFC791_EFTO 0x789A
407 #define IPSEC_RFC791_MMMM 0xBC4D
408 #define IPSEC_RFC791_PROG 0x5E26
409 #define IPSEC_RFC791_RESTRICTED 0xAF13
410 #define IPSEC_RFC791_SECRET 0xD788
411 #define IPSEC_RFC791_TOPSECRET 0x6BC5
412 #define IPSEC_RFC791_RESERVED1 0x35E2
413 #define IPSEC_RFC791_RESERVED2 0x9AF1
414 #define IPSEC_RFC791_RESERVED3 0x4D78
415 #define IPSEC_RFC791_RESERVED4 0x24BD
416 #define IPSEC_RFC791_RESERVED5 0x135E
417 #define IPSEC_RFC791_RESERVED6 0x89AF
418 #define IPSEC_RFC791_RESERVED7 0xC4D6
419 #define IPSEC_RFC791_RESERVED8 0xE26B
421 #define IPSEC_RESERVED4 0x01
422 #define IPSEC_TOPSECRET 0x3D
423 #define IPSEC_SECRET 0x5A
424 #define IPSEC_CONFIDENTIAL 0x96
425 #define IPSEC_RESERVED3 0x66
426 #define IPSEC_RESERVED2 0xCC
427 #define IPSEC_UNCLASSIFIED 0xAB
428 #define IPSEC_RESERVED1 0xF1
430 #define IPOPT_TS_TSONLY 0 /* timestamps only */
431 #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
432 #define IPOPT_TS_PRESPEC 3 /* specified modules only */
434 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR 0xE0000012
435 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL 0xFF
436 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR 0xE0000066
437 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL 0XFF
438 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR 0xE00000FB
439 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL 0XFF
440 #define IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR 0xE00000FC
442 #define IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL 0x1000 /* larger than max ttl */
443 #define IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL 0X01
445 /* Return true if the address is in the 224.0.0.0/24 network block */
446 #define is_a_local_network_control_block_addr(addr) \
447 ((addr & 0xffffff00) == 0xe0000000)
449 /* Return true if the address is in the 224.0.0.0/4 network block */
450 #define is_a_multicast_addr(addr) \
451 ((addr & 0xf0000000) == 0xe0000000)
454 * defragmentation of IPv4
456 static GHashTable *ip_fragment_table = NULL;
457 static GHashTable *ip_reassembled_table = NULL;
460 ip_defragment_init(void)
462 fragment_table_init(&ip_fragment_table);
463 reassembled_table_init(&ip_reassembled_table);
467 capture_ip(const guchar *pd, int offset, int len, packet_counts *ld) {
468 if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN)) {
472 switch (pd[offset + 9]) {
477 case IP_PROTO_UDPLITE:
481 case IP_PROTO_ICMPV6: /* XXX - separate counters? */
503 add_geoip_info_entry(proto_item *geoip_info_item, tvbuff_t *tvb, gint offset, guint32 ip, int isdst)
505 proto_tree *geoip_info_tree;
507 guint num_dbs = geoip_db_num_dbs();
511 geoip_info_tree = proto_item_add_subtree(geoip_info_item, ett_geoip_info);
513 for (dbnum = 0; dbnum < num_dbs; dbnum++) {
514 const char *geoip_str = geoip_db_lookup_ipv4(dbnum, ip, NULL);
515 int db_type = geoip_db_type(dbnum);
517 int geoip_hf, geoip_local_hf;
520 case GEOIP_COUNTRY_EDITION:
521 geoip_hf = hf_geoip_country;
522 geoip_local_hf = (isdst) ? hf_geoip_dst_country : hf_geoip_src_country;
524 case GEOIP_CITY_EDITION_REV0:
525 geoip_hf = hf_geoip_city;
526 geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
528 case GEOIP_CITY_EDITION_REV1:
529 geoip_hf = hf_geoip_city;
530 geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
532 case GEOIP_ORG_EDITION:
533 geoip_hf = hf_geoip_org;
534 geoip_local_hf = (isdst) ? hf_geoip_dst_org : hf_geoip_src_org;
536 case GEOIP_ISP_EDITION:
537 geoip_hf = hf_geoip_isp;
538 geoip_local_hf = (isdst) ? hf_geoip_dst_isp : hf_geoip_src_isp;
540 case GEOIP_ASNUM_EDITION:
541 geoip_hf = hf_geoip_asnum;
542 geoip_local_hf = (isdst) ? hf_geoip_dst_asnum : hf_geoip_src_asnum;
544 case WS_LAT_FAKE_EDITION:
545 geoip_hf = hf_geoip_lat;
546 geoip_local_hf = (isdst) ? hf_geoip_dst_lat : hf_geoip_src_lat;
548 case WS_LON_FAKE_EDITION:
549 geoip_hf = hf_geoip_lon;
550 geoip_local_hf = (isdst) ? hf_geoip_dst_lon : hf_geoip_src_lon;
559 if (db_type == WS_LAT_FAKE_EDITION || db_type == WS_LON_FAKE_EDITION) {
560 /* Convert latitude, longitude to double. Fix bug #5077 */
561 item = proto_tree_add_double_format_value(geoip_info_tree, geoip_local_hf,
562 tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
563 PROTO_ITEM_SET_GENERATED(item);
564 item = proto_tree_add_double_format_value(geoip_info_tree, geoip_hf,
565 tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
566 PROTO_ITEM_SET_GENERATED(item);
567 PROTO_ITEM_SET_HIDDEN(item);
569 item = proto_tree_add_unicode_string(geoip_info_tree, geoip_local_hf,
570 tvb, offset, 4, geoip_str);
571 PROTO_ITEM_SET_GENERATED(item);
572 item = proto_tree_add_unicode_string(geoip_info_tree, geoip_hf,
573 tvb, offset, 4, geoip_str);
574 PROTO_ITEM_SET_GENERATED(item);
575 PROTO_ITEM_SET_HIDDEN(item);
579 proto_item_append_text(geoip_info_item, "%s%s",
580 plurality(item_cnt, "", ", "), geoip_str);
585 proto_item_append_text(geoip_info_item, "Unknown");
589 add_geoip_info(proto_tree *tree, tvbuff_t *tvb, gint offset, guint32 src32,
593 proto_item *geoip_info_item;
595 num_dbs = geoip_db_num_dbs();
599 geoip_info_item = proto_tree_add_text(tree, tvb, offset + IPH_SRC, 4, "Source GeoIP: ");
600 PROTO_ITEM_SET_GENERATED(geoip_info_item);
601 add_geoip_info_entry(geoip_info_item, tvb, offset + IPH_SRC, src32, 0);
603 geoip_info_item = proto_tree_add_text(tree, tvb, offset + IPH_DST, 4,
604 "Destination GeoIP: ");
605 PROTO_ITEM_SET_GENERATED(geoip_info_item);
606 add_geoip_info_entry(geoip_info_item, tvb, offset + IPH_DST, dst32, 1);
608 #endif /* HAVE_GEOIP */
610 static const value_string ipopt_type_class_vals[] = {
611 {(IPOPT_CONTROL & IPOPT_CLASS_MASK) >> 5, "Control"},
612 {(IPOPT_RESERVED1 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
613 {(IPOPT_MEASUREMENT & IPOPT_CLASS_MASK) >> 5, "Debugging and measurement"},
614 {(IPOPT_RESERVED2 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
618 static const value_string ipopt_type_number_vals[] = {
619 {IPOPT_EOOL & IPOPT_NUMBER_MASK, "End of Option List (EOL)"},
620 {IPOPT_NOP & IPOPT_NUMBER_MASK, "No-Operation (NOP)"},
621 {IPOPT_SEC & IPOPT_NUMBER_MASK, "Security"},
622 {IPOPT_LSR & IPOPT_NUMBER_MASK, "Loose source route"},
623 {IPOPT_TS & IPOPT_NUMBER_MASK, "Time stamp"},
624 {IPOPT_ESEC & IPOPT_NUMBER_MASK, "Extended security"},
625 {IPOPT_CIPSO & IPOPT_NUMBER_MASK, "Commercial IP security option"},
626 {IPOPT_RR & IPOPT_NUMBER_MASK, "Record route"},
627 {IPOPT_SID & IPOPT_NUMBER_MASK, "Stream identifier"},
628 {IPOPT_SSR & IPOPT_NUMBER_MASK, "Strict source route"},
629 {IPOPT_ZSU & IPOPT_NUMBER_MASK, "Experimental Measurement"},
630 {IPOPT_MTUP & IPOPT_NUMBER_MASK, "MTU probe"},
631 {IPOPT_MTUR & IPOPT_NUMBER_MASK, "MTU Reply"},
632 {IPOPT_FINN & IPOPT_NUMBER_MASK, "Experimental Flow Control"},
633 {IPOPT_VISA & IPOPT_NUMBER_MASK, "Experimental Access Control"},
634 {IPOPT_ENCODE & IPOPT_NUMBER_MASK, "Ask Estrin"},
635 {IPOPT_IMITD & IPOPT_NUMBER_MASK, "IMI Traffic Descriptor"},
636 {IPOPT_EIP & IPOPT_NUMBER_MASK, "Extended Internet Protocol"},
637 {IPOPT_TR & IPOPT_NUMBER_MASK, "Traceroute"},
638 {IPOPT_ADDEXT & IPOPT_NUMBER_MASK, "Address Extension"},
639 {IPOPT_RTRALT & IPOPT_NUMBER_MASK, "Router Alert"},
640 {IPOPT_SDB & IPOPT_NUMBER_MASK, "Selective Directed Broadcast"},
641 {IPOPT_UN & IPOPT_NUMBER_MASK, "Unassigned"},
642 {IPOPT_DPS & IPOPT_NUMBER_MASK, "Dynamic Packet State"},
643 {IPOPT_UMP & IPOPT_NUMBER_MASK, "Upstream Multicast Packet"},
644 {IPOPT_QS & IPOPT_NUMBER_MASK, "Quick-Start"},
645 {IPOPT_EXP & IPOPT_NUMBER_MASK, "RFC 3692-style experiment"},
650 dissect_ipopt_type(tvbuff_t *tvb, int offset, proto_tree *tree)
652 proto_tree *type_tree;
655 ti = proto_tree_add_item(tree, hf_ip_opt_type, tvb, offset, 1, ENC_NA);
656 type_tree = proto_item_add_subtree(ti, ett_ip_opt_type);
657 proto_tree_add_item(type_tree, hf_ip_opt_type_copy, tvb, offset, 1, ENC_NA);
658 proto_tree_add_item(type_tree, hf_ip_opt_type_class, tvb, offset, 1, ENC_NA);
659 proto_tree_add_item(type_tree, hf_ip_opt_type_number, tvb, offset, 1, ENC_NA);
663 dissect_ipopt_eool(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
664 guint optlen _U_, packet_info *pinfo _U_,
665 proto_tree *opt_tree)
667 proto_tree *field_tree;
670 tf = proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", optp->name);
671 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
672 dissect_ipopt_type(tvb, offset, field_tree);
675 #define dissect_ipopt_nop dissect_ipopt_eool
677 static const value_string secl_rfc791_vals[] = {
678 {IPSEC_RFC791_UNCLASSIFIED, "Unclassified"},
679 {IPSEC_RFC791_CONFIDENTIAL, "Confidential"},
680 {IPSEC_RFC791_EFTO, "EFTO" },
681 {IPSEC_RFC791_MMMM, "MMMM" },
682 {IPSEC_RFC791_PROG, "PROG" },
683 {IPSEC_RFC791_RESTRICTED, "Restricted" },
684 {IPSEC_RFC791_SECRET, "Secret" },
685 {IPSEC_RFC791_TOPSECRET, "Top secret" },
686 {IPSEC_RFC791_RESERVED1, "Reserved" },
687 {IPSEC_RFC791_RESERVED2, "Reserved" },
688 {IPSEC_RFC791_RESERVED3, "Reserved" },
689 {IPSEC_RFC791_RESERVED4, "Reserved" },
690 {IPSEC_RFC791_RESERVED5, "Reserved" },
691 {IPSEC_RFC791_RESERVED6, "Reserved" },
692 {IPSEC_RFC791_RESERVED7, "Reserved" },
693 {IPSEC_RFC791_RESERVED8, "Reserved" },
697 static const value_string sec_cl_vals[] = {
698 {IPSEC_RESERVED4, "Reserved 4" },
699 {IPSEC_TOPSECRET, "Top secret" },
700 {IPSEC_SECRET, "Secret" },
701 {IPSEC_CONFIDENTIAL, "Confidential"},
702 {IPSEC_RESERVED3, "Reserved 3" },
703 {IPSEC_RESERVED2, "Reserved 2" },
704 {IPSEC_UNCLASSIFIED, "Unclassified"},
705 {IPSEC_RESERVED1, "Reserved 1" },
709 static const true_false_string ip_opt_sec_prot_auth_flag_tfs = {
710 "Datagram protected in accordance with its rules",
711 "Datagram not protected in accordance with its rules"
714 static const true_false_string ip_opt_sec_prot_auth_fti_tfs = {
715 "Additional octet present",
719 static const int *ip_opt_sec_prot_auth_fields_byte_1[] = {
720 &hf_ip_opt_sec_prot_auth_genser,
721 &hf_ip_opt_sec_prot_auth_siop_esi,
722 &hf_ip_opt_sec_prot_auth_sci,
723 &hf_ip_opt_sec_prot_auth_nsa,
724 &hf_ip_opt_sec_prot_auth_doe,
725 &hf_ip_opt_sec_prot_auth_unassigned,
726 &hf_ip_opt_sec_prot_auth_fti,
730 static const int *ip_opt_sec_prot_auth_fields_byte_n[] = {
731 &hf_ip_opt_sec_prot_auth_unassigned2,
732 &hf_ip_opt_sec_prot_auth_fti,
736 dissect_ipopt_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
737 guint optlen, packet_info *pinfo, proto_tree *opt_tree)
739 proto_tree *field_tree;
743 guint curr_offset = offset;
745 tf = proto_tree_add_text(opt_tree, tvb, curr_offset, optlen, "%s (%u bytes)",
747 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
748 dissect_ipopt_type(tvb, curr_offset, field_tree);
750 tf_sub = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, curr_offset, 1, ENC_NA);
751 if (optlen > IPOLEN_MAX)
752 expert_add_info_format(pinfo, tf_sub, PI_PROTOCOL, PI_WARN,
753 "Invalid length for option");
757 /* Analyze payload start to decide whether it should be dissected
758 according to RFC 791 or RFC 1108 */
759 val = tvb_get_ntohs(tvb, curr_offset);
760 if (match_strval(val, secl_rfc791_vals)) {
761 /* Dissect as RFC 791 */
762 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_sec,
763 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
765 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_comp,
766 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
768 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_hr,
769 tvb, curr_offset, 2, ENC_ASCII|ENC_NA);
771 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_tcc,
772 tvb, curr_offset, 3, ENC_ASCII|ENC_NA);
777 /* Dissect as RFC 108 */
778 proto_tree_add_item(field_tree, hf_ip_opt_sec_cl, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
780 if ((curr_offset - offset) >= optlen) {
783 val = tvb_get_guint8(tvb, curr_offset);
784 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
785 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_1,
789 if ((val & 0x01) && ((curr_offset - offset) == optlen)) {
790 expert_add_info_format(pinfo, tf_sub, PI_PROTOCOL, PI_WARN,
791 "Field Termination Indicator set to 1 for last byte of option");
794 val = tvb_get_guint8(tvb, curr_offset);
795 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
796 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_n,
800 if ((curr_offset - offset) < optlen) {
801 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
802 "Extraneous data in option");
807 dissect_ipopt_ext_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
808 guint optlen, packet_info *pinfo, proto_tree *opt_tree)
810 proto_tree *field_tree;
813 guint curr_offset = offset;
816 tf = proto_tree_add_text(opt_tree, tvb, curr_offset, optlen, "%s (%u bytes)",
818 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
819 dissect_ipopt_type(tvb, curr_offset, field_tree);
821 tf_sub = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, curr_offset, 1, ENC_NA);
822 if (optlen > IPOLEN_MAX)
823 expert_add_info_format(pinfo, tf_sub, PI_PROTOCOL, PI_WARN,
824 "Invalid length for option");
826 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info_format_code, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
828 remaining = optlen - (curr_offset - offset);
830 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info, tvb, curr_offset, remaining, ENC_NA);
834 /* USHRT_MAX can hold at most 5 (base 10) digits (6 for the NULL byte) */
835 #define USHRT_MAX_STRLEN 6
837 /* Maximum CIPSO tag length:
838 * (IP hdr max)60 - (IPv4 hdr std)20 - (CIPSO base)6 = 34 */
839 #define CIPSO_TAG_LEN_MAX 34
841 /* The Commercial IP Security Option (CIPSO) is defined in IETF draft
842 * draft-ietf-cipso-ipsecurity-01.txt and FIPS 188, a copy of both documents
843 * can be found at the NetLabel project page, http://netlabel.sf.net or at
844 * http://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01 */
846 dissect_ipopt_cipso(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
847 guint optlen, packet_info *pinfo, proto_tree *opt_tree)
849 proto_tree *field_tree;
851 guint tagtype, taglen;
852 int offset_max = offset + optlen;
854 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
856 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
857 dissect_ipopt_type(tvb, offset, field_tree);
858 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
859 if (optlen > IPOLEN_MAX)
860 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
861 "Invalid length for option");
865 proto_tree_add_text(field_tree, tvb, offset, 4, "DOI: %u",
866 tvb_get_ntohl(tvb, offset));
869 /* loop through all of the tags in the CIPSO option */
870 while (offset < offset_max) {
871 tagtype = tvb_get_guint8(tvb, offset);
873 if ((offset + 1) < offset_max)
874 taglen = tvb_get_guint8(tvb, offset + 1);
880 /* padding - skip this tag */
884 /* restrictive bitmap, see CIPSO draft section 3.4.2 for tag format */
885 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
886 ((offset + (int)taglen - 1) > offset_max)) {
887 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
888 "Malformed CIPSO tag");
892 proto_tree_add_text(field_tree, tvb, offset, 1,
893 "Tag Type: Restrictive Category Bitmap (%u)",
896 /* skip past alignment octet */
899 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
900 tvb_get_guint8(tvb, offset));
906 unsigned char bitmask;
908 char *cat_str_tmp = ep_alloc(USHRT_MAX_STRLEN);
910 const guint8 *val_ptr = tvb_get_ptr(tvb, offset, taglen - 4);
912 /* this is just a guess regarding string size, but we grow it below
915 cat_str = ep_alloc0(cat_str_len);
917 /* we checked the length above so the highest category value
918 * possible here is 240 */
919 while (byte_spot < (taglen - 4)) {
922 while (bit_spot < 8) {
923 if (val_ptr[byte_spot] & bitmask) {
924 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
925 byte_spot * 8 + bit_spot);
926 if (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN)) {
929 while (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN))
930 cat_str_len += cat_str_len;
931 cat_str_new = ep_alloc(cat_str_len);
932 g_strlcpy(cat_str_new, cat_str, cat_str_len);
933 cat_str_new[cat_str_len - 1] = '\0';
934 cat_str = cat_str_new;
936 if (cat_str[0] != '\0')
937 g_strlcat(cat_str, ",", cat_str_len);
938 g_strlcat(cat_str, cat_str_tmp, cat_str_len);
947 proto_tree_add_text(field_tree, tvb, offset, taglen - 4,
948 "Categories: %s", cat_str);
950 proto_tree_add_text(field_tree, tvb, offset, taglen - 4,
951 "Categories: ERROR PARSING CATEGORIES");
952 offset += taglen - 4;
956 /* enumerated categories, see CIPSO draft section 3.4.3 for tag format */
957 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
958 ((offset + (int)taglen - 1) > offset_max)) {
959 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
960 "Malformed CIPSO tag");
964 proto_tree_add_text(field_tree, tvb, offset, 1,
965 "Tag Type: Enumerated Categories (%u)", tagtype);
967 /* skip past alignment octet */
970 /* sensitivity level */
971 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
972 tvb_get_guint8(tvb, offset));
976 int offset_max_cat = offset + taglen - 4;
977 char *cat_str = ep_alloc0(USHRT_MAX_STRLEN * 15);
978 char *cat_str_tmp = ep_alloc(USHRT_MAX_STRLEN);
980 while ((offset + 2) <= offset_max_cat) {
981 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
982 tvb_get_ntohs(tvb, offset));
984 if (cat_str[0] != '\0')
985 g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 15);
986 g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 15);
989 proto_tree_add_text(field_tree, tvb, offset - taglen + 4, taglen - 4,
990 "Categories: %s", cat_str);
994 /* ranged categories, see CIPSO draft section 3.4.4 for tag format */
995 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
996 ((offset + (int)taglen - 1) > offset_max)) {
997 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
998 "Malformed CIPSO tag");
1002 proto_tree_add_text(field_tree, tvb, offset, 1,
1003 "Tag Type: Ranged Categories (%u)", tagtype);
1005 /* skip past alignment octet */
1008 /* sensitivity level */
1009 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
1010 tvb_get_guint8(tvb, offset));
1014 guint16 cat_low, cat_high;
1015 int offset_max_cat = offset + taglen - 4;
1016 char *cat_str = ep_alloc0(USHRT_MAX_STRLEN * 16);
1017 char *cat_str_tmp = ep_alloc(USHRT_MAX_STRLEN * 2);
1019 while ((offset + 2) <= offset_max_cat) {
1020 cat_high = tvb_get_ntohs(tvb, offset);
1021 if ((offset + 4) <= offset_max_cat) {
1022 cat_low = tvb_get_ntohs(tvb, offset + 2);
1028 if (cat_low != cat_high)
1029 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u-%u",
1032 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u", cat_high);
1034 if (cat_str[0] != '\0')
1035 g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 16);
1036 g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 16);
1039 proto_tree_add_text(field_tree, tvb, offset - taglen + 4, taglen - 4,
1040 "Categories: %s", cat_str);
1044 /* permissive categories, see FIPS 188 section 6.9 for tag format */
1045 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1046 ((offset + (int)taglen - 1) > offset_max)) {
1047 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
1048 "Malformed CIPSO tag");
1052 proto_tree_add_text(field_tree, tvb, offset, 1,
1053 "Tag Type: Permissive Categories (%u)", tagtype);
1054 proto_tree_add_text(field_tree, tvb, offset + 2, taglen - 2, "Tag data");
1058 /* free form, see FIPS 188 section 6.10 for tag format */
1059 if ((taglen < 2) || (taglen > CIPSO_TAG_LEN_MAX) ||
1060 ((offset + (int)taglen - 1) > offset_max)) {
1061 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
1062 "Malformed CIPSO tag");
1066 proto_tree_add_text(field_tree, tvb, offset, 1,
1067 "Tag Type: Free Form (%u)", tagtype);
1068 proto_tree_add_text(field_tree, tvb, offset + 2, taglen - 2, "Tag data");
1072 /* unknown tag - stop parsing this IPv4 option */
1073 if ((offset + 1) <= offset_max) {
1074 taglen = tvb_get_guint8(tvb, offset + 1);
1075 proto_tree_add_text(field_tree, tvb, offset, 1,
1076 "Tag Type: Unknown (%u) (%u bytes)",
1080 proto_tree_add_text(field_tree, tvb, offset, 1,
1081 "Tag Type: Unknown (%u) (invalid format)", tagtype);
1088 dissect_option_route(proto_tree *tree, tvbuff_t *tvb, int offset, int hf,
1089 int hf_host, gboolean next)
1094 route = tvb_get_ipv4(tvb, offset);
1096 proto_tree_add_ipv4_format_value(tree, hf, tvb, offset, 4, route,
1098 ip_to_str((gchar *)&route));
1100 proto_tree_add_ipv4(tree, hf, tvb, offset, 4, route);
1101 ti = proto_tree_add_string(tree, hf_host, tvb, offset, 4, get_hostname(route));
1102 PROTO_ITEM_SET_GENERATED(ti);
1103 PROTO_ITEM_SET_HIDDEN(ti);
1107 dissect_ipopt_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1108 guint optlen, packet_info *pinfo, proto_tree *opt_tree)
1110 proto_tree *field_tree;
1115 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1116 optp->name, optlen);
1117 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1118 dissect_ipopt_type(tvb, offset, field_tree);
1119 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1120 if (optlen > IPOLEN_MAX)
1121 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1122 "Invalid length for option");
1123 ptr = tvb_get_guint8(tvb, offset + 2);
1124 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1125 if ((ptr < (optp->optlen + 1)) || (ptr & 3)) {
1126 if (ptr < (optp->optlen + 1)) {
1127 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1128 "Pointer points before first address");
1131 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1132 "Pointer points to middle of address");
1138 optoffset = 3; /* skip past type, length and pointer */
1139 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1141 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1142 "Suboption would go past end of option");
1147 /* This is a recorded route */
1148 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1149 hf_ip_rec_rt_host, FALSE);
1150 } else if (optoffset == (len - 4)) {
1151 /* This is the the destination */
1154 const char *dst_host;
1156 addr = tvb_get_ipv4(tvb, offset + optoffset);
1157 dst_host = get_hostname(addr);
1158 proto_tree_add_ipv4(field_tree, hf_ip_dst, tvb,
1159 offset + optoffset, 4, addr);
1160 item = proto_tree_add_ipv4(field_tree, hf_ip_addr, tvb,
1161 offset + optoffset, 4, addr);
1162 PROTO_ITEM_SET_HIDDEN(item);
1163 item = proto_tree_add_string(field_tree, hf_ip_dst_host, tvb,
1164 offset + optoffset, 4, dst_host);
1165 PROTO_ITEM_SET_GENERATED(item);
1166 PROTO_ITEM_SET_HIDDEN(item);
1167 item = proto_tree_add_string(field_tree, hf_ip_host, tvb,
1168 offset + optoffset, 4, dst_host);
1169 PROTO_ITEM_SET_GENERATED(item);
1170 PROTO_ITEM_SET_HIDDEN(item);
1171 } else if ((optoffset + 1) < ptr) {
1172 /* This is also a recorded route */
1173 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1174 hf_ip_rec_rt_host, FALSE);
1175 } else if ((optoffset + 1) == ptr) {
1176 /* This is the next source route. TODO: Should we use separate hf's
1177 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1178 * having to pass TRUE/FALSE to dissect_option_route()? */
1179 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1180 hf_ip_src_rt_host, TRUE);
1182 /* This must be a source route */
1183 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1184 hf_ip_src_rt_host, FALSE);
1190 dissect_ipopt_record_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1191 guint optlen, packet_info *pinfo,
1192 proto_tree *opt_tree)
1194 proto_tree *field_tree;
1199 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1200 optp->name, optlen);
1201 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1202 dissect_ipopt_type(tvb, offset, field_tree);
1203 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1204 if (optlen > IPOLEN_MAX)
1205 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1206 "Invalid length for option");
1207 ptr = tvb_get_guint8(tvb, offset + 2);
1208 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1210 if ((ptr < (optp->optlen + 1)) || (ptr & 3)) {
1211 if (ptr < (optp->optlen + 1)) {
1212 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1213 "Pointer points before first address");
1216 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1217 "Pointer points to middle of address");
1223 optoffset = 3; /* skip past type, length and pointer */
1224 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1226 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1227 "Suboption would go past end of option");
1232 /* The recorded route data area is full. */
1233 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1234 hf_ip_rec_rt_host, FALSE);
1235 } else if ((optoffset + 1) < ptr) {
1236 /* This is a recorded route */
1237 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1238 hf_ip_rec_rt_host, FALSE);
1239 } else if ((optoffset + 1) == ptr) {
1240 /* This is the next available slot. TODO: Should we use separate hf's
1241 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1242 * having to pass TRUE/FALSE to dissect_option_route()? */
1243 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1244 hf_ip_empty_rt_host, TRUE);
1246 /* This must be an available slot too. */
1247 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1248 hf_ip_empty_rt_host, FALSE);
1253 /* Stream Identifier */
1255 dissect_ipopt_sid(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1256 guint optlen, packet_info *pinfo, proto_tree *opt_tree)
1258 proto_tree *field_tree;
1261 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes): %u",
1262 optp->name, optlen, tvb_get_ntohs(tvb, offset + 2));
1263 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1264 dissect_ipopt_type(tvb, offset, field_tree);
1265 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1266 if (optlen != (guint)optp->optlen)
1267 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1268 "Invalid length for option");
1269 proto_tree_add_item(field_tree, hf_ip_opt_sid, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1272 /* RFC 1063: MTU Probe and MTU Reply */
1274 dissect_ipopt_mtu(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1275 guint optlen, packet_info *pinfo, proto_tree *opt_tree)
1277 proto_tree *field_tree;
1280 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes): %u",
1281 optp->name, optlen, tvb_get_ntohs(tvb, offset + 2));
1282 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1283 dissect_ipopt_type(tvb, offset, field_tree);
1284 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1285 if (optlen != (guint)optp->optlen)
1286 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1287 "Invalid length for option");
1288 proto_tree_add_item(field_tree, hf_ip_opt_mtu, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1291 /* RFC 1393: Traceroute */
1293 dissect_ipopt_tr(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1294 guint optlen, packet_info *pinfo, proto_tree *opt_tree)
1296 proto_tree *field_tree;
1299 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1300 optp->name, optlen);
1301 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1302 dissect_ipopt_type(tvb, offset, field_tree);
1303 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1304 if (optlen != (guint)optp->optlen)
1305 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1306 "Invalid length for option");
1308 proto_tree_add_item(field_tree, hf_ip_opt_id_number, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1309 proto_tree_add_item(field_tree, hf_ip_opt_ohc, tvb, offset + 4, 2, ENC_BIG_ENDIAN);
1310 proto_tree_add_item(field_tree, hf_ip_opt_rhc, tvb, offset + 6, 2, ENC_BIG_ENDIAN);
1311 proto_tree_add_item(field_tree, hf_ip_opt_originator, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
1315 dissect_ipopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb,
1316 int offset, guint optlen, packet_info *pinfo,
1317 proto_tree *opt_tree)
1319 proto_tree *field_tree;
1324 static const value_string flag_vals[] = {
1325 {IPOPT_TS_TSONLY, "Time stamps only" },
1326 {IPOPT_TS_TSANDADDR, "Time stamp and address" },
1327 {IPOPT_TS_PRESPEC, "Time stamps for prespecified addresses"},
1332 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1333 optp->name, optlen);
1334 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1335 dissect_ipopt_type(tvb, offset, field_tree);
1336 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1337 if (optlen > IPOLEN_MAX)
1338 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1339 "Invalid length for option");
1340 optoffset += 2; /* skip past type and length */
1341 optlen -= 2; /* subtract size of type and length */
1343 ptr = tvb_get_guint8(tvb, offset + optoffset);
1344 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Pointer: %d%s",
1345 ptr, ((ptr == 1) ? " (header is full)" :
1346 (ptr < 5) ? " (points before first address)" :
1347 (((ptr - 1) & 3) ? " (points to middle of field)" : "")));
1350 ptr--; /* ptr is 1-origin */
1352 flg = tvb_get_guint8(tvb, offset + optoffset);
1353 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Overflow: %u",
1356 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Flag: %s",
1357 val_to_str(flg, flag_vals, "Unknown (0x%x)"));
1361 while (optlen > 0) {
1362 if (flg == IPOPT_TS_TSANDADDR || flg == IPOPT_TS_PRESPEC) {
1364 proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
1365 "(suboption would go past end of option)");
1368 addr = tvb_get_ipv4(tvb, offset + optoffset);
1369 ts = tvb_get_ntohl(tvb, offset + optoffset + 4);
1371 proto_tree_add_text(field_tree, tvb, offset + optoffset, 8,
1372 "Address = %s, time stamp = %u",
1373 ((addr == 0) ? "-" :
1374 get_hostname(addr)), ts);
1378 proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
1379 "(suboption would go past end of option)");
1382 ts = tvb_get_ntohl(tvb, offset + optoffset);
1384 proto_tree_add_text(field_tree, tvb, offset + optoffset, 4,
1385 "Time stamp = %u", ts);
1392 static const range_string ra_rvals[] = {
1393 {0, 0, "Router shall examine packet"},
1394 {1, 65535, "Reserved"},
1399 dissect_ipopt_ra(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1400 guint optlen, packet_info *pinfo, proto_tree *opt_tree)
1402 /* Router-Alert, as defined by RFC2113 */
1403 proto_tree *field_tree;
1405 guint16 value = tvb_get_ntohs(tvb, offset + 2);
1407 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen,
1408 "%s (%u bytes): %s (%u)", optp->name, optlen,
1409 rval_to_str(value, ra_rvals, "Unknown (%u)"),
1411 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1412 dissect_ipopt_type(tvb, offset, field_tree);
1413 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1414 if (optlen != (guint)optp->optlen)
1415 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1416 "Invalid length for option");
1417 proto_tree_add_item(field_tree, hf_ip_opt_ra, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1420 /* RFC 1770: Selective Directed Broadcast */
1422 dissect_ipopt_sdb(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1423 guint optlen, packet_info *pinfo, proto_tree *opt_tree)
1425 proto_tree *field_tree;
1428 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1429 optp->name, optlen);
1430 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1431 dissect_ipopt_type(tvb, offset, field_tree);
1432 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1433 if (optlen > IPOLEN_MAX)
1434 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1435 "Invalid length for option");
1436 for (offset += 2, optlen -= 2; optlen >= 4; offset += 4, optlen -= 4)
1437 proto_tree_add_item(field_tree, hf_ip_opt_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
1440 proto_tree_add_item(field_tree, hf_ip_opt_padding, tvb, offset, optlen, ENC_NA);
1443 const value_string qs_func_vals[] = {
1444 {QS_RATE_REQUEST, "Rate request"},
1445 {QS_RATE_REPORT, "Rate report"},
1449 static const value_string qs_rate_vals[] = {
1455 { 5, "1.28 Mbit/s"},
1456 { 6, "2.56 Mbit/s"},
1457 { 7, "5.12 Mbit/s"},
1458 { 8, "10.24 Mbit/s"},
1459 { 9, "20.48 Mbit/s"},
1460 {10, "40.96 Mbit/s"},
1461 {11, "81.92 Mbit/s"},
1462 {12, "163.84 Mbit/s"},
1463 {13, "327.68 Mbit/s"},
1464 {14, "655.36 Mbit/s"},
1465 {15, "1.31072 Gbit/s"},
1468 value_string_ext qs_rate_vals_ext = VALUE_STRING_EXT_INIT(qs_rate_vals);
1471 dissect_ipopt_qs(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1472 guint optlen, packet_info *pinfo, proto_tree *opt_tree)
1474 proto_tree *field_tree;
1478 guint8 command = tvb_get_guint8(tvb, offset + 2);
1479 guint8 function = command >> 4;
1480 guint8 rate = command & QS_RATE_MASK;
1483 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen,
1484 "%s (%u bytes): %s (%u)", optp->name, optlen,
1485 val_to_str(function, qs_func_vals, "Unknown (%u)"),
1487 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1488 dissect_ipopt_type(tvb, offset, field_tree);
1489 ti = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1490 if (optlen != (guint)optp->optlen)
1491 expert_add_info_format(pinfo, ti, PI_PROTOCOL, PI_WARN,
1492 "Invalid length for option");
1493 proto_tree_add_item(field_tree, hf_ip_opt_qs_func, tvb, offset + 2, 1, ENC_NA);
1495 if (function == QS_RATE_REQUEST) {
1496 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset + 2, 1, ENC_NA);
1497 proto_tree_add_item(field_tree, hf_ip_opt_qs_ttl, tvb, offset + 3, 1, ENC_NA);
1498 ttl_diff = (pinfo->ip_ttl - tvb_get_guint8(tvb, offset + 3) % 256);
1499 ti = proto_tree_add_uint_format_value(field_tree, hf_ip_opt_qs_ttl_diff,
1500 tvb, offset + 3, 1, ttl_diff,
1502 PROTO_ITEM_SET_GENERATED(ti);
1503 proto_item_append_text(tf, ", %s, QS TTL %u, QS TTL diff %u",
1504 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"),
1505 tvb_get_guint8(tvb, offset + 3), ttl_diff);
1506 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 4, 4, ENC_NA);
1507 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 4, 4, ENC_NA);
1508 } else if (function == QS_RATE_REPORT) {
1509 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset + 2, 1, ENC_NA);
1510 proto_item_append_text(tf, ", %s",
1511 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"));
1512 proto_tree_add_item(field_tree, hf_ip_opt_qs_unused, tvb, offset + 3, 1, ENC_NA);
1513 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 4, 4, ENC_NA);
1514 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 4, 4, ENC_NA);
1518 static const ip_tcp_opt ipopts[] = {
1519 {IPOPT_EOOL, "End of Options List (EOL)", &ett_ip_option_eool,
1520 OPT_LEN_NO_LENGTH, 0, dissect_ipopt_eool},
1521 {IPOPT_NOP, "No Operation (NOP)", &ett_ip_option_nop,
1522 OPT_LEN_NO_LENGTH, 0, dissect_ipopt_nop},
1523 {IPOPT_SEC, "Security", &ett_ip_option_sec,
1524 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SEC_MIN, dissect_ipopt_security},
1525 {IPOPT_LSR, "Loose Source Route", &ett_ip_option_route,
1526 OPT_LEN_VARIABLE_LENGTH, IPOLEN_LSR_MIN, dissect_ipopt_route},
1527 {IPOPT_TS, "Time Stamp", &ett_ip_option_timestamp,
1528 OPT_LEN_VARIABLE_LENGTH, IPOLEN_TS_MIN, dissect_ipopt_timestamp},
1529 {IPOPT_ESEC, "Extended Security", &ett_ip_option_ext_security,
1530 OPT_LEN_VARIABLE_LENGTH, IPOLEN_ESEC_MIN, dissect_ipopt_ext_security},
1531 {IPOPT_CIPSO, "Commercial Security", &ett_ip_option_cipso,
1532 OPT_LEN_VARIABLE_LENGTH, IPOLEN_CIPSO_MIN, dissect_ipopt_cipso},
1533 {IPOPT_RR, "Record Route", &ett_ip_option_route,
1534 OPT_LEN_VARIABLE_LENGTH, IPOLEN_RR_MIN, dissect_ipopt_record_route},
1535 {IPOPT_SID, "Stream ID", &ett_ip_option_sid,
1536 OPT_LEN_FIXED_LENGTH, IPOLEN_SID, dissect_ipopt_sid},
1537 {IPOPT_SSR, "Strict Source Route", &ett_ip_option_route,
1538 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SSR_MIN, dissect_ipopt_route},
1540 {IPOPT_ZSU, "Experimental Measurement", &ett_ip_option_zsu,
1541 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ZSU_MIN, dissect_ipopt_zsu},
1543 {IPOPT_MTUP, "MTU Probe", &ett_ip_option_mtu,
1544 OPT_LEN_FIXED_LENGTH, IPOLEN_MTU, dissect_ipopt_mtu},
1545 {IPOPT_MTUR, "MTU Reply", &ett_ip_option_mtu,
1546 OPT_LEN_FIXED_LENGTH, IPOLEN_MTU, dissect_ipopt_mtu},
1548 {IPOPT_FINN, "Experimental Flow Control", &ett_ip_option_finn,
1549 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_FINN_MIN, dissect_ipopt_finn},
1550 {IPOPT_VISA, "Experimental Access Control", &ett_ip_option_visa,
1551 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_VISA_MIN, dissect_ipopt_visa},
1552 {IPOPT_ENCODE, "???", &ett_ip_option_encode,
1553 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ENCODE_MIN, dissect_ipopt_encode},
1554 {IPOPT_IMITD, "IMI Traffic Descriptor", &ett_ip_option_imitd,
1555 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_IMITD_MIN, dissect_ipopt_imitd},
1556 {IPOPT_EIP, "Extended Internet Protocol", &ett_ip_option_eip,
1557 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_EIP_MIN, dissect_ipopt_eip},
1559 {IPOPT_TR, "Traceroute", &ett_ip_option_tr,
1560 OPT_LEN_FIXED_LENGTH, IPOLEN_TR, dissect_ipopt_tr},
1562 {IPOPT_ADDEXT, "Address Extension", &ett_ip_option_addext,
1563 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ADDEXT_MIN, dissect_ipopt_addext},
1565 {IPOPT_RTRALT, "Router Alert", &ett_ip_option_ra,
1566 OPT_LEN_FIXED_LENGTH, IPOLEN_RA, dissect_ipopt_ra},
1567 {IPOPT_SDB, "Selective Directed Broadcast", &ett_ip_option_sdb,
1568 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SDB_MIN, dissect_ipopt_sdb},
1570 {IPOPT_UN, "Unassigned", &ett_ip_option_un,
1571 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_UN_MIN, dissect_ipopt_un},
1572 {IPOPT_DPS, "Dynamic Packet State", &ett_ip_option_dps,
1573 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_DPS_MIN, dissect_ipopt_dps},
1574 {IPOPT_UMP, "Upstream Multicast Pkt.", &ett_ip_option_ump,
1575 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_UMP_MIN, dissect_ipopt_ump},
1577 {IPOPT_QS, "Quick-Start", &ett_ip_option_qs,
1578 OPT_LEN_FIXED_LENGTH, IPOLEN_QS, dissect_ipopt_qs}
1580 {IPOPT_EXP, "RFC3692-style Experiment", &ett_ip_option_exp,
1581 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_EXP_MIN, dissect_ipopt_exp}
1585 #define N_IP_OPTS array_length(ipopts)
1587 /* Dissect the IP, TCP or various PPP protocols (IPCP, CP, LCP, VSNCP, BAP)
1588 * options in a packet. */
1590 dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length,
1591 const ip_tcp_opt *opttab, int nopts, int eol,
1592 packet_info *pinfo, proto_tree *opt_tree,
1593 proto_item *opt_item)
1596 const ip_tcp_opt *optp;
1597 opt_len_type len_type;
1598 unsigned int optlen;
1600 void (*dissect)(const struct ip_tcp_opt *, tvbuff_t *,
1601 int, guint, packet_info *, proto_tree *);
1602 guint len, nop_count = 0;
1604 while (length > 0) {
1605 opt = tvb_get_guint8(tvb, offset);
1606 for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
1607 if (optp->optcode == opt)
1610 if (optp == &opttab[nopts]) {
1611 /* We assume that the only OPT_LEN_NO_LENGTH options are EOL and NOP options,
1612 so that we can treat unknown options as OPT_LEN_VARIABLE_LENGTH with a
1613 minimum of 2, and at least be able to move on to the next option
1614 by using the length in the option. */
1615 optp = NULL; /* indicate that we don't know this option */
1616 len_type = OPT_LEN_VARIABLE_LENGTH;
1618 name = ep_strdup_printf("Unknown (0x%02x)", opt);
1622 len_type = optp->len_type;
1623 optlen = optp->optlen;
1625 dissect = optp->dissect;
1626 if (opt_item && len_type == OPT_LEN_NO_LENGTH && optlen == 0 && opt == 1 &&
1627 (nop_count == 0 || offset % 4)) { /* opt 1 = NOP in both IP and TCP */
1628 /* Count number of NOP in a row within a uint32 */
1634 --length; /* account for type byte */
1635 if (len_type != OPT_LEN_NO_LENGTH) {
1636 /* Option has a length. Is it in the packet? */
1638 /* Bogus - packet must at least include option code byte and
1640 proto_tree_add_text(opt_tree, tvb, offset, 1,
1641 "%s (length byte past end of options)", name);
1644 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1645 --length; /* account for length byte */
1647 /* Bogus - option length is too short to include option code and
1649 proto_tree_add_text(opt_tree, tvb, offset, 2,
1650 "%s (with too-short option length = %u byte%s)",
1651 name, len, plurality(len, "", "s"));
1653 } else if (len - 2 > length) {
1654 /* Bogus - option goes past the end of the header. */
1655 proto_tree_add_text(opt_tree, tvb, offset, length,
1656 "%s (option length = %u byte%s says option goes "
1657 "past end of options)",
1658 name, len, plurality(len, "", "s"));
1660 } else if (len_type == OPT_LEN_FIXED_LENGTH && len != optlen) {
1661 /* Bogus - option length isn't what it's supposed to be for this
1663 proto_tree_add_text(opt_tree, tvb, offset, len,
1664 "%s (with option length = %u byte%s; should be %u)",
1665 name, len, plurality(len, "", "s"), optlen);
1667 } else if (len_type == OPT_LEN_VARIABLE_LENGTH && len < optlen) {
1668 /* Bogus - option length is less than what it's supposed to be for
1670 proto_tree_add_text(opt_tree, tvb, offset, len,
1671 "%s (with option length = %u byte%s; "
1673 name, len, plurality(len, "", "s"), optlen);
1677 proto_tree_add_text(opt_tree, tvb, offset, len, "%s (%u byte%s)",
1678 name, len, plurality(len, "", "s"));
1680 if (dissect != NULL) {
1681 /* Option has a dissector. */
1682 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1684 (*dissect)(optp, tvb, offset, len, pinfo, opt_tree);
1686 proto_tree *field_tree;
1689 /* Option has no data, hence no dissector. */
1690 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1692 tf = proto_tree_add_text(opt_tree, tvb, offset, len, "%s", name);
1693 field_tree = proto_item_add_subtree(tf, ett_ip_option_other);
1694 dissect_ipopt_type(tvb, offset, field_tree);
1697 len -= 2; /* subtract size of type and length */
1702 if (dissect != NULL) {
1703 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1705 (*dissect)(optp, tvb, offset, 1, pinfo, opt_tree);
1707 proto_tree *field_tree;
1710 /* Option has no data, hence no dissector. */
1711 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s", name);
1712 tf = proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", name);
1713 field_tree = proto_item_add_subtree(tf, ett_ip_option_other);
1714 dissect_ipopt_type(tvb, offset, field_tree);
1718 if (nop_count == 4 && strcmp (name, "No-Operation (NOP)") == 0) {
1719 expert_add_info_format(pinfo, opt_item, PI_PROTOCOL, PI_WARN,
1720 "4 NOP in a row - a router may have removed "
1729 /* This function searches the IP options for either a loose or strict source
1730 * route option, then returns the offset to the destination address if the
1731 * pointer is still valid or zero if the pointer is greater than the length.
1733 * The guts of this function was taken from dissect_ip_tcp_options().
1736 get_dst_offset(tvbuff_t *tvb, int offset, guint length,
1737 const ip_tcp_opt *opttab, int nopts, int eol)
1740 const ip_tcp_opt *optp;
1741 opt_len_type len_type;
1742 unsigned int optlen;
1744 int orig_offset = offset;
1746 while (length > 0) {
1747 opt = tvb_get_guint8(tvb, offset);
1748 for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
1749 if (optp->optcode == opt)
1752 if (optp == &opttab[nopts]) {
1753 /* We assume that the only NO_LENGTH options are EOL and NOP options,
1754 so that we can treat unknown options as VARIABLE_LENGTH with a
1755 minimum of 2, and at least be able to move on to the next option
1756 by using the length in the option. */
1757 optp = NULL; /* indicate that we don't know this option */
1758 len_type = OPT_LEN_VARIABLE_LENGTH;
1761 len_type = optp->len_type;
1762 optlen = optp->optlen;
1764 --length; /* account for type byte */
1765 if (len_type != OPT_LEN_NO_LENGTH) {
1766 /* Option has a length. Is it in the packet? */
1768 /* Bogus - packet must at least include option code byte and
1772 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1773 --length; /* account for length byte */
1775 /* Bogus - option length is too short to include option code and
1778 } else if (len - 2 > length) {
1779 /* Bogus - option goes past the end of the header. */
1781 } else if (len_type == OPT_LEN_FIXED_LENGTH && len != optlen) {
1782 /* Bogus - option length isn't what it's supposed to be for this
1785 } else if (len_type == OPT_LEN_VARIABLE_LENGTH && len < optlen) {
1786 /* Bogus - option length is less than what it's supposed to be for
1791 if (opt == IPOPT_SSR || opt == IPOPT_LSR) {
1792 /* Hmm, what if you have both options? */
1795 ptr = tvb_get_guint8(tvb, offset + 2);
1796 if (ptr < 4 || (ptr & 3) || (ptr > len)) {
1799 return (offset - orig_offset) + 4 + (len - 4);
1802 len -= 2; /* subtract size of type and length */
1815 /* Returns the valid ttl for the group address */
1817 local_network_control_block_addr_valid_ttl(guint32 addr)
1819 /* An exception list, as some protocols seem to insist on
1820 * doing differently:
1823 /* IETF's VRRP (rfc3768) */
1824 if (IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR == addr)
1825 return IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL;
1827 if (IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR == addr)
1828 return IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL;
1829 /* mDNS (draft-cheshire-dnsext-multicastdns-07) */
1830 if (IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR == addr)
1831 return IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL;
1832 /* LLMNR (rfc4795) */
1833 if (IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR == addr)
1834 return IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL;
1835 return IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL;
1838 const value_string dscp_vals[] = {
1839 { IPDSFIELD_DSCP_DEFAULT, "Default" },
1840 { IPDSFIELD_DSCP_CS1, "Class Selector 1" },
1841 { IPDSFIELD_DSCP_AF11, "Assured Forwarding 11" },
1842 { IPDSFIELD_DSCP_AF12, "Assured Forwarding 12" },
1843 { IPDSFIELD_DSCP_AF13, "Assured Forwarding 13" },
1844 { IPDSFIELD_DSCP_CS2, "Class Selector 2" },
1845 { IPDSFIELD_DSCP_AF21, "Assured Forwarding 21" },
1846 { IPDSFIELD_DSCP_AF22, "Assured Forwarding 22" },
1847 { IPDSFIELD_DSCP_AF23, "Assured Forwarding 23" },
1848 { IPDSFIELD_DSCP_CS3, "Class Selector 3" },
1849 { IPDSFIELD_DSCP_AF31, "Assured Forwarding 31" },
1850 { IPDSFIELD_DSCP_AF32, "Assured Forwarding 32" },
1851 { IPDSFIELD_DSCP_AF33, "Assured Forwarding 33" },
1852 { IPDSFIELD_DSCP_CS4, "Class Selector 4" },
1853 { IPDSFIELD_DSCP_AF41, "Assured Forwarding 41" },
1854 { IPDSFIELD_DSCP_AF42, "Assured Forwarding 42" },
1855 { IPDSFIELD_DSCP_AF43, "Assured Forwarding 43" },
1856 { IPDSFIELD_DSCP_CS5, "Class Selector 5" },
1857 { IPDSFIELD_DSCP_EF, "Expedited Forwarding" },
1858 { IPDSFIELD_DSCP_CS6, "Class Selector 6" },
1859 { IPDSFIELD_DSCP_CS7, "Class Selector 7" },
1861 value_string_ext dscp_vals_ext = VALUE_STRING_EXT_INIT(dscp_vals);
1863 const value_string ecn_vals[] = {
1864 { IPDSFIELD_ECT_NOT, "Not-ECT (Not ECN-Capable Transport)" },
1865 { IPDSFIELD_ECT_1, "ECT(1) (ECN-Capable Transport)" },
1866 { IPDSFIELD_ECT_0, "ECT(0) (ECN-Capable Transport)" },
1867 { IPDSFIELD_CE, "CE (Congestion Experienced)" },
1870 static const value_string precedence_vals[] = {
1871 { IPTOS_PREC_ROUTINE, "routine" },
1872 { IPTOS_PREC_PRIORITY, "priority" },
1873 { IPTOS_PREC_IMMEDIATE, "immediate" },
1874 { IPTOS_PREC_FLASH, "flash" },
1875 { IPTOS_PREC_FLASHOVERRIDE, "flash override" },
1876 { IPTOS_PREC_CRITIC_ECP, "CRITIC/ECP" },
1877 { IPTOS_PREC_INTERNETCONTROL, "internetwork control" },
1878 { IPTOS_PREC_NETCONTROL, "network control" },
1881 static const value_string iptos_vals[] = {
1882 { IPTOS_NONE, "None" },
1883 { IPTOS_LOWCOST, "Minimize cost" },
1884 { IPTOS_RELIABILITY, "Maximize reliability" },
1885 { IPTOS_THROUGHPUT, "Maximize throughput" },
1886 { IPTOS_LOWDELAY, "Minimize delay" },
1887 { IPTOS_SECURITY, "Maximize security" },
1891 static const true_false_string tos_set_low = {
1896 static const true_false_string tos_set_high = {
1901 static const true_false_string flags_sf_set_evil = {
1907 ip_checksum(const guint8 *ptr, int len)
1911 cksum_vec[0].ptr = ptr;
1912 cksum_vec[0].len = len;
1913 return in_cksum(&cksum_vec[0], 1);
1917 dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
1919 proto_tree *ip_tree = NULL, *field_tree = NULL;
1920 proto_item *ti = NULL, *tf;
1922 int offset = 0, dst_off;
1927 fragment_data *ipfd_head = NULL;
1929 gboolean update_col_info = TRUE;
1930 gboolean save_fragmented;
1932 const guchar *src_addr, *dst_addr;
1933 guint32 src32, dst32;
1935 proto_item *item = NULL, *ttl_item;
1936 proto_tree *checksum_tree;
1940 iph = ep_alloc(sizeof(ws_ip));
1942 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPv4");
1943 col_clear(pinfo->cinfo, COL_INFO);
1945 iph->ip_v_hl = tvb_get_guint8(tvb, offset);
1946 if ( hi_nibble(iph->ip_v_hl) == 6) {
1947 call_dissector(ipv6_handle, tvb, pinfo, parent_tree);
1951 hlen = lo_nibble(iph->ip_v_hl) * 4; /* IP header length, in bytes */
1954 ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, ENC_NA);
1955 ip_tree = proto_item_add_subtree(ti, ett_ip);
1957 proto_tree_add_uint(ip_tree, hf_ip_version, tvb, offset, 1,
1958 hi_nibble(iph->ip_v_hl));
1961 /* if IP is not referenced from any filters we don't need to worry about
1962 generating any tree items. We must do this after we created the actual
1963 protocol above so that proto hier stat still works though.
1964 XXX: Note that because of the following optimization expert items must
1965 not be generated inside of an 'if (tree) ...'
1966 so that Analyze ! Expert ... will work.
1968 if (!proto_field_is_referenced(parent_tree, proto_ip)) {
1972 if (hlen < IPH_MIN_LEN) {
1973 col_add_fstr(pinfo->cinfo, COL_INFO,
1974 "Bogus IP header length (%u, must be at least %u)",
1977 proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
1978 "Header length: %u bytes (bogus, must be "
1979 "at least %u)", hlen, IPH_MIN_LEN);
1985 proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
1986 "Header length: %u bytes", hlen);
1989 iph->ip_tos = tvb_get_guint8(tvb, offset + 1);
1990 if (g_ip_dscp_actif) {
1991 col_add_fstr(pinfo->cinfo, COL_DSCP_VALUE, "%u",
1992 IPDSFIELD_DSCP(iph->ip_tos));
1996 if (g_ip_dscp_actif) {
1997 tf = proto_tree_add_uint_format(ip_tree, hf_ip_dsfield, tvb, offset + 1,
1998 1, iph->ip_tos, "Differentiated Services Field: 0x%02x "
1999 "(DSCP 0x%02x: %s; ECN: 0x%02x: %s)", iph->ip_tos,
2000 IPDSFIELD_DSCP(iph->ip_tos), val_to_str_ext_const(IPDSFIELD_DSCP(iph->ip_tos),
2001 &dscp_vals_ext, "Unknown DSCP"),
2002 IPDSFIELD_ECN(iph->ip_tos), val_to_str_const(IPDSFIELD_ECN(iph->ip_tos),
2003 ecn_vals, "Unknown ECN"));
2005 field_tree = proto_item_add_subtree(tf, ett_ip_dsfield);
2006 proto_tree_add_item(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, ENC_NA);
2007 proto_tree_add_item(field_tree, hf_ip_dsfield_ecn, tvb, offset + 1, 1, ENC_NA);
2009 tf = proto_tree_add_uint_format(ip_tree, hf_ip_tos, tvb, offset + 1, 1,
2011 "Type of service: 0x%02x (%s)",
2013 val_to_str_const(IPTOS_TOS(iph->ip_tos),
2014 iptos_vals, "Unknown"));
2016 field_tree = proto_item_add_subtree(tf, ett_ip_tos);
2017 proto_tree_add_item(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, ENC_NA);
2018 proto_tree_add_item(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, ENC_NA);
2019 proto_tree_add_item(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, ENC_NA);
2020 proto_tree_add_item(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, ENC_NA);
2021 proto_tree_add_item(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, ENC_NA);
2025 /* Length of IP datagram.
2026 XXX - what if this is greater than the reported length of the
2027 tvbuff? This could happen, for example, in an IP datagram
2028 inside an ICMP datagram; we need to somehow let the
2029 dissector we call know that, as it might want to avoid
2030 doing its checksumming. */
2031 iph->ip_len = tvb_get_ntohs(tvb, offset + 2);
2033 /* Correct for zero-length TSO packets
2034 * If ip_len is zero, assume TSO and use the reported length instead. Note
2035 * that we need to use the frame/reported length instead of the
2036 * actually-available length, just in case a snaplen was used on capture. */
2037 if (ip_tso_supported && !iph->ip_len)
2038 iph->ip_len = tvb_reported_length(tvb);
2040 if (iph->ip_len < hlen) {
2041 col_add_fstr(pinfo->cinfo, COL_INFO,
2042 "Bogus IP length (%u, less than header length %u)",
2046 tf = proto_tree_add_uint_format(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2048 "Total length: 0 bytes (may be caused by \"TCP segmentation offload\" (TSO)?)");
2050 tf = proto_tree_add_uint_format(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2052 "Total length: %u bytes (bogus, less than header length %u)",
2055 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_ERROR, "Bogus IP length");
2061 * Now that we know that the total length of this IP datagram isn't
2062 * obviously bogus, adjust the length of this tvbuff to include only
2065 set_actual_length(tvb, iph->ip_len);
2068 proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len);
2070 iph->ip_id = tvb_get_ntohs(tvb, offset + 4);
2072 proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph->ip_id);
2074 iph->ip_off = tvb_get_ntohs(tvb, offset + 6);
2076 int bit_offset = (offset + 6) * 8;
2078 flags = (iph->ip_off & (IP_RF | IP_DF | IP_MF)) >> IP_OFFSET_WIDTH;
2079 tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags);
2080 field_tree = proto_item_add_subtree(tf, ett_ip_off);
2081 if (ip_security_flag) {
2084 sf = proto_tree_add_bits_item(field_tree, hf_ip_flags_sf, tvb,
2085 bit_offset + 0, 1, ENC_BIG_ENDIAN);
2086 if (iph->ip_off & IP_RF) {
2087 proto_item_append_text(tf, " (Evil packet!)");
2088 expert_add_info_format(pinfo, sf, PI_SECURITY, PI_WARN,
2089 "This is an Evil packet (RFC 3514)");
2092 proto_tree_add_bits_item(field_tree, hf_ip_flags_rf, tvb, bit_offset + 0,
2093 1, ENC_LITTLE_ENDIAN);
2095 if (iph->ip_off & IP_DF)
2096 proto_item_append_text(tf, " (Don't Fragment)");
2097 proto_tree_add_bits_item(field_tree, hf_ip_flags_df, tvb, bit_offset + 1,
2099 if (iph->ip_off & IP_MF)
2100 proto_item_append_text(tf, " (More Fragments)");
2101 proto_tree_add_bits_item(field_tree, hf_ip_flags_mf, tvb, bit_offset + 2,
2103 proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
2104 (iph->ip_off & IP_OFFSET)*8);
2107 iph->ip_ttl = tvb_get_guint8(tvb, offset + 8);
2108 pinfo->ip_ttl = iph->ip_ttl;
2110 ttl_item = proto_tree_add_item(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, ENC_BIG_ENDIAN);
2115 iph->ip_p = tvb_get_guint8(tvb, offset + 9);
2117 proto_tree_add_item(ip_tree, hf_ip_proto, tvb, offset + 9, 1, ENC_BIG_ENDIAN);
2120 iph->ip_sum = tvb_get_ntohs(tvb, offset + 10);
2123 * If we have the entire IP header available, check the checksum.
2125 if (ip_check_checksum && tvb_bytes_exist(tvb, offset, hlen)) {
2126 ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen);
2129 item = proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb,
2130 offset + 10, 2, iph->ip_sum,
2131 "Header checksum: 0x%04x [correct]",
2133 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2134 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2135 offset + 10, 2, TRUE);
2136 PROTO_ITEM_SET_GENERATED(item);
2137 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2138 offset + 10, 2, FALSE);
2139 PROTO_ITEM_SET_GENERATED(item);
2141 item = proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb,
2142 offset + 10, 2, iph->ip_sum,
2143 "Header checksum: 0x%04x "
2144 "[incorrect, should be 0x%04x "
2145 "(may be caused by \"IP checksum "
2146 "offload\"?)]", iph->ip_sum,
2147 in_cksum_shouldbe(iph->ip_sum,
2149 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2150 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2151 offset + 10, 2, FALSE);
2152 PROTO_ITEM_SET_GENERATED(item);
2153 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2154 offset + 10, 2, TRUE);
2155 PROTO_ITEM_SET_GENERATED(item);
2159 /* Add expert item always (so tap gets called if present);
2160 if (tree == NULL) then item will be NULL
2161 else item should be from the
2162 add_boolean(..., hf_ip_checksum_bad, ...) above */
2163 expert_add_info_format(pinfo, item, PI_CHECKSUM, PI_ERROR,
2169 item = proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb,
2170 offset + 10, 2, iph->ip_sum,
2171 "Header checksum: 0x%04x [%s]",
2172 iph->ip_sum, ip_check_checksum ?
2173 "not all data available" :
2174 "validation disabled");
2175 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2176 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2177 offset + 10, 2, FALSE);
2178 PROTO_ITEM_SET_GENERATED(item);
2179 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2180 offset + 10, 2, FALSE);
2181 PROTO_ITEM_SET_GENERATED(item);
2184 src_addr = tvb_get_ptr(tvb, offset + IPH_SRC, 4);
2185 src32 = tvb_get_ntohl(tvb, offset + IPH_SRC);
2186 SET_ADDRESS(&pinfo->net_src, AT_IPv4, 4, src_addr);
2187 SET_ADDRESS(&pinfo->src, AT_IPv4, 4, src_addr);
2188 SET_ADDRESS(&iph->ip_src, AT_IPv4, 4, src_addr);
2190 const char *src_host;
2192 memcpy(&addr, iph->ip_src.data, 4);
2193 src_host = get_hostname(addr);
2194 if (ip_summary_in_tree) {
2195 proto_item_append_text(ti, ", Src: %s (%s)", src_host,
2196 ip_to_str(iph->ip_src.data));
2198 proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, addr);
2199 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 12, 4, addr);
2200 PROTO_ITEM_SET_HIDDEN(item);
2201 item = proto_tree_add_string(ip_tree, hf_ip_src_host, tvb, offset + 12, 4,
2203 PROTO_ITEM_SET_GENERATED(item);
2204 PROTO_ITEM_SET_HIDDEN(item);
2205 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb, offset + 12, 4,
2207 PROTO_ITEM_SET_GENERATED(item);
2208 PROTO_ITEM_SET_HIDDEN(item);
2211 /* If there's an IP strict or loose source routing option, then the final
2212 * L3 IP destination address will be the last entry in the routing header
2213 * EXCEPT when the table is exhausted (pointer is greater than the length).
2214 * In this case, the final L3 IP destination address is the one in the L3
2215 * header. (REF: http://tools.ietf.org/html/rfc791#section-3.1)
2217 if (hlen > IPH_MIN_LEN) {
2218 /* There's more than just the fixed-length header. See if we've got
2219 * either a strict or loose source route option and if so, return the
2220 * offset into the tvb to where the real destination IP address is located.
2222 dst_off = get_dst_offset(tvb, offset + 20, hlen - IPH_MIN_LEN, ipopts,
2223 N_IP_OPTS, IPOPT_EOOL);
2228 dst_addr = tvb_get_ptr(tvb, offset + IPH_DST + dst_off, 4);
2229 dst32 = tvb_get_ntohl(tvb, offset + IPH_DST + dst_off);
2230 SET_ADDRESS(&pinfo->net_dst, AT_IPv4, 4, dst_addr);
2231 SET_ADDRESS(&pinfo->dst, AT_IPv4, 4, dst_addr);
2232 SET_ADDRESS(&iph->ip_dst, AT_IPv4, 4, dst_addr);
2234 /* If an IP is destined for an IP address in the Local Network Control Block
2235 * (e.g. 224.0.0.0/24), the packet should never be routed and the TTL would
2236 * be expected to be 1. (see RFC 3171) Flag a TTL greater than 1.
2238 * Flag a low TTL if the packet is not destined for a multicast address
2239 * (e.g. 224.0.0.0/4) ... and the payload isn't protocol 103 (PIM).
2240 * (see http://tools.ietf.org/html/rfc3973#section-4.7).
2242 if (is_a_local_network_control_block_addr(dst32)) {
2243 ttl = local_network_control_block_addr_valid_ttl(dst32);
2244 if (ttl != iph->ip_ttl && ttl != IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL) {
2245 expert_add_info_format(pinfo, ttl_item, PI_SEQUENCE, PI_NOTE,
2246 "\"Time To Live\" != %d for a packet sent to the "
2247 "Local Network Control Block (see RFC 3171)",
2250 } else if (!is_a_multicast_addr(dst32) && iph->ip_ttl < 5 &&
2251 (iph->ip_p != IP_PROTO_PIM)) {
2252 expert_add_info_format(pinfo, ttl_item, PI_SEQUENCE, PI_NOTE,
2253 "\"Time To Live\" only %u", iph->ip_ttl);
2257 const char *dst_host;
2260 memcpy(&addr, iph->ip_dst.data, 4);
2261 dst_host = get_hostname(addr);
2263 cur_rt = tvb_get_ipv4(tvb, offset + 16);
2264 if (ip_summary_in_tree) {
2265 proto_item_append_text(ti, ", Dst: %s (%s)", dst_host,
2266 ip_to_str(iph->ip_dst.data));
2268 proto_item_append_text(ti, ", Via: %s (%s)", get_hostname(cur_rt),
2269 ip_to_str((gchar *)&cur_rt));
2273 proto_tree_add_ipv4(ip_tree, hf_ip_cur_rt, tvb, offset + 16, 4, cur_rt);
2274 item = proto_tree_add_string(ip_tree, hf_ip_cur_rt_host, tvb,
2275 offset + 16, 4, get_hostname(cur_rt));
2276 PROTO_ITEM_SET_GENERATED(item);
2277 PROTO_ITEM_SET_HIDDEN(item);
2280 proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, addr);
2281 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 16, 4,
2283 PROTO_ITEM_SET_HIDDEN(item);
2284 item = proto_tree_add_string(ip_tree, hf_ip_dst_host, tvb, offset + 16,
2286 PROTO_ITEM_SET_GENERATED(item);
2287 PROTO_ITEM_SET_HIDDEN(item);
2288 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb,
2289 offset + 16 + dst_off, 4, dst_host);
2290 PROTO_ITEM_SET_GENERATED(item);
2291 PROTO_ITEM_SET_HIDDEN(item);
2296 if (tree && ip_use_geoip) {
2297 add_geoip_info(ip_tree, tvb, offset, src32, dst32);
2301 /* Decode IP options, if any. */
2302 if (hlen > IPH_MIN_LEN) {
2303 /* There's more than just the fixed-length header. Decode the options. */
2304 optlen = hlen - IPH_MIN_LEN; /* length of options, in bytes */
2305 tf = proto_tree_add_text(ip_tree, tvb, offset + 20, optlen,
2306 "Options: (%u bytes)", optlen);
2307 field_tree = proto_item_add_subtree(tf, ett_ip_options);
2308 dissect_ip_tcp_options(tvb, offset + 20, optlen, ipopts, N_IP_OPTS,
2309 IPOPT_EOOL, pinfo, field_tree, tf);
2312 pinfo->ipproto = iph->ip_p;
2313 pinfo->iplen = iph->ip_len;
2314 pinfo->iphdrlen = hlen;
2315 tap_queue_packet(ip_tap, pinfo, iph);
2317 /* Skip over header + options */
2319 nxt = iph->ip_p; /* XXX - what if this isn't the same for all fragments? */
2321 /* If ip_defragment is on, this is a fragment, we have all the data
2322 * in the fragment, and the header checksum is valid, then just add
2323 * the fragment to the hashtable.
2325 save_fragmented = pinfo->fragmented;
2326 if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
2327 tvb_bytes_exist(tvb, offset, pinfo->iplen - pinfo->iphdrlen) &&
2329 ipfd_head = fragment_add_check(tvb, offset, pinfo,
2330 iph->ip_p ^ iph->ip_id ^ src32 ^ dst32,
2331 ip_fragment_table, ip_reassembled_table,
2332 (iph->ip_off & IP_OFFSET) * 8,
2333 pinfo->iplen - pinfo->iphdrlen,
2334 iph->ip_off & IP_MF);
2336 next_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled IPv4",
2337 ipfd_head, &ip_frag_items,
2338 &update_col_info, ip_tree);
2340 /* If this is the first fragment, dissect its contents, otherwise
2341 just show it as a fragment.
2343 XXX - if we eventually don't save the reassembled contents of all
2344 fragmented datagrams, we may want to always reassemble. */
2345 if (iph->ip_off & IP_OFFSET) {
2346 /* Not the first fragment - don't dissect it. */
2349 /* First fragment, or not fragmented. Dissect what we have here. */
2351 /* Get a tvbuff for the payload. */
2352 next_tvb = tvb_new_subset_remaining(tvb, offset);
2355 * If this is the first fragment, but not the only fragment,
2356 * tell the next protocol that.
2358 if (iph->ip_off & IP_MF)
2359 pinfo->fragmented = TRUE;
2361 pinfo->fragmented = FALSE;
2365 if (next_tvb == NULL) {
2366 /* Just show this as a fragment. */
2367 col_add_fstr(pinfo->cinfo, COL_INFO,
2368 "Fragmented IP protocol (proto=%s %u, off=%u, ID=%04x)",
2369 ipprotostr(iph->ip_p), iph->ip_p,
2370 (iph->ip_off & IP_OFFSET) * 8, iph->ip_id);
2371 if ( ipfd_head && ipfd_head->reassembled_in != pinfo->fd->num ) {
2372 col_append_fstr(pinfo->cinfo, COL_INFO, " [Reassembled in #%u]",
2373 ipfd_head->reassembled_in);
2376 call_dissector(data_handle, tvb_new_subset_remaining(tvb, offset), pinfo,
2378 pinfo->fragmented = save_fragmented;
2382 /* XXX This is an ugly hack because I didn't manage to make the IPIP
2383 * dissector a heuristic one [JMayer]
2384 * The TAPA protocol also uses IP protocol number 4 but it isn't really
2385 * IPIP, so try to detect it first and call it explicitly before calling
2386 * the generic ip.proto dispatcher
2388 if (nxt == IP_PROTO_IPIP && (tvb_get_guint8(next_tvb, 0) & 0xF0) != 0x40 &&
2389 tvb_get_ntohs(next_tvb, 2) < 20) {
2390 call_dissector(tapa_handle,next_tvb, pinfo, parent_tree);
2392 /* Hand off to the next protocol.
2394 XXX - setting the columns only after trying various dissectors means
2395 that if one of those dissectors throws an exception, the frame won't
2396 even be labeled as an IP frame; ideally, if a frame being dissected
2397 throws an exception, it'll be labeled as a mangled frame of the
2398 type in question. */
2399 } else if (!dissector_try_uint(ip_dissector_table, nxt, next_tvb, pinfo,
2401 /* Unknown protocol */
2402 if (update_col_info) {
2403 col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)",
2404 ipprotostr(iph->ip_p), iph->ip_p);
2406 call_dissector(data_handle,next_tvb, pinfo, parent_tree);
2408 pinfo->fragmented = save_fragmented;
2412 dissect_ip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2414 int length, tot_length;
2415 guint8 oct, version, ihl;
2419 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2420 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2421 |Version| IHL |Type of Service| Total Length |
2422 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2425 length = tvb_length(tvb);
2427 /* Need at least 4 bytes to make some sort of decision */
2430 oct = tvb_get_guint8(tvb,0);
2434 /* TODO: Add IPv6 checks here */
2436 3. IPv6 Header Format
2439 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2440 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2441 |Version| Traffic Class | Flow Label |
2442 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2443 | Payload Length | Next Header | Hop Limit |
2444 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2452 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2456 + Destination Address +
2460 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2462 Version 4-bit Internet Protocol version number = 6.
2464 Traffic Class 8-bit traffic class field. See section 7.
2466 Flow Label 20-bit flow label. See section 6.
2468 Payload Length 16-bit unsigned integer. Length of the IPv6
2469 payload, i.e., the rest of the packet following
2470 this IPv6 header, in octets. (Note that any
2471 extension headers [section 4] present are
2472 considered part of the payload, i.e., included
2473 in the length count.)
2478 /* Need at least 8 bytes to make a decision */
2481 tot_length = tvb_get_ntohs(tvb,4);
2482 if(tot_length != 40 + (int)tvb_reported_length(tvb)){
2485 call_dissector(ipv6_handle, tvb, pinfo, tree);
2488 /* version == IPv4 , the minimum value for a correct header is 5 */
2489 if((version != 4)|| (ihl < 5)){
2492 tot_length = tvb_get_ntohs(tvb,2);
2494 if(tot_length != 8 + (int)tvb_reported_length(tvb)){
2498 dissect_ip(tvb, pinfo, tree);
2503 proto_register_ip(void)
2505 #define ARG_TO_STR(ARG) #ARG
2506 #define FLAGS_OFFSET_WIDTH_MSG(WIDTH) \
2507 "Flags (" ARG_TO_STR(WIDTH) " bits)"
2508 #define FRAG_OFFSET_WIDTH_MSG(WIDTH) \
2509 "Fragment offset (" ARG_TO_STR(WIDTH) " bits)"
2511 static hf_register_info hf[] = {
2513 { "Version", "ip.version", FT_UINT8, BASE_DEC,
2514 NULL, 0x0, NULL, HFILL }},
2517 { "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC,
2518 NULL, 0x0, NULL, HFILL }},
2521 { "Differentiated Services field", "ip.dsfield", FT_UINT8, BASE_DEC,
2522 NULL, 0x0, NULL, HFILL }},
2524 { &hf_ip_dsfield_dscp,
2525 { "Differentiated Services Codepoint", "ip.dsfield.dscp", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
2526 &dscp_vals_ext, IPDSFIELD_DSCP_MASK, NULL, HFILL }},
2528 { &hf_ip_dsfield_ecn,
2529 { "Explicit Congestion Notification", "ip.dsfield.ecn", FT_UINT8, BASE_HEX,
2530 VALS(ecn_vals), IPDSFIELD_ECN_MASK, NULL, HFILL }},
2533 { "Type of Service", "ip.tos", FT_UINT8, BASE_DEC,
2534 NULL, 0x0, NULL, HFILL }},
2536 { &hf_ip_tos_precedence,
2537 { "Precedence", "ip.tos.precedence", FT_UINT8, BASE_DEC,
2538 VALS(precedence_vals), IPTOS_PREC_MASK, NULL, HFILL }},
2541 { "Delay", "ip.tos.delay", FT_BOOLEAN, 8,
2542 TFS(&tos_set_low), IPTOS_LOWDELAY, NULL, HFILL }},
2544 { &hf_ip_tos_throughput,
2545 { "Throughput", "ip.tos.throughput", FT_BOOLEAN, 8,
2546 TFS(&tos_set_high), IPTOS_THROUGHPUT, NULL, HFILL }},
2548 { &hf_ip_tos_reliability,
2549 { "Reliability", "ip.tos.reliability", FT_BOOLEAN, 8,
2550 TFS(&tos_set_high), IPTOS_RELIABILITY, NULL, HFILL }},
2553 { "Cost", "ip.tos.cost", FT_BOOLEAN, 8,
2554 TFS(&tos_set_low), IPTOS_LOWCOST, NULL, HFILL }},
2557 { "Total Length", "ip.len", FT_UINT16, BASE_DEC,
2558 NULL, 0x0, NULL, HFILL }},
2561 { "Identification", "ip.id", FT_UINT16, BASE_HEX_DEC,
2562 NULL, 0x0, NULL, HFILL }},
2565 { "Destination", "ip.dst", FT_IPv4, BASE_NONE,
2566 NULL, 0x0, NULL, HFILL }},
2569 { "Destination Host", "ip.dst_host", FT_STRING, BASE_NONE,
2570 NULL, 0x0, NULL, HFILL }},
2573 { "Source", "ip.src", FT_IPv4, BASE_NONE,
2574 NULL, 0x0, NULL, HFILL }},
2577 { "Source Host", "ip.src_host", FT_STRING, BASE_NONE,
2578 NULL, 0x0, NULL, HFILL }},
2581 { "Source or Destination Address", "ip.addr", FT_IPv4, BASE_NONE,
2582 NULL, 0x0, NULL, HFILL }},
2585 { "Source or Destination Host", "ip.host", FT_STRING, BASE_NONE,
2586 NULL, 0x0, NULL, HFILL }},
2589 { &hf_geoip_country,
2590 { "Source or Destination GeoIP Country", "ip.geoip.country",
2591 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2593 { "Source or Destination GeoIP City", "ip.geoip.city",
2594 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2596 { "Source or Destination GeoIP Organization", "ip.geoip.org",
2597 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2599 { "Source or Destination GeoIP ISP", "ip.geoip.isp",
2600 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2602 { "Source or Destination GeoIP AS Number", "ip.geoip.asnum",
2603 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2605 { "Source or Destination GeoIP Latitude", "ip.geoip.lat",
2606 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2608 { "Source or Destination GeoIP Longitude", "ip.geoip.lon",
2609 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2610 { &hf_geoip_src_country,
2611 { "Source GeoIP Country", "ip.geoip.src_country",
2612 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2613 { &hf_geoip_src_city,
2614 { "Source GeoIP City", "ip.geoip.src_city",
2615 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2616 { &hf_geoip_src_org,
2617 { "Source GeoIP Organization", "ip.geoip.src_org",
2618 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2619 { &hf_geoip_src_isp,
2620 { "Source GeoIP ISP", "ip.geoip.src_isp",
2621 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2622 { &hf_geoip_src_asnum,
2623 { "Source GeoIP AS Number", "ip.geoip.src_asnum",
2624 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2625 { &hf_geoip_src_lat,
2626 { "Source GeoIP Latitude", "ip.geoip.src_lat",
2627 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2628 { &hf_geoip_src_lon,
2629 { "Source GeoIP Longitude", "ip.geoip.src_lon",
2630 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2631 { &hf_geoip_dst_country,
2632 { "Destination GeoIP Country", "ip.geoip.dst_country",
2633 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2634 { &hf_geoip_dst_city,
2635 { "Destination GeoIP City", "ip.geoip.dst_city",
2636 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2637 { &hf_geoip_dst_org,
2638 { "Destination GeoIP Organization", "ip.geoip.dst_org",
2639 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2640 { &hf_geoip_dst_isp,
2641 { "Destination GeoIP ISP", "ip.geoip.dst_isp",
2642 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2643 { &hf_geoip_dst_asnum,
2644 { "Destination GeoIP AS Number", "ip.geoip.dst_asnum",
2645 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2646 { &hf_geoip_dst_lat,
2647 { "Destination GeoIP Latitude", "ip.geoip.dst_lat",
2648 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2649 { &hf_geoip_dst_lon,
2650 { "Destination GeoIP Longitude", "ip.geoip.dst_lon",
2651 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2652 #endif /* HAVE_GEOIP */
2655 { "Flags", "ip.flags", FT_UINT8, BASE_HEX,
2656 NULL, 0x0, FLAGS_OFFSET_WIDTH_MSG(IP_FLAGS_WIDTH), HFILL }},
2659 { "Security flag", "ip.flags.sf", FT_BOOLEAN, BASE_NONE,
2660 TFS(&flags_sf_set_evil), 0x0, "Security flag (RFC 3514)", HFILL }},
2663 { "Reserved bit", "ip.flags.rb", FT_BOOLEAN, BASE_NONE,
2664 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2667 { "Don't fragment", "ip.flags.df", FT_BOOLEAN, BASE_NONE,
2668 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2671 { "More fragments", "ip.flags.mf", FT_BOOLEAN, BASE_NONE,
2672 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2674 { &hf_ip_frag_offset,
2675 { "Fragment offset", "ip.frag_offset", FT_UINT16, BASE_DEC,
2676 NULL, 0x0, FRAG_OFFSET_WIDTH_MSG(IP_OFFSET_WIDTH), HFILL }},
2679 { "Time to live", "ip.ttl", FT_UINT8, BASE_DEC,
2680 NULL, 0x0, NULL, HFILL }},
2683 { "Protocol", "ip.proto", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2684 &ipproto_val_ext, 0x0, NULL, HFILL }},
2687 { "Header checksum", "ip.checksum", FT_UINT16, BASE_HEX,
2688 NULL, 0x0, NULL, HFILL }},
2690 { &hf_ip_checksum_good,
2691 { "Good", "ip.checksum_good", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2692 "True: checksum matches packet content; False: doesn't match content or not checked", HFILL }},
2694 { &hf_ip_checksum_bad,
2695 { "Bad", "ip.checksum_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2696 "True: checksum doesn't match packet content; False: matches content or not checked", HFILL }},
2698 /* IP options related fields */
2700 { "Type", "ip.opt.type", FT_UINT8, BASE_DEC,
2701 NULL, 0x0, NULL, HFILL }},
2703 { &hf_ip_opt_type_copy,
2704 { "Copy on fragmentation", "ip.opt.type.copy", FT_BOOLEAN, 8,
2705 TFS(&tfs_yes_no), IPOPT_COPY_MASK, NULL, HFILL }},
2707 { &hf_ip_opt_type_class,
2708 { "Class", "ip.opt.type.class", FT_UINT8, BASE_DEC,
2709 VALS(ipopt_type_class_vals), IPOPT_CLASS_MASK, NULL, HFILL }},
2711 { &hf_ip_opt_type_number,
2712 { "Number", "ip.opt.type.number", FT_UINT8, BASE_DEC,
2713 VALS(ipopt_type_number_vals), IPOPT_NUMBER_MASK, NULL, HFILL }},
2716 { "Length", "ip.opt.len", FT_UINT8, BASE_DEC,
2717 NULL, 0x0, NULL, HFILL }},
2720 { "Pointer", "ip.opt.ptr", FT_UINT8, BASE_DEC,
2721 NULL, 0x0, NULL, HFILL }},
2724 { "Stream Identifier", "ip.opt.sid", FT_UINT16, BASE_DEC,
2725 NULL, 0x0, "SATNET stream identifier", HFILL }},
2728 { "MTU", "ip.opt.mtu", FT_UINT16, BASE_DEC,
2729 NULL, 0x0, NULL, HFILL }},
2731 { &hf_ip_opt_id_number,
2732 { "ID Number", "ip.opt.id_number", FT_UINT16, BASE_DEC,
2733 NULL, 0x0, NULL, HFILL }},
2736 { "Outbound Hop Count", "ip.opt.ohc", FT_UINT16, BASE_DEC,
2737 NULL, 0x0, NULL, HFILL }},
2740 { "Return Hop Count", "ip.opt.rhc", FT_UINT16, BASE_DEC,
2741 NULL, 0x0, NULL, HFILL }},
2743 { &hf_ip_opt_originator,
2744 { "Originator IP Address", "ip.opt.originator", FT_IPv4, BASE_NONE,
2745 NULL, 0x0, NULL, HFILL }},
2748 { "Router Alert", "ip.opt.ra", FT_UINT16, BASE_DEC | BASE_RANGE_STRING,
2749 RVALS(ra_rvals), 0x0, NULL, HFILL }},
2752 { "IP Address", "ip.opt.addr", FT_IPv4, BASE_NONE,
2753 NULL, 0x0, NULL, HFILL }},
2755 { &hf_ip_opt_padding,
2756 { "Padding", "ip.opt.padding", FT_BYTES, BASE_NONE,
2757 NULL, 0x0, NULL, HFILL }},
2759 { &hf_ip_opt_qs_func,
2760 { "Function", "ip.opt.qs_func", FT_UINT8, BASE_DEC,
2761 VALS(qs_func_vals), QS_FUNC_MASK, NULL, HFILL }},
2763 { &hf_ip_opt_qs_rate,
2764 { "Rate", "ip.opt.qs_rate", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2765 &qs_rate_vals_ext, QS_RATE_MASK, NULL, HFILL }},
2767 { &hf_ip_opt_qs_ttl,
2768 { "QS TTL", "ip.opt.qs_ttl", FT_UINT8, BASE_DEC,
2769 NULL, 0x0, NULL, HFILL }},
2771 { &hf_ip_opt_qs_ttl_diff,
2772 { "TTL Diff", "ip.opt.qs_ttl_diff", FT_UINT8, BASE_DEC,
2773 NULL, 0x0, NULL, HFILL }},
2775 { &hf_ip_opt_qs_unused,
2776 { "Not Used", "ip.opt.qs_unused", FT_UINT8, BASE_DEC,
2777 NULL, 0x0, NULL, HFILL }},
2779 { &hf_ip_opt_qs_nonce,
2780 { "QS Nonce", "ip.opt.qs_nonce", FT_UINT32, BASE_HEX,
2781 NULL, 0xFFFFFFFC, NULL, HFILL }},
2783 { &hf_ip_opt_qs_reserved,
2784 { "Reserved", "ip.opt.qs_reserved", FT_UINT32, BASE_HEX,
2785 NULL, 0x00000003, NULL, HFILL }},
2787 { &hf_ip_opt_sec_rfc791_sec,
2788 { "Security", "ip.opt.sec_rfc791_sec", FT_UINT8, BASE_HEX,
2789 VALS(secl_rfc791_vals), 0x0, NULL, HFILL }},
2791 { &hf_ip_opt_sec_rfc791_comp,
2792 { "Compartments", "ip.opt.sec_rfc791_comp", FT_UINT16, BASE_DEC,
2793 NULL, 0x0, NULL, HFILL }},
2795 { &hf_ip_opt_sec_rfc791_hr,
2796 { "Handling Restrictions", "ip.opt.sec_rfc791_hr", FT_STRING, BASE_NONE,
2797 NULL, 0x0, NULL, HFILL }},
2799 { &hf_ip_opt_sec_rfc791_tcc,
2800 { "Transmission Control Code", "ip.opt.sec_rfc791_tcc", FT_STRING, BASE_NONE,
2801 NULL, 0x0, NULL, HFILL }},
2803 { &hf_ip_opt_sec_cl,
2804 { "Classification Level", "ip.opt.sec_cl", FT_UINT8, BASE_HEX,
2805 VALS(sec_cl_vals), 0x0, NULL, HFILL }},
2807 { &hf_ip_opt_sec_prot_auth_flags,
2808 { "Protection Authority Flags", "ip.opt.sec_prot_auth_flags", FT_UINT8, BASE_HEX,
2809 NULL, 0x0, NULL, HFILL }},
2811 { &hf_ip_opt_sec_prot_auth_genser,
2812 { "GENSER", "ip.opt.sec_prot_auth_genser", FT_BOOLEAN, 8,
2813 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x80, NULL, HFILL }},
2815 { &hf_ip_opt_sec_prot_auth_siop_esi,
2816 { "SIOP-ESI", "ip.opt.sec_prot_auth_siop_esi", FT_BOOLEAN, 8,
2817 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x40, NULL, HFILL }},
2819 { &hf_ip_opt_sec_prot_auth_sci,
2820 { "SCI", "ip.opt.sec_prot_auth_sci", FT_BOOLEAN, 8,
2821 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x20, NULL, HFILL }},
2823 { &hf_ip_opt_sec_prot_auth_nsa,
2824 { "NSA", "ip.opt.sec_prot_auth_nsa", FT_BOOLEAN, 8,
2825 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x10, NULL, HFILL }},
2827 { &hf_ip_opt_sec_prot_auth_doe,
2828 { "DOE", "ip.opt.sec_prot_auth_doe", FT_BOOLEAN, 8,
2829 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x08, NULL, HFILL }},
2831 { &hf_ip_opt_sec_prot_auth_unassigned,
2832 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2833 NULL, 0x06, NULL, HFILL }},
2835 { &hf_ip_opt_sec_prot_auth_unassigned2,
2836 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2837 NULL, 0xFE, NULL, HFILL }},
2839 { &hf_ip_opt_sec_prot_auth_fti,
2840 { "Field Termination Indicator", "ip.opt.sec_prot_auth_fti", FT_BOOLEAN, 8,
2841 TFS(&ip_opt_sec_prot_auth_fti_tfs), 0x01, NULL, HFILL }},
2843 { &hf_ip_opt_ext_sec_add_sec_info_format_code,
2844 { "Additional Security Info Format Code", "ip.opt.ext_sec_add_sec_info_format_code", FT_UINT8, BASE_HEX,
2845 NULL, 0x0, NULL, HFILL }},
2847 { &hf_ip_opt_ext_sec_add_sec_info,
2848 { "Additional Security Info", "ip.opt.ext_sec_add_sec_info", FT_BYTES, BASE_NONE,
2849 NULL, 0x0, NULL, HFILL }},
2852 { "Recorded Route", "ip.rec_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2855 { &hf_ip_rec_rt_host,
2856 { "Recorded Route Host", "ip.rec_rt_host", FT_STRING, BASE_NONE,
2857 NULL, 0x0, NULL, HFILL }},
2860 { "Current Route", "ip.cur_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2863 { &hf_ip_cur_rt_host,
2864 { "Current Route Host", "ip.cur_rt_host", FT_STRING, BASE_NONE,
2865 NULL, 0x0, NULL, HFILL }},
2868 { "Source Route", "ip.src_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2871 { &hf_ip_src_rt_host,
2872 { "Source Route Host", "ip.src_rt_host", FT_STRING, BASE_NONE,
2873 NULL, 0x0, NULL, HFILL }},
2876 { "Empty Route", "ip.empty_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2879 { &hf_ip_empty_rt_host,
2880 { "Empty Route Host", "ip.empty_rt_host", FT_STRING, BASE_NONE,
2881 NULL, 0x0, NULL, HFILL }},
2883 { &hf_ip_fragment_overlap,
2884 { "Fragment overlap", "ip.fragment.overlap", FT_BOOLEAN, BASE_NONE,
2885 NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
2887 { &hf_ip_fragment_overlap_conflict,
2888 { "Conflicting data in fragment overlap", "ip.fragment.overlap.conflict",
2889 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2890 "Overlapping fragments contained conflicting data", HFILL }},
2892 { &hf_ip_fragment_multiple_tails,
2893 { "Multiple tail fragments found", "ip.fragment.multipletails",
2894 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2895 "Several tails were found when defragmenting the packet", HFILL }},
2897 { &hf_ip_fragment_too_long_fragment,
2898 { "Fragment too long", "ip.fragment.toolongfragment",
2899 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2900 "Fragment contained data past end of packet", HFILL }},
2902 { &hf_ip_fragment_error,
2903 { "Defragmentation error", "ip.fragment.error", FT_FRAMENUM, BASE_NONE,
2904 NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
2906 { &hf_ip_fragment_count,
2907 { "Fragment count", "ip.fragment.count", FT_UINT32, BASE_DEC,
2908 NULL, 0x0, NULL, HFILL }},
2911 { "IPv4 Fragment", "ip.fragment", FT_FRAMENUM, BASE_NONE,
2912 NULL, 0x0, NULL, HFILL }},
2915 { "IPv4 Fragments", "ip.fragments", FT_BYTES, BASE_NONE,
2916 NULL, 0x0, NULL, HFILL }},
2918 { &hf_ip_reassembled_in,
2919 { "Reassembled IPv4 in frame", "ip.reassembled_in", FT_FRAMENUM, BASE_NONE,
2920 NULL, 0x0, "This IPv4 packet is reassembled in this frame", HFILL }},
2922 { &hf_ip_reassembled_length,
2923 { "Reassembled IPv4 length", "ip.reassembled.length", FT_UINT32, BASE_DEC,
2924 NULL, 0x0, "The total length of the reassembled payload", HFILL }},
2926 { &hf_ip_reassembled_data,
2927 { "Reassembled IPv4 data", "ip.reassembled.data", FT_BYTES, BASE_NONE,
2928 NULL, 0x0, "The reassembled payload", HFILL }}
2931 static gint *ett[] = {
2937 &ett_ip_option_eool,
2940 &ett_ip_option_route,
2941 &ett_ip_option_timestamp,
2942 &ett_ip_option_ext_security,
2943 &ett_ip_option_cipso,
2950 &ett_ip_option_other,
2955 &ett_ip_opt_sec_prot_auth_flags,
2960 module_t *ip_module;
2962 proto_ip = proto_register_protocol("Internet Protocol Version 4", "IPv4", "ip");
2963 proto_register_field_array(proto_ip, hf, array_length(hf));
2964 proto_register_subtree_array(ett, array_length(ett));
2966 /* subdissector code */
2967 ip_dissector_table = register_dissector_table("ip.proto", "IPv4 protocol",
2968 FT_UINT8, BASE_DEC);
2970 /* Register configuration options */
2971 ip_module = prefs_register_protocol(proto_ip, NULL);
2972 prefs_register_bool_preference(ip_module, "decode_tos_as_diffserv",
2973 "Decode IPv4 TOS field as DiffServ field",
2974 "Whether the IPv4 type-of-service field should be decoded as a "
2975 "Differentiated Services field (see RFC2474/RFC2475)", &g_ip_dscp_actif);
2976 prefs_register_bool_preference(ip_module, "defragment",
2977 "Reassemble fragmented IPv4 datagrams",
2978 "Whether fragmented IPv4 datagrams should be reassembled", &ip_defragment);
2979 prefs_register_bool_preference(ip_module, "summary_in_tree",
2980 "Show IPv4 summary in protocol tree",
2981 "Whether the IPv4 summary line should be shown in the protocol tree",
2982 &ip_summary_in_tree);
2983 prefs_register_bool_preference(ip_module, "check_checksum",
2984 "Validate the IPv4 checksum if possible",
2985 "Whether to validate the IPv4 checksum", &ip_check_checksum);
2986 prefs_register_bool_preference(ip_module, "tso_support",
2987 "Support packet-capture from IP TSO-enabled hardware",
2988 "Whether to correct for TSO-enabled (TCP segmentation offload) hardware "
2989 "captures, such as spoofing the IP packet length", &ip_tso_supported);
2991 prefs_register_bool_preference(ip_module, "use_geoip",
2992 "Enable GeoIP lookups",
2993 "Whether to look up IP addresses in each GeoIP database we have loaded",
2995 #endif /* HAVE_GEOIP */
2996 prefs_register_bool_preference(ip_module, "security_flag" ,
2997 "Interpret Reserved flag as Security flag (RFC 3514)",
2998 "Whether to interpret the originally reserved flag as security flag",
3001 register_dissector("ip", dissect_ip, proto_ip);
3002 register_init_routine(ip_defragment_init);
3003 ip_tap = register_tap("ip");
3007 proto_reg_handoff_ip(void)
3009 dissector_handle_t ip_handle;
3011 ip_handle = find_dissector("ip");
3012 ipv6_handle = find_dissector("ipv6");
3013 tapa_handle = find_dissector("tapa");
3014 data_handle = find_dissector("data");
3016 dissector_add_uint("ethertype", ETHERTYPE_IP, ip_handle);
3017 dissector_add_uint("ppp.protocol", PPP_IP, ip_handle);
3018 dissector_add_uint("ppp.protocol", ETHERTYPE_IP, ip_handle);
3019 dissector_add_uint("gre.proto", ETHERTYPE_IP, ip_handle);
3020 dissector_add_uint("gre.proto", GRE_WCCP, ip_handle);
3021 dissector_add_uint("llc.dsap", SAP_IP, ip_handle);
3022 dissector_add_uint("ip.proto", IP_PROTO_IPIP, ip_handle);
3023 dissector_add_uint("null.type", BSD_AF_INET, ip_handle);
3024 dissector_add_uint("chdlctype", ETHERTYPE_IP, ip_handle);
3025 dissector_add_uint("osinl.excl", NLPID_IP, ip_handle);
3026 dissector_add_uint("fr.ietf", NLPID_IP, ip_handle);
3027 dissector_add_uint("x.25.spi", NLPID_IP, ip_handle);
3028 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1051, ip_handle);
3029 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1201, ip_handle);
3030 dissector_add_uint("ax25.pid", AX25_P_IP, ip_handle);
3031 dissector_add_handle("udp.port", ip_handle);
3033 heur_dissector_add("tipc", dissect_ip_heur, proto_ip);
3037 * Editor modelines - http://www.wireshark.org/tools/modelines.html
3042 * indent-tabs-mode: nil
3045 * vi: set shiftwidth=2 tabstop=8 expandtab:
3046 * :indentSize=2:tabSize=8:noTabs=true: