static expert_field ei_ip_ttl_lncb = EI_INIT;
static expert_field ei_ip_ttl_too_small = EI_INIT;
static expert_field ei_ip_cipso_tag = EI_INIT;
+static expert_field ei_ip_bogus_ip_version = EI_INIT;
#ifdef HAVE_GEOIP
}
static void
-dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
+dissect_ip_v4(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
{
proto_tree *ip_tree, *field_tree = NULL;
proto_item *ti, *tf;
col_clear(pinfo->cinfo, COL_INFO);
iph->ip_v_hl = tvb_get_guint8(tvb, offset);
- if ( hi_nibble(iph->ip_v_hl) == 6) {
- call_dissector(ipv6_handle, tvb, pinfo, parent_tree);
- return;
- }
hlen = lo_nibble(iph->ip_v_hl) * 4; /* IP header length, in bytes */
"Local Network Control Block (see RFC 3171)",
ttl);
}
- } else if (!is_a_multicast_addr(dst32) && iph->ip_ttl < 5 &&
- (iph->ip_p != IP_PROTO_PIM)) {
+ } else if (!is_a_multicast_addr(dst32) &&
+ /* At least BGP should appear here as well */
+ iph->ip_ttl < 5 &&
+ iph->ip_p != IP_PROTO_PIM &&
+ iph->ip_p != IP_PROTO_OSPF) {
expert_add_info_format(pinfo, ttl_item, &ei_ip_ttl_too_small, "\"Time To Live\" only %u", iph->ip_ttl);
}
pinfo->fragmented = save_fragmented;
}
+static void
+dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+ proto_tree *ip_tree;
+ proto_item *ti, *tf;
+ guint8 version;
+
+ version = tvb_get_guint8(tvb, 0) >> 4;
+
+ if(version == 4){
+ dissect_ip_v4(tvb, pinfo, tree);
+ return;
+ }
+ if(version == 6){
+ call_dissector(ipv6_handle, tvb, pinfo, tree);
+ return;
+ }
+
+ /* Bogus IP version */
+ ti = proto_tree_add_protocol_format(tree, proto_ip, tvb, 0, 1, "Internet Protocol, bogus version (%u)", version);
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "IP");
+ col_clear(pinfo->cinfo, COL_INFO);
+ col_add_fstr(pinfo->cinfo, COL_INFO, "Bogus IP version (%u)", version);
+ ip_tree = proto_item_add_subtree(ti, ett_ip);
+ tf = proto_tree_add_item(ip_tree, hf_ip_version, tvb, 0, 1, ENC_NA);
+ expert_add_info(pinfo, tf, &ei_ip_bogus_ip_version);
+}
+
static gboolean
dissect_ip_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_)
{
ihl = oct & 0x0f;
version = oct >> 4;
if(version == 6){
- /* TODO: Add IPv6 checks here */
/*
3. IPv6 Header Format
return FALSE;
}
- dissect_ip(tvb, pinfo, tree);
+ dissect_ip_v4(tvb, pinfo, tree);
return TRUE;
}
{ &ei_ip_ttl_lncb, { "ip.ttl.lncb", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
{ &ei_ip_ttl_too_small, { "ip.ttl.too_small", PI_SEQUENCE, PI_NOTE, "Time To Live", EXPFILL }},
{ &ei_ip_cipso_tag, { "ip.cipso.malformed", PI_SEQUENCE, PI_ERROR, "Malformed CIPSO tag", EXPFILL }},
+ { &ei_ip_bogus_ip_version, { "ip.bogus_ip_version", PI_PROTOCOL, PI_ERROR, "Bogus IP version", EXPFILL }},
};
/* Decode As handling */
dissector_add_uint("sflow_245.header_protocol", SFLOW_245_HEADER_IPv4, ip_handle);
dissector_add_uint("l2tp.pw_type", L2TPv3_PROTOCOL_IP, ip_handle);
dissector_add_for_decode_as("udp.port", ip_handle);
+ dissector_add_for_decode_as("pcli.payload", ip_handle);
dissector_add_uint("wtap_encap", WTAP_ENCAP_RAW_IP4, ip_handle);
- heur_dissector_add("tipc", dissect_ip_heur, "IP over TIPC", "ip_tipc", proto_ip);
+ heur_dissector_add("tipc", dissect_ip_heur, "IP over TIPC", "ip_tipc", proto_ip, HEURISTIC_ENABLE);
}
/*
git.samba.org / metze / wireshark / wip.git / blobdiff