/* packet-ip.c
* Routines for IP and miscellaneous IP protocol packet disassembly
*
- * $Id: packet-ip.c,v 1.157 2002/01/20 01:04:18 guy Exp $
+ * $Id: packet-ip.c,v 1.201 2003/11/13 08:16:52 sahlberg Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@ethereal.com>
* Copyright 1998 Gerald Combs
- *
+ *
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
- *
+ *
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
# include "config.h"
#endif
-#ifdef HAVE_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
-
#include <stdio.h>
#include <string.h>
#include <glib.h>
# include "snprintf.h"
#endif
-#include "packet.h"
-#include "resolv.h"
+#include <epan/packet.h>
+#include <epan/resolv.h>
#include "ipproto.h"
+#include "ip_opts.h"
#include "prefs.h"
#include "reassemble.h"
#include "etypes.h"
#include "ppptypes.h"
#include "llcsaps.h"
#include "aftypes.h"
+#include "arcnet_pids.h"
#include "packet-ip.h"
#include "packet-ipsec.h"
#include "in_cksum.h"
#include "nlpid.h"
+#include "tap.h"
+
+static int ip_tap = -1;
static void dissect_icmp(tvbuff_t *, packet_info *, proto_tree *);
static int hf_ip_fragment_multiple_tails = -1;
static int hf_ip_fragment_too_long_fragment = -1;
static int hf_ip_fragment_error = -1;
+static int hf_ip_reassembled_in = -1;
static gint ett_ip = -1;
static gint ett_ip_dsfield = -1;
static gint ett_ip_fragments = -1;
static gint ett_ip_fragment = -1;
-/* Used by IPv6 as well, so not static */
-dissector_table_t ip_dissector_table;
+static const fragment_items ip_frag_items = {
+ &ett_ip_fragment,
+ &ett_ip_fragments,
+ &hf_ip_fragments,
+ &hf_ip_fragment,
+ &hf_ip_fragment_overlap,
+ &hf_ip_fragment_overlap_conflict,
+ &hf_ip_fragment_multiple_tails,
+ &hf_ip_fragment_too_long_fragment,
+ &hf_ip_fragment_error,
+ &hf_ip_reassembled_in,
+ "fragments"
+};
+
+static dissector_table_t ip_dissector_table;
static dissector_handle_t ip_handle;
static dissector_handle_t data_handle;
static int hf_icmp_code = -1;
static int hf_icmp_checksum = -1;
static int hf_icmp_checksum_bad = -1;
+static int hf_icmp_ident = -1;
+static int hf_icmp_seq_num = -1;
+static int hf_icmp_mtu = -1;
+static int hf_icmp_redir_gw = -1;
+
/* Mobile ip */
static int hf_icmp_mip_type = -1;
/* IP structs and definitions */
-typedef struct _e_ip
- {
- guint8 ip_v_hl; /* combines ip_v and ip_hl */
- guint8 ip_tos;
- guint16 ip_len;
- guint16 ip_id;
- guint16 ip_off;
- guint8 ip_ttl;
- guint8 ip_p;
- guint16 ip_sum;
- guint32 ip_src;
- guint32 ip_dst;
- } e_ip;
-
/* Offsets of fields within an IP header. */
#define IPH_V_HL 0
#define IPH_TOS 1
* defragmentation of IPv4
*/
static GHashTable *ip_fragment_table = NULL;
+static GHashTable *ip_reassembled_table = NULL;
static void
ip_defragment_init(void)
{
fragment_table_init(&ip_fragment_table);
+ reassembled_table_init(&ip_reassembled_table);
}
void
-capture_ip(const u_char *pd, int offset, int len, packet_counts *ld) {
+capture_ip(const guchar *pd, int offset, int len, packet_counts *ld) {
if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN)) {
ld->other++;
return;
ld->udp++;
break;
case IP_PROTO_ICMP:
+ case IP_PROTO_ICMPV6: /* XXX - separate counters? */
ld->icmp++;
break;
case IP_PROTO_OSPF:
static void
dissect_ipopt_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
- guint optlen, packet_info *pinfo, proto_tree *opt_tree)
+ guint optlen, packet_info *pinfo _U_,
+ proto_tree *opt_tree)
{
proto_tree *field_tree = NULL;
proto_item *tf;
static void
dissect_ipopt_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
- guint optlen, packet_info *pinfo, proto_tree *opt_tree)
+ guint optlen, packet_info *pinfo _U_,
+ proto_tree *opt_tree)
{
proto_tree *field_tree = NULL;
proto_item *tf;
int ptr;
int optoffset = 0;
- struct in_addr addr;
+ guint32 addr;
tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
optp->name, optlen);
proto_tree_add_text(field_tree, tvb, offset + optoffset, 4,
"%s%s",
- ((addr.s_addr == 0) ? "-" : (char *)get_hostname(addr.s_addr)),
+ ((addr == 0) ? "-" : (char *)get_hostname(addr)),
((optoffset == ptr) ? " <- (current)" : ""));
optoffset += 4;
optlen -= 4;
static void
dissect_ipopt_sid(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
- guint optlen, packet_info *pinfo, proto_tree *opt_tree)
+ guint optlen, packet_info *pinfo _U_,
+ proto_tree *opt_tree)
{
proto_tree_add_text(opt_tree, tvb, offset, optlen,
"%s: %u", optp->name, tvb_get_ntohs(tvb, offset + 2));
static void
dissect_ipopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb,
- int offset, guint optlen, packet_info *pinfo, proto_tree *opt_tree)
+ int offset, guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree)
{
proto_tree *field_tree = NULL;
proto_item *tf;
{IPOPT_TS_TSANDADDR, "Time stamp and address" },
{IPOPT_TS_PRESPEC, "Time stamps for prespecified addresses"},
{0, NULL } };
- struct in_addr addr;
+ guint32 addr;
guint ts;
tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s:", optp->name);
optlen -= 8;
proto_tree_add_text(field_tree, tvb, offset + optoffset, 8,
"Address = %s, time stamp = %u",
- ((addr.s_addr == 0) ? "-" : (char *)get_hostname(addr.s_addr)),
+ ((addr == 0) ? "-" : (char *)get_hostname(addr)),
ts);
optoffset += 8;
} else {
static void
dissect_ipopt_ra(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
- guint optlen, packet_info *pinfo, proto_tree *opt_tree)
+ guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree)
{
/* Router-Alert, as defined by RFC2113 */
int opt = tvb_get_ntohs(tvb, offset + 2);
- static const value_string ra_opts[] = {
+ static const value_string ra_opts[] = {
{0, "Every router examines packet"},
{0, NULL}
};
-
+
proto_tree_add_text(opt_tree, tvb, offset, optlen,
"%s: %s", optp->name, val_to_str(opt, ra_opts, "Unknown (%d)"));
return;
const ip_tcp_opt *opttab, int nopts, int eol,
packet_info *pinfo, proto_tree *opt_tree)
{
- u_char opt;
+ guchar opt;
const ip_tcp_opt *optp;
opt_len_type len_type;
unsigned int optlen;
"Normal"
};
-static const true_false_string flags_set_truth = {
- "Set",
- "Not set"
-};
-
static guint16 ip_checksum(const guint8 *ptr, int len)
{
vec_t cksum_vec[1];
static void
dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
- e_ip iph;
proto_tree *ip_tree = NULL, *field_tree;
- proto_item *ti, *tf;
+ proto_item *ti = NULL, *tf;
+ guint32 addr;
int offset = 0;
- guint hlen, optlen, len;
+ guint hlen, optlen;
guint16 flags;
guint8 nxt;
guint16 ipsum;
- fragment_data *ipfd_head;
+ fragment_data *ipfd_head=NULL;
tvbuff_t *next_tvb;
gboolean update_col_info = TRUE;
gboolean save_fragmented;
+ static e_ip eip_arr[4];
+ static int eip_current=0;
+ e_ip *iph;
+
+ eip_current++;
+ if(eip_current==4){
+ eip_current=0;
+ }
+ iph=&eip_arr[eip_current];
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "IP");
if (check_col(pinfo->cinfo, COL_INFO))
col_clear(pinfo->cinfo, COL_INFO);
- /* Avoids alignment problems on many architectures. */
- tvb_memcpy(tvb, (guint8 *)&iph, offset, sizeof(e_ip));
- iph.ip_len = ntohs(iph.ip_len);
- iph.ip_id = ntohs(iph.ip_id);
- iph.ip_off = ntohs(iph.ip_off);
- iph.ip_sum = ntohs(iph.ip_sum);
+ iph->ip_v_hl = tvb_get_guint8(tvb, offset);
+ hlen = lo_nibble(iph->ip_v_hl) * 4; /* IP header length, in bytes */
- /* Length of IP datagram.
- XXX - what if this is greater than the reported length of the
- tvbuff? This could happen, for example, in an IP datagram
- inside an ICMP datagram; we need to somehow let the
- dissector we call know that, as it might want to avoid
- doing its checksumming. */
- len = iph.ip_len;
-
- /* Adjust the length of this tvbuff to include only the IP datagram. */
- set_actual_length(tvb, pinfo, len);
-
- hlen = lo_nibble(iph.ip_v_hl) * 4; /* IP header length, in bytes */
-
if (tree) {
- if (ip_summary_in_tree && hlen >= IPH_MIN_LEN) {
- ti = proto_tree_add_protocol_format(tree, proto_ip, tvb, offset, hlen,
- "Internet Protocol, Src Addr: %s (%s), Dst Addr: %s (%s)",
- get_hostname(iph.ip_src), ip_to_str((guint8 *) &iph.ip_src),
- get_hostname(iph.ip_dst), ip_to_str((guint8 *) &iph.ip_dst));
- } else {
- ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, FALSE);
- }
+ ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, FALSE);
ip_tree = proto_item_add_subtree(ti, ett_ip);
+
+ proto_tree_add_uint(ip_tree, hf_ip_version, tvb, offset, 1,
+ hi_nibble(iph->ip_v_hl));
}
if (hlen < IPH_MIN_LEN) {
hlen, IPH_MIN_LEN);
if (tree) {
proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
- "Header length: %u bytes (bogus, must be at least %u)", hlen,
- IPH_MIN_LEN);
+ "Header length: %u bytes (bogus, must be at least %u)", hlen,
+ IPH_MIN_LEN);
}
- return;
+ goto end_of_ip;
}
- /*
- * Compute the checksum of the IP header.
- */
- ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen);
-
if (tree) {
- proto_tree_add_uint(ip_tree, hf_ip_version, tvb, offset, 1, hi_nibble(iph.ip_v_hl));
proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
"Header length: %u bytes", hlen);
+ }
+ iph->ip_tos = tvb_get_guint8(tvb, offset + 1);
+ if (tree) {
if (g_ip_dscp_actif) {
- tf = proto_tree_add_uint_format(ip_tree, hf_ip_dsfield, tvb, offset + 1, 1, iph.ip_tos,
- "Differentiated Services Field: 0x%02x (DSCP 0x%02x: %s; ECN: 0x%02x)", iph.ip_tos,
- IPDSFIELD_DSCP(iph.ip_tos), val_to_str(IPDSFIELD_DSCP(iph.ip_tos), dscp_vals,
- "Unknown DSCP"),IPDSFIELD_ECN(iph.ip_tos));
+ tf = proto_tree_add_uint_format(ip_tree, hf_ip_dsfield, tvb, offset + 1, 1, iph->ip_tos,
+ "Differentiated Services Field: 0x%02x (DSCP 0x%02x: %s; ECN: 0x%02x)", iph->ip_tos,
+ IPDSFIELD_DSCP(iph->ip_tos), val_to_str(IPDSFIELD_DSCP(iph->ip_tos), dscp_vals,
+ "Unknown DSCP"),IPDSFIELD_ECN(iph->ip_tos));
field_tree = proto_item_add_subtree(tf, ett_ip_dsfield);
- proto_tree_add_uint(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, iph.ip_tos);
- proto_tree_add_uint(field_tree, hf_ip_dsfield_ect, tvb, offset + 1, 1, iph.ip_tos);
- proto_tree_add_uint(field_tree, hf_ip_dsfield_ce, tvb, offset + 1, 1, iph.ip_tos);
+ proto_tree_add_uint(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, iph->ip_tos);
+ proto_tree_add_uint(field_tree, hf_ip_dsfield_ect, tvb, offset + 1, 1, iph->ip_tos);
+ proto_tree_add_uint(field_tree, hf_ip_dsfield_ce, tvb, offset + 1, 1, iph->ip_tos);
} else {
- tf = proto_tree_add_uint_format(ip_tree, hf_ip_tos, tvb, offset + 1, 1, iph.ip_tos,
- "Type of service: 0x%02x (%s)", iph.ip_tos,
- val_to_str( IPTOS_TOS(iph.ip_tos), iptos_vals, "Unknown") );
+ tf = proto_tree_add_uint_format(ip_tree, hf_ip_tos, tvb, offset + 1, 1, iph->ip_tos,
+ "Type of service: 0x%02x (%s)", iph->ip_tos,
+ val_to_str( IPTOS_TOS(iph->ip_tos), iptos_vals, "Unknown") );
field_tree = proto_item_add_subtree(tf, ett_ip_tos);
- proto_tree_add_uint(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, iph.ip_tos);
- proto_tree_add_boolean(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, iph.ip_tos);
- proto_tree_add_boolean(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, iph.ip_tos);
- proto_tree_add_boolean(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, iph.ip_tos);
- proto_tree_add_boolean(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, iph.ip_tos);
+ proto_tree_add_uint(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, iph->ip_tos);
+ proto_tree_add_boolean(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, iph->ip_tos);
+ proto_tree_add_boolean(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, iph->ip_tos);
+ proto_tree_add_boolean(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, iph->ip_tos);
+ proto_tree_add_boolean(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, iph->ip_tos);
+ }
+ }
+
+ /* Length of IP datagram.
+ XXX - what if this is greater than the reported length of the
+ tvbuff? This could happen, for example, in an IP datagram
+ inside an ICMP datagram; we need to somehow let the
+ dissector we call know that, as it might want to avoid
+ doing its checksumming. */
+ iph->ip_len = tvb_get_ntohs(tvb, offset + 2);
+
+ /* Adjust the length of this tvbuff to include only the IP datagram. */
+ set_actual_length(tvb, iph->ip_len);
+
+ if (iph->ip_len < hlen) {
+ if (check_col(pinfo->cinfo, COL_INFO))
+ col_add_fstr(pinfo->cinfo, COL_INFO, "Bogus IP length (%u, less than header length %u)",
+ iph->ip_len, hlen);
+ if (tree) {
+ proto_tree_add_uint_format(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len,
+ "Total length: %u bytes (bogus, less than header length %u)", iph->ip_len,
+ hlen);
}
- proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph.ip_len);
- proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph.ip_id);
+ goto end_of_ip;
+ }
+ if (tree)
+ proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len);
+
+ iph->ip_id = tvb_get_ntohs(tvb, offset + 4);
+ if (tree)
+ proto_tree_add_uint_format(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph->ip_id, "Identification: 0x%04x (%d)", iph->ip_id, iph->ip_id);
- flags = (iph.ip_off & (IP_DF|IP_MF)) >> 12;
- tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags);
+ iph->ip_off = tvb_get_ntohs(tvb, offset + 6);
+ if (tree) {
+ flags = (iph->ip_off & (IP_DF|IP_MF)) >> 12;
+ tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags);
field_tree = proto_item_add_subtree(tf, ett_ip_off);
proto_tree_add_boolean(field_tree, hf_ip_flags_df, tvb, offset + 6, 1, flags),
proto_tree_add_boolean(field_tree, hf_ip_flags_mf, tvb, offset + 6, 1, flags),
- proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
- (iph.ip_off & IP_OFFSET)*8);
+ proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
+ (iph->ip_off & IP_OFFSET)*8);
+ }
+
+ if (tree)
+ proto_tree_add_item(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, FALSE);
+
+ iph->ip_p = tvb_get_guint8(tvb, offset + 9);
+ if (tree) {
+ proto_tree_add_uint_format(ip_tree, hf_ip_proto, tvb, offset + 9, 1, iph->ip_p,
+ "Protocol: %s (0x%02x)", ipprotostr(iph->ip_p), iph->ip_p);
+ }
- proto_tree_add_uint(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, iph.ip_ttl);
- proto_tree_add_uint_format(ip_tree, hf_ip_proto, tvb, offset + 9, 1, iph.ip_p,
- "Protocol: %s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p);
+ iph->ip_sum = tvb_get_ntohs(tvb, offset + 10);
- if (ipsum == 0) {
- proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph.ip_sum,
- "Header checksum: 0x%04x (correct)", iph.ip_sum);
+ /*
+ * If we have the entire IP header available, check the checksum.
+ */
+ if (tvb_bytes_exist(tvb, offset, hlen)) {
+ ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen);
+ if (tree) {
+ if (ipsum == 0) {
+ proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph->ip_sum,
+ "Header checksum: 0x%04x (correct)", iph->ip_sum);
+ }
+ else {
+ proto_tree_add_boolean_hidden(ip_tree, hf_ip_checksum_bad, tvb, offset + 10, 2, TRUE);
+ proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph->ip_sum,
+ "Header checksum: 0x%04x (incorrect, should be 0x%04x)", iph->ip_sum,
+ in_cksum_shouldbe(iph->ip_sum, ipsum));
+ }
}
- else {
- proto_tree_add_item_hidden(ip_tree, hf_ip_checksum_bad, tvb, offset + 10, 2, TRUE);
- proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph.ip_sum,
- "Header checksum: 0x%04x (incorrect, should be 0x%04x)", iph.ip_sum,
- in_cksum_shouldbe(iph.ip_sum, ipsum));
+ } else {
+ ipsum = 0;
+ if (tree)
+ proto_tree_add_uint(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph->ip_sum);
+ }
+
+ SET_ADDRESS(&pinfo->net_src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4));
+ SET_ADDRESS(&pinfo->src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4));
+ SET_ADDRESS(&iph->ip_src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4));
+ if (tree) {
+ memcpy(&addr, iph->ip_src.data, 4);
+ if (ip_summary_in_tree) {
+ proto_item_append_text(ti, ", Src Addr: %s (%s)",
+ get_hostname(addr), ip_to_str((guint8 *) iph->ip_src.data));
}
+ proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, addr);
+ proto_tree_add_ipv4_hidden(ip_tree, hf_ip_addr, tvb, offset + 12, 4, addr);
+ }
- proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, iph.ip_src);
- proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, iph.ip_dst);
- proto_tree_add_ipv4_hidden(ip_tree, hf_ip_addr, tvb, offset + 12, 4, iph.ip_src);
- proto_tree_add_ipv4_hidden(ip_tree, hf_ip_addr, tvb, offset + 16, 4, iph.ip_dst);
+ SET_ADDRESS(&pinfo->net_dst, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_DST, 4));
+ SET_ADDRESS(&pinfo->dst, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_DST, 4));
+ SET_ADDRESS(&iph->ip_dst, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_DST, 4));
+
+ if (tree) {
+ memcpy(&addr, iph->ip_dst.data, 4);
+ if (ip_summary_in_tree) {
+ proto_item_append_text(ti, ", Dst Addr: %s (%s)",
+ get_hostname(addr), ip_to_str((guint8 *) iph->ip_dst.data));
+ }
+ proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, addr);
+ proto_tree_add_ipv4_hidden(ip_tree, hf_ip_addr, tvb, offset + 16, 4, addr);
+ }
+ if (tree) {
/* Decode IP options, if any. */
- if (hlen > sizeof (e_ip)) {
+ if (hlen > IPH_MIN_LEN) {
/* There's more than just the fixed-length header. Decode the
options. */
- optlen = hlen - sizeof (e_ip); /* length of options, in bytes */
- tf = proto_tree_add_text(ip_tree, tvb, offset + 20, optlen,
+ optlen = hlen - IPH_MIN_LEN; /* length of options, in bytes */
+ tf = proto_tree_add_text(ip_tree, tvb, offset + 20, optlen,
"Options: (%u bytes)", optlen);
field_tree = proto_item_add_subtree(tf, ett_ip_options);
dissect_ip_tcp_options(tvb, offset + 20, optlen,
}
}
- pinfo->ipproto = iph.ip_p;
-
- pinfo->iplen = iph.ip_len;
+ pinfo->ipproto = iph->ip_p;
- pinfo->iphdrlen = lo_nibble(iph.ip_v_hl);
+ pinfo->iplen = iph->ip_len;
- SET_ADDRESS(&pinfo->net_src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4));
- SET_ADDRESS(&pinfo->src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4));
- SET_ADDRESS(&pinfo->net_dst, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_DST, 4));
- SET_ADDRESS(&pinfo->dst, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_DST, 4));
+ pinfo->iphdrlen = hlen;
/* Skip over header + options */
offset += hlen;
- nxt = iph.ip_p; /* XXX - what if this isn't the same for all fragments? */
+ nxt = iph->ip_p; /* XXX - what if this isn't the same for all fragments? */
/* If ip_defragment is on, this is a fragment, we have all the data
* in the fragment, and the header checksum is valid, then just add
* the fragment to the hashtable.
*/
save_fragmented = pinfo->fragmented;
- if (ip_defragment && (iph.ip_off & (IP_MF|IP_OFFSET)) &&
- tvb_reported_length(tvb) <= tvb_length(tvb) && ipsum == 0) {
- ipfd_head = fragment_add(tvb, offset, pinfo, iph.ip_id,
+ if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
+ tvb_bytes_exist(tvb, offset, pinfo->iplen - pinfo->iphdrlen) &&
+ ipsum == 0) {
+ ipfd_head = fragment_add_check(tvb, offset, pinfo, iph->ip_id,
ip_fragment_table,
- (iph.ip_off & IP_OFFSET)*8,
- pinfo->iplen - (pinfo->iphdrlen*4),
- iph.ip_off & IP_MF);
-
- if (ipfd_head != NULL) {
- fragment_data *ipfd;
- proto_tree *ft=NULL;
- proto_item *fi=NULL;
-
- /* OK, we have the complete reassembled payload. */
- /* show all fragments */
- fi = proto_tree_add_item(ip_tree, hf_ip_fragments,
- tvb, 0, 0, FALSE);
- ft = proto_item_add_subtree(fi, ett_ip_fragments);
- for (ipfd=ipfd_head->next; ipfd; ipfd=ipfd->next){
- if (ipfd->flags & (FD_OVERLAP|FD_OVERLAPCONFLICT
- |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
- /* this fragment has some flags set, create a subtree
- * for it and display the flags.
- */
- proto_tree *fet=NULL;
- proto_item *fei=NULL;
- int hf;
-
- if (ipfd->flags & (FD_OVERLAPCONFLICT
- |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
- hf = hf_ip_fragment_error;
- } else {
- hf = hf_ip_fragment;
- }
- fei = proto_tree_add_none_format(ft, hf,
- tvb, 0, 0,
- "Frame:%u payload:%u-%u",
- ipfd->frame,
- ipfd->offset,
- ipfd->offset+ipfd->len-1
- );
- fet = proto_item_add_subtree(fei, ett_ip_fragment);
- if (ipfd->flags&FD_OVERLAP) {
- proto_tree_add_boolean(fet,
- hf_ip_fragment_overlap, tvb, 0, 0,
- TRUE);
- }
- if (ipfd->flags&FD_OVERLAPCONFLICT) {
- proto_tree_add_boolean(fet,
- hf_ip_fragment_overlap_conflict, tvb, 0, 0,
- TRUE);
- }
- if (ipfd->flags&FD_MULTIPLETAILS) {
- proto_tree_add_boolean(fet,
- hf_ip_fragment_multiple_tails, tvb, 0, 0,
- TRUE);
- }
- if (ipfd->flags&FD_TOOLONGFRAGMENT) {
- proto_tree_add_boolean(fet,
- hf_ip_fragment_too_long_fragment, tvb, 0, 0,
- TRUE);
- }
- } else {
- /* nothing of interest for this fragment */
- proto_tree_add_none_format(ft, hf_ip_fragment,
- tvb, 0, 0,
- "Frame:%u payload:%u-%u",
- ipfd->frame,
- ipfd->offset,
- ipfd->offset+ipfd->len-1
- );
- }
- }
- if (ipfd_head->flags & (FD_OVERLAPCONFLICT
- |FD_MULTIPLETAILS|FD_TOOLONGFRAGMENT) ) {
- if (check_col(pinfo->cinfo, COL_INFO)) {
- col_set_str(pinfo->cinfo, COL_INFO, "[Illegal fragments]");
- update_col_info = FALSE;
- }
- }
-
- /* Allocate a new tvbuff, referring to the reassembled payload. */
- next_tvb = tvb_new_real_data(ipfd_head->data, ipfd_head->datalen,
- ipfd_head->datalen, "Reassembled");
+ ip_reassembled_table,
+ (iph->ip_off & IP_OFFSET)*8,
+ pinfo->iplen - pinfo->iphdrlen,
+ iph->ip_off & IP_MF);
- /* Add the tvbuff to the list of tvbuffs to which the tvbuff we
- were handed refers, so it'll get cleaned up when that tvbuff
- is cleaned up. */
- tvb_set_child_real_data_tvbuff(tvb, next_tvb);
-
- /* Add the defragmented data to the data source list. */
- pinfo->fd->data_src = g_slist_append(pinfo->fd->data_src, next_tvb);
-
- /* It's not fragmented. */
- pinfo->fragmented = FALSE;
- } else {
- /* We don't have the complete reassembled payload. */
- next_tvb = NULL;
- }
+ next_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled IPv4",
+ ipfd_head, &ip_frag_items, &update_col_info, ip_tree);
} else {
/* If this is the first fragment, dissect its contents, otherwise
just show it as a fragment.
XXX - if we eventually don't save the reassembled contents of all
fragmented datagrams, we may want to always reassemble. */
- if (iph.ip_off & IP_OFFSET) {
+ if (iph->ip_off & IP_OFFSET) {
/* Not the first fragment - don't dissect it. */
next_tvb = NULL;
} else {
* If this is the first fragment, but not the only fragment,
* tell the next protocol that.
*/
- if (iph.ip_off & IP_MF)
+ if (iph->ip_off & IP_MF)
pinfo->fragmented = TRUE;
else
pinfo->fragmented = FALSE;
if (next_tvb == NULL) {
/* Just show this as a fragment. */
- if (check_col(pinfo->cinfo, COL_INFO))
+ if (check_col(pinfo->cinfo, COL_INFO)) {
col_add_fstr(pinfo->cinfo, COL_INFO, "Fragmented IP protocol (proto=%s 0x%02x, off=%u)",
- ipprotostr(iph.ip_p), iph.ip_p, (iph.ip_off & IP_OFFSET) * 8);
- call_dissector(data_handle,tvb_new_subset(tvb, offset,-1,tvb_reported_length_remaining(tvb,offset)), pinfo, tree);
+ ipprotostr(iph->ip_p), iph->ip_p, (iph->ip_off & IP_OFFSET) * 8);
+ }
+ if( ipfd_head && ipfd_head->reassembled_in != pinfo->fd->num ){
+ if (check_col(pinfo->cinfo, COL_INFO)) {
+ col_append_fstr(pinfo->cinfo, COL_INFO, " [Reassembled in #%u]",
+ ipfd_head->reassembled_in);
+ }
+ }
+
+ call_dissector(data_handle, tvb_new_subset(tvb, offset, -1, -1), pinfo,
+ tree);
pinfo->fragmented = save_fragmented;
- return;
+ goto end_of_ip;
}
/* Hand off to the next protocol.
/* Unknown protocol */
if (update_col_info) {
if (check_col(pinfo->cinfo, COL_INFO))
- col_add_fstr(pinfo->cinfo, COL_INFO, "%s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p);
+ col_add_fstr(pinfo->cinfo, COL_INFO, "%s (0x%02x)", ipprotostr(iph->ip_p), iph->ip_p);
}
call_dissector(data_handle,next_tvb, pinfo, tree);
}
pinfo->fragmented = save_fragmented;
+
+end_of_ip:
+ tap_queue_packet(ip_tap, pinfo, iph);
+
}
#define ICMP_MIP_EXTENSION_PAD 0
* Dissect the mobile ip advertisement extensions.
*/
static void
-dissect_mip_extensions(tvbuff_t *tvb, size_t offset, packet_info *pinfo,
- proto_tree *tree)
+dissect_mip_extensions(tvbuff_t *tvb, size_t offset, proto_tree *tree)
{
guint8 type;
guint8 length;
/* Not much to do if we're not parsing everything */
if (!tree) return;
-
- while ((tvb_length(tvb) - offset) > 0) {
+
+ while (tvb_reported_length_remaining(tvb, offset) > 0) {
type = tvb_get_guint8(tvb, offset + 0);
if (type)
val_to_str(type, mip_extensions,
"Unknown ext %u"));
mip_tree = proto_item_add_subtree(ti, ett_icmp_mip);
-
+
switch (type) {
case ICMP_MIP_EXTENSION_PAD:
/* One byte padding extension */
/* Add our fields */
/* type */
- proto_tree_add_item(mip_tree, hf_icmp_mip_type, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_type, tvb, offset,
1, FALSE);
offset++;
break;
/* Mobility Agent Advertisement Extension (RFC 2002)*/
/* Add our fields */
/* type */
- proto_tree_add_item(mip_tree, hf_icmp_mip_type, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_type, tvb, offset,
1, FALSE);
offset++;
/* length */
- proto_tree_add_item(mip_tree, hf_icmp_mip_length, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_length, tvb, offset,
1, FALSE);
offset++;
/* sequence number */
- proto_tree_add_item(mip_tree, hf_icmp_mip_seq, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_seq, tvb, offset,
2, FALSE);
offset+=2;
/* Registration Lifetime */
- proto_tree_add_item(mip_tree, hf_icmp_mip_life, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_life, tvb, offset,
2, FALSE);
offset+=2;
/* flags */
proto_tree_add_boolean(flags_tree, hf_icmp_mip_v, tvb, offset, 1, flags);
proto_tree_add_boolean(flags_tree, hf_icmp_mip_res, tvb, offset, 1, flags);
offset++;
-
+
/* Reserved */
- proto_tree_add_item(mip_tree, hf_icmp_mip_reserved, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_reserved, tvb, offset,
1, FALSE);
offset++;
-
+
/* COAs */
numCOAs = (length - 6) / 4;
for (i=0; i<numCOAs; i++) {
- proto_tree_add_item(mip_tree, hf_icmp_mip_coa, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_coa, tvb, offset,
4, FALSE);
offset+=4;
}
/* Prefix-Lengths Extension (RFC 2002)*/
/* Add our fields */
/* type */
- proto_tree_add_item(mip_tree, hf_icmp_mip_type, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_type, tvb, offset,
1, FALSE);
offset++;
/* length */
- proto_tree_add_item(mip_tree, hf_icmp_mip_length, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_length, tvb, offset,
1, FALSE);
offset++;
case ICMP_MIP_CHALLENGE:
/* Challenge Extension (RFC 3012)*/
/* type */
- proto_tree_add_item(mip_tree, hf_icmp_mip_type, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_type, tvb, offset,
1, FALSE);
offset++;
/* length */
- proto_tree_add_item(mip_tree, hf_icmp_mip_length, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_length, tvb, offset,
1, FALSE);
offset++;
/* challenge */
- proto_tree_add_item(mip_tree, hf_icmp_mip_challenge, tvb, offset,
+ proto_tree_add_item(mip_tree, hf_icmp_mip_challenge, tvb, offset,
length, FALSE);
offset+=length;
-
+
break;
default:
g_warning("Unknown type(%u)! I hope the length is right (%u)",
type, length);
- offset += length;
+ offset += length + 2;
break;
} /* switch type */
} /* end while */
-
+
} /* dissect_mip_extensions */
static const gchar *unreach_str[] = {"Network unreachable",
"Communication administratively filtered",
"Host precedence violation",
"Precedence cutoff in effect"};
-
+
#define N_UNREACH (sizeof unreach_str / sizeof unreach_str[0])
static const gchar *redir_str[] = {"Redirect for network",
#define N_REDIRECT (sizeof redir_str / sizeof redir_str[0])
-static const gchar *ttl_str[] = {"TTL equals 0 during transit",
- "TTL equals 0 during reassembly"};
-
+static const gchar *ttl_str[] = {"Time to live exceeded in transit",
+ "Fragment reassembly time exceeded"};
+
#define N_TIMXCEED (sizeof ttl_str / sizeof ttl_str[0])
static const gchar *par_str[] = {"IP header bad", "Required option missing"};
guint8 num_addrs = 0;
guint8 addr_entry_size = 0;
int i;
- address save_dl_src;
- address save_dl_dst;
- address save_net_src;
- address save_net_dst;
- address save_src;
- address save_dst;
gboolean save_in_error_pkt;
tvbuff_t *next_tvb;
reported_length = tvb_reported_length(tvb);
ti = proto_tree_add_item(tree, proto_icmp, tvb, 0, length, FALSE);
icmp_tree = proto_item_add_subtree(ti, ett_icmp);
- proto_tree_add_uint_format(icmp_tree, hf_icmp_type, tvb, 0, 1,
+ proto_tree_add_uint_format(icmp_tree, hf_icmp_type, tvb, 0, 1,
icmp_type,
"Type: %u (%s)",
icmp_type, type_str);
- proto_tree_add_uint_format(icmp_tree, hf_icmp_code, tvb, 1, 1,
+ proto_tree_add_uint_format(icmp_tree, hf_icmp_code, tvb, 1, 1,
icmp_code,
"Code: %u %s",
icmp_code, code_str);
cksum,
"Checksum: 0x%04x (correct)", cksum);
} else {
- proto_tree_add_item_hidden(icmp_tree, hf_icmp_checksum_bad,
+ proto_tree_add_boolean_hidden(icmp_tree, hf_icmp_checksum_bad,
tvb, 2, 2, TRUE);
proto_tree_add_uint_format(icmp_tree, hf_icmp_checksum, tvb, 2, 2,
cksum,
case ICMP_IREQREPLY:
case ICMP_MASKREQ:
case ICMP_MASKREPLY:
- proto_tree_add_text(icmp_tree, tvb, 4, 2, "Identifier: 0x%04x",
- tvb_get_ntohs(tvb, 4));
- proto_tree_add_text(icmp_tree, tvb, 6, 2, "Sequence number: %02x:%02x",
- tvb_get_guint8(tvb, 6), tvb_get_guint8(tvb, 7));
+ proto_tree_add_item(icmp_tree, hf_icmp_ident, tvb, 4, 2, FALSE);
+ proto_tree_add_item(icmp_tree, hf_icmp_seq_num, tvb, 6, 2, FALSE);
break;
case ICMP_UNREACH:
switch (icmp_code) {
case ICMP_FRAG_NEEDED:
- proto_tree_add_text(icmp_tree, tvb, 6, 2, "MTU of next hop: %u",
- tvb_get_ntohs(tvb, 6));
+ proto_tree_add_item(icmp_tree, hf_icmp_mtu, tvb, 6, 2, FALSE);
break;
}
break;
break;
case ICMP_REDIRECT:
- proto_tree_add_text(icmp_tree, tvb, 4, 4, "Gateway address: %s",
- ip_to_str(tvb_get_ptr(tvb, 4, 4)));
+ proto_tree_add_item(icmp_tree, hf_icmp_redir_gw, tvb, 4, 4, FALSE);
break;
}
case ICMP_PARAMPROB:
case ICMP_SOURCEQUENCH:
case ICMP_REDIRECT:
- /* Decode the IP header and first 64 bits of data from the
- original datagram.
-
- Set the columns non-writable, so that the packet list
- shows this as an ICMP packet, not as the type of packet
- for which the ICMP packet was generated. */
- col_set_writable(pinfo->cinfo, FALSE);
-
- /* Also, save the current values of the addresses, and restore
- them when we're finished dissecting the contained packet, so
- that the address columns in the summary don't reflect the
- contained packet, but reflect this packet instead. */
- save_dl_src = pinfo->dl_src;
- save_dl_dst = pinfo->dl_dst;
- save_net_src = pinfo->net_src;
- save_net_dst = pinfo->net_dst;
- save_src = pinfo->src;
- save_dst = pinfo->dst;
-
/* Save the current value of the "we're inside an error packet"
flag, and set that flag; subdissectors may treat packets
that are the payload of error packets differently from
save_in_error_pkt = pinfo->in_error_pkt;
pinfo->in_error_pkt = TRUE;
- /* Dissect the contained packet.
- Catch ReportedBoundsError, and do nothing if we see it,
- because it's not an error if the contained packet is short;
- there's no guarantee that all of it was included.
-
- XXX - should catch BoundsError, and re-throw it after cleaning
- up. */
+ /* Decode the IP header and first 64 bits of data from the
+ original datagram. */
next_tvb = tvb_new_subset(tvb, 8, -1, -1);
- TRY {
- call_dissector(ip_handle, next_tvb, pinfo, icmp_tree);
- }
- CATCH(ReportedBoundsError) {
- ; /* do nothing */
- }
- ENDTRY;
+ call_dissector(ip_handle, next_tvb, pinfo, icmp_tree);
/* Restore the "we're inside an error packet" flag. */
pinfo->in_error_pkt = save_in_error_pkt;
-
- /* Restore the addresses. */
- pinfo->dl_src = save_dl_src;
- pinfo->dl_dst = save_dl_dst;
- pinfo->net_src = save_net_src;
- pinfo->net_dst = save_net_dst;
- pinfo->src = save_src;
- pinfo->dst = save_dst;
break;
case ICMP_ECHOREPLY:
case ICMP_ECHO:
- call_dissector(data_handle,tvb_new_subset(tvb, 8,-1,tvb_reported_length_remaining(tvb,8)), pinfo, icmp_tree);
+ call_dissector(data_handle, tvb_new_subset(tvb, 8, -1, -1), pinfo,
+ icmp_tree);
break;
case ICMP_RTRADVERT:
}
if (icmp_code == 16) {
/* Mobile-Ip */
- dissect_mip_extensions(tvb,8 + i*8, pinfo, icmp_tree);
+ dissect_mip_extensions(tvb, 8 + i*8, icmp_tree);
}
} else
- call_dissector(data_handle,tvb_new_subset(tvb, 8,-1,tvb_reported_length_remaining(tvb,8)), pinfo, icmp_tree);
+ call_dissector(data_handle, tvb_new_subset(tvb, 8, -1, -1), pinfo,
+ icmp_tree);
break;
case ICMP_TSTAMP:
"Fragment contained data past end of packet", HFILL }},
{ &hf_ip_fragment_error,
- { "Defragmentation error", "ip.fragment.error", FT_NONE, BASE_NONE, NULL, 0x0,
+ { "Defragmentation error", "ip.fragment.error", FT_FRAMENUM, BASE_NONE, NULL, 0x0,
"Defragmentation error due to illegal fragments", HFILL }},
{ &hf_ip_fragment,
- { "IP Fragment", "ip.fragment", FT_NONE, BASE_NONE, NULL, 0x0,
+ { "IP Fragment", "ip.fragment", FT_FRAMENUM, BASE_NONE, NULL, 0x0,
"IP Fragment", HFILL }},
{ &hf_ip_fragments,
{ "IP Fragments", "ip.fragments", FT_NONE, BASE_NONE, NULL, 0x0,
"IP Fragments", HFILL }},
+
+ { &hf_ip_reassembled_in,
+ { "Reassembled IP in frame", "ip.reassembled_in", FT_FRAMENUM, BASE_NONE, NULL, 0x0,
+ "This IP packet is reassembled in this frame", HFILL }}
};
static gint *ett[] = {
&ett_ip,
"Reassemble fragmented IP datagrams",
"Whether fragmented IP datagrams should be reassembled",
&ip_defragment);
- prefs_register_bool_preference(ip_module, "ip_summary_in_tree",
+ prefs_register_bool_preference(ip_module, "summary_in_tree",
"Show IP summary in protocol tree",
"Whether the IP summary line should be shown in the protocol tree",
&ip_summary_in_tree);
register_dissector("ip", dissect_ip, proto_ip);
register_init_routine(ip_defragment_init);
+ ip_tap=register_tap("ip");
}
void
dissector_add("chdlctype", ETHERTYPE_IP, ip_handle);
dissector_add("fr.ietf", NLPID_IP, ip_handle);
dissector_add("x.25.spi", NLPID_IP, ip_handle);
+ dissector_add("arcnet.protocol_id", ARCNET_PROTO_IP_1051, ip_handle);
+ dissector_add("arcnet.protocol_id", ARCNET_PROTO_IP_1201, ip_handle);
}
void
proto_register_icmp(void)
{
static hf_register_info hf[] = {
-
+
{ &hf_icmp_type,
{ "Type", "icmp.type", FT_UINT8, BASE_DEC, NULL, 0x0,
"", HFILL }},
{ &hf_icmp_code,
{ "Code", "icmp.code", FT_UINT8, BASE_HEX, NULL, 0x0,
- "", HFILL }},
+ "", HFILL }},
{ &hf_icmp_checksum,
{ "Checksum", "icmp.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
{ "Bad Checksum", "icmp.checksum_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"", HFILL }},
+ { &hf_icmp_ident,
+ {"Identifier", "icmp.ident", FT_UINT16, BASE_HEX, NULL, 0x0,
+ "", HFILL }},
+
+ { &hf_icmp_seq_num,
+ {"Sequence number", "icmp.seq", FT_UINT16, BASE_HEX, NULL, 0x0,
+ "", HFILL }},
+
+ { &hf_icmp_mtu,
+ {"MTU of next hop", "icmp.mtu", FT_UINT16, BASE_DEC, NULL, 0x0,
+ "", HFILL}},
+
+ { &hf_icmp_redir_gw,
+ {"Gateway address", "icmp.redir_gw", FT_IPv4, BASE_NONE, NULL, 0x0,
+ "", HFILL }},
+
{ &hf_icmp_mip_type,
{ "Extension Type", "icmp.mip.type", FT_UINT8, BASE_DEC,
VALS(mip_extensions), 0x0,"", HFILL}},
&ett_icmp_mip,
&ett_icmp_mip_flags
};
-
- proto_icmp = proto_register_protocol("Internet Control Message Protocol",
+
+ proto_icmp = proto_register_protocol("Internet Control Message Protocol",
"ICMP", "icmp");
proto_register_field_array(proto_icmp, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));