/* packet-ip.c
* Routines for IP and miscellaneous IP protocol packet disassembly
*
- * $Id: packet-ip.c,v 1.55 1999/10/15 05:30:35 itojun Exp $
+ * $Id: packet-ip.c,v 1.115 2000/12/29 04:16:57 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
#include <stdio.h>
#include <string.h>
#include <glib.h>
-#include "packet.h"
-#include "resolv.h"
-#include "util.h"
#ifdef NEED_SNPRINTF_H
-# ifdef HAVE_STDARG_H
-# include <stdarg.h>
-# else
-# include <varargs.h>
-# endif
# include "snprintf.h"
#endif
-#ifndef __PACKET_IP_H__
+#include "packet.h"
+#include "resolv.h"
+#include "prefs.h"
+#include "etypes.h"
+#include "ppptypes.h"
+#include "llcsaps.h"
+#include "aftypes.h"
#include "packet-ip.h"
-#endif
+#include "packet-ipsec.h"
+#include "in_cksum.h"
+
+static void dissect_icmp(tvbuff_t *, packet_info *, proto_tree *);
+static void dissect_igmp(tvbuff_t *, packet_info *, proto_tree *);
+
+/* Decode the old IPv4 TOS field as the DiffServ DS Field */
+gboolean g_ip_dscp_actif = TRUE;
static int proto_ip = -1;
static int hf_ip_version = -1;
static int hf_ip_hdr_len = -1;
+static int hf_ip_dsfield = -1;
+static int hf_ip_dsfield_dscp = -1;
+static int hf_ip_dsfield_ect = -1;
+static int hf_ip_dsfield_ce = -1;
static int hf_ip_tos = -1;
static int hf_ip_tos_precedence = -1;
+static int hf_ip_tos_delay = -1;
+static int hf_ip_tos_throughput = -1;
+static int hf_ip_tos_reliability = -1;
+static int hf_ip_tos_cost = -1;
static int hf_ip_len = -1;
static int hf_ip_id = -1;
static int hf_ip_dst = -1;
static int hf_ip_src = -1;
static int hf_ip_addr = -1;
static int hf_ip_flags = -1;
+static int hf_ip_flags_df = -1;
+static int hf_ip_flags_mf = -1;
static int hf_ip_frag_offset = -1;
static int hf_ip_ttl = -1;
static int hf_ip_proto = -1;
static int hf_ip_checksum = -1;
+static gint ett_ip = -1;
+static gint ett_ip_dsfield = -1;
+static gint ett_ip_tos = -1;
+static gint ett_ip_off = -1;
+static gint ett_ip_options = -1;
+static gint ett_ip_option_sec = -1;
+static gint ett_ip_option_route = -1;
+static gint ett_ip_option_timestamp = -1;
+
+/* Used by IPv6 as well, so not static */
+dissector_table_t ip_dissector_table;
+
static int proto_igmp = -1;
static int hf_igmp_version = -1;
static int hf_igmp_type = -1;
static int hf_igmp_checksum = -1;
static int hf_igmp_group = -1;
+static gint ett_igmp = -1;
+
static int proto_icmp = -1;
static int hf_icmp_type = -1;
static int hf_icmp_code = -1;
static int hf_icmp_checksum = -1;
-/* ICMP structs and definitions */
-typedef struct _e_icmp {
- guint8 icmp_type;
- guint8 icmp_code;
- guint16 icmp_cksum;
- union {
- struct { /* Address mask request/reply */
- guint16 id;
- guint16 seq;
- guint32 sn_mask;
- } am;
- struct { /* Timestap request/reply */
- guint16 id;
- guint16 seq;
- guint32 orig;
- guint32 recv;
- guint32 xmit;
- } ts;
- guint32 zero; /* Unreachable */
- } opt;
-} e_icmp;
+static gint ett_icmp = -1;
+
+/* ICMP definitions */
#define ICMP_ECHOREPLY 0
#define ICMP_UNREACH 3
/* IP structs and definitions */
-typedef struct _e_ip {
- guint8 ip_v_hl; /* combines ip_v and ip_hl */
- guint8 ip_tos;
- guint16 ip_len;
- guint16 ip_id;
- guint16 ip_off;
- guint8 ip_ttl;
- guint8 ip_p;
- guint16 ip_sum;
- guint32 ip_src;
- guint32 ip_dst;
-} e_ip;
+typedef struct _e_ip
+ {
+ guint8 ip_v_hl; /* combines ip_v and ip_hl */
+ guint8 ip_tos;
+ guint16 ip_len;
+ guint16 ip_id;
+ guint16 ip_off;
+ guint8 ip_ttl;
+ guint8 ip_p;
+ guint16 ip_sum;
+ guint32 ip_src;
+ guint32 ip_dst;
+ } e_ip;
+
+/* Offsets of fields within an IP header. */
+#define IPH_V_HL 0
+#define IPH_TOS 1
+#define IPH_LEN 2
+#define IPH_ID 4
+#define IPH_TTL 6
+#define IPH_OFF 8
+#define IPH_P 9
+#define IPH_SUM 10
+#define IPH_SRC 12
+#define IPH_DST 16
+
+/* Minimum IP header length. */
+#define IPH_MIN_LEN 20
/* IP flags. */
#define IP_CE 0x8000 /* Flag: "Congestion" */
#define IP_MF 0x2000 /* Flag: "More Fragments" */
#define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
+/* Differentiated Services Field. See RFCs 2474, 2597 and 2598. */
+#define IPDSFIELD_DSCP_MASK 0xFC
+#define IPDSFIELD_ECN_MASK 0x03
+#define IPDSFIELD_DSCP_SHIFT 2
+#define IPDSFIELD_DSCP(dsfield) (((dsfield)&IPDSFIELD_DSCP_MASK)>>IPDSFIELD_DSCP_SHIFT)
+#define IPDSFIELD_ECN(dsfield) ((dsfield)&IPDSFIELD_ECN_MASK)
+#define IPDSFIELD_DSCP_DEFAULT 0x00
+#define IPDSFIELD_DSCP_CS1 0x08
+#define IPDSFIELD_DSCP_CS2 0x10
+#define IPDSFIELD_DSCP_CS3 0x18
+#define IPDSFIELD_DSCP_CS4 0x20
+#define IPDSFIELD_DSCP_CS5 0x28
+#define IPDSFIELD_DSCP_CS6 0x30
+#define IPDSFIELD_DSCP_CS7 0x38
+#define IPDSFIELD_DSCP_AF11 0x0A
+#define IPDSFIELD_DSCP_AF12 0x0C
+#define IPDSFIELD_DSCP_AF13 0x0E
+#define IPDSFIELD_DSCP_AF21 0x12
+#define IPDSFIELD_DSCP_AF22 0x14
+#define IPDSFIELD_DSCP_AF23 0x16
+#define IPDSFIELD_DSCP_AF31 0x1A
+#define IPDSFIELD_DSCP_AF32 0x1C
+#define IPDSFIELD_DSCP_AF33 0x1E
+#define IPDSFIELD_DSCP_AF41 0x22
+#define IPDSFIELD_DSCP_AF42 0x24
+#define IPDSFIELD_DSCP_AF43 0x26
+#define IPDSFIELD_DSCP_EF 0x2E
+#define IPDSFIELD_ECT_MASK 0x02
+#define IPDSFIELD_CE_MASK 0x01
+
+/* IP TOS, superseded by the DS Field, RFC 2474. */
#define IPTOS_TOS_MASK 0x1E
#define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
#define IPTOS_NONE 0x00
#define IPTOS_SECURITY 0x1E
#define IPTOS_PREC_MASK 0xE0
-#define IPTOS_PREC(tos) ((tos)&IPTOS_PREC_MASK)
-#define IPTOS_PREC_NETCONTROL 0xe0
-#define IPTOS_PREC_INTERNETCONTROL 0xc0
-#define IPTOS_PREC_CRITIC_ECP 0xa0
-#define IPTOS_PREC_FLASHOVERRIDE 0x80
-#define IPTOS_PREC_FLASH 0x60
-#define IPTOS_PREC_IMMEDIATE 0x40
-#define IPTOS_PREC_PRIORITY 0x20
-#define IPTOS_PREC_ROUTINE 0x00
+#define IPTOS_PREC_SHIFT 5
+#define IPTOS_PREC(tos) (((tos)&IPTOS_PREC_MASK)>>IPTOS_PREC_SHIFT)
+#define IPTOS_PREC_NETCONTROL 7
+#define IPTOS_PREC_INTERNETCONTROL 6
+#define IPTOS_PREC_CRITIC_ECP 5
+#define IPTOS_PREC_FLASHOVERRIDE 4
+#define IPTOS_PREC_FLASH 3
+#define IPTOS_PREC_IMMEDIATE 2
+#define IPTOS_PREC_PRIORITY 1
+#define IPTOS_PREC_ROUTINE 0
/* IP options */
#define IPOPT_COPY 0x80
#define IPOLEN_RR_MIN 3
#define IPOLEN_SID 4
#define IPOLEN_SSRR_MIN 3
+#define IPOLEN_RA 4
#define IPSEC_UNCLASSIFIED 0x0000
#define IPSEC_CONFIDENTIAL 0xF135
void
-capture_ip(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) {
+capture_ip(const u_char *pd, int offset, packet_counts *ld) {
+ if (!BYTES_ARE_IN_FRAME(offset, IPH_MIN_LEN)) {
+ ld->other++;
+ return;
+ }
switch (pd[offset + 9]) {
+ case IP_PROTO_SCTP:
+ ld->sctp++;
+ break;
case IP_PROTO_TCP:
ld->tcp++;
break;
case IP_PROTO_GRE:
ld->gre++;
break;
+ case IP_PROTO_VINES:
+ ld->vines++;
+ break;
default:
ld->other++;
}
}
static void
-dissect_ipopt_security(const ip_tcp_opt *optp, const u_char *opd, int offset,
- guint optlen, proto_tree *opt_tree)
+dissect_ipopt_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
+ guint optlen, frame_data *fd, proto_tree *opt_tree)
{
proto_tree *field_tree = NULL;
proto_item *tf;
{IPSEC_RESERVED8, "Reserved" },
{0, NULL } };
- tf = proto_tree_add_text(opt_tree, offset, optlen, "%s:", optp->name);
- field_tree = proto_item_add_subtree(tf, optp->subtree_index);
+ tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s:", optp->name);
+ field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
offset += 2;
- val = pntohs(opd);
- proto_tree_add_text(field_tree, offset, 2,
+ val = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_text(field_tree, tvb, offset, 2,
"Security: %s", val_to_str(val, secl_vals, "Unknown (0x%x)"));
offset += 2;
- opd += 2;
- val = pntohs(opd);
- proto_tree_add_text(field_tree, offset, 2,
- "Compartments: %d", val);
+ val = tvb_get_ntohs(tvb, offset);
+ proto_tree_add_text(field_tree, tvb, offset, 2,
+ "Compartments: %u", val);
offset += 2;
- opd += 2;
- proto_tree_add_text(field_tree, offset, 2,
- "Handling restrictions: %c%c", opd[0], opd[1]);
+ proto_tree_add_text(field_tree, tvb, offset, 2,
+ "Handling restrictions: %c%c",
+ tvb_get_guint8(tvb, offset),
+ tvb_get_guint8(tvb, offset + 1));
offset += 2;
- opd += 2;
- proto_tree_add_text(field_tree, offset, 3,
- "Transmission control code: %c%c%c", opd[0], opd[1], opd[2]);
+ proto_tree_add_text(field_tree, tvb, offset, 3,
+ "Transmission control code: %c%c%c",
+ tvb_get_guint8(tvb, offset),
+ tvb_get_guint8(tvb, offset + 1),
+ tvb_get_guint8(tvb, offset + 2));
}
static void
-dissect_ipopt_route(const ip_tcp_opt *optp, const u_char *opd, int offset,
- guint optlen, proto_tree *opt_tree)
+dissect_ipopt_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
+ guint optlen, frame_data *fd, proto_tree *opt_tree)
{
proto_tree *field_tree = NULL;
proto_item *tf;
int optoffset = 0;
struct in_addr addr;
- tf = proto_tree_add_text(opt_tree, offset, optlen, "%s (%d bytes)",
+ tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
optp->name, optlen);
- field_tree = proto_item_add_subtree(tf, optp->subtree_index);
+ field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
optoffset += 2; /* skip past type and length */
optlen -= 2; /* subtract size of type and length */
- ptr = *opd;
- proto_tree_add_text(field_tree, offset + optoffset, 1,
+ ptr = tvb_get_guint8(tvb, offset + optoffset);
+ proto_tree_add_text(field_tree, tvb, offset + optoffset, 1,
"Pointer: %d%s", ptr,
((ptr < 4) ? " (points before first address)" :
((ptr & 3) ? " (points to middle of address)" : "")));
optoffset++;
- opd++;
optlen--;
ptr--; /* ptr is 1-origin */
while (optlen > 0) {
if (optlen < 4) {
- proto_tree_add_text(field_tree, offset, optlen,
+ proto_tree_add_text(field_tree, tvb, offset, optlen,
"(suboption would go past end of option)");
break;
}
/* Avoids alignment problems on many architectures. */
- memcpy((char *)&addr, (char *)opd, sizeof(addr));
+ tvb_memcpy(tvb, (guint8 *)&addr, offset + optoffset, sizeof(addr));
- proto_tree_add_text(field_tree, offset + optoffset, 4,
+ proto_tree_add_text(field_tree, tvb, offset + optoffset, 4,
"%s%s",
((addr.s_addr == 0) ? "-" : (char *)get_hostname(addr.s_addr)),
((optoffset == ptr) ? " <- (current)" : ""));
optoffset += 4;
- opd += 4;
optlen -= 4;
}
}
static void
-dissect_ipopt_sid(const ip_tcp_opt *optp, const u_char *opd, int offset,
- guint optlen, proto_tree *opt_tree)
+dissect_ipopt_sid(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
+ guint optlen, frame_data *fd, proto_tree *opt_tree)
{
- proto_tree_add_text(opt_tree, offset, optlen,
- "%s: %d", optp->name, pntohs(opd));
+ proto_tree_add_text(opt_tree, tvb, offset, optlen,
+ "%s: %u", optp->name, tvb_get_ntohs(tvb, offset + 2));
return;
}
static void
-dissect_ipopt_timestamp(const ip_tcp_opt *optp, const u_char *opd,
- int offset, guint optlen, proto_tree *opt_tree)
+dissect_ipopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb,
+ int offset, guint optlen, frame_data *fd, proto_tree *opt_tree)
{
proto_tree *field_tree = NULL;
proto_item *tf;
struct in_addr addr;
guint ts;
- tf = proto_tree_add_text(opt_tree, offset, optlen, "%s:", optp->name);
- field_tree = proto_item_add_subtree(tf, optp->subtree_index);
+ tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s:", optp->name);
+ field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
optoffset += 2; /* skip past type and length */
optlen -= 2; /* subtract size of type and length */
- ptr = *opd;
- proto_tree_add_text(field_tree, offset + optoffset, 1,
+ ptr = tvb_get_guint8(tvb, offset + optoffset);
+ proto_tree_add_text(field_tree, tvb, offset + optoffset, 1,
"Pointer: %d%s", ptr,
((ptr < 5) ? " (points before first address)" :
(((ptr - 1) & 3) ? " (points to middle of address)" : "")));
optoffset++;
- opd++;
optlen--;
ptr--; /* ptr is 1-origin */
- flg = *opd;
- proto_tree_add_text(field_tree, offset + optoffset, 1,
- "Overflow: %d", flg >> 4);
+ flg = tvb_get_guint8(tvb, offset + optoffset);
+ proto_tree_add_text(field_tree, tvb, offset + optoffset, 1,
+ "Overflow: %u", flg >> 4);
flg &= 0xF;
- proto_tree_add_text(field_tree, offset + optoffset, 1,
+ proto_tree_add_text(field_tree, tvb, offset + optoffset, 1,
"Flag: %s", val_to_str(flg, flag_vals, "Unknown (0x%x)"));
optoffset++;
- opd++;
optlen--;
while (optlen > 0) {
if (flg == IPOPT_TS_TSANDADDR) {
- if (optlen < 4) {
- proto_tree_add_text(field_tree, offset + optoffset, optlen,
- "(suboption would go past end of option)");
- break;
- }
- /* XXX - check whether it goes past end of packet */
- ts = pntohl(opd);
- opd += 4;
- optlen -= 4;
- if (optlen < 4) {
- proto_tree_add_text(field_tree, offset + optoffset, optlen,
+ if (optlen < 8) {
+ proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
"(suboption would go past end of option)");
break;
}
- /* XXX - check whether it goes past end of packet */
- memcpy((char *)&addr, (char *)opd, sizeof(addr));
- opd += 4;
- optlen -= 4;
- proto_tree_add_text(field_tree, offset, 8,
+ tvb_memcpy(tvb, (char *)&addr, offset + optoffset, sizeof(addr));
+ ts = tvb_get_ntohl(tvb, offset + optoffset + 4);
+ optlen -= 8;
+ proto_tree_add_text(field_tree, tvb, offset + optoffset, 8,
"Address = %s, time stamp = %u",
((addr.s_addr == 0) ? "-" : (char *)get_hostname(addr.s_addr)),
ts);
optoffset += 8;
} else {
if (optlen < 4) {
- proto_tree_add_text(field_tree, offset + optoffset, optlen,
+ proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
"(suboption would go past end of option)");
break;
}
- /* XXX - check whether it goes past end of packet */
- ts = pntohl(opd);
- opd += 4;
+ ts = tvb_get_ntohl(tvb, offset + optoffset);
optlen -= 4;
- proto_tree_add_text(field_tree, offset + optoffset, 4,
+ proto_tree_add_text(field_tree, tvb, offset + optoffset, 4,
"Time stamp = %u", ts);
optoffset += 4;
}
}
}
+static void
+dissect_ipopt_ra(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
+ guint optlen, frame_data *fd, proto_tree *opt_tree)
+{
+ /* Router-Alert, as defined by RFC2113 */
+ int opt = tvb_get_ntohs(tvb, offset + 2);
+ static const value_string ra_opts[] = {
+ {0, "Every router examines packet"} };
+
+ proto_tree_add_text(opt_tree, tvb, offset, optlen,
+ "%s: %s", optp->name, val_to_str(opt, ra_opts, "Unknown (%d)"));
+ return;
+}
+
static const ip_tcp_opt ipopts[] = {
{
IPOPT_END,
"EOL",
- -1,
+ NULL,
NO_LENGTH,
0,
NULL,
{
IPOPT_NOOP,
"NOP",
- -1,
+ NULL,
NO_LENGTH,
0,
NULL,
{
IPOPT_SEC,
"Security",
- ETT_IP_OPTION_SEC,
+ &ett_ip_option_sec,
FIXED_LENGTH,
IPOLEN_SEC,
dissect_ipopt_security
{
IPOPT_SSRR,
"Strict source route",
- ETT_IP_OPTION_ROUTE,
+ &ett_ip_option_route,
VARIABLE_LENGTH,
IPOLEN_SSRR_MIN,
dissect_ipopt_route
{
IPOPT_LSRR,
"Loose source route",
- ETT_IP_OPTION_ROUTE,
+ &ett_ip_option_route,
VARIABLE_LENGTH,
IPOLEN_LSRR_MIN,
dissect_ipopt_route
{
IPOPT_RR,
"Record route",
- ETT_IP_OPTION_ROUTE,
+ &ett_ip_option_route,
VARIABLE_LENGTH,
IPOLEN_RR_MIN,
dissect_ipopt_route
{
IPOPT_SID,
"Stream identifier",
- -1,
+ NULL,
FIXED_LENGTH,
IPOLEN_SID,
dissect_ipopt_sid
{
IPOPT_TIMESTAMP,
"Time stamp",
- ETT_IP_OPTION_TIMESTAMP,
+ &ett_ip_option_timestamp,
VARIABLE_LENGTH,
IPOLEN_TIMESTAMP_MIN,
dissect_ipopt_timestamp
- }
+ },
+ {
+ IPOPT_RA,
+ "Router Alert",
+ NULL,
+ FIXED_LENGTH,
+ IPOLEN_RA,
+ dissect_ipopt_ra
+ },
};
#define N_IP_OPTS (sizeof ipopts / sizeof ipopts[0])
/* Dissect the IP or TCP options in a packet. */
void
-dissect_ip_tcp_options(const u_char *opd, int offset, guint length,
+dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length,
const ip_tcp_opt *opttab, int nopts, int eol,
- proto_tree *opt_tree)
+ frame_data *fd, proto_tree *opt_tree)
{
u_char opt;
const ip_tcp_opt *optp;
int optlen;
char *name;
char name_str[7+1+1+2+2+1+1]; /* "Unknown (0x%02x)" */
- void (*dissect)(const struct ip_tcp_opt *, const u_char *,
- int, guint, proto_tree *);
+ void (*dissect)(const struct ip_tcp_opt *, tvbuff_t *,
+ int, guint, frame_data *, proto_tree *);
guint len;
while (length > 0) {
- opt = *opd++;
+ opt = tvb_get_guint8(tvb, offset);
for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
if (optp->optcode == opt)
break;
if (length == 0) {
/* Bogus - packet must at least include option code byte and
length byte! */
- proto_tree_add_text(opt_tree, offset, 1,
+ proto_tree_add_text(opt_tree, tvb, offset, 1,
"%s (length byte past end of options)", name);
return;
}
- len = *opd++; /* total including type, len */
+ len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
--length; /* account for length byte */
if (len < 2) {
/* Bogus - option length is too short to include option code and
option length. */
- proto_tree_add_text(opt_tree, offset, 2,
+ proto_tree_add_text(opt_tree, tvb, offset, 2,
"%s (with too-short option length = %u byte%s)", name,
- plurality(len, "", "s"));
+ len, plurality(len, "", "s"));
return;
} else if (len - 2 > length) {
/* Bogus - option goes past the end of the header. */
- proto_tree_add_text(opt_tree, offset, length,
+ proto_tree_add_text(opt_tree, tvb, offset, length,
"%s (option length = %u byte%s says option goes past end of options)",
name, len, plurality(len, "", "s"));
return;
} else if (len_type == FIXED_LENGTH && len != optlen) {
/* Bogus - option length isn't what it's supposed to be for this
option. */
- proto_tree_add_text(opt_tree, offset, len,
+ proto_tree_add_text(opt_tree, tvb, offset, len,
"%s (with option length = %u byte%s; should be %u)", name,
len, plurality(len, "", "s"), optlen);
return;
} else if (len_type == VARIABLE_LENGTH && len < optlen) {
/* Bogus - option length is less than what it's supposed to be for
this option. */
- proto_tree_add_text(opt_tree, offset, len,
+ proto_tree_add_text(opt_tree, tvb, offset, len,
"%s (with option length = %u byte%s; should be >= %u)", name,
len, plurality(len, "", "s"), optlen);
return;
} else {
if (optp == NULL) {
- proto_tree_add_text(opt_tree, offset, len, "%s (%d byte%s)",
+ proto_tree_add_text(opt_tree, tvb, offset, len, "%s (%u byte%s)",
name, len, plurality(len, "", "s"));
} else {
if (dissect != NULL) {
/* Option has a dissector. */
- (*dissect)(optp, opd, offset, len, opt_tree);
+ (*dissect)(optp, tvb, offset, len, fd, opt_tree);
} else {
/* Option has no data, hence no dissector. */
- proto_tree_add_text(opt_tree, offset, len, "%s", name);
+ proto_tree_add_text(opt_tree, tvb, offset, len, "%s", name);
}
}
len -= 2; /* subtract size of type and length */
offset += 2 + len;
}
- opd += len;
length -= len;
} else {
- proto_tree_add_text(opt_tree, offset, 1, "%s", name);
+ proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", name);
offset += 1;
}
if (opt == eol)
}
}
-static const value_string proto_vals[] = { {IP_PROTO_ICMP, "ICMP"},
- {IP_PROTO_IGMP, "IGMP"},
- {IP_PROTO_TCP, "TCP" },
- {IP_PROTO_UDP, "UDP" },
- {IP_PROTO_OSPF, "OSPF"},
- {IP_PROTO_RSVP, "RSVP"},
- {IP_PROTO_AH, "AH" },
- {IP_PROTO_GRE, "GRE" },
- {IP_PROTO_ESP, "ESP" },
- {IP_PROTO_IPV6, "IPv6"},
- {IP_PROTO_PIM, "PIM" },
- {0, NULL } };
+static const value_string dscp_vals[] = {
+ { IPDSFIELD_DSCP_DEFAULT, "Default" },
+ { IPDSFIELD_DSCP_CS1, "Class Selector 1" },
+ { IPDSFIELD_DSCP_CS2, "Class Selector 2" },
+ { IPDSFIELD_DSCP_CS3, "Class Selector 3" },
+ { IPDSFIELD_DSCP_CS4, "Class Selector 4" },
+ { IPDSFIELD_DSCP_CS5, "Class Selector 5" },
+ { IPDSFIELD_DSCP_CS6, "Class Selector 6" },
+ { IPDSFIELD_DSCP_CS7, "Class Selector 7" },
+ { IPDSFIELD_DSCP_AF11, "Assured Forwarding 11" },
+ { IPDSFIELD_DSCP_AF12, "Assured Forwarding 12" },
+ { IPDSFIELD_DSCP_AF13, "Assured Forwarding 13" },
+ { IPDSFIELD_DSCP_AF21, "Assured Forwarding 21" },
+ { IPDSFIELD_DSCP_AF22, "Assured Forwarding 22" },
+ { IPDSFIELD_DSCP_AF23, "Assured Forwarding 23" },
+ { IPDSFIELD_DSCP_AF31, "Assured Forwarding 31" },
+ { IPDSFIELD_DSCP_AF32, "Assured Forwarding 32" },
+ { IPDSFIELD_DSCP_AF33, "Assured Forwarding 33" },
+ { IPDSFIELD_DSCP_AF41, "Assured Forwarding 41" },
+ { IPDSFIELD_DSCP_AF42, "Assured Forwarding 42" },
+ { IPDSFIELD_DSCP_AF43, "Assured Forwarding 43" },
+ { IPDSFIELD_DSCP_EF, "Expedited Forwarding" },
+ { 0, NULL } };
static const value_string precedence_vals[] = {
{ IPTOS_PREC_ROUTINE, "routine" },
{ 0, NULL }
};
+static const true_false_string tos_set_low = {
+ "Low",
+ "Normal"
+};
+
+static const true_false_string tos_set_high = {
+ "High",
+ "Normal"
+};
+
+static const true_false_string flags_set_truth = {
+ "Set",
+ "Not set"
+};
+
+static guint16 ip_checksum(const guint8 *ptr, int len)
+{
+ vec_t cksum_vec[1];
+
+ cksum_vec[0].ptr = ptr;
+ cksum_vec[0].len = len;
+ return in_cksum(&cksum_vec[0], 1);
+}
+
void
-dissect_ip(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
+dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
e_ip iph;
proto_tree *ip_tree, *field_tree;
proto_item *ti, *tf;
- gchar tos_str[32];
- guint hlen, optlen, len;
+ int offset = 0;
+ guint hlen, optlen, len, payload_len, reported_payload_len, padding;
guint16 flags;
- int advance;
guint8 nxt;
+ guint16 ipsum;
+ tvbuff_t *next_tvb;
+
+ CHECK_DISPLAY_AS_DATA(proto_ip, tvb, pinfo, tree);
+
+ pinfo->current_proto = "IP";
+
+ if (check_col(pinfo->fd, COL_PROTOCOL))
+ col_set_str(pinfo->fd, COL_PROTOCOL, "IP");
+ if (check_col(pinfo->fd, COL_INFO))
+ col_clear(pinfo->fd, COL_INFO);
- /* To do: check for runts, errs, etc. */
/* Avoids alignment problems on many architectures. */
- memcpy(&iph, &pd[offset], sizeof(e_ip));
+ tvb_memcpy(tvb, (guint8 *)&iph, offset, sizeof(e_ip));
iph.ip_len = ntohs(iph.ip_len);
iph.ip_id = ntohs(iph.ip_id);
iph.ip_off = ntohs(iph.ip_off);
iph.ip_sum = ntohs(iph.ip_sum);
- /* Length of IP datagram plus headers above it. */
- len = iph.ip_len + offset;
-
- /* Set the payload and captured-payload lengths to the minima of (the
- IP length plus the length of the headers above it) and the frame
- lengths. */
- if (pi.len > len)
- pi.len = len;
- if (pi.captured_len > len)
- pi.captured_len = len;
+ /* Length of payload handed to us. */
+ reported_payload_len = tvb_reported_length(tvb);
+ payload_len = tvb_length(tvb);
+
+ /* Length of IP datagram. */
+ len = iph.ip_len;
+
+ if (len < reported_payload_len) {
+ /* Adjust the length of this tvbuff to include only the IP datagram.
+ Our caller may use that to determine how much of its packet
+ was padding. */
+ tvb_set_reported_length(tvb, len);
+
+ /* Shrink the total payload by the amount of padding. */
+ padding = reported_payload_len - len;
+ if (pinfo->len >= padding)
+ pinfo->len -= padding;
+
+ /* Shrink the captured payload by the amount of padding in the
+ captured payload (which may be less than the amount of padding,
+ as the padding may not have been captured). */
+ if (len < payload_len) {
+ padding = payload_len - len;
+ if (pinfo->captured_len >= padding)
+ pinfo->captured_len -= padding;
+ }
+ }
+ /* XXX - check to make sure this is at least IPH_MIN_LEN. */
hlen = lo_nibble(iph.ip_v_hl) * 4; /* IP header length, in bytes */
- switch (iph.ip_p) {
- case IP_PROTO_ICMP:
- case IP_PROTO_IGMP:
- case IP_PROTO_TCP:
- case IP_PROTO_UDP:
- case IP_PROTO_OSPF:
- case IP_PROTO_GRE:
- case IP_PROTO_ESP:
- case IP_PROTO_AH:
- case IP_PROTO_IPV6:
- case IP_PROTO_PIM:
- /* Names are set in the associated dissect_* routines */
- break;
- default:
- if (check_col(fd, COL_PROTOCOL))
- col_add_str(fd, COL_PROTOCOL, "IP");
- if (check_col(fd, COL_INFO))
- col_add_fstr(fd, COL_INFO, "%s (0x%02x)",
- ipprotostr(iph.ip_p), iph.ip_p);
- }
-
- if (check_col(fd, COL_RES_NET_SRC))
- col_add_str(fd, COL_RES_NET_SRC, get_hostname(iph.ip_src));
- if (check_col(fd, COL_UNRES_NET_SRC))
- col_add_str(fd, COL_UNRES_NET_SRC, ip_to_str((guint8 *) &iph.ip_src));
- if (check_col(fd, COL_RES_NET_DST))
- col_add_str(fd, COL_RES_NET_DST, get_hostname(iph.ip_dst));
- if (check_col(fd, COL_UNRES_NET_DST))
- col_add_str(fd, COL_UNRES_NET_DST, ip_to_str((guint8 *) &iph.ip_dst));
-
if (tree) {
-
- switch (IPTOS_TOS(iph.ip_tos)) {
- case IPTOS_NONE:
- strcpy(tos_str, "None");
- break;
- case IPTOS_LOWCOST:
- strcpy(tos_str, "Minimize cost");
- break;
- case IPTOS_RELIABILITY:
- strcpy(tos_str, "Maximize reliability");
- break;
- case IPTOS_THROUGHPUT:
- strcpy(tos_str, "Maximize throughput");
- break;
- case IPTOS_LOWDELAY:
- strcpy(tos_str, "Minimize delay");
- break;
- case IPTOS_SECURITY:
- strcpy(tos_str, "Maximize security");
- break;
- default:
- strcpy(tos_str, "Unknown. Malformed?");
- break;
+ ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, FALSE);
+ ip_tree = proto_item_add_subtree(ti, ett_ip);
+
+ proto_tree_add_uint(ip_tree, hf_ip_version, tvb, offset, 1, hi_nibble(iph.ip_v_hl));
+ proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
+ "Header length: %u bytes", hlen);
+
+ if (g_ip_dscp_actif) {
+ tf = proto_tree_add_uint_format(ip_tree, hf_ip_dsfield, tvb, offset + 1, 1, iph.ip_tos,
+ "Differentiated Services Field: 0x%02x (DSCP 0x%02x: %s; ECN: 0x%02x)", iph.ip_tos,
+ IPDSFIELD_DSCP(iph.ip_tos), val_to_str(IPDSFIELD_DSCP(iph.ip_tos), dscp_vals,
+ "Unknown DSCP"),IPDSFIELD_ECN(iph.ip_tos));
+
+ field_tree = proto_item_add_subtree(tf, ett_ip_dsfield);
+ proto_tree_add_uint(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, iph.ip_tos);
+ proto_tree_add_uint(field_tree, hf_ip_dsfield_ect, tvb, offset + 1, 1, iph.ip_tos);
+ proto_tree_add_uint(field_tree, hf_ip_dsfield_ce, tvb, offset + 1, 1, iph.ip_tos);
+ } else {
+ tf = proto_tree_add_uint_format(ip_tree, hf_ip_tos, tvb, offset + 1, 1, iph.ip_tos,
+ "Type of service: 0x%02x (%s)", iph.ip_tos,
+ val_to_str( IPTOS_TOS(iph.ip_tos), iptos_vals, "Unknown") );
+
+ field_tree = proto_item_add_subtree(tf, ett_ip_tos);
+ proto_tree_add_uint(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, iph.ip_tos);
+ proto_tree_add_boolean(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, iph.ip_tos);
+ proto_tree_add_boolean(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, iph.ip_tos);
+ proto_tree_add_boolean(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, iph.ip_tos);
+ proto_tree_add_boolean(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, iph.ip_tos);
}
-
- ti = proto_tree_add_item(tree, proto_ip, offset, hlen, NULL);
- ip_tree = proto_item_add_subtree(ti, ETT_IP);
-
- proto_tree_add_item(ip_tree, hf_ip_version, offset, 1, hi_nibble(iph.ip_v_hl));
- proto_tree_add_item_format(ip_tree, hf_ip_hdr_len, offset, 1, hlen,
- "Header length: %d bytes", hlen);
- tf = proto_tree_add_item_format(ip_tree, hf_ip_tos, offset + 1, 1, iph.ip_tos,
- "Type of service: 0x%02x (%s)", iph.ip_tos,
- val_to_str( IPTOS_TOS(iph.ip_tos), iptos_vals, "Unknown") );
-
- field_tree = proto_item_add_subtree(tf, ETT_IP_TOS);
- proto_tree_add_item_format(field_tree, hf_ip_tos_precedence, offset + 1, 1,
- iph.ip_tos & IPTOS_PREC_MASK, decode_enumerated_bitfield(iph.ip_tos, IPTOS_PREC_MASK,
- sizeof (iph.ip_tos)*8, precedence_vals, "%s precedence"));
-
- proto_tree_add_text(field_tree, offset + 1, 1, "%s",
- decode_boolean_bitfield(iph.ip_tos, IPTOS_LOWDELAY,
- sizeof (iph.ip_tos)*8, "low delay", "normal delay"));
- proto_tree_add_text(field_tree, offset + 1, 1, "%s",
- decode_boolean_bitfield(iph.ip_tos, IPTOS_THROUGHPUT,
- sizeof (iph.ip_tos)*8, "high throughput", "normal throughput"));
- proto_tree_add_text(field_tree, offset + 1, 1, "%s",
- decode_boolean_bitfield(iph.ip_tos, IPTOS_RELIABILITY,
- sizeof (iph.ip_tos)*8, "high reliability", "normal reliability"));
- proto_tree_add_text(field_tree, offset + 1, 1, "%s",
- decode_boolean_bitfield(iph.ip_tos, IPTOS_LOWCOST,
- sizeof (iph.ip_tos)*8, "low cost", "normal cost"));
- proto_tree_add_item(ip_tree, hf_ip_len, offset + 2, 2, iph.ip_len);
- proto_tree_add_item_format(ip_tree, hf_ip_id, offset + 4, 2, iph.ip_id, "Identification: 0x%04x",
- iph.ip_id);
+ proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph.ip_len);
+ proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph.ip_id);
flags = (iph.ip_off & (IP_DF|IP_MF)) >> 12;
- tf = proto_tree_add_item_format(ip_tree, hf_ip_flags, offset + 6, 1, flags,
- "Flags: 0x%x", flags);
- field_tree = proto_item_add_subtree(tf, ETT_IP_OFF);
- proto_tree_add_text(field_tree, offset + 6, 1, "%s",
- decode_boolean_bitfield(iph.ip_off >> 12, IP_DF >> 12, 4, "don't fragment",
- "may fragment"));
- proto_tree_add_text(field_tree, offset + 6, 1, "%s",
- decode_boolean_bitfield(iph.ip_off >> 12, IP_MF >> 12, 4, "more fragments",
- "last fragment"));
-
- proto_tree_add_item(ip_tree, hf_ip_frag_offset, offset + 6, 2,
- iph.ip_off & IP_OFFSET);
- proto_tree_add_item(ip_tree, hf_ip_ttl, offset + 8, 1, iph.ip_ttl);
- proto_tree_add_item_format(ip_tree, hf_ip_proto, offset + 9, 1, iph.ip_p,
+ tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags);
+ field_tree = proto_item_add_subtree(tf, ett_ip_off);
+ proto_tree_add_boolean(field_tree, hf_ip_flags_df, tvb, offset + 6, 1, flags),
+ proto_tree_add_boolean(field_tree, hf_ip_flags_mf, tvb, offset + 6, 1, flags),
+
+ proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
+ (iph.ip_off & IP_OFFSET)*8);
+ proto_tree_add_uint(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, iph.ip_ttl);
+ proto_tree_add_uint_format(ip_tree, hf_ip_proto, tvb, offset + 9, 1, iph.ip_p,
"Protocol: %s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p);
- proto_tree_add_item_format(ip_tree, hf_ip_checksum, offset + 10, 2, iph.ip_sum,
- "Header checksum: 0x%04x", iph.ip_sum);
- proto_tree_add_item(ip_tree, hf_ip_src, offset + 12, 4, iph.ip_src);
- proto_tree_add_item(ip_tree, hf_ip_dst, offset + 16, 4, iph.ip_dst);
- proto_tree_add_item_hidden(ip_tree, hf_ip_addr, offset + 12, 4, iph.ip_src);
- proto_tree_add_item_hidden(ip_tree, hf_ip_addr, offset + 16, 4, iph.ip_dst);
+ ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen);
+ if (ipsum == 0) {
+ proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph.ip_sum,
+ "Header checksum: 0x%04x (correct)", iph.ip_sum);
+ }
+ else {
+ proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph.ip_sum,
+ "Header checksum: 0x%04x (incorrect, should be 0x%04x)", iph.ip_sum,
+ in_cksum_shouldbe(iph.ip_sum, ipsum));
+ }
+
+ proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, iph.ip_src);
+ proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, iph.ip_dst);
+ proto_tree_add_ipv4_hidden(ip_tree, hf_ip_addr, tvb, offset + 12, 4, iph.ip_src);
+ proto_tree_add_ipv4_hidden(ip_tree, hf_ip_addr, tvb, offset + 16, 4, iph.ip_dst);
/* Decode IP options, if any. */
if (hlen > sizeof (e_ip)) {
/* There's more than just the fixed-length header. Decode the
options. */
optlen = hlen - sizeof (e_ip); /* length of options, in bytes */
- tf = proto_tree_add_text(ip_tree, offset + 20, optlen,
- "Options: (%d bytes)", optlen);
- field_tree = proto_item_add_subtree(tf, ETT_IP_OPTIONS);
- dissect_ip_tcp_options(&pd[offset + 20], offset + 20, optlen,
- ipopts, N_IP_OPTS, IPOPT_END, field_tree);
+ tf = proto_tree_add_text(ip_tree, tvb, offset + 20, optlen,
+ "Options: (%u bytes)", optlen);
+ field_tree = proto_item_add_subtree(tf, ett_ip_options);
+ dissect_ip_tcp_options(tvb, offset + 20, optlen,
+ ipopts, N_IP_OPTS, IPOPT_END, pinfo->fd, field_tree);
}
}
- pi.ipproto = iph.ip_p;
- pi.iplen = iph.ip_len;
- pi.iphdrlen = lo_nibble(iph.ip_v_hl);
- pi.ip_src = iph.ip_src;
- pi.ip_dst = iph.ip_dst;
+ pinfo->ipproto = iph.ip_p;
+ pinfo->iplen = iph.ip_len;
+ pinfo->iphdrlen = lo_nibble(iph.ip_v_hl);
+ SET_ADDRESS(&pinfo->net_src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4));
+ SET_ADDRESS(&pinfo->src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4));
+ SET_ADDRESS(&pinfo->net_dst, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_DST, 4));
+ SET_ADDRESS(&pinfo->dst, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_DST, 4));
/* Skip over header + options */
offset += hlen;
nxt = iph.ip_p;
if (iph.ip_off & IP_OFFSET) {
/* fragmented */
- if (check_col(fd, COL_PROTOCOL))
- col_add_str(fd, COL_PROTOCOL, "IP");
- if (check_col(fd, COL_INFO))
- col_add_fstr(fd, COL_INFO, "Fragmented IP protocol (proto=%s 0x%02x, off=%d)",
- ipprotostr(iph.ip_p), iph.ip_p, iph.ip_off & IP_OFFSET);
- dissect_data(pd, offset, fd, tree);
+ if (check_col(pinfo->fd, COL_INFO))
+ col_add_fstr(pinfo->fd, COL_INFO, "Fragmented IP protocol (proto=%s 0x%02x, off=%u)",
+ ipprotostr(iph.ip_p), iph.ip_p, (iph.ip_off & IP_OFFSET) * 8);
+ dissect_data(tvb, offset, pinfo, tree);
return;
}
-again:
- switch (nxt) {
- case IP_PROTO_ICMP:
- dissect_icmp(pd, offset, fd, tree);
- break;
- case IP_PROTO_IGMP:
- dissect_igmp(pd, offset, fd, tree);
- break;
- case IP_PROTO_TCP:
- dissect_tcp(pd, offset, fd, tree);
- break;
- case IP_PROTO_UDP:
- dissect_udp(pd, offset, fd, tree);
- break;
- case IP_PROTO_OSPF:
- dissect_ospf(pd, offset, fd, tree);
- break;
- case IP_PROTO_RSVP:
- dissect_rsvp(pd, offset, fd, tree);
- break;
- case IP_PROTO_AH:
- advance = dissect_ah(pd, offset, fd, tree);
- nxt = pd[offset];
- offset += advance;
- goto again;
- case IP_PROTO_GRE:
- dissect_gre(pd, offset, fd, tree);
- break;
- case IP_PROTO_ESP:
- dissect_esp(pd, offset, fd, tree);
- break;
- case IP_PROTO_IPV6:
- dissect_ipv6(pd, offset, fd, tree);
- break;
- case IP_PROTO_PIM:
- dissect_pim(pd, offset, fd, tree);
- break;
- case IP_PROTO_IPCOMP:
- dissect_ipcomp(pd, offset, fd, tree);
- break;
- default:
- dissect_data(pd, offset, fd, tree);
- break;
+ /*
+ * If this is the first fragment, but not the only fragment,
+ * tell the next protocol that.
+ */
+ if (iph.ip_off & IP_MF)
+ pinfo->fragmented = TRUE;
+ else
+ pinfo->fragmented = FALSE;
+
+ /* Hand off to the next protocol.
+
+ XXX - setting the columns only after trying various dissectors means
+ that if one of those dissectors throws an exception, the frame won't
+ even be labelled as an IP frame; ideally, if a frame being dissected
+ throws an exception, it'll be labelled as a mangled frame of the
+ type in question. */
+ next_tvb = tvb_new_subset(tvb, offset, -1, -1);
+ if (!dissector_try_port(ip_dissector_table, nxt, next_tvb, pinfo, tree)) {
+ /* Unknown protocol */
+ if (check_col(pinfo->fd, COL_INFO))
+ col_add_fstr(pinfo->fd, COL_INFO, "%s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p);
+ dissect_data(next_tvb, 0, pinfo, tree);
}
}
#define N_PARAMPROB (sizeof par_str / sizeof par_str[0])
-void
-dissect_icmp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
- e_icmp ih;
+static void
+dissect_icmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
proto_tree *icmp_tree;
proto_item *ti;
- guint16 cksum;
+ guint8 icmp_type;
+ guint8 icmp_code;
+ guint length, reported_length;
+ guint16 cksum, computed_cksum;
gchar type_str[64], code_str[64] = "";
guint8 num_addrs = 0;
guint8 addr_entry_size = 0;
int i;
- /* Avoids alignment problems on many architectures. */
- memcpy(&ih, &pd[offset], sizeof(e_icmp));
+ CHECK_DISPLAY_AS_DATA(proto_icmp, tvb, pinfo, tree);
+
+ pinfo->current_proto = "ICMP";
+
+ if (check_col(pinfo->fd, COL_PROTOCOL))
+ col_set_str(pinfo->fd, COL_PROTOCOL, "ICMP");
+ if (check_col(pinfo->fd, COL_INFO))
+ col_clear(pinfo->fd, COL_INFO);
+
/* To do: check for runts, errs, etc. */
- cksum = ntohs(ih.icmp_cksum);
-
- switch (ih.icmp_type) {
+ icmp_type = tvb_get_guint8(tvb, 0);
+ icmp_code = tvb_get_guint8(tvb, 1);
+ cksum = tvb_get_ntohs(tvb, 2);
+
+ switch (icmp_type) {
case ICMP_ECHOREPLY:
strcpy(type_str, "Echo (ping) reply");
break;
case ICMP_UNREACH:
strcpy(type_str, "Destination unreachable");
- if (ih.icmp_code < N_UNREACH) {
- sprintf(code_str, "(%s)", unreach_str[ih.icmp_code]);
+ if (icmp_code < N_UNREACH) {
+ sprintf(code_str, "(%s)", unreach_str[icmp_code]);
} else {
strcpy(code_str, "(Unknown - error?)");
}
break;
case ICMP_REDIRECT:
strcpy(type_str, "Redirect");
- if (ih.icmp_code < N_REDIRECT) {
- sprintf(code_str, "(%s)", redir_str[ih.icmp_code]);
+ if (icmp_code < N_REDIRECT) {
+ sprintf(code_str, "(%s)", redir_str[icmp_code]);
} else {
strcpy(code_str, "(Unknown - error?)");
}
break;
case ICMP_TIMXCEED:
strcpy(type_str, "Time-to-live exceeded");
- if (ih.icmp_code < N_TIMXCEED) {
- sprintf(code_str, "(%s)", ttl_str[ih.icmp_code]);
+ if (icmp_code < N_TIMXCEED) {
+ sprintf(code_str, "(%s)", ttl_str[icmp_code]);
} else {
strcpy(code_str, "(Unknown - error?)");
}
break;
case ICMP_PARAMPROB:
strcpy(type_str, "Parameter problem");
- if (ih.icmp_code < N_PARAMPROB) {
- sprintf(code_str, "(%s)", par_str[ih.icmp_code]);
+ if (icmp_code < N_PARAMPROB) {
+ sprintf(code_str, "(%s)", par_str[icmp_code]);
} else {
strcpy(code_str, "(Unknown - error?)");
}
strcpy(type_str, "Unknown ICMP (obsolete or malformed?)");
}
- if (check_col(fd, COL_PROTOCOL))
- col_add_str(fd, COL_PROTOCOL, "ICMP");
- if (check_col(fd, COL_INFO))
- col_add_str(fd, COL_INFO, type_str);
+ if (check_col(pinfo->fd, COL_INFO))
+ col_add_str(pinfo->fd, COL_INFO, type_str);
if (tree) {
- ti = proto_tree_add_item(tree, proto_icmp, offset, 4, NULL);
- icmp_tree = proto_item_add_subtree(ti, ETT_ICMP);
- proto_tree_add_item_format(icmp_tree, hf_icmp_type, offset, 1,
- ih.icmp_type,
- "Type: %d (%s)",
- ih.icmp_type, type_str);
- proto_tree_add_item_format(icmp_tree, hf_icmp_code, offset + 1, 1,
- ih.icmp_code,
- "Code: %d %s",
- ih.icmp_code, code_str);
- proto_tree_add_item_format(icmp_tree, hf_icmp_checksum, offset + 2, 2,
- cksum,
- "Checksum: 0x%04x",
- cksum);
+ length = tvb_length(tvb);
+ reported_length = tvb_reported_length(tvb);
+ ti = proto_tree_add_item(tree, proto_icmp, tvb, 0, length, FALSE);
+ icmp_tree = proto_item_add_subtree(ti, ett_icmp);
+ proto_tree_add_uint_format(icmp_tree, hf_icmp_type, tvb, 0, 1,
+ icmp_type,
+ "Type: %u (%s)",
+ icmp_type, type_str);
+ proto_tree_add_uint_format(icmp_tree, hf_icmp_code, tvb, 1, 1,
+ icmp_code,
+ "Code: %u %s",
+ icmp_code, code_str);
+
+ if (!pinfo->fragmented && length >= reported_length) {
+ /* The packet isn't part of a fragmented datagram and isn't
+ truncated, so we can checksum it. */
+
+ computed_cksum = ip_checksum(tvb_get_ptr(tvb, 0, reported_length),
+ reported_length);
+ if (computed_cksum == 0) {
+ proto_tree_add_uint_format(icmp_tree, hf_icmp_checksum, tvb, 2, 2,
+ cksum,
+ "Checksum: 0x%04x (correct)", cksum);
+ } else {
+ proto_tree_add_uint_format(icmp_tree, hf_icmp_checksum, tvb, 2, 2,
+ cksum,
+ "Checksum: 0x%04x (incorrect, should be 0x%04x)",
+ cksum, in_cksum_shouldbe(cksum, computed_cksum));
+ }
+ } else {
+ proto_tree_add_uint(icmp_tree, hf_icmp_checksum, tvb, 2, 2, cksum);
+ }
/* Decode the second 4 bytes of the packet. */
- switch (ih.icmp_type) {
+ switch (icmp_type) {
case ICMP_ECHOREPLY:
case ICMP_ECHO:
case ICMP_TSTAMP:
case ICMP_IREQREPLY:
case ICMP_MASKREQ:
case ICMP_MASKREPLY:
- proto_tree_add_text(icmp_tree, offset + 4, 2, "Identifier: 0x%04x",
- pntohs(&pd[offset + 4]));
- proto_tree_add_text(icmp_tree, offset + 6, 2, "Sequence number: %u",
- pntohs(&pd[offset + 6]));
+ proto_tree_add_text(icmp_tree, tvb, 4, 2, "Identifier: 0x%04x",
+ tvb_get_ntohs(tvb, 4));
+ proto_tree_add_text(icmp_tree, tvb, 6, 2, "Sequence number: %02x:%02x",
+ tvb_get_guint8(tvb, 6), tvb_get_guint8(tvb, 7));
break;
case ICMP_UNREACH:
- switch (ih.icmp_code) {
+ switch (icmp_code) {
case ICMP_FRAG_NEEDED:
- proto_tree_add_text(icmp_tree, offset + 6, 2, "MTU of next hop: %u",
- pntohs(&pd[offset + 6]));
+ proto_tree_add_text(icmp_tree, tvb, 6, 2, "MTU of next hop: %u",
+ tvb_get_ntohs(tvb, 6));
break;
}
break;
case ICMP_RTRADVERT:
- num_addrs = pd[offset + 4];
- proto_tree_add_text(icmp_tree, offset + 4, 1, "Number of addresses: %u",
+ num_addrs = tvb_get_guint8(tvb, 4);
+ proto_tree_add_text(icmp_tree, tvb, 4, 1, "Number of addresses: %u",
num_addrs);
- addr_entry_size = pd[offset + 5];
- proto_tree_add_text(icmp_tree, offset + 5, 1, "Address entry size: %u",
+ addr_entry_size = tvb_get_guint8(tvb, 5);
+ proto_tree_add_text(icmp_tree, tvb, 5, 1, "Address entry size: %u",
addr_entry_size);
- proto_tree_add_text(icmp_tree, offset + 6, 2, "Lifetime: %s",
- time_secs_to_str(pntohs(&pd[offset + 6])));
+ proto_tree_add_text(icmp_tree, tvb, 6, 2, "Lifetime: %s",
+ time_secs_to_str(tvb_get_ntohs(tvb, 6)));
break;
case ICMP_PARAMPROB:
- proto_tree_add_text(icmp_tree, offset + 4, 1, "Pointer: %u",
- pd[offset + 4]);
+ proto_tree_add_text(icmp_tree, tvb, 4, 1, "Pointer: %u",
+ tvb_get_guint8(tvb, 4));
break;
case ICMP_REDIRECT:
- proto_tree_add_text(icmp_tree, offset + 4, 4, "Gateway address: %s",
- ip_to_str((guint8 *)&pd[offset + 4]));
+ proto_tree_add_text(icmp_tree, tvb, 4, 4, "Gateway address: %s",
+ ip_to_str(tvb_get_ptr(tvb, 4, 4)));
break;
}
/* Decode the additional information in the packet. */
- switch (ih.icmp_type) {
+ switch (icmp_type) {
case ICMP_UNREACH:
case ICMP_TIMXCEED:
case ICMP_PARAMPROB:
XXX - for now, just display it as data; not all dissection
routines can handle a short packet without exploding. */
- dissect_data(pd, offset + 8, fd, icmp_tree);
+ dissect_data(tvb, 8, pinfo, icmp_tree);
break;
case ICMP_ECHOREPLY:
case ICMP_ECHO:
- dissect_data(pd, offset + 8, fd, icmp_tree);
+ dissect_data(tvb, 8, pinfo, icmp_tree);
break;
case ICMP_RTRADVERT:
if (addr_entry_size == 2) {
for (i = 0; i < num_addrs; i++) {
- proto_tree_add_text(icmp_tree, offset + 8 + (i*8), 4,
+ proto_tree_add_text(icmp_tree, tvb, 8 + (i*8), 4,
"Router address: %s",
- ip_to_str((guint8 *)&pd[offset + 8 + (i*8)]));
- proto_tree_add_text(icmp_tree, offset + 12 + (i*8), 4,
- "Preference level: %d", pntohl(&pd[offset + 12 + (i*8)]));
+ ip_to_str(tvb_get_ptr(tvb, 8 + (i*8), 4)));
+ proto_tree_add_text(icmp_tree, tvb, 12 + (i*8), 4,
+ "Preference level: %u", tvb_get_ntohl(tvb, 12 + (i*8)));
}
} else
- dissect_data(pd, offset + 8, fd, icmp_tree);
+ dissect_data(tvb, 8, pinfo, icmp_tree);
break;
case ICMP_TSTAMP:
case ICMP_TSTAMPREPLY:
- proto_tree_add_text(icmp_tree, offset + 8, 4, "Originate timestamp: %u",
- pntohl(&pd[offset + 8]));
- proto_tree_add_text(icmp_tree, offset + 12, 4, "Receive timestamp: %u",
- pntohl(&pd[offset + 12]));
- proto_tree_add_text(icmp_tree, offset + 16, 4, "Transmit timestamp: %u",
- pntohl(&pd[offset + 16]));
+ proto_tree_add_text(icmp_tree, tvb, 8, 4, "Originate timestamp: %u",
+ tvb_get_ntohl(tvb, 8));
+ proto_tree_add_text(icmp_tree, tvb, 12, 4, "Receive timestamp: %u",
+ tvb_get_ntohl(tvb, 12));
+ proto_tree_add_text(icmp_tree, tvb, 16, 4, "Transmit timestamp: %u",
+ tvb_get_ntohl(tvb, 16));
break;
case ICMP_MASKREQ:
case ICMP_MASKREPLY:
- proto_tree_add_text(icmp_tree, offset + 8, 4, "Address mask: %s (0x%8x)",
- ip_to_str((guint8 *)&pd[offset + 8]), pntohl(&pd[offset + 8]));
+ proto_tree_add_text(icmp_tree, tvb, 8, 4, "Address mask: %s (0x%08x)",
+ ip_to_str(tvb_get_ptr(tvb, 8, 4)), tvb_get_ntohl(tvb, 8));
break;
}
}
}
-void
-dissect_igmp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) {
+static void
+dissect_igmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
e_igmp ih;
proto_tree *igmp_tree;
proto_item *ti;
- guint16 cksum;
- gchar type_str[64] = "";
+ gchar *type_str;
+
+ CHECK_DISPLAY_AS_DATA(proto_igmp, tvb, pinfo, tree);
+
+ pinfo->current_proto = "IGMP";
+
+ if (check_col(pinfo->fd, COL_PROTOCOL))
+ col_set_str(pinfo->fd, COL_PROTOCOL, "IGMP");
+ if (check_col(pinfo->fd, COL_INFO))
+ col_clear(pinfo->fd, COL_INFO);
/* Avoids alignment problems on many architectures. */
- memcpy(&ih, &pd[offset], sizeof(e_igmp));
- /* To do: check for runts, errs, etc. */
- cksum = ntohs(ih.igmp_cksum);
+ memcpy(&ih, tvb_get_ptr(tvb, 0, sizeof(e_igmp)), sizeof(e_igmp));
switch (lo_nibble(ih.igmp_v_t)) {
case IGMP_M_QRY:
- strcpy(type_str, "Router query");
+ type_str = "Router query";
break;
case IGMP_V1_M_RPT:
- strcpy(type_str, "Host response (v1)");
+ type_str = "Host response (v1)";
break;
case IGMP_V2_LV_GRP:
- strcpy(type_str, "Leave group (v2)");
+ type_str = "Leave group (v2)";
break;
case IGMP_DVMRP:
- strcpy(type_str, "DVMRP");
+ type_str = "DVMRP";
break;
case IGMP_PIM:
- strcpy(type_str, "PIM");
+ type_str = "PIM";
break;
case IGMP_V2_M_RPT:
- strcpy(type_str, "Host reponse (v2)");
+ type_str = "Host response (v2)";
break;
case IGMP_MTRC_RESP:
- strcpy(type_str, "Traceroute response");
+ type_str = "Traceroute response";
break;
case IGMP_MTRC:
- strcpy(type_str, "Traceroute message");
+ type_str = "Traceroute message";
break;
default:
- strcpy(type_str, "Unknown IGMP");
+ type_str = "Unknown IGMP";
}
- if (check_col(fd, COL_PROTOCOL))
- col_add_str(fd, COL_PROTOCOL, "IGMP");
- if (check_col(fd, COL_INFO))
- col_add_str(fd, COL_INFO, type_str);
+ if (check_col(pinfo->fd, COL_INFO))
+ col_add_str(pinfo->fd, COL_INFO, type_str);
if (tree) {
- ti = proto_tree_add_item(tree, proto_igmp, offset, 8, NULL);
- igmp_tree = proto_item_add_subtree(ti, ETT_IGMP);
- proto_tree_add_item(igmp_tree, hf_igmp_version, offset, 1,
+ ti = proto_tree_add_item(tree, proto_igmp, tvb, 0, 8, FALSE);
+ igmp_tree = proto_item_add_subtree(ti, ett_igmp);
+ proto_tree_add_uint(igmp_tree, hf_igmp_version, tvb, 0, 1,
hi_nibble(ih.igmp_v_t));
- proto_tree_add_item_format(igmp_tree, hf_igmp_type, offset , 1,
+ proto_tree_add_uint_format(igmp_tree, hf_igmp_type, tvb, 0 , 1,
lo_nibble(ih.igmp_v_t),
- "Type: %d (%s)",
+ "Type: %u (%s)",
lo_nibble(ih.igmp_v_t), type_str);
- proto_tree_add_item_format(igmp_tree, hf_igmp_unused, offset + 1, 1,
- ih.igmp_unused,
- "Unused: 0x%02x",
- ih.igmp_unused);
- proto_tree_add_item_format(igmp_tree, hf_igmp_checksum, offset + 2, 2,
- cksum,
- "Checksum: 0x%04x",
- cksum);
- proto_tree_add_item(igmp_tree, hf_igmp_group, offset + 4, 4,
- ih.igmp_gaddr);
+ proto_tree_add_item(igmp_tree, hf_igmp_unused, tvb, 1, 1, FALSE);
+ proto_tree_add_item(igmp_tree, hf_igmp_checksum, tvb, 2, 2, FALSE);
+ proto_tree_add_ipv4(igmp_tree, hf_igmp_group, tvb, 4, 4, ih.igmp_gaddr);
}
}
"" }},
{ &hf_igmp_unused,
- { "Unused", "igmp.unused", FT_UINT8, BASE_DEC, NULL, 0x0,
+ { "Unused", "igmp.unused", FT_UINT8, BASE_HEX, NULL, 0x0,
"" }},
{ &hf_igmp_checksum,
{ "Group address", "igmp.group", FT_IPv4, BASE_NONE, NULL, 0x0,
"" }},
};
+ static gint *ett[] = {
+ &ett_igmp,
+ };
proto_igmp = proto_register_protocol ("Internet Group Management Protocol", "igmp");
proto_register_field_array(proto_igmp, hf, array_length(hf));
+ proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_igmp(void)
+{
+ dissector_add("ip.proto", IP_PROTO_IGMP, dissect_igmp);
}
void
{ "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC, NULL, 0x0,
"" }},
+ { &hf_ip_dsfield,
+ { "Differentiated Services field", "ip.dsfield", FT_UINT8, BASE_DEC, NULL, 0x0,
+ "" }},
+
+ { &hf_ip_dsfield_dscp,
+ { "Differentiated Services Codepoint", "ip.dsfield.dscp", FT_UINT8, BASE_HEX,
+ VALS(dscp_vals), IPDSFIELD_DSCP_MASK,
+ "" }},
+
+ { &hf_ip_dsfield_ect,
+ { "ECN-Capable Transport (ECT)", "ip.dsfield.ect", FT_UINT8, BASE_DEC, NULL,
+ IPDSFIELD_ECT_MASK,
+ "" }},
+
+ { &hf_ip_dsfield_ce,
+ { "ECN-CE", "ip.dsfield.ce", FT_UINT8, BASE_DEC, NULL,
+ IPDSFIELD_CE_MASK,
+ "" }},
+
{ &hf_ip_tos,
{ "Type of Service", "ip.tos", FT_UINT8, BASE_DEC, NULL, 0x0,
"" }},
{ &hf_ip_tos_precedence,
{ "Precedence", "ip.tos.precedence", FT_UINT8, BASE_DEC, VALS(precedence_vals),
- 0x0,
+ IPTOS_PREC_MASK,
+ "" }},
+
+ { &hf_ip_tos_delay,
+ { "Delay", "ip.tos.delay", FT_BOOLEAN, 8, TFS(&tos_set_low),
+ IPTOS_LOWDELAY,
+ "" }},
+
+ { &hf_ip_tos_throughput,
+ { "Throughput", "ip.tos.throughput", FT_BOOLEAN, 8, TFS(&tos_set_high),
+ IPTOS_THROUGHPUT,
+ "" }},
+
+ { &hf_ip_tos_reliability,
+ { "Reliability", "ip.tos.reliability", FT_BOOLEAN, 8, TFS(&tos_set_high),
+ IPTOS_RELIABILITY,
+ "" }},
+
+ { &hf_ip_tos_cost,
+ { "Cost", "ip.tos.cost", FT_BOOLEAN, 8, TFS(&tos_set_low),
+ IPTOS_LOWCOST,
"" }},
{ &hf_ip_len,
"" }},
{ &hf_ip_id,
- { "Identification", "ip.id", FT_UINT32, BASE_DEC, NULL, 0x0,
+ { "Identification", "ip.id", FT_UINT16, BASE_HEX, NULL, 0x0,
"" }},
{ &hf_ip_dst,
{ "Flags", "ip.flags", FT_UINT8, BASE_HEX, NULL, 0x0,
"" }},
+ { &hf_ip_flags_df,
+ { "Don't fragment", "ip.flags.df", FT_BOOLEAN, 4, TFS(&flags_set_truth), IP_DF>>12,
+ "" }},
+
+ { &hf_ip_flags_mf,
+ { "More fragments", "ip.flags.mf", FT_BOOLEAN, 4, TFS(&flags_set_truth), IP_MF>>12,
+ "" }},
+
{ &hf_ip_frag_offset,
{ "Fragment offset", "ip.frag_offset", FT_UINT16, BASE_DEC, NULL, 0x0,
"" }},
{ "Header checksum", "ip.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
"" }},
};
+ static gint *ett[] = {
+ &ett_ip,
+ &ett_ip_dsfield,
+ &ett_ip_tos,
+ &ett_ip_off,
+ &ett_ip_options,
+ &ett_ip_option_sec,
+ &ett_ip_option_route,
+ &ett_ip_option_timestamp,
+ };
+ module_t *ip_module;
proto_ip = proto_register_protocol ("Internet Protocol", "ip");
proto_register_field_array(proto_ip, hf, array_length(hf));
+ proto_register_subtree_array(ett, array_length(ett));
+
+ /* subdissector code */
+ ip_dissector_table = register_dissector_table("ip.proto");
+
+ /* Register a configuration option for decoding TOS as DSCP */
+ ip_module = prefs_register_module("ip", "IP", NULL);
+ prefs_register_bool_preference(ip_module, "decode_tos_as_diffserv",
+ "Decode IPv4 TOS field as DiffServ field",
+"Whether the IPv4 type-of-service field should be decoded as a Differentiated Services field",
+ &g_ip_dscp_actif);
+
+ register_dissector("ip", dissect_ip);
+}
+
+void
+proto_reg_handoff_ip(void)
+{
+ dissector_add("ethertype", ETHERTYPE_IP, dissect_ip);
+ dissector_add("ppp.protocol", PPP_IP, dissect_ip);
+ dissector_add("ppp.protocol", CISCO_IP, dissect_ip);
+ dissector_add("llc.dsap", SAP_IP, dissect_ip);
+ dissector_add("ip.proto", IP_PROTO_IPV4, dissect_ip);
+ dissector_add("ip.proto", IP_PROTO_IPIP, dissect_ip);
+ dissector_add("null.type", BSD_AF_INET, dissect_ip);
}
void
{ "Checksum", "icmp.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
"" }},
};
+ static gint *ett[] = {
+ &ett_icmp,
+ };
proto_icmp = proto_register_protocol ("Internet Control Message Protocol",
"icmp");
proto_register_field_array(proto_icmp, hf, array_length(hf));
+ proto_register_subtree_array(ett, array_length(ett));
+}
+
+void
+proto_reg_handoff_icmp(void)
+{
+ dissector_add("ip.proto", IP_PROTO_ICMP, dissect_icmp);
}