2 * Routines for IP and miscellaneous IP protocol packet disassembly
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 1998 Gerald Combs
10 * Wednesday, January 17, 2006
11 * Support for the CIPSO IPv4 option
12 * (http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379)
13 * by Paul Moore <paul.moore@hp.com>
15 * This program is free software; you can redistribute it and/or
16 * modify it under the terms of the GNU General Public License
17 * as published by the Free Software Foundation; either version 2
18 * of the License, or (at your option) any later version.
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
35 #include <epan/packet.h>
36 #include <epan/addr_resolv.h>
37 #include <epan/ipproto.h>
38 #include <epan/ip_opts.h>
39 #include <epan/prefs.h>
40 #include <epan/reassemble.h>
41 #include <epan/etypes.h>
42 #include <epan/greproto.h>
43 #include <epan/ppptypes.h>
44 #include <epan/llcsaps.h>
45 #include <epan/aftypes.h>
46 #include <epan/arcnet_pids.h>
47 #include <epan/in_cksum.h>
48 #include <epan/nlpid.h>
49 #include <epan/ax25_pids.h>
51 #include <epan/wmem/wmem.h>
52 #include <epan/expert.h>
54 #include "packet-ip.h"
55 #include "packet-ipsec.h"
59 #include <epan/geoip_db.h>
60 #endif /* HAVE_GEOIP */
63 static int ip_tap = -1;
65 /* Decode the old IPv4 TOS field as the DiffServ DS Field (RFC2474/2475) */
66 static gboolean g_ip_dscp_actif = TRUE;
68 /* Defragment fragmented IP datagrams */
69 static gboolean ip_defragment = TRUE;
71 /* Place IP summary in proto tree */
72 static gboolean ip_summary_in_tree = TRUE;
74 /* Perform IP checksum */
75 static gboolean ip_check_checksum = TRUE;
77 /* Assume TSO and correct zero-length IP packets */
78 static gboolean ip_tso_supported = TRUE;
81 /* Look up addresses in GeoIP */
82 static gboolean ip_use_geoip = TRUE;
83 #endif /* HAVE_GEOIP */
85 /* Interpret the reserved flag as security flag (RFC 3514) */
86 static gboolean ip_security_flag = FALSE;
88 static int proto_ip = -1;
89 static int hf_ip_version = -1;
90 static int hf_ip_hdr_len = -1;
91 static int hf_ip_dsfield = -1;
92 static int hf_ip_dsfield_dscp = -1;
93 static int hf_ip_dsfield_ecn = -1;
94 static int hf_ip_tos = -1;
95 static int hf_ip_tos_precedence = -1;
96 static int hf_ip_tos_delay = -1;
97 static int hf_ip_tos_throughput = -1;
98 static int hf_ip_tos_reliability = -1;
99 static int hf_ip_tos_cost = -1;
100 static int hf_ip_len = -1;
101 static int hf_ip_id = -1;
102 static int hf_ip_dst = -1;
103 static int hf_ip_dst_host = -1;
104 static int hf_ip_src = -1;
105 static int hf_ip_src_host = -1;
106 static int hf_ip_addr = -1;
107 static int hf_ip_host = -1;
108 static int hf_ip_flags = -1;
109 static int hf_ip_flags_sf = -1;
110 static int hf_ip_flags_rf = -1;
111 static int hf_ip_flags_df = -1;
112 static int hf_ip_flags_mf = -1;
113 static int hf_ip_frag_offset = -1;
114 static int hf_ip_ttl = -1;
115 static int hf_ip_proto = -1;
116 static int hf_ip_checksum = -1;
117 static int hf_ip_checksum_good = -1;
118 static int hf_ip_checksum_bad = -1;
120 /* IP option fields */
121 static int hf_ip_opt_type = -1;
122 static int hf_ip_opt_type_copy = -1;
123 static int hf_ip_opt_type_class = -1;
124 static int hf_ip_opt_type_number = -1;
125 static int hf_ip_opt_len = -1;
126 static int hf_ip_opt_ptr = -1;
127 static int hf_ip_opt_sid = -1;
128 static int hf_ip_opt_mtu = -1;
129 static int hf_ip_opt_id_number = -1;
130 static int hf_ip_opt_ohc = -1;
131 static int hf_ip_opt_rhc = -1;
132 static int hf_ip_opt_originator = -1;
133 static int hf_ip_opt_ra = -1;
134 static int hf_ip_opt_addr = -1;
135 static int hf_ip_opt_padding = -1;
136 static int hf_ip_opt_qs_func = -1;
137 static int hf_ip_opt_qs_rate = -1;
138 static int hf_ip_opt_qs_ttl = -1;
139 static int hf_ip_opt_qs_ttl_diff = -1;
140 static int hf_ip_opt_qs_unused = -1;
141 static int hf_ip_opt_qs_nonce = -1;
142 static int hf_ip_opt_qs_reserved = -1;
143 static int hf_ip_opt_sec_rfc791_sec = -1;
144 static int hf_ip_opt_sec_rfc791_comp = -1;
145 static int hf_ip_opt_sec_rfc791_hr = -1;
146 static int hf_ip_opt_sec_rfc791_tcc = -1;
147 static int hf_ip_opt_sec_cl = -1;
148 static int hf_ip_opt_sec_prot_auth_flags = -1;
149 static int hf_ip_opt_sec_prot_auth_genser = -1;
150 static int hf_ip_opt_sec_prot_auth_siop_esi = -1;
151 static int hf_ip_opt_sec_prot_auth_sci = -1;
152 static int hf_ip_opt_sec_prot_auth_nsa = -1;
153 static int hf_ip_opt_sec_prot_auth_doe = -1;
154 static int hf_ip_opt_sec_prot_auth_unassigned = -1;
155 static int hf_ip_opt_sec_prot_auth_unassigned2 = -1;
156 static int hf_ip_opt_sec_prot_auth_fti = -1;
157 static int hf_ip_opt_ext_sec_add_sec_info_format_code = -1;
158 static int hf_ip_opt_ext_sec_add_sec_info = -1;
159 static int hf_ip_rec_rt = -1;
160 static int hf_ip_rec_rt_host = -1;
161 static int hf_ip_cur_rt = -1;
162 static int hf_ip_cur_rt_host = -1;
163 static int hf_ip_src_rt = -1;
164 static int hf_ip_src_rt_host = -1;
165 static int hf_ip_empty_rt = -1;
166 static int hf_ip_empty_rt_host = -1;
168 static int hf_ip_fragments = -1;
169 static int hf_ip_fragment = -1;
170 static int hf_ip_fragment_overlap = -1;
171 static int hf_ip_fragment_overlap_conflict = -1;
172 static int hf_ip_fragment_multiple_tails = -1;
173 static int hf_ip_fragment_too_long_fragment = -1;
174 static int hf_ip_fragment_error = -1;
175 static int hf_ip_fragment_count = -1;
176 static int hf_ip_reassembled_in = -1;
177 static int hf_ip_reassembled_length = -1;
178 static int hf_ip_reassembled_data = -1;
181 static int hf_geoip_country = -1;
182 static int hf_geoip_city = -1;
183 static int hf_geoip_org = -1;
184 static int hf_geoip_isp = -1;
185 static int hf_geoip_asnum = -1;
186 static int hf_geoip_lat = -1;
187 static int hf_geoip_lon = -1;
188 static int hf_geoip_src_country = -1;
189 static int hf_geoip_src_city = -1;
190 static int hf_geoip_src_org = -1;
191 static int hf_geoip_src_isp = -1;
192 static int hf_geoip_src_asnum = -1;
193 static int hf_geoip_src_lat = -1;
194 static int hf_geoip_src_lon = -1;
195 static int hf_geoip_dst_country = -1;
196 static int hf_geoip_dst_city = -1;
197 static int hf_geoip_dst_org = -1;
198 static int hf_geoip_dst_isp = -1;
199 static int hf_geoip_dst_asnum = -1;
200 static int hf_geoip_dst_lat = -1;
201 static int hf_geoip_dst_lon = -1;
202 #endif /* HAVE_GEOIP */
204 static gint ett_ip = -1;
205 static gint ett_ip_dsfield = -1;
206 static gint ett_ip_tos = -1;
207 static gint ett_ip_off = -1;
208 static gint ett_ip_options = -1;
209 static gint ett_ip_option_eool = -1;
210 static gint ett_ip_option_nop = -1;
211 static gint ett_ip_option_sec = -1;
212 static gint ett_ip_option_route = -1;
213 static gint ett_ip_option_timestamp = -1;
214 static gint ett_ip_option_ext_security = -1;
215 static gint ett_ip_option_cipso = -1;
216 static gint ett_ip_option_sid = -1;
217 static gint ett_ip_option_mtu = -1;
218 static gint ett_ip_option_tr = -1;
219 static gint ett_ip_option_ra = -1;
220 static gint ett_ip_option_sdb = -1;
221 static gint ett_ip_option_qs = -1;
222 static gint ett_ip_option_other = -1;
223 static gint ett_ip_fragments = -1;
224 static gint ett_ip_fragment = -1;
225 static gint ett_ip_checksum = -1;
226 static gint ett_ip_opt_type = -1;
227 static gint ett_ip_opt_sec_prot_auth_flags = -1;
230 static gint ett_geoip_info = -1;
231 #endif /* HAVE_GEOIP */
233 static const fragment_items ip_frag_items = {
238 &hf_ip_fragment_overlap,
239 &hf_ip_fragment_overlap_conflict,
240 &hf_ip_fragment_multiple_tails,
241 &hf_ip_fragment_too_long_fragment,
242 &hf_ip_fragment_error,
243 &hf_ip_fragment_count,
244 &hf_ip_reassembled_in,
245 &hf_ip_reassembled_length,
246 &hf_ip_reassembled_data,
250 static dissector_table_t ip_dissector_table;
252 static dissector_handle_t ipv6_handle;
253 static dissector_handle_t data_handle;
254 static dissector_handle_t tapa_handle;
257 /* IP structs and definitions */
259 /* Offsets of fields within an IP header. */
271 /* Minimum IP header length. */
272 #define IPH_MIN_LEN 20
274 /* Width (in bits) of the fragment offset IP header field */
275 #define IP_OFFSET_WIDTH 13
277 /* Width (in bits) of the flags IP header field */
278 #define IP_FLAGS_WIDTH 3
281 #define IP_RF 0x8000 /* Flag: "Reserved bit" */
282 #define IP_DF 0x4000 /* Flag: "Don't Fragment" */
283 #define IP_MF 0x2000 /* Flag: "More Fragments" */
284 #define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
286 /* Differentiated Services Field. See RFCs 2474, 2597 and 2598. */
287 #define IPDSFIELD_DSCP_MASK 0xFC
288 #define IPDSFIELD_ECN_MASK 0x03
289 #define IPDSFIELD_DSCP_SHIFT 2
291 #define IPDSFIELD_DSCP(dsfield) (((dsfield)&IPDSFIELD_DSCP_MASK)>>IPDSFIELD_DSCP_SHIFT)
292 #define IPDSFIELD_ECN(dsfield) ((dsfield)&IPDSFIELD_ECN_MASK)
294 #define IPDSFIELD_DSCP_DEFAULT 0x00
295 #define IPDSFIELD_DSCP_CS1 0x08
296 #define IPDSFIELD_DSCP_AF11 0x0A
297 #define IPDSFIELD_DSCP_AF12 0x0C
298 #define IPDSFIELD_DSCP_AF13 0x0E
299 #define IPDSFIELD_DSCP_CS2 0x10
300 #define IPDSFIELD_DSCP_AF21 0x12
301 #define IPDSFIELD_DSCP_AF22 0x14
302 #define IPDSFIELD_DSCP_AF23 0x16
303 #define IPDSFIELD_DSCP_CS3 0x18
304 #define IPDSFIELD_DSCP_AF31 0x1A
305 #define IPDSFIELD_DSCP_AF32 0x1C
306 #define IPDSFIELD_DSCP_AF33 0x1E
307 #define IPDSFIELD_DSCP_CS4 0x20
308 #define IPDSFIELD_DSCP_AF41 0x22
309 #define IPDSFIELD_DSCP_AF42 0x24
310 #define IPDSFIELD_DSCP_AF43 0x26
311 #define IPDSFIELD_DSCP_CS5 0x28
312 #define IPDSFIELD_DSCP_EF 0x2E
313 #define IPDSFIELD_DSCP_CS6 0x30
314 #define IPDSFIELD_DSCP_CS7 0x38
316 #define IPDSFIELD_ECT_NOT 0x00
317 #define IPDSFIELD_ECT_1 0x01
318 #define IPDSFIELD_ECT_0 0x02
319 #define IPDSFIELD_CE 0x03
321 /* IP TOS, superseded by the DS Field, RFC 2474. */
322 #define IPTOS_TOS_MASK 0x1E
323 #define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
324 #define IPTOS_NONE 0x00
325 #define IPTOS_LOWCOST 0x02
326 #define IPTOS_RELIABILITY 0x04
327 #define IPTOS_THROUGHPUT 0x08
328 #define IPTOS_LOWDELAY 0x10
329 #define IPTOS_SECURITY 0x1E
331 #define IPTOS_PREC_MASK 0xE0
332 #define IPTOS_PREC_SHIFT 5
333 #define IPTOS_PREC(tos) (((tos)&IPTOS_PREC_MASK)>>IPTOS_PREC_SHIFT)
334 #define IPTOS_PREC_NETCONTROL 7
335 #define IPTOS_PREC_INTERNETCONTROL 6
336 #define IPTOS_PREC_CRITIC_ECP 5
337 #define IPTOS_PREC_FLASHOVERRIDE 4
338 #define IPTOS_PREC_FLASH 3
339 #define IPTOS_PREC_IMMEDIATE 2
340 #define IPTOS_PREC_PRIORITY 1
341 #define IPTOS_PREC_ROUTINE 0
344 #define IPOPT_COPY_MASK 0x80
345 #define IPOPT_COPY 0x80
347 #define IPOPT_CLASS_MASK 0x60
348 #define IPOPT_CONTROL 0x00
349 #define IPOPT_RESERVED1 0x20
350 #define IPOPT_MEASUREMENT 0x40
351 #define IPOPT_RESERVED2 0x60
353 #define IPOPT_NUMBER_MASK 0x1F
355 /* REF: http://www.iana.org/assignments/ip-parameters */
356 /* TODO: Not all of these are implemented. */
357 #define IPOPT_EOOL (0 |IPOPT_CONTROL)
358 #define IPOPT_NOP (1 |IPOPT_CONTROL)
359 #define IPOPT_SEC (2 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 791/1108 */
360 #define IPOPT_LSR (3 |IPOPT_COPY|IPOPT_CONTROL)
361 #define IPOPT_TS (4 |IPOPT_MEASUREMENT)
362 #define IPOPT_ESEC (5 |IPOPT_COPY|IPOPT_CONTROL) /* RFC 1108 */
363 #define IPOPT_CIPSO (6 |IPOPT_COPY|IPOPT_CONTROL) /* draft-ietf-cipso-ipsecurity-01 */
364 #define IPOPT_RR (7 |IPOPT_CONTROL)
365 #define IPOPT_SID (8 |IPOPT_COPY|IPOPT_CONTROL)
366 #define IPOPT_SSR (9 |IPOPT_COPY|IPOPT_CONTROL)
367 #define IPOPT_ZSU (10|IPOPT_CONTROL) /* Zsu */
368 #define IPOPT_MTUP (11|IPOPT_CONTROL) /* RFC 1063 */
369 #define IPOPT_MTUR (12|IPOPT_CONTROL) /* RFC 1063 */
370 #define IPOPT_FINN (13|IPOPT_COPY|IPOPT_MEASUREMENT) /* Finn */
371 #define IPOPT_VISA (14|IPOPT_COPY|IPOPT_CONTROL) /* Estrin */
372 #define IPOPT_ENCODE (15|IPOPT_CONTROL) /* VerSteeg */
373 #define IPOPT_IMITD (16|IPOPT_COPY|IPOPT_CONTROL) /* Lee */
374 #define IPOPT_EIP (17|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1385 */
375 #define IPOPT_TR (18|IPOPT_MEASUREMENT) /* RFC 1393 */
376 #define IPOPT_ADDEXT (19|IPOPT_COPY|IPOPT_CONTROL) /* Ullmann IPv7 */
377 #define IPOPT_RTRALT (20|IPOPT_COPY|IPOPT_CONTROL) /* RFC 2113 */
378 #define IPOPT_SDB (21|IPOPT_COPY|IPOPT_CONTROL) /* RFC 1770 Graff */
379 #define IPOPT_UN (22|IPOPT_COPY|IPOPT_CONTROL) /* Released 18-Oct-2005 */
380 #define IPOPT_DPS (23|IPOPT_COPY|IPOPT_CONTROL) /* Malis */
381 #define IPOPT_UMP (24|IPOPT_COPY|IPOPT_CONTROL) /* Farinacci */
382 #define IPOPT_QS (25|IPOPT_CONTROL) /* RFC 4782 */
383 #define IPOPT_EXP (30|IPOPT_CONTROL) /* RFC 4727 */
386 /* IP option lengths */
387 #define IPOLEN_SEC_MIN 3
388 #define IPOLEN_LSR_MIN 3
389 #define IPOLEN_TS_MIN 4
390 #define IPOLEN_ESEC_MIN 3
391 #define IPOLEN_CIPSO_MIN 10
392 #define IPOLEN_RR_MIN 3
394 #define IPOLEN_SSR_MIN 3
398 #define IPOLEN_SDB_MIN 6
400 #define IPOLEN_MAX 40
402 #define IPSEC_RFC791_UNCLASSIFIED 0x0000
403 #define IPSEC_RFC791_CONFIDENTIAL 0xF135
404 #define IPSEC_RFC791_EFTO 0x789A
405 #define IPSEC_RFC791_MMMM 0xBC4D
406 #define IPSEC_RFC791_PROG 0x5E26
407 #define IPSEC_RFC791_RESTRICTED 0xAF13
408 #define IPSEC_RFC791_SECRET 0xD788
409 #define IPSEC_RFC791_TOPSECRET 0x6BC5
410 #define IPSEC_RFC791_RESERVED1 0x35E2
411 #define IPSEC_RFC791_RESERVED2 0x9AF1
412 #define IPSEC_RFC791_RESERVED3 0x4D78
413 #define IPSEC_RFC791_RESERVED4 0x24BD
414 #define IPSEC_RFC791_RESERVED5 0x135E
415 #define IPSEC_RFC791_RESERVED6 0x89AF
416 #define IPSEC_RFC791_RESERVED7 0xC4D6
417 #define IPSEC_RFC791_RESERVED8 0xE26B
419 #define IPSEC_RESERVED4 0x01
420 #define IPSEC_TOPSECRET 0x3D
421 #define IPSEC_SECRET 0x5A
422 #define IPSEC_CONFIDENTIAL 0x96
423 #define IPSEC_RESERVED3 0x66
424 #define IPSEC_RESERVED2 0xCC
425 #define IPSEC_UNCLASSIFIED 0xAB
426 #define IPSEC_RESERVED1 0xF1
428 #define IPOPT_TS_TSONLY 0 /* timestamps only */
429 #define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
430 #define IPOPT_TS_PRESPEC 3 /* specified modules only */
432 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR 0xE0000012
433 #define IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL 0xFF
434 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR 0xE0000066
435 #define IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL 0XFF
436 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR 0xE00000FB
437 #define IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL 0XFF
438 #define IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR 0xE00000FC
440 #define IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL 0x1000 /* larger than max ttl */
441 #define IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL 0X01
443 /* Return true if the address is in the 224.0.0.0/24 network block */
444 #define is_a_local_network_control_block_addr(addr) \
445 ((addr & 0xffffff00) == 0xe0000000)
447 /* Return true if the address is in the 224.0.0.0/4 network block */
448 #define is_a_multicast_addr(addr) \
449 ((addr & 0xf0000000) == 0xe0000000)
452 * defragmentation of IPv4
454 static reassembly_table ip_reassembly_table;
457 ip_defragment_init(void)
459 reassembly_table_init(&ip_reassembly_table,
460 &addresses_reassembly_table_functions);
464 capture_ip(const guchar *pd, int offset, int len, packet_counts *ld) {
465 if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN)) {
469 switch (pd[offset + 9]) {
474 case IP_PROTO_UDPLITE:
478 case IP_PROTO_ICMPV6: /* XXX - separate counters? */
500 add_geoip_info_entry(proto_item *geoip_info_item, tvbuff_t *tvb, gint offset, guint32 ip, int isdst)
502 proto_tree *geoip_info_tree;
504 guint num_dbs = geoip_db_num_dbs();
508 geoip_info_tree = proto_item_add_subtree(geoip_info_item, ett_geoip_info);
510 for (dbnum = 0; dbnum < num_dbs; dbnum++) {
511 const char *geoip_str = geoip_db_lookup_ipv4(dbnum, ip, NULL);
512 int db_type = geoip_db_type(dbnum);
514 int geoip_hf, geoip_local_hf;
517 case GEOIP_COUNTRY_EDITION:
518 geoip_hf = hf_geoip_country;
519 geoip_local_hf = (isdst) ? hf_geoip_dst_country : hf_geoip_src_country;
521 case GEOIP_CITY_EDITION_REV0:
522 geoip_hf = hf_geoip_city;
523 geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
525 case GEOIP_CITY_EDITION_REV1:
526 geoip_hf = hf_geoip_city;
527 geoip_local_hf = (isdst) ? hf_geoip_dst_city : hf_geoip_src_city;
529 case GEOIP_ORG_EDITION:
530 geoip_hf = hf_geoip_org;
531 geoip_local_hf = (isdst) ? hf_geoip_dst_org : hf_geoip_src_org;
533 case GEOIP_ISP_EDITION:
534 geoip_hf = hf_geoip_isp;
535 geoip_local_hf = (isdst) ? hf_geoip_dst_isp : hf_geoip_src_isp;
537 case GEOIP_ASNUM_EDITION:
538 geoip_hf = hf_geoip_asnum;
539 geoip_local_hf = (isdst) ? hf_geoip_dst_asnum : hf_geoip_src_asnum;
541 case WS_LAT_FAKE_EDITION:
542 geoip_hf = hf_geoip_lat;
543 geoip_local_hf = (isdst) ? hf_geoip_dst_lat : hf_geoip_src_lat;
545 case WS_LON_FAKE_EDITION:
546 geoip_hf = hf_geoip_lon;
547 geoip_local_hf = (isdst) ? hf_geoip_dst_lon : hf_geoip_src_lon;
556 if (db_type == WS_LAT_FAKE_EDITION || db_type == WS_LON_FAKE_EDITION) {
557 /* Convert latitude, longitude to double. Fix bug #5077 */
558 item = proto_tree_add_double_format_value(geoip_info_tree, geoip_local_hf,
559 tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
560 PROTO_ITEM_SET_GENERATED(item);
561 item = proto_tree_add_double_format_value(geoip_info_tree, geoip_hf,
562 tvb, offset, 4, g_ascii_strtod(geoip_str, NULL), "%s", geoip_str);
563 PROTO_ITEM_SET_GENERATED(item);
564 PROTO_ITEM_SET_HIDDEN(item);
566 item = proto_tree_add_unicode_string(geoip_info_tree, geoip_local_hf,
567 tvb, offset, 4, geoip_str);
568 PROTO_ITEM_SET_GENERATED(item);
569 item = proto_tree_add_unicode_string(geoip_info_tree, geoip_hf,
570 tvb, offset, 4, geoip_str);
571 PROTO_ITEM_SET_GENERATED(item);
572 PROTO_ITEM_SET_HIDDEN(item);
576 proto_item_append_text(geoip_info_item, "%s%s",
577 plurality(item_cnt, "", ", "), geoip_str);
582 proto_item_append_text(geoip_info_item, "Unknown");
586 add_geoip_info(proto_tree *tree, tvbuff_t *tvb, gint offset, guint32 src32,
590 proto_item *geoip_info_item;
592 num_dbs = geoip_db_num_dbs();
596 geoip_info_item = proto_tree_add_text(tree, tvb, offset + IPH_SRC, 4, "Source GeoIP: ");
597 PROTO_ITEM_SET_GENERATED(geoip_info_item);
598 add_geoip_info_entry(geoip_info_item, tvb, offset + IPH_SRC, src32, 0);
600 geoip_info_item = proto_tree_add_text(tree, tvb, offset + IPH_DST, 4,
601 "Destination GeoIP: ");
602 PROTO_ITEM_SET_GENERATED(geoip_info_item);
603 add_geoip_info_entry(geoip_info_item, tvb, offset + IPH_DST, dst32, 1);
605 #endif /* HAVE_GEOIP */
607 static const value_string ipopt_type_class_vals[] = {
608 {(IPOPT_CONTROL & IPOPT_CLASS_MASK) >> 5, "Control"},
609 {(IPOPT_RESERVED1 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
610 {(IPOPT_MEASUREMENT & IPOPT_CLASS_MASK) >> 5, "Debugging and measurement"},
611 {(IPOPT_RESERVED2 & IPOPT_CLASS_MASK) >> 5, "Reserved for future use"},
615 static const value_string ipopt_type_number_vals[] = {
616 {IPOPT_EOOL & IPOPT_NUMBER_MASK, "End of Option List (EOL)"},
617 {IPOPT_NOP & IPOPT_NUMBER_MASK, "No-Operation (NOP)"},
618 {IPOPT_SEC & IPOPT_NUMBER_MASK, "Security"},
619 {IPOPT_LSR & IPOPT_NUMBER_MASK, "Loose source route"},
620 {IPOPT_TS & IPOPT_NUMBER_MASK, "Time stamp"},
621 {IPOPT_ESEC & IPOPT_NUMBER_MASK, "Extended security"},
622 {IPOPT_CIPSO & IPOPT_NUMBER_MASK, "Commercial IP security option"},
623 {IPOPT_RR & IPOPT_NUMBER_MASK, "Record route"},
624 {IPOPT_SID & IPOPT_NUMBER_MASK, "Stream identifier"},
625 {IPOPT_SSR & IPOPT_NUMBER_MASK, "Strict source route"},
626 {IPOPT_ZSU & IPOPT_NUMBER_MASK, "Experimental Measurement"},
627 {IPOPT_MTUP & IPOPT_NUMBER_MASK, "MTU probe"},
628 {IPOPT_MTUR & IPOPT_NUMBER_MASK, "MTU Reply"},
629 {IPOPT_FINN & IPOPT_NUMBER_MASK, "Experimental Flow Control"},
630 {IPOPT_VISA & IPOPT_NUMBER_MASK, "Experimental Access Control"},
631 {IPOPT_ENCODE & IPOPT_NUMBER_MASK, "Ask Estrin"},
632 {IPOPT_IMITD & IPOPT_NUMBER_MASK, "IMI Traffic Descriptor"},
633 {IPOPT_EIP & IPOPT_NUMBER_MASK, "Extended Internet Protocol"},
634 {IPOPT_TR & IPOPT_NUMBER_MASK, "Traceroute"},
635 {IPOPT_ADDEXT & IPOPT_NUMBER_MASK, "Address Extension"},
636 {IPOPT_RTRALT & IPOPT_NUMBER_MASK, "Router Alert"},
637 {IPOPT_SDB & IPOPT_NUMBER_MASK, "Selective Directed Broadcast"},
638 {IPOPT_UN & IPOPT_NUMBER_MASK, "Unassigned"},
639 {IPOPT_DPS & IPOPT_NUMBER_MASK, "Dynamic Packet State"},
640 {IPOPT_UMP & IPOPT_NUMBER_MASK, "Upstream Multicast Packet"},
641 {IPOPT_QS & IPOPT_NUMBER_MASK, "Quick-Start"},
642 {IPOPT_EXP & IPOPT_NUMBER_MASK, "RFC 3692-style experiment"},
647 dissect_ipopt_type(tvbuff_t *tvb, int offset, proto_tree *tree)
649 proto_tree *type_tree;
652 ti = proto_tree_add_item(tree, hf_ip_opt_type, tvb, offset, 1, ENC_NA);
653 type_tree = proto_item_add_subtree(ti, ett_ip_opt_type);
654 proto_tree_add_item(type_tree, hf_ip_opt_type_copy, tvb, offset, 1, ENC_NA);
655 proto_tree_add_item(type_tree, hf_ip_opt_type_class, tvb, offset, 1, ENC_NA);
656 proto_tree_add_item(type_tree, hf_ip_opt_type_number, tvb, offset, 1, ENC_NA);
660 dissect_ipopt_eool(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
661 guint optlen _U_, packet_info *pinfo _U_,
662 proto_tree *opt_tree, void * data _U_)
664 proto_tree *field_tree;
667 tf = proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", optp->name);
668 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
669 dissect_ipopt_type(tvb, offset, field_tree);
672 #define dissect_ipopt_nop dissect_ipopt_eool
674 static const value_string secl_rfc791_vals[] = {
675 {IPSEC_RFC791_UNCLASSIFIED, "Unclassified"},
676 {IPSEC_RFC791_CONFIDENTIAL, "Confidential"},
677 {IPSEC_RFC791_EFTO, "EFTO" },
678 {IPSEC_RFC791_MMMM, "MMMM" },
679 {IPSEC_RFC791_PROG, "PROG" },
680 {IPSEC_RFC791_RESTRICTED, "Restricted" },
681 {IPSEC_RFC791_SECRET, "Secret" },
682 {IPSEC_RFC791_TOPSECRET, "Top secret" },
683 {IPSEC_RFC791_RESERVED1, "Reserved" },
684 {IPSEC_RFC791_RESERVED2, "Reserved" },
685 {IPSEC_RFC791_RESERVED3, "Reserved" },
686 {IPSEC_RFC791_RESERVED4, "Reserved" },
687 {IPSEC_RFC791_RESERVED5, "Reserved" },
688 {IPSEC_RFC791_RESERVED6, "Reserved" },
689 {IPSEC_RFC791_RESERVED7, "Reserved" },
690 {IPSEC_RFC791_RESERVED8, "Reserved" },
694 static const value_string sec_cl_vals[] = {
695 {IPSEC_RESERVED4, "Reserved 4" },
696 {IPSEC_TOPSECRET, "Top secret" },
697 {IPSEC_SECRET, "Secret" },
698 {IPSEC_CONFIDENTIAL, "Confidential"},
699 {IPSEC_RESERVED3, "Reserved 3" },
700 {IPSEC_RESERVED2, "Reserved 2" },
701 {IPSEC_UNCLASSIFIED, "Unclassified"},
702 {IPSEC_RESERVED1, "Reserved 1" },
706 static const true_false_string ip_opt_sec_prot_auth_flag_tfs = {
707 "Datagram protected in accordance with its rules",
708 "Datagram not protected in accordance with its rules"
711 static const true_false_string ip_opt_sec_prot_auth_fti_tfs = {
712 "Additional octet present",
716 static const int *ip_opt_sec_prot_auth_fields_byte_1[] = {
717 &hf_ip_opt_sec_prot_auth_genser,
718 &hf_ip_opt_sec_prot_auth_siop_esi,
719 &hf_ip_opt_sec_prot_auth_sci,
720 &hf_ip_opt_sec_prot_auth_nsa,
721 &hf_ip_opt_sec_prot_auth_doe,
722 &hf_ip_opt_sec_prot_auth_unassigned,
723 &hf_ip_opt_sec_prot_auth_fti,
727 static const int *ip_opt_sec_prot_auth_fields_byte_n[] = {
728 &hf_ip_opt_sec_prot_auth_unassigned2,
729 &hf_ip_opt_sec_prot_auth_fti,
733 dissect_ipopt_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
734 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
737 proto_tree *field_tree;
741 guint curr_offset = offset;
743 tf = proto_tree_add_text(opt_tree, tvb, curr_offset, optlen, "%s (%u bytes)",
745 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
746 dissect_ipopt_type(tvb, curr_offset, field_tree);
748 tf_sub = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, curr_offset, 1, ENC_NA);
749 if (optlen > IPOLEN_MAX)
750 expert_add_info_format(pinfo, tf_sub, PI_PROTOCOL, PI_WARN,
751 "Invalid length for option");
755 /* Analyze payload start to decide whether it should be dissected
756 according to RFC 791 or RFC 1108 */
757 val = tvb_get_ntohs(tvb, curr_offset);
758 if (match_strval(val, secl_rfc791_vals)) {
759 /* Dissect as RFC 791 */
760 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_sec,
761 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
763 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_comp,
764 tvb, curr_offset, 2, ENC_BIG_ENDIAN);
766 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_hr,
767 tvb, curr_offset, 2, ENC_ASCII|ENC_NA);
769 proto_tree_add_item(field_tree, hf_ip_opt_sec_rfc791_tcc,
770 tvb, curr_offset, 3, ENC_ASCII|ENC_NA);
775 /* Dissect as RFC 108 */
776 proto_tree_add_item(field_tree, hf_ip_opt_sec_cl, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
778 if ((curr_offset - offset) >= optlen) {
781 val = tvb_get_guint8(tvb, curr_offset);
782 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
783 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_1,
787 if ((val & 0x01) && ((curr_offset - offset) == optlen)) {
788 expert_add_info_format(pinfo, tf_sub, PI_PROTOCOL, PI_WARN,
789 "Field Termination Indicator set to 1 for last byte of option");
792 val = tvb_get_guint8(tvb, curr_offset);
793 proto_tree_add_bitmask(field_tree, tvb, curr_offset, hf_ip_opt_sec_prot_auth_flags,
794 ett_ip_opt_sec_prot_auth_flags, ip_opt_sec_prot_auth_fields_byte_n,
798 if ((curr_offset - offset) < optlen) {
799 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
800 "Extraneous data in option");
805 dissect_ipopt_ext_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
806 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
809 proto_tree *field_tree;
812 guint curr_offset = offset;
815 tf = proto_tree_add_text(opt_tree, tvb, curr_offset, optlen, "%s (%u bytes)",
817 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
818 dissect_ipopt_type(tvb, curr_offset, field_tree);
820 tf_sub = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, curr_offset, 1, ENC_NA);
821 if (optlen > IPOLEN_MAX)
822 expert_add_info_format(pinfo, tf_sub, PI_PROTOCOL, PI_WARN,
823 "Invalid length for option");
825 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info_format_code, tvb, curr_offset, 1, ENC_BIG_ENDIAN);
827 remaining = optlen - (curr_offset - offset);
829 proto_tree_add_item(field_tree, hf_ip_opt_ext_sec_add_sec_info, tvb, curr_offset, remaining, ENC_NA);
833 /* USHRT_MAX can hold at most 5 (base 10) digits (6 for the NULL byte) */
834 #define USHRT_MAX_STRLEN 6
836 /* Maximum CIPSO tag length:
837 * (IP hdr max)60 - (IPv4 hdr std)20 - (CIPSO base)6 = 34 */
838 #define CIPSO_TAG_LEN_MAX 34
840 /* The Commercial IP Security Option (CIPSO) is defined in IETF draft
841 * draft-ietf-cipso-ipsecurity-01.txt and FIPS 188, a copy of both documents
842 * can be found at the NetLabel project page, http://netlabel.sf.net or at
843 * http://tools.ietf.org/html/draft-ietf-cipso-ipsecurity-01 */
845 dissect_ipopt_cipso(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
846 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
849 proto_tree *field_tree;
851 guint tagtype, taglen;
852 int offset_max = offset + optlen;
854 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
856 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
857 dissect_ipopt_type(tvb, offset, field_tree);
858 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
859 if (optlen > IPOLEN_MAX)
860 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
861 "Invalid length for option");
865 proto_tree_add_text(field_tree, tvb, offset, 4, "DOI: %u",
866 tvb_get_ntohl(tvb, offset));
869 /* loop through all of the tags in the CIPSO option */
870 while (offset < offset_max) {
871 tagtype = tvb_get_guint8(tvb, offset);
873 if ((offset + 1) < offset_max)
874 taglen = tvb_get_guint8(tvb, offset + 1);
880 /* padding - skip this tag */
884 /* restrictive bitmap, see CIPSO draft section 3.4.2 for tag format */
885 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
886 ((offset + (int)taglen - 1) > offset_max)) {
887 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
888 "Malformed CIPSO tag");
892 proto_tree_add_text(field_tree, tvb, offset, 1,
893 "Tag Type: Restrictive Category Bitmap (%u)",
896 /* skip past alignment octet */
899 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
900 tvb_get_guint8(tvb, offset));
906 unsigned char bitmask;
908 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN);
910 const guint8 *val_ptr = tvb_get_ptr(tvb, offset, taglen - 4);
912 /* this is just a guess regarding string size, but we grow it below
915 cat_str = (char *)wmem_alloc0(wmem_packet_scope(), cat_str_len);
917 /* we checked the length above so the highest category value
918 * possible here is 240 */
919 while (byte_spot < (taglen - 4)) {
922 while (bit_spot < 8) {
923 if (val_ptr[byte_spot] & bitmask) {
924 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
925 byte_spot * 8 + bit_spot);
926 if (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN)) {
929 while (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN))
930 cat_str_len += cat_str_len;
931 cat_str_new = (char *)wmem_alloc(wmem_packet_scope(), cat_str_len);
932 g_strlcpy(cat_str_new, cat_str, cat_str_len);
933 cat_str_new[cat_str_len - 1] = '\0';
934 cat_str = cat_str_new;
936 if (cat_str[0] != '\0')
937 g_strlcat(cat_str, ",", cat_str_len);
938 g_strlcat(cat_str, cat_str_tmp, cat_str_len);
947 proto_tree_add_text(field_tree, tvb, offset, taglen - 4,
948 "Categories: %s", cat_str);
950 proto_tree_add_text(field_tree, tvb, offset, taglen - 4,
951 "Categories: ERROR PARSING CATEGORIES");
952 offset += taglen - 4;
956 /* enumerated categories, see CIPSO draft section 3.4.3 for tag format */
957 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
958 ((offset + (int)taglen - 1) > offset_max)) {
959 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
960 "Malformed CIPSO tag");
964 proto_tree_add_text(field_tree, tvb, offset, 1,
965 "Tag Type: Enumerated Categories (%u)", tagtype);
967 /* skip past alignment octet */
970 /* sensitivity level */
971 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
972 tvb_get_guint8(tvb, offset));
976 int offset_max_cat = offset + taglen - 4;
977 char *cat_str = (char *)wmem_alloc0(wmem_packet_scope(), USHRT_MAX_STRLEN * 15);
978 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN);
980 while ((offset + 2) <= offset_max_cat) {
981 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
982 tvb_get_ntohs(tvb, offset));
984 if (cat_str[0] != '\0')
985 g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 15);
986 g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 15);
989 proto_tree_add_text(field_tree, tvb, offset - taglen + 4, taglen - 4,
990 "Categories: %s", cat_str);
994 /* ranged categories, see CIPSO draft section 3.4.4 for tag format */
995 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
996 ((offset + (int)taglen - 1) > offset_max)) {
997 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
998 "Malformed CIPSO tag");
1002 proto_tree_add_text(field_tree, tvb, offset, 1,
1003 "Tag Type: Ranged Categories (%u)", tagtype);
1005 /* skip past alignment octet */
1008 /* sensitivity level */
1009 proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
1010 tvb_get_guint8(tvb, offset));
1014 guint16 cat_low, cat_high;
1015 int offset_max_cat = offset + taglen - 4;
1016 char *cat_str = (char *)wmem_alloc0(wmem_packet_scope(), USHRT_MAX_STRLEN * 16);
1017 char *cat_str_tmp = (char *)wmem_alloc(wmem_packet_scope(), USHRT_MAX_STRLEN * 2);
1019 while ((offset + 2) <= offset_max_cat) {
1020 cat_high = tvb_get_ntohs(tvb, offset);
1021 if ((offset + 4) <= offset_max_cat) {
1022 cat_low = tvb_get_ntohs(tvb, offset + 2);
1028 if (cat_low != cat_high)
1029 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u-%u",
1032 g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u", cat_high);
1034 if (cat_str[0] != '\0')
1035 g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 16);
1036 g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 16);
1039 proto_tree_add_text(field_tree, tvb, offset - taglen + 4, taglen - 4,
1040 "Categories: %s", cat_str);
1044 /* permissive categories, see FIPS 188 section 6.9 for tag format */
1045 if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
1046 ((offset + (int)taglen - 1) > offset_max)) {
1047 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
1048 "Malformed CIPSO tag");
1052 proto_tree_add_text(field_tree, tvb, offset, 1,
1053 "Tag Type: Permissive Categories (%u)", tagtype);
1054 proto_tree_add_text(field_tree, tvb, offset + 2, taglen - 2, "Tag data");
1058 /* free form, see FIPS 188 section 6.10 for tag format */
1059 if ((taglen < 2) || (taglen > CIPSO_TAG_LEN_MAX) ||
1060 ((offset + (int)taglen - 1) > offset_max)) {
1061 proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
1062 "Malformed CIPSO tag");
1066 proto_tree_add_text(field_tree, tvb, offset, 1,
1067 "Tag Type: Free Form (%u)", tagtype);
1068 proto_tree_add_text(field_tree, tvb, offset + 2, taglen - 2, "Tag data");
1072 /* unknown tag - stop parsing this IPv4 option */
1073 if ((offset + 1) <= offset_max) {
1074 taglen = tvb_get_guint8(tvb, offset + 1);
1075 proto_tree_add_text(field_tree, tvb, offset, 1,
1076 "Tag Type: Unknown (%u) (%u bytes)",
1080 proto_tree_add_text(field_tree, tvb, offset, 1,
1081 "Tag Type: Unknown (%u) (invalid format)", tagtype);
1088 dissect_option_route(proto_tree *tree, tvbuff_t *tvb, int offset, int hf,
1089 int hf_host, gboolean next)
1094 route = tvb_get_ipv4(tvb, offset);
1096 proto_tree_add_ipv4_format_value(tree, hf, tvb, offset, 4, route,
1098 ip_to_str((gchar *)&route));
1100 proto_tree_add_ipv4(tree, hf, tvb, offset, 4, route);
1101 ti = proto_tree_add_string(tree, hf_host, tvb, offset, 4, get_hostname(route));
1102 PROTO_ITEM_SET_GENERATED(ti);
1103 PROTO_ITEM_SET_HIDDEN(ti);
1107 dissect_ipopt_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1108 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1111 proto_tree *field_tree;
1116 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1117 optp->name, optlen);
1118 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1119 dissect_ipopt_type(tvb, offset, field_tree);
1120 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1121 if (optlen > IPOLEN_MAX)
1122 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1123 "Invalid length for option");
1124 ptr = tvb_get_guint8(tvb, offset + 2);
1125 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1126 if ((ptr < (optp->optlen + 1)) || (ptr & 3)) {
1127 if (ptr < (optp->optlen + 1)) {
1128 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1129 "Pointer points before first address");
1132 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1133 "Pointer points to middle of address");
1139 optoffset = 3; /* skip past type, length and pointer */
1140 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1142 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1143 "Suboption would go past end of option");
1148 /* This is a recorded route */
1149 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1150 hf_ip_rec_rt_host, FALSE);
1151 } else if (optoffset == (len - 4)) {
1152 /* This is the the destination */
1155 const char *dst_host;
1157 addr = tvb_get_ipv4(tvb, offset + optoffset);
1158 dst_host = get_hostname(addr);
1159 proto_tree_add_ipv4(field_tree, hf_ip_dst, tvb,
1160 offset + optoffset, 4, addr);
1161 item = proto_tree_add_ipv4(field_tree, hf_ip_addr, tvb,
1162 offset + optoffset, 4, addr);
1163 PROTO_ITEM_SET_HIDDEN(item);
1164 item = proto_tree_add_string(field_tree, hf_ip_dst_host, tvb,
1165 offset + optoffset, 4, dst_host);
1166 PROTO_ITEM_SET_GENERATED(item);
1167 PROTO_ITEM_SET_HIDDEN(item);
1168 item = proto_tree_add_string(field_tree, hf_ip_host, tvb,
1169 offset + optoffset, 4, dst_host);
1170 PROTO_ITEM_SET_GENERATED(item);
1171 PROTO_ITEM_SET_HIDDEN(item);
1172 } else if ((optoffset + 1) < ptr) {
1173 /* This is also a recorded route */
1174 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1175 hf_ip_rec_rt_host, FALSE);
1176 } else if ((optoffset + 1) == ptr) {
1177 /* This is the next source route. TODO: Should we use separate hf's
1178 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1179 * having to pass TRUE/FALSE to dissect_option_route()? */
1180 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1181 hf_ip_src_rt_host, TRUE);
1183 /* This must be a source route */
1184 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_src_rt,
1185 hf_ip_src_rt_host, FALSE);
1191 dissect_ipopt_record_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1192 guint optlen, packet_info *pinfo,
1193 proto_tree *opt_tree, void * data _U_)
1195 proto_tree *field_tree;
1200 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1201 optp->name, optlen);
1202 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1203 dissect_ipopt_type(tvb, offset, field_tree);
1204 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1205 if (optlen > IPOLEN_MAX)
1206 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1207 "Invalid length for option");
1208 ptr = tvb_get_guint8(tvb, offset + 2);
1209 tf = proto_tree_add_item(field_tree, hf_ip_opt_ptr, tvb, offset + 2, 1, ENC_NA);
1211 if ((ptr < (optp->optlen + 1)) || (ptr & 3)) {
1212 if (ptr < (optp->optlen + 1)) {
1213 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1214 "Pointer points before first address");
1217 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1218 "Pointer points to middle of address");
1224 optoffset = 3; /* skip past type, length and pointer */
1225 for (optlen -= 3; optlen > 0; optlen -= 4, optoffset += 4) {
1227 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1228 "Suboption would go past end of option");
1233 /* The recorded route data area is full. */
1234 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1235 hf_ip_rec_rt_host, FALSE);
1236 } else if ((optoffset + 1) < ptr) {
1237 /* This is a recorded route */
1238 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_rec_rt,
1239 hf_ip_rec_rt_host, FALSE);
1240 } else if ((optoffset + 1) == ptr) {
1241 /* This is the next available slot. TODO: Should we use separate hf's
1242 * for this, such as hf_ip_next_rt and hf_ip_next_rt_host and avoid
1243 * having to pass TRUE/FALSE to dissect_option_route()? */
1244 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1245 hf_ip_empty_rt_host, TRUE);
1247 /* This must be an available slot too. */
1248 dissect_option_route(field_tree, tvb, offset + optoffset, hf_ip_empty_rt,
1249 hf_ip_empty_rt_host, FALSE);
1254 /* Stream Identifier */
1256 dissect_ipopt_sid(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1257 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1260 proto_tree *field_tree;
1263 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes): %u",
1264 optp->name, optlen, tvb_get_ntohs(tvb, offset + 2));
1265 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1266 dissect_ipopt_type(tvb, offset, field_tree);
1267 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1268 if (optlen != (guint)optp->optlen)
1269 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1270 "Invalid length for option");
1271 proto_tree_add_item(field_tree, hf_ip_opt_sid, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1274 /* RFC 1063: MTU Probe and MTU Reply */
1276 dissect_ipopt_mtu(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1277 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1280 proto_tree *field_tree;
1283 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes): %u",
1284 optp->name, optlen, tvb_get_ntohs(tvb, offset + 2));
1285 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1286 dissect_ipopt_type(tvb, offset, field_tree);
1287 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1288 if (optlen != (guint)optp->optlen)
1289 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1290 "Invalid length for option");
1291 proto_tree_add_item(field_tree, hf_ip_opt_mtu, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1294 /* RFC 1393: Traceroute */
1296 dissect_ipopt_tr(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1297 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1300 proto_tree *field_tree;
1303 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1304 optp->name, optlen);
1305 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1306 dissect_ipopt_type(tvb, offset, field_tree);
1307 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1308 if (optlen != (guint)optp->optlen)
1309 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1310 "Invalid length for option");
1312 proto_tree_add_item(field_tree, hf_ip_opt_id_number, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1313 proto_tree_add_item(field_tree, hf_ip_opt_ohc, tvb, offset + 4, 2, ENC_BIG_ENDIAN);
1314 proto_tree_add_item(field_tree, hf_ip_opt_rhc, tvb, offset + 6, 2, ENC_BIG_ENDIAN);
1315 proto_tree_add_item(field_tree, hf_ip_opt_originator, tvb, offset + 8, 4, ENC_BIG_ENDIAN);
1319 dissect_ipopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb,
1320 int offset, guint optlen, packet_info *pinfo,
1321 proto_tree *opt_tree, void * data _U_)
1323 proto_tree *field_tree;
1328 static const value_string flag_vals[] = {
1329 {IPOPT_TS_TSONLY, "Time stamps only" },
1330 {IPOPT_TS_TSANDADDR, "Time stamp and address" },
1331 {IPOPT_TS_PRESPEC, "Time stamps for prespecified addresses"},
1336 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1337 optp->name, optlen);
1338 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1339 dissect_ipopt_type(tvb, offset, field_tree);
1340 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1341 if (optlen > IPOLEN_MAX)
1342 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1343 "Invalid length for option");
1344 optoffset += 2; /* skip past type and length */
1345 optlen -= 2; /* subtract size of type and length */
1347 ptr = tvb_get_guint8(tvb, offset + optoffset);
1348 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Pointer: %d%s",
1349 ptr, ((ptr == 1) ? " (header is full)" :
1350 (ptr < 5) ? " (points before first address)" :
1351 (((ptr - 1) & 3) ? " (points to middle of field)" : "")));
1354 ptr--; /* ptr is 1-origin */
1356 flg = tvb_get_guint8(tvb, offset + optoffset);
1357 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Overflow: %u",
1360 proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Flag: %s",
1361 val_to_str(flg, flag_vals, "Unknown (0x%x)"));
1365 while (optlen > 0) {
1366 if (flg == IPOPT_TS_TSANDADDR || flg == IPOPT_TS_PRESPEC) {
1368 proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
1369 "(suboption would go past end of option)");
1372 addr = tvb_get_ipv4(tvb, offset + optoffset);
1373 ts = tvb_get_ntohl(tvb, offset + optoffset + 4);
1375 proto_tree_add_text(field_tree, tvb, offset + optoffset, 8,
1376 "Address = %s, time stamp = %u",
1377 ((addr == 0) ? "-" :
1378 get_hostname(addr)), ts);
1382 proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
1383 "(suboption would go past end of option)");
1386 ts = tvb_get_ntohl(tvb, offset + optoffset);
1388 proto_tree_add_text(field_tree, tvb, offset + optoffset, 4,
1389 "Time stamp = %u", ts);
1396 static const range_string ra_rvals[] = {
1397 {0, 0, "Router shall examine packet"},
1398 {1, 65535, "Reserved"},
1403 dissect_ipopt_ra(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1404 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1407 /* Router-Alert, as defined by RFC2113 */
1408 proto_tree *field_tree;
1410 guint16 value = tvb_get_ntohs(tvb, offset + 2);
1412 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen,
1413 "%s (%u bytes): %s (%u)", optp->name, optlen,
1414 rval_to_str(value, ra_rvals, "Unknown (%u)"),
1416 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1417 dissect_ipopt_type(tvb, offset, field_tree);
1418 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1419 if (optlen != (guint)optp->optlen)
1420 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1421 "Invalid length for option");
1422 proto_tree_add_item(field_tree, hf_ip_opt_ra, tvb, offset + 2, 2, ENC_BIG_ENDIAN);
1425 /* RFC 1770: Selective Directed Broadcast */
1427 dissect_ipopt_sdb(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1428 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1431 proto_tree *field_tree;
1434 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
1435 optp->name, optlen);
1436 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1437 dissect_ipopt_type(tvb, offset, field_tree);
1438 tf = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1439 if (optlen > IPOLEN_MAX)
1440 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_WARN,
1441 "Invalid length for option");
1442 for (offset += 2, optlen -= 2; optlen >= 4; offset += 4, optlen -= 4)
1443 proto_tree_add_item(field_tree, hf_ip_opt_addr, tvb, offset, 4, ENC_BIG_ENDIAN);
1446 proto_tree_add_item(field_tree, hf_ip_opt_padding, tvb, offset, optlen, ENC_NA);
1449 const value_string qs_func_vals[] = {
1450 {QS_RATE_REQUEST, "Rate request"},
1451 {QS_RATE_REPORT, "Rate report"},
1455 static const value_string qs_rate_vals[] = {
1461 { 5, "1.28 Mbit/s"},
1462 { 6, "2.56 Mbit/s"},
1463 { 7, "5.12 Mbit/s"},
1464 { 8, "10.24 Mbit/s"},
1465 { 9, "20.48 Mbit/s"},
1466 {10, "40.96 Mbit/s"},
1467 {11, "81.92 Mbit/s"},
1468 {12, "163.84 Mbit/s"},
1469 {13, "327.68 Mbit/s"},
1470 {14, "655.36 Mbit/s"},
1471 {15, "1.31072 Gbit/s"},
1474 value_string_ext qs_rate_vals_ext = VALUE_STRING_EXT_INIT(qs_rate_vals);
1477 dissect_ipopt_qs(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
1478 guint optlen, packet_info *pinfo, proto_tree *opt_tree,
1481 proto_tree *field_tree;
1485 guint8 command = tvb_get_guint8(tvb, offset + 2);
1486 guint8 function = command >> 4;
1487 guint8 rate = command & QS_RATE_MASK;
1490 tf = proto_tree_add_text(opt_tree, tvb, offset, optlen,
1491 "%s (%u bytes): %s (%u)", optp->name, optlen,
1492 val_to_str(function, qs_func_vals, "Unknown (%u)"),
1494 field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
1495 dissect_ipopt_type(tvb, offset, field_tree);
1496 ti = proto_tree_add_item(field_tree, hf_ip_opt_len, tvb, offset + 1, 1, ENC_NA);
1497 if (optlen != (guint)optp->optlen)
1498 expert_add_info_format(pinfo, ti, PI_PROTOCOL, PI_WARN,
1499 "Invalid length for option");
1500 proto_tree_add_item(field_tree, hf_ip_opt_qs_func, tvb, offset + 2, 1, ENC_NA);
1502 if (function == QS_RATE_REQUEST) {
1503 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset + 2, 1, ENC_NA);
1504 proto_tree_add_item(field_tree, hf_ip_opt_qs_ttl, tvb, offset + 3, 1, ENC_NA);
1505 ttl_diff = (pinfo->ip_ttl - tvb_get_guint8(tvb, offset + 3) % 256);
1506 ti = proto_tree_add_uint_format_value(field_tree, hf_ip_opt_qs_ttl_diff,
1507 tvb, offset + 3, 1, ttl_diff,
1509 PROTO_ITEM_SET_GENERATED(ti);
1510 proto_item_append_text(tf, ", %s, QS TTL %u, QS TTL diff %u",
1511 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"),
1512 tvb_get_guint8(tvb, offset + 3), ttl_diff);
1513 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 4, 4, ENC_NA);
1514 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 4, 4, ENC_NA);
1515 } else if (function == QS_RATE_REPORT) {
1516 proto_tree_add_item(field_tree, hf_ip_opt_qs_rate, tvb, offset + 2, 1, ENC_NA);
1517 proto_item_append_text(tf, ", %s",
1518 val_to_str_ext(rate, &qs_rate_vals_ext, "Unknown (%u)"));
1519 proto_tree_add_item(field_tree, hf_ip_opt_qs_unused, tvb, offset + 3, 1, ENC_NA);
1520 proto_tree_add_item(field_tree, hf_ip_opt_qs_nonce, tvb, offset + 4, 4, ENC_NA);
1521 proto_tree_add_item(field_tree, hf_ip_opt_qs_reserved, tvb, offset + 4, 4, ENC_NA);
1525 static const ip_tcp_opt ipopts[] = {
1526 {IPOPT_EOOL, "End of Options List (EOL)", &ett_ip_option_eool,
1527 OPT_LEN_NO_LENGTH, 0, dissect_ipopt_eool},
1528 {IPOPT_NOP, "No Operation (NOP)", &ett_ip_option_nop,
1529 OPT_LEN_NO_LENGTH, 0, dissect_ipopt_nop},
1530 {IPOPT_SEC, "Security", &ett_ip_option_sec,
1531 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SEC_MIN, dissect_ipopt_security},
1532 {IPOPT_LSR, "Loose Source Route", &ett_ip_option_route,
1533 OPT_LEN_VARIABLE_LENGTH, IPOLEN_LSR_MIN, dissect_ipopt_route},
1534 {IPOPT_TS, "Time Stamp", &ett_ip_option_timestamp,
1535 OPT_LEN_VARIABLE_LENGTH, IPOLEN_TS_MIN, dissect_ipopt_timestamp},
1536 {IPOPT_ESEC, "Extended Security", &ett_ip_option_ext_security,
1537 OPT_LEN_VARIABLE_LENGTH, IPOLEN_ESEC_MIN, dissect_ipopt_ext_security},
1538 {IPOPT_CIPSO, "Commercial Security", &ett_ip_option_cipso,
1539 OPT_LEN_VARIABLE_LENGTH, IPOLEN_CIPSO_MIN, dissect_ipopt_cipso},
1540 {IPOPT_RR, "Record Route", &ett_ip_option_route,
1541 OPT_LEN_VARIABLE_LENGTH, IPOLEN_RR_MIN, dissect_ipopt_record_route},
1542 {IPOPT_SID, "Stream ID", &ett_ip_option_sid,
1543 OPT_LEN_FIXED_LENGTH, IPOLEN_SID, dissect_ipopt_sid},
1544 {IPOPT_SSR, "Strict Source Route", &ett_ip_option_route,
1545 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SSR_MIN, dissect_ipopt_route},
1547 {IPOPT_ZSU, "Experimental Measurement", &ett_ip_option_zsu,
1548 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ZSU_MIN, dissect_ipopt_zsu},
1550 {IPOPT_MTUP, "MTU Probe", &ett_ip_option_mtu,
1551 OPT_LEN_FIXED_LENGTH, IPOLEN_MTU, dissect_ipopt_mtu},
1552 {IPOPT_MTUR, "MTU Reply", &ett_ip_option_mtu,
1553 OPT_LEN_FIXED_LENGTH, IPOLEN_MTU, dissect_ipopt_mtu},
1555 {IPOPT_FINN, "Experimental Flow Control", &ett_ip_option_finn,
1556 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_FINN_MIN, dissect_ipopt_finn},
1557 {IPOPT_VISA, "Experimental Access Control", &ett_ip_option_visa,
1558 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_VISA_MIN, dissect_ipopt_visa},
1559 {IPOPT_ENCODE, "???", &ett_ip_option_encode,
1560 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ENCODE_MIN, dissect_ipopt_encode},
1561 {IPOPT_IMITD, "IMI Traffic Descriptor", &ett_ip_option_imitd,
1562 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_IMITD_MIN, dissect_ipopt_imitd},
1563 {IPOPT_EIP, "Extended Internet Protocol", &ett_ip_option_eip,
1564 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_EIP_MIN, dissect_ipopt_eip},
1566 {IPOPT_TR, "Traceroute", &ett_ip_option_tr,
1567 OPT_LEN_FIXED_LENGTH, IPOLEN_TR, dissect_ipopt_tr},
1569 {IPOPT_ADDEXT, "Address Extension", &ett_ip_option_addext,
1570 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_ADDEXT_MIN, dissect_ipopt_addext},
1572 {IPOPT_RTRALT, "Router Alert", &ett_ip_option_ra,
1573 OPT_LEN_FIXED_LENGTH, IPOLEN_RA, dissect_ipopt_ra},
1574 {IPOPT_SDB, "Selective Directed Broadcast", &ett_ip_option_sdb,
1575 OPT_LEN_VARIABLE_LENGTH, IPOLEN_SDB_MIN, dissect_ipopt_sdb},
1577 {IPOPT_UN, "Unassigned", &ett_ip_option_un,
1578 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_UN_MIN, dissect_ipopt_un},
1579 {IPOPT_DPS, "Dynamic Packet State", &ett_ip_option_dps,
1580 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_DPS_MIN, dissect_ipopt_dps},
1581 {IPOPT_UMP, "Upstream Multicast Pkt.", &ett_ip_option_ump,
1582 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_UMP_MIN, dissect_ipopt_ump},
1584 {IPOPT_QS, "Quick-Start", &ett_ip_option_qs,
1585 OPT_LEN_FIXED_LENGTH, IPOLEN_QS, dissect_ipopt_qs}
1587 {IPOPT_EXP, "RFC3692-style Experiment", &ett_ip_option_exp,
1588 OPT_LEN_VARIABLE_LENGTH /* ? */, IPOLEN_EXP_MIN, dissect_ipopt_exp}
1592 #define N_IP_OPTS array_length(ipopts)
1594 /* Dissect the IP, TCP or various PPP protocols (IPCP, CP, LCP, VSNCP, BAP)
1595 * options in a packet. */
1597 dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length,
1598 const ip_tcp_opt *opttab, int nopts, int eol,
1599 packet_info *pinfo, proto_tree *opt_tree,
1600 proto_item *opt_item, void * data)
1603 const ip_tcp_opt *optp;
1604 opt_len_type len_type;
1605 unsigned int optlen;
1607 void (*dissect)(const struct ip_tcp_opt *, tvbuff_t *,
1608 int, guint, packet_info *, proto_tree *,
1610 guint len, nop_count = 0;
1612 while (length > 0) {
1613 opt = tvb_get_guint8(tvb, offset);
1614 for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
1615 if (optp->optcode == opt)
1618 if (optp == &opttab[nopts]) {
1619 /* We assume that the only OPT_LEN_NO_LENGTH options are EOL and NOP options,
1620 so that we can treat unknown options as OPT_LEN_VARIABLE_LENGTH with a
1621 minimum of 2, and at least be able to move on to the next option
1622 by using the length in the option. */
1623 optp = NULL; /* indicate that we don't know this option */
1624 len_type = OPT_LEN_VARIABLE_LENGTH;
1626 name = wmem_strdup_printf(wmem_packet_scope(), "Unknown (0x%02x)", opt);
1630 len_type = optp->len_type;
1631 optlen = optp->optlen;
1633 dissect = optp->dissect;
1634 if (opt_item && len_type == OPT_LEN_NO_LENGTH && optlen == 0 && opt == 1 &&
1635 (nop_count == 0 || offset % 4)) { /* opt 1 = NOP in both IP and TCP */
1636 /* Count number of NOP in a row within a uint32 */
1642 --length; /* account for type byte */
1643 if (len_type != OPT_LEN_NO_LENGTH) {
1644 /* Option has a length. Is it in the packet? */
1646 /* Bogus - packet must at least include option code byte and
1648 proto_tree_add_text(opt_tree, tvb, offset, 1,
1649 "%s (length byte past end of options)", name);
1652 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1653 --length; /* account for length byte */
1655 /* Bogus - option length is too short to include option code and
1657 proto_tree_add_text(opt_tree, tvb, offset, 2,
1658 "%s (with too-short option length = %u byte%s)",
1659 name, len, plurality(len, "", "s"));
1661 } else if (len - 2 > length) {
1662 /* Bogus - option goes past the end of the header. */
1663 proto_tree_add_text(opt_tree, tvb, offset, length,
1664 "%s (option length = %u byte%s says option goes "
1665 "past end of options)",
1666 name, len, plurality(len, "", "s"));
1668 } else if (len_type == OPT_LEN_FIXED_LENGTH && len != optlen) {
1669 /* Bogus - option length isn't what it's supposed to be for this
1671 proto_tree_add_text(opt_tree, tvb, offset, len,
1672 "%s (with option length = %u byte%s; should be %u)",
1673 name, len, plurality(len, "", "s"), optlen);
1675 } else if (len_type == OPT_LEN_VARIABLE_LENGTH && len < optlen) {
1676 /* Bogus - option length is less than what it's supposed to be for
1678 proto_tree_add_text(opt_tree, tvb, offset, len,
1679 "%s (with option length = %u byte%s; "
1681 name, len, plurality(len, "", "s"), optlen);
1685 proto_tree_add_text(opt_tree, tvb, offset, len, "%s (%u byte%s)",
1686 name, len, plurality(len, "", "s"));
1688 if (dissect != NULL) {
1689 /* Option has a dissector. */
1690 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1692 (*dissect)(optp, tvb, offset, len, pinfo, opt_tree, data);
1694 proto_tree *field_tree;
1697 /* Option has no data, hence no dissector. */
1698 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1700 tf = proto_tree_add_text(opt_tree, tvb, offset, len, "%s", name);
1701 field_tree = proto_item_add_subtree(tf, ett_ip_option_other);
1702 dissect_ipopt_type(tvb, offset, field_tree);
1705 len -= 2; /* subtract size of type and length */
1710 if (dissect != NULL) {
1711 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s",
1713 (*dissect)(optp, tvb, offset, 1, pinfo, opt_tree, data);
1715 proto_tree *field_tree;
1718 /* Option has no data, hence no dissector. */
1719 proto_item_append_text(proto_tree_get_parent(opt_tree), ", %s", name);
1720 tf = proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", name);
1721 field_tree = proto_item_add_subtree(tf, ett_ip_option_other);
1722 dissect_ipopt_type(tvb, offset, field_tree);
1726 if (nop_count == 4 && strcmp (name, "No-Operation (NOP)") == 0) {
1727 expert_add_info_format(pinfo, opt_item, PI_PROTOCOL, PI_WARN,
1728 "4 NOP in a row - a router may have removed "
1737 /* This function searches the IP options for either a loose or strict source
1738 * route option, then returns the offset to the destination address if the
1739 * pointer is still valid or zero if the pointer is greater than the length.
1741 * The guts of this function was taken from dissect_ip_tcp_options().
1744 get_dst_offset(tvbuff_t *tvb, int offset, guint length,
1745 const ip_tcp_opt *opttab, int nopts, int eol)
1748 const ip_tcp_opt *optp;
1749 opt_len_type len_type;
1750 unsigned int optlen;
1752 int orig_offset = offset;
1754 while (length > 0) {
1755 opt = tvb_get_guint8(tvb, offset);
1756 for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
1757 if (optp->optcode == opt)
1760 if (optp == &opttab[nopts]) {
1761 /* We assume that the only NO_LENGTH options are EOL and NOP options,
1762 so that we can treat unknown options as VARIABLE_LENGTH with a
1763 minimum of 2, and at least be able to move on to the next option
1764 by using the length in the option. */
1765 optp = NULL; /* indicate that we don't know this option */
1766 len_type = OPT_LEN_VARIABLE_LENGTH;
1769 len_type = optp->len_type;
1770 optlen = optp->optlen;
1772 --length; /* account for type byte */
1773 if (len_type != OPT_LEN_NO_LENGTH) {
1774 /* Option has a length. Is it in the packet? */
1776 /* Bogus - packet must at least include option code byte and
1780 len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
1781 --length; /* account for length byte */
1783 /* Bogus - option length is too short to include option code and
1786 } else if (len - 2 > length) {
1787 /* Bogus - option goes past the end of the header. */
1789 } else if (len_type == OPT_LEN_FIXED_LENGTH && len != optlen) {
1790 /* Bogus - option length isn't what it's supposed to be for this
1793 } else if (len_type == OPT_LEN_VARIABLE_LENGTH && len < optlen) {
1794 /* Bogus - option length is less than what it's supposed to be for
1799 if (opt == IPOPT_SSR || opt == IPOPT_LSR) {
1800 /* Hmm, what if you have both options? */
1803 ptr = tvb_get_guint8(tvb, offset + 2);
1804 if (ptr < 4 || (ptr & 3) || (ptr > len)) {
1807 return (offset - orig_offset) + 4 + (len - 4);
1810 len -= 2; /* subtract size of type and length */
1823 /* Returns the valid ttl for the group address */
1825 local_network_control_block_addr_valid_ttl(guint32 addr)
1827 /* An exception list, as some protocols seem to insist on
1828 * doing differently:
1831 /* IETF's VRRP (rfc3768) */
1832 if (IPLOCAL_NETWRK_CTRL_BLK_VRRP_ADDR == addr)
1833 return IPLOCAL_NETWRK_CTRL_BLK_VRRP_TTL;
1835 if (IPLOCAL_NETWRK_CTRL_BLK_GLPB_ADDR == addr)
1836 return IPLOCAL_NETWRK_CTRL_BLK_GLPB_TTL;
1837 /* mDNS (draft-cheshire-dnsext-multicastdns-07) */
1838 if (IPLOCAL_NETWRK_CTRL_BLK_MDNS_ADDR == addr)
1839 return IPLOCAL_NETWRK_CTRL_BLK_MDNS_TTL;
1840 /* LLMNR (rfc4795) */
1841 if (IPLOCAL_NETWRK_CTRL_BLK_LLMNR_ADDR == addr)
1842 return IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL;
1843 return IPLOCAL_NETWRK_CTRL_BLK_DEFAULT_TTL;
1846 static const value_string dscp_vals[] = {
1847 { IPDSFIELD_DSCP_DEFAULT, "Default" },
1848 { IPDSFIELD_DSCP_CS1, "Class Selector 1" },
1849 { IPDSFIELD_DSCP_AF11, "Assured Forwarding 11" },
1850 { IPDSFIELD_DSCP_AF12, "Assured Forwarding 12" },
1851 { IPDSFIELD_DSCP_AF13, "Assured Forwarding 13" },
1852 { IPDSFIELD_DSCP_CS2, "Class Selector 2" },
1853 { IPDSFIELD_DSCP_AF21, "Assured Forwarding 21" },
1854 { IPDSFIELD_DSCP_AF22, "Assured Forwarding 22" },
1855 { IPDSFIELD_DSCP_AF23, "Assured Forwarding 23" },
1856 { IPDSFIELD_DSCP_CS3, "Class Selector 3" },
1857 { IPDSFIELD_DSCP_AF31, "Assured Forwarding 31" },
1858 { IPDSFIELD_DSCP_AF32, "Assured Forwarding 32" },
1859 { IPDSFIELD_DSCP_AF33, "Assured Forwarding 33" },
1860 { IPDSFIELD_DSCP_CS4, "Class Selector 4" },
1861 { IPDSFIELD_DSCP_AF41, "Assured Forwarding 41" },
1862 { IPDSFIELD_DSCP_AF42, "Assured Forwarding 42" },
1863 { IPDSFIELD_DSCP_AF43, "Assured Forwarding 43" },
1864 { IPDSFIELD_DSCP_CS5, "Class Selector 5" },
1865 { IPDSFIELD_DSCP_EF, "Expedited Forwarding" },
1866 { IPDSFIELD_DSCP_CS6, "Class Selector 6" },
1867 { IPDSFIELD_DSCP_CS7, "Class Selector 7" },
1869 value_string_ext dscp_vals_ext = VALUE_STRING_EXT_INIT(dscp_vals);
1871 const value_string ecn_vals[] = {
1872 { IPDSFIELD_ECT_NOT, "Not-ECT (Not ECN-Capable Transport)" },
1873 { IPDSFIELD_ECT_1, "ECT(1) (ECN-Capable Transport)" },
1874 { IPDSFIELD_ECT_0, "ECT(0) (ECN-Capable Transport)" },
1875 { IPDSFIELD_CE, "CE (Congestion Experienced)" },
1878 static const value_string precedence_vals[] = {
1879 { IPTOS_PREC_ROUTINE, "routine" },
1880 { IPTOS_PREC_PRIORITY, "priority" },
1881 { IPTOS_PREC_IMMEDIATE, "immediate" },
1882 { IPTOS_PREC_FLASH, "flash" },
1883 { IPTOS_PREC_FLASHOVERRIDE, "flash override" },
1884 { IPTOS_PREC_CRITIC_ECP, "CRITIC/ECP" },
1885 { IPTOS_PREC_INTERNETCONTROL, "internetwork control" },
1886 { IPTOS_PREC_NETCONTROL, "network control" },
1889 static const value_string iptos_vals[] = {
1890 { IPTOS_NONE, "None" },
1891 { IPTOS_LOWCOST, "Minimize cost" },
1892 { IPTOS_RELIABILITY, "Maximize reliability" },
1893 { IPTOS_THROUGHPUT, "Maximize throughput" },
1894 { IPTOS_LOWDELAY, "Minimize delay" },
1895 { IPTOS_SECURITY, "Maximize security" },
1899 static const true_false_string tos_set_low = {
1904 static const true_false_string tos_set_high = {
1909 static const true_false_string flags_sf_set_evil = {
1915 ip_checksum(const guint8 *ptr, int len)
1919 cksum_vec[0].ptr = ptr;
1920 cksum_vec[0].len = len;
1921 return in_cksum(&cksum_vec[0], 1);
1925 dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
1927 proto_tree *ip_tree = NULL, *field_tree = NULL;
1928 proto_item *ti = NULL, *tf;
1930 int offset = 0, dst_off;
1935 fragment_data *ipfd_head = NULL;
1937 gboolean update_col_info = TRUE;
1938 gboolean save_fragmented;
1940 const guchar *src_addr, *dst_addr;
1941 guint32 src32, dst32;
1943 proto_item *item = NULL, *ttl_item;
1944 proto_tree *checksum_tree;
1948 iph = (ws_ip *)wmem_alloc(wmem_packet_scope(), sizeof(ws_ip));
1950 col_set_str(pinfo->cinfo, COL_PROTOCOL, "IPv4");
1951 col_clear(pinfo->cinfo, COL_INFO);
1953 iph->ip_v_hl = tvb_get_guint8(tvb, offset);
1954 if ( hi_nibble(iph->ip_v_hl) == 6) {
1955 call_dissector(ipv6_handle, tvb, pinfo, parent_tree);
1959 hlen = lo_nibble(iph->ip_v_hl) * 4; /* IP header length, in bytes */
1962 ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, ENC_NA);
1963 ip_tree = proto_item_add_subtree(ti, ett_ip);
1965 proto_tree_add_uint(ip_tree, hf_ip_version, tvb, offset, 1,
1966 hi_nibble(iph->ip_v_hl));
1969 /* if IP is not referenced from any filters we don't need to worry about
1970 generating any tree items. We must do this after we created the actual
1971 protocol above so that proto hier stat still works though.
1972 XXX: Note that because of the following optimization expert items must
1973 not be generated inside of an 'if (tree) ...'
1974 so that Analyze ! Expert ... will work.
1976 if (!proto_field_is_referenced(parent_tree, proto_ip)) {
1980 if (hlen < IPH_MIN_LEN) {
1981 col_add_fstr(pinfo->cinfo, COL_INFO,
1982 "Bogus IP header length (%u, must be at least %u)",
1985 proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
1986 "Header length: %u bytes (bogus, must be "
1987 "at least %u)", hlen, IPH_MIN_LEN);
1993 proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
1994 "Header length: %u bytes", hlen);
1997 iph->ip_tos = tvb_get_guint8(tvb, offset + 1);
1998 if (g_ip_dscp_actif) {
1999 col_add_fstr(pinfo->cinfo, COL_DSCP_VALUE, "%u",
2000 IPDSFIELD_DSCP(iph->ip_tos));
2004 if (g_ip_dscp_actif) {
2005 tf = proto_tree_add_uint_format(ip_tree, hf_ip_dsfield, tvb, offset + 1,
2006 1, iph->ip_tos, "Differentiated Services Field: 0x%02x "
2007 "(DSCP 0x%02x: %s; ECN: 0x%02x: %s)", iph->ip_tos,
2008 IPDSFIELD_DSCP(iph->ip_tos), val_to_str_ext_const(IPDSFIELD_DSCP(iph->ip_tos),
2009 &dscp_vals_ext, "Unknown DSCP"),
2010 IPDSFIELD_ECN(iph->ip_tos), val_to_str_const(IPDSFIELD_ECN(iph->ip_tos),
2011 ecn_vals, "Unknown ECN"));
2013 field_tree = proto_item_add_subtree(tf, ett_ip_dsfield);
2014 proto_tree_add_item(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, ENC_NA);
2015 proto_tree_add_item(field_tree, hf_ip_dsfield_ecn, tvb, offset + 1, 1, ENC_NA);
2017 tf = proto_tree_add_uint_format(ip_tree, hf_ip_tos, tvb, offset + 1, 1,
2019 "Type of service: 0x%02x (%s)",
2021 val_to_str_const(IPTOS_TOS(iph->ip_tos),
2022 iptos_vals, "Unknown"));
2024 field_tree = proto_item_add_subtree(tf, ett_ip_tos);
2025 proto_tree_add_item(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, ENC_NA);
2026 proto_tree_add_item(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, ENC_NA);
2027 proto_tree_add_item(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, ENC_NA);
2028 proto_tree_add_item(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, ENC_NA);
2029 proto_tree_add_item(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, ENC_NA);
2033 /* Length of IP datagram.
2034 XXX - what if this is greater than the reported length of the
2035 tvbuff? This could happen, for example, in an IP datagram
2036 inside an ICMP datagram; we need to somehow let the
2037 dissector we call know that, as it might want to avoid
2038 doing its checksumming. */
2039 iph->ip_len = tvb_get_ntohs(tvb, offset + 2);
2041 if (iph->ip_len < hlen) {
2042 if (ip_tso_supported && !iph->ip_len) {
2043 /* TSO support enabled, and zero length. Assume the zero length is
2044 * the result of TSO, and use the reported length instead. Note that
2045 * we need to use the frame/reported length instead of the actually-
2046 * available length, just in case a snaplen was used on capture. */
2047 iph->ip_len = tvb_reported_length(tvb);
2049 tf = proto_tree_add_uint_format_value(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2051 "%u bytes (reported as 0, presumed to be because of \"TCP segmentation offload\" (TSO))",
2053 PROTO_ITEM_SET_GENERATED(tf);
2056 /* TSO support not enabled, or non-zero length, so treat it as an error. */
2057 col_add_fstr(pinfo->cinfo, COL_INFO,
2058 "Bogus IP length (%u, less than header length %u)",
2062 tf = proto_tree_add_uint_format(ip_tree, hf_ip_len, tvb, offset + 2, 2,
2064 "Total length: %u bytes (bogus, less than header length %u)",
2067 expert_add_info_format(pinfo, tf, PI_PROTOCOL, PI_ERROR, "Bogus IP length");
2068 /* Can't dissect any further */
2073 * Now that we know that the total length of this IP datagram isn't
2074 * obviously bogus, adjust the length of this tvbuff to include only
2077 set_actual_length(tvb, iph->ip_len);
2080 proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len);
2083 iph->ip_id = tvb_get_ntohs(tvb, offset + 4);
2085 proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph->ip_id);
2087 iph->ip_off = tvb_get_ntohs(tvb, offset + 6);
2089 int bit_offset = (offset + 6) * 8;
2091 flags = (iph->ip_off & (IP_RF | IP_DF | IP_MF)) >> IP_OFFSET_WIDTH;
2092 tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags);
2093 field_tree = proto_item_add_subtree(tf, ett_ip_off);
2094 if (ip_security_flag) {
2097 sf = proto_tree_add_bits_item(field_tree, hf_ip_flags_sf, tvb,
2098 bit_offset + 0, 1, ENC_BIG_ENDIAN);
2099 if (iph->ip_off & IP_RF) {
2100 proto_item_append_text(tf, " (Evil packet!)");
2101 expert_add_info_format(pinfo, sf, PI_SECURITY, PI_WARN,
2102 "This is an Evil packet (RFC 3514)");
2105 proto_tree_add_bits_item(field_tree, hf_ip_flags_rf, tvb, bit_offset + 0,
2106 1, ENC_LITTLE_ENDIAN);
2108 if (iph->ip_off & IP_DF)
2109 proto_item_append_text(tf, " (Don't Fragment)");
2110 proto_tree_add_bits_item(field_tree, hf_ip_flags_df, tvb, bit_offset + 1,
2112 if (iph->ip_off & IP_MF)
2113 proto_item_append_text(tf, " (More Fragments)");
2114 proto_tree_add_bits_item(field_tree, hf_ip_flags_mf, tvb, bit_offset + 2,
2116 proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
2117 (iph->ip_off & IP_OFFSET)*8);
2120 iph->ip_ttl = tvb_get_guint8(tvb, offset + 8);
2121 pinfo->ip_ttl = iph->ip_ttl;
2123 ttl_item = proto_tree_add_item(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, ENC_BIG_ENDIAN);
2128 iph->ip_p = tvb_get_guint8(tvb, offset + 9);
2130 proto_tree_add_item(ip_tree, hf_ip_proto, tvb, offset + 9, 1, ENC_BIG_ENDIAN);
2133 iph->ip_sum = tvb_get_ntohs(tvb, offset + 10);
2136 * If we have the entire IP header available, check the checksum.
2138 if (ip_check_checksum && tvb_bytes_exist(tvb, offset, hlen)&&(!pinfo->flags.in_error_pkt)) {
2139 ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen);
2142 item = proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb,
2143 offset + 10, 2, iph->ip_sum,
2144 "Header checksum: 0x%04x [correct]",
2146 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2147 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2148 offset + 10, 2, TRUE);
2149 PROTO_ITEM_SET_GENERATED(item);
2150 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2151 offset + 10, 2, FALSE);
2152 PROTO_ITEM_SET_GENERATED(item);
2154 item = proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb,
2155 offset + 10, 2, iph->ip_sum,
2156 "Header checksum: 0x%04x "
2157 "[incorrect, should be 0x%04x "
2158 "(may be caused by \"IP checksum "
2159 "offload\"?)]", iph->ip_sum,
2160 in_cksum_shouldbe(iph->ip_sum,
2162 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2163 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2164 offset + 10, 2, FALSE);
2165 PROTO_ITEM_SET_GENERATED(item);
2166 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2167 offset + 10, 2, TRUE);
2168 PROTO_ITEM_SET_GENERATED(item);
2172 /* Add expert item always (so tap gets called if present);
2173 if (tree == NULL) then item will be NULL
2174 else item should be from the
2175 add_boolean(..., hf_ip_checksum_bad, ...) above */
2176 expert_add_info_format(pinfo, item, PI_CHECKSUM, PI_ERROR,
2182 item = proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb,
2183 offset + 10, 2, iph->ip_sum,
2184 "Header checksum: 0x%04x [%s]",
2185 iph->ip_sum, ip_check_checksum ?
2186 "not all data available" :
2187 "validation disabled");
2188 checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
2189 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb,
2190 offset + 10, 2, FALSE);
2191 PROTO_ITEM_SET_GENERATED(item);
2192 item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb,
2193 offset + 10, 2, FALSE);
2194 PROTO_ITEM_SET_GENERATED(item);
2197 src_addr = tvb_get_ptr(tvb, offset + IPH_SRC, 4);
2198 src32 = tvb_get_ntohl(tvb, offset + IPH_SRC);
2199 SET_ADDRESS(&pinfo->net_src, AT_IPv4, 4, src_addr);
2200 SET_ADDRESS(&pinfo->src, AT_IPv4, 4, src_addr);
2201 SET_ADDRESS(&iph->ip_src, AT_IPv4, 4, src_addr);
2203 const char *src_host;
2205 memcpy(&addr, iph->ip_src.data, 4);
2206 src_host = get_hostname(addr);
2207 if (ip_summary_in_tree) {
2208 proto_item_append_text(ti, ", Src: %s (%s)", src_host,
2209 ip_to_str((guint8 *)iph->ip_src.data));
2211 proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, addr);
2212 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 12, 4, addr);
2213 PROTO_ITEM_SET_HIDDEN(item);
2214 item = proto_tree_add_string(ip_tree, hf_ip_src_host, tvb, offset + 12, 4,
2216 PROTO_ITEM_SET_GENERATED(item);
2217 PROTO_ITEM_SET_HIDDEN(item);
2218 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb, offset + 12, 4,
2220 PROTO_ITEM_SET_GENERATED(item);
2221 PROTO_ITEM_SET_HIDDEN(item);
2224 /* If there's an IP strict or loose source routing option, then the final
2225 * L3 IP destination address will be the last entry in the routing header
2226 * EXCEPT when the table is exhausted (pointer is greater than the length).
2227 * In this case, the final L3 IP destination address is the one in the L3
2228 * header. (REF: http://tools.ietf.org/html/rfc791#section-3.1)
2230 if (hlen > IPH_MIN_LEN) {
2231 /* There's more than just the fixed-length header. See if we've got
2232 * either a strict or loose source route option and if so, return the
2233 * offset into the tvb to where the real destination IP address is located.
2235 dst_off = get_dst_offset(tvb, offset + 20, hlen - IPH_MIN_LEN, ipopts,
2236 N_IP_OPTS, IPOPT_EOOL);
2241 dst_addr = tvb_get_ptr(tvb, offset + IPH_DST + dst_off, 4);
2242 dst32 = tvb_get_ntohl(tvb, offset + IPH_DST + dst_off);
2243 SET_ADDRESS(&pinfo->net_dst, AT_IPv4, 4, dst_addr);
2244 SET_ADDRESS(&pinfo->dst, AT_IPv4, 4, dst_addr);
2245 SET_ADDRESS(&iph->ip_dst, AT_IPv4, 4, dst_addr);
2247 /* If an IP is destined for an IP address in the Local Network Control Block
2248 * (e.g. 224.0.0.0/24), the packet should never be routed and the TTL would
2249 * be expected to be 1. (see RFC 3171) Flag a TTL greater than 1.
2251 * Flag a low TTL if the packet is not destined for a multicast address
2252 * (e.g. 224.0.0.0/4) ... and the payload isn't protocol 103 (PIM).
2253 * (see http://tools.ietf.org/html/rfc3973#section-4.7).
2255 if (is_a_local_network_control_block_addr(dst32)) {
2256 ttl = local_network_control_block_addr_valid_ttl(dst32);
2257 if (ttl != iph->ip_ttl && ttl != IPLOCAL_NETWRK_CTRL_BLK_ANY_TTL) {
2258 expert_add_info_format(pinfo, ttl_item, PI_SEQUENCE, PI_NOTE,
2259 "\"Time To Live\" != %d for a packet sent to the "
2260 "Local Network Control Block (see RFC 3171)",
2263 } else if (!is_a_multicast_addr(dst32) && iph->ip_ttl < 5 &&
2264 (iph->ip_p != IP_PROTO_PIM)) {
2265 expert_add_info_format(pinfo, ttl_item, PI_SEQUENCE, PI_NOTE,
2266 "\"Time To Live\" only %u", iph->ip_ttl);
2270 const char *dst_host;
2273 memcpy(&addr, iph->ip_dst.data, 4);
2274 dst_host = get_hostname(addr);
2276 cur_rt = tvb_get_ipv4(tvb, offset + 16);
2277 if (ip_summary_in_tree) {
2278 proto_item_append_text(ti, ", Dst: %s (%s)", dst_host,
2279 ip_to_str((guint8 *)iph->ip_dst.data));
2281 proto_item_append_text(ti, ", Via: %s (%s)", get_hostname(cur_rt),
2282 ip_to_str((gchar *)&cur_rt));
2286 proto_tree_add_ipv4(ip_tree, hf_ip_cur_rt, tvb, offset + 16, 4, cur_rt);
2287 item = proto_tree_add_string(ip_tree, hf_ip_cur_rt_host, tvb,
2288 offset + 16, 4, get_hostname(cur_rt));
2289 PROTO_ITEM_SET_GENERATED(item);
2290 PROTO_ITEM_SET_HIDDEN(item);
2293 proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, addr);
2294 item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 16, 4,
2296 PROTO_ITEM_SET_HIDDEN(item);
2297 item = proto_tree_add_string(ip_tree, hf_ip_dst_host, tvb, offset + 16,
2299 PROTO_ITEM_SET_GENERATED(item);
2300 PROTO_ITEM_SET_HIDDEN(item);
2301 item = proto_tree_add_string(ip_tree, hf_ip_host, tvb,
2302 offset + 16 + dst_off, 4, dst_host);
2303 PROTO_ITEM_SET_GENERATED(item);
2304 PROTO_ITEM_SET_HIDDEN(item);
2309 if (tree && ip_use_geoip) {
2310 add_geoip_info(ip_tree, tvb, offset, src32, dst32);
2314 /* Decode IP options, if any. */
2315 if (hlen > IPH_MIN_LEN) {
2316 /* There's more than just the fixed-length header. Decode the options. */
2317 optlen = hlen - IPH_MIN_LEN; /* length of options, in bytes */
2318 tf = proto_tree_add_text(ip_tree, tvb, offset + 20, optlen,
2319 "Options: (%u bytes)", optlen);
2320 field_tree = proto_item_add_subtree(tf, ett_ip_options);
2321 dissect_ip_tcp_options(tvb, offset + 20, optlen, ipopts, N_IP_OPTS,
2322 IPOPT_EOOL, pinfo, field_tree, tf, NULL);
2325 pinfo->ipproto = iph->ip_p;
2326 pinfo->iplen = iph->ip_len;
2327 pinfo->iphdrlen = hlen;
2328 tap_queue_packet(ip_tap, pinfo, iph);
2330 /* Skip over header + options */
2332 nxt = iph->ip_p; /* XXX - what if this isn't the same for all fragments? */
2334 /* If ip_defragment is on, this is a fragment, we have all the data
2335 * in the fragment, and the header checksum is valid, then just add
2336 * the fragment to the hashtable.
2338 save_fragmented = pinfo->fragmented;
2339 if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
2340 tvb_bytes_exist(tvb, offset, pinfo->iplen - pinfo->iphdrlen) &&
2342 ipfd_head = fragment_add_check(&ip_reassembly_table, tvb, offset,
2344 iph->ip_p ^ iph->ip_id ^ src32 ^ dst32,
2346 (iph->ip_off & IP_OFFSET) * 8,
2347 pinfo->iplen - pinfo->iphdrlen,
2348 iph->ip_off & IP_MF);
2350 next_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled IPv4",
2351 ipfd_head, &ip_frag_items,
2352 &update_col_info, ip_tree);
2354 /* If this is the first fragment, dissect its contents, otherwise
2355 just show it as a fragment.
2357 XXX - if we eventually don't save the reassembled contents of all
2358 fragmented datagrams, we may want to always reassemble. */
2359 if (iph->ip_off & IP_OFFSET) {
2360 /* Not the first fragment - don't dissect it. */
2363 /* First fragment, or not fragmented. Dissect what we have here. */
2365 /* Get a tvbuff for the payload. */
2366 next_tvb = tvb_new_subset_remaining(tvb, offset);
2369 * If this is the first fragment, but not the only fragment,
2370 * tell the next protocol that.
2372 if (iph->ip_off & IP_MF)
2373 pinfo->fragmented = TRUE;
2375 pinfo->fragmented = FALSE;
2379 if (next_tvb == NULL) {
2380 /* Just show this as a fragment. */
2381 col_add_fstr(pinfo->cinfo, COL_INFO,
2382 "Fragmented IP protocol (proto=%s %u, off=%u, ID=%04x)",
2383 ipprotostr(iph->ip_p), iph->ip_p,
2384 (iph->ip_off & IP_OFFSET) * 8, iph->ip_id);
2385 if ( ipfd_head && ipfd_head->reassembled_in != pinfo->fd->num ) {
2386 col_append_fstr(pinfo->cinfo, COL_INFO, " [Reassembled in #%u]",
2387 ipfd_head->reassembled_in);
2390 call_dissector(data_handle, tvb_new_subset_remaining(tvb, offset), pinfo,
2392 pinfo->fragmented = save_fragmented;
2396 /* XXX This is an ugly hack because I didn't manage to make the IPIP
2397 * dissector a heuristic one [JMayer]
2398 * The TAPA protocol also uses IP protocol number 4 but it isn't really
2399 * IPIP, so try to detect it first and call it explicitly before calling
2400 * the generic ip.proto dispatcher
2402 if (nxt == IP_PROTO_IPIP && (tvb_get_guint8(next_tvb, 0) & 0xF0) != 0x40 &&
2403 tvb_get_ntohs(next_tvb, 2) < 20) {
2404 call_dissector(tapa_handle,next_tvb, pinfo, parent_tree);
2406 /* Hand off to the next protocol.
2408 XXX - setting the columns only after trying various dissectors means
2409 that if one of those dissectors throws an exception, the frame won't
2410 even be labeled as an IP frame; ideally, if a frame being dissected
2411 throws an exception, it'll be labeled as a mangled frame of the
2412 type in question. */
2413 } else if (!dissector_try_uint(ip_dissector_table, nxt, next_tvb, pinfo,
2415 /* Unknown protocol */
2416 if (update_col_info) {
2417 col_add_fstr(pinfo->cinfo, COL_INFO, "%s (%u)",
2418 ipprotostr(iph->ip_p), iph->ip_p);
2420 call_dissector(data_handle,next_tvb, pinfo, parent_tree);
2422 pinfo->fragmented = save_fragmented;
2426 dissect_ip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
2428 int length, tot_length;
2429 guint8 oct, version, ihl;
2433 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2434 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2435 |Version| IHL |Type of Service| Total Length |
2436 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2439 length = tvb_length(tvb);
2441 /* Need at least 4 bytes to make some sort of decision */
2444 oct = tvb_get_guint8(tvb,0);
2448 /* TODO: Add IPv6 checks here */
2450 3. IPv6 Header Format
2453 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2454 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2455 |Version| Traffic Class | Flow Label |
2456 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2457 | Payload Length | Next Header | Hop Limit |
2458 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2466 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2470 + Destination Address +
2474 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
2476 Version 4-bit Internet Protocol version number = 6.
2478 Traffic Class 8-bit traffic class field. See section 7.
2480 Flow Label 20-bit flow label. See section 6.
2482 Payload Length 16-bit unsigned integer. Length of the IPv6
2483 payload, i.e., the rest of the packet following
2484 this IPv6 header, in octets. (Note that any
2485 extension headers [section 4] present are
2486 considered part of the payload, i.e., included
2487 in the length count.)
2492 /* Need at least 8 bytes to make a decision */
2495 tot_length = tvb_get_ntohs(tvb,4);
2496 if((tot_length + 40) != (int)tvb_reported_length(tvb)){
2499 call_dissector(ipv6_handle, tvb, pinfo, tree);
2502 /* version == IPv4 , the minimum value for a correct header is 5 */
2503 if((version != 4)|| (ihl < 5)){
2506 /* Total Length is the length of the datagram, measured in octets,
2507 * including internet header and data.
2509 tot_length = tvb_get_ntohs(tvb,2);
2511 if(tot_length != (int)tvb_reported_length(tvb)){
2515 dissect_ip(tvb, pinfo, tree);
2520 proto_register_ip(void)
2522 #define ARG_TO_STR(ARG) #ARG
2523 #define FLAGS_OFFSET_WIDTH_MSG(WIDTH) \
2524 "Flags (" ARG_TO_STR(WIDTH) " bits)"
2525 #define FRAG_OFFSET_WIDTH_MSG(WIDTH) \
2526 "Fragment offset (" ARG_TO_STR(WIDTH) " bits)"
2528 static hf_register_info hf[] = {
2530 { "Version", "ip.version", FT_UINT8, BASE_DEC,
2531 NULL, 0x0, NULL, HFILL }},
2534 { "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC,
2535 NULL, 0x0, NULL, HFILL }},
2538 { "Differentiated Services field", "ip.dsfield", FT_UINT8, BASE_DEC,
2539 NULL, 0x0, NULL, HFILL }},
2541 { &hf_ip_dsfield_dscp,
2542 { "Differentiated Services Codepoint", "ip.dsfield.dscp", FT_UINT8, BASE_HEX | BASE_EXT_STRING,
2543 &dscp_vals_ext, IPDSFIELD_DSCP_MASK, NULL, HFILL }},
2545 { &hf_ip_dsfield_ecn,
2546 { "Explicit Congestion Notification", "ip.dsfield.ecn", FT_UINT8, BASE_HEX,
2547 VALS(ecn_vals), IPDSFIELD_ECN_MASK, NULL, HFILL }},
2550 { "Type of Service", "ip.tos", FT_UINT8, BASE_DEC,
2551 NULL, 0x0, NULL, HFILL }},
2553 { &hf_ip_tos_precedence,
2554 { "Precedence", "ip.tos.precedence", FT_UINT8, BASE_DEC,
2555 VALS(precedence_vals), IPTOS_PREC_MASK, NULL, HFILL }},
2558 { "Delay", "ip.tos.delay", FT_BOOLEAN, 8,
2559 TFS(&tos_set_low), IPTOS_LOWDELAY, NULL, HFILL }},
2561 { &hf_ip_tos_throughput,
2562 { "Throughput", "ip.tos.throughput", FT_BOOLEAN, 8,
2563 TFS(&tos_set_high), IPTOS_THROUGHPUT, NULL, HFILL }},
2565 { &hf_ip_tos_reliability,
2566 { "Reliability", "ip.tos.reliability", FT_BOOLEAN, 8,
2567 TFS(&tos_set_high), IPTOS_RELIABILITY, NULL, HFILL }},
2570 { "Cost", "ip.tos.cost", FT_BOOLEAN, 8,
2571 TFS(&tos_set_low), IPTOS_LOWCOST, NULL, HFILL }},
2574 { "Total Length", "ip.len", FT_UINT16, BASE_DEC,
2575 NULL, 0x0, NULL, HFILL }},
2578 { "Identification", "ip.id", FT_UINT16, BASE_HEX_DEC,
2579 NULL, 0x0, NULL, HFILL }},
2582 { "Destination", "ip.dst", FT_IPv4, BASE_NONE,
2583 NULL, 0x0, NULL, HFILL }},
2586 { "Destination Host", "ip.dst_host", FT_STRING, BASE_NONE,
2587 NULL, 0x0, NULL, HFILL }},
2590 { "Source", "ip.src", FT_IPv4, BASE_NONE,
2591 NULL, 0x0, NULL, HFILL }},
2594 { "Source Host", "ip.src_host", FT_STRING, BASE_NONE,
2595 NULL, 0x0, NULL, HFILL }},
2598 { "Source or Destination Address", "ip.addr", FT_IPv4, BASE_NONE,
2599 NULL, 0x0, NULL, HFILL }},
2602 { "Source or Destination Host", "ip.host", FT_STRING, BASE_NONE,
2603 NULL, 0x0, NULL, HFILL }},
2606 { &hf_geoip_country,
2607 { "Source or Destination GeoIP Country", "ip.geoip.country",
2608 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2610 { "Source or Destination GeoIP City", "ip.geoip.city",
2611 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2613 { "Source or Destination GeoIP Organization", "ip.geoip.org",
2614 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2616 { "Source or Destination GeoIP ISP", "ip.geoip.isp",
2617 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2619 { "Source or Destination GeoIP AS Number", "ip.geoip.asnum",
2620 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2622 { "Source or Destination GeoIP Latitude", "ip.geoip.lat",
2623 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2625 { "Source or Destination GeoIP Longitude", "ip.geoip.lon",
2626 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2627 { &hf_geoip_src_country,
2628 { "Source GeoIP Country", "ip.geoip.src_country",
2629 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2630 { &hf_geoip_src_city,
2631 { "Source GeoIP City", "ip.geoip.src_city",
2632 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2633 { &hf_geoip_src_org,
2634 { "Source GeoIP Organization", "ip.geoip.src_org",
2635 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2636 { &hf_geoip_src_isp,
2637 { "Source GeoIP ISP", "ip.geoip.src_isp",
2638 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2639 { &hf_geoip_src_asnum,
2640 { "Source GeoIP AS Number", "ip.geoip.src_asnum",
2641 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2642 { &hf_geoip_src_lat,
2643 { "Source GeoIP Latitude", "ip.geoip.src_lat",
2644 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2645 { &hf_geoip_src_lon,
2646 { "Source GeoIP Longitude", "ip.geoip.src_lon",
2647 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2648 { &hf_geoip_dst_country,
2649 { "Destination GeoIP Country", "ip.geoip.dst_country",
2650 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2651 { &hf_geoip_dst_city,
2652 { "Destination GeoIP City", "ip.geoip.dst_city",
2653 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2654 { &hf_geoip_dst_org,
2655 { "Destination GeoIP Organization", "ip.geoip.dst_org",
2656 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2657 { &hf_geoip_dst_isp,
2658 { "Destination GeoIP ISP", "ip.geoip.dst_isp",
2659 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2660 { &hf_geoip_dst_asnum,
2661 { "Destination GeoIP AS Number", "ip.geoip.dst_asnum",
2662 FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2663 { &hf_geoip_dst_lat,
2664 { "Destination GeoIP Latitude", "ip.geoip.dst_lat",
2665 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2666 { &hf_geoip_dst_lon,
2667 { "Destination GeoIP Longitude", "ip.geoip.dst_lon",
2668 FT_DOUBLE, BASE_NONE, NULL, 0x0, NULL, HFILL }},
2669 #endif /* HAVE_GEOIP */
2672 { "Flags", "ip.flags", FT_UINT8, BASE_HEX,
2673 NULL, 0x0, FLAGS_OFFSET_WIDTH_MSG(IP_FLAGS_WIDTH), HFILL }},
2676 { "Security flag", "ip.flags.sf", FT_BOOLEAN, BASE_NONE,
2677 TFS(&flags_sf_set_evil), 0x0, "Security flag (RFC 3514)", HFILL }},
2680 { "Reserved bit", "ip.flags.rb", FT_BOOLEAN, BASE_NONE,
2681 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2684 { "Don't fragment", "ip.flags.df", FT_BOOLEAN, BASE_NONE,
2685 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2688 { "More fragments", "ip.flags.mf", FT_BOOLEAN, BASE_NONE,
2689 TFS(&tfs_set_notset), 0x0, NULL, HFILL }},
2691 { &hf_ip_frag_offset,
2692 { "Fragment offset", "ip.frag_offset", FT_UINT16, BASE_DEC,
2693 NULL, 0x0, FRAG_OFFSET_WIDTH_MSG(IP_OFFSET_WIDTH), HFILL }},
2696 { "Time to live", "ip.ttl", FT_UINT8, BASE_DEC,
2697 NULL, 0x0, NULL, HFILL }},
2700 { "Protocol", "ip.proto", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2701 &ipproto_val_ext, 0x0, NULL, HFILL }},
2704 { "Header checksum", "ip.checksum", FT_UINT16, BASE_HEX,
2705 NULL, 0x0, NULL, HFILL }},
2707 { &hf_ip_checksum_good,
2708 { "Good", "ip.checksum_good", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2709 "True: checksum matches packet content; False: doesn't match content or not checked", HFILL }},
2711 { &hf_ip_checksum_bad,
2712 { "Bad", "ip.checksum_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2713 "True: checksum doesn't match packet content; False: matches content or not checked", HFILL }},
2715 /* IP options related fields */
2717 { "Type", "ip.opt.type", FT_UINT8, BASE_DEC,
2718 NULL, 0x0, NULL, HFILL }},
2720 { &hf_ip_opt_type_copy,
2721 { "Copy on fragmentation", "ip.opt.type.copy", FT_BOOLEAN, 8,
2722 TFS(&tfs_yes_no), IPOPT_COPY_MASK, NULL, HFILL }},
2724 { &hf_ip_opt_type_class,
2725 { "Class", "ip.opt.type.class", FT_UINT8, BASE_DEC,
2726 VALS(ipopt_type_class_vals), IPOPT_CLASS_MASK, NULL, HFILL }},
2728 { &hf_ip_opt_type_number,
2729 { "Number", "ip.opt.type.number", FT_UINT8, BASE_DEC,
2730 VALS(ipopt_type_number_vals), IPOPT_NUMBER_MASK, NULL, HFILL }},
2733 { "Length", "ip.opt.len", FT_UINT8, BASE_DEC,
2734 NULL, 0x0, NULL, HFILL }},
2737 { "Pointer", "ip.opt.ptr", FT_UINT8, BASE_DEC,
2738 NULL, 0x0, NULL, HFILL }},
2741 { "Stream Identifier", "ip.opt.sid", FT_UINT16, BASE_DEC,
2742 NULL, 0x0, "SATNET stream identifier", HFILL }},
2745 { "MTU", "ip.opt.mtu", FT_UINT16, BASE_DEC,
2746 NULL, 0x0, NULL, HFILL }},
2748 { &hf_ip_opt_id_number,
2749 { "ID Number", "ip.opt.id_number", FT_UINT16, BASE_DEC,
2750 NULL, 0x0, NULL, HFILL }},
2753 { "Outbound Hop Count", "ip.opt.ohc", FT_UINT16, BASE_DEC,
2754 NULL, 0x0, NULL, HFILL }},
2757 { "Return Hop Count", "ip.opt.rhc", FT_UINT16, BASE_DEC,
2758 NULL, 0x0, NULL, HFILL }},
2760 { &hf_ip_opt_originator,
2761 { "Originator IP Address", "ip.opt.originator", FT_IPv4, BASE_NONE,
2762 NULL, 0x0, NULL, HFILL }},
2765 { "Router Alert", "ip.opt.ra", FT_UINT16, BASE_DEC | BASE_RANGE_STRING,
2766 RVALS(ra_rvals), 0x0, NULL, HFILL }},
2769 { "IP Address", "ip.opt.addr", FT_IPv4, BASE_NONE,
2770 NULL, 0x0, NULL, HFILL }},
2772 { &hf_ip_opt_padding,
2773 { "Padding", "ip.opt.padding", FT_BYTES, BASE_NONE,
2774 NULL, 0x0, NULL, HFILL }},
2776 { &hf_ip_opt_qs_func,
2777 { "Function", "ip.opt.qs_func", FT_UINT8, BASE_DEC,
2778 VALS(qs_func_vals), QS_FUNC_MASK, NULL, HFILL }},
2780 { &hf_ip_opt_qs_rate,
2781 { "Rate", "ip.opt.qs_rate", FT_UINT8, BASE_DEC | BASE_EXT_STRING,
2782 &qs_rate_vals_ext, QS_RATE_MASK, NULL, HFILL }},
2784 { &hf_ip_opt_qs_ttl,
2785 { "QS TTL", "ip.opt.qs_ttl", FT_UINT8, BASE_DEC,
2786 NULL, 0x0, NULL, HFILL }},
2788 { &hf_ip_opt_qs_ttl_diff,
2789 { "TTL Diff", "ip.opt.qs_ttl_diff", FT_UINT8, BASE_DEC,
2790 NULL, 0x0, NULL, HFILL }},
2792 { &hf_ip_opt_qs_unused,
2793 { "Not Used", "ip.opt.qs_unused", FT_UINT8, BASE_DEC,
2794 NULL, 0x0, NULL, HFILL }},
2796 { &hf_ip_opt_qs_nonce,
2797 { "QS Nonce", "ip.opt.qs_nonce", FT_UINT32, BASE_HEX,
2798 NULL, 0xFFFFFFFC, NULL, HFILL }},
2800 { &hf_ip_opt_qs_reserved,
2801 { "Reserved", "ip.opt.qs_reserved", FT_UINT32, BASE_HEX,
2802 NULL, 0x00000003, NULL, HFILL }},
2804 { &hf_ip_opt_sec_rfc791_sec,
2805 { "Security", "ip.opt.sec_rfc791_sec", FT_UINT8, BASE_HEX,
2806 VALS(secl_rfc791_vals), 0x0, NULL, HFILL }},
2808 { &hf_ip_opt_sec_rfc791_comp,
2809 { "Compartments", "ip.opt.sec_rfc791_comp", FT_UINT16, BASE_DEC,
2810 NULL, 0x0, NULL, HFILL }},
2812 { &hf_ip_opt_sec_rfc791_hr,
2813 { "Handling Restrictions", "ip.opt.sec_rfc791_hr", FT_STRING, BASE_NONE,
2814 NULL, 0x0, NULL, HFILL }},
2816 { &hf_ip_opt_sec_rfc791_tcc,
2817 { "Transmission Control Code", "ip.opt.sec_rfc791_tcc", FT_STRING, BASE_NONE,
2818 NULL, 0x0, NULL, HFILL }},
2820 { &hf_ip_opt_sec_cl,
2821 { "Classification Level", "ip.opt.sec_cl", FT_UINT8, BASE_HEX,
2822 VALS(sec_cl_vals), 0x0, NULL, HFILL }},
2824 { &hf_ip_opt_sec_prot_auth_flags,
2825 { "Protection Authority Flags", "ip.opt.sec_prot_auth_flags", FT_UINT8, BASE_HEX,
2826 NULL, 0x0, NULL, HFILL }},
2828 { &hf_ip_opt_sec_prot_auth_genser,
2829 { "GENSER", "ip.opt.sec_prot_auth_genser", FT_BOOLEAN, 8,
2830 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x80, NULL, HFILL }},
2832 { &hf_ip_opt_sec_prot_auth_siop_esi,
2833 { "SIOP-ESI", "ip.opt.sec_prot_auth_siop_esi", FT_BOOLEAN, 8,
2834 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x40, NULL, HFILL }},
2836 { &hf_ip_opt_sec_prot_auth_sci,
2837 { "SCI", "ip.opt.sec_prot_auth_sci", FT_BOOLEAN, 8,
2838 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x20, NULL, HFILL }},
2840 { &hf_ip_opt_sec_prot_auth_nsa,
2841 { "NSA", "ip.opt.sec_prot_auth_nsa", FT_BOOLEAN, 8,
2842 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x10, NULL, HFILL }},
2844 { &hf_ip_opt_sec_prot_auth_doe,
2845 { "DOE", "ip.opt.sec_prot_auth_doe", FT_BOOLEAN, 8,
2846 TFS(&ip_opt_sec_prot_auth_flag_tfs), 0x08, NULL, HFILL }},
2848 { &hf_ip_opt_sec_prot_auth_unassigned,
2849 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2850 NULL, 0x06, NULL, HFILL }},
2852 { &hf_ip_opt_sec_prot_auth_unassigned2,
2853 { "Unassigned", "ip.opt.sec_prot_auth_unassigned", FT_UINT8, BASE_HEX,
2854 NULL, 0xFE, NULL, HFILL }},
2856 { &hf_ip_opt_sec_prot_auth_fti,
2857 { "Field Termination Indicator", "ip.opt.sec_prot_auth_fti", FT_BOOLEAN, 8,
2858 TFS(&ip_opt_sec_prot_auth_fti_tfs), 0x01, NULL, HFILL }},
2860 { &hf_ip_opt_ext_sec_add_sec_info_format_code,
2861 { "Additional Security Info Format Code", "ip.opt.ext_sec_add_sec_info_format_code", FT_UINT8, BASE_HEX,
2862 NULL, 0x0, NULL, HFILL }},
2864 { &hf_ip_opt_ext_sec_add_sec_info,
2865 { "Additional Security Info", "ip.opt.ext_sec_add_sec_info", FT_BYTES, BASE_NONE,
2866 NULL, 0x0, NULL, HFILL }},
2869 { "Recorded Route", "ip.rec_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2872 { &hf_ip_rec_rt_host,
2873 { "Recorded Route Host", "ip.rec_rt_host", FT_STRING, BASE_NONE,
2874 NULL, 0x0, NULL, HFILL }},
2877 { "Current Route", "ip.cur_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2880 { &hf_ip_cur_rt_host,
2881 { "Current Route Host", "ip.cur_rt_host", FT_STRING, BASE_NONE,
2882 NULL, 0x0, NULL, HFILL }},
2885 { "Source Route", "ip.src_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2888 { &hf_ip_src_rt_host,
2889 { "Source Route Host", "ip.src_rt_host", FT_STRING, BASE_NONE,
2890 NULL, 0x0, NULL, HFILL }},
2893 { "Empty Route", "ip.empty_rt", FT_IPv4, BASE_NONE, NULL, 0x0,
2896 { &hf_ip_empty_rt_host,
2897 { "Empty Route Host", "ip.empty_rt_host", FT_STRING, BASE_NONE,
2898 NULL, 0x0, NULL, HFILL }},
2900 { &hf_ip_fragment_overlap,
2901 { "Fragment overlap", "ip.fragment.overlap", FT_BOOLEAN, BASE_NONE,
2902 NULL, 0x0, "Fragment overlaps with other fragments", HFILL }},
2904 { &hf_ip_fragment_overlap_conflict,
2905 { "Conflicting data in fragment overlap", "ip.fragment.overlap.conflict",
2906 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2907 "Overlapping fragments contained conflicting data", HFILL }},
2909 { &hf_ip_fragment_multiple_tails,
2910 { "Multiple tail fragments found", "ip.fragment.multipletails",
2911 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2912 "Several tails were found when defragmenting the packet", HFILL }},
2914 { &hf_ip_fragment_too_long_fragment,
2915 { "Fragment too long", "ip.fragment.toolongfragment",
2916 FT_BOOLEAN, BASE_NONE, NULL, 0x0,
2917 "Fragment contained data past end of packet", HFILL }},
2919 { &hf_ip_fragment_error,
2920 { "Defragmentation error", "ip.fragment.error", FT_FRAMENUM, BASE_NONE,
2921 NULL, 0x0, "Defragmentation error due to illegal fragments", HFILL }},
2923 { &hf_ip_fragment_count,
2924 { "Fragment count", "ip.fragment.count", FT_UINT32, BASE_DEC,
2925 NULL, 0x0, NULL, HFILL }},
2928 { "IPv4 Fragment", "ip.fragment", FT_FRAMENUM, BASE_NONE,
2929 NULL, 0x0, NULL, HFILL }},
2932 { "IPv4 Fragments", "ip.fragments", FT_BYTES, BASE_NONE,
2933 NULL, 0x0, NULL, HFILL }},
2935 { &hf_ip_reassembled_in,
2936 { "Reassembled IPv4 in frame", "ip.reassembled_in", FT_FRAMENUM, BASE_NONE,
2937 NULL, 0x0, "This IPv4 packet is reassembled in this frame", HFILL }},
2939 { &hf_ip_reassembled_length,
2940 { "Reassembled IPv4 length", "ip.reassembled.length", FT_UINT32, BASE_DEC,
2941 NULL, 0x0, "The total length of the reassembled payload", HFILL }},
2943 { &hf_ip_reassembled_data,
2944 { "Reassembled IPv4 data", "ip.reassembled.data", FT_BYTES, BASE_NONE,
2945 NULL, 0x0, "The reassembled payload", HFILL }}
2948 static gint *ett[] = {
2954 &ett_ip_option_eool,
2957 &ett_ip_option_route,
2958 &ett_ip_option_timestamp,
2959 &ett_ip_option_ext_security,
2960 &ett_ip_option_cipso,
2967 &ett_ip_option_other,
2972 &ett_ip_opt_sec_prot_auth_flags,
2977 module_t *ip_module;
2979 proto_ip = proto_register_protocol("Internet Protocol Version 4", "IPv4", "ip");
2980 proto_register_field_array(proto_ip, hf, array_length(hf));
2981 proto_register_subtree_array(ett, array_length(ett));
2983 /* subdissector code */
2984 ip_dissector_table = register_dissector_table("ip.proto", "IPv4 protocol",
2985 FT_UINT8, BASE_DEC);
2987 /* Register configuration options */
2988 ip_module = prefs_register_protocol(proto_ip, NULL);
2989 prefs_register_bool_preference(ip_module, "decode_tos_as_diffserv",
2990 "Decode IPv4 TOS field as DiffServ field",
2991 "Whether the IPv4 type-of-service field should be decoded as a "
2992 "Differentiated Services field (see RFC2474/RFC2475)", &g_ip_dscp_actif);
2993 prefs_register_bool_preference(ip_module, "defragment",
2994 "Reassemble fragmented IPv4 datagrams",
2995 "Whether fragmented IPv4 datagrams should be reassembled", &ip_defragment);
2996 prefs_register_bool_preference(ip_module, "summary_in_tree",
2997 "Show IPv4 summary in protocol tree",
2998 "Whether the IPv4 summary line should be shown in the protocol tree",
2999 &ip_summary_in_tree);
3000 prefs_register_bool_preference(ip_module, "check_checksum",
3001 "Validate the IPv4 checksum if possible",
3002 "Whether to validate the IPv4 checksum", &ip_check_checksum);
3003 prefs_register_bool_preference(ip_module, "tso_support",
3004 "Support packet-capture from IP TSO-enabled hardware",
3005 "Whether to correct for TSO-enabled (TCP segmentation offload) hardware "
3006 "captures, such as spoofing the IP packet length", &ip_tso_supported);
3008 prefs_register_bool_preference(ip_module, "use_geoip",
3009 "Enable GeoIP lookups",
3010 "Whether to look up IP addresses in each GeoIP database we have loaded",
3012 #endif /* HAVE_GEOIP */
3013 prefs_register_bool_preference(ip_module, "security_flag" ,
3014 "Interpret Reserved flag as Security flag (RFC 3514)",
3015 "Whether to interpret the originally reserved flag as security flag",
3018 register_dissector("ip", dissect_ip, proto_ip);
3019 register_init_routine(ip_defragment_init);
3020 ip_tap = register_tap("ip");
3024 proto_reg_handoff_ip(void)
3026 dissector_handle_t ip_handle;
3028 ip_handle = find_dissector("ip");
3029 ipv6_handle = find_dissector("ipv6");
3030 tapa_handle = find_dissector("tapa");
3031 data_handle = find_dissector("data");
3033 dissector_add_uint("ethertype", ETHERTYPE_IP, ip_handle);
3034 dissector_add_uint("ppp.protocol", PPP_IP, ip_handle);
3035 dissector_add_uint("ppp.protocol", ETHERTYPE_IP, ip_handle);
3036 dissector_add_uint("gre.proto", ETHERTYPE_IP, ip_handle);
3037 dissector_add_uint("gre.proto", GRE_WCCP, ip_handle);
3038 dissector_add_uint("llc.dsap", SAP_IP, ip_handle);
3039 dissector_add_uint("ip.proto", IP_PROTO_IPIP, ip_handle);
3040 dissector_add_uint("null.type", BSD_AF_INET, ip_handle);
3041 dissector_add_uint("chdlctype", ETHERTYPE_IP, ip_handle);
3042 dissector_add_uint("osinl.excl", NLPID_IP, ip_handle);
3043 dissector_add_uint("fr.ietf", NLPID_IP, ip_handle);
3044 dissector_add_uint("x.25.spi", NLPID_IP, ip_handle);
3045 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1051, ip_handle);
3046 dissector_add_uint("arcnet.protocol_id", ARCNET_PROTO_IP_1201, ip_handle);
3047 dissector_add_uint("ax25.pid", AX25_P_IP, ip_handle);
3048 dissector_add_handle("udp.port", ip_handle);
3050 heur_dissector_add("tipc", dissect_ip_heur, proto_ip);
3054 * Editor modelines - http://www.wireshark.org/tools/modelines.html
3059 * indent-tabs-mode: nil
3062 * vi: set shiftwidth=2 tabstop=8 expandtab:
3063 * :indentSize=2:tabSize=8:noTabs=true: