X-Git-Url: http://git.samba.org/samba.git/?p=obnox%2Fwireshark%2Fwip.git;a=blobdiff_plain;f=packet-ip.c;h=5ed582f86c03a90cb0781e853671b0f6f923068a;hp=2c1fc03bbfac392258955aca5432b23ec3ecfd70;hb=b0f3fe02229a5fc2771faf072ada7bdf6b65fc11;hpb=e4eeefaa4d69af4290939f9b6d61ffbbd7a0e113 diff --git a/packet-ip.c b/packet-ip.c index 2c1fc03bbf..5ed582f86c 100644 --- a/packet-ip.c +++ b/packet-ip.c @@ -1,7 +1,7 @@ /* packet-ip.c * Routines for IP and miscellaneous IP protocol packet disassembly * - * $Id: packet-ip.c,v 1.55 1999/10/15 05:30:35 itojun Exp $ + * $Id: packet-ip.c,v 1.115 2000/12/29 04:16:57 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs @@ -38,39 +38,66 @@ #include #include #include -#include "packet.h" -#include "resolv.h" -#include "util.h" #ifdef NEED_SNPRINTF_H -# ifdef HAVE_STDARG_H -# include -# else -# include -# endif # include "snprintf.h" #endif -#ifndef __PACKET_IP_H__ +#include "packet.h" +#include "resolv.h" +#include "prefs.h" +#include "etypes.h" +#include "ppptypes.h" +#include "llcsaps.h" +#include "aftypes.h" #include "packet-ip.h" -#endif +#include "packet-ipsec.h" +#include "in_cksum.h" + +static void dissect_icmp(tvbuff_t *, packet_info *, proto_tree *); +static void dissect_igmp(tvbuff_t *, packet_info *, proto_tree *); + +/* Decode the old IPv4 TOS field as the DiffServ DS Field */ +gboolean g_ip_dscp_actif = TRUE; static int proto_ip = -1; static int hf_ip_version = -1; static int hf_ip_hdr_len = -1; +static int hf_ip_dsfield = -1; +static int hf_ip_dsfield_dscp = -1; +static int hf_ip_dsfield_ect = -1; +static int hf_ip_dsfield_ce = -1; static int hf_ip_tos = -1; static int hf_ip_tos_precedence = -1; +static int hf_ip_tos_delay = -1; +static int hf_ip_tos_throughput = -1; +static int hf_ip_tos_reliability = -1; +static int hf_ip_tos_cost = -1; static int hf_ip_len = -1; static int hf_ip_id = -1; static int hf_ip_dst = -1; static int hf_ip_src = -1; static int hf_ip_addr = -1; static int hf_ip_flags = -1; +static int hf_ip_flags_df = -1; +static int hf_ip_flags_mf = -1; static int hf_ip_frag_offset = -1; static int hf_ip_ttl = -1; static int hf_ip_proto = -1; static int hf_ip_checksum = -1; +static gint ett_ip = -1; +static gint ett_ip_dsfield = -1; +static gint ett_ip_tos = -1; +static gint ett_ip_off = -1; +static gint ett_ip_options = -1; +static gint ett_ip_option_sec = -1; +static gint ett_ip_option_route = -1; +static gint ett_ip_option_timestamp = -1; + +/* Used by IPv6 as well, so not static */ +dissector_table_t ip_dissector_table; + static int proto_igmp = -1; static int hf_igmp_version = -1; static int hf_igmp_type = -1; @@ -78,32 +105,16 @@ static int hf_igmp_unused = -1; static int hf_igmp_checksum = -1; static int hf_igmp_group = -1; +static gint ett_igmp = -1; + static int proto_icmp = -1; static int hf_icmp_type = -1; static int hf_icmp_code = -1; static int hf_icmp_checksum = -1; -/* ICMP structs and definitions */ -typedef struct _e_icmp { - guint8 icmp_type; - guint8 icmp_code; - guint16 icmp_cksum; - union { - struct { /* Address mask request/reply */ - guint16 id; - guint16 seq; - guint32 sn_mask; - } am; - struct { /* Timestap request/reply */ - guint16 id; - guint16 seq; - guint32 orig; - guint32 recv; - guint32 xmit; - } ts; - guint32 zero; /* Unreachable */ - } opt; -} e_icmp; +static gint ett_icmp = -1; + +/* ICMP definitions */ #define ICMP_ECHOREPLY 0 #define ICMP_UNREACH 3 @@ -160,18 +171,34 @@ typedef struct _e_igmp { /* IP structs and definitions */ -typedef struct _e_ip { - guint8 ip_v_hl; /* combines ip_v and ip_hl */ - guint8 ip_tos; - guint16 ip_len; - guint16 ip_id; - guint16 ip_off; - guint8 ip_ttl; - guint8 ip_p; - guint16 ip_sum; - guint32 ip_src; - guint32 ip_dst; -} e_ip; +typedef struct _e_ip + { + guint8 ip_v_hl; /* combines ip_v and ip_hl */ + guint8 ip_tos; + guint16 ip_len; + guint16 ip_id; + guint16 ip_off; + guint8 ip_ttl; + guint8 ip_p; + guint16 ip_sum; + guint32 ip_src; + guint32 ip_dst; + } e_ip; + +/* Offsets of fields within an IP header. */ +#define IPH_V_HL 0 +#define IPH_TOS 1 +#define IPH_LEN 2 +#define IPH_ID 4 +#define IPH_TTL 6 +#define IPH_OFF 8 +#define IPH_P 9 +#define IPH_SUM 10 +#define IPH_SRC 12 +#define IPH_DST 16 + +/* Minimum IP header length. */ +#define IPH_MIN_LEN 20 /* IP flags. */ #define IP_CE 0x8000 /* Flag: "Congestion" */ @@ -179,6 +206,37 @@ typedef struct _e_ip { #define IP_MF 0x2000 /* Flag: "More Fragments" */ #define IP_OFFSET 0x1FFF /* "Fragment Offset" part */ +/* Differentiated Services Field. See RFCs 2474, 2597 and 2598. */ +#define IPDSFIELD_DSCP_MASK 0xFC +#define IPDSFIELD_ECN_MASK 0x03 +#define IPDSFIELD_DSCP_SHIFT 2 +#define IPDSFIELD_DSCP(dsfield) (((dsfield)&IPDSFIELD_DSCP_MASK)>>IPDSFIELD_DSCP_SHIFT) +#define IPDSFIELD_ECN(dsfield) ((dsfield)&IPDSFIELD_ECN_MASK) +#define IPDSFIELD_DSCP_DEFAULT 0x00 +#define IPDSFIELD_DSCP_CS1 0x08 +#define IPDSFIELD_DSCP_CS2 0x10 +#define IPDSFIELD_DSCP_CS3 0x18 +#define IPDSFIELD_DSCP_CS4 0x20 +#define IPDSFIELD_DSCP_CS5 0x28 +#define IPDSFIELD_DSCP_CS6 0x30 +#define IPDSFIELD_DSCP_CS7 0x38 +#define IPDSFIELD_DSCP_AF11 0x0A +#define IPDSFIELD_DSCP_AF12 0x0C +#define IPDSFIELD_DSCP_AF13 0x0E +#define IPDSFIELD_DSCP_AF21 0x12 +#define IPDSFIELD_DSCP_AF22 0x14 +#define IPDSFIELD_DSCP_AF23 0x16 +#define IPDSFIELD_DSCP_AF31 0x1A +#define IPDSFIELD_DSCP_AF32 0x1C +#define IPDSFIELD_DSCP_AF33 0x1E +#define IPDSFIELD_DSCP_AF41 0x22 +#define IPDSFIELD_DSCP_AF42 0x24 +#define IPDSFIELD_DSCP_AF43 0x26 +#define IPDSFIELD_DSCP_EF 0x2E +#define IPDSFIELD_ECT_MASK 0x02 +#define IPDSFIELD_CE_MASK 0x01 + +/* IP TOS, superseded by the DS Field, RFC 2474. */ #define IPTOS_TOS_MASK 0x1E #define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK) #define IPTOS_NONE 0x00 @@ -189,15 +247,16 @@ typedef struct _e_ip { #define IPTOS_SECURITY 0x1E #define IPTOS_PREC_MASK 0xE0 -#define IPTOS_PREC(tos) ((tos)&IPTOS_PREC_MASK) -#define IPTOS_PREC_NETCONTROL 0xe0 -#define IPTOS_PREC_INTERNETCONTROL 0xc0 -#define IPTOS_PREC_CRITIC_ECP 0xa0 -#define IPTOS_PREC_FLASHOVERRIDE 0x80 -#define IPTOS_PREC_FLASH 0x60 -#define IPTOS_PREC_IMMEDIATE 0x40 -#define IPTOS_PREC_PRIORITY 0x20 -#define IPTOS_PREC_ROUTINE 0x00 +#define IPTOS_PREC_SHIFT 5 +#define IPTOS_PREC(tos) (((tos)&IPTOS_PREC_MASK)>>IPTOS_PREC_SHIFT) +#define IPTOS_PREC_NETCONTROL 7 +#define IPTOS_PREC_INTERNETCONTROL 6 +#define IPTOS_PREC_CRITIC_ECP 5 +#define IPTOS_PREC_FLASHOVERRIDE 4 +#define IPTOS_PREC_FLASH 3 +#define IPTOS_PREC_IMMEDIATE 2 +#define IPTOS_PREC_PRIORITY 1 +#define IPTOS_PREC_ROUTINE 0 /* IP options */ #define IPOPT_COPY 0x80 @@ -224,6 +283,7 @@ typedef struct _e_ip { #define IPOLEN_RR_MIN 3 #define IPOLEN_SID 4 #define IPOLEN_SSRR_MIN 3 +#define IPOLEN_RA 4 #define IPSEC_UNCLASSIFIED 0x0000 #define IPSEC_CONFIDENTIAL 0xF135 @@ -247,8 +307,15 @@ typedef struct _e_ip { void -capture_ip(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) { +capture_ip(const u_char *pd, int offset, packet_counts *ld) { + if (!BYTES_ARE_IN_FRAME(offset, IPH_MIN_LEN)) { + ld->other++; + return; + } switch (pd[offset + 9]) { + case IP_PROTO_SCTP: + ld->sctp++; + break; case IP_PROTO_TCP: ld->tcp++; break; @@ -264,14 +331,17 @@ capture_ip(const u_char *pd, int offset, guint32 cap_len, packet_counts *ld) { case IP_PROTO_GRE: ld->gre++; break; + case IP_PROTO_VINES: + ld->vines++; + break; default: ld->other++; } } static void -dissect_ipopt_security(const ip_tcp_opt *optp, const u_char *opd, int offset, - guint optlen, proto_tree *opt_tree) +dissect_ipopt_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset, + guint optlen, frame_data *fd, proto_tree *opt_tree) { proto_tree *field_tree = NULL; proto_item *tf; @@ -294,34 +364,36 @@ dissect_ipopt_security(const ip_tcp_opt *optp, const u_char *opd, int offset, {IPSEC_RESERVED8, "Reserved" }, {0, NULL } }; - tf = proto_tree_add_text(opt_tree, offset, optlen, "%s:", optp->name); - field_tree = proto_item_add_subtree(tf, optp->subtree_index); + tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s:", optp->name); + field_tree = proto_item_add_subtree(tf, *optp->subtree_index); offset += 2; - val = pntohs(opd); - proto_tree_add_text(field_tree, offset, 2, + val = tvb_get_ntohs(tvb, offset); + proto_tree_add_text(field_tree, tvb, offset, 2, "Security: %s", val_to_str(val, secl_vals, "Unknown (0x%x)")); offset += 2; - opd += 2; - val = pntohs(opd); - proto_tree_add_text(field_tree, offset, 2, - "Compartments: %d", val); + val = tvb_get_ntohs(tvb, offset); + proto_tree_add_text(field_tree, tvb, offset, 2, + "Compartments: %u", val); offset += 2; - opd += 2; - proto_tree_add_text(field_tree, offset, 2, - "Handling restrictions: %c%c", opd[0], opd[1]); + proto_tree_add_text(field_tree, tvb, offset, 2, + "Handling restrictions: %c%c", + tvb_get_guint8(tvb, offset), + tvb_get_guint8(tvb, offset + 1)); offset += 2; - opd += 2; - proto_tree_add_text(field_tree, offset, 3, - "Transmission control code: %c%c%c", opd[0], opd[1], opd[2]); + proto_tree_add_text(field_tree, tvb, offset, 3, + "Transmission control code: %c%c%c", + tvb_get_guint8(tvb, offset), + tvb_get_guint8(tvb, offset + 1), + tvb_get_guint8(tvb, offset + 2)); } static void -dissect_ipopt_route(const ip_tcp_opt *optp, const u_char *opd, int offset, - guint optlen, proto_tree *opt_tree) +dissect_ipopt_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset, + guint optlen, frame_data *fd, proto_tree *opt_tree) { proto_tree *field_tree = NULL; proto_item *tf; @@ -329,55 +401,53 @@ dissect_ipopt_route(const ip_tcp_opt *optp, const u_char *opd, int offset, int optoffset = 0; struct in_addr addr; - tf = proto_tree_add_text(opt_tree, offset, optlen, "%s (%d bytes)", + tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)", optp->name, optlen); - field_tree = proto_item_add_subtree(tf, optp->subtree_index); + field_tree = proto_item_add_subtree(tf, *optp->subtree_index); optoffset += 2; /* skip past type and length */ optlen -= 2; /* subtract size of type and length */ - ptr = *opd; - proto_tree_add_text(field_tree, offset + optoffset, 1, + ptr = tvb_get_guint8(tvb, offset + optoffset); + proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Pointer: %d%s", ptr, ((ptr < 4) ? " (points before first address)" : ((ptr & 3) ? " (points to middle of address)" : ""))); optoffset++; - opd++; optlen--; ptr--; /* ptr is 1-origin */ while (optlen > 0) { if (optlen < 4) { - proto_tree_add_text(field_tree, offset, optlen, + proto_tree_add_text(field_tree, tvb, offset, optlen, "(suboption would go past end of option)"); break; } /* Avoids alignment problems on many architectures. */ - memcpy((char *)&addr, (char *)opd, sizeof(addr)); + tvb_memcpy(tvb, (guint8 *)&addr, offset + optoffset, sizeof(addr)); - proto_tree_add_text(field_tree, offset + optoffset, 4, + proto_tree_add_text(field_tree, tvb, offset + optoffset, 4, "%s%s", ((addr.s_addr == 0) ? "-" : (char *)get_hostname(addr.s_addr)), ((optoffset == ptr) ? " <- (current)" : "")); optoffset += 4; - opd += 4; optlen -= 4; } } static void -dissect_ipopt_sid(const ip_tcp_opt *optp, const u_char *opd, int offset, - guint optlen, proto_tree *opt_tree) +dissect_ipopt_sid(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset, + guint optlen, frame_data *fd, proto_tree *opt_tree) { - proto_tree_add_text(opt_tree, offset, optlen, - "%s: %d", optp->name, pntohs(opd)); + proto_tree_add_text(opt_tree, tvb, offset, optlen, + "%s: %u", optp->name, tvb_get_ntohs(tvb, offset + 2)); return; } static void -dissect_ipopt_timestamp(const ip_tcp_opt *optp, const u_char *opd, - int offset, guint optlen, proto_tree *opt_tree) +dissect_ipopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb, + int offset, guint optlen, frame_data *fd, proto_tree *opt_tree) { proto_tree *field_tree = NULL; proto_item *tf; @@ -392,79 +462,79 @@ dissect_ipopt_timestamp(const ip_tcp_opt *optp, const u_char *opd, struct in_addr addr; guint ts; - tf = proto_tree_add_text(opt_tree, offset, optlen, "%s:", optp->name); - field_tree = proto_item_add_subtree(tf, optp->subtree_index); + tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s:", optp->name); + field_tree = proto_item_add_subtree(tf, *optp->subtree_index); optoffset += 2; /* skip past type and length */ optlen -= 2; /* subtract size of type and length */ - ptr = *opd; - proto_tree_add_text(field_tree, offset + optoffset, 1, + ptr = tvb_get_guint8(tvb, offset + optoffset); + proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Pointer: %d%s", ptr, ((ptr < 5) ? " (points before first address)" : (((ptr - 1) & 3) ? " (points to middle of address)" : ""))); optoffset++; - opd++; optlen--; ptr--; /* ptr is 1-origin */ - flg = *opd; - proto_tree_add_text(field_tree, offset + optoffset, 1, - "Overflow: %d", flg >> 4); + flg = tvb_get_guint8(tvb, offset + optoffset); + proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, + "Overflow: %u", flg >> 4); flg &= 0xF; - proto_tree_add_text(field_tree, offset + optoffset, 1, + proto_tree_add_text(field_tree, tvb, offset + optoffset, 1, "Flag: %s", val_to_str(flg, flag_vals, "Unknown (0x%x)")); optoffset++; - opd++; optlen--; while (optlen > 0) { if (flg == IPOPT_TS_TSANDADDR) { - if (optlen < 4) { - proto_tree_add_text(field_tree, offset + optoffset, optlen, - "(suboption would go past end of option)"); - break; - } - /* XXX - check whether it goes past end of packet */ - ts = pntohl(opd); - opd += 4; - optlen -= 4; - if (optlen < 4) { - proto_tree_add_text(field_tree, offset + optoffset, optlen, + if (optlen < 8) { + proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen, "(suboption would go past end of option)"); break; } - /* XXX - check whether it goes past end of packet */ - memcpy((char *)&addr, (char *)opd, sizeof(addr)); - opd += 4; - optlen -= 4; - proto_tree_add_text(field_tree, offset, 8, + tvb_memcpy(tvb, (char *)&addr, offset + optoffset, sizeof(addr)); + ts = tvb_get_ntohl(tvb, offset + optoffset + 4); + optlen -= 8; + proto_tree_add_text(field_tree, tvb, offset + optoffset, 8, "Address = %s, time stamp = %u", ((addr.s_addr == 0) ? "-" : (char *)get_hostname(addr.s_addr)), ts); optoffset += 8; } else { if (optlen < 4) { - proto_tree_add_text(field_tree, offset + optoffset, optlen, + proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen, "(suboption would go past end of option)"); break; } - /* XXX - check whether it goes past end of packet */ - ts = pntohl(opd); - opd += 4; + ts = tvb_get_ntohl(tvb, offset + optoffset); optlen -= 4; - proto_tree_add_text(field_tree, offset + optoffset, 4, + proto_tree_add_text(field_tree, tvb, offset + optoffset, 4, "Time stamp = %u", ts); optoffset += 4; } } } +static void +dissect_ipopt_ra(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset, + guint optlen, frame_data *fd, proto_tree *opt_tree) +{ + /* Router-Alert, as defined by RFC2113 */ + int opt = tvb_get_ntohs(tvb, offset + 2); + static const value_string ra_opts[] = { + {0, "Every router examines packet"} }; + + proto_tree_add_text(opt_tree, tvb, offset, optlen, + "%s: %s", optp->name, val_to_str(opt, ra_opts, "Unknown (%d)")); + return; +} + static const ip_tcp_opt ipopts[] = { { IPOPT_END, "EOL", - -1, + NULL, NO_LENGTH, 0, NULL, @@ -472,7 +542,7 @@ static const ip_tcp_opt ipopts[] = { { IPOPT_NOOP, "NOP", - -1, + NULL, NO_LENGTH, 0, NULL, @@ -480,7 +550,7 @@ static const ip_tcp_opt ipopts[] = { { IPOPT_SEC, "Security", - ETT_IP_OPTION_SEC, + &ett_ip_option_sec, FIXED_LENGTH, IPOLEN_SEC, dissect_ipopt_security @@ -488,7 +558,7 @@ static const ip_tcp_opt ipopts[] = { { IPOPT_SSRR, "Strict source route", - ETT_IP_OPTION_ROUTE, + &ett_ip_option_route, VARIABLE_LENGTH, IPOLEN_SSRR_MIN, dissect_ipopt_route @@ -496,7 +566,7 @@ static const ip_tcp_opt ipopts[] = { { IPOPT_LSRR, "Loose source route", - ETT_IP_OPTION_ROUTE, + &ett_ip_option_route, VARIABLE_LENGTH, IPOLEN_LSRR_MIN, dissect_ipopt_route @@ -504,7 +574,7 @@ static const ip_tcp_opt ipopts[] = { { IPOPT_RR, "Record route", - ETT_IP_OPTION_ROUTE, + &ett_ip_option_route, VARIABLE_LENGTH, IPOLEN_RR_MIN, dissect_ipopt_route @@ -512,7 +582,7 @@ static const ip_tcp_opt ipopts[] = { { IPOPT_SID, "Stream identifier", - -1, + NULL, FIXED_LENGTH, IPOLEN_SID, dissect_ipopt_sid @@ -520,20 +590,28 @@ static const ip_tcp_opt ipopts[] = { { IPOPT_TIMESTAMP, "Time stamp", - ETT_IP_OPTION_TIMESTAMP, + &ett_ip_option_timestamp, VARIABLE_LENGTH, IPOLEN_TIMESTAMP_MIN, dissect_ipopt_timestamp - } + }, + { + IPOPT_RA, + "Router Alert", + NULL, + FIXED_LENGTH, + IPOLEN_RA, + dissect_ipopt_ra + }, }; #define N_IP_OPTS (sizeof ipopts / sizeof ipopts[0]) /* Dissect the IP or TCP options in a packet. */ void -dissect_ip_tcp_options(const u_char *opd, int offset, guint length, +dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length, const ip_tcp_opt *opttab, int nopts, int eol, - proto_tree *opt_tree) + frame_data *fd, proto_tree *opt_tree) { u_char opt; const ip_tcp_opt *optp; @@ -541,12 +619,12 @@ dissect_ip_tcp_options(const u_char *opd, int offset, guint length, int optlen; char *name; char name_str[7+1+1+2+2+1+1]; /* "Unknown (0x%02x)" */ - void (*dissect)(const struct ip_tcp_opt *, const u_char *, - int, guint, proto_tree *); + void (*dissect)(const struct ip_tcp_opt *, tvbuff_t *, + int, guint, frame_data *, proto_tree *); guint len; while (length > 0) { - opt = *opd++; + opt = tvb_get_guint8(tvb, offset); for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) { if (optp->optcode == opt) break; @@ -574,59 +652,58 @@ dissect_ip_tcp_options(const u_char *opd, int offset, guint length, if (length == 0) { /* Bogus - packet must at least include option code byte and length byte! */ - proto_tree_add_text(opt_tree, offset, 1, + proto_tree_add_text(opt_tree, tvb, offset, 1, "%s (length byte past end of options)", name); return; } - len = *opd++; /* total including type, len */ + len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */ --length; /* account for length byte */ if (len < 2) { /* Bogus - option length is too short to include option code and option length. */ - proto_tree_add_text(opt_tree, offset, 2, + proto_tree_add_text(opt_tree, tvb, offset, 2, "%s (with too-short option length = %u byte%s)", name, - plurality(len, "", "s")); + len, plurality(len, "", "s")); return; } else if (len - 2 > length) { /* Bogus - option goes past the end of the header. */ - proto_tree_add_text(opt_tree, offset, length, + proto_tree_add_text(opt_tree, tvb, offset, length, "%s (option length = %u byte%s says option goes past end of options)", name, len, plurality(len, "", "s")); return; } else if (len_type == FIXED_LENGTH && len != optlen) { /* Bogus - option length isn't what it's supposed to be for this option. */ - proto_tree_add_text(opt_tree, offset, len, + proto_tree_add_text(opt_tree, tvb, offset, len, "%s (with option length = %u byte%s; should be %u)", name, len, plurality(len, "", "s"), optlen); return; } else if (len_type == VARIABLE_LENGTH && len < optlen) { /* Bogus - option length is less than what it's supposed to be for this option. */ - proto_tree_add_text(opt_tree, offset, len, + proto_tree_add_text(opt_tree, tvb, offset, len, "%s (with option length = %u byte%s; should be >= %u)", name, len, plurality(len, "", "s"), optlen); return; } else { if (optp == NULL) { - proto_tree_add_text(opt_tree, offset, len, "%s (%d byte%s)", + proto_tree_add_text(opt_tree, tvb, offset, len, "%s (%u byte%s)", name, len, plurality(len, "", "s")); } else { if (dissect != NULL) { /* Option has a dissector. */ - (*dissect)(optp, opd, offset, len, opt_tree); + (*dissect)(optp, tvb, offset, len, fd, opt_tree); } else { /* Option has no data, hence no dissector. */ - proto_tree_add_text(opt_tree, offset, len, "%s", name); + proto_tree_add_text(opt_tree, tvb, offset, len, "%s", name); } } len -= 2; /* subtract size of type and length */ offset += 2 + len; } - opd += len; length -= len; } else { - proto_tree_add_text(opt_tree, offset, 1, "%s", name); + proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", name); offset += 1; } if (opt == eol) @@ -634,18 +711,29 @@ dissect_ip_tcp_options(const u_char *opd, int offset, guint length, } } -static const value_string proto_vals[] = { {IP_PROTO_ICMP, "ICMP"}, - {IP_PROTO_IGMP, "IGMP"}, - {IP_PROTO_TCP, "TCP" }, - {IP_PROTO_UDP, "UDP" }, - {IP_PROTO_OSPF, "OSPF"}, - {IP_PROTO_RSVP, "RSVP"}, - {IP_PROTO_AH, "AH" }, - {IP_PROTO_GRE, "GRE" }, - {IP_PROTO_ESP, "ESP" }, - {IP_PROTO_IPV6, "IPv6"}, - {IP_PROTO_PIM, "PIM" }, - {0, NULL } }; +static const value_string dscp_vals[] = { + { IPDSFIELD_DSCP_DEFAULT, "Default" }, + { IPDSFIELD_DSCP_CS1, "Class Selector 1" }, + { IPDSFIELD_DSCP_CS2, "Class Selector 2" }, + { IPDSFIELD_DSCP_CS3, "Class Selector 3" }, + { IPDSFIELD_DSCP_CS4, "Class Selector 4" }, + { IPDSFIELD_DSCP_CS5, "Class Selector 5" }, + { IPDSFIELD_DSCP_CS6, "Class Selector 6" }, + { IPDSFIELD_DSCP_CS7, "Class Selector 7" }, + { IPDSFIELD_DSCP_AF11, "Assured Forwarding 11" }, + { IPDSFIELD_DSCP_AF12, "Assured Forwarding 12" }, + { IPDSFIELD_DSCP_AF13, "Assured Forwarding 13" }, + { IPDSFIELD_DSCP_AF21, "Assured Forwarding 21" }, + { IPDSFIELD_DSCP_AF22, "Assured Forwarding 22" }, + { IPDSFIELD_DSCP_AF23, "Assured Forwarding 23" }, + { IPDSFIELD_DSCP_AF31, "Assured Forwarding 31" }, + { IPDSFIELD_DSCP_AF32, "Assured Forwarding 32" }, + { IPDSFIELD_DSCP_AF33, "Assured Forwarding 33" }, + { IPDSFIELD_DSCP_AF41, "Assured Forwarding 41" }, + { IPDSFIELD_DSCP_AF42, "Assured Forwarding 42" }, + { IPDSFIELD_DSCP_AF43, "Assured Forwarding 43" }, + { IPDSFIELD_DSCP_EF, "Expedited Forwarding" }, + { 0, NULL } }; static const value_string precedence_vals[] = { { IPTOS_PREC_ROUTINE, "routine" }, @@ -668,225 +756,206 @@ static const value_string iptos_vals[] = { { 0, NULL } }; +static const true_false_string tos_set_low = { + "Low", + "Normal" +}; + +static const true_false_string tos_set_high = { + "High", + "Normal" +}; + +static const true_false_string flags_set_truth = { + "Set", + "Not set" +}; + +static guint16 ip_checksum(const guint8 *ptr, int len) +{ + vec_t cksum_vec[1]; + + cksum_vec[0].ptr = ptr; + cksum_vec[0].len = len; + return in_cksum(&cksum_vec[0], 1); +} + void -dissect_ip(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { +dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ e_ip iph; proto_tree *ip_tree, *field_tree; proto_item *ti, *tf; - gchar tos_str[32]; - guint hlen, optlen, len; + int offset = 0; + guint hlen, optlen, len, payload_len, reported_payload_len, padding; guint16 flags; - int advance; guint8 nxt; + guint16 ipsum; + tvbuff_t *next_tvb; + + CHECK_DISPLAY_AS_DATA(proto_ip, tvb, pinfo, tree); + + pinfo->current_proto = "IP"; + + if (check_col(pinfo->fd, COL_PROTOCOL)) + col_set_str(pinfo->fd, COL_PROTOCOL, "IP"); + if (check_col(pinfo->fd, COL_INFO)) + col_clear(pinfo->fd, COL_INFO); - /* To do: check for runts, errs, etc. */ /* Avoids alignment problems on many architectures. */ - memcpy(&iph, &pd[offset], sizeof(e_ip)); + tvb_memcpy(tvb, (guint8 *)&iph, offset, sizeof(e_ip)); iph.ip_len = ntohs(iph.ip_len); iph.ip_id = ntohs(iph.ip_id); iph.ip_off = ntohs(iph.ip_off); iph.ip_sum = ntohs(iph.ip_sum); - /* Length of IP datagram plus headers above it. */ - len = iph.ip_len + offset; - - /* Set the payload and captured-payload lengths to the minima of (the - IP length plus the length of the headers above it) and the frame - lengths. */ - if (pi.len > len) - pi.len = len; - if (pi.captured_len > len) - pi.captured_len = len; + /* Length of payload handed to us. */ + reported_payload_len = tvb_reported_length(tvb); + payload_len = tvb_length(tvb); + + /* Length of IP datagram. */ + len = iph.ip_len; + + if (len < reported_payload_len) { + /* Adjust the length of this tvbuff to include only the IP datagram. + Our caller may use that to determine how much of its packet + was padding. */ + tvb_set_reported_length(tvb, len); + + /* Shrink the total payload by the amount of padding. */ + padding = reported_payload_len - len; + if (pinfo->len >= padding) + pinfo->len -= padding; + + /* Shrink the captured payload by the amount of padding in the + captured payload (which may be less than the amount of padding, + as the padding may not have been captured). */ + if (len < payload_len) { + padding = payload_len - len; + if (pinfo->captured_len >= padding) + pinfo->captured_len -= padding; + } + } + /* XXX - check to make sure this is at least IPH_MIN_LEN. */ hlen = lo_nibble(iph.ip_v_hl) * 4; /* IP header length, in bytes */ - switch (iph.ip_p) { - case IP_PROTO_ICMP: - case IP_PROTO_IGMP: - case IP_PROTO_TCP: - case IP_PROTO_UDP: - case IP_PROTO_OSPF: - case IP_PROTO_GRE: - case IP_PROTO_ESP: - case IP_PROTO_AH: - case IP_PROTO_IPV6: - case IP_PROTO_PIM: - /* Names are set in the associated dissect_* routines */ - break; - default: - if (check_col(fd, COL_PROTOCOL)) - col_add_str(fd, COL_PROTOCOL, "IP"); - if (check_col(fd, COL_INFO)) - col_add_fstr(fd, COL_INFO, "%s (0x%02x)", - ipprotostr(iph.ip_p), iph.ip_p); - } - - if (check_col(fd, COL_RES_NET_SRC)) - col_add_str(fd, COL_RES_NET_SRC, get_hostname(iph.ip_src)); - if (check_col(fd, COL_UNRES_NET_SRC)) - col_add_str(fd, COL_UNRES_NET_SRC, ip_to_str((guint8 *) &iph.ip_src)); - if (check_col(fd, COL_RES_NET_DST)) - col_add_str(fd, COL_RES_NET_DST, get_hostname(iph.ip_dst)); - if (check_col(fd, COL_UNRES_NET_DST)) - col_add_str(fd, COL_UNRES_NET_DST, ip_to_str((guint8 *) &iph.ip_dst)); - if (tree) { - - switch (IPTOS_TOS(iph.ip_tos)) { - case IPTOS_NONE: - strcpy(tos_str, "None"); - break; - case IPTOS_LOWCOST: - strcpy(tos_str, "Minimize cost"); - break; - case IPTOS_RELIABILITY: - strcpy(tos_str, "Maximize reliability"); - break; - case IPTOS_THROUGHPUT: - strcpy(tos_str, "Maximize throughput"); - break; - case IPTOS_LOWDELAY: - strcpy(tos_str, "Minimize delay"); - break; - case IPTOS_SECURITY: - strcpy(tos_str, "Maximize security"); - break; - default: - strcpy(tos_str, "Unknown. Malformed?"); - break; + ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, FALSE); + ip_tree = proto_item_add_subtree(ti, ett_ip); + + proto_tree_add_uint(ip_tree, hf_ip_version, tvb, offset, 1, hi_nibble(iph.ip_v_hl)); + proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen, + "Header length: %u bytes", hlen); + + if (g_ip_dscp_actif) { + tf = proto_tree_add_uint_format(ip_tree, hf_ip_dsfield, tvb, offset + 1, 1, iph.ip_tos, + "Differentiated Services Field: 0x%02x (DSCP 0x%02x: %s; ECN: 0x%02x)", iph.ip_tos, + IPDSFIELD_DSCP(iph.ip_tos), val_to_str(IPDSFIELD_DSCP(iph.ip_tos), dscp_vals, + "Unknown DSCP"),IPDSFIELD_ECN(iph.ip_tos)); + + field_tree = proto_item_add_subtree(tf, ett_ip_dsfield); + proto_tree_add_uint(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, iph.ip_tos); + proto_tree_add_uint(field_tree, hf_ip_dsfield_ect, tvb, offset + 1, 1, iph.ip_tos); + proto_tree_add_uint(field_tree, hf_ip_dsfield_ce, tvb, offset + 1, 1, iph.ip_tos); + } else { + tf = proto_tree_add_uint_format(ip_tree, hf_ip_tos, tvb, offset + 1, 1, iph.ip_tos, + "Type of service: 0x%02x (%s)", iph.ip_tos, + val_to_str( IPTOS_TOS(iph.ip_tos), iptos_vals, "Unknown") ); + + field_tree = proto_item_add_subtree(tf, ett_ip_tos); + proto_tree_add_uint(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, iph.ip_tos); + proto_tree_add_boolean(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, iph.ip_tos); + proto_tree_add_boolean(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, iph.ip_tos); + proto_tree_add_boolean(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, iph.ip_tos); + proto_tree_add_boolean(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, iph.ip_tos); } - - ti = proto_tree_add_item(tree, proto_ip, offset, hlen, NULL); - ip_tree = proto_item_add_subtree(ti, ETT_IP); - - proto_tree_add_item(ip_tree, hf_ip_version, offset, 1, hi_nibble(iph.ip_v_hl)); - proto_tree_add_item_format(ip_tree, hf_ip_hdr_len, offset, 1, hlen, - "Header length: %d bytes", hlen); - tf = proto_tree_add_item_format(ip_tree, hf_ip_tos, offset + 1, 1, iph.ip_tos, - "Type of service: 0x%02x (%s)", iph.ip_tos, - val_to_str( IPTOS_TOS(iph.ip_tos), iptos_vals, "Unknown") ); - - field_tree = proto_item_add_subtree(tf, ETT_IP_TOS); - proto_tree_add_item_format(field_tree, hf_ip_tos_precedence, offset + 1, 1, - iph.ip_tos & IPTOS_PREC_MASK, decode_enumerated_bitfield(iph.ip_tos, IPTOS_PREC_MASK, - sizeof (iph.ip_tos)*8, precedence_vals, "%s precedence")); - - proto_tree_add_text(field_tree, offset + 1, 1, "%s", - decode_boolean_bitfield(iph.ip_tos, IPTOS_LOWDELAY, - sizeof (iph.ip_tos)*8, "low delay", "normal delay")); - proto_tree_add_text(field_tree, offset + 1, 1, "%s", - decode_boolean_bitfield(iph.ip_tos, IPTOS_THROUGHPUT, - sizeof (iph.ip_tos)*8, "high throughput", "normal throughput")); - proto_tree_add_text(field_tree, offset + 1, 1, "%s", - decode_boolean_bitfield(iph.ip_tos, IPTOS_RELIABILITY, - sizeof (iph.ip_tos)*8, "high reliability", "normal reliability")); - proto_tree_add_text(field_tree, offset + 1, 1, "%s", - decode_boolean_bitfield(iph.ip_tos, IPTOS_LOWCOST, - sizeof (iph.ip_tos)*8, "low cost", "normal cost")); - proto_tree_add_item(ip_tree, hf_ip_len, offset + 2, 2, iph.ip_len); - proto_tree_add_item_format(ip_tree, hf_ip_id, offset + 4, 2, iph.ip_id, "Identification: 0x%04x", - iph.ip_id); + proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph.ip_len); + proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph.ip_id); flags = (iph.ip_off & (IP_DF|IP_MF)) >> 12; - tf = proto_tree_add_item_format(ip_tree, hf_ip_flags, offset + 6, 1, flags, - "Flags: 0x%x", flags); - field_tree = proto_item_add_subtree(tf, ETT_IP_OFF); - proto_tree_add_text(field_tree, offset + 6, 1, "%s", - decode_boolean_bitfield(iph.ip_off >> 12, IP_DF >> 12, 4, "don't fragment", - "may fragment")); - proto_tree_add_text(field_tree, offset + 6, 1, "%s", - decode_boolean_bitfield(iph.ip_off >> 12, IP_MF >> 12, 4, "more fragments", - "last fragment")); - - proto_tree_add_item(ip_tree, hf_ip_frag_offset, offset + 6, 2, - iph.ip_off & IP_OFFSET); - proto_tree_add_item(ip_tree, hf_ip_ttl, offset + 8, 1, iph.ip_ttl); - proto_tree_add_item_format(ip_tree, hf_ip_proto, offset + 9, 1, iph.ip_p, + tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags); + field_tree = proto_item_add_subtree(tf, ett_ip_off); + proto_tree_add_boolean(field_tree, hf_ip_flags_df, tvb, offset + 6, 1, flags), + proto_tree_add_boolean(field_tree, hf_ip_flags_mf, tvb, offset + 6, 1, flags), + + proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2, + (iph.ip_off & IP_OFFSET)*8); + proto_tree_add_uint(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, iph.ip_ttl); + proto_tree_add_uint_format(ip_tree, hf_ip_proto, tvb, offset + 9, 1, iph.ip_p, "Protocol: %s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p); - proto_tree_add_item_format(ip_tree, hf_ip_checksum, offset + 10, 2, iph.ip_sum, - "Header checksum: 0x%04x", iph.ip_sum); - proto_tree_add_item(ip_tree, hf_ip_src, offset + 12, 4, iph.ip_src); - proto_tree_add_item(ip_tree, hf_ip_dst, offset + 16, 4, iph.ip_dst); - proto_tree_add_item_hidden(ip_tree, hf_ip_addr, offset + 12, 4, iph.ip_src); - proto_tree_add_item_hidden(ip_tree, hf_ip_addr, offset + 16, 4, iph.ip_dst); + ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen); + if (ipsum == 0) { + proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph.ip_sum, + "Header checksum: 0x%04x (correct)", iph.ip_sum); + } + else { + proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph.ip_sum, + "Header checksum: 0x%04x (incorrect, should be 0x%04x)", iph.ip_sum, + in_cksum_shouldbe(iph.ip_sum, ipsum)); + } + + proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, iph.ip_src); + proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, iph.ip_dst); + proto_tree_add_ipv4_hidden(ip_tree, hf_ip_addr, tvb, offset + 12, 4, iph.ip_src); + proto_tree_add_ipv4_hidden(ip_tree, hf_ip_addr, tvb, offset + 16, 4, iph.ip_dst); /* Decode IP options, if any. */ if (hlen > sizeof (e_ip)) { /* There's more than just the fixed-length header. Decode the options. */ optlen = hlen - sizeof (e_ip); /* length of options, in bytes */ - tf = proto_tree_add_text(ip_tree, offset + 20, optlen, - "Options: (%d bytes)", optlen); - field_tree = proto_item_add_subtree(tf, ETT_IP_OPTIONS); - dissect_ip_tcp_options(&pd[offset + 20], offset + 20, optlen, - ipopts, N_IP_OPTS, IPOPT_END, field_tree); + tf = proto_tree_add_text(ip_tree, tvb, offset + 20, optlen, + "Options: (%u bytes)", optlen); + field_tree = proto_item_add_subtree(tf, ett_ip_options); + dissect_ip_tcp_options(tvb, offset + 20, optlen, + ipopts, N_IP_OPTS, IPOPT_END, pinfo->fd, field_tree); } } - pi.ipproto = iph.ip_p; - pi.iplen = iph.ip_len; - pi.iphdrlen = lo_nibble(iph.ip_v_hl); - pi.ip_src = iph.ip_src; - pi.ip_dst = iph.ip_dst; + pinfo->ipproto = iph.ip_p; + pinfo->iplen = iph.ip_len; + pinfo->iphdrlen = lo_nibble(iph.ip_v_hl); + SET_ADDRESS(&pinfo->net_src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4)); + SET_ADDRESS(&pinfo->src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4)); + SET_ADDRESS(&pinfo->net_dst, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_DST, 4)); + SET_ADDRESS(&pinfo->dst, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_DST, 4)); /* Skip over header + options */ offset += hlen; nxt = iph.ip_p; if (iph.ip_off & IP_OFFSET) { /* fragmented */ - if (check_col(fd, COL_PROTOCOL)) - col_add_str(fd, COL_PROTOCOL, "IP"); - if (check_col(fd, COL_INFO)) - col_add_fstr(fd, COL_INFO, "Fragmented IP protocol (proto=%s 0x%02x, off=%d)", - ipprotostr(iph.ip_p), iph.ip_p, iph.ip_off & IP_OFFSET); - dissect_data(pd, offset, fd, tree); + if (check_col(pinfo->fd, COL_INFO)) + col_add_fstr(pinfo->fd, COL_INFO, "Fragmented IP protocol (proto=%s 0x%02x, off=%u)", + ipprotostr(iph.ip_p), iph.ip_p, (iph.ip_off & IP_OFFSET) * 8); + dissect_data(tvb, offset, pinfo, tree); return; } -again: - switch (nxt) { - case IP_PROTO_ICMP: - dissect_icmp(pd, offset, fd, tree); - break; - case IP_PROTO_IGMP: - dissect_igmp(pd, offset, fd, tree); - break; - case IP_PROTO_TCP: - dissect_tcp(pd, offset, fd, tree); - break; - case IP_PROTO_UDP: - dissect_udp(pd, offset, fd, tree); - break; - case IP_PROTO_OSPF: - dissect_ospf(pd, offset, fd, tree); - break; - case IP_PROTO_RSVP: - dissect_rsvp(pd, offset, fd, tree); - break; - case IP_PROTO_AH: - advance = dissect_ah(pd, offset, fd, tree); - nxt = pd[offset]; - offset += advance; - goto again; - case IP_PROTO_GRE: - dissect_gre(pd, offset, fd, tree); - break; - case IP_PROTO_ESP: - dissect_esp(pd, offset, fd, tree); - break; - case IP_PROTO_IPV6: - dissect_ipv6(pd, offset, fd, tree); - break; - case IP_PROTO_PIM: - dissect_pim(pd, offset, fd, tree); - break; - case IP_PROTO_IPCOMP: - dissect_ipcomp(pd, offset, fd, tree); - break; - default: - dissect_data(pd, offset, fd, tree); - break; + /* + * If this is the first fragment, but not the only fragment, + * tell the next protocol that. + */ + if (iph.ip_off & IP_MF) + pinfo->fragmented = TRUE; + else + pinfo->fragmented = FALSE; + + /* Hand off to the next protocol. + + XXX - setting the columns only after trying various dissectors means + that if one of those dissectors throws an exception, the frame won't + even be labelled as an IP frame; ideally, if a frame being dissected + throws an exception, it'll be labelled as a mangled frame of the + type in question. */ + next_tvb = tvb_new_subset(tvb, offset, -1, -1); + if (!dissector_try_port(ip_dissector_table, nxt, next_tvb, pinfo, tree)) { + /* Unknown protocol */ + if (check_col(pinfo->fd, COL_INFO)) + col_add_fstr(pinfo->fd, COL_INFO, "%s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p); + dissect_data(next_tvb, 0, pinfo, tree); } } @@ -926,30 +995,42 @@ static const gchar *par_str[] = {"IP header bad", "Required option missing"}; #define N_PARAMPROB (sizeof par_str / sizeof par_str[0]) -void -dissect_icmp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { - e_icmp ih; +static void +dissect_icmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ proto_tree *icmp_tree; proto_item *ti; - guint16 cksum; + guint8 icmp_type; + guint8 icmp_code; + guint length, reported_length; + guint16 cksum, computed_cksum; gchar type_str[64], code_str[64] = ""; guint8 num_addrs = 0; guint8 addr_entry_size = 0; int i; - /* Avoids alignment problems on many architectures. */ - memcpy(&ih, &pd[offset], sizeof(e_icmp)); + CHECK_DISPLAY_AS_DATA(proto_icmp, tvb, pinfo, tree); + + pinfo->current_proto = "ICMP"; + + if (check_col(pinfo->fd, COL_PROTOCOL)) + col_set_str(pinfo->fd, COL_PROTOCOL, "ICMP"); + if (check_col(pinfo->fd, COL_INFO)) + col_clear(pinfo->fd, COL_INFO); + /* To do: check for runts, errs, etc. */ - cksum = ntohs(ih.icmp_cksum); - - switch (ih.icmp_type) { + icmp_type = tvb_get_guint8(tvb, 0); + icmp_code = tvb_get_guint8(tvb, 1); + cksum = tvb_get_ntohs(tvb, 2); + + switch (icmp_type) { case ICMP_ECHOREPLY: strcpy(type_str, "Echo (ping) reply"); break; case ICMP_UNREACH: strcpy(type_str, "Destination unreachable"); - if (ih.icmp_code < N_UNREACH) { - sprintf(code_str, "(%s)", unreach_str[ih.icmp_code]); + if (icmp_code < N_UNREACH) { + sprintf(code_str, "(%s)", unreach_str[icmp_code]); } else { strcpy(code_str, "(Unknown - error?)"); } @@ -959,8 +1040,8 @@ dissect_icmp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { break; case ICMP_REDIRECT: strcpy(type_str, "Redirect"); - if (ih.icmp_code < N_REDIRECT) { - sprintf(code_str, "(%s)", redir_str[ih.icmp_code]); + if (icmp_code < N_REDIRECT) { + sprintf(code_str, "(%s)", redir_str[icmp_code]); } else { strcpy(code_str, "(Unknown - error?)"); } @@ -976,16 +1057,16 @@ dissect_icmp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { break; case ICMP_TIMXCEED: strcpy(type_str, "Time-to-live exceeded"); - if (ih.icmp_code < N_TIMXCEED) { - sprintf(code_str, "(%s)", ttl_str[ih.icmp_code]); + if (icmp_code < N_TIMXCEED) { + sprintf(code_str, "(%s)", ttl_str[icmp_code]); } else { strcpy(code_str, "(Unknown - error?)"); } break; case ICMP_PARAMPROB: strcpy(type_str, "Parameter problem"); - if (ih.icmp_code < N_PARAMPROB) { - sprintf(code_str, "(%s)", par_str[ih.icmp_code]); + if (icmp_code < N_PARAMPROB) { + sprintf(code_str, "(%s)", par_str[icmp_code]); } else { strcpy(code_str, "(Unknown - error?)"); } @@ -1012,29 +1093,45 @@ dissect_icmp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { strcpy(type_str, "Unknown ICMP (obsolete or malformed?)"); } - if (check_col(fd, COL_PROTOCOL)) - col_add_str(fd, COL_PROTOCOL, "ICMP"); - if (check_col(fd, COL_INFO)) - col_add_str(fd, COL_INFO, type_str); + if (check_col(pinfo->fd, COL_INFO)) + col_add_str(pinfo->fd, COL_INFO, type_str); if (tree) { - ti = proto_tree_add_item(tree, proto_icmp, offset, 4, NULL); - icmp_tree = proto_item_add_subtree(ti, ETT_ICMP); - proto_tree_add_item_format(icmp_tree, hf_icmp_type, offset, 1, - ih.icmp_type, - "Type: %d (%s)", - ih.icmp_type, type_str); - proto_tree_add_item_format(icmp_tree, hf_icmp_code, offset + 1, 1, - ih.icmp_code, - "Code: %d %s", - ih.icmp_code, code_str); - proto_tree_add_item_format(icmp_tree, hf_icmp_checksum, offset + 2, 2, - cksum, - "Checksum: 0x%04x", - cksum); + length = tvb_length(tvb); + reported_length = tvb_reported_length(tvb); + ti = proto_tree_add_item(tree, proto_icmp, tvb, 0, length, FALSE); + icmp_tree = proto_item_add_subtree(ti, ett_icmp); + proto_tree_add_uint_format(icmp_tree, hf_icmp_type, tvb, 0, 1, + icmp_type, + "Type: %u (%s)", + icmp_type, type_str); + proto_tree_add_uint_format(icmp_tree, hf_icmp_code, tvb, 1, 1, + icmp_code, + "Code: %u %s", + icmp_code, code_str); + + if (!pinfo->fragmented && length >= reported_length) { + /* The packet isn't part of a fragmented datagram and isn't + truncated, so we can checksum it. */ + + computed_cksum = ip_checksum(tvb_get_ptr(tvb, 0, reported_length), + reported_length); + if (computed_cksum == 0) { + proto_tree_add_uint_format(icmp_tree, hf_icmp_checksum, tvb, 2, 2, + cksum, + "Checksum: 0x%04x (correct)", cksum); + } else { + proto_tree_add_uint_format(icmp_tree, hf_icmp_checksum, tvb, 2, 2, + cksum, + "Checksum: 0x%04x (incorrect, should be 0x%04x)", + cksum, in_cksum_shouldbe(cksum, computed_cksum)); + } + } else { + proto_tree_add_uint(icmp_tree, hf_icmp_checksum, tvb, 2, 2, cksum); + } /* Decode the second 4 bytes of the packet. */ - switch (ih.icmp_type) { + switch (icmp_type) { case ICMP_ECHOREPLY: case ICMP_ECHO: case ICMP_TSTAMP: @@ -1043,45 +1140,45 @@ dissect_icmp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { case ICMP_IREQREPLY: case ICMP_MASKREQ: case ICMP_MASKREPLY: - proto_tree_add_text(icmp_tree, offset + 4, 2, "Identifier: 0x%04x", - pntohs(&pd[offset + 4])); - proto_tree_add_text(icmp_tree, offset + 6, 2, "Sequence number: %u", - pntohs(&pd[offset + 6])); + proto_tree_add_text(icmp_tree, tvb, 4, 2, "Identifier: 0x%04x", + tvb_get_ntohs(tvb, 4)); + proto_tree_add_text(icmp_tree, tvb, 6, 2, "Sequence number: %02x:%02x", + tvb_get_guint8(tvb, 6), tvb_get_guint8(tvb, 7)); break; case ICMP_UNREACH: - switch (ih.icmp_code) { + switch (icmp_code) { case ICMP_FRAG_NEEDED: - proto_tree_add_text(icmp_tree, offset + 6, 2, "MTU of next hop: %u", - pntohs(&pd[offset + 6])); + proto_tree_add_text(icmp_tree, tvb, 6, 2, "MTU of next hop: %u", + tvb_get_ntohs(tvb, 6)); break; } break; case ICMP_RTRADVERT: - num_addrs = pd[offset + 4]; - proto_tree_add_text(icmp_tree, offset + 4, 1, "Number of addresses: %u", + num_addrs = tvb_get_guint8(tvb, 4); + proto_tree_add_text(icmp_tree, tvb, 4, 1, "Number of addresses: %u", num_addrs); - addr_entry_size = pd[offset + 5]; - proto_tree_add_text(icmp_tree, offset + 5, 1, "Address entry size: %u", + addr_entry_size = tvb_get_guint8(tvb, 5); + proto_tree_add_text(icmp_tree, tvb, 5, 1, "Address entry size: %u", addr_entry_size); - proto_tree_add_text(icmp_tree, offset + 6, 2, "Lifetime: %s", - time_secs_to_str(pntohs(&pd[offset + 6]))); + proto_tree_add_text(icmp_tree, tvb, 6, 2, "Lifetime: %s", + time_secs_to_str(tvb_get_ntohs(tvb, 6))); break; case ICMP_PARAMPROB: - proto_tree_add_text(icmp_tree, offset + 4, 1, "Pointer: %u", - pd[offset + 4]); + proto_tree_add_text(icmp_tree, tvb, 4, 1, "Pointer: %u", + tvb_get_guint8(tvb, 4)); break; case ICMP_REDIRECT: - proto_tree_add_text(icmp_tree, offset + 4, 4, "Gateway address: %s", - ip_to_str((guint8 *)&pd[offset + 4])); + proto_tree_add_text(icmp_tree, tvb, 4, 4, "Gateway address: %s", + ip_to_str(tvb_get_ptr(tvb, 4, 4))); break; } /* Decode the additional information in the packet. */ - switch (ih.icmp_type) { + switch (icmp_type) { case ICMP_UNREACH: case ICMP_TIMXCEED: case ICMP_PARAMPROB: @@ -1092,111 +1189,109 @@ dissect_icmp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { XXX - for now, just display it as data; not all dissection routines can handle a short packet without exploding. */ - dissect_data(pd, offset + 8, fd, icmp_tree); + dissect_data(tvb, 8, pinfo, icmp_tree); break; case ICMP_ECHOREPLY: case ICMP_ECHO: - dissect_data(pd, offset + 8, fd, icmp_tree); + dissect_data(tvb, 8, pinfo, icmp_tree); break; case ICMP_RTRADVERT: if (addr_entry_size == 2) { for (i = 0; i < num_addrs; i++) { - proto_tree_add_text(icmp_tree, offset + 8 + (i*8), 4, + proto_tree_add_text(icmp_tree, tvb, 8 + (i*8), 4, "Router address: %s", - ip_to_str((guint8 *)&pd[offset + 8 + (i*8)])); - proto_tree_add_text(icmp_tree, offset + 12 + (i*8), 4, - "Preference level: %d", pntohl(&pd[offset + 12 + (i*8)])); + ip_to_str(tvb_get_ptr(tvb, 8 + (i*8), 4))); + proto_tree_add_text(icmp_tree, tvb, 12 + (i*8), 4, + "Preference level: %u", tvb_get_ntohl(tvb, 12 + (i*8))); } } else - dissect_data(pd, offset + 8, fd, icmp_tree); + dissect_data(tvb, 8, pinfo, icmp_tree); break; case ICMP_TSTAMP: case ICMP_TSTAMPREPLY: - proto_tree_add_text(icmp_tree, offset + 8, 4, "Originate timestamp: %u", - pntohl(&pd[offset + 8])); - proto_tree_add_text(icmp_tree, offset + 12, 4, "Receive timestamp: %u", - pntohl(&pd[offset + 12])); - proto_tree_add_text(icmp_tree, offset + 16, 4, "Transmit timestamp: %u", - pntohl(&pd[offset + 16])); + proto_tree_add_text(icmp_tree, tvb, 8, 4, "Originate timestamp: %u", + tvb_get_ntohl(tvb, 8)); + proto_tree_add_text(icmp_tree, tvb, 12, 4, "Receive timestamp: %u", + tvb_get_ntohl(tvb, 12)); + proto_tree_add_text(icmp_tree, tvb, 16, 4, "Transmit timestamp: %u", + tvb_get_ntohl(tvb, 16)); break; case ICMP_MASKREQ: case ICMP_MASKREPLY: - proto_tree_add_text(icmp_tree, offset + 8, 4, "Address mask: %s (0x%8x)", - ip_to_str((guint8 *)&pd[offset + 8]), pntohl(&pd[offset + 8])); + proto_tree_add_text(icmp_tree, tvb, 8, 4, "Address mask: %s (0x%08x)", + ip_to_str(tvb_get_ptr(tvb, 8, 4)), tvb_get_ntohl(tvb, 8)); break; } } } -void -dissect_igmp(const u_char *pd, int offset, frame_data *fd, proto_tree *tree) { +static void +dissect_igmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ e_igmp ih; proto_tree *igmp_tree; proto_item *ti; - guint16 cksum; - gchar type_str[64] = ""; + gchar *type_str; + + CHECK_DISPLAY_AS_DATA(proto_igmp, tvb, pinfo, tree); + + pinfo->current_proto = "IGMP"; + + if (check_col(pinfo->fd, COL_PROTOCOL)) + col_set_str(pinfo->fd, COL_PROTOCOL, "IGMP"); + if (check_col(pinfo->fd, COL_INFO)) + col_clear(pinfo->fd, COL_INFO); /* Avoids alignment problems on many architectures. */ - memcpy(&ih, &pd[offset], sizeof(e_igmp)); - /* To do: check for runts, errs, etc. */ - cksum = ntohs(ih.igmp_cksum); + memcpy(&ih, tvb_get_ptr(tvb, 0, sizeof(e_igmp)), sizeof(e_igmp)); switch (lo_nibble(ih.igmp_v_t)) { case IGMP_M_QRY: - strcpy(type_str, "Router query"); + type_str = "Router query"; break; case IGMP_V1_M_RPT: - strcpy(type_str, "Host response (v1)"); + type_str = "Host response (v1)"; break; case IGMP_V2_LV_GRP: - strcpy(type_str, "Leave group (v2)"); + type_str = "Leave group (v2)"; break; case IGMP_DVMRP: - strcpy(type_str, "DVMRP"); + type_str = "DVMRP"; break; case IGMP_PIM: - strcpy(type_str, "PIM"); + type_str = "PIM"; break; case IGMP_V2_M_RPT: - strcpy(type_str, "Host reponse (v2)"); + type_str = "Host response (v2)"; break; case IGMP_MTRC_RESP: - strcpy(type_str, "Traceroute response"); + type_str = "Traceroute response"; break; case IGMP_MTRC: - strcpy(type_str, "Traceroute message"); + type_str = "Traceroute message"; break; default: - strcpy(type_str, "Unknown IGMP"); + type_str = "Unknown IGMP"; } - if (check_col(fd, COL_PROTOCOL)) - col_add_str(fd, COL_PROTOCOL, "IGMP"); - if (check_col(fd, COL_INFO)) - col_add_str(fd, COL_INFO, type_str); + if (check_col(pinfo->fd, COL_INFO)) + col_add_str(pinfo->fd, COL_INFO, type_str); if (tree) { - ti = proto_tree_add_item(tree, proto_igmp, offset, 8, NULL); - igmp_tree = proto_item_add_subtree(ti, ETT_IGMP); - proto_tree_add_item(igmp_tree, hf_igmp_version, offset, 1, + ti = proto_tree_add_item(tree, proto_igmp, tvb, 0, 8, FALSE); + igmp_tree = proto_item_add_subtree(ti, ett_igmp); + proto_tree_add_uint(igmp_tree, hf_igmp_version, tvb, 0, 1, hi_nibble(ih.igmp_v_t)); - proto_tree_add_item_format(igmp_tree, hf_igmp_type, offset , 1, + proto_tree_add_uint_format(igmp_tree, hf_igmp_type, tvb, 0 , 1, lo_nibble(ih.igmp_v_t), - "Type: %d (%s)", + "Type: %u (%s)", lo_nibble(ih.igmp_v_t), type_str); - proto_tree_add_item_format(igmp_tree, hf_igmp_unused, offset + 1, 1, - ih.igmp_unused, - "Unused: 0x%02x", - ih.igmp_unused); - proto_tree_add_item_format(igmp_tree, hf_igmp_checksum, offset + 2, 2, - cksum, - "Checksum: 0x%04x", - cksum); - proto_tree_add_item(igmp_tree, hf_igmp_group, offset + 4, 4, - ih.igmp_gaddr); + proto_tree_add_item(igmp_tree, hf_igmp_unused, tvb, 1, 1, FALSE); + proto_tree_add_item(igmp_tree, hf_igmp_checksum, tvb, 2, 2, FALSE); + proto_tree_add_ipv4(igmp_tree, hf_igmp_group, tvb, 4, 4, ih.igmp_gaddr); } } @@ -1214,7 +1309,7 @@ proto_register_igmp(void) "" }}, { &hf_igmp_unused, - { "Unused", "igmp.unused", FT_UINT8, BASE_DEC, NULL, 0x0, + { "Unused", "igmp.unused", FT_UINT8, BASE_HEX, NULL, 0x0, "" }}, { &hf_igmp_checksum, @@ -1225,9 +1320,19 @@ proto_register_igmp(void) { "Group address", "igmp.group", FT_IPv4, BASE_NONE, NULL, 0x0, "" }}, }; + static gint *ett[] = { + &ett_igmp, + }; proto_igmp = proto_register_protocol ("Internet Group Management Protocol", "igmp"); proto_register_field_array(proto_igmp, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void +proto_reg_handoff_igmp(void) +{ + dissector_add("ip.proto", IP_PROTO_IGMP, dissect_igmp); } void @@ -1243,13 +1348,52 @@ proto_register_ip(void) { "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC, NULL, 0x0, "" }}, + { &hf_ip_dsfield, + { "Differentiated Services field", "ip.dsfield", FT_UINT8, BASE_DEC, NULL, 0x0, + "" }}, + + { &hf_ip_dsfield_dscp, + { "Differentiated Services Codepoint", "ip.dsfield.dscp", FT_UINT8, BASE_HEX, + VALS(dscp_vals), IPDSFIELD_DSCP_MASK, + "" }}, + + { &hf_ip_dsfield_ect, + { "ECN-Capable Transport (ECT)", "ip.dsfield.ect", FT_UINT8, BASE_DEC, NULL, + IPDSFIELD_ECT_MASK, + "" }}, + + { &hf_ip_dsfield_ce, + { "ECN-CE", "ip.dsfield.ce", FT_UINT8, BASE_DEC, NULL, + IPDSFIELD_CE_MASK, + "" }}, + { &hf_ip_tos, { "Type of Service", "ip.tos", FT_UINT8, BASE_DEC, NULL, 0x0, "" }}, { &hf_ip_tos_precedence, { "Precedence", "ip.tos.precedence", FT_UINT8, BASE_DEC, VALS(precedence_vals), - 0x0, + IPTOS_PREC_MASK, + "" }}, + + { &hf_ip_tos_delay, + { "Delay", "ip.tos.delay", FT_BOOLEAN, 8, TFS(&tos_set_low), + IPTOS_LOWDELAY, + "" }}, + + { &hf_ip_tos_throughput, + { "Throughput", "ip.tos.throughput", FT_BOOLEAN, 8, TFS(&tos_set_high), + IPTOS_THROUGHPUT, + "" }}, + + { &hf_ip_tos_reliability, + { "Reliability", "ip.tos.reliability", FT_BOOLEAN, 8, TFS(&tos_set_high), + IPTOS_RELIABILITY, + "" }}, + + { &hf_ip_tos_cost, + { "Cost", "ip.tos.cost", FT_BOOLEAN, 8, TFS(&tos_set_low), + IPTOS_LOWCOST, "" }}, { &hf_ip_len, @@ -1257,7 +1401,7 @@ proto_register_ip(void) "" }}, { &hf_ip_id, - { "Identification", "ip.id", FT_UINT32, BASE_DEC, NULL, 0x0, + { "Identification", "ip.id", FT_UINT16, BASE_HEX, NULL, 0x0, "" }}, { &hf_ip_dst, @@ -1276,6 +1420,14 @@ proto_register_ip(void) { "Flags", "ip.flags", FT_UINT8, BASE_HEX, NULL, 0x0, "" }}, + { &hf_ip_flags_df, + { "Don't fragment", "ip.flags.df", FT_BOOLEAN, 4, TFS(&flags_set_truth), IP_DF>>12, + "" }}, + + { &hf_ip_flags_mf, + { "More fragments", "ip.flags.mf", FT_BOOLEAN, 4, TFS(&flags_set_truth), IP_MF>>12, + "" }}, + { &hf_ip_frag_offset, { "Fragment offset", "ip.frag_offset", FT_UINT16, BASE_DEC, NULL, 0x0, "" }}, @@ -1292,9 +1444,45 @@ proto_register_ip(void) { "Header checksum", "ip.checksum", FT_UINT16, BASE_HEX, NULL, 0x0, "" }}, }; + static gint *ett[] = { + &ett_ip, + &ett_ip_dsfield, + &ett_ip_tos, + &ett_ip_off, + &ett_ip_options, + &ett_ip_option_sec, + &ett_ip_option_route, + &ett_ip_option_timestamp, + }; + module_t *ip_module; proto_ip = proto_register_protocol ("Internet Protocol", "ip"); proto_register_field_array(proto_ip, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + /* subdissector code */ + ip_dissector_table = register_dissector_table("ip.proto"); + + /* Register a configuration option for decoding TOS as DSCP */ + ip_module = prefs_register_module("ip", "IP", NULL); + prefs_register_bool_preference(ip_module, "decode_tos_as_diffserv", + "Decode IPv4 TOS field as DiffServ field", +"Whether the IPv4 type-of-service field should be decoded as a Differentiated Services field", + &g_ip_dscp_actif); + + register_dissector("ip", dissect_ip); +} + +void +proto_reg_handoff_ip(void) +{ + dissector_add("ethertype", ETHERTYPE_IP, dissect_ip); + dissector_add("ppp.protocol", PPP_IP, dissect_ip); + dissector_add("ppp.protocol", CISCO_IP, dissect_ip); + dissector_add("llc.dsap", SAP_IP, dissect_ip); + dissector_add("ip.proto", IP_PROTO_IPV4, dissect_ip); + dissector_add("ip.proto", IP_PROTO_IPIP, dissect_ip); + dissector_add("null.type", BSD_AF_INET, dissect_ip); } void @@ -1314,8 +1502,18 @@ proto_register_icmp(void) { "Checksum", "icmp.checksum", FT_UINT16, BASE_HEX, NULL, 0x0, "" }}, }; + static gint *ett[] = { + &ett_icmp, + }; proto_icmp = proto_register_protocol ("Internet Control Message Protocol", "icmp"); proto_register_field_array(proto_icmp, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} + +void +proto_reg_handoff_icmp(void) +{ + dissector_add("ip.proto", IP_PROTO_ICMP, dissect_icmp); }