1998-09-16 02:39:15 +00:00
|
|
|
/* packet-ip.c
|
|
|
|
|
* Routines for IP and miscellaneous IP protocol packet disassembly
|
|
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
1998-09-16 03:22:19 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
1998-09-16 02:39:15 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2007-01-19 23:56:42 +00:00
|
|
|
* Wednesday, January 17, 2006
|
|
|
|
|
* Support for the CIPSO IPv4 option
|
|
|
|
|
* (http://sourceforge.net/docman/display_doc.php?docid=34650&group_id=174379)
|
|
|
|
|
* by Paul Moore <paul.moore@hp.com>
|
|
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
1998-09-16 02:39:15 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
# include "config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <glib.h>
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2004-08-06 19:57:49 +00:00
|
|
|
#include <epan/addr_resolv.h>
|
2004-09-29 00:52:45 +00:00
|
|
|
#include <epan/ipproto.h>
|
2005-09-17 00:02:31 +00:00
|
|
|
#include <epan/ip_opts.h>
|
2004-09-27 22:55:15 +00:00
|
|
|
#include <epan/prefs.h>
|
2005-02-09 23:38:00 +00:00
|
|
|
#include <epan/reassemble.h>
|
2005-09-17 00:02:31 +00:00
|
|
|
#include <epan/etypes.h>
|
|
|
|
|
#include <epan/greproto.h>
|
|
|
|
|
#include <epan/ppptypes.h>
|
|
|
|
|
#include <epan/llcsaps.h>
|
|
|
|
|
#include <epan/aftypes.h>
|
|
|
|
|
#include <epan/arcnet_pids.h>
|
2004-09-28 00:06:32 +00:00
|
|
|
#include <epan/in_cksum.h>
|
2005-09-17 00:02:31 +00:00
|
|
|
#include <epan/nlpid.h>
|
2004-09-29 00:06:36 +00:00
|
|
|
#include <epan/tap.h>
|
2005-08-27 00:09:19 +00:00
|
|
|
#include <epan/emem.h>
|
2007-08-16 04:25:54 +00:00
|
|
|
#include <epan/expert.h>
|
2009-07-09 11:32:50 +00:00
|
|
|
|
|
|
|
|
#include "packet-ip.h"
|
|
|
|
|
#include "packet-ipsec.h"
|
2003-01-22 01:16:33 +00:00
|
|
|
|
2008-12-19 23:49:03 +00:00
|
|
|
#ifdef HAVE_GEOIP
|
|
|
|
|
#include "GeoIP.h"
|
|
|
|
|
#include <epan/geoip_db.h>
|
|
|
|
|
#endif /* HAVE_GEOIP */
|
|
|
|
|
|
2000-02-15 21:06:58 +00:00
|
|
|
|
2009-07-09 11:32:50 +00:00
|
|
|
static int ip_tap = -1;
|
1999-03-23 03:14:46 +00:00
|
|
|
|
2005-06-01 23:44:24 +00:00
|
|
|
/* Decode the old IPv4 TOS field as the DiffServ DS Field (RFC2474/2475) */
|
2001-01-22 03:33:45 +00:00
|
|
|
static gboolean g_ip_dscp_actif = TRUE;
|
2000-01-24 04:44:58 +00:00
|
|
|
|
2001-04-18 04:53:51 +00:00
|
|
|
/* Defragment fragmented IP datagrams */
|
2005-09-28 22:15:38 +00:00
|
|
|
static gboolean ip_defragment = TRUE;
|
2001-04-18 04:53:51 +00:00
|
|
|
|
2001-05-23 03:33:59 +00:00
|
|
|
/* Place IP summary in proto tree */
|
|
|
|
|
static gboolean ip_summary_in_tree = TRUE;
|
|
|
|
|
|
2005-10-03 16:24:43 +00:00
|
|
|
/* Perform IP checksum */
|
|
|
|
|
static gboolean ip_check_checksum = TRUE;
|
|
|
|
|
|
2007-09-24 06:46:59 +00:00
|
|
|
/* Assume TSO and correct zero-length IP packets */
|
|
|
|
|
static gboolean ip_tso_supported = FALSE;
|
|
|
|
|
|
2008-12-19 23:49:03 +00:00
|
|
|
#ifdef HAVE_GEOIP
|
|
|
|
|
/* Look up addresses in GeoIP */
|
|
|
|
|
static gboolean ip_use_geoip = FALSE;
|
|
|
|
|
#endif /* HAVE_GEOIP */
|
|
|
|
|
|
1999-07-29 05:47:07 +00:00
|
|
|
static int proto_ip = -1;
|
|
|
|
|
static int hf_ip_version = -1;
|
|
|
|
|
static int hf_ip_hdr_len = -1;
|
2000-01-24 04:44:58 +00:00
|
|
|
static int hf_ip_dsfield = -1;
|
|
|
|
|
static int hf_ip_dsfield_dscp = -1;
|
2000-09-16 00:48:43 +00:00
|
|
|
static int hf_ip_dsfield_ect = -1;
|
|
|
|
|
static int hf_ip_dsfield_ce = -1;
|
1999-07-29 05:47:07 +00:00
|
|
|
static int hf_ip_tos = -1;
|
|
|
|
|
static int hf_ip_tos_precedence = -1;
|
1999-11-02 05:38:51 +00:00
|
|
|
static int hf_ip_tos_delay = -1;
|
|
|
|
|
static int hf_ip_tos_throughput = -1;
|
|
|
|
|
static int hf_ip_tos_reliability = -1;
|
|
|
|
|
static int hf_ip_tos_cost = -1;
|
1999-07-29 05:47:07 +00:00
|
|
|
static int hf_ip_len = -1;
|
|
|
|
|
static int hf_ip_id = -1;
|
|
|
|
|
static int hf_ip_dst = -1;
|
2005-06-01 23:44:24 +00:00
|
|
|
static int hf_ip_dst_host = -1;
|
1999-07-29 05:47:07 +00:00
|
|
|
static int hf_ip_src = -1;
|
2005-06-01 23:44:24 +00:00
|
|
|
static int hf_ip_src_host = -1;
|
1999-07-29 05:47:07 +00:00
|
|
|
static int hf_ip_addr = -1;
|
2005-06-01 23:44:24 +00:00
|
|
|
static int hf_ip_host = -1;
|
1999-08-17 03:09:39 +00:00
|
|
|
static int hf_ip_flags = -1;
|
2004-02-18 06:43:01 +00:00
|
|
|
static int hf_ip_flags_rf = -1;
|
1999-11-02 05:38:51 +00:00
|
|
|
static int hf_ip_flags_df = -1;
|
|
|
|
|
static int hf_ip_flags_mf = -1;
|
1999-08-17 03:09:39 +00:00
|
|
|
static int hf_ip_frag_offset = -1;
|
|
|
|
|
static int hf_ip_ttl = -1;
|
|
|
|
|
static int hf_ip_proto = -1;
|
|
|
|
|
static int hf_ip_checksum = -1;
|
2005-08-21 15:13:47 +00:00
|
|
|
static int hf_ip_checksum_good = -1;
|
2001-02-21 19:42:37 +00:00
|
|
|
static int hf_ip_checksum_bad = -1;
|
2001-04-18 04:53:51 +00:00
|
|
|
static int hf_ip_fragments = -1;
|
|
|
|
|
static int hf_ip_fragment = -1;
|
|
|
|
|
static int hf_ip_fragment_overlap = -1;
|
|
|
|
|
static int hf_ip_fragment_overlap_conflict = -1;
|
|
|
|
|
static int hf_ip_fragment_multiple_tails = -1;
|
|
|
|
|
static int hf_ip_fragment_too_long_fragment = -1;
|
|
|
|
|
static int hf_ip_fragment_error = -1;
|
2003-04-18 05:11:44 +00:00
|
|
|
static int hf_ip_reassembled_in = -1;
|
1999-07-29 05:47:07 +00:00
|
|
|
|
2008-12-19 23:49:03 +00:00
|
|
|
#ifdef HAVE_GEOIP
|
|
|
|
|
static int hf_geoip_country = -1;
|
|
|
|
|
static int hf_geoip_city = -1;
|
|
|
|
|
static int hf_geoip_org = -1;
|
|
|
|
|
static int hf_geoip_isp = -1;
|
|
|
|
|
static int hf_geoip_asnum = -1;
|
2009-02-04 01:02:59 +00:00
|
|
|
static int hf_geoip_lat = -1;
|
|
|
|
|
static int hf_geoip_lon = -1;
|
2008-12-19 23:49:03 +00:00
|
|
|
static int hf_geoip_src_country = -1;
|
|
|
|
|
static int hf_geoip_src_city = -1;
|
|
|
|
|
static int hf_geoip_src_org = -1;
|
|
|
|
|
static int hf_geoip_src_isp = -1;
|
|
|
|
|
static int hf_geoip_src_asnum = -1;
|
2009-02-04 01:02:59 +00:00
|
|
|
static int hf_geoip_src_lat = -1;
|
|
|
|
|
static int hf_geoip_src_lon = -1;
|
2008-12-19 23:49:03 +00:00
|
|
|
static int hf_geoip_dst_country = -1;
|
|
|
|
|
static int hf_geoip_dst_city = -1;
|
|
|
|
|
static int hf_geoip_dst_org = -1;
|
|
|
|
|
static int hf_geoip_dst_isp = -1;
|
|
|
|
|
static int hf_geoip_dst_asnum = -1;
|
2009-02-04 01:02:59 +00:00
|
|
|
static int hf_geoip_dst_lat = -1;
|
|
|
|
|
static int hf_geoip_dst_lon = -1;
|
2008-12-19 23:49:03 +00:00
|
|
|
#endif /* HAVE_GEOIP */
|
|
|
|
|
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_ip = -1;
|
2000-01-24 04:44:58 +00:00
|
|
|
static gint ett_ip_dsfield = -1;
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint ett_ip_tos = -1;
|
|
|
|
|
static gint ett_ip_off = -1;
|
|
|
|
|
static gint ett_ip_options = -1;
|
|
|
|
|
static gint ett_ip_option_sec = -1;
|
|
|
|
|
static gint ett_ip_option_route = -1;
|
|
|
|
|
static gint ett_ip_option_timestamp = -1;
|
2007-01-19 23:56:42 +00:00
|
|
|
static gint ett_ip_option_cipso = -1;
|
2001-04-18 04:53:51 +00:00
|
|
|
static gint ett_ip_fragments = -1;
|
|
|
|
|
static gint ett_ip_fragment = -1;
|
2005-08-21 15:13:47 +00:00
|
|
|
static gint ett_ip_checksum = -1;
|
1999-11-16 11:44:20 +00:00
|
|
|
|
2009-03-08 14:11:01 +00:00
|
|
|
#ifdef HAVE_GEOIP
|
|
|
|
|
static gint ett_geoip_info = -1;
|
|
|
|
|
#endif /* HAVE_GEOIP */
|
|
|
|
|
|
2002-10-24 06:17:36 +00:00
|
|
|
static const fragment_items ip_frag_items = {
|
2002-06-05 11:21:49 +00:00
|
|
|
&ett_ip_fragment,
|
|
|
|
|
&ett_ip_fragments,
|
|
|
|
|
&hf_ip_fragments,
|
|
|
|
|
&hf_ip_fragment,
|
|
|
|
|
&hf_ip_fragment_overlap,
|
|
|
|
|
&hf_ip_fragment_overlap_conflict,
|
|
|
|
|
&hf_ip_fragment_multiple_tails,
|
|
|
|
|
&hf_ip_fragment_too_long_fragment,
|
2002-06-07 10:11:41 +00:00
|
|
|
&hf_ip_fragment_error,
|
2003-04-20 11:36:16 +00:00
|
|
|
&hf_ip_reassembled_in,
|
2009-07-09 11:32:50 +00:00
|
|
|
"IP fragments"
|
2002-06-05 11:21:49 +00:00
|
|
|
};
|
|
|
|
|
|
2003-04-29 17:24:35 +00:00
|
|
|
static dissector_table_t ip_dissector_table;
|
2000-04-16 22:46:25 +00:00
|
|
|
|
2006-03-16 20:14:47 +00:00
|
|
|
static dissector_handle_t ipv6_handle;
|
2001-11-26 04:52:51 +00:00
|
|
|
static dissector_handle_t data_handle;
|
2007-03-04 11:48:07 +00:00
|
|
|
static dissector_handle_t tapa_handle;
|
2001-09-27 10:35:40 +00:00
|
|
|
|
1999-08-09 18:18:38 +00:00
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/* IP structs and definitions */
|
|
|
|
|
|
Generalize the "ip_src" and "ip_dst" members of the "packet_info"
structure to "dl_src"/"dl_dst", "net_src"/"net_dst", and "src"/"dst"
addresses, where an address is an address type, an address length in
bytes, and a pointer to that many bytes.
"dl_{src,dst}" are the link-layer source/destination; "net_{src,dst}"
are the network-layer source/destination; "{src,dst}" are the
source/destination from the highest of those two layers that we have in
the packet.
Add a port type to "packet_info" as well, specifying whether it's a TCP
or UDP port.
Don't set the address and port columns in the dissector functions; just
set the address and port members of the "packet_info" structure. Set
the columns in "fill_in_columns()"; this means that if we're showing
COL_{DEF,RES,UNRES}_SRC" or "COL_{DEF,RES,UNRES}_DST", we only generate
the string from "src" or "dst", we don't generate a string for the
link-layer address and then overwrite it with a string for the
network-layer address (generating those strings costs CPU).
Add support for "conversations", where a "conversation" is (at present)
a source and destination address and a source and destination port. (In
the future, we may support "conversations" above the transport layer,
e.g. a TFTP conversation, where the first packet goes from the client to
the TFTP server port, but the reply comes back from a different port,
and all subsequent packets go between the client address/port and the
server address/new port, or an NFS conversation, which might include
lock manager, status monitor, and mount packets, as well as NFS
packets.)
Currently, all we support is a call that takes the source and
destination address/port pairs, looks them up in a hash table, and:
if nothing is found, creates a new entry in the hash table, and
assigns it a unique 32-bit conversation ID, and returns that
conversation ID;
if an entry is found, returns its conversation ID.
Use that in the SMB and AFS code to keep track of individual SMB or AFS
conversations. We need to match up requests and replies, as, for
certain replies, the operation code for the request to which it's a
reply doesn't show up in the reply - you have to find the request with a
matching transaction ID. Transaction IDs are per-conversation, so the
hash table for requests should include a conversation ID and transaction
ID as the key.
This allows SMB and AFS decoders to handle IPv4 or IPv6 addresses
transparently (and should allow the SMB decoder to handle NetBIOS atop
other protocols as well, if the source and destination address and port
values in the "packet_info" structure are set appropriately).
In the "Follow TCP Connection" code, check to make sure that the
addresses are IPv4 addressses; ultimately, that code should be changed
to use the conversation code instead, which will let it handle IPv6
transparently.
svn path=/trunk/; revision=909
1999-10-22 07:18:23 +00:00
|
|
|
/* Offsets of fields within an IP header. */
|
|
|
|
|
#define IPH_V_HL 0
|
|
|
|
|
#define IPH_TOS 1
|
|
|
|
|
#define IPH_LEN 2
|
|
|
|
|
#define IPH_ID 4
|
|
|
|
|
#define IPH_TTL 6
|
|
|
|
|
#define IPH_OFF 8
|
|
|
|
|
#define IPH_P 9
|
|
|
|
|
#define IPH_SUM 10
|
|
|
|
|
#define IPH_SRC 12
|
|
|
|
|
#define IPH_DST 16
|
|
|
|
|
|
1999-10-22 03:52:06 +00:00
|
|
|
/* Minimum IP header length. */
|
|
|
|
|
#define IPH_MIN_LEN 20
|
|
|
|
|
|
1999-03-23 03:14:46 +00:00
|
|
|
/* IP flags. */
|
2004-02-18 06:43:01 +00:00
|
|
|
#define IP_RF 0x8000 /* Flag: "Reserved bit" */
|
1999-03-23 03:14:46 +00:00
|
|
|
#define IP_DF 0x4000 /* Flag: "Don't Fragment" */
|
|
|
|
|
#define IP_MF 0x2000 /* Flag: "More Fragments" */
|
|
|
|
|
#define IP_OFFSET 0x1FFF /* "Fragment Offset" part */
|
|
|
|
|
|
2000-01-24 04:44:58 +00:00
|
|
|
/* Differentiated Services Field. See RFCs 2474, 2597 and 2598. */
|
|
|
|
|
#define IPDSFIELD_DSCP_MASK 0xFC
|
2000-09-16 00:48:43 +00:00
|
|
|
#define IPDSFIELD_ECN_MASK 0x03
|
2000-01-24 04:44:58 +00:00
|
|
|
#define IPDSFIELD_DSCP_SHIFT 2
|
|
|
|
|
#define IPDSFIELD_DSCP(dsfield) (((dsfield)&IPDSFIELD_DSCP_MASK)>>IPDSFIELD_DSCP_SHIFT)
|
2000-09-16 00:48:43 +00:00
|
|
|
#define IPDSFIELD_ECN(dsfield) ((dsfield)&IPDSFIELD_ECN_MASK)
|
2000-01-24 04:44:58 +00:00
|
|
|
#define IPDSFIELD_DSCP_DEFAULT 0x00
|
|
|
|
|
#define IPDSFIELD_DSCP_CS1 0x08
|
|
|
|
|
#define IPDSFIELD_DSCP_CS2 0x10
|
|
|
|
|
#define IPDSFIELD_DSCP_CS3 0x18
|
|
|
|
|
#define IPDSFIELD_DSCP_CS4 0x20
|
|
|
|
|
#define IPDSFIELD_DSCP_CS5 0x28
|
|
|
|
|
#define IPDSFIELD_DSCP_CS6 0x30
|
|
|
|
|
#define IPDSFIELD_DSCP_CS7 0x38
|
|
|
|
|
#define IPDSFIELD_DSCP_AF11 0x0A
|
|
|
|
|
#define IPDSFIELD_DSCP_AF12 0x0C
|
|
|
|
|
#define IPDSFIELD_DSCP_AF13 0x0E
|
|
|
|
|
#define IPDSFIELD_DSCP_AF21 0x12
|
|
|
|
|
#define IPDSFIELD_DSCP_AF22 0x14
|
|
|
|
|
#define IPDSFIELD_DSCP_AF23 0x16
|
|
|
|
|
#define IPDSFIELD_DSCP_AF31 0x1A
|
|
|
|
|
#define IPDSFIELD_DSCP_AF32 0x1C
|
|
|
|
|
#define IPDSFIELD_DSCP_AF33 0x1E
|
|
|
|
|
#define IPDSFIELD_DSCP_AF41 0x22
|
|
|
|
|
#define IPDSFIELD_DSCP_AF42 0x24
|
|
|
|
|
#define IPDSFIELD_DSCP_AF43 0x26
|
|
|
|
|
#define IPDSFIELD_DSCP_EF 0x2E
|
2000-09-16 00:48:43 +00:00
|
|
|
#define IPDSFIELD_ECT_MASK 0x02
|
|
|
|
|
#define IPDSFIELD_CE_MASK 0x01
|
2000-01-24 04:44:58 +00:00
|
|
|
|
|
|
|
|
/* IP TOS, superseded by the DS Field, RFC 2474. */
|
1999-03-23 03:14:46 +00:00
|
|
|
#define IPTOS_TOS_MASK 0x1E
|
|
|
|
|
#define IPTOS_TOS(tos) ((tos) & IPTOS_TOS_MASK)
|
|
|
|
|
#define IPTOS_NONE 0x00
|
|
|
|
|
#define IPTOS_LOWCOST 0x02
|
|
|
|
|
#define IPTOS_RELIABILITY 0x04
|
|
|
|
|
#define IPTOS_THROUGHPUT 0x08
|
|
|
|
|
#define IPTOS_LOWDELAY 0x10
|
|
|
|
|
#define IPTOS_SECURITY 0x1E
|
|
|
|
|
|
|
|
|
|
#define IPTOS_PREC_MASK 0xE0
|
1999-11-02 05:38:51 +00:00
|
|
|
#define IPTOS_PREC_SHIFT 5
|
|
|
|
|
#define IPTOS_PREC(tos) (((tos)&IPTOS_PREC_MASK)>>IPTOS_PREC_SHIFT)
|
|
|
|
|
#define IPTOS_PREC_NETCONTROL 7
|
|
|
|
|
#define IPTOS_PREC_INTERNETCONTROL 6
|
|
|
|
|
#define IPTOS_PREC_CRITIC_ECP 5
|
|
|
|
|
#define IPTOS_PREC_FLASHOVERRIDE 4
|
|
|
|
|
#define IPTOS_PREC_FLASH 3
|
|
|
|
|
#define IPTOS_PREC_IMMEDIATE 2
|
|
|
|
|
#define IPTOS_PREC_PRIORITY 1
|
|
|
|
|
#define IPTOS_PREC_ROUTINE 0
|
1999-03-23 03:14:46 +00:00
|
|
|
|
|
|
|
|
/* IP options */
|
|
|
|
|
#define IPOPT_COPY 0x80
|
|
|
|
|
|
|
|
|
|
#define IPOPT_CONTROL 0x00
|
|
|
|
|
#define IPOPT_RESERVED1 0x20
|
|
|
|
|
#define IPOPT_MEASUREMENT 0x40
|
|
|
|
|
#define IPOPT_RESERVED2 0x60
|
|
|
|
|
|
|
|
|
|
#define IPOPT_END (0 |IPOPT_CONTROL)
|
|
|
|
|
#define IPOPT_NOOP (1 |IPOPT_CONTROL)
|
|
|
|
|
#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY)
|
|
|
|
|
#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY)
|
|
|
|
|
#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
|
2007-01-19 23:56:42 +00:00
|
|
|
#define IPOPT_CIPSO (6 |IPOPT_CONTROL|IPOPT_COPY)
|
1999-03-23 03:14:46 +00:00
|
|
|
#define IPOPT_RR (7 |IPOPT_CONTROL)
|
|
|
|
|
#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY)
|
|
|
|
|
#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY)
|
|
|
|
|
#define IPOPT_RA (20|IPOPT_CONTROL|IPOPT_COPY)
|
2007-06-04 23:27:12 +00:00
|
|
|
#define IPOPT_QS (25|IPOPT_CONTROL)
|
1999-03-23 03:14:46 +00:00
|
|
|
|
|
|
|
|
/* IP option lengths */
|
|
|
|
|
#define IPOLEN_SEC 11
|
|
|
|
|
#define IPOLEN_LSRR_MIN 3
|
|
|
|
|
#define IPOLEN_TIMESTAMP_MIN 5
|
|
|
|
|
#define IPOLEN_RR_MIN 3
|
|
|
|
|
#define IPOLEN_SID 4
|
|
|
|
|
#define IPOLEN_SSRR_MIN 3
|
2000-12-13 16:38:20 +00:00
|
|
|
#define IPOLEN_RA 4
|
2007-06-04 23:27:12 +00:00
|
|
|
#define IPOLEN_QS 8
|
2007-01-19 23:56:42 +00:00
|
|
|
#define IPOLEN_CIPSO_MIN 10
|
1999-03-23 03:14:46 +00:00
|
|
|
|
|
|
|
|
#define IPSEC_UNCLASSIFIED 0x0000
|
|
|
|
|
#define IPSEC_CONFIDENTIAL 0xF135
|
|
|
|
|
#define IPSEC_EFTO 0x789A
|
|
|
|
|
#define IPSEC_MMMM 0xBC4D
|
|
|
|
|
#define IPSEC_RESTRICTED 0xAF13
|
|
|
|
|
#define IPSEC_SECRET 0xD788
|
|
|
|
|
#define IPSEC_TOPSECRET 0x6BC5
|
|
|
|
|
#define IPSEC_RESERVED1 0x35E2
|
|
|
|
|
#define IPSEC_RESERVED2 0x9AF1
|
|
|
|
|
#define IPSEC_RESERVED3 0x4D78
|
|
|
|
|
#define IPSEC_RESERVED4 0x24BD
|
|
|
|
|
#define IPSEC_RESERVED5 0x135E
|
|
|
|
|
#define IPSEC_RESERVED6 0x89AF
|
|
|
|
|
#define IPSEC_RESERVED7 0xC4D6
|
|
|
|
|
#define IPSEC_RESERVED8 0xE26B
|
|
|
|
|
|
|
|
|
|
#define IPOPT_TS_TSONLY 0 /* timestamps only */
|
|
|
|
|
#define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
|
|
|
|
|
#define IPOPT_TS_PRESPEC 3 /* specified modules only */
|
|
|
|
|
|
2007-08-28 20:58:50 +00:00
|
|
|
/* Return true if the address is in the 224.0.0.0/24 network block */
|
|
|
|
|
#define is_a_local_network_control_block_addr(addr) \
|
2008-12-19 23:49:03 +00:00
|
|
|
((addr & 0xffffff00) == 0xe0000000)
|
2007-08-28 20:58:50 +00:00
|
|
|
|
2008-09-15 12:50:35 +00:00
|
|
|
/* Return true if the address is in the 224.0.0.0/4 network block */
|
|
|
|
|
#define is_a_multicast_addr(addr) \
|
2008-12-19 23:49:03 +00:00
|
|
|
((addr & 0xf0000000) == 0xe0000000)
|
2008-09-15 12:50:35 +00:00
|
|
|
|
2001-04-18 04:53:51 +00:00
|
|
|
/*
|
|
|
|
|
* defragmentation of IPv4
|
|
|
|
|
*/
|
2001-06-08 06:27:16 +00:00
|
|
|
static GHashTable *ip_fragment_table = NULL;
|
We can't use the frame_data structure as a key structure when looking
for reassembled frames - in Tethereal, there's only one frame_data
structure used for all frames. Instead, use the frame number itself as
the key.
Add a "fragment_add_check()" routine, for fragments where there's a
fragment offset rather than a fragment sequence number, which does the
same sort of thing as "fragment_add_seq_check()" - i.e., once reassembly
is done, it puts the reassembled fragment into a separate hash table, so
that there're only incomplete reassemblies in the fragment hash table.
That's necessary in order to handle cases where the packet ID field can
be reused.
Use that routine for IPv4 fragment reassembly - IP IDs can be reused (in
fact, RFC 791 suggests that doing so might be a feature:
It is appropriate for some higher level protocols to choose the
identifier. For example, TCP protocol modules may retransmit an
identical TCP segment, and the probability for correct reception
would be enhanced if the retransmission carried the same identifier
as the original transmission since fragments of either datagram
could be used to construct a correct TCP segment.
and RFC 1122 says that it's permitted to do so, although it also says
"we believe that retransmitting the same Identification field is not
useful":
3.2.1.5 Identification: RFC-791 Section 3.2
When sending an identical copy of an earlier datagram, a
host MAY optionally retain the same Identification field in
the copy.
DISCUSSION:
Some Internet protocol experts have maintained that
when a host sends an identical copy of an earlier
datagram, the new copy should contain the same
Identification value as the original. There are two
suggested advantages: (1) if the datagrams are
fragmented and some of the fragments are lost, the
receiver may be able to reconstruct a complete datagram
from fragments of the original and the copies; (2) a
congested gateway might use the IP Identification field
(and Fragment Offset) to discard duplicate datagrams
from the queue.
However, the observed patterns of datagram loss in the
Internet do not favor the probability of retransmitted
fragments filling reassembly gaps, while other
mechanisms (e.g., TCP repacketizing upon
retransmission) tend to prevent retransmission of an
identical datagram [IP:9]. Therefore, we believe that
retransmitting the same Identification field is not
useful. Also, a connectionless transport protocol like
UDP would require the cooperation of the application
programs to retain the same Identification value in
identical datagrams.
and, in any case, I've seen that in at least one capture, and it
confuses the current reassembly code).
Unfortunately, that means that fragments other than the last fragment
can't be tagged with the frame number in which the reassembly was done;
see the comment in packet-ip.c for a discussion of that problem.
svn path=/trunk/; revision=7506
2003-04-20 00:11:28 +00:00
|
|
|
static GHashTable *ip_reassembled_table = NULL;
|
2001-04-18 04:53:51 +00:00
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
ip_defragment_init(void)
|
|
|
|
|
{
|
2001-06-08 06:27:16 +00:00
|
|
|
fragment_table_init(&ip_fragment_table);
|
We can't use the frame_data structure as a key structure when looking
for reassembled frames - in Tethereal, there's only one frame_data
structure used for all frames. Instead, use the frame number itself as
the key.
Add a "fragment_add_check()" routine, for fragments where there's a
fragment offset rather than a fragment sequence number, which does the
same sort of thing as "fragment_add_seq_check()" - i.e., once reassembly
is done, it puts the reassembled fragment into a separate hash table, so
that there're only incomplete reassemblies in the fragment hash table.
That's necessary in order to handle cases where the packet ID field can
be reused.
Use that routine for IPv4 fragment reassembly - IP IDs can be reused (in
fact, RFC 791 suggests that doing so might be a feature:
It is appropriate for some higher level protocols to choose the
identifier. For example, TCP protocol modules may retransmit an
identical TCP segment, and the probability for correct reception
would be enhanced if the retransmission carried the same identifier
as the original transmission since fragments of either datagram
could be used to construct a correct TCP segment.
and RFC 1122 says that it's permitted to do so, although it also says
"we believe that retransmitting the same Identification field is not
useful":
3.2.1.5 Identification: RFC-791 Section 3.2
When sending an identical copy of an earlier datagram, a
host MAY optionally retain the same Identification field in
the copy.
DISCUSSION:
Some Internet protocol experts have maintained that
when a host sends an identical copy of an earlier
datagram, the new copy should contain the same
Identification value as the original. There are two
suggested advantages: (1) if the datagrams are
fragmented and some of the fragments are lost, the
receiver may be able to reconstruct a complete datagram
from fragments of the original and the copies; (2) a
congested gateway might use the IP Identification field
(and Fragment Offset) to discard duplicate datagrams
from the queue.
However, the observed patterns of datagram loss in the
Internet do not favor the probability of retransmitted
fragments filling reassembly gaps, while other
mechanisms (e.g., TCP repacketizing upon
retransmission) tend to prevent retransmission of an
identical datagram [IP:9]. Therefore, we believe that
retransmitting the same Identification field is not
useful. Also, a connectionless transport protocol like
UDP would require the cooperation of the application
programs to retain the same Identification value in
identical datagrams.
and, in any case, I've seen that in at least one capture, and it
confuses the current reassembly code).
Unfortunately, that means that fragments other than the last fragment
can't be tagged with the frame number in which the reassembly was done;
see the comment in packet-ip.c for a discussion of that problem.
svn path=/trunk/; revision=7506
2003-04-20 00:11:28 +00:00
|
|
|
reassembled_table_init(&ip_reassembled_table);
|
2001-04-18 04:53:51 +00:00
|
|
|
}
|
|
|
|
|
|
1999-02-09 00:35:38 +00:00
|
|
|
void
|
2002-08-02 23:36:07 +00:00
|
|
|
capture_ip(const guchar *pd, int offset, int len, packet_counts *ld) {
|
2001-11-20 21:59:18 +00:00
|
|
|
if (!BYTES_ARE_IN_FRAME(offset, len, IPH_MIN_LEN)) {
|
2000-01-23 08:55:37 +00:00
|
|
|
ld->other++;
|
|
|
|
|
return;
|
|
|
|
|
}
|
1999-02-09 00:35:38 +00:00
|
|
|
switch (pd[offset + 9]) {
|
|
|
|
|
case IP_PROTO_TCP:
|
|
|
|
|
ld->tcp++;
|
|
|
|
|
break;
|
|
|
|
|
case IP_PROTO_UDP:
|
2006-01-09 23:00:20 +00:00
|
|
|
case IP_PROTO_UDPLITE:
|
1999-02-09 00:35:38 +00:00
|
|
|
ld->udp++;
|
|
|
|
|
break;
|
1999-08-14 23:47:20 +00:00
|
|
|
case IP_PROTO_ICMP:
|
2002-10-25 23:23:28 +00:00
|
|
|
case IP_PROTO_ICMPV6: /* XXX - separate counters? */
|
1999-08-14 23:47:20 +00:00
|
|
|
ld->icmp++;
|
|
|
|
|
break;
|
2005-10-03 16:24:43 +00:00
|
|
|
case IP_PROTO_SCTP:
|
|
|
|
|
ld->sctp++;
|
|
|
|
|
break;
|
1999-02-09 00:35:38 +00:00
|
|
|
case IP_PROTO_OSPF:
|
|
|
|
|
ld->ospf++;
|
|
|
|
|
break;
|
1999-06-11 15:30:55 +00:00
|
|
|
case IP_PROTO_GRE:
|
|
|
|
|
ld->gre++;
|
|
|
|
|
break;
|
2000-01-20 21:34:16 +00:00
|
|
|
case IP_PROTO_VINES:
|
2000-05-10 21:36:55 +00:00
|
|
|
ld->vines++;
|
2000-01-20 21:34:16 +00:00
|
|
|
break;
|
1999-02-09 00:35:38 +00:00
|
|
|
default:
|
|
|
|
|
ld->other++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-03-08 14:11:01 +00:00
|
|
|
#ifdef HAVE_GEOIP
|
|
|
|
|
static void
|
|
|
|
|
add_geoip_info(proto_tree *tree, tvbuff_t *tvb, gint offset, guint32 src32, guint32 dst32)
|
|
|
|
|
{
|
|
|
|
|
guint dbnum, num_dbs;
|
|
|
|
|
int geoip_hf, geoip_src_hf, geoip_dst_hf;
|
|
|
|
|
const char *geoip_src_str, *geoip_dst_str;
|
|
|
|
|
proto_item *geoip_info_item;
|
|
|
|
|
proto_tree *geoip_info_tree;
|
|
|
|
|
proto_item *item;
|
|
|
|
|
guint item_cnt;
|
|
|
|
|
|
|
|
|
|
num_dbs = geoip_db_num_dbs();
|
|
|
|
|
|
|
|
|
|
geoip_info_item = proto_tree_add_text(tree, tvb, offset + IPH_SRC, 4, "Source GeoIP: ");
|
|
|
|
|
geoip_info_tree = proto_item_add_subtree(geoip_info_item, ett_geoip_info);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(geoip_info_item);
|
|
|
|
|
item_cnt = 0;
|
|
|
|
|
|
|
|
|
|
for (dbnum = 0; dbnum < num_dbs; dbnum++) {
|
|
|
|
|
geoip_src_str = geoip_db_lookup_ipv4(dbnum, src32, NULL);
|
|
|
|
|
|
|
|
|
|
switch (geoip_db_type(dbnum)) {
|
|
|
|
|
case GEOIP_COUNTRY_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_country;
|
|
|
|
|
geoip_src_hf = hf_geoip_src_country;
|
|
|
|
|
break;
|
|
|
|
|
case GEOIP_CITY_EDITION_REV0:
|
|
|
|
|
geoip_hf = hf_geoip_city;
|
|
|
|
|
geoip_src_hf = hf_geoip_src_city;
|
|
|
|
|
break;
|
|
|
|
|
case GEOIP_CITY_EDITION_REV1:
|
|
|
|
|
geoip_hf = hf_geoip_city;
|
|
|
|
|
geoip_src_hf = hf_geoip_src_city;
|
|
|
|
|
break;
|
|
|
|
|
case GEOIP_ORG_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_org;
|
|
|
|
|
geoip_src_hf = hf_geoip_src_org;
|
|
|
|
|
break;
|
|
|
|
|
case GEOIP_ISP_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_isp;
|
|
|
|
|
geoip_src_hf = hf_geoip_src_isp;
|
|
|
|
|
break;
|
|
|
|
|
case GEOIP_ASNUM_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_asnum;
|
|
|
|
|
geoip_src_hf = hf_geoip_src_asnum;
|
|
|
|
|
break;
|
|
|
|
|
case WS_LAT_FAKE_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_lat;
|
|
|
|
|
geoip_src_hf = hf_geoip_src_lat;
|
|
|
|
|
break;
|
|
|
|
|
case WS_LON_FAKE_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_lon;
|
|
|
|
|
geoip_src_hf = hf_geoip_src_lon;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
continue;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (geoip_src_str) {
|
|
|
|
|
item = proto_tree_add_string_format_value(geoip_info_tree, geoip_src_hf, tvb,
|
|
|
|
|
offset + IPH_SRC, 4, geoip_src_str, "%s", geoip_src_str);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
item = proto_tree_add_string_format_value(geoip_info_tree, geoip_hf, tvb,
|
|
|
|
|
offset + IPH_SRC, 4, geoip_src_str, "%s", geoip_src_str);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(item);
|
|
|
|
|
|
|
|
|
|
item_cnt++;
|
|
|
|
|
proto_item_append_text(geoip_info_item, "%s%s", plurality(item_cnt, "", ", "), geoip_src_str);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (item_cnt == 0)
|
|
|
|
|
proto_item_append_text(geoip_info_item, "Unknown");
|
|
|
|
|
|
|
|
|
|
geoip_info_item = proto_tree_add_text(tree, tvb, offset + IPH_DST, 4, "Destination GeoIP: ");
|
|
|
|
|
geoip_info_tree = proto_item_add_subtree(geoip_info_item, ett_geoip_info);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(geoip_info_item);
|
|
|
|
|
item_cnt = 0;
|
|
|
|
|
|
|
|
|
|
for (dbnum = 0; dbnum < num_dbs; dbnum++) {
|
|
|
|
|
geoip_dst_str = geoip_db_lookup_ipv4(dbnum, dst32, NULL);
|
|
|
|
|
|
|
|
|
|
switch (geoip_db_type(dbnum)) {
|
|
|
|
|
case GEOIP_COUNTRY_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_country;
|
|
|
|
|
geoip_dst_hf = hf_geoip_dst_country;
|
|
|
|
|
break;
|
|
|
|
|
case GEOIP_CITY_EDITION_REV0:
|
|
|
|
|
geoip_hf = hf_geoip_city;
|
|
|
|
|
geoip_dst_hf = hf_geoip_dst_city;
|
|
|
|
|
break;
|
|
|
|
|
case GEOIP_CITY_EDITION_REV1:
|
|
|
|
|
geoip_hf = hf_geoip_city;
|
|
|
|
|
geoip_dst_hf = hf_geoip_dst_city;
|
|
|
|
|
break;
|
|
|
|
|
case GEOIP_ORG_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_org;
|
|
|
|
|
geoip_dst_hf = hf_geoip_dst_org;
|
|
|
|
|
break;
|
|
|
|
|
case GEOIP_ISP_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_isp;
|
|
|
|
|
geoip_dst_hf = hf_geoip_dst_isp;
|
|
|
|
|
break;
|
|
|
|
|
case GEOIP_ASNUM_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_asnum;
|
|
|
|
|
geoip_dst_hf = hf_geoip_dst_asnum;
|
|
|
|
|
break;
|
|
|
|
|
case WS_LAT_FAKE_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_lat;
|
|
|
|
|
geoip_dst_hf = hf_geoip_dst_lat;
|
|
|
|
|
break;
|
|
|
|
|
case WS_LON_FAKE_EDITION:
|
|
|
|
|
geoip_hf = hf_geoip_lon;
|
|
|
|
|
geoip_dst_hf = hf_geoip_dst_lon;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
continue;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (geoip_dst_str) {
|
|
|
|
|
item = proto_tree_add_string_format_value(geoip_info_tree, geoip_dst_hf, tvb,
|
|
|
|
|
offset + IPH_DST, 4, geoip_dst_str, "%s", geoip_dst_str);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
item = proto_tree_add_string_format_value(geoip_info_tree, geoip_hf, tvb,
|
|
|
|
|
offset + IPH_DST, 4, geoip_dst_str, "%s", geoip_dst_str);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(item);
|
|
|
|
|
|
|
|
|
|
item_cnt++;
|
|
|
|
|
proto_item_append_text(geoip_info_item, "%s%s", plurality(item_cnt, "", ", "), geoip_dst_str);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (item_cnt == 0)
|
|
|
|
|
proto_item_append_text(geoip_info_item, "Unknown");
|
|
|
|
|
}
|
|
|
|
|
#endif /* HAVE_GEOIP */
|
|
|
|
|
|
1998-10-13 05:40:04 +00:00
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_ipopt_security(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
|
2002-03-31 21:43:51 +00:00
|
|
|
guint optlen, packet_info *pinfo _U_,
|
|
|
|
|
proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *field_tree = NULL;
|
|
|
|
|
proto_item *tf;
|
1998-10-13 05:40:04 +00:00
|
|
|
guint val;
|
1998-10-28 01:16:49 +00:00
|
|
|
static const value_string secl_vals[] = {
|
1998-10-13 05:40:04 +00:00
|
|
|
{IPSEC_UNCLASSIFIED, "Unclassified"},
|
|
|
|
|
{IPSEC_CONFIDENTIAL, "Confidential"},
|
|
|
|
|
{IPSEC_EFTO, "EFTO" },
|
|
|
|
|
{IPSEC_MMMM, "MMMM" },
|
|
|
|
|
{IPSEC_RESTRICTED, "Restricted" },
|
|
|
|
|
{IPSEC_SECRET, "Secret" },
|
|
|
|
|
{IPSEC_TOPSECRET, "Top secret" },
|
|
|
|
|
{IPSEC_RESERVED1, "Reserved" },
|
|
|
|
|
{IPSEC_RESERVED2, "Reserved" },
|
|
|
|
|
{IPSEC_RESERVED3, "Reserved" },
|
|
|
|
|
{IPSEC_RESERVED4, "Reserved" },
|
|
|
|
|
{IPSEC_RESERVED5, "Reserved" },
|
|
|
|
|
{IPSEC_RESERVED6, "Reserved" },
|
|
|
|
|
{IPSEC_RESERVED7, "Reserved" },
|
1998-10-16 01:18:35 +00:00
|
|
|
{IPSEC_RESERVED8, "Reserved" },
|
|
|
|
|
{0, NULL } };
|
1998-10-13 05:40:04 +00:00
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s:", optp->name);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 2;
|
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
val = tvb_get_ntohs(tvb, offset);
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2,
|
1998-10-20 05:31:03 +00:00
|
|
|
"Security: %s", val_to_str(val, secl_vals, "Unknown (0x%x)"));
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 2;
|
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
val = tvb_get_ntohs(tvb, offset);
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2,
|
2000-03-07 05:28:39 +00:00
|
|
|
"Compartments: %u", val);
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 2;
|
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 2,
|
|
|
|
|
"Handling restrictions: %c%c",
|
|
|
|
|
tvb_get_guint8(tvb, offset),
|
|
|
|
|
tvb_get_guint8(tvb, offset + 1));
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 2;
|
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 3,
|
|
|
|
|
"Transmission control code: %c%c%c",
|
|
|
|
|
tvb_get_guint8(tvb, offset),
|
|
|
|
|
tvb_get_guint8(tvb, offset + 1),
|
|
|
|
|
tvb_get_guint8(tvb, offset + 2));
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
2007-01-19 23:56:42 +00:00
|
|
|
/* USHRT_MAX can hold at most 5 (base 10) digits (6 for the NULL byte) */
|
|
|
|
|
#define USHRT_MAX_STRLEN 6
|
|
|
|
|
|
|
|
|
|
/* Maximum CIPSO tag length:
|
|
|
|
|
* (IP hdr max)60 - (IPv4 hdr std)20 - (CIPSO base)6 = 34 */
|
|
|
|
|
#define CIPSO_TAG_LEN_MAX 34
|
|
|
|
|
|
|
|
|
|
/* The Commercial IP Security Option (CIPSO) is defined in IETF draft
|
|
|
|
|
* draft-ietf-cipso-ipsecurity-01.txt and FIPS 188, a copy of both documents
|
|
|
|
|
* can be found at the NetLabel project page, http://netlabel.sf.net. */
|
|
|
|
|
static void
|
|
|
|
|
dissect_ipopt_cipso(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
|
|
|
|
|
guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree)
|
|
|
|
|
{
|
|
|
|
|
proto_tree *field_tree = NULL;
|
|
|
|
|
proto_item *tf;
|
|
|
|
|
guint tagtype, taglen;
|
|
|
|
|
int offset_max = offset + optlen;
|
|
|
|
|
|
|
|
|
|
tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s", optp->name);
|
|
|
|
|
field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
|
|
|
|
|
offset += 2;
|
|
|
|
|
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 4, "DOI: %u",
|
|
|
|
|
tvb_get_ntohl(tvb, offset));
|
|
|
|
|
offset += 4;
|
|
|
|
|
|
|
|
|
|
/* loop through all of the tags in the CIPSO option */
|
|
|
|
|
while (offset < offset_max) {
|
|
|
|
|
tagtype = tvb_get_guint8(tvb, offset);
|
|
|
|
|
|
|
|
|
|
if ((offset + 1) < offset_max)
|
|
|
|
|
taglen = tvb_get_guint8(tvb, offset + 1);
|
|
|
|
|
else
|
|
|
|
|
taglen = 1;
|
|
|
|
|
|
|
|
|
|
switch (tagtype) {
|
|
|
|
|
case 0:
|
|
|
|
|
/* padding - skip this tag */
|
|
|
|
|
offset += 1;
|
|
|
|
|
continue;
|
|
|
|
|
case 1:
|
|
|
|
|
/* restrictive bitmap, see CIPSO draft section 3.4.2 for tag format */
|
|
|
|
|
if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
|
|
|
|
|
((offset + (int)taglen - 1) > offset_max)) {
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
|
|
|
|
|
"Malformed CIPSO tag");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1,
|
|
|
|
|
"Tag Type: Restrictive Category Bitmap (%u)",
|
|
|
|
|
tagtype);
|
|
|
|
|
|
|
|
|
|
/* skip past alignment octet */
|
|
|
|
|
offset += 3;
|
|
|
|
|
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
|
|
|
|
|
tvb_get_guint8(tvb, offset));
|
|
|
|
|
offset += 1;
|
|
|
|
|
|
|
|
|
|
if (taglen > 4) {
|
|
|
|
|
guint bit_spot = 0;
|
|
|
|
|
guint byte_spot = 0;
|
|
|
|
|
unsigned char bitmask;
|
|
|
|
|
char *cat_str;
|
|
|
|
|
char *cat_str_tmp = ep_alloc(USHRT_MAX_STRLEN);
|
|
|
|
|
size_t cat_str_len;
|
|
|
|
|
const guint8 *val_ptr = tvb_get_ptr(tvb, offset, taglen - 4);
|
|
|
|
|
|
|
|
|
|
/* this is just a guess regarding string size, but we grow it below
|
|
|
|
|
* if needed */
|
|
|
|
|
cat_str_len = 256;
|
|
|
|
|
cat_str = ep_alloc0(cat_str_len);
|
|
|
|
|
|
|
|
|
|
/* we checked the length above so the highest category value
|
|
|
|
|
* possibile here is 240 */
|
|
|
|
|
while (byte_spot < (taglen - 4)) {
|
|
|
|
|
bitmask = 0x80;
|
|
|
|
|
bit_spot = 0;
|
|
|
|
|
while (bit_spot < 8) {
|
|
|
|
|
if (val_ptr[byte_spot] & bitmask) {
|
|
|
|
|
g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
|
|
|
|
|
byte_spot * 8 + bit_spot);
|
|
|
|
|
cat_str_tmp[USHRT_MAX_STRLEN - 1] = '\0';
|
|
|
|
|
if (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN)) {
|
|
|
|
|
char *cat_str_new;
|
|
|
|
|
while (cat_str_len < (strlen(cat_str) + 2 + USHRT_MAX_STRLEN))
|
|
|
|
|
cat_str_len += cat_str_len;
|
|
|
|
|
cat_str_new = ep_alloc(cat_str_len);
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcpy(cat_str_new, cat_str, cat_str_len);
|
2007-01-19 23:56:42 +00:00
|
|
|
cat_str_new[cat_str_len - 1] = '\0';
|
|
|
|
|
cat_str = cat_str_new;
|
|
|
|
|
}
|
|
|
|
|
if (cat_str[0] != '\0')
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(cat_str, ",", cat_str_len);
|
|
|
|
|
g_strlcat(cat_str, cat_str_tmp, cat_str_len);
|
2007-01-19 23:56:42 +00:00
|
|
|
}
|
|
|
|
|
bit_spot++;
|
|
|
|
|
bitmask >>= 1;
|
|
|
|
|
}
|
|
|
|
|
byte_spot++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (cat_str)
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, taglen - 4,
|
|
|
|
|
"Categories: %s", cat_str);
|
|
|
|
|
else
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, taglen - 4,
|
|
|
|
|
"Categories: ERROR PARSING CATEGORIES");
|
|
|
|
|
|
|
|
|
|
offset += taglen - 4;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 2:
|
|
|
|
|
/* enumerated categories, see CIPSO draft section 3.4.3 for tag format */
|
|
|
|
|
if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
|
|
|
|
|
((offset + (int)taglen - 1) > offset_max)) {
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
|
|
|
|
|
"Malformed CIPSO tag");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1,
|
|
|
|
|
"Tag Type: Enumerated Categories (%u)", tagtype);
|
|
|
|
|
|
|
|
|
|
/* skip past alignment octet */
|
|
|
|
|
offset += 3;
|
|
|
|
|
|
|
|
|
|
/* sensitvity level */
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
|
|
|
|
|
tvb_get_guint8(tvb, offset));
|
|
|
|
|
offset += 1;
|
|
|
|
|
|
|
|
|
|
if (taglen > 4) {
|
|
|
|
|
int offset_max_cat = offset + taglen - 4;
|
|
|
|
|
char *cat_str = ep_alloc0(USHRT_MAX_STRLEN * 15);
|
|
|
|
|
char *cat_str_tmp = ep_alloc(USHRT_MAX_STRLEN);
|
|
|
|
|
|
|
|
|
|
while ((offset + 2) <= offset_max_cat) {
|
|
|
|
|
g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN, "%u",
|
|
|
|
|
tvb_get_ntohs(tvb, offset));
|
|
|
|
|
offset += 2;
|
|
|
|
|
cat_str_tmp[USHRT_MAX_STRLEN - 1] = '\0';
|
|
|
|
|
if (cat_str[0] != '\0')
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 15);
|
|
|
|
|
g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 15);
|
2007-01-19 23:56:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset - taglen + 4, taglen - 4,
|
|
|
|
|
"Categories: %s", cat_str);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 5:
|
|
|
|
|
/* ranged categories, see CIPSO draft section 3.4.4 for tag format */
|
|
|
|
|
if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
|
|
|
|
|
((offset + (int)taglen - 1) > offset_max)) {
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
|
|
|
|
|
"Malformed CIPSO tag");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1,
|
|
|
|
|
"Tag Type: Ranged Categories (%u)", tagtype);
|
|
|
|
|
|
|
|
|
|
/* skip past alignment octet */
|
|
|
|
|
offset += 3;
|
|
|
|
|
|
|
|
|
|
/* sensitvity level */
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1, "Sensitivity Level: %u",
|
|
|
|
|
tvb_get_guint8(tvb, offset));
|
|
|
|
|
offset += 1;
|
|
|
|
|
|
|
|
|
|
if (taglen > 4) {
|
|
|
|
|
guint16 cat_low, cat_high;
|
|
|
|
|
int offset_max_cat = offset + taglen - 4;
|
|
|
|
|
char *cat_str = ep_alloc0(USHRT_MAX_STRLEN * 16);
|
|
|
|
|
char *cat_str_tmp = ep_alloc(USHRT_MAX_STRLEN * 2);
|
|
|
|
|
|
|
|
|
|
while ((offset + 2) <= offset_max_cat) {
|
|
|
|
|
cat_high = tvb_get_ntohs(tvb, offset);
|
|
|
|
|
if ((offset + 4) <= offset_max_cat) {
|
|
|
|
|
cat_low = tvb_get_ntohs(tvb, offset + 2);
|
|
|
|
|
offset += 4;
|
|
|
|
|
} else {
|
|
|
|
|
cat_low = 0;
|
|
|
|
|
offset += 2;
|
|
|
|
|
}
|
|
|
|
|
if (cat_low != cat_high)
|
|
|
|
|
g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u-%u",
|
|
|
|
|
cat_high, cat_low);
|
|
|
|
|
else
|
|
|
|
|
g_snprintf(cat_str_tmp, USHRT_MAX_STRLEN * 2, "%u", cat_high);
|
|
|
|
|
if (cat_str[0] != '\0')
|
2008-03-01 17:23:39 +00:00
|
|
|
g_strlcat(cat_str, ",", USHRT_MAX_STRLEN * 16);
|
|
|
|
|
g_strlcat(cat_str, cat_str_tmp, USHRT_MAX_STRLEN * 16);
|
2007-01-19 23:56:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset - taglen + 4, taglen - 4,
|
|
|
|
|
"Categories: %s", cat_str);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case 6:
|
|
|
|
|
/* permissive categories, see FIPS 188 section 6.9 for tag format */
|
|
|
|
|
if ((taglen < 4) || (taglen > CIPSO_TAG_LEN_MAX) ||
|
|
|
|
|
((offset + (int)taglen - 1) > offset_max)) {
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
|
|
|
|
|
"Malformed CIPSO tag");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1,
|
|
|
|
|
"Tag Type: Permissive Categories (%u)", tagtype);
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset + 2, taglen - 2, "Tag data");
|
|
|
|
|
offset += taglen;
|
|
|
|
|
break;
|
|
|
|
|
case 7:
|
|
|
|
|
/* free form, see FIPS 188 section 6.10 for tag format */
|
|
|
|
|
if ((taglen < 2) || (taglen > CIPSO_TAG_LEN_MAX) ||
|
|
|
|
|
((offset + (int)taglen - 1) > offset_max)) {
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, offset_max - offset,
|
|
|
|
|
"Malformed CIPSO tag");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1,
|
|
|
|
|
"Tag Type: Free Form (%u)", tagtype);
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset + 2, taglen - 2, "Tag data");
|
|
|
|
|
offset += taglen;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
/* unknown tag - stop parsing this IPv4 option */
|
|
|
|
|
if ((offset + 1) <= offset_max) {
|
|
|
|
|
taglen = tvb_get_guint8(tvb, offset + 1);
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1,
|
|
|
|
|
"Tag Type: Unknown (%u) (%u bytes)",
|
|
|
|
|
tagtype, taglen);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset, 1,
|
|
|
|
|
"Tag Type: Unknown (%u) (invalid format)",
|
|
|
|
|
tagtype);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
1998-10-13 05:40:04 +00:00
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_ipopt_route(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
|
2002-03-31 21:43:51 +00:00
|
|
|
guint optlen, packet_info *pinfo _U_,
|
|
|
|
|
proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *field_tree = NULL;
|
|
|
|
|
proto_item *tf;
|
1998-10-13 05:40:04 +00:00
|
|
|
int ptr;
|
|
|
|
|
int optoffset = 0;
|
2002-07-15 20:54:45 +00:00
|
|
|
guint32 addr;
|
1998-10-13 05:40:04 +00:00
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s (%u bytes)",
|
1999-08-28 08:31:28 +00:00
|
|
|
optp->name, optlen);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
|
1998-10-13 05:40:04 +00:00
|
|
|
|
|
|
|
|
optoffset += 2; /* skip past type and length */
|
|
|
|
|
optlen -= 2; /* subtract size of type and length */
|
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
ptr = tvb_get_guint8(tvb, offset + optoffset);
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset + optoffset, 1,
|
1998-10-13 05:40:04 +00:00
|
|
|
"Pointer: %d%s", ptr,
|
|
|
|
|
((ptr < 4) ? " (points before first address)" :
|
|
|
|
|
((ptr & 3) ? " (points to middle of address)" : "")));
|
|
|
|
|
optoffset++;
|
|
|
|
|
optlen--;
|
|
|
|
|
ptr--; /* ptr is 1-origin */
|
|
|
|
|
|
|
|
|
|
while (optlen > 0) {
|
|
|
|
|
if (optlen < 4) {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset, optlen,
|
1998-10-13 05:40:04 +00:00
|
|
|
"(suboption would go past end of option)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2005-09-11 21:25:37 +00:00
|
|
|
addr = tvb_get_ipv4(tvb, offset + optoffset);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset + optoffset, 4,
|
1998-10-13 05:40:04 +00:00
|
|
|
"%s%s",
|
2002-07-15 20:54:45 +00:00
|
|
|
((addr == 0) ? "-" : (char *)get_hostname(addr)),
|
1998-10-13 05:40:04 +00:00
|
|
|
((optoffset == ptr) ? " <- (current)" : ""));
|
|
|
|
|
optoffset += 4;
|
|
|
|
|
optlen -= 4;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_ipopt_sid(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
|
2002-03-31 21:43:51 +00:00
|
|
|
guint optlen, packet_info *pinfo _U_,
|
|
|
|
|
proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
|
"%s: %u", optp->name, tvb_get_ntohs(tvb, offset + 2));
|
1998-10-13 05:40:04 +00:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_ipopt_timestamp(const ip_tcp_opt *optp, tvbuff_t *tvb,
|
2002-03-31 21:43:51 +00:00
|
|
|
int offset, guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
1999-03-23 03:14:46 +00:00
|
|
|
proto_tree *field_tree = NULL;
|
|
|
|
|
proto_item *tf;
|
1998-10-13 05:40:04 +00:00
|
|
|
int ptr;
|
|
|
|
|
int optoffset = 0;
|
|
|
|
|
int flg;
|
1998-10-28 01:16:49 +00:00
|
|
|
static const value_string flag_vals[] = {
|
1998-10-13 05:40:04 +00:00
|
|
|
{IPOPT_TS_TSONLY, "Time stamps only" },
|
|
|
|
|
{IPOPT_TS_TSANDADDR, "Time stamp and address" },
|
1998-10-16 01:18:35 +00:00
|
|
|
{IPOPT_TS_PRESPEC, "Time stamps for prespecified addresses"},
|
|
|
|
|
{0, NULL } };
|
2002-07-15 20:54:45 +00:00
|
|
|
guint32 addr;
|
1998-10-13 05:40:04 +00:00
|
|
|
guint ts;
|
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tf = proto_tree_add_text(opt_tree, tvb, offset, optlen, "%s:", optp->name);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, *optp->subtree_index);
|
1998-10-13 05:40:04 +00:00
|
|
|
|
|
|
|
|
optoffset += 2; /* skip past type and length */
|
|
|
|
|
optlen -= 2; /* subtract size of type and length */
|
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
ptr = tvb_get_guint8(tvb, offset + optoffset);
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset + optoffset, 1,
|
1998-10-13 05:40:04 +00:00
|
|
|
"Pointer: %d%s", ptr,
|
|
|
|
|
((ptr < 5) ? " (points before first address)" :
|
|
|
|
|
(((ptr - 1) & 3) ? " (points to middle of address)" : "")));
|
|
|
|
|
optoffset++;
|
|
|
|
|
optlen--;
|
|
|
|
|
ptr--; /* ptr is 1-origin */
|
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
flg = tvb_get_guint8(tvb, offset + optoffset);
|
|
|
|
|
proto_tree_add_text(field_tree, tvb, offset + optoffset, 1,
|
|
|
|
|
"Overflow: %u", flg >> 4);
|
1998-10-13 05:40:04 +00:00
|
|
|
flg &= 0xF;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset + optoffset, 1,
|
1998-10-20 05:31:03 +00:00
|
|
|
"Flag: %s", val_to_str(flg, flag_vals, "Unknown (0x%x)"));
|
1998-10-13 05:40:04 +00:00
|
|
|
optoffset++;
|
|
|
|
|
optlen--;
|
|
|
|
|
|
|
|
|
|
while (optlen > 0) {
|
|
|
|
|
if (flg == IPOPT_TS_TSANDADDR) {
|
2000-02-02 22:07:38 +00:00
|
|
|
if (optlen < 8) {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
|
1998-10-13 05:40:04 +00:00
|
|
|
"(suboption would go past end of option)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
2005-09-11 21:25:37 +00:00
|
|
|
addr = tvb_get_ipv4(tvb, offset + optoffset);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
ts = tvb_get_ntohl(tvb, offset + optoffset + 4);
|
2000-02-02 22:07:38 +00:00
|
|
|
optlen -= 8;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset + optoffset, 8,
|
1998-10-13 05:40:04 +00:00
|
|
|
"Address = %s, time stamp = %u",
|
2002-07-15 20:54:45 +00:00
|
|
|
((addr == 0) ? "-" : (char *)get_hostname(addr)),
|
1998-10-13 05:40:04 +00:00
|
|
|
ts);
|
|
|
|
|
optoffset += 8;
|
|
|
|
|
} else {
|
|
|
|
|
if (optlen < 4) {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset + optoffset, optlen,
|
1998-10-13 05:40:04 +00:00
|
|
|
"(suboption would go past end of option)");
|
|
|
|
|
break;
|
|
|
|
|
}
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
ts = tvb_get_ntohl(tvb, offset + optoffset);
|
1998-10-13 05:40:04 +00:00
|
|
|
optlen -= 4;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(field_tree, tvb, offset + optoffset, 4,
|
1998-10-13 05:40:04 +00:00
|
|
|
"Time stamp = %u", ts);
|
|
|
|
|
optoffset += 4;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2000-12-13 16:38:20 +00:00
|
|
|
static void
|
|
|
|
|
dissect_ipopt_ra(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
|
2002-03-31 21:43:51 +00:00
|
|
|
guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree)
|
2000-12-13 16:38:20 +00:00
|
|
|
{
|
|
|
|
|
/* Router-Alert, as defined by RFC2113 */
|
|
|
|
|
int opt = tvb_get_ntohs(tvb, offset + 2);
|
2002-08-28 21:04:11 +00:00
|
|
|
static const value_string ra_opts[] = {
|
2001-01-03 16:41:08 +00:00
|
|
|
{0, "Every router examines packet"},
|
|
|
|
|
{0, NULL}
|
|
|
|
|
};
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2000-12-13 16:38:20 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
|
"%s: %s", optp->name, val_to_str(opt, ra_opts, "Unknown (%d)"));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2007-06-04 23:27:12 +00:00
|
|
|
static void
|
|
|
|
|
dissect_ipopt_qs(const ip_tcp_opt *optp, tvbuff_t *tvb, int offset,
|
|
|
|
|
guint optlen, packet_info *pinfo _U_, proto_tree *opt_tree)
|
|
|
|
|
{
|
|
|
|
|
/* Quick-Start TCP option, as defined by RFC4782 */
|
|
|
|
|
static const value_string qs_rates[] = {
|
|
|
|
|
{ 0, "0 bit/s"},
|
|
|
|
|
{ 1, "80 kbit/s"},
|
|
|
|
|
{ 2, "160 kbit/s"},
|
|
|
|
|
{ 3, "320 kbit/s"},
|
|
|
|
|
{ 4, "640 kbit/s"},
|
|
|
|
|
{ 5, "1.28 Mbit/s"},
|
|
|
|
|
{ 6, "2.56 Mbit/s"},
|
2007-07-30 17:21:40 +00:00
|
|
|
{ 7, "5.12 Mbit/s"},
|
2007-06-04 23:27:12 +00:00
|
|
|
{ 8, "10.24 Mbit/s"},
|
|
|
|
|
{ 9, "20.48 Mbit/s"},
|
|
|
|
|
{10, "40.96 Mbit/s"},
|
|
|
|
|
{11, "81.92 Mbit/s"},
|
|
|
|
|
{12, "163.84 Mbit/s"},
|
|
|
|
|
{13, "327.68 Mbit/s"},
|
|
|
|
|
{14, "655.36 Mbit/s"},
|
|
|
|
|
{15, "1.31072 Gbit/s"},
|
|
|
|
|
{0, NULL}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
guint8 command = tvb_get_guint8(tvb, offset + 2);
|
|
|
|
|
guint8 function = command >> 4;
|
|
|
|
|
guint8 rate = command & 0x0f;
|
|
|
|
|
|
|
|
|
|
switch (function) {
|
2007-07-30 17:21:40 +00:00
|
|
|
case 0x00: /* rate request */
|
2007-06-04 23:27:12 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
2007-07-30 17:21:40 +00:00
|
|
|
"%s: Rate request, %s, QS TTL %u", optp->name,
|
|
|
|
|
val_to_str(rate, qs_rates, "Unknown"),
|
2007-06-04 23:27:12 +00:00
|
|
|
tvb_get_guint8(tvb, offset + 3));
|
|
|
|
|
break;
|
|
|
|
|
case 0x08: /* rate report */
|
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
2007-07-30 17:21:40 +00:00
|
|
|
"%s: Rate report, %s", optp->name,
|
2007-06-04 23:27:12 +00:00
|
|
|
val_to_str(rate, qs_rates, "Unknown"));
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, optlen,
|
|
|
|
|
"%s: Unknown function", optp->name);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
1999-08-28 08:31:28 +00:00
|
|
|
static const ip_tcp_opt ipopts[] = {
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
|
|
|
|
IPOPT_END,
|
|
|
|
|
"EOL",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
NO_LENGTH,
|
|
|
|
|
0,
|
|
|
|
|
NULL,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
IPOPT_NOOP,
|
|
|
|
|
"NOP",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
NO_LENGTH,
|
|
|
|
|
0,
|
|
|
|
|
NULL,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
IPOPT_SEC,
|
|
|
|
|
"Security",
|
1999-11-16 11:44:20 +00:00
|
|
|
&ett_ip_option_sec,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
|
IPOLEN_SEC,
|
|
|
|
|
dissect_ipopt_security
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
IPOPT_SSRR,
|
|
|
|
|
"Strict source route",
|
1999-11-16 11:44:20 +00:00
|
|
|
&ett_ip_option_route,
|
1998-10-13 05:40:04 +00:00
|
|
|
VARIABLE_LENGTH,
|
|
|
|
|
IPOLEN_SSRR_MIN,
|
|
|
|
|
dissect_ipopt_route
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
IPOPT_LSRR,
|
|
|
|
|
"Loose source route",
|
1999-11-16 11:44:20 +00:00
|
|
|
&ett_ip_option_route,
|
1998-10-13 05:40:04 +00:00
|
|
|
VARIABLE_LENGTH,
|
|
|
|
|
IPOLEN_LSRR_MIN,
|
|
|
|
|
dissect_ipopt_route
|
|
|
|
|
},
|
2007-01-19 23:56:42 +00:00
|
|
|
{
|
|
|
|
|
IPOPT_CIPSO,
|
|
|
|
|
"Commercial IP security option",
|
|
|
|
|
&ett_ip_option_cipso,
|
|
|
|
|
VARIABLE_LENGTH,
|
|
|
|
|
IPOLEN_CIPSO_MIN,
|
|
|
|
|
dissect_ipopt_cipso
|
|
|
|
|
},
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
|
|
|
|
IPOPT_RR,
|
|
|
|
|
"Record route",
|
1999-11-16 11:44:20 +00:00
|
|
|
&ett_ip_option_route,
|
1998-10-13 05:40:04 +00:00
|
|
|
VARIABLE_LENGTH,
|
|
|
|
|
IPOLEN_RR_MIN,
|
|
|
|
|
dissect_ipopt_route
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
IPOPT_SID,
|
|
|
|
|
"Stream identifier",
|
1999-11-16 11:44:20 +00:00
|
|
|
NULL,
|
1998-10-13 05:40:04 +00:00
|
|
|
FIXED_LENGTH,
|
|
|
|
|
IPOLEN_SID,
|
|
|
|
|
dissect_ipopt_sid
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
IPOPT_TIMESTAMP,
|
|
|
|
|
"Time stamp",
|
1999-11-16 11:44:20 +00:00
|
|
|
&ett_ip_option_timestamp,
|
1998-10-13 05:40:04 +00:00
|
|
|
VARIABLE_LENGTH,
|
|
|
|
|
IPOLEN_TIMESTAMP_MIN,
|
|
|
|
|
dissect_ipopt_timestamp
|
2000-12-13 16:38:20 +00:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
IPOPT_RA,
|
|
|
|
|
"Router Alert",
|
|
|
|
|
NULL,
|
|
|
|
|
FIXED_LENGTH,
|
|
|
|
|
IPOLEN_RA,
|
|
|
|
|
dissect_ipopt_ra
|
|
|
|
|
},
|
2007-06-04 23:27:12 +00:00
|
|
|
{
|
|
|
|
|
IPOPT_QS,
|
|
|
|
|
"Quick-Start",
|
|
|
|
|
NULL,
|
|
|
|
|
FIXED_LENGTH,
|
|
|
|
|
IPOLEN_QS,
|
|
|
|
|
dissect_ipopt_qs
|
|
|
|
|
}
|
1998-10-13 05:40:04 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
#define N_IP_OPTS (sizeof ipopts / sizeof ipopts[0])
|
|
|
|
|
|
|
|
|
|
/* Dissect the IP or TCP options in a packet. */
|
|
|
|
|
void
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_ip_tcp_options(tvbuff_t *tvb, int offset, guint length,
|
1999-08-28 08:31:28 +00:00
|
|
|
const ip_tcp_opt *opttab, int nopts, int eol,
|
2001-12-10 00:26:21 +00:00
|
|
|
packet_info *pinfo, proto_tree *opt_tree)
|
1998-10-13 05:40:04 +00:00
|
|
|
{
|
2002-08-02 23:36:07 +00:00
|
|
|
guchar opt;
|
1999-08-28 08:31:28 +00:00
|
|
|
const ip_tcp_opt *optp;
|
1999-08-28 19:17:17 +00:00
|
|
|
opt_len_type len_type;
|
2001-06-19 23:08:57 +00:00
|
|
|
unsigned int optlen;
|
2005-07-27 01:12:44 +00:00
|
|
|
const char *name;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
void (*dissect)(const struct ip_tcp_opt *, tvbuff_t *,
|
2001-12-10 00:26:21 +00:00
|
|
|
int, guint, packet_info *, proto_tree *);
|
1999-08-28 08:31:28 +00:00
|
|
|
guint len;
|
1998-10-13 05:40:04 +00:00
|
|
|
|
|
|
|
|
while (length > 0) {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
opt = tvb_get_guint8(tvb, offset);
|
1998-10-13 05:40:04 +00:00
|
|
|
for (optp = &opttab[0]; optp < &opttab[nopts]; optp++) {
|
|
|
|
|
if (optp->optcode == opt)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (optp == &opttab[nopts]) {
|
1999-08-28 19:17:17 +00:00
|
|
|
/* We assume that the only NO_LENGTH options are EOL and NOP options,
|
|
|
|
|
so that we can treat unknown options as VARIABLE_LENGTH with a
|
|
|
|
|
minimum of 2, and at least be able to move on to the next option
|
|
|
|
|
by using the length in the option. */
|
1999-08-28 19:38:37 +00:00
|
|
|
optp = NULL; /* indicate that we don't know this option */
|
1999-08-28 19:17:17 +00:00
|
|
|
len_type = VARIABLE_LENGTH;
|
|
|
|
|
optlen = 2;
|
2007-01-14 20:19:00 +00:00
|
|
|
name = ep_strdup_printf("Unknown (0x%02x)", opt);
|
1999-08-28 19:17:17 +00:00
|
|
|
dissect = NULL;
|
|
|
|
|
} else {
|
|
|
|
|
len_type = optp->len_type;
|
|
|
|
|
optlen = optp->optlen;
|
|
|
|
|
name = optp->name;
|
|
|
|
|
dissect = optp->dissect;
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
--length; /* account for type byte */
|
1999-08-28 19:17:17 +00:00
|
|
|
if (len_type != NO_LENGTH) {
|
1998-10-13 05:40:04 +00:00
|
|
|
/* Option has a length. Is it in the packet? */
|
|
|
|
|
if (length == 0) {
|
|
|
|
|
/* Bogus - packet must at least include option code byte and
|
|
|
|
|
length byte! */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, 1,
|
1999-08-28 19:17:17 +00:00
|
|
|
"%s (length byte past end of options)", name);
|
1998-10-13 05:40:04 +00:00
|
|
|
return;
|
|
|
|
|
}
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
len = tvb_get_guint8(tvb, offset + 1); /* total including type, len */
|
1998-10-13 05:40:04 +00:00
|
|
|
--length; /* account for length byte */
|
|
|
|
|
if (len < 2) {
|
|
|
|
|
/* Bogus - option length is too short to include option code and
|
|
|
|
|
option length. */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, 2,
|
1999-08-28 19:17:17 +00:00
|
|
|
"%s (with too-short option length = %u byte%s)", name,
|
1999-12-13 05:09:05 +00:00
|
|
|
len, plurality(len, "", "s"));
|
1998-10-13 05:40:04 +00:00
|
|
|
return;
|
|
|
|
|
} else if (len - 2 > length) {
|
|
|
|
|
/* Bogus - option goes past the end of the header. */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, length,
|
1999-08-28 08:31:28 +00:00
|
|
|
"%s (option length = %u byte%s says option goes past end of options)",
|
1999-08-28 19:17:17 +00:00
|
|
|
name, len, plurality(len, "", "s"));
|
1998-10-13 05:40:04 +00:00
|
|
|
return;
|
1999-08-28 19:17:17 +00:00
|
|
|
} else if (len_type == FIXED_LENGTH && len != optlen) {
|
1998-10-13 05:40:04 +00:00
|
|
|
/* Bogus - option length isn't what it's supposed to be for this
|
|
|
|
|
option. */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, len,
|
1999-08-28 19:17:17 +00:00
|
|
|
"%s (with option length = %u byte%s; should be %u)", name,
|
|
|
|
|
len, plurality(len, "", "s"), optlen);
|
1998-10-13 05:40:04 +00:00
|
|
|
return;
|
1999-08-28 19:17:17 +00:00
|
|
|
} else if (len_type == VARIABLE_LENGTH && len < optlen) {
|
1998-10-13 05:40:04 +00:00
|
|
|
/* Bogus - option length is less than what it's supposed to be for
|
|
|
|
|
this option. */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, len,
|
1999-08-28 19:17:17 +00:00
|
|
|
"%s (with option length = %u byte%s; should be >= %u)", name,
|
|
|
|
|
len, plurality(len, "", "s"), optlen);
|
1998-10-13 05:40:04 +00:00
|
|
|
return;
|
|
|
|
|
} else {
|
1999-08-28 19:38:37 +00:00
|
|
|
if (optp == NULL) {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, len, "%s (%u byte%s)",
|
1999-08-28 19:38:37 +00:00
|
|
|
name, len, plurality(len, "", "s"));
|
1998-10-13 05:40:04 +00:00
|
|
|
} else {
|
1999-08-28 19:38:37 +00:00
|
|
|
if (dissect != NULL) {
|
|
|
|
|
/* Option has a dissector. */
|
2001-12-10 00:26:21 +00:00
|
|
|
(*dissect)(optp, tvb, offset, len, pinfo, opt_tree);
|
1999-08-28 19:38:37 +00:00
|
|
|
} else {
|
|
|
|
|
/* Option has no data, hence no dissector. */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, len, "%s", name);
|
1999-08-28 19:38:37 +00:00
|
|
|
}
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
|
|
|
|
len -= 2; /* subtract size of type and length */
|
|
|
|
|
offset += 2 + len;
|
|
|
|
|
}
|
|
|
|
|
length -= len;
|
|
|
|
|
} else {
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
proto_tree_add_text(opt_tree, tvb, offset, 1, "%s", name);
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += 1;
|
|
|
|
|
}
|
|
|
|
|
if (opt == eol)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-12-29 22:01:11 +00:00
|
|
|
const value_string dscp_vals[] = {
|
2000-01-24 04:44:58 +00:00
|
|
|
{ IPDSFIELD_DSCP_DEFAULT, "Default" },
|
|
|
|
|
{ IPDSFIELD_DSCP_CS1, "Class Selector 1" },
|
|
|
|
|
{ IPDSFIELD_DSCP_CS2, "Class Selector 2" },
|
|
|
|
|
{ IPDSFIELD_DSCP_CS3, "Class Selector 3" },
|
|
|
|
|
{ IPDSFIELD_DSCP_CS4, "Class Selector 4" },
|
|
|
|
|
{ IPDSFIELD_DSCP_CS5, "Class Selector 5" },
|
|
|
|
|
{ IPDSFIELD_DSCP_CS6, "Class Selector 6" },
|
|
|
|
|
{ IPDSFIELD_DSCP_CS7, "Class Selector 7" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF11, "Assured Forwarding 11" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF12, "Assured Forwarding 12" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF13, "Assured Forwarding 13" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF21, "Assured Forwarding 21" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF22, "Assured Forwarding 22" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF23, "Assured Forwarding 23" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF31, "Assured Forwarding 31" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF32, "Assured Forwarding 32" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF33, "Assured Forwarding 33" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF41, "Assured Forwarding 41" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF42, "Assured Forwarding 42" },
|
|
|
|
|
{ IPDSFIELD_DSCP_AF43, "Assured Forwarding 43" },
|
|
|
|
|
{ IPDSFIELD_DSCP_EF, "Expedited Forwarding" },
|
|
|
|
|
{ 0, NULL } };
|
|
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
static const value_string precedence_vals[] = {
|
1998-12-29 04:05:38 +00:00
|
|
|
{ IPTOS_PREC_ROUTINE, "routine" },
|
|
|
|
|
{ IPTOS_PREC_PRIORITY, "priority" },
|
|
|
|
|
{ IPTOS_PREC_IMMEDIATE, "immediate" },
|
|
|
|
|
{ IPTOS_PREC_FLASH, "flash" },
|
|
|
|
|
{ IPTOS_PREC_FLASHOVERRIDE, "flash override" },
|
|
|
|
|
{ IPTOS_PREC_CRITIC_ECP, "CRITIC/ECP" },
|
|
|
|
|
{ IPTOS_PREC_INTERNETCONTROL, "internetwork control" },
|
|
|
|
|
{ IPTOS_PREC_NETCONTROL, "network control" },
|
|
|
|
|
{ 0, NULL } };
|
1999-07-07 22:52:57 +00:00
|
|
|
|
|
|
|
|
static const value_string iptos_vals[] = {
|
|
|
|
|
{ IPTOS_NONE, "None" },
|
|
|
|
|
{ IPTOS_LOWCOST, "Minimize cost" },
|
|
|
|
|
{ IPTOS_RELIABILITY, "Maximize reliability" },
|
|
|
|
|
{ IPTOS_THROUGHPUT, "Maximize throughput" },
|
|
|
|
|
{ IPTOS_LOWDELAY, "Minimize delay" },
|
|
|
|
|
{ IPTOS_SECURITY, "Maximize security" },
|
|
|
|
|
{ 0, NULL }
|
|
|
|
|
};
|
|
|
|
|
|
1999-11-02 05:38:51 +00:00
|
|
|
static const true_false_string tos_set_low = {
|
|
|
|
|
"Low",
|
|
|
|
|
"Normal"
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const true_false_string tos_set_high = {
|
|
|
|
|
"High",
|
|
|
|
|
"Normal"
|
|
|
|
|
};
|
|
|
|
|
|
2009-07-09 11:32:50 +00:00
|
|
|
guint16 ip_checksum(const guint8 *ptr, int len)
|
1999-12-08 17:54:41 +00:00
|
|
|
{
|
2000-12-13 02:24:23 +00:00
|
|
|
vec_t cksum_vec[1];
|
2000-08-04 22:43:45 +00:00
|
|
|
|
2000-12-13 02:24:23 +00:00
|
|
|
cksum_vec[0].ptr = ptr;
|
|
|
|
|
cksum_vec[0].len = len;
|
|
|
|
|
return in_cksum(&cksum_vec[0], 1);
|
2000-08-04 04:54:22 +00:00
|
|
|
}
|
|
|
|
|
|
2001-01-22 03:33:45 +00:00
|
|
|
static void
|
2005-04-11 08:43:51 +00:00
|
|
|
dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree)
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
{
|
2001-03-28 06:20:22 +00:00
|
|
|
proto_tree *ip_tree = NULL, *field_tree;
|
2003-01-14 18:54:29 +00:00
|
|
|
proto_item *ti = NULL, *tf;
|
2008-12-23 18:17:01 +00:00
|
|
|
guint32 addr;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
int offset = 0;
|
2003-01-14 18:54:29 +00:00
|
|
|
guint hlen, optlen;
|
1999-08-17 03:09:39 +00:00
|
|
|
guint16 flags;
|
1999-08-18 00:57:54 +00:00
|
|
|
guint8 nxt;
|
2000-08-05 05:08:21 +00:00
|
|
|
guint16 ipsum;
|
2003-04-18 05:11:44 +00:00
|
|
|
fragment_data *ipfd_head=NULL;
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
tvbuff_t *next_tvb;
|
Use the "fragmented" field of the "packet_info" structure in
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
2002-01-17 06:29:20 +00:00
|
|
|
gboolean update_col_info = TRUE;
|
|
|
|
|
gboolean save_fragmented;
|
2009-05-20 15:50:40 +00:00
|
|
|
ws_ip *iph;
|
2005-02-03 23:35:57 +00:00
|
|
|
const guchar *src_addr, *dst_addr;
|
2005-04-07 09:44:58 +00:00
|
|
|
guint32 src32, dst32;
|
2005-04-11 08:43:51 +00:00
|
|
|
proto_tree *tree;
|
2007-08-28 20:58:50 +00:00
|
|
|
proto_item *item, *ttl_item;
|
2005-08-21 15:13:47 +00:00
|
|
|
proto_tree *checksum_tree;
|
2005-04-11 08:43:51 +00:00
|
|
|
|
|
|
|
|
tree=parent_tree;
|
2003-01-22 01:16:33 +00:00
|
|
|
|
2009-05-20 15:50:40 +00:00
|
|
|
iph=ep_alloc(sizeof(ws_ip));
|
1998-09-16 02:39:15 +00:00
|
|
|
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_PROTOCOL))
|
|
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "IP");
|
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
2000-12-29 04:16:57 +00:00
|
|
|
|
2003-01-22 01:16:33 +00:00
|
|
|
iph->ip_v_hl = tvb_get_guint8(tvb, offset);
|
2006-03-16 20:14:47 +00:00
|
|
|
if ( hi_nibble(iph->ip_v_hl) == 6){
|
|
|
|
|
call_dissector(ipv6_handle, tvb, pinfo, parent_tree);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2003-01-22 01:16:33 +00:00
|
|
|
hlen = lo_nibble(iph->ip_v_hl) * 4; /* IP header length, in bytes */
|
2002-08-28 21:04:11 +00:00
|
|
|
|
1998-09-16 02:39:15 +00:00
|
|
|
if (tree) {
|
2003-01-14 18:54:29 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, FALSE);
|
1999-11-16 11:44:20 +00:00
|
|
|
ip_tree = proto_item_add_subtree(ti, ett_ip);
|
2003-01-14 18:54:29 +00:00
|
|
|
|
|
|
|
|
proto_tree_add_uint(ip_tree, hf_ip_version, tvb, offset, 1,
|
2003-01-22 01:16:33 +00:00
|
|
|
hi_nibble(iph->ip_v_hl));
|
2001-03-28 06:20:22 +00:00
|
|
|
}
|
1999-07-07 22:52:57 +00:00
|
|
|
|
2005-04-11 08:43:51 +00:00
|
|
|
/* if IP is not referenced from any filters we dont need to worry about
|
|
|
|
|
generating any tree items. We must do this after we created the actual
|
|
|
|
|
protocol above so that proto hier stat still works though.
|
|
|
|
|
*/
|
|
|
|
|
if(!proto_field_is_referenced(parent_tree, proto_ip)){
|
|
|
|
|
tree=NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2001-03-28 06:20:22 +00:00
|
|
|
if (hlen < IPH_MIN_LEN) {
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "Bogus IP header length (%u, must be at least %u)",
|
2001-04-18 04:53:51 +00:00
|
|
|
hlen, IPH_MIN_LEN);
|
2001-03-28 06:20:22 +00:00
|
|
|
if (tree) {
|
|
|
|
|
proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
|
2003-01-14 18:54:29 +00:00
|
|
|
"Header length: %u bytes (bogus, must be at least %u)", hlen,
|
|
|
|
|
IPH_MIN_LEN);
|
2001-03-28 06:20:22 +00:00
|
|
|
}
|
2007-09-28 05:50:19 +00:00
|
|
|
return;
|
2001-03-28 06:20:22 +00:00
|
|
|
}
|
2001-04-18 04:53:51 +00:00
|
|
|
|
2001-03-28 06:20:22 +00:00
|
|
|
if (tree) {
|
2005-10-03 16:24:43 +00:00
|
|
|
proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
|
1999-11-02 07:06:07 +00:00
|
|
|
"Header length: %u bytes", hlen);
|
2003-01-14 18:54:29 +00:00
|
|
|
}
|
2008-12-23 18:56:31 +00:00
|
|
|
|
2003-01-22 01:16:33 +00:00
|
|
|
iph->ip_tos = tvb_get_guint8(tvb, offset + 1);
|
2007-05-09 22:27:39 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_DSCP_VALUE)) {
|
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_DSCP_VALUE, "%u", IPDSFIELD_DSCP(iph->ip_tos));
|
|
|
|
|
}
|
|
|
|
|
|
2003-01-14 18:54:29 +00:00
|
|
|
if (tree) {
|
2007-05-09 22:27:39 +00:00
|
|
|
if (g_ip_dscp_actif) {
|
2003-01-22 01:16:33 +00:00
|
|
|
tf = proto_tree_add_uint_format(ip_tree, hf_ip_dsfield, tvb, offset + 1, 1, iph->ip_tos,
|
|
|
|
|
"Differentiated Services Field: 0x%02x (DSCP 0x%02x: %s; ECN: 0x%02x)", iph->ip_tos,
|
|
|
|
|
IPDSFIELD_DSCP(iph->ip_tos), val_to_str(IPDSFIELD_DSCP(iph->ip_tos), dscp_vals,
|
|
|
|
|
"Unknown DSCP"),IPDSFIELD_ECN(iph->ip_tos));
|
2000-01-24 04:44:58 +00:00
|
|
|
|
|
|
|
|
field_tree = proto_item_add_subtree(tf, ett_ip_dsfield);
|
2003-01-22 01:16:33 +00:00
|
|
|
proto_tree_add_uint(field_tree, hf_ip_dsfield_dscp, tvb, offset + 1, 1, iph->ip_tos);
|
|
|
|
|
proto_tree_add_uint(field_tree, hf_ip_dsfield_ect, tvb, offset + 1, 1, iph->ip_tos);
|
|
|
|
|
proto_tree_add_uint(field_tree, hf_ip_dsfield_ce, tvb, offset + 1, 1, iph->ip_tos);
|
2000-01-24 04:44:58 +00:00
|
|
|
} else {
|
2003-01-22 01:16:33 +00:00
|
|
|
tf = proto_tree_add_uint_format(ip_tree, hf_ip_tos, tvb, offset + 1, 1, iph->ip_tos,
|
|
|
|
|
"Type of service: 0x%02x (%s)", iph->ip_tos,
|
|
|
|
|
val_to_str( IPTOS_TOS(iph->ip_tos), iptos_vals, "Unknown") );
|
2000-01-24 04:44:58 +00:00
|
|
|
|
|
|
|
|
field_tree = proto_item_add_subtree(tf, ett_ip_tos);
|
2003-01-22 01:16:33 +00:00
|
|
|
proto_tree_add_uint(field_tree, hf_ip_tos_precedence, tvb, offset + 1, 1, iph->ip_tos);
|
|
|
|
|
proto_tree_add_boolean(field_tree, hf_ip_tos_delay, tvb, offset + 1, 1, iph->ip_tos);
|
|
|
|
|
proto_tree_add_boolean(field_tree, hf_ip_tos_throughput, tvb, offset + 1, 1, iph->ip_tos);
|
|
|
|
|
proto_tree_add_boolean(field_tree, hf_ip_tos_reliability, tvb, offset + 1, 1, iph->ip_tos);
|
|
|
|
|
proto_tree_add_boolean(field_tree, hf_ip_tos_cost, tvb, offset + 1, 1, iph->ip_tos);
|
2003-01-14 18:54:29 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Length of IP datagram.
|
|
|
|
|
XXX - what if this is greater than the reported length of the
|
|
|
|
|
tvbuff? This could happen, for example, in an IP datagram
|
|
|
|
|
inside an ICMP datagram; we need to somehow let the
|
|
|
|
|
dissector we call know that, as it might want to avoid
|
|
|
|
|
doing its checksumming. */
|
2003-01-22 01:16:33 +00:00
|
|
|
iph->ip_len = tvb_get_ntohs(tvb, offset + 2);
|
2003-01-14 18:54:29 +00:00
|
|
|
|
2007-09-24 06:46:59 +00:00
|
|
|
/* Correct for zero-length TSO packets
|
|
|
|
|
* If ip_len is zero, assume TSO and use the reported length instead. Note
|
|
|
|
|
* that we need to use the frame/reported length instead of the
|
|
|
|
|
* actually-available length, just in case a snaplen was used on capture. */
|
2008-12-19 23:49:03 +00:00
|
|
|
if (ip_tso_supported && !iph->ip_len)
|
2007-09-24 06:46:59 +00:00
|
|
|
iph->ip_len = tvb_reported_length(tvb);
|
|
|
|
|
|
2003-01-22 01:16:33 +00:00
|
|
|
if (iph->ip_len < hlen) {
|
2003-01-14 18:54:29 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "Bogus IP length (%u, less than header length %u)",
|
2003-01-22 01:16:33 +00:00
|
|
|
iph->ip_len, hlen);
|
2003-01-14 18:54:29 +00:00
|
|
|
if (tree) {
|
2003-01-22 01:16:33 +00:00
|
|
|
proto_tree_add_uint_format(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len,
|
|
|
|
|
"Total length: %u bytes (bogus, less than header length %u)", iph->ip_len,
|
2003-01-14 18:54:29 +00:00
|
|
|
hlen);
|
2000-01-24 04:44:58 +00:00
|
|
|
}
|
2007-09-28 05:50:19 +00:00
|
|
|
return;
|
2003-01-14 18:54:29 +00:00
|
|
|
}
|
2008-12-02 09:42:57 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Now that we know that the total length of this IP datagram isn't
|
|
|
|
|
* obviously bogus, adjust the length of this tvbuff to include only
|
|
|
|
|
* the IP datagram.
|
|
|
|
|
*/
|
|
|
|
|
set_actual_length(tvb, iph->ip_len);
|
|
|
|
|
|
2003-01-14 18:54:29 +00:00
|
|
|
if (tree)
|
2005-10-03 16:24:43 +00:00
|
|
|
proto_tree_add_uint(ip_tree, hf_ip_len, tvb, offset + 2, 2, iph->ip_len);
|
1999-07-15 15:33:52 +00:00
|
|
|
|
2003-01-22 01:16:33 +00:00
|
|
|
iph->ip_id = tvb_get_ntohs(tvb, offset + 4);
|
2003-01-14 18:54:29 +00:00
|
|
|
if (tree)
|
2005-10-03 16:24:43 +00:00
|
|
|
proto_tree_add_uint(ip_tree, hf_ip_id, tvb, offset + 4, 2, iph->ip_id);
|
2003-01-14 18:54:29 +00:00
|
|
|
|
2003-01-22 01:16:33 +00:00
|
|
|
iph->ip_off = tvb_get_ntohs(tvb, offset + 6);
|
2003-01-14 18:54:29 +00:00
|
|
|
if (tree) {
|
2004-02-18 06:43:01 +00:00
|
|
|
flags = (iph->ip_off & (IP_RF | IP_DF | IP_MF)) >> 12;
|
2003-01-14 18:54:29 +00:00
|
|
|
tf = proto_tree_add_uint(ip_tree, hf_ip_flags, tvb, offset + 6, 1, flags);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_ip_off);
|
2004-02-18 06:43:01 +00:00
|
|
|
proto_tree_add_boolean(field_tree, hf_ip_flags_rf, tvb, offset + 6, 1, flags);
|
2004-04-19 23:36:46 +00:00
|
|
|
if (flags & (IP_DF>>12)) proto_item_append_text(tf, " (Don't Fragment)");
|
2004-02-18 06:43:01 +00:00
|
|
|
proto_tree_add_boolean(field_tree, hf_ip_flags_df, tvb, offset + 6, 1, flags);
|
2004-04-19 23:36:46 +00:00
|
|
|
if (flags & (IP_MF>>12)) proto_item_append_text(tf, " (More Fragments)");
|
2004-02-18 06:43:01 +00:00
|
|
|
proto_tree_add_boolean(field_tree, hf_ip_flags_mf, tvb, offset + 6, 1, flags);
|
1999-08-17 03:09:39 +00:00
|
|
|
|
2003-01-14 18:54:29 +00:00
|
|
|
proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
|
2003-01-22 01:16:33 +00:00
|
|
|
(iph->ip_off & IP_OFFSET)*8);
|
2003-01-14 18:54:29 +00:00
|
|
|
}
|
2001-04-18 04:53:51 +00:00
|
|
|
|
2009-05-20 15:50:40 +00:00
|
|
|
iph->ip_ttl = tvb_get_guint8(tvb, offset + 8);
|
2007-08-16 04:25:54 +00:00
|
|
|
if (tree) {
|
2007-08-28 20:58:50 +00:00
|
|
|
ttl_item = proto_tree_add_item(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, FALSE);
|
2007-08-16 04:25:54 +00:00
|
|
|
} else {
|
2007-08-28 20:58:50 +00:00
|
|
|
ttl_item = NULL;
|
2007-08-16 04:25:54 +00:00
|
|
|
}
|
2000-08-04 04:54:22 +00:00
|
|
|
|
2003-01-22 01:16:33 +00:00
|
|
|
iph->ip_p = tvb_get_guint8(tvb, offset + 9);
|
2003-01-14 18:54:29 +00:00
|
|
|
if (tree) {
|
2003-01-22 01:16:33 +00:00
|
|
|
proto_tree_add_uint_format(ip_tree, hf_ip_proto, tvb, offset + 9, 1, iph->ip_p,
|
|
|
|
|
"Protocol: %s (0x%02x)", ipprotostr(iph->ip_p), iph->ip_p);
|
2003-01-14 18:54:29 +00:00
|
|
|
}
|
|
|
|
|
|
2003-01-22 01:16:33 +00:00
|
|
|
iph->ip_sum = tvb_get_ntohs(tvb, offset + 10);
|
2003-01-14 18:54:29 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If we have the entire IP header available, check the checksum.
|
|
|
|
|
*/
|
2005-10-03 16:24:43 +00:00
|
|
|
if (ip_check_checksum && tvb_bytes_exist(tvb, offset, hlen)) {
|
2003-01-14 18:54:29 +00:00
|
|
|
ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen);
|
2007-09-02 20:37:39 +00:00
|
|
|
if (tree) {
|
|
|
|
|
if (ipsum == 0) {
|
|
|
|
|
item = proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph->ip_sum,
|
|
|
|
|
"Header checksum: 0x%04x [correct]", iph->ip_sum);
|
|
|
|
|
checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
|
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb, offset + 10, 2, TRUE);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb, offset + 10, 2, FALSE);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
} else {
|
|
|
|
|
item = proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph->ip_sum,
|
|
|
|
|
"Header checksum: 0x%04x [incorrect, should be 0x%04x]", iph->ip_sum,
|
|
|
|
|
in_cksum_shouldbe(iph->ip_sum, ipsum));
|
|
|
|
|
checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
|
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb, offset + 10, 2, FALSE);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb, offset + 10, 2, TRUE);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
2009-03-03 21:38:49 +00:00
|
|
|
expert_add_info_format(pinfo, item, PI_CHECKSUM, PI_ERROR, "Bad checksum");
|
2007-09-02 20:37:39 +00:00
|
|
|
}
|
2003-01-14 18:54:29 +00:00
|
|
|
}
|
2007-09-02 20:37:39 +00:00
|
|
|
} else {
|
2003-01-14 18:54:29 +00:00
|
|
|
ipsum = 0;
|
2005-08-21 15:13:47 +00:00
|
|
|
if (tree) {
|
2007-09-02 20:37:39 +00:00
|
|
|
item = proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph->ip_sum,
|
|
|
|
|
"Header checksum: 0x%04x [%s]", iph->ip_sum,
|
|
|
|
|
ip_check_checksum ? "not all data available" : "validation disabled");
|
|
|
|
|
checksum_tree = proto_item_add_subtree(item, ett_ip_checksum);
|
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_good, tvb, offset + 10, 2, FALSE);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
item = proto_tree_add_boolean(checksum_tree, hf_ip_checksum_bad, tvb, offset + 10, 2, FALSE);
|
|
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
}
|
2003-01-14 18:54:29 +00:00
|
|
|
}
|
2005-02-03 23:35:57 +00:00
|
|
|
src_addr = tvb_get_ptr(tvb, offset + IPH_SRC, 4);
|
2005-04-07 09:44:58 +00:00
|
|
|
src32 = tvb_get_ntohl(tvb, offset + IPH_SRC);
|
2005-02-03 23:35:57 +00:00
|
|
|
SET_ADDRESS(&pinfo->net_src, AT_IPv4, 4, src_addr);
|
|
|
|
|
SET_ADDRESS(&pinfo->src, AT_IPv4, 4, src_addr);
|
|
|
|
|
SET_ADDRESS(&iph->ip_src, AT_IPv4, 4, src_addr);
|
2003-01-14 18:54:29 +00:00
|
|
|
if (tree) {
|
2008-06-25 09:12:35 +00:00
|
|
|
const char *src_host;
|
2007-11-09 05:56:42 +00:00
|
|
|
|
2008-12-23 18:17:01 +00:00
|
|
|
memcpy(&addr, iph->ip_src.data, 4);
|
|
|
|
|
src_host = get_hostname(addr);
|
2003-01-14 18:54:29 +00:00
|
|
|
if (ip_summary_in_tree) {
|
2007-11-09 05:56:42 +00:00
|
|
|
proto_item_append_text(ti, ", Src: %s (%s)", src_host, ip_to_str(iph->ip_src.data));
|
2000-08-04 04:54:22 +00:00
|
|
|
}
|
2008-12-23 18:17:01 +00:00
|
|
|
proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, addr);
|
|
|
|
|
item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 12, 4, addr);
|
2005-06-01 23:44:24 +00:00
|
|
|
PROTO_ITEM_SET_HIDDEN(item);
|
2007-11-09 05:56:42 +00:00
|
|
|
item = proto_tree_add_string(ip_tree, hf_ip_src_host, tvb, offset + 12, 4, src_host);
|
2005-06-01 23:44:24 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(item);
|
2007-11-09 05:56:42 +00:00
|
|
|
item = proto_tree_add_string(ip_tree, hf_ip_host, tvb, offset + 12, 4, src_host);
|
2005-06-01 23:44:24 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(item);
|
2003-01-14 18:54:29 +00:00
|
|
|
}
|
2005-02-03 23:35:57 +00:00
|
|
|
dst_addr = tvb_get_ptr(tvb, offset + IPH_DST, 4);
|
2005-04-07 09:44:58 +00:00
|
|
|
dst32 = tvb_get_ntohl(tvb, offset + IPH_DST);
|
2005-02-03 23:35:57 +00:00
|
|
|
SET_ADDRESS(&pinfo->net_dst, AT_IPv4, 4, dst_addr);
|
|
|
|
|
SET_ADDRESS(&pinfo->dst, AT_IPv4, 4, dst_addr);
|
|
|
|
|
SET_ADDRESS(&iph->ip_dst, AT_IPv4, 4, dst_addr);
|
2003-08-23 09:09:35 +00:00
|
|
|
|
2007-09-28 05:50:19 +00:00
|
|
|
tap_queue_packet(ip_tap, pinfo, iph);
|
|
|
|
|
|
|
|
|
|
|
2008-09-15 12:50:35 +00:00
|
|
|
/* If an IP is destined for an IP address in the Local Network Control Block
|
2007-08-28 20:58:50 +00:00
|
|
|
* (e.g. 224.0.0.0/24), the packet should never be routed and the TTL would
|
2008-09-15 12:50:35 +00:00
|
|
|
* be expected to be 1. (see RFC 3171) Flag a TTL greater than 1.
|
|
|
|
|
*
|
|
|
|
|
* Flag a low TTL if the packet is not destined for a multicast address
|
|
|
|
|
* (e.g. 224.0.0.0/4).
|
2009-07-08 15:29:37 +00:00
|
|
|
*
|
|
|
|
|
* FIXME: Add an exception list, as Some protocols seem to insist on
|
|
|
|
|
* doing differently:
|
|
|
|
|
* - IETF's VRRP (rfc3768) always uses 224.0.0.18 with 255
|
|
|
|
|
* - Cisco's GLPB always uses 224.0.0.102 with 255
|
|
|
|
|
* Even more, VRRP and GLBP should probably be flagged as an error, if
|
|
|
|
|
* seen with any TTL except 255.
|
2007-08-28 20:58:50 +00:00
|
|
|
*/
|
2008-09-15 12:50:35 +00:00
|
|
|
if (is_a_local_network_control_block_addr(dst32)) {
|
2009-05-20 15:50:40 +00:00
|
|
|
if (iph->ip_ttl != 1) {
|
2008-12-19 23:49:03 +00:00
|
|
|
expert_add_info_format(pinfo, ttl_item, PI_SEQUENCE, PI_NOTE,
|
2008-09-15 12:50:35 +00:00
|
|
|
"\"Time To Live\" > 1 for a packet sent to the Local Network Control Block (see RFC 3171)");
|
2007-08-28 20:58:50 +00:00
|
|
|
}
|
2009-05-20 15:50:40 +00:00
|
|
|
} else if (!is_a_multicast_addr(dst32) && iph->ip_ttl < 5) {
|
|
|
|
|
expert_add_info_format(pinfo, ttl_item, PI_SEQUENCE, PI_NOTE, "\"Time To Live\" only %u", iph->ip_ttl);
|
2007-08-28 20:58:50 +00:00
|
|
|
}
|
|
|
|
|
|
2003-01-14 18:54:29 +00:00
|
|
|
if (tree) {
|
2008-06-25 09:12:35 +00:00
|
|
|
const char *dst_host;
|
2007-11-09 05:56:42 +00:00
|
|
|
|
2008-12-23 18:17:01 +00:00
|
|
|
memcpy(&addr, iph->ip_dst.data, 4);
|
|
|
|
|
dst_host = get_hostname(addr);
|
2003-01-14 18:54:29 +00:00
|
|
|
if (ip_summary_in_tree) {
|
2007-11-09 05:56:42 +00:00
|
|
|
proto_item_append_text(ti, ", Dst: %s (%s)", dst_host, ip_to_str(iph->ip_dst.data));
|
2003-01-14 18:54:29 +00:00
|
|
|
}
|
2008-12-23 18:17:01 +00:00
|
|
|
proto_tree_add_ipv4(ip_tree, hf_ip_dst, tvb, offset + 16, 4, addr);
|
|
|
|
|
item = proto_tree_add_ipv4(ip_tree, hf_ip_addr, tvb, offset + 16, 4, addr);
|
2005-06-01 23:44:24 +00:00
|
|
|
PROTO_ITEM_SET_HIDDEN(item);
|
2007-11-09 05:56:42 +00:00
|
|
|
item = proto_tree_add_string(ip_tree, hf_ip_dst_host, tvb, offset + 16, 4, dst_host);
|
2005-06-01 23:44:24 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(item);
|
2007-11-09 05:56:42 +00:00
|
|
|
item = proto_tree_add_string(ip_tree, hf_ip_host, tvb, offset + 16, 4, dst_host);
|
2005-06-01 23:44:24 +00:00
|
|
|
PROTO_ITEM_SET_GENERATED(item);
|
|
|
|
|
PROTO_ITEM_SET_HIDDEN(item);
|
2003-01-14 18:54:29 +00:00
|
|
|
}
|
1998-10-13 05:40:04 +00:00
|
|
|
|
2008-12-19 23:49:03 +00:00
|
|
|
#ifdef HAVE_GEOIP
|
|
|
|
|
if (tree && ip_use_geoip) {
|
2009-03-08 14:11:01 +00:00
|
|
|
add_geoip_info(ip_tree, tvb, offset, src32, dst32);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2008-12-19 23:49:03 +00:00
|
|
|
|
2003-01-14 18:54:29 +00:00
|
|
|
if (tree) {
|
1998-10-13 05:40:04 +00:00
|
|
|
/* Decode IP options, if any. */
|
2003-01-14 18:54:29 +00:00
|
|
|
if (hlen > IPH_MIN_LEN) {
|
1998-10-13 05:40:04 +00:00
|
|
|
/* There's more than just the fixed-length header. Decode the
|
|
|
|
|
options. */
|
2003-01-14 18:54:29 +00:00
|
|
|
optlen = hlen - IPH_MIN_LEN; /* length of options, in bytes */
|
|
|
|
|
tf = proto_tree_add_text(ip_tree, tvb, offset + 20, optlen,
|
2000-03-07 05:28:39 +00:00
|
|
|
"Options: (%u bytes)", optlen);
|
1999-11-16 11:44:20 +00:00
|
|
|
field_tree = proto_item_add_subtree(tf, ett_ip_options);
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
dissect_ip_tcp_options(tvb, offset + 20, optlen,
|
2001-12-10 00:26:21 +00:00
|
|
|
ipopts, N_IP_OPTS, IPOPT_END, pinfo, field_tree);
|
1998-10-13 05:40:04 +00:00
|
|
|
}
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
|
2003-01-22 01:16:33 +00:00
|
|
|
pinfo->ipproto = iph->ip_p;
|
2001-04-18 04:53:51 +00:00
|
|
|
|
2003-01-22 01:16:33 +00:00
|
|
|
pinfo->iplen = iph->ip_len;
|
2001-04-18 04:53:51 +00:00
|
|
|
|
2003-03-04 06:47:10 +00:00
|
|
|
pinfo->iphdrlen = hlen;
|
2001-04-18 04:53:51 +00:00
|
|
|
|
1999-08-18 00:57:54 +00:00
|
|
|
/* Skip over header + options */
|
1998-10-13 05:40:04 +00:00
|
|
|
offset += hlen;
|
2003-01-22 01:16:33 +00:00
|
|
|
nxt = iph->ip_p; /* XXX - what if this isn't the same for all fragments? */
|
2001-04-18 04:53:51 +00:00
|
|
|
|
2002-01-20 01:04:18 +00:00
|
|
|
/* If ip_defragment is on, this is a fragment, we have all the data
|
|
|
|
|
* in the fragment, and the header checksum is valid, then just add
|
|
|
|
|
* the fragment to the hashtable.
|
2001-04-18 04:53:51 +00:00
|
|
|
*/
|
Use the "fragmented" field of the "packet_info" structure in
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
2002-01-17 06:29:20 +00:00
|
|
|
save_fragmented = pinfo->fragmented;
|
2003-01-22 01:16:33 +00:00
|
|
|
if (ip_defragment && (iph->ip_off & (IP_MF|IP_OFFSET)) &&
|
2003-03-04 06:47:10 +00:00
|
|
|
tvb_bytes_exist(tvb, offset, pinfo->iplen - pinfo->iphdrlen) &&
|
|
|
|
|
ipsum == 0) {
|
2007-07-30 17:21:40 +00:00
|
|
|
ipfd_head = fragment_add_check(tvb, offset, pinfo,
|
2006-01-03 23:23:46 +00:00
|
|
|
iph->ip_p ^ iph->ip_id ^ src32 ^ dst32,
|
2002-01-20 01:04:18 +00:00
|
|
|
ip_fragment_table,
|
We can't use the frame_data structure as a key structure when looking
for reassembled frames - in Tethereal, there's only one frame_data
structure used for all frames. Instead, use the frame number itself as
the key.
Add a "fragment_add_check()" routine, for fragments where there's a
fragment offset rather than a fragment sequence number, which does the
same sort of thing as "fragment_add_seq_check()" - i.e., once reassembly
is done, it puts the reassembled fragment into a separate hash table, so
that there're only incomplete reassemblies in the fragment hash table.
That's necessary in order to handle cases where the packet ID field can
be reused.
Use that routine for IPv4 fragment reassembly - IP IDs can be reused (in
fact, RFC 791 suggests that doing so might be a feature:
It is appropriate for some higher level protocols to choose the
identifier. For example, TCP protocol modules may retransmit an
identical TCP segment, and the probability for correct reception
would be enhanced if the retransmission carried the same identifier
as the original transmission since fragments of either datagram
could be used to construct a correct TCP segment.
and RFC 1122 says that it's permitted to do so, although it also says
"we believe that retransmitting the same Identification field is not
useful":
3.2.1.5 Identification: RFC-791 Section 3.2
When sending an identical copy of an earlier datagram, a
host MAY optionally retain the same Identification field in
the copy.
DISCUSSION:
Some Internet protocol experts have maintained that
when a host sends an identical copy of an earlier
datagram, the new copy should contain the same
Identification value as the original. There are two
suggested advantages: (1) if the datagrams are
fragmented and some of the fragments are lost, the
receiver may be able to reconstruct a complete datagram
from fragments of the original and the copies; (2) a
congested gateway might use the IP Identification field
(and Fragment Offset) to discard duplicate datagrams
from the queue.
However, the observed patterns of datagram loss in the
Internet do not favor the probability of retransmitted
fragments filling reassembly gaps, while other
mechanisms (e.g., TCP repacketizing upon
retransmission) tend to prevent retransmission of an
identical datagram [IP:9]. Therefore, we believe that
retransmitting the same Identification field is not
useful. Also, a connectionless transport protocol like
UDP would require the cooperation of the application
programs to retain the same Identification value in
identical datagrams.
and, in any case, I've seen that in at least one capture, and it
confuses the current reassembly code).
Unfortunately, that means that fragments other than the last fragment
can't be tagged with the frame number in which the reassembly was done;
see the comment in packet-ip.c for a discussion of that problem.
svn path=/trunk/; revision=7506
2003-04-20 00:11:28 +00:00
|
|
|
ip_reassembled_table,
|
2003-01-22 01:16:33 +00:00
|
|
|
(iph->ip_off & IP_OFFSET)*8,
|
2003-03-04 06:47:10 +00:00
|
|
|
pinfo->iplen - pinfo->iphdrlen,
|
2003-01-22 01:16:33 +00:00
|
|
|
iph->ip_off & IP_MF);
|
2003-04-20 11:36:16 +00:00
|
|
|
|
2003-08-28 04:19:29 +00:00
|
|
|
next_tvb = process_reassembled_data(tvb, offset, pinfo, "Reassembled IPv4",
|
|
|
|
|
ipfd_head, &ip_frag_items, &update_col_info, ip_tree);
|
2001-04-18 04:53:51 +00:00
|
|
|
} else {
|
|
|
|
|
/* If this is the first fragment, dissect its contents, otherwise
|
|
|
|
|
just show it as a fragment.
|
|
|
|
|
|
|
|
|
|
XXX - if we eventually don't save the reassembled contents of all
|
|
|
|
|
fragmented datagrams, we may want to always reassemble. */
|
2003-01-22 01:16:33 +00:00
|
|
|
if (iph->ip_off & IP_OFFSET) {
|
2001-04-18 04:53:51 +00:00
|
|
|
/* Not the first fragment - don't dissect it. */
|
|
|
|
|
next_tvb = NULL;
|
|
|
|
|
} else {
|
|
|
|
|
/* First fragment, or not fragmented. Dissect what we have here. */
|
|
|
|
|
|
|
|
|
|
/* Get a tvbuff for the payload. */
|
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, -1, -1);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If this is the first fragment, but not the only fragment,
|
|
|
|
|
* tell the next protocol that.
|
|
|
|
|
*/
|
2003-01-22 01:16:33 +00:00
|
|
|
if (iph->ip_off & IP_MF)
|
2001-04-18 04:53:51 +00:00
|
|
|
pinfo->fragmented = TRUE;
|
|
|
|
|
else
|
|
|
|
|
pinfo->fragmented = FALSE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (next_tvb == NULL) {
|
|
|
|
|
/* Just show this as a fragment. */
|
2003-04-18 05:11:44 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
2008-12-16 12:28:49 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "Fragmented IP protocol (proto=%s 0x%02x, off=%u, ID=%04x)",
|
|
|
|
|
ipprotostr(iph->ip_p), iph->ip_p, (iph->ip_off & IP_OFFSET) * 8,
|
|
|
|
|
iph->ip_id);
|
2003-04-18 05:11:44 +00:00
|
|
|
}
|
|
|
|
|
if( ipfd_head && ipfd_head->reassembled_in != pinfo->fd->num ){
|
|
|
|
|
if (check_col(pinfo->cinfo, COL_INFO)) {
|
2003-06-05 22:23:57 +00:00
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, " [Reassembled in #%u]",
|
2003-04-18 05:11:44 +00:00
|
|
|
ipfd_head->reassembled_in);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2002-05-30 01:56:55 +00:00
|
|
|
call_dissector(data_handle, tvb_new_subset(tvb, offset, -1, -1), pinfo,
|
2005-04-11 08:43:51 +00:00
|
|
|
parent_tree);
|
Use the "fragmented" field of the "packet_info" structure in
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
2002-01-17 06:29:20 +00:00
|
|
|
pinfo->fragmented = save_fragmented;
|
2007-09-28 05:50:19 +00:00
|
|
|
return;
|
1999-03-28 18:32:03 +00:00
|
|
|
}
|
|
|
|
|
|
2007-03-04 11:48:07 +00:00
|
|
|
/* XXX This is an ugly hack because I didn't manage to make the IPIP
|
|
|
|
|
* dissector a heuristic one [JMayer]
|
|
|
|
|
* The TAPA protocol also uses IP protocol number 4 but it isn't really
|
|
|
|
|
* IPIP, so try to detect it first and call it explicitly before calling
|
|
|
|
|
* the generic ip.proto dispatcher
|
|
|
|
|
*/
|
|
|
|
|
if (nxt == IP_PROTO_IPIP &&
|
|
|
|
|
(tvb_get_guint8(next_tvb, 0) & 0xF0) != 40 &&
|
|
|
|
|
tvb_get_ntohs(next_tvb, 2) < 20) {
|
|
|
|
|
call_dissector(tapa_handle,next_tvb, pinfo, parent_tree);
|
|
|
|
|
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
/* Hand off to the next protocol.
|
|
|
|
|
|
|
|
|
|
XXX - setting the columns only after trying various dissectors means
|
|
|
|
|
that if one of those dissectors throws an exception, the frame won't
|
|
|
|
|
even be labelled as an IP frame; ideally, if a frame being dissected
|
|
|
|
|
throws an exception, it'll be labelled as a mangled frame of the
|
|
|
|
|
type in question. */
|
2007-03-04 11:48:07 +00:00
|
|
|
} else if (!dissector_try_port(ip_dissector_table, nxt, next_tvb, pinfo, parent_tree)) {
|
2000-04-20 07:05:58 +00:00
|
|
|
/* Unknown protocol */
|
2001-04-18 04:53:51 +00:00
|
|
|
if (update_col_info) {
|
2001-12-10 00:26:21 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
2003-01-22 01:16:33 +00:00
|
|
|
col_add_fstr(pinfo->cinfo, COL_INFO, "%s (0x%02x)", ipprotostr(iph->ip_p), iph->ip_p);
|
2001-04-18 04:53:51 +00:00
|
|
|
}
|
2005-04-11 08:43:51 +00:00
|
|
|
call_dissector(data_handle,next_tvb, pinfo, parent_tree);
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
Use the "fragmented" field of the "packet_info" structure in
"dissect_frame()" to indicate whether a ReportedBoundsError was due to
the packet being malformed (i.e., the packet was shorter than it's
supposed to be, so the dissector went past the end trying to extract
fields that were supposed to be there) or due to it not being
reassembled (i.e., the packet was fragmented, and we didn't reassemble
it, but just treated the first fragment as the entire packet, so the
dissector went past the end trying to extract fields that were partially
or completely in fragments after that). Mark the latter as being
unreasembled rather than malformed.
Properly initialize, save, and restore that field, and properly set it,
so that works.
svn path=/trunk/; revision=4555
2002-01-17 06:29:20 +00:00
|
|
|
pinfo->fragmented = save_fragmented;
|
1998-09-16 02:39:15 +00:00
|
|
|
}
|
|
|
|
|
|
1999-07-07 22:52:57 +00:00
|
|
|
void
|
|
|
|
|
proto_register_ip(void)
|
|
|
|
|
{
|
1999-07-15 15:33:52 +00:00
|
|
|
static hf_register_info hf[] = {
|
|
|
|
|
|
|
|
|
|
{ &hf_ip_version,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Version", "ip.version", FT_UINT8, BASE_DEC, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_hdr_len,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
2000-01-24 04:44:58 +00:00
|
|
|
{ &hf_ip_dsfield,
|
|
|
|
|
{ "Differentiated Services field", "ip.dsfield", FT_UINT8, BASE_DEC, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2000-01-24 04:44:58 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_dsfield_dscp,
|
|
|
|
|
{ "Differentiated Services Codepoint", "ip.dsfield.dscp", FT_UINT8, BASE_HEX,
|
|
|
|
|
VALS(dscp_vals), IPDSFIELD_DSCP_MASK,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2000-01-24 04:44:58 +00:00
|
|
|
|
2000-09-16 00:48:43 +00:00
|
|
|
{ &hf_ip_dsfield_ect,
|
|
|
|
|
{ "ECN-Capable Transport (ECT)", "ip.dsfield.ect", FT_UINT8, BASE_DEC, NULL,
|
|
|
|
|
IPDSFIELD_ECT_MASK,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2000-09-16 00:48:43 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_dsfield_ce,
|
|
|
|
|
{ "ECN-CE", "ip.dsfield.ce", FT_UINT8, BASE_DEC, NULL,
|
|
|
|
|
IPDSFIELD_CE_MASK,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2000-01-24 04:44:58 +00:00
|
|
|
|
1999-07-15 15:33:52 +00:00
|
|
|
{ &hf_ip_tos,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Type of Service", "ip.tos", FT_UINT8, BASE_DEC, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_tos_precedence,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Precedence", "ip.tos.precedence", FT_UINT8, BASE_DEC, VALS(precedence_vals),
|
1999-11-02 05:38:51 +00:00
|
|
|
IPTOS_PREC_MASK,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-11-02 05:38:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_tos_delay,
|
|
|
|
|
{ "Delay", "ip.tos.delay", FT_BOOLEAN, 8, TFS(&tos_set_low),
|
|
|
|
|
IPTOS_LOWDELAY,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-11-02 05:38:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_tos_throughput,
|
|
|
|
|
{ "Throughput", "ip.tos.throughput", FT_BOOLEAN, 8, TFS(&tos_set_high),
|
|
|
|
|
IPTOS_THROUGHPUT,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-11-02 05:38:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_tos_reliability,
|
|
|
|
|
{ "Reliability", "ip.tos.reliability", FT_BOOLEAN, 8, TFS(&tos_set_high),
|
|
|
|
|
IPTOS_RELIABILITY,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-11-02 05:38:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_tos_cost,
|
|
|
|
|
{ "Cost", "ip.tos.cost", FT_BOOLEAN, 8, TFS(&tos_set_low),
|
|
|
|
|
IPTOS_LOWCOST,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_len,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Total Length", "ip.len", FT_UINT16, BASE_DEC, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_id,
|
2005-09-21 02:12:24 +00:00
|
|
|
{ "Identification", "ip.id", FT_UINT16, BASE_HEX_DEC, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_dst,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Destination", "ip.dst", FT_IPv4, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-15 15:33:52 +00:00
|
|
|
|
2005-06-01 23:44:24 +00:00
|
|
|
{ &hf_ip_dst_host,
|
|
|
|
|
{ "Destination Host", "ip.dst_host", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2005-06-01 23:44:24 +00:00
|
|
|
|
1999-07-15 15:33:52 +00:00
|
|
|
{ &hf_ip_src,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source", "ip.src", FT_IPv4, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-07-17 04:19:15 +00:00
|
|
|
|
2005-06-01 23:44:24 +00:00
|
|
|
{ &hf_ip_src_host,
|
|
|
|
|
{ "Source Host", "ip.src_host", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2005-06-01 23:44:24 +00:00
|
|
|
|
1999-07-17 04:19:15 +00:00
|
|
|
{ &hf_ip_addr,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Source or Destination Address", "ip.addr", FT_IPv4, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-08-17 03:09:39 +00:00
|
|
|
|
2005-06-01 23:44:24 +00:00
|
|
|
{ &hf_ip_host,
|
|
|
|
|
{ "Source or Destination Host", "ip.host", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
#ifdef HAVE_GEOIP
|
|
|
|
|
{ &hf_geoip_country,
|
|
|
|
|
{ "Source or Destination GeoIP Country", "ip.geoip.country", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_city,
|
|
|
|
|
{ "Source or Destination GeoIP City", "ip.geoip.city", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_org,
|
|
|
|
|
{ "Source or Destination GeoIP Organization", "ip.geoip.org", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_isp,
|
|
|
|
|
{ "Source or Destination GeoIP ISP", "ip.geoip.isp", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_asnum,
|
|
|
|
|
{ "Source or Destination GeoIP AS Number", "ip.geoip.asnum", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2009-02-04 01:02:59 +00:00
|
|
|
{ &hf_geoip_lat,
|
|
|
|
|
{ "Source or Destination GeoIP Latitude", "ip.geoip.lat", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2009-02-04 01:02:59 +00:00
|
|
|
{ &hf_geoip_lon,
|
|
|
|
|
{ "Source or Destination GeoIP Longitude", "ip.geoip.lon", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_src_country,
|
|
|
|
|
{ "Source GeoIP Country", "ip.geoip.src_country", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_src_city,
|
|
|
|
|
{ "Source GeoIP City", "ip.geoip.src_city", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_src_org,
|
|
|
|
|
{ "Source GeoIP Organization", "ip.geoip.src_org", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_src_isp,
|
|
|
|
|
{ "Source GeoIP ISP", "ip.geoip.src_isp", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_src_asnum,
|
|
|
|
|
{ "Source GeoIP AS Number", "ip.geoip.src_asnum", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2009-02-04 01:02:59 +00:00
|
|
|
{ &hf_geoip_src_lat,
|
|
|
|
|
{ "Source GeoIP Latitude", "ip.geoip.src_lat", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2009-02-04 01:02:59 +00:00
|
|
|
{ &hf_geoip_src_lon,
|
|
|
|
|
{ "Source GeoIP Longitude", "ip.geoip.src_lon", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_dst_country,
|
|
|
|
|
{ "Destination GeoIP Country", "ip.geoip.dst_country", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_dst_city,
|
|
|
|
|
{ "Destination GeoIP City", "ip.geoip.dst_city", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_dst_org,
|
|
|
|
|
{ "Destination GeoIP Organization", "ip.geoip.dst_org", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_dst_isp,
|
|
|
|
|
{ "Destination GeoIP ISP", "ip.geoip.dst_isp", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
{ &hf_geoip_dst_asnum,
|
|
|
|
|
{ "Destination GeoIP AS Number", "ip.geoip.dst_asnum", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2009-02-04 01:02:59 +00:00
|
|
|
{ &hf_geoip_dst_lat,
|
|
|
|
|
{ "Destination GeoIP Latitude", "ip.geoip.dst_lat", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2009-02-04 01:02:59 +00:00
|
|
|
{ &hf_geoip_dst_lon,
|
|
|
|
|
{ "Destination GeoIP Longitude", "ip.geoip.dst_lon", FT_STRING, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2008-12-19 23:49:03 +00:00
|
|
|
#endif /* HAVE_GEOIP */
|
1999-08-17 03:09:39 +00:00
|
|
|
{ &hf_ip_flags,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Flags", "ip.flags", FT_UINT8, BASE_HEX, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-08-17 03:09:39 +00:00
|
|
|
|
2004-02-18 06:43:01 +00:00
|
|
|
{ &hf_ip_flags_rf,
|
2009-07-07 14:54:15 +00:00
|
|
|
{ "Reserved bit", "ip.flags.rb", FT_BOOLEAN, 4, TFS(&tfs_set_notset), IP_RF >> 12,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2004-02-18 06:43:01 +00:00
|
|
|
|
1999-11-02 05:38:51 +00:00
|
|
|
{ &hf_ip_flags_df,
|
2009-07-07 14:54:15 +00:00
|
|
|
{ "Don't fragment", "ip.flags.df", FT_BOOLEAN, 4, TFS(&tfs_set_notset), IP_DF >> 12,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-11-02 05:38:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_flags_mf,
|
2009-07-07 14:54:15 +00:00
|
|
|
{ "More fragments", "ip.flags.mf", FT_BOOLEAN, 4, TFS(&tfs_set_notset), IP_MF >> 12,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-11-02 05:38:51 +00:00
|
|
|
|
1999-08-17 03:09:39 +00:00
|
|
|
{ &hf_ip_frag_offset,
|
2007-08-29 15:35:27 +00:00
|
|
|
{ "Fragment offset", "ip.frag_offset", FT_UINT16, BASE_DEC, NULL, 0x0,
|
|
|
|
|
"Fragment offset (13 bits)", HFILL }},
|
1999-08-17 03:09:39 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_ttl,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Time to live", "ip.ttl", FT_UINT8, BASE_DEC, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-08-17 03:09:39 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_proto,
|
1999-10-15 05:30:43 +00:00
|
|
|
{ "Protocol", "ip.proto", FT_UINT8, BASE_HEX, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
1999-08-17 03:09:39 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_checksum,
|
1999-10-12 06:21:15 +00:00
|
|
|
{ "Header checksum", "ip.checksum", FT_UINT16, BASE_HEX, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2001-02-21 19:35:50 +00:00
|
|
|
|
2005-08-21 15:13:47 +00:00
|
|
|
{ &hf_ip_checksum_good,
|
|
|
|
|
{ "Good", "ip.checksum_good", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"True: checksum matches packet content; False: doesn't match content or not checked", HFILL }},
|
|
|
|
|
|
2001-02-21 19:35:50 +00:00
|
|
|
{ &hf_ip_checksum_bad,
|
2009-06-21 18:45:56 +00:00
|
|
|
{ "Bad", "ip.checksum_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
2005-08-21 15:13:47 +00:00
|
|
|
"True: checksum doesn't match packet content; False: matches content or not checked", HFILL }},
|
2001-04-18 04:53:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_fragment_overlap,
|
|
|
|
|
{ "Fragment overlap", "ip.fragment.overlap", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Fragment overlaps with other fragments", HFILL }},
|
2001-04-18 04:53:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_fragment_overlap_conflict,
|
|
|
|
|
{ "Conflicting data in fragment overlap", "ip.fragment.overlap.conflict", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Overlapping fragments contained conflicting data", HFILL }},
|
2001-04-18 04:53:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_fragment_multiple_tails,
|
|
|
|
|
{ "Multiple tail fragments found", "ip.fragment.multipletails", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Several tails were found when defragmenting the packet", HFILL }},
|
2001-04-18 04:53:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_fragment_too_long_fragment,
|
|
|
|
|
{ "Fragment too long", "ip.fragment.toolongfragment", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Fragment contained data past end of packet", HFILL }},
|
2001-04-18 04:53:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_fragment_error,
|
2002-12-19 11:22:38 +00:00
|
|
|
{ "Defragmentation error", "ip.fragment.error", FT_FRAMENUM, BASE_NONE, NULL, 0x0,
|
2001-06-18 02:18:27 +00:00
|
|
|
"Defragmentation error due to illegal fragments", HFILL }},
|
2001-04-18 04:53:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_fragment,
|
2002-12-19 11:22:38 +00:00
|
|
|
{ "IP Fragment", "ip.fragment", FT_FRAMENUM, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2001-04-18 04:53:51 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_fragments,
|
2001-06-05 05:54:14 +00:00
|
|
|
{ "IP Fragments", "ip.fragments", FT_NONE, BASE_NONE, NULL, 0x0,
|
2009-06-21 18:45:56 +00:00
|
|
|
NULL, HFILL }},
|
2003-04-18 05:11:44 +00:00
|
|
|
|
|
|
|
|
{ &hf_ip_reassembled_in,
|
|
|
|
|
{ "Reassembled IP in frame", "ip.reassembled_in", FT_FRAMENUM, BASE_NONE, NULL, 0x0,
|
|
|
|
|
"This IP packet is reassembled in this frame", HFILL }}
|
1999-07-08 04:23:28 +00:00
|
|
|
};
|
1999-11-16 11:44:20 +00:00
|
|
|
static gint *ett[] = {
|
|
|
|
|
&ett_ip,
|
2000-01-24 04:44:58 +00:00
|
|
|
&ett_ip_dsfield,
|
1999-11-16 11:44:20 +00:00
|
|
|
&ett_ip_tos,
|
|
|
|
|
&ett_ip_off,
|
|
|
|
|
&ett_ip_options,
|
|
|
|
|
&ett_ip_option_sec,
|
|
|
|
|
&ett_ip_option_route,
|
|
|
|
|
&ett_ip_option_timestamp,
|
2007-01-19 23:56:42 +00:00
|
|
|
&ett_ip_option_cipso,
|
2001-04-18 04:53:51 +00:00
|
|
|
&ett_ip_fragments,
|
|
|
|
|
&ett_ip_fragment,
|
2009-07-09 11:32:50 +00:00
|
|
|
&ett_ip_checksum,
|
|
|
|
|
#ifdef HAVE_GEOIP
|
|
|
|
|
&ett_geoip_info
|
|
|
|
|
#endif
|
1999-11-16 11:44:20 +00:00
|
|
|
};
|
Add support for a global "ethereal.conf" preferences file, stored in the
same directory as the "manuf" file ("/etc" or "/usr/local/etc", most
likely).
Add a mechanism to allow modules (e.g., dissectors) to register
preference values, which:
can be put into the global or the user's preference file;
can be set from the command line, with arguments to the "-o"
flag;
can be set from tabs in the "Preferences" dialog box.
Use that mechanism to register the "Decode IPv4 TOS field as DiffServ
field" variable for IP as a preference.
Stuff that still needs to be done:
documenting the API for registering preferences;
documenting the "-o" values in the man page (probably needs a
flag similar to "-G", and a Perl script to turn the output into
documentation as is done with the list of field);
handling error checking for numeric values (range checking,
making sure that if the user changes the variable from the GUI
they change it to a valid numeric value);
using the callbacks to, for example, update the display when
preferences are changed (could be expensive);
panic if the user specifies a numeric value with a base other
than 10, 8, or 16.
We may also want to clean up the existing wired-in preferences not to
take effect the instant you tweak the widget, and to add an "Apply"
button to the "Preferences" dialog.
svn path=/trunk/; revision=2117
2000-07-05 09:41:07 +00:00
|
|
|
module_t *ip_module;
|
1999-07-08 04:23:28 +00:00
|
|
|
|
2001-01-03 06:56:03 +00:00
|
|
|
proto_ip = proto_register_protocol("Internet Protocol", "IP", "ip");
|
1999-07-08 04:23:28 +00:00
|
|
|
proto_register_field_array(proto_ip, hf, array_length(hf));
|
1999-11-16 11:44:20 +00:00
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2000-04-16 22:46:25 +00:00
|
|
|
|
|
|
|
|
/* subdissector code */
|
2001-12-08 06:41:48 +00:00
|
|
|
ip_dissector_table = register_dissector_table("ip.proto",
|
|
|
|
|
"IP protocol", FT_UINT8, BASE_DEC);
|
Add support for a global "ethereal.conf" preferences file, stored in the
same directory as the "manuf" file ("/etc" or "/usr/local/etc", most
likely).
Add a mechanism to allow modules (e.g., dissectors) to register
preference values, which:
can be put into the global or the user's preference file;
can be set from the command line, with arguments to the "-o"
flag;
can be set from tabs in the "Preferences" dialog box.
Use that mechanism to register the "Decode IPv4 TOS field as DiffServ
field" variable for IP as a preference.
Stuff that still needs to be done:
documenting the API for registering preferences;
documenting the "-o" values in the man page (probably needs a
flag similar to "-G", and a Perl script to turn the output into
documentation as is done with the list of field);
handling error checking for numeric values (range checking,
making sure that if the user changes the variable from the GUI
they change it to a valid numeric value);
using the callbacks to, for example, update the display when
preferences are changed (could be expensive);
panic if the user specifies a numeric value with a base other
than 10, 8, or 16.
We may also want to clean up the existing wired-in preferences not to
take effect the instant you tweak the widget, and to add an "Apply"
button to the "Preferences" dialog.
svn path=/trunk/; revision=2117
2000-07-05 09:41:07 +00:00
|
|
|
|
2001-06-08 08:29:15 +00:00
|
|
|
/* Register configuration options */
|
2001-01-03 07:53:48 +00:00
|
|
|
ip_module = prefs_register_protocol(proto_ip, NULL);
|
Add support for a global "ethereal.conf" preferences file, stored in the
same directory as the "manuf" file ("/etc" or "/usr/local/etc", most
likely).
Add a mechanism to allow modules (e.g., dissectors) to register
preference values, which:
can be put into the global or the user's preference file;
can be set from the command line, with arguments to the "-o"
flag;
can be set from tabs in the "Preferences" dialog box.
Use that mechanism to register the "Decode IPv4 TOS field as DiffServ
field" variable for IP as a preference.
Stuff that still needs to be done:
documenting the API for registering preferences;
documenting the "-o" values in the man page (probably needs a
flag similar to "-G", and a Perl script to turn the output into
documentation as is done with the list of field);
handling error checking for numeric values (range checking,
making sure that if the user changes the variable from the GUI
they change it to a valid numeric value);
using the callbacks to, for example, update the display when
preferences are changed (could be expensive);
panic if the user specifies a numeric value with a base other
than 10, 8, or 16.
We may also want to clean up the existing wired-in preferences not to
take effect the instant you tweak the widget, and to add an "Apply"
button to the "Preferences" dialog.
svn path=/trunk/; revision=2117
2000-07-05 09:41:07 +00:00
|
|
|
prefs_register_bool_preference(ip_module, "decode_tos_as_diffserv",
|
|
|
|
|
"Decode IPv4 TOS field as DiffServ field",
|
2005-06-01 23:47:55 +00:00
|
|
|
"Whether the IPv4 type-of-service field should be decoded as a Differentiated Services field (see RFC2474/RFC2475)",
|
Add support for a global "ethereal.conf" preferences file, stored in the
same directory as the "manuf" file ("/etc" or "/usr/local/etc", most
likely).
Add a mechanism to allow modules (e.g., dissectors) to register
preference values, which:
can be put into the global or the user's preference file;
can be set from the command line, with arguments to the "-o"
flag;
can be set from tabs in the "Preferences" dialog box.
Use that mechanism to register the "Decode IPv4 TOS field as DiffServ
field" variable for IP as a preference.
Stuff that still needs to be done:
documenting the API for registering preferences;
documenting the "-o" values in the man page (probably needs a
flag similar to "-G", and a Perl script to turn the output into
documentation as is done with the list of field);
handling error checking for numeric values (range checking,
making sure that if the user changes the variable from the GUI
they change it to a valid numeric value);
using the callbacks to, for example, update the display when
preferences are changed (could be expensive);
panic if the user specifies a numeric value with a base other
than 10, 8, or 16.
We may also want to clean up the existing wired-in preferences not to
take effect the instant you tweak the widget, and to add an "Apply"
button to the "Preferences" dialog.
svn path=/trunk/; revision=2117
2000-07-05 09:41:07 +00:00
|
|
|
&g_ip_dscp_actif);
|
2001-04-18 04:53:51 +00:00
|
|
|
prefs_register_bool_preference(ip_module, "defragment",
|
|
|
|
|
"Reassemble fragmented IP datagrams",
|
|
|
|
|
"Whether fragmented IP datagrams should be reassembled",
|
|
|
|
|
&ip_defragment);
|
2003-01-28 23:56:40 +00:00
|
|
|
prefs_register_bool_preference(ip_module, "summary_in_tree",
|
2001-05-23 03:33:59 +00:00
|
|
|
"Show IP summary in protocol tree",
|
|
|
|
|
"Whether the IP summary line should be shown in the protocol tree",
|
|
|
|
|
&ip_summary_in_tree);
|
2005-10-03 16:24:43 +00:00
|
|
|
prefs_register_bool_preference(ip_module, "check_checksum" ,
|
|
|
|
|
"Validate the IP checksum if possible",
|
|
|
|
|
"Whether to validate the IP checksum",
|
|
|
|
|
&ip_check_checksum);
|
2007-09-24 06:46:59 +00:00
|
|
|
prefs_register_bool_preference(ip_module, "tso_support" ,
|
|
|
|
|
"Support packet-capture from IP TSO-enabled hardware",
|
|
|
|
|
"Whether to correct for TSO-enabled hardware captures, such as spoofing the IP packet length",
|
|
|
|
|
&ip_tso_supported);
|
2008-12-19 23:49:03 +00:00
|
|
|
#ifdef HAVE_GEOIP
|
|
|
|
|
prefs_register_bool_preference(ip_module, "use_geoip" ,
|
|
|
|
|
"Enable GeoIP lookups",
|
|
|
|
|
"Whether to look up IP addresses in each GeoIP database we have loaded",
|
|
|
|
|
&ip_use_geoip);
|
|
|
|
|
#endif /* HAVE_GEOIP */
|
Tvbuffify the IP, ICMP, TCP, UDP, OSI CLNP, OSI COTP, OSI CLTP, and OSI
ESIS dissectors.
Register the IP dissector and have dissectors that call it directly
(rather than through a port table) call it through a handle.
Add a routine "tvb_set_reported_length()" which a dissector can use if
it was handed a tvbuff that contains more data than is actually in its
part of the packet - for example, handing a padded Ethernet frame to IP;
the routine sets the reported length of the tvbuff (and also adjusts the
actual length, as appropriate). Then use it in IP.
Given that, "ethertype()" can determine how much of the Ethernet frame
was actually part of an IP datagram (and can do the same for other
protocols under Ethernet that use "tvb_set_reported_length()"; have it
return the actual length, and have "dissect_eth()" and "dissect_vlan()"
use that to mark trailer data in Ethernet II frames as well as in 802.3
frames.
svn path=/trunk/; revision=2658
2000-11-18 10:38:33 +00:00
|
|
|
|
2001-01-09 06:32:10 +00:00
|
|
|
register_dissector("ip", dissect_ip, proto_ip);
|
2001-04-18 04:53:51 +00:00
|
|
|
register_init_routine(ip_defragment_init);
|
2003-01-22 01:16:33 +00:00
|
|
|
ip_tap=register_tap("ip");
|
1999-07-07 22:52:57 +00:00
|
|
|
}
|
1999-07-29 05:47:07 +00:00
|
|
|
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
void
|
|
|
|
|
proto_reg_handoff_ip(void)
|
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t ip_handle;
|
|
|
|
|
|
|
|
|
|
ip_handle = find_dissector("ip");
|
2009-07-09 11:32:50 +00:00
|
|
|
ipv6_handle = find_dissector("ipv6");
|
2007-03-04 11:48:07 +00:00
|
|
|
tapa_handle = find_dissector("tapa");
|
2009-07-09 11:32:50 +00:00
|
|
|
data_handle = find_dissector("data");
|
|
|
|
|
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_add("ethertype", ETHERTYPE_IP, ip_handle);
|
|
|
|
|
dissector_add("ppp.protocol", PPP_IP, ip_handle);
|
|
|
|
|
dissector_add("ppp.protocol", ETHERTYPE_IP, ip_handle);
|
|
|
|
|
dissector_add("gre.proto", ETHERTYPE_IP, ip_handle);
|
|
|
|
|
dissector_add("gre.proto", GRE_WCCP, ip_handle);
|
|
|
|
|
dissector_add("llc.dsap", SAP_IP, ip_handle);
|
|
|
|
|
dissector_add("ip.proto", IP_PROTO_IPIP, ip_handle);
|
|
|
|
|
dissector_add("null.type", BSD_AF_INET, ip_handle);
|
|
|
|
|
dissector_add("chdlctype", ETHERTYPE_IP, ip_handle);
|
2005-01-20 05:40:56 +00:00
|
|
|
dissector_add("osinl.excl", NLPID_IP, ip_handle);
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_add("fr.ietf", NLPID_IP, ip_handle);
|
|
|
|
|
dissector_add("x.25.spi", NLPID_IP, ip_handle);
|
2009-07-09 11:32:50 +00:00
|
|
|
dissector_add("arcnet.protocol_id", ARCNET_PROTO_IP_1051, ip_handle);
|
|
|
|
|
dissector_add("arcnet.protocol_id", ARCNET_PROTO_IP_1201, ip_handle);
|
2005-02-27 20:26:55 +00:00
|
|
|
dissector_add_handle("udp.port", ip_handle);
|
Change the sub-dissector handoff registration routines so that the
sub-dissector table is not stored in the header_field_info struct, but
in a separate namespace. Dissector tables are now registered by name
and not by field ID. For example:
udp_dissector_table = register_dissector_table("udp.port");
Because of this different namespace, dissector tables can have names
that are not field names. This is useful for ethertype, since multiple
fields are "ethertypes".
packet-ethertype.c replaces ethertype.c (the name was changed so that it
would be named in the same fashion as all the filenames passed to make-reg-dotc)
Although it registers no protocol or field, it registers one dissector table:
ethertype_dissector_table = register_dissector_table("ethertype");
All protocols that can be called because of an ethertype field now register
that fact with dissector_add() calls.
In this way, one dissector_table services all ethertype fields
(hf_eth_type, hf_llc_type, hf_null_etype, hf_vlan_etype)
Furthermore, the code allows for names of protocols to exist in the
etype_vals, yet a dissector for that protocol doesn't exist. The name
of the dissector is printed in COL_INFO. You're welcome, Richard. :-)
svn path=/trunk/; revision=1848
2000-04-13 18:18:56 +00:00
|
|
|
}
|