osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

IP fragment reassembly, from Ronnie Sahlberg. 

svn path=/trunk/; revision=3324
This commit is contained in:
Guy Harris 2001-04-18 04:53:51 +00:00
parent e79474408f
commit d93fa98b6e
2 changed files with 546 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
AUTHORS
View File

@ -499,6 +499,7 @@ Ronnie Sahlberg <rsahlber@bigpond.net.au> {
BOOTPARAM dissector enhancements
RWALL support
HCLNFSD dissector enhancements
IP fragment reassembly
}
Borosa Tomislav <tomislav.borosa@SIEMENS.HR> {

579
packet-ip.c
View File

@ -1,7 +1,7 @@
/* packet-ip.c
* Routines for IP and miscellaneous IP protocol packet disassembly
*
* $Id: packet-ip.c,v 1.130 2001/04/17 06:29:12 guy Exp $
* $Id: packet-ip.c,v 1.131 2001/04/18 04:53:51 guy Exp $
*
* Ethereal - Network traffic analyzer
* By Gerald Combs <gerald@zing.org>
@ -63,6 +63,9 @@ static void dissect_igmp(tvbuff_t *, packet_info *, proto_tree *);
/* Decode the old IPv4 TOS field as the DiffServ DS Field */
static gboolean g_ip_dscp_actif = TRUE;
/* Defragment fragmented IP datagrams */
static gboolean ip_defragment = FALSE;
static int proto_ip = -1;
static int hf_ip_version = -1;
static int hf_ip_hdr_len = -1;
@ -89,6 +92,13 @@ static int hf_ip_ttl = -1;
static int hf_ip_proto = -1;
static int hf_ip_checksum = -1;
static int hf_ip_checksum_bad = -1;
static int hf_ip_fragments = -1;
static int hf_ip_fragment = -1;
static int hf_ip_fragment_overlap = -1;
static int hf_ip_fragment_overlap_conflict = -1;
static int hf_ip_fragment_multiple_tails = -1;
static int hf_ip_fragment_too_long_fragment = -1;
static int hf_ip_fragment_error = -1;
static gint ett_ip = -1;
static gint ett_ip_dsfield = -1;
@ -98,6 +108,8 @@ static gint ett_ip_options = -1;
static gint ett_ip_option_sec = -1;
static gint ett_ip_option_route = -1;
static gint ett_ip_option_timestamp = -1;
static gint ett_ip_fragments = -1;
static gint ett_ip_fragment = -1;
/* Used by IPv6 as well, so not static */
dissector_table_t ip_dissector_table;
@ -310,6 +322,321 @@ typedef struct _e_ip
#define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
#define IPOPT_TS_PRESPEC 3 /* specified modules only */
/*
* defragmentation of IPv4
*/
static GHashTable *ip_fragment_table=NULL;
typedef struct _ip_fragment_key {
guint32 srcip;
guint32 dstip;
guint32 id;
} ip_fragment_key;
/* make sure that all flags that are set in a fragment entry is also set for
* the flags field of ipfd_head !!!
*/
/* only in ipfd_head: packet is defragmented */
#define IPD_DEFRAGMENTED 0x0001
/* there are overlapping fragments */
#define IPD_OVERLAP 0x0002
/* overlapping fragments contain different data */
#define IPD_OVERLAPCONFLICT 0x0004
/* more than one fragment which indicates end-of data */
#define IPD_MULTIPLETAILS 0x0008
/* fragment contains data past the end of the datagram */
#define IPD_TOOLONGFRAGMENT 0x0010
typedef struct _ip_fragment_data {
struct _ip_fragment_data *next;
guint32 frame;
guint32 offset;
guint32 len;
guint32 datalen; /*Only valid in first item of list */
guint32 flags;
unsigned char *data;
} ip_fragment_data;
#define LINK_FRAG(ipfd_head,ipfd) \
{ ip_fragment_data *ipfd_i; \
/* add fragment to list, keep list sorted */ \
for(ipfd_i=ipfd_head;ipfd_i->next;ipfd_i=ipfd_i->next){ \
if( (ipfd->offset) < (ipfd_i->next->offset) ) \
break; \
} \
ipfd->next=ipfd_i->next; \
ipfd_i->next=ipfd; \
}
static gint
ip_fragment_equal(gconstpointer k1, gconstpointer k2)
{
ip_fragment_key* key1 = (ip_fragment_key*) k1;
ip_fragment_key* key2 = (ip_fragment_key*) k2;
return ( ( (key1->srcip == key2->srcip) &&
(key1->dstip == key2->dstip) &&
(key1->id == key2->id)
) ?
TRUE : FALSE);
}
static guint
ip_fragment_hash(gconstpointer k)
{
ip_fragment_key* key = (ip_fragment_key*) k;
return (key->srcip ^ key->dstip ^ key->id);
}
static gboolean
free_all_fragments(gpointer key, gpointer value, gpointer user_data)
{
ip_fragment_data *ipfd_head;
ip_fragment_data *ipfd_i;
ipfd_head=value;
while(ipfd_head){
ipfd_i=ipfd_head->next;
if(ipfd_head->data){
g_free(ipfd_head->data);
}
g_free(ipfd_head);
ipfd_head=ipfd_i;
}
g_free(key);
return TRUE;
}
static void
ip_defragment_init(void)
{
if( ip_fragment_table != NULL ){
/* The fragment hash table exists.
*
* Remove all entries and free all memory.
*/
g_hash_table_foreach_remove(ip_fragment_table,free_all_fragments,NULL);
} else {
/* The fragment table does not exist. Create it */
ip_fragment_table = g_hash_table_new(ip_fragment_hash,
ip_fragment_equal);
}
}
/* This function adds a new fragment to the fragment hash table
* If this is the first fragment seen in for this ip packet,
* a new entry is created in the hash table, otherwise
* This fragment is just added to the linked list of
* fragments for this packet.
* The list of fragments for a specific ip-packet is kept sorted for
* easier handling.
* tvb had better contain an IPv4 packet, or BAD things will probably happen.
*
* Returns a pointer to the head of the fragment data list if we have all the
* fragments, NULL otherwise.
*/
static ip_fragment_data *
ip_fragment_add(tvbuff_t *tvb, int offset, packet_info *pinfo, guint32 id,
guint32 floff)
{
ip_fragment_key *ipfk;
ip_fragment_data *ipfd_head;
ip_fragment_data *ipfd;
ip_fragment_data *ipfd_i;
guint32 frag_offset;
guint32 max,dfpos;
/* create key to search hash with */
ipfk=g_malloc(sizeof(ip_fragment_key));
memcpy(&ipfk->srcip, pinfo->src.data, sizeof(ipfk->srcip));
memcpy(&ipfk->dstip, pinfo->dst.data, sizeof(ipfk->dstip));
ipfk->id = id;
ipfd_head=g_hash_table_lookup(ip_fragment_table, ipfk);
/* have we already seen this frame ?*/
if( pinfo->fd->flags.visited ){
g_free(ipfk);
if (ipfd_head != NULL && ipfd_head->flags & IPD_DEFRAGMENTED) {
return ipfd_head;
} else {
return NULL;
}
}
frag_offset = (floff & IP_OFFSET)*8;
if (ipfd_head==NULL){
/* not found, this must be the first snooped fragment for this
* ip packet. Create list-head.
*/
ipfd_head=g_malloc(sizeof(ip_fragment_data));
/* head/first structure in list only holds no other data than
* 'datalen' then we dont have to change the head of the list
* even if we want to keep it sorted
*/
ipfd_head->next=NULL;
ipfd_head->datalen=0;
ipfd_head->offset=0;
ipfd_head->len=0;
ipfd_head->flags=0;
ipfd_head->data=NULL;
g_hash_table_insert(ip_fragment_table, ipfk, ipfd_head);
} else {
/* this was not the first fragment, so we can throw ipfk
* away, only used for the first fragment, 3 lines up
*/
g_free(ipfk);
}
/* create new ipfd describing this fragment */
ipfd = g_malloc(sizeof(ip_fragment_data));
ipfd->next = NULL;
ipfd->flags = 0;
ipfd->frame = pinfo->fd->num;
ipfd->offset = frag_offset;
ipfd->len = pinfo->iplen;
ipfd->len -= (pinfo->iphdrlen*4);
ipfd->data = NULL;
if( !(floff&IP_MF) ){
/* this is a tail fragment */
if (ipfd_head->datalen) {
/* ok we have already seen other tails for this packet
* it might be a duplicate.
*/
if (ipfd_head->datalen != (ipfd->offset + ipfd->len) ){
/* Oops, this tail indicates a different packet
* len than the previous ones. Somethings wrong
*/
ipfd->flags |= IPD_MULTIPLETAILS;
ipfd_head->flags |= IPD_MULTIPLETAILS;
}
} else {
/* this was the first tail fragment, now we know the
* length of the packet
*/
ipfd_head->datalen = ipfd->offset + ipfd->len;
}
}
/* If the packet is already defragmented, this MUST be an overlap.
* The entire defragmented packet is in ipfd_head->data
* Even if we have previously defragmented this packet, we still check
* check it. Someone might play overlap and TTL games.
*/
if (ipfd_head->flags & IPD_DEFRAGMENTED) {
ipfd->flags |= IPD_OVERLAP;
ipfd_head->flags |= IPD_OVERLAP;
/* make sure its not too long */
if (ipfd->offset + ipfd->len > ipfd_head->datalen) {
ipfd->flags |= IPD_TOOLONGFRAGMENT;
ipfd_head->flags |= IPD_TOOLONGFRAGMENT;
LINK_FRAG(ipfd_head,ipfd);
return (ipfd_head);
}
/* make sure it doesnt conflict with previous data */
if ( memcmp(ipfd_head->data+ipfd->offset,
tvb_get_ptr(tvb,offset,ipfd->len),ipfd->len) ){
ipfd->flags |= IPD_OVERLAPCONFLICT;
ipfd_head->flags |= IPD_OVERLAPCONFLICT;
LINK_FRAG(ipfd_head,ipfd);
return (ipfd_head);
}
/* it was just an overlap, link it and return */
LINK_FRAG(ipfd_head,ipfd);
return (ipfd_head);
}
/* If we have reached this point, the packet is not defragmented yet.
* Save all payload in a buffer until we can defragment.
*/
ipfd->data = g_malloc(ipfd->len);
tvb_memcpy(tvb, ipfd->data, offset, ipfd->len);
LINK_FRAG(ipfd_head,ipfd);
if( !(ipfd_head->datalen) ){
/* if we dont know the datalen, there are still missing
* packets. Cheaper than the check below.
*/
return NULL;
}
/* check if we have received the entire fragment
* this is easy since the list is sorted and the head is faked.
*/
max = 0;
for (ipfd_i=ipfd_head->next;ipfd_i;ipfd_i=ipfd_i->next) {
if ( ((ipfd_i->offset)<=max) &&
((ipfd_i->offset+ipfd_i->len)>max) ){
max = ipfd_i->offset+ipfd_i->len;
}
}
if (max < (ipfd_head->datalen)) {
/* we have not received all packets yet */
return NULL;
}
if (max > (ipfd_head->datalen)) {
/* oops, too long fragment detected */
ipfd->flags |= IPD_TOOLONGFRAGMENT;
ipfd_head->flags |= IPD_TOOLONGFRAGMENT;
}
/* we have received an entire packet, defragment it and
* free all fragments
*/
ipfd_head->data = g_malloc(max);
/* add all data fragments */
for (dfpos=0,ipfd_i=ipfd_head;ipfd_i;ipfd_i=ipfd_i->next) {
if (ipfd_i->len) {
if (ipfd_i->offset < dfpos) {
ipfd_i->flags |= IPD_OVERLAP;
ipfd_head->flags |= IPD_OVERLAP;
if ( memcmp(ipfd_head->data+ipfd_i->offset,
ipfd_i->data,
MIN(ipfd_i->len,(dfpos-ipfd_i->offset))
) ){
ipfd_i->flags |= IPD_OVERLAPCONFLICT;
ipfd_head->flags |= IPD_OVERLAPCONFLICT;
}
}
memcpy(ipfd_head->data+ipfd_i->offset,ipfd_i->data,ipfd_i->len);
g_free(ipfd_i->data);
ipfd_i->data=NULL;
dfpos=MAX(dfpos,(ipfd_i->offset+ipfd_i->len));
}
}
/* mark this packet as defragmented.
allows us to skip any trailing fragments */
ipfd_head->flags |= IPD_DEFRAGMENTED;
return ipfd_head;
}
void
capture_ip(const u_char *pd, int offset, packet_counts *ld) {
@ -798,7 +1125,11 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
guint16 flags;
guint8 nxt;
guint16 ipsum;
ip_fragment_data *ipfd_head;
tvbuff_t *next_tvb;
packet_info save_pi;
gboolean must_restore_pi = FALSE;
gboolean update_col_info = TRUE;
if (check_col(pinfo->fd, COL_PROTOCOL))
col_set_str(pinfo->fd, COL_PROTOCOL, "IP");
@ -841,7 +1172,7 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
}
hlen = lo_nibble(iph.ip_v_hl) * 4; /* IP header length, in bytes */
if (tree) {
ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, FALSE);
ip_tree = proto_item_add_subtree(ti, ett_ip);
@ -850,15 +1181,20 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
if (hlen < IPH_MIN_LEN) {
if (check_col(pinfo->fd, COL_INFO))
col_add_fstr(pinfo->fd, COL_INFO, "Bogus IP header length (%u, must be at least %u)",
hlen, IPH_MIN_LEN);
hlen, IPH_MIN_LEN);
if (tree) {
proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
"Header length: %u bytes (bogus, must be at least %u)", hlen,
IPH_MIN_LEN);
"Header length: %u bytes (bogus, must be at least %u)", hlen,
IPH_MIN_LEN);
}
return;
}
/*
* Compute the checksum of the IP header.
*/
ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen);
if (tree) {
proto_tree_add_uint(ip_tree, hf_ip_version, tvb, offset, 1, hi_nibble(iph.ip_v_hl));
proto_tree_add_uint_format(ip_tree, hf_ip_hdr_len, tvb, offset, 1, hlen,
@ -897,20 +1233,20 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
proto_tree_add_uint(ip_tree, hf_ip_frag_offset, tvb, offset + 6, 2,
(iph.ip_off & IP_OFFSET)*8);
proto_tree_add_uint(ip_tree, hf_ip_ttl, tvb, offset + 8, 1, iph.ip_ttl);
proto_tree_add_uint_format(ip_tree, hf_ip_proto, tvb, offset + 9, 1, iph.ip_p,
"Protocol: %s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p);
ipsum = ip_checksum(tvb_get_ptr(tvb, offset, hlen), hlen);
if (ipsum == 0) {
proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph.ip_sum,
"Header checksum: 0x%04x (correct)", iph.ip_sum);
"Header checksum: 0x%04x (correct)", iph.ip_sum);
}
else {
proto_tree_add_boolean_hidden(ip_tree, hf_ip_checksum_bad, tvb, offset + 10, 2, TRUE);
proto_tree_add_item_hidden(ip_tree, hf_ip_checksum_bad, tvb, offset + 10, 2, TRUE);
proto_tree_add_uint_format(ip_tree, hf_ip_checksum, tvb, offset + 10, 2, iph.ip_sum,
"Header checksum: 0x%04x (incorrect, should be 0x%04x)", iph.ip_sum,
in_cksum_shouldbe(iph.ip_sum, ipsum));
"Header checksum: 0x%04x (incorrect, should be 0x%04x)", iph.ip_sum,
in_cksum_shouldbe(iph.ip_sum, ipsum));
}
proto_tree_add_ipv4(ip_tree, hf_ip_src, tvb, offset + 12, 4, iph.ip_src);
@ -932,8 +1268,11 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
}
pinfo->ipproto = iph.ip_p;
pinfo->iplen = iph.ip_len;
pinfo->iphdrlen = lo_nibble(iph.ip_v_hl);
SET_ADDRESS(&pinfo->net_src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4));
SET_ADDRESS(&pinfo->src, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_SRC, 4));
SET_ADDRESS(&pinfo->net_dst, AT_IPv4, 4, tvb_get_ptr(tvb, offset + IPH_DST, 4));
@ -941,25 +1280,158 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
/* Skip over header + options */
offset += hlen;
nxt = iph.ip_p;
if (iph.ip_off & IP_OFFSET) {
/* fragmented */
nxt = iph.ip_p; /* XXX - what if this isn't the same for all fragments? */
/* If ip_defragment is on and this is a fragment, then just add the fragment
* to the hashtable.
*/
if (ip_defragment && (iph.ip_off & (IP_MF|IP_OFFSET))) {
/* We're reassembling, and this is part of a fragmented datagram.
Add the fragment to the hash table if the checksum is ok
and the frame isn't truncated. */
if ((ipsum==0) && (tvb_reported_length(tvb) <= tvb_length(tvb))) {
ipfd_head = ip_fragment_add(tvb, offset, pinfo, iph.ip_id, iph.ip_off);
} else {
ipfd_head=NULL;
}
if (ipfd_head != NULL) {
ip_fragment_data *ipfd;
proto_tree *ft=NULL;
proto_item *fi=NULL;
/* OK, we have the complete reassembled payload. */
/* show all fragments */
fi = proto_tree_add_item(ip_tree, hf_ip_fragments,
tvb, 0, 0, FALSE);
ft = proto_item_add_subtree(fi, ett_ip_fragments);
for (ipfd=ipfd_head->next; ipfd; ipfd=ipfd->next){
if (ipfd->flags & (IPD_OVERLAP|IPD_OVERLAPCONFLICT
|IPD_MULTIPLETAILS|IPD_TOOLONGFRAGMENT) ) {
/* this fragment has some flags set, create a subtree
* for it and display the flags.
*/
proto_tree *fet=NULL;
proto_item *fei=NULL;
int hf;
if (ipfd->flags & (IPD_OVERLAPCONFLICT
|IPD_MULTIPLETAILS|IPD_TOOLONGFRAGMENT) ) {
hf = hf_ip_fragment_error;
} else {
hf = hf_ip_fragment;
}
fei = proto_tree_add_string_format(ft, hf,
tvb, 0, 0, 0,
"Frame:%d payload:%d-%d",
ipfd->frame,
ipfd->offset,
ipfd->offset+ipfd->len-1
);
fet = proto_item_add_subtree(fei, ett_ip_fragment);
if (ipfd->flags&IPD_OVERLAP) {
proto_tree_add_boolean(fet,
hf_ip_fragment_overlap, tvb, 0, 0,
TRUE);
}
if (ipfd->flags&IPD_OVERLAPCONFLICT) {
proto_tree_add_boolean(fet,
hf_ip_fragment_overlap_conflict, tvb, 0, 0,
TRUE);
}
if (ipfd->flags&IPD_MULTIPLETAILS) {
proto_tree_add_boolean(fet,
hf_ip_fragment_multiple_tails, tvb, 0, 0,
TRUE);
}
if (ipfd->flags&IPD_TOOLONGFRAGMENT) {
proto_tree_add_boolean(fet,
hf_ip_fragment_too_long_fragment, tvb, 0, 0,
TRUE);
}
} else {
/* nothing of interest for this fragment */
proto_tree_add_string_format(ft, hf_ip_fragment,
tvb, 0, 0, 0,
"Frame:%d payload:%d-%d",
ipfd->frame,
ipfd->offset,
ipfd->offset+ipfd->len-1
);
}
}
if (ipfd_head->flags & (IPD_OVERLAPCONFLICT
|IPD_MULTIPLETAILS|IPD_TOOLONGFRAGMENT) ) {
if (check_col(pinfo->fd, COL_INFO)) {
col_set_str(pinfo->fd, COL_INFO, "[Illegal fragments]");
update_col_info = FALSE;
}
}
/* Allocate a new tvbuff, referring to the reassembled payload. */
next_tvb = tvb_new_real_data(ipfd_head->data, ipfd_head->datalen,
ipfd_head->datalen, "Reassembled");
/* Add the tvbuff to the list of tvbuffs to which the tvbuff we
were handed refers, so it'll get cleaned up when that tvbuff
is cleaned up. */
tvb_set_child_real_data_tvbuff(tvb, next_tvb);
/* Add the defragmented data to the data source list. */
pinfo->fd->data_src = g_slist_append(pinfo->fd->data_src, next_tvb);
/* It's not fragmented. */
pinfo->fragmented = FALSE;
/* Save the current value of "pi", and adjust certain fields to
reflect the new tvbuff. */
save_pi = pi;
pi.compat_top_tvb = next_tvb;
pi.len = tvb_reported_length(next_tvb);
pi.captured_len = tvb_length(next_tvb);
must_restore_pi = TRUE;
} else {
/* We don't have the complete reassembled payload. */
next_tvb = NULL;
}
} else {
/* If this is the first fragment, dissect its contents, otherwise
just show it as a fragment.
XXX - if we eventually don't save the reassembled contents of all
fragmented datagrams, we may want to always reassemble. */
if (iph.ip_off & IP_OFFSET) {
/* Not the first fragment - don't dissect it. */
next_tvb = NULL;
} else {
/* First fragment, or not fragmented. Dissect what we have here. */
/* Get a tvbuff for the payload. */
next_tvb = tvb_new_subset(tvb, offset, -1, -1);
/*
* If this is the first fragment, but not the only fragment,
* tell the next protocol that.
*/
if (iph.ip_off & IP_MF)
pinfo->fragmented = TRUE;
else
pinfo->fragmented = FALSE;
}
}
if (next_tvb == NULL) {
/* Just show this as a fragment. */
if (check_col(pinfo->fd, COL_INFO))
col_add_fstr(pinfo->fd, COL_INFO, "Fragmented IP protocol (proto=%s 0x%02x, off=%u)",
ipprotostr(iph.ip_p), iph.ip_p, (iph.ip_off & IP_OFFSET) * 8);
dissect_data(tvb, offset, pinfo, tree);
/* As we haven't reassembled anything, we haven't changed "pi", so
we don't have to restore it. */
return;
}
/*
* If this is the first fragment, but not the only fragment,
* tell the next protocol that.
*/
if (iph.ip_off & IP_MF)
pinfo->fragmented = TRUE;
else
pinfo->fragmented = FALSE;
/* Hand off to the next protocol.
XXX - setting the columns only after trying various dissectors means
@ -967,13 +1439,17 @@ dissect_ip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
even be labelled as an IP frame; ideally, if a frame being dissected
throws an exception, it'll be labelled as a mangled frame of the
type in question. */
next_tvb = tvb_new_subset(tvb, offset, -1, -1);
if (!dissector_try_port(ip_dissector_table, nxt, next_tvb, pinfo, tree)) {
/* Unknown protocol */
if (check_col(pinfo->fd, COL_INFO))
col_add_fstr(pinfo->fd, COL_INFO, "%s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p);
if (update_col_info) {
if (check_col(pinfo->fd, COL_INFO))
col_add_fstr(pinfo->fd, COL_INFO, "%s (0x%02x)", ipprotostr(iph.ip_p), iph.ip_p);
}
dissect_data(next_tvb, 0, pinfo, tree);
}
if (must_restore_pi)
pi = save_pi;
}
@ -1128,18 +1604,18 @@ dissect_icmp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
truncated, so we can checksum it. */
computed_cksum = ip_checksum(tvb_get_ptr(tvb, 0, reported_length),
reported_length);
reported_length);
if (computed_cksum == 0) {
proto_tree_add_uint_format(icmp_tree, hf_icmp_checksum, tvb, 2, 2,
cksum,
"Checksum: 0x%04x (correct)", cksum);
cksum,
"Checksum: 0x%04x (correct)", cksum);
} else {
proto_tree_add_boolean_hidden(icmp_tree, hf_icmp_checksum_bad,
tvb, 2, 2, TRUE);
proto_tree_add_item_hidden(icmp_tree, hf_icmp_checksum_bad,
tvb, 2, 2, TRUE);
proto_tree_add_uint_format(icmp_tree, hf_icmp_checksum, tvb, 2, 2,
cksum,
"Checksum: 0x%04x (incorrect, should be 0x%04x)",
cksum, in_cksum_shouldbe(cksum, computed_cksum));
cksum,
"Checksum: 0x%04x (incorrect, should be 0x%04x)",
cksum, in_cksum_shouldbe(cksum, computed_cksum));
}
} else {
proto_tree_add_uint(icmp_tree, hf_icmp_checksum, tvb, 2, 2, cksum);
@ -1459,6 +1935,34 @@ proto_register_ip(void)
{ &hf_ip_checksum_bad,
{ "Bad Header checksum", "ip.checksum_bad", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"" }},
{ &hf_ip_fragment_overlap,
{ "Fragment overlap", "ip.fragment.overlap", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"Fragment overlaps with other fragments" }},
{ &hf_ip_fragment_overlap_conflict,
{ "Conflicting data in fragment overlap", "ip.fragment.overlap.conflict", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"Overlapping fragments contained conflicting data" }},
{ &hf_ip_fragment_multiple_tails,
{ "Multiple tail fragments found", "ip.fragment.multipletails", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"Several tails were found when defragmenting the packet" }},
{ &hf_ip_fragment_too_long_fragment,
{ "Fragment too long", "ip.fragment.toolongfragment", FT_BOOLEAN, BASE_NONE, NULL, 0x0,
"Fragment contained data past end of packet" }},
{ &hf_ip_fragment_error,
{ "Defragmentation error", "ip.fragment.error", FT_STRING, BASE_DEC, NULL, 0x0,
"Defragmentation error due to illegal fragments" }},
{ &hf_ip_fragment,
{ "IP Fragment", "ip.fragment", FT_STRING, BASE_DEC, NULL, 0x0,
"IP Fragment" }},
{ &hf_ip_fragments,
{ "IP Fragments", "ip.fragments", FT_STRING, BASE_DEC, NULL, 0x0,
"IP Fragments" }},
};
static gint *ett[] = {
&ett_ip,
@ -1469,6 +1973,8 @@ proto_register_ip(void)
&ett_ip_option_sec,
&ett_ip_option_route,
&ett_ip_option_timestamp,
&ett_ip_fragments,
&ett_ip_fragment,
};
module_t *ip_module;
@ -1485,8 +1991,13 @@ proto_register_ip(void)
"Decode IPv4 TOS field as DiffServ field",
"Whether the IPv4 type-of-service field should be decoded as a Differentiated Services field",
&g_ip_dscp_actif);
prefs_register_bool_preference(ip_module, "defragment",
"Reassemble fragmented IP datagrams",
"Whether fragmented IP datagrams should be reassembled",
&ip_defragment);
register_dissector("ip", dissect_ip, proto_ip);
register_init_routine(ip_defragment_init);
}
void